User manual | Workplace Collaboration Services and Lotus

Front cover
Lotus Workplace release 2.0.1 products
and Lotus Domino 6.5.x Together
Integration Handbook
Coexistence and integration strategies
Lotus Instant Messaging
Gateway Configuration
Domino LDAP integration
Jiong Xin Bai
Kit Davis
Mario Gereci
Michael Richerzhagen
Satwiksai Seshasai
William Tworek
ibm.com/redbooks
International Technical Support Organization
Lotus Workplace release 2.0.1 products and Lotus
Domino 6.5.x Together Integration Handbook
December 2004
SG24-6484-00
Note: Before using this information and the product it supports, read the information in
“Notices” on page vii.
First Edition (December 2004)
This edition applies to Lotus Workplace 2.01, IBM Workplace Collaboration Services 2.5, Lotus
Domino 6.5.3 and later.
© Copyright International Business Machines Corporation 2004. All rights reserved.
Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP
Schedule Contract with IBM Corp.
Contents
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vii
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . viii
Summary of changes . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
December 2005, Second Edition . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . ix
Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xi
The team that wrote this redbook. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xii
Additional contributors . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiii
Become a published author . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Comments welcome. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . xiv
Chapter 1. Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 1
1.1 Message vision for Notes and Domino clients . . . . . . . . . . . . . . . . . . . . . . 3
1.1.1 IBM Workplace . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
1.1.2 Benefits of the IBM Workplace model . . . . . . . . . . . . . . . . . . . . . . . . . 5
1.1.3 IBM Workplace Product families . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
1.1.4 The role of Lotus Notes and Domino within IBM Workplace . . . . . . . . 9
1.1.5 The role of WebSphere Portal within IBM Workplace . . . . . . . . . . . . 13
1.1.6 IBM Workplace Collaboration Services . . . . . . . . . . . . . . . . . . . . . . . 13
1.1.7 Role of IBM Workplace Collaboration Services . . . . . . . . . . . . . . . . 14
1.1.8 The role of WebSphere Everyplace within IBM Workplace. . . . . . . . 14
1.1.9 The journey . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.10 Phases of adoption . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
1.1.11 Incremental change. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
1.1.12 Where Notes/Domino fits in the IBM Workplace Strategy. . . . . . . . 17
1.1.13 Notes/Domino 7- Where we are today . . . . . . . . . . . . . . . . . . . . . . 18
1.1.14 Moving forward with Notes/Domino 7 and beyond . . . . . . . . . . . . . 19
1.1.15 The path to IBM Workplace. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 20
Chapter 2. Integration opportunities . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 23
2.1 Opportunities for integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 24
2.2 Integration scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
2.3 Opportunities for future integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.1 The Common PIM Portlets (CPP) . . . . . . . . . . . . . . . . . . . . . . . . . . . 27
2.3.2 IBM Workplace Managed Client . . . . . . . . . . . . . . . . . . . . . . . . . . . . 32
2.3.3 Overview of user interface for Workplace Managed Client . . . . . . . . 33
2.4 Notes plug-in . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 34
2.5 Activity explorer . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 39
© Copyright IBM Corp. 2004. All rights reserved.
iii
2.5.1 Activity explorer navigation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42
Chapter 3. Infrastructure/deployment and skill considerations . . . . . . . . 45
3.1 Key infrastructure considerations for integration . . . . . . . . . . . . . . . . . . . . 46
3.2 System requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.2.1 Hardware requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 47
3.2.2 Network connectivity requirements . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.2.3 Software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 48
3.2.4 Client software requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 51
3.3 Deployment scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 53
3.3.1 Introduction to deployment scenarios . . . . . . . . . . . . . . . . . . . . . . . . 53
3.3.2 Four-tiered architecture . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 54
3.3.3 IBM Lotus Workplace deployment types . . . . . . . . . . . . . . . . . . . . . . 55
3.3.4 Workplace demonstration deployment: Single server . . . . . . . . . . . . 55
3.3.5 Workplace two-tier deployment: Two servers . . . . . . . . . . . . . . . . . . 58
3.4 Expertise and skills required . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.4.1 LDAP administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 60
3.4.2 WebSphere Application and Portal Server administration . . . . . . . . 63
3.4.3 DB2 administration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.5 New skills for Notes and Domino administrators . . . . . . . . . . . . . . . . . . . . 63
3.5.1 LDAP-related skills . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 63
3.5.2 DB2 - Overview and related skills . . . . . . . . . . . . . . . . . . . . . . . . . . . 70
Useful DB 2 commands . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 89
3.5.3 WebSphere Application Server and Portal Administration . . . . . . . . 90
3.5.4 WebSphere Portal Administration overview . . . . . . . . . . . . . . . . . . 108
3.5.5 Introduction to WebSphere Portal administration . . . . . . . . . . . . . . 109
3.5.6 Launching the Portal user administrative interface . . . . . . . . . . . . . 109
3.6 Portal Administrative User Interface . . . . . . . . . . . . . . . . . . . . . . . . . . . . 110
3.6.1 Manage Pages . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 111
3.6.2 Themes and skins . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 127
3.7 Portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 137
3.7.1 Install. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 138
3.7.2 Manage Portlet Applications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 141
3.7.3 Manage Portlets . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 148
Chapter 4. Integrating Workplace with Domino LDAP . . . . . . . . . . . . . . . 153
4.1 LDAP integration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 155
4.2 LDAP overview . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 156
4.3 Understanding your Domino LDAP structure . . . . . . . . . . . . . . . . . . . . . 157
4.4 Tools for working with an LDAP Directory . . . . . . . . . . . . . . . . . . . . . . . . 158
4.4.1 ldapsearch. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 158
4.4.2 Graphical LDAP browsers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 159
4.5 Domino LDAP-specific requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . 161
iv
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4.5.1
4.5.2
4.5.3
4.5.4
4.5.5
Adding dominoUNID to the Domino Directory. . . . . . . . . . . . . . . . . 161
Setting up the required administrative accounts . . . . . . . . . . . . . . . 165
Modifying the Global Configuration document . . . . . . . . . . . . . . . . 166
Modify the security_domino.properties file . . . . . . . . . . . . . . . . . . . 170
Using the WPSCONFIG script to implement security . . . . . . . . . . . 175
Chapter 5. Extending the reach of Notes/Domino applications . . . . . . . 179
5.1 Integration Option using the Domino Application Portlet. . . . . . . . . . . . . 180
5.1.1 Considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 180
5.1.2 Implementation details for the Domino Application Portlet . . . . . . . 181
5.2 Integrate using the Domino Web Access (iNotes) portlet . . . . . . . . . . . . 188
5.3 Using the Common PIM Portlet. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 193
5.3.1 Configuring the Common PIM Portlet . . . . . . . . . . . . . . . . . . . . . . . 195
Chapter 6. Messaging Integration between Domino and Workplace
Messaging . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 205
6.1 Introduction to Lotus Workplace Messaging . . . . . . . . . . . . . . . . . . . . . . 207
6.1.1 Mail cells . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 208
6.1.2 Mail routing to another mail system in the same domain . . . . . . . . 209
6.2 Integrating Domino and Lotus Workplace Messaging . . . . . . . . . . . . . . . 211
6.3 Scenario 1: Using different directory and Internet domain name . . . . . . 213
6.3.1 Solution analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 213
6.4 Scenario 2: Sharing a common Internet domain with separate LDAP
directories . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 222
6.5 Scenario 3: Domino and Lotus Workplace Messaging share same Internet
domain and directory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
6.5.1 Solution analysis . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 236
6.5.2 Mail routing to other Internet domains. . . . . . . . . . . . . . . . . . . . . . . 249
6.6 Moving mail accounts . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 251
6.6.1 Requirements for migration . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 252
6.6.2 Create mail accounts in Lotus Workplace for users to be migrated 253
6.6.3 Migrate data in Domino mail file to Lotus Workplace Messaging . . 254
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
271
7.1 Introduction to the LIM Gateway . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 273
7.1.1 How the LIM Gateway works . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 277
7.1.2 LIM usage scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 280
7.1.3 LIM Gateway versus the LIMWC SIP Connector . . . . . . . . . . . . . . 281
7.1.4 LIM system requirements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 284
7.2 LIM Gateway deployment considerations . . . . . . . . . . . . . . . . . . . . . . . . 287
7.2.1 Directory considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 288
7.2.2 Security considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 289
7.2.3 Scalability considerations . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 291
Contents
v
7.2.4 Miscellaneous deployment considerations . . . . . . . . . . . . . . . . . . . 297
7.3 LIM Gateway installation guidelines . . . . . . . . . . . . . . . . . . . . . . . . . . . . 299
7.3.1 High-level installation and configuration steps . . . . . . . . . . . . . . . . 299
7.3.2 Installing the LIM Gateway code . . . . . . . . . . . . . . . . . . . . . . . . . . . 300
7.3.3 Configuring LIMWC to accept LIM Gateway connections . . . . . . . . 301
7.3.4 Configuring Lotus Workplace to accept LIM Gateway connections 305
7.3.5 Configuring the LIM Gateway (IMAProxy.properties) . . . . . . . . . . . 306
7.3.6 Optional additional setup. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 315
7.4 LIM Gateway troubleshooting guidelines . . . . . . . . . . . . . . . . . . . . . . . . 316
7.4.1 Turning on error/trace message logs . . . . . . . . . . . . . . . . . . . . . . . 316
7.4.2 Interpreting the log files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 316
7.4.3 Example troubleshooting. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 318
7.5 Summary . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 321
Chapter 8. Integrating Lotus QuickPlace with Workplace . . . . . . . . . . . . 323
8.1 QuickPlace interoperability potential . . . . . . . . . . . . . . . . . . . . . . . . . . . . 324
8.2 QuickPlace 6.5.1 integration points. . . . . . . . . . . . . . . . . . . . . . . . . . . . . 325
8.2.1 Using a Java servlet to access QuickPlace's XML API. . . . . . . . . . 325
8.2.2 Using a Web Service to access QuickPlace's XML API . . . . . . . . . 329
8.3 Planning for future versions. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 329
8.4 QuickPlace 7.0 . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 330
8.5 QuickPlace and Workplace Collaboration Services: Team Spaces . . . . 332
8.5.1 QuickPlace: IBM Workplace Collaboration Services Team Spaces
integration scenarios. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 334
8.6 Design comparison: QuickPlace and IBM Workplace Collaboration Services
Team Spaces . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
8.6.1 QuickPlace design elements . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 335
8.6.2 IBM Workplace Collaboration Services Team Spaces elements . . 336
8.7 Functional differences: QuickPlace and IBM Workplace Collaboration
Services Team Spaces. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 341
Related publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 345
Other publications . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
Online resources . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 346
How to get IBM Redbooks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Help from IBM . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 347
Index . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 349
vi
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Notices
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such provisions
are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES
THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
© Copyright IBM Corp. 2004. All rights reserved.
vii
Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States,
other countries, or both:
AIX®
Cloudscape™
developerWorks®
Domino Designer®
Domino.Doc®
Domino®
DB2 Connect™
DB2 Universal Database™
DB2®
Everyplace®
IBM®
ibm.com®
iNotes™
iSeries™
Lotus Notes®
Lotus Workflow™
Lotus®
Notes®
OS/390®
OS/400®
Passport Advantage®
PowerPC®
pSeries®
QuickPlace®
Redbooks™
Redbooks (logo)™
RACF®
Sametime®
Tivoli®
WebSphere®
Workplace™
Workplace Client Technology™
Workplace Collaborative
Learning™
Workplace Managed Client™
Workplace Messaging®
Workplace Team Collaboration™
Workplace Web Content
Management™
z/OS®
The following terms are trademarks of other companies:
iPlanet, Java, JDBC, JDK, JSP, JVM, J2EE, Solaris, Sun, Sun Java, Sun ONE, and all Java-based
trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft Internet Explorer, Microsoft, Outlook, Windows server, Windows, and the Windows logo are
trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Pentium, Xeon, Intel logo, Intel Inside logo, and Intel Centrino logo are trademarks or registered
trademarks of Intel Corporation or its subsidiaries in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, and service names may be trademarks or service marks of others.
viii
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Summary of changes
This section describes the technical changes made in this edition of the book and
in previous editions. This edition may also include minor corrections and editorial
changes that are not identified.
Summary of Changes
for SG24-6484-00
for Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together
Integration Handbook
as created or updated on December 14, 2005.
December 2005, Second Edition
This revision reflects the addition, deletion, or modification of new and changed
information described below.
New information
򐂰 Updated introduction to reflect current strategy IBM Workplace strategy
Changed information
򐂰 Changed title of Redbook to more accurately reflect the versions of software
we are discussing in the book – from IBM Workplace Collaboration Services and Domino Together
Integration Handbook
– to Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x
Together Integration Handbook
򐂰 Included a statement at opening of Chapter 7, “Integrating IBM Lotus
Workplace 2.0.1 with Lotus Sametime 6.5.x” on page 271 to clearly state
which versions of Sametime and Lotus Workplace products release 2.0.1 are
supported.
򐂰
© Copyright IBM Corp. 2004. All rights reserved.
ix
x
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Preface
Since the introduction of the IBM® Workplace™ strategy, many Lotus® Notes®
and Domino® clients have been wanting to better understand how the release of
IBM Workplace software products would impact their existing investment in Lotus
Domino. While many in the Notes/Domino community have shown interest in the
IBM Workplace family of products based on Java™Platform, Enterprise Edition
(J2EE) and open standards, others have expressed concern about the
implications for the future of Domino. The key message of this book is that IBM
Workplace products extend and enhance the value of your investment in Domino.
Release 2.0.1 of Lotus Workplace products (predecessors of IBM Workplace
Collaboration Services) and Lotus Notes/Domino 6.5x offer features designed to
help you integrate Lotus Workplace products into an existing Notes/Domino
environment. This allows you to offer your users a choice of tools most suited to
their specific needs, while protecting and leveraging your on-going investment in
Lotus Notes/Domino.
The objective of this book is to discuss specific ways in which you can integrate
Lotus Workplace products (and going forward, IBM Workplace Collaboration
Services) and Lotus Notes/Domino. We focus primarily on integration techniques
using Release 2.0.1 of Lotus Workplace products and Domino 6.5.x, but, where
appropriate, we will also discuss integration options using IBM Workplace
Collaboration Services 2.5. In addition to discussing the IBM Workplace family of
products and defining strategies of co-existence and integration, we address the
following technical integration topics:
򐂰 Configuring Lotus Workplace release 2.0.1 products and IBM Workplace
Collaboration Services to use your existing corporate Domino Directory as its
LDAP directory
򐂰 Integration of existing Domino applications into Workplace products using the
Domino Extended Products Portlets, the Domino Application Portlet, and the
Common PIM Portlets (CPP)
򐂰 Configuring mail routing between a native Lotus Domino Mail server and an
IBM Workplace Messaging® environment
򐂰 Interoperability between Lotus Sametime® and Lotus Workplace Team
Collaboration™ 2.0.1 (going forward, IBM Workplace Team Collaboration)
instant messaging capabilities via the Lotus Instant Messaging (LIM) Gateway
򐂰 Interoperability points available in Lotus QuickPlace® —in the 6.5.1 release,
in the 7.0 release and in the future.
© Copyright IBM Corp. 2004. All rights reserved.
xi
Where appropriate, this book describes specific real world scenarios, illustrating
how a combination of technologies can solve the problem. It details the technical
implementation of the scenarios so that readers can actually duplicate the
solution.
The team that wrote this redbook
This redbook was produced by a team of specialists from around the world
working at the International Technical Support Organization, Cambridge,
Massachusetts Center.
Jiong Xin Bai is an Advisory IT Specialist at the Technical Sales Support
Department of IBM China. She joined IBM in 1999 and has worked as a technical
support analyst for Lotus software since then. Her areas of expertise include
Notes/Domino, e-learning, and LEI. She has recently started to support Lotus
Workplace.
Kit Davis is currently an independent consultant who has 20 years of experience
with what is now the IBM Workplace family of products. For the last 12 years he
was one of the co-founders and principals of Solutions By Design of McLean
Virginia (http://www.sbd.com) where he established their extensive
Notes/Domino practice. Prior to that he was the Chief Technologist for the
National Academy of Sciences, were he implemented cc:Mail in 1986 and Notes
V1 in 1990. He can be reached at [email protected]
Mario Gereci is a Consultant with ebf-EDV Beratung Foellmer GmbH in
Cologne, Germany (http://www.ebf.de). He has over six years of experience
working with Lotus Software, focusing primarily in administration and managing
projects within the banking and advertising sectors. He has extensive Lotus and
WebSphere® installation, deployment, and application development skills. He is
a Certified Lotus Professional (CLP) for administration and PCLP for application
development in R5 and ND6. Additionally, Mario has certifications in Tivoli® and
DB2®. Recently Mario has made IBM Workplace his primary focus. Mario was
an author for the IBM Redbook Lotus Workplace Products Deployment Guide,
SG24-7087.
Michael Richerzhagen is an IT Specialist with the Software Sales Support
Department of IBM Germany. He joined IBM in 2000 and has worked primarily as
an analyst and consultant for Lotus software since then. His areas of expertise
include Notes/Domino, Lotus Learning Management System, and Domino Web
Access. He has recently has saturated working with solutions based on
Workplace Collaboration Services.
xii
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Satwiksai Seshasai has been a member of the Team Workplace (QuickPlace)
core development team at IBM Westford since September 2002. He has spent
time in the U.K. training EMEA client support; has worked with large client
deployments of TW to bring them through upgrades, feature deployments,
custom fix implementations, and cross-product integration plans; and has been
the lead developer for core features such as the enhanced QuickPlace XML API.
His Bachelors and two Masters degrees from the Massachusetts Institute of
Technology cover Computer Science, Management, and Policy, and his most
recent academic publications include “An Integrated and Collaborative
Framework for Business Design: A Knowledge Engineering Approach” in the
Journal of Data and Knowledge Engineering and “Knowledge-Based Approach
to Facilitate Engineering Design" in the AIAA Journal of Spacecraft and Rockets.
William Tworek is a Senior IT Architect within the Office of the IBM CIO,
responsible for key strategy, conceptual architecture, and program management
of various pieces of IBM's internal application hosting environment and On
Demand Operating Environment. He has authored many IBM Redbooks™ and
Redpapers as a member of the IBM International Technical Support
Organization. Prior to his CIO and ITSO activities in IBM, he was an architect in
the consulting industry working for Andersen Consulting/Accenture, followed by
IBM Software Services for Lotus. His areas of expertise include collaborative
technologies and business portals, system integration, and systems
infrastructure design.
Additional contributors
Thanks to the following people for their contributions to this project:
Julie Czubik
International Technical Support Organization, Poughkeepsie Center
Jason Dumont, Product and Marketing Management, Software Group, Lotus
IBM, Westford, MA
Luciano Resende, Software Engineer, Software Group, Lotus
IBM, Westford, MA
Roger Eames, Program Director, Lotus Collaboration Infrastructure & Lotus
Sametime Development
IBM, Westforfd, MA
Uri Segev, Manager, SIP Infrastructure Development team
IBM Haifa Labs, Israel
Preface
xiii
Orit Yaron-Duzy
IBM Haifa Labs, Israel
Anat Fradin
IBM Haifa Labs, Israel
Amy Reuss Caton, Brand Marketing Manager - Workplace, Portal &
Collaboration Software
IBM, Cambridge, MA
Become a published author
Join us for a two- to six-week residency program! Help write an IBM Redbook
dealing with specific products or solutions, while getting hands-on experience
with leading-edge technologies. You'll team with IBM technical professionals,
Business Partners or clients.
Your efforts will help increase product acceptance and client satisfaction. As a
bonus, you'll develop a network of contacts in IBM development labs, and
increase your productivity and marketability.
Find out more about the residency program, browse the residency index, and
apply online at:
ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
We want our Redbooks to be as helpful as possible. Send us your comments
about this or other Redbooks in one of the following ways:
򐂰 Use the online Contact us review redbook form found at:
ibm.com/redbooks
򐂰 Send your comments in an email to:
[email protected]
򐂰 Mail your comments to:
IBM Corporation, International Technical Support Organization
Dept. JLU Mail Station P099
2455 South Road
Poughkeepsie, New York 12601-5400
xiv
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
1
Chapter 1.
Introduction
Since the introduction of the IBM® Workplace™ strategy, many Lotus® Notes®
and Domino® clients have been wanting to better understand how the release of
IBM Workplace software products would impact their existing investment in Lotus
Domino. While many in the Notes/Domino community have shown interest in the
IBM Workplace family of products based on Java™Platform, Enterprise Edition
(J2EE) and open standards, others have expressed concern about the
implications for the future of Domino. The key message of this book is that IBM
Workplace products extend and enhance the value of your investment in Domino.
Release 2.0.1 of Lotus Workplace products (predecessors of IBM Workplace
Collaboration Services) and Lotus Notes/Domino 6.5x offer features designed to
help you integrate Lotus Workplace products into an existing Notes/Domino
environment. This allows you to offer your users a choice of tools most suited to
their specific needs, while protecting and leveraging your on-going investment in
Lotus Notes/Domino.
The objective of this book is to discuss specific ways in which you can integrate
Lotus Workplace products (and going forward, IBM Workplace Collaboration
Services) and Lotus Notes/Domino. We focus primarily on integration techniques
using Release 2.0.1 of Lotus Workplace products and Domino 6.5.x, but, where
appropriate, we will also discuss integration options using IBM Workplace
Collaboration Services 2.5. In addition to discussing the IBM Workplace family of
© Copyright IBM Corp. 2004. All rights reserved.
1
products and defining strategies of co-existence and integration, we address the
following technical integration topics:
򐂰 Configuring Lotus Workplace release 2.0.1 products and IBM Workplace
Collaboration Services to use your existing corporate Domino Directory as its
LDAP directory
򐂰 Integration of existing Domino applications into Workplace products using the
Domino Extended Products Portlets, the Domino Application Portlet, and the
Common PIM Portlets (CPP)
򐂰 Configuring mail routing between a native Lotus Domino Mail server and an
IBM Workplace Messaging® environment
򐂰 Interoperability between Lotus Sametime® and Lotus Workplace Team
Collaboration™ 2.0.1 (going forward, IBM Workplace Team Collaboration)
instant messaging capabilities via the Lotus Instant Messaging (LIM) Gateway
򐂰 Interoperability points available in Lotus QuickPlace® —in the 6.5.1 release,
in the 7.0 release and in the future.
Where appropriate, this book describes specific real world scenarios, illustrating
how a combination of technologies can solve the problem. It details the technical
implementation of the scenarios so that readers can actually duplicate the
solution.
Attention: IBM has recently clarified and standardized the names of several
offerings. The capabilities of the products that formerly carried the name Lotus
Workplace have been incorporated into IBM Workplace Collaboration
Services, and the name IBM Workplace is now used to refer to the family of
collaborative products that includes both IBM Workplace Collaboration
Services and Lotus Domino. This change occurred during the writing of this
book. We have updated all references to reflect the new names; however, it
has occasionally been appropriate and necessary to use the older names
when referring to previous versions of the product.
2
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
1.1 Message vision for Notes and Domino clients
Welcome to the future. The technical focus of this book is the integration of Lotus
Domino with Lotus Workplace release 2.0.1 products. However, before we can
expect you, the reader, to consider integrating these products, it is important for
us to help you understand what the products are, the IBM strategy as it pertains
to the two products, and the underlying reasons why you may want to consider
product integration.
The team that wrote this book is comprised of long-time Domino proponents.
Likewise, we assume that the majority of the readers of this book understand the
Notes/Domino value proposition and are most likely Domino proponents within
their respective organizations. We also assume that most readers are interested
in the IBM Workplace product set if for no other reason than understanding how it
will impact their investment in the Notes/Domino product and related skill sets.
Certainly, since the original announcement of the Lotus Workplace products in
November 2003, the Notes/Domino community has expressed genuine interest
in the products as well as concerns that the introduction of IBM Workplace
software products might result in the demise of Notes/Domino. In reality, nothing
is further from the truth. IBM is fully committed to supporting Notes and Domino
now and in the future. IBM has already planned enhancements for several future
versions of the product and will continue to release new versions in the coming
years.
Before we can start thinking about integrating Notes/Domino with Release 2.0.1
of Lotus Workplace products and IBM Workplace Collaboration Services, it is
important that we all understand the role of the various products and concepts
behind the IBM Workplace software strategy.
1.1.1 IBM Workplace
IBM Workplace is the name for the overall framework of products that represent
the front end of computing capabilities that are focused on making people more
productive by enabling them to make more informed decisions and take targeted
actions more quickly. Every company lists its employees as one of its greatest
assets. Traditionally, the majority of IT budgets have been spent automating the
structured way people work during a limited part of their day, and have ignored
the unstructured way people work during the majority of their day. The IBM
Workplace strategy provides a framework for pulling structured and unstructured
processes together to help individuals in their respective roles work together
more efficiently, making their company more effective.
IBM Workplace Collaboration Services is a new, adaptive work environment. IBM
Workplace Collaboration Services can be customized based on users’ unique
Chapter 1. Introduction
3
roles in the organization. It is designed to transform productivity and enable
people to make more informed decisions and take targeted actions, faster.
IBM Workplace software products provide choice. IBM Workplace Collaboration
Services unifies all the tools and resources people need—documents,
applications, productivity tools, etc. It presents them via a single interface. Users
can access Workplace environments anytime, anywhere, using enterprise
desktops and mobile computers as well as pervasive and wireless devices. And
users can do so even when disconnected.
IBM Workplace software products are flexible. IBM Workplace Collaboration
Services provides developers and administrators with the power of one
architecture with one programming, deployment, and management model. Plus,
Workplace supports open standards (J2EE, Eclipse) and multiple client and
server operating systems (Linux®, Mac, Windows®). This ensures existing and
future IT investments can be intelligently integrated/exploited.
IBM Workplace software products provide a unique, on demand network-centric
delivery model. Custom IBM Workplace Collaboration Services environments
can be centrally deployed and managed no matter what the users’ physical
locations or points of access. As a result, organizations can uniquely combine
the user productivity gains of desktop/device with the cost advantages of the
network.
4
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IBM Workplace
Figure 1-1 Overview of IBM Workplace model
1.1.2 Benefits of the IBM Workplace model
Organizations will adopt the IBM Workplace model in differing configurations to
serve particular sets of objectives, but all will benefit from the advantages
inherent in the model itself.
򐂰 Server-managed clients
The server-managed client model, which enables applications to be extended
to a full spectrum of client types that are deployed, and managed from the
server, allows applications to more easily follow a user across their day,
whether the user is working from a disconnected mobile computer using a
managed rich client, a connected workstation via a browser, or a mobile client
via a “sometimes connected” mobile device. Server-managed control of the
user environment ensures that everyone has the latest applications and
upgrades in a timely fashion.
Chapter 1. Introduction
5
򐂰 Flexibility and choice
The standards-based flexibility and choice inherent in the IBM Workplace
family of capabilities supports both preservation of existing investments and
future extensibility. The IBM Workplace model adapts to the client's IT
strategy by offering flexibility across operating systems, clients, document
editors, and applications. The Linux, Windows, and (planned) MacOS
environments will be supported. This flexibility facilitates streamlining
business processes incorporating an organization's customers, partners, and
suppliers, and allows the IT infrastructure to grow and change with evolving
needs of the business.
򐂰 Support for standards
Interoperability is achieved by the open standards approach, which enables
easier and more effective integration with an organization's customers'
existing IT investments. The extensible client platform permits extending the
value of existing Web, Java™, .Net, C++, and Notes applications; developing
new applications; leveraging existing investments such as Office documents
and Java, .Net, and C++ applications; and integrating processes across the
enterprise.
򐂰 Security
Robust policy-managed access and control with built-in data management
and security features help protect an organization's information assets.
Applications utilizing IBM Workplace Managed Client™ benefit from local and
server-managed encrypted data stores, in which the local data store can
synchronize with the server, allowing for policies and ACLs to be applied.
When documents are moved into the data store, they are effectively managed
and are more secure than if left on the file server where they are vulnerable to
attack.
򐂰 Total Cost of Ownership
Simplification and server-managed control of the user environment, with no
touch deployment, and administration and client updates, radically reduces
the costs of managing the environment. Standards-based interoperability with
existing IT investments can help preserve their value and eliminates the costs
of forced rip-and-replace requirements. Provisioning capabilities to users on
demand based on role, rather than one size fits all provisioning, further helps
to lower the Total Cost of Ownership.
򐂰 Productivity and responsiveness
The IBM Workplace model Is designed to make people more productive in the
context of the business they do every day by giving them anytime/anywhere
access to everything they need to do their jobs. Users benefits from the
simplified user interface; easy access to applications, business processes,
and documents; componentized capabilities immediately available in the
6
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
context of their work; a new rich user experience for Web-based applications;
and disconnected use and synchronization of applications once tied to the
network. The cumulative effect is increased organizational productivity,
efficiency, and responsiveness.
1.1.3 IBM Workplace Product families
The versatile, mix-and-match capabilities available for assembling an IBM
Workplace environment are drawn from four industry-leading IBM product
families, all based on a common technology platform. This platform also includes
a new managed client technology that is changing the face of network-centric
computing.
򐂰 IBM Lotus Notes and Domino
These are time-tested messaging, application development, and collaboration
products that can be integrated with a business environment.
򐂰 IBM WebSphere Portal
A simplified work environment offered to users through personalized,
integrated access to the information, applications, and business processes
relevant to their jobs.
򐂰 IBM Workplace Collaboration Services (formally known as Lotus Workplace
products)
A family of integrated, standards-based products providing a single interface
to the collaboration tools a user needs.
򐂰 IBM Workplace Services Express
A collaborative portal solution for small businesses.
򐂰 IBM WebSphere Everyplace®
Mobile products and technologies extend applications and information to
users working on remote devices, such as PDAs or cell phones.
򐂰 IBM Workplace Managed Client
Innovative, standards-based client technology for the development of
server-managed business applications that can be accessed across a full
range of user experiences.
Chapter 1. Introduction
7
IBM Software Group
Growing Portfolio of Products for Improving Productivity
IBM Workplace Software
New family of products, solutions, tools and
technologies for providing a simplified end-user
experience with common collaboration tools in
a single integrated environment
IBM Lotus
Notes/Domino
Family of market
leading
messaging and
collaboration
products
1
IBM WebSphere
Portal
Family of market
leading products for
integrated access to
people, information
and business
processes
IBM Workplace
Family of businesscentric collaboration
products that
simplify the way
people work
IBM WebSphere
Everyplace
Provides people
mobile access to
people, information
and applications
IBM Workplace Strategy Presentation
© 2003 IBM Corporation
Figure 1-2 Overview of capabilities within a single architectural model
Figure 1-2 illustrates how this rich portfolio of capabilities has the power of one
architectural model, one programming model, a consistent tool set, along with a
consistent way and place to set policies, and administer and deploy new
applications. The best solution for a particular client can draw on mix-and-match
capabilities from across the portfolio. This rich portfolio of capabilities has the
power of one architectural model, one programming model, a consistent tool set,
a consistent way and place to set policies, and administer and deploy new
applications—all standards-based to better meet the diverse needs of client
organizations.
8
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IBM Workplace Managed Client
Figure 1-3 Overview of IBM Workplace Managed Client
1.1.4 The role of Lotus Notes and Domino within IBM Workplace
Lotus Notes and Domino and its family of collaboration products provide
individual collaboration components of an IBM Workplace environment. These
products continue to provide large enterprises as well as small and mid-size
businesses with the best-in-breed collaboration solutions for their business
challenges. With more than 120 million users, Lotus Notes and Domino powers
hundreds of thousands of collaborative applications that have been built over the
past 15 years by clients and business partners—to support functions such as
Human Resources (HR), quality assurance, Enterprise Resource Planning
(ERP), supply chain management, Customer Relationship Management (CRM),
and help desk. IBM recognizes that Notes and Domino are central to enterprise
collaboration and is committed to protecting and extending those investments.
Moreover, Lotus Notes and Domino are an integral part of the IBM Workplace
family, which is why Lotus Notes and Domino 7 is now available, and future
versions such as the prototype - code named Hannover - are currently being
planned. Hannover lets customers begin to picture how IBM plans to extend the
Chapter 1. Introduction
9
capabilities of Lotus Notes in the not-too-distant future, and how continuing IBM
innovation will shape not only the Lotus Notes product, but the way people work
and collaborate. Notes and Domino will thus benefit from the investment,
technical support, marketing, and attention driving the future evolution of the IBM
Workplace strategy.
Sharing today in the attributes of the IBM Workplace model, Lotus Notes and
Domino offer a choice of e-mail clients to fit the varying needs of different kinds of
users, and flexibility and choice in hardware platforms and operating systems.
They support the broadest set of platforms in the industry, optimized for low total
cost of ownership. With Lotus Notes and Domino 6.5 and higher, users have a
single point of access to their most valuable e-mail, collaboration and personal
information management (PIM) resources through a sample welcome page that
provides a portal-like interface and can be further customized by the user. Notes
Smart Upgrade provides no touch client upgrades, reducing the time and costs
for software deployment and deskside support. There is continuing support for
disconnected use, and Domino's multi-tier security enables centralized control of
access rights ranging from the server level down to individual fields on a form.
The extended portfolio of Notes and Domino products leverages the same
administrative framework.
Lotus Notes and Domino capabilities and applications can readily be integrated
via portlets into WebSphere Portal, Workplace Collaboration Services and
Workplace Services Express thanks to standards-based interoperability. IBM
provides a wide range of tools to help developers create portlets, from prebuilt
portlets to robust programming interfaces. These tools can help companies
continue to leverage their Lotus Notes and Domino solutions along with the
benefits of the integrated portal environment or integrated collaboration.
Meanwhile, the development roadmap for Lotus Notes calls for integrating
elements of IBM Workplace Client Technology into the Notes client experience in
the recently announced Hannover client. Lotus Notes 7 offers a Lotus Notes
application plug-in that provides the ability to run native Lotus Notes applications
within IBM Workplace Managed Client. This will allow users of the Notes client to
enjoy some of the benefits of IBM Workplace Collaboration Services and the
managed client technology if desired.
As shown in Figure 1-4 on page 11 and Figure 1-5 on page 12, for an IBM Lotus
Notes and Domino customer, IBM Lotus Notes and Domino are serving as a
foundation for the evolution to IBM Workplace. With each product line that is
added to your environment on the road to IBM Workplace, this serves to extend
the functionality of existing investment in Notes and Domino. For example,
integration between Domino and WebSphere Portal allows for the aggregation of
applications, data, and business processes, while also providing role-based
access and personalization. Integration with IBM Workplace Collaboration
Services provides standards-based collaboration and role-based business
10
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
solutions. The key point that we have re-iterated numerous times is that IBM
Workplace will not simply supplant your existing investment in IBM Lotus Notes
and Domino. Instead, your existing investment has already placed you on the
road to IBM Workplace—a road that will continue to offer extended functionality
and standards-based collaborative capabilities.
Additive value starting from Lotus Domino today
Additive value starting from Lotus Domino today
IBM Workplace Solutions
ƒ Industry specific role based
solutions
Lotus Domino
IBM Workplace Collaboration
Services
ƒ Role-based business solutions
ƒ Broadest application model
ƒ Standards-based collaboration
ƒ Composite applications
ƒ Full mobile device support
WebSphere Portal
ƒ Aggregate all applications/data/
business processes
ƒ Composite applications
ƒ Role-based access/ customization
ƒ Personalization
ƒ Single sign on
Lotus Domino
ƒ Enterprise messaging
ƒ Collaboration / Real Time
© 2005 IBM Corporation
ƒ RADD, Integrated Security
Figure 1-4 IBM Lotus Domino at the foundation of the road to IBM Workplace
Figure 1-5 on page 12 illustrates the role of Lotus Notes as a foundation for
integration with Workplace, both in Lotus Notes Release 7, as well as what is
planned for the next release of Lotus Notes, code named Hannover.
Chapter 1. Introduction
11
Additive value starting from Lotus Notes today
Additive Value Starting from Lotus Notes today
Lotus Notes “Beyond”*
ƒ Server managed client
ƒ Rich client portal
ƒ Extensive number of applications
ƒ Help increase productivity
Lotus Notes
Lotus Notes, code-named “Hannover”*
ƒ Eclipse programming model support
ƒ Embedded editors
ƒ TCO
Lotus Notes 7*
ƒ Lotus Notes Application Plug-in
ƒ Access portal views from embedded
browser w/in Notes
* As currently planned
Lotus Notes
ƒ Rich email client
ƒ Integrated Security
ƒ Mobile applications
Figure 1-5 IBM Lotus Notes at the foundation of the road to IBM Workplace
IBM Lotus Domino delivers:
򐂰
򐂰
򐂰
򐂰
Enterprise messaging
Collaboration
Rapid Application Development (RAD) development
Integrated security
IBM WebSphere Portal adds:
򐂰 Aggregation of applications, data, and business processes
򐂰 Role-based access
򐂰 Personalization
IBM Workplace Collaboration Services add:
򐂰 Role-based business solutions
򐂰 Broadest application model
򐂰 Standards-based collaboration
12
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IBM Workplace Solutions add:
򐂰 Ready-made industry-specific role-based solutions
1.1.5 The role of WebSphere Portal within IBM Workplace
A key part of the IBM Workplace client strategy, WebSphere Portal integrates
applications, content, processes, and people in a single point of interaction for
the user. It provides the simplified, role-based user environment that allows
people to interact with the on demand world in a personalized way. The user
interface enables collaboration in the context of the work at hand. With a single
sign-on, users can quickly access the dynamic information they need, execute
business processes across critical applications, and collaborate with portal users
inside and outside the organization. These advantages help improve employee
productivity and business responsiveness, cut costs, and strengthen
relationships with clients and partners.
WebSphere Portal is an open, standards-based framework supporting a wide
array of options for clients across databases, directories, platforms, and security
standards. With pre-integrated portlets, cross-portlet integration for all application
types, and tools for easy creation of new portlets, WebSphere portal helps
organizations move beyond fragmented application “silos” while hiding the
complexity of the IT infrastructure. It is a particularly cost-effective solution for
self-service applications or for any interactive applications that cross
organizational boundaries. With the broadest range of leadership technologies in
the industry, the most complete product capabilities, and the largest established
ecosystem of partners and available portlets, WebSphere Portal is driving portal
standards.
1.1.6 IBM Workplace Collaboration Services
IBM Workplace Collaboration Services is a dynamic work environment that
brings people together in a shared space. IBM Workplace Collaboration Services
can be experienced through a choice of clients, providing simplified access and
interaction with other people and a host of collaborative applications such as
e-mail, calendaring and scheduling, instant messaging, Web conferencing, team
spaces, document and Web content management, and online learning.
The key to IBM Workplace Collaboration Services is its portal-based user
interface. By delivering capabilities as portlets, Domino applications written by
IBM clients and Business Partners can be integrated with IBM Workplace
Collaboration Services. But unlike traditional and pure portal applications, a IBM
Workplace Collaboration Services application incorporates people as a key
ingredient, and the power to assemble the application lies with the business user.
Chapter 1. Introduction
13
Over time, new applications will come online with new requirements for
integration—with business processes, workflow, and roles-based presentation of
information and tasks. The goal of IBM Workplace Collaboration Services is to
completely weave collaboration into the fabric of the organization, making users
more productive, more informed, and able to make better decisions. Instead of
building standalone applications that are islands of collaboration, you can build
fully integrated, component-based solutions, with the benefits of instant
deployment into a dynamic work environment.
1.1.7 Role of IBM Workplace Collaboration Services
IBM Workplace Collaboration Services provides the integrated collaboration
components of an IBM Workplace environment. It is a family of products, built on
the J2EE platform, for messaging and instant messaging, calendaring and
scheduling, team collaboration, collaborative learning, Web content
management, and document management. In the 2.0.1 release of Lotus
Workplace products, two of the products (Lotus Workplace Messaging and Lotus
Workplace Documents) have been enabled by IBM Workplace Managed Client
and can be experienced through a choice of server-managed clients—either a
rich client or a browser. In Release 2.5 of IBM Workplace Collaboration Services,
the other IBM Workplace Collaboration Services products will be enabled to
utilize IBM Workplace Managed Client to support server-managed choice of both
the rich client and browser experiences.
Built from the ground up as a highly integrated set of capabilities, all of the
capabilities of IBM Workplace Collaboration Services products share the same
core code base and infrastructure. With its J2EE platform, IBM Workplace
Collaboration Services is easier and more cost effective for IT to deploy and
manage because it leverages a central administration, deployment, and
provisioning model. Helping to reduce overall cost of ownership, all collaborative
capabilities can be easily activated and controlled from a single point of
administration.
1.1.8 The role of WebSphere Everyplace within IBM Workplace
WebSphere Everyplace is a family of products and technologies that allow
enterprises to extend access to business processes and information to remote
and mobile workers anytime, anyplace, and over a wide range of mobile devices.
Typically, mobile workforces are deployed in functions such as sales or field
service/support; public safety, inspection, utility, and delivery services; claims
adjustment; and the like. Workers deployed in the field perform tasks such as
check prices, fill orders, verify status or locations, get and adjust schedules,
report problems, input client data, and manage inventories. They may need only
14
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
to look up information, or they may need to fully interact with their company's
back-end systems.
Therefore, the range of possible required capabilities is great. Some workers
require multiple or complex applications on their mobile devices, or are frequently
out of range of network services. Others require only a simple browser-based or
forms-based application, or perhaps just e-mail/PIM access and instant
messaging. Some need critical time-sensitive information “pushed” to them in an
emergency, or the ability to “pull” maps and directions when traveling between
client sites. The WebSphere Everyplace family of products supports this full
spectrum of use and the requirement to provide different capabilities to different
people.
1.1.9 The journey
IBM Workplace represents a far-reaching vision that will reshape the way people
work and the way companies manage their IT environments over the next
decade. IBM formally announced the IBM Workplace vision and model as well as
the related new IBM Workplace Managed Client in May of 2004, along with its
first two products built on the managed client technology. IBM will continue to
build out this vision with new products and well-articulated product development
roadmaps that will provide incremental value to clients every step of the way. The
standards-based framework will eliminate the need to rip and replace existing
investments as clients move up this evolutionary path.
Organizations today are at different points along the path, but they are all being
driven by the same set of needs that are moving them in the direction of the
Workplace model. Getting to the model is not a matter of a single acquisition;
rather, it is a journey that can be done in stages or in a few short transformation
steps. Happily, each step reduces costs that can be reinvested into the business
in order to move to the next step.
1.1.10 Phases of adoption
At the beginning, most businesses provide point product solutions to help their
people be more productive. They may be providing capabilities to use these
products or applications on mobile devices, but by and large these are isolated,
vertical solutions. This means high desktop management costs from having
several isolated products and applications on people's workstations. Products
and applications are difficult to integrate, as they may be spread across mixed
operating systems, and different products and versions may be in use across the
organization.
As businesses start to create a shared Workplace infrastructure, they often look
to a portal to provide common ground to their users. Employees can receive the
Chapter 1. Introduction
15
same information across the business and across geographies. Partners may be
tied into a portal to become part of a project and to locate necessary information.
Clients can start to receive structured information about the company and gain
access to account information. Around the time a business adopts a portal, they
also look to better manage the content they are serving to the portal or to their
Web site. For this, they turn to a Web content management solution for managing
the creation and life cycle of content on the Web.
Next, businesses start to truly integrate their horizontal applications across the
company. They standardize on a common messaging system. They look for
integrated instant messaging and other productivity tools that can help their
people across the organization to work together more effectively. These could
also mean the addition of a structured content or document library system, and
improved access for teams in the field to access information and other people via
mobile devices. These businesses are creating integrated environments that
provide common access to the tools people need to do their jobs, from whatever
geography or division of the company they may be working.
Finally, as businesses grow, they develop personalized, role-based work
environments to meet the specific needs of employees, partners, and clients,
which can vary greatly based on people's roles in the organization and the level
of detail they need to work with the organization. For example, a portal based
work environment may be used to provide secure integrated access for individual
workers who only need simple access to e-mail and HR applications. A portal
based work environment can be for field reps who must be able to exchange
information with the home office ongoing from wherever they are, and who need
a flexible way of working—whether accessing applications and business
processes via their mobile computers or through mobile devices. A portal based
work environment might be for a manager who needs to track several business
processes, manage a busy schedule, and manage people. Another portal based
work environment could be for an executive who needs to track the business as a
whole, perhaps watching over regulatory compliance applications, plus
accessing other confidential information, his messaging, presentation libraries,
contracts, and other resources specific to his concerns.
1.1.11 Incremental change
As businesses adopt more of a common, integrated portal based work
environment infrastructure, they will be able to reduce their cost of ownership by
providing just the capabilities and tools needed by individuals, lowering their IT
administration costs, and improving their business efficiencies. Once these gains
are realized, budget is freed up for taking the next steps towards an efficient,
role-based portal based work environment such as IBM Workplace Collaboration
Services. The key is providing simplified, componentized assembly of
collaboration and productivity tools, integrated with business processes and
16
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
stores of information or documents, all from one integrated user interface—and
then providing flexible access to the applications via a full spectrum of client
experiences across devices and operating systems.
The scope of the IBM Workplace offerings covers a very wide range of business
needs and can help companies at all stages of Workplace adoption. A client's
next steps depend on their existing infrastructure and the specific needs
associated with their business objectives.
IBM Software Group
The Path to IBM Workplace Collaborative Services
Future releases
Lotus
You’re Already On It!
of WCS and
Lotus
Notes/Domino
6.5/.1
Single platform of
core & extended
products
New portlets &
sample portal
pages, incl. DAP
portlet
Better integration
(& support) with
WPS
Integrated
Sametime®
support
Domino as
Workplace
directory support
Lotus Notes
Domino 7.0
Notes plug-in for
Workplace rich
client
DB2 common data
store supported
Support for end to
end Linux
environments
Hosting of web
services on
Domino
Common mail &
PIM portlet
support
Interop with
Workplace IM
Lotus Notes
“Hannover”
Activity centric
computing
Managed client
capabilities
Composite
application
support
Enhanced
contextual
collaboration
Linux & Mac
client support
for WCT
Improved
services interop
(IM, C&S, Docs,
admin)
Notes/Domino
“Beyond”
Rich client portal
Embedded
productivity
editors
Lotus
Notes/Domino
planned to
continue
Optional Domino
mail and C&S
services as a web
service
Continued
portal
integration
Broader
services
integration
© 2005 IBM Corporation
Figure 1-6 The path to IBM Workplace - You are already on it
1.1.12 Where Notes/Domino fits in the IBM Workplace Strategy
Notes/Domino is, and remains, a landmark product that has had a remarkable
impact by allowing individuals to collaborate in new and powerful ways. The term
groupware was coined to define the way that Notes/Domino enabled teams to
work together without boundaries imposed by time or location. With the advent of
the Web and ubiquitous access, IBM Lotus Software has been able to add
additional features and functionality to the product to further enhance its
collaborative capabilities. The Notes/Domino platform and design have been
Chapter 1. Introduction
17
greatly enhanced over the last two decades and are an extremely stable and
capable platform for implementing messaging and collaborative applications.
However, the quest for better ways of delivering business impact continues. IBM
will continue to innovate and continually improve the Notes/Domino line of
products.
1.1.13 Notes/Domino 7- Where we are today
The Lotus Notes 7 welcome page mirrors an IBM Workplace Collaboration
Services experience by providing a single, unified access point to frequently
used resources such as e-mail, calendar, instant messaging, contact list,
applications, and Web sites. End users benefit from an innovative collaborative
work place, with quick and easy access to multiple information sources.
Integrated Sametime instant messaging functionality in Lotus Notes and Domino
Web Access provides presence awareness and enables users to initiate online
conversations with colleagues from within mail. An add-on from Instant
Technologies, an Independent Software Vendor, extends similar capability to
Domino Access for Microsoft® Outlook®.
IBM offers additional capabilities to extend the reach of your existing applications
in new ways without making further investments in them. The Domino Application
Portlet enables complete Domino Web-based applications to be rendered in
WebSphere Portal or IBM Workplace Collaboration Services, or Workplace
Services Express—without programming, and without modifying the Domino
application. The Domino Portlet Builder adds Domino capabilities to the
WebSphere Portal Application Integrator framework. Using a wizard-driven
interface, developers or line-of-business users can quickly build portlets that
include Domino-based data.
The Notes/Domino 6.5.1 release was the first version to deliver in one product
upgrades to the entire Lotus Domino-based portfolio of solutions (Notes and
Domino, Sametime, QuickPlace, IBM Lotus Workflow™, and IBM Lotus Domino
Document Manager on a common release schedule, with a common set of
operating systems, languages, and supported browsers. Prior to the 6.51 release
each of the products was maintained with its own requirement and release
schedule.
This milestone represents IBM's commitment to the entire platform, and delivers
on a fundamental business value proposition of the IBM Workplace vision: A
single integrated platform that allows you to choose the right capabilities for the
right user communities. IBM Workplace provides high-performance work
environments provisioned directly to users based on their unique roles in the
organization. What is more, IBM Workplace combines the productivity gains of
the desktop with the cost advantages of the network.
18
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
1.1.14 Moving forward with Notes/Domino 7 and beyond
The release of Notes/Domino 7 on August 30, 2005 continues to protect client
investment while extending the reach of the Notes/Domino platform.
Notes/Domino 7 includes capabilities that take interoperability and integration
with IBM Workplace Collaboration Services and complementary IBM middleware
to the next level. These include a Notes application plug-in and support for IBM
DB2 Universal Database™ as an alternative data store.
The Notes application plug-in lets users run existing, native Notes and Domino
applications within the context of IBM Workplace Managed Client, thereby
extending the reach and viability of those applications without design
modifications.
Domino 7 offers the option to choose DB2 as an alternative data store to NSF on
a per-database basis, on Microsoft Windows and IBM AIX operating systems.
This capability includes application programming interface (API) compatibility as
well as enhanced administration and application development. Most applications
written to use public Domino APIs will work without design modification if you
move the application to a DB2 back end.
This is a strategic commitment with many implications. It allows you to leverage
DB2 capabilities and development efforts. DB2 software integration capabilities
help businesses to consolidate enterprise data and to build applications that
blend collaborative services with relational data.
Additional key focus areas of Notes/Domino 7 are to continue driving down total
cost of ownership, to support more people with fewer servers, to give developers
more options, to simplify administration, and to provide for tighter integration with
Web standards. Here are just a few significant and exciting enhancements in
Notes/Domino 7:
򐂰 Server performance improvements - Let you run up to 80 percent more
benchmark Notes users and 30–50 percent more Domino Web Access users
on the same hardware.
򐂰 Domino Domain Monitoring - Simplifies administration by providing a
one-stop, prioritized view of server management information.
򐂰 Enhanced Linux support - Provides an administration client on Mozilla to
provide an end-to-end (server, client, and admin) Linux-based solution.
򐂰 Domino Web Access 7 provides browser support for Firefox 1.0.x
Release 7 is not the end of the innovation roadmap for Notes and Domino—far
from it. IBM is already planning and developing enhancements that go as far
forward as we can see, including the recently announced Hannover client and
Chapter 1. Introduction
19
beyond. For example, IBM is planning on providing a single user experience that
will bring together the best of the Lotus Notes environment with the best of the
IBM Workplace Managed Client environment.
The Lotus Domino application development and deployment environment
enables you to develop collaborative applications quickly and to take them online,
bringing people, processes, and data together to facilitate both productivity in On
Demand business and quick decision-making. This means that Domino
applications are an integral part of the IBM Workplace Product Family. Existing
custom applications built with Lotus products can integrate with IBM Workplace
Collaboration Services platform, allowing further leveraging of your application
investments. IBM Lotus software continues to enhance the Domino application
development model and data store (Notes Storage Facility) and offers the option
to use IBM DB2 database management as an alternative data store.
1.1.15 The path to IBM Workplace
With one open platform called the IBM Workplace software products, IBM
supports the future plans of current Notes and Domino customers as well as new
customers who may be attracted to IBM Workplace Collaboration Services.
The IBM Workplace vision is being executed in a way that extends your existing
Notes/Domino assets and protects your existing skills and investments. In fact, if
you acquire your Notes/Domino software through the Complete Enterprise
Option (CEO), you are entitled to use Domino-based messaging, IBM Workplace
Collaboration Services Messaging, or both within your infrastructure today.
Furthermore, the Notes/Domino platform continues to evolve on an aggressive
time-line so that you can benefit from innovations as quickly as possible.
The inclusion of IBM Workplace technologies in Lotus Notes/Domino has already
begun. In fact, IBM Workplace extends capabilities that have provided high return
on investment to IBM Lotus Notes/Domino clients for many years. Domino
provides an integrated Web application server for extending the reach of your
Domino data to external communities such as partners, suppliers, and clients.
Powerful application design features allow your application developers to link and
reuse existing application elements in Domino, in Web technologies, and in other
programs.
Since as early as Notes/Domino R5, IBM has offered restricted use entitlement
to the WebSphere Application Server, allowing access to Domino data with Java
technologies including Java Server Pages. Clients who remain current on
Notes/Domino can take advantage of increasing integration and coexistence with
IBM Workplace Collaboration Services and complementary IBM middleware
technologies.
20
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Notes and Domino 6 introduced streamlined deployment capabilities (such as
Smart Upgrade and Single Copy Template) that allow you to centrally manage
the installation and configuration of users' machines without visiting a single
desktop. The network-centric client model is a natural progression.
Notes Domino Version 7 continues to enhance the evolution of the product with
enhanced performance and scalability as well as integration with IBM DB2 and
tighter coupling with IBM Workplace products through the Lotus Notes plug-in to
Workplace Managed Client.
Chapter 1. Introduction
21
22
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
2
Chapter 2.
Integration opportunities
In this chapter we introduce the opportunities for integration that exist today
between Domino and the other members of the IBM Workplace family of
products. Since the product set is rapidly evolving, we also introduce
technologies and products that will be available in the 2.5 release of IBM
Workplace Collaboration Services and Notes/Domino Release 7. Additionally, we
discuss other products that will be introduced in the near future that will further
and improve integration.
© Copyright IBM Corp. 2004. All rights reserved.
23
2.1 Opportunities for integration
What is the opportunity for Notes/Domino clients?
For Notes/Domino clients there is a rapidly growing number of opportunities for
integration between Notes/Domino and the rest of the IBM Workplace family.
Certainly, clients will want to leverage the product or a combination of products
that best suits their needs and derives the most business value, and with each
iteration of the product set, new and improved opportunities will be available. The
type and quantity of integration will be highly dependant on the structure of the
organization and how the myriad capabilities of Domino have been deployed.
For many current clients who are heavy users of the Notes client's full range of
capabilities, remaining on the Notes/Domino path to the future may be the best
solution. IBM is committed to continuing support for the product and will continue
to enhance Notes/Domino while adding Workplace features as appropriate.
Staying with the Notes/Domino platform through Versions 7 and future versions
will enable clients to capitalize on the benefits of the Workplace product set as
specific features are incorporated into the base product.
For those clients that choose to remain on Notes/Domino path there are several
steps that should be taken to ensure that they are positioned for the future:
򐂰 Implement and standardize, where possible, on a single LDAP directory
source.
Many organizations have several directories that they maintain for
determining access to various corporate applications. Multiple directories,
while perhaps inevitable, are difficult to maintain, and often result in
employees needing to maintain multiple identities and passwords.
Developing and implementing a plan for reducing the number or standardizing
on a single directory structure is an essential first step. Organizations that are
heavy users of Notes/Domino messaging will want to consider utilizing the
Domino Directory (Name and Address Book) for this directory source.
Chapter 4, “Integrating Workplace with Domino LDAP” on page 153, contains
general information about LDAP directories, and contains detailed directions
for utilizing Domino LDAP for overall management for all of the Workplace
family of products.
Additional resources:
򐂰 Migrate Domino companion products to utilize LDAP.
Many organizations that have implemented Notes/Domino also utilize one or
more of the companion products such as IBM Lotus Sametime or IBM Lotus
Quickplace. These products can either utilize the Domino NAB for user
24
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
information and security or an LDAP directory. Migrating these applications to
use LDAP will simplify integration with the other Workplace Products.
Information about configuring these products to use and the LDAP directory can
be found in the following resources:
򐂰 Implement WebSphere Portal Server
WebSphere Portal is the underlying foundation of Lotus Workplace 2.0.1 and
IBM Workplace Collaboration Services and it can be successfully
implemented to provide a single Web-based interface to Notes Domino
products and other corporate systems. Certainly, organizations that have
employees that have Web-only users today will want to investigate and utilize
WebSphere Portal to provide a superior user experience. Skills developed
implementing and configuring Portal today will be fully applicable to IBM
Workplace Collaboration Services in the future. Additionally, WebSphere
Portal can deliver great benefits to organizations today by delivering benefits
in terms of:
– Ability to aggregate data and applications into a single user interface
– Role-based access to applications and data
– Personalization, allowing the end user to customize information and its
presentation
򐂰 Implement Workplace Services Express
IBM Workplace Services Express is an easy to install and use collaborative
environment that runs on a single server. The product has much of the look
and feel as well as underlying technology components as IBM Workplace
Collaboration Services, but is intended for smaller organizations and teams.
Workplace Services Express is an ideal way to introduce a team or set of pilot
users to the concepts and look and feel of the IBM Workplace experience.
The ability to modify and customize the environment makes Workplace
Services Express an excellent platform for creating an early user experience.
– Users can create, edit, and share information and documents, whether
they use Microsoft Windows, Linux, Microsoft Office, or a Web browser.
– Workplace Services Express comes pre-loaded with ready-to-use team
tools (portlets) and templates so people and teams can get results and
make decisions quickly.
– Built-in business instant messaging and a portal mean that it is a snap to
extend collaboration to other people and business applications.
– Current Passport and Passport Advantage® Domino clients can receive a
free 20-user version from IBM (currently through September 15th, 2005).
Chapter 2. Integration opportunities
25
2.2 Integration scenarios
There are a number of scenarios today where clients will choose to implement
IBM Workplace Collaboration Services and will wish to provide integration
between the two products:
򐂰 Clients that want to prepare for the future by implementing IBM Workplace
Collaboration Services today for evaluation or use by a set of pilot users.
Using the integration techniques described in this book will allow for the pilot
users to integrate messaging, instant messaging, and directory functionality
between a Workplace environment and an existing Domino infrastructure.
򐂰 Clients that want to implement specific IBM Workplace software products,
such as IBM Workplace Web Content Management™ or the IBM Workplace
Collaborative Learning™ products, but choose to utilize Notes/Domino for
messaging and other existing applications.
򐂰 Clients that have users that have been underserved by traditional messaging
products and can utilize IBM Workplace Messaging to provide these users
access to e-mail.
Currently, integration opportunities exist in the areas covered in the following
chapters:
򐂰 Chapter 4, “Integrating Workplace with Domino LDAP” on page 153, details
the steps necessary to utilize the Domino Directory as the LDAP source for all
IBM Workplace Collaboration Services user identification and security.
Previously this information existed, but it focused on integration of a new
domino implementation into a WebSphere Portal or IBM Workplace
Collaboration Services installation. This book provides instructions for
integrating an established Notes/Domino Directory structure into a new IBM
Workplace Collaboration Services deployment.
򐂰 Chapter 5, “Extending the reach of Notes/Domino applications” on page 179,
discusses various approaches to extending the functionality of your existing
Notes and Domino applications by integrating them with IBM Workplace
Collaboration Services using specific Lotus Collaborative Portlets. In
particular, we discuss the Extended Products Portlets, the Domino
Application Portlet (DAP), and the Common PIM Portlet (CPP).
򐂰 Chapter 6, “Messaging Integration between Domino and Workplace
Messaging” on page 205, identifies the opportunities for integration between
the Notes/Domino and IBM Workplace Messaging systems. Messages
generated in Notes/Domino or IBM Workplace Collaboration Services can be
exchanged with users in the either system in a variety of methods.
򐂰 Chapter 7, “Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime
6.5.x” on page 271, discusses how to use the Lotus Instant Messaging
26
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Gateway (LIM) to integrate IBM Workplace Collaboration Services with Lotus
Sametime.
򐂰 Finally, Chapter 8, “Integrating Lotus QuickPlace with Workplace” on
page 323, discusses interoperability points available in Lotus QuickPlace)
product—both in the 6.5.1 release, the 7.0 release, and beyond. The goal is to
not only provide some scenarios for interoperability between existing
deployments of QuickPlace and IBM Workplace Collaboration Services, but
also identify how clients can begin to gather information about their
environment that will help make decisions in the future about interoperability
plans.
2.3 Opportunities for future integration
Technologies that are currently available in tech-preview mode in the current
product set (Release 2.0.1 of Lotus Workplace/Lotus Domino 6.5.X/WebSphere
Portal 5.1) and additional technologies that will be delivered in IBM Workplace
Collaboration Services 2.5 and Domino Release 7 will offer significant
opportunities for additional product integration.
2.3.1 The Common PIM Portlets (CPP)
The Common PIM Portlets (CPP) are a set of portlets that will provide messaging
and personal information management (PIM) capabilities, support a variety of
back-ends, and provide a consistent user experience. As shown in Figure 2-1,
the CPP portlet was introduced in Release 2.0.1 of Lotus Workplace for Lotus
Workplace Messaging, and a Domino connector (Notes Mail Portlet) was
available as a tech preview. With the release of Version 5.1 of WebSphere Portal,
the CPP becomes part of the base Portal product and will be available in future
versions of the Portal and IBM Workplace Collaboration Services.
Chapter 2. Integration opportunities
27
CPP Roadmap 2004-2005
2004
2004
2004
IBM Lotus Workplace
2.0
IBM WebSphere Portal Server
5.1
IBM WebSphere Portal Server
6.0
Introduced support for CPP
Provided support for LWM
back-end
Provided "tech preview" for
Domino messaging back-end
Based on Portal 5.0.2.1
Provided support for additional
back-ends including Exchange,
POP3 & IMAP
Full support for Domino back-end
Enhanced feature set
Based on Portal 5.1
Expanded mail & PIM capabilities
Provide calendar support for
Exchange back-end
People awareness
Performance Improvements
Usability Improvements
Based on Portal 6.0
Figure 2-1 CPP roadmap 2004–2005
The objective behind the CPP is to provide a portlet that can provides the most
commonly used messaging functions of a Rich Messaging Client. In the 5.1
release, the CPP will work with a variety of mail systems including:
򐂰
򐂰
򐂰
򐂰
򐂰
Domino
Exchange2000
POP3
IMAP
IBM Workplace Messaging will be supported in a future version of IBM
Workplace Collaboration Services
Figure 2-2 on page 29 illustrates the Common Mail Portlet.
28
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Common PIM Portlet Features
Sortable
Columns
Folders
Status Icons
Attachments
Calendar Entries
Figure 2-2 Illustration of Common PIM Portlet (CPP)
The CPP provides the following capabilities for mail users:
򐂰 Views and folders
򐂰 In-box, draft, all messages, (create/delete) folders & subfolders, and move to
folder
򐂰 Message creation
򐂰 Soft delete
򐂰 New Memo with support for file attachments
򐂰 Delivery Options (Importance, Delivery priority, delivery report)
򐂰 Forward message
򐂰 Save Message Draft
Chapter 2. Integration opportunities
29
򐂰 Create a message containing a signature file
򐂰 Perform Directory lookups
򐂰 Support for multiple directories when performing address book lookups
򐂰 Name lookups to LDAP directories
򐂰 View & responding to messages
򐂰 Reply - reply, reply w/ history, reply to all & reply w/o attachments
򐂰 Full Rich Text functionality
򐂰 Spell Check
򐂰 View tables within messages
򐂰 Display of Importance/Type icons in Views
򐂰 Next/previous navigation within an open mail message
򐂰 Navigate to next document without returning to view
򐂰 Preference setting for new mail on top/bottom
򐂰 Support for Read/Unread marks
򐂰 View file attachments from within message - via portal viewers
All mail systems have unique features, and while the CPP will provide a
consistent user interface across a variety of mail platforms, it is designed to
enable specific features available in each mail client. As a result, the CPP will
initially support the following Domino-specific features:
򐂰 Mail
– Block sender mail rule
– Search within a view
– Button to launch secondary client (DWA or Notes client supported;
necessary for encrypted docs, delivery failures, etc.)
– Restore message
– Spell check
– Quota indicator
– Better column sorting
– Out of office support
򐂰 Calendar
Figure 2-3 on page 31 illustrates the Common Calendar Portlet. It supports
the following features:
– Views: 2 day, 2 week, 1 week, 1 month
30
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
– C&S Entry types: Appointment, All Day Event, Reminder, Anniversary,
Meeting Invitation
– Any can be set as repeating entries
– Automatic date (calendar picture) and time selector controls
– Address lookup for inviting people
– Edit calendar entries
– Send a reschedule notice
– Add additional invitees after invitation is sent
– Send broadcast invitation (no RSVPs/responses)
– Accept/decline invitation
– Accept/decline with comments
– Support for meetings spanning midnight
Figure 2-3 Calendar Portlet
The CPP will be a viable integration option for some organizations. Certainly the
CPP cannot replace the full-featured Notes Mail client for high-end power users,
but it does provide organizations with a consistent, nearly full featured access, to
multiple mail systems. In a pilot or evaluation scenario, users can fully experience
a portal-centric environment while maintaining access to mail without the need to
integrate the mail systems at the infrastructure level.
Chapter 2. Integration opportunities
31
2.3.2 IBM Workplace Managed Client
An enabling technology inspired by flexibility and choice, the IBM Workplace
Managed Client, provides a new way for IBM and its clients and Business
Partners to assemble, securely deliver, and centrally manage rich client
experiences.
Note: Prior to the release of IBM Workplace Collaboration Services 2.5, IBM
Workplace Managed Client was referred to as IBM Workplace Client
Technology™, Rich Edition.
IBM Workplace Managed Client is designed to deliver the vision and value of
next generation network-centric computing in the on demand era. Organizations
that take full advantage of IBM Workplace Managed Client, and rich client
applications built on this foundation, will have the opportunity to drive/contribute
to innovation and improve their own business efficiencies, all while realizing the
cost savings traditionally associated with Web-based computing.
Specific business value for the IBM Workplace Managed Client exists in the
following areas:
򐂰 Driving innovation
With its new Workplace Managed Client, IBM is driving the next evolution of
network-centric computing. Inspired by flexibility and choice, and built on
open standards, this enabling technology will address the growing demand for
dynamic, powerful applications (the rich client experience) that can be
deployed and managed affordably. An innovative client-side framework for
use by IBM, its clients and partners in the creation of server-managed
business applications, the IBM Workplace Managed Client extends the
security, manageability, and component-based assembly of a server-based
platform to the enterprise desktop and pervasive devices. Organizations that
embrace it will gain the flexibility of client-side applications combined with the
server-side control and cost-savings traditionally associated with Web-based
computing.
򐂰 Cost of ownership
Clients and IBM Business Partners that embrace the IBM Workplace
Managed Client will have a powerful, yet flexible, foundation for cost-effective
assembly, deployment, and management of client-side applications.
No-touch, policy-based client management, updates, and deployments;
superior security and scalability; open standards and cross platform flexibility;
and provisioning of capabilities on demand all help IT staffs to manage and
reduce the cost of ownership of rich client applications. Additionally,
applications built on the IBM Workplace Managed Client platform are robust
in capability and can be adapted to meet changing business requirements.
32
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 Improving business efficiencies
IBM Workplace Managed Client is an enabling foundation for new, as well as
existing, Java-based, Web-based, and Notes-based applications. Designed to
deliver the power of the network together with the flexibility of PCs and
devices, the IBM Workplace Managed Client provides clients and IBM
Business Partners with an innovative platform for assembling and delivering a
new class of secure applications. These applications will help to improve
productivity, increase usability, and provide flexibility and choice—all while IT
maintains server-side control. Based on its immediate usability, IBM is already
building rich client applications based on the IBM Workplace Managed Client
for messaging, document management, and team collaboration. Specifically,
rich client editions of Lotus Workplace Messaging 2.0 and Lotus Workplace
Documents 2.0 are planned for release by the end of the second quarter of
2004.
Note: Please refer to the following article on IBM developerWorks® Site for
more information about IBM Workplace Managed Client:
http://www-128.ibm.com/developerworks/lotus/library/notes-wct-plugin/index.h
tml
2.3.3 Overview of user interface for Workplace Managed Client
After a user has completed the client download he will be presented with the
initial client screen. For this document we have enabled all of the Workplace
Managed Client applications, so depending on what administrators have
selected, users may not see all the icons.
Figure 2-4 on page 34 is an illustration of the different elements to the user
interface. General navigation is done through the Application Switcher, which sits
on the left side of the client and enables users to open an application via the click
of an icon.
Chapter 2. Integration opportunities
33
Figure 2-4 Overview of navigation panel within Workplace Managed Client
2.4 Notes plug-in
A new plug-in, based on Eclipse technology, called the Notes Application plug-in,
will be available with the release of Workplace Collaboration Services 2.5 and
Notes and Domino Release 7. This plug-in enables user of both the Notes
environment and Workplace Managed Client environment to share
Domino-based applications. When implemented and configured, a IBM
Workplace Collaboration Services user will have access to all of the Notes
features, including bookmarks, menus, document and database links, and status
and progress information from within the Workplace Managed Client.
The Notes environment, when accessed via the Notes plug-in, will be instantly
familiar to current Notes/Domino users. When you use a Notes application from
within the Workplace Managed Client, all of the features and usability of the
34
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
current Notes Rich Client experience including presence awareness and instant
messaging capabilities will be available within the application. Using the Notes
plug-in via the IBM Rich Client will enable users to have a common user
experience whether they are accessing traditional Notes/Domino applications or
J2EE IBM Workplace Collaboration Services applications.
Notes users can also take advantage of the document management features in
the Workplace Documents rich client, including the ability to edit documents with
IBM's built-in productivity tools. You can attach documents from a shared
document library and save attachments to this library.
Organizations that have applications in both Lotus Domino and J2EE may be
interested in the Notes Application plug-in. Others that are interested in the
plug-in's capabilities include companies that want to use the new IBM
productivity tools that are part of the IBM Workplace Documents rich client
offering. As this technology matures, IBM will continue to provide the unique
advantages of the new technology to its Notes clients, including the advantage of
centralized deployment and server-based provisioning.
The plug-in enables native Notes applications to be run without modification.
Below you will see two application examples; one is the native Notes Messaging
experience displayed via a mailfile and the other is a native Notes database.
Chapter 2. Integration opportunities
35
Figure 2-5 Overview of the Notes plug-in
They are:
򐂰 Notes Mail and Calendar
This mailfile is based on the standard mail template, and this still uses the
NSF data structure and information stored in the NSF.
36
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 2-6 Accessing Notes Mail through the plug-in
򐂰 Accessing the Calendar
Since the mailfile is based on the standard mail template and still uses the
NSF data structure and information stored in the NSF, the calendar is also
presented in native format.
Chapter 2. Integration opportunities
37
Figure 2-7 Accessing the Calendar through the Notes plug-in
򐂰 Native Notes database
This is an application that is run in the Notes client today, again requiring no
changes, and is now accessible via the Workplace Managed Client. This
database could have been opened from the bookmarks or by the standard
File → Database → Open menu Notes users are familiar with today.
Applications built on standard Notes client templates will be supported in this
environment.
38
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 2-8 Accessing native Notes databases through the Notes plug-in
Attention: For the latest information and capabilities of the Notes plug-in
within the Workplace Managed Client, please refer to:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceclienttech
2.5 Activity explorer
With the introduction of Activity Explorer, IBM is previewing the future of
collaboration. By building an application entirely within the IBM Workplace
Collaboration Services framework, relationships can be built between various
collaborative modules that greatly enhance their collective capabilities. The
significance of Activity Explorer for Notes/Domino clients is that it changes the
issue from concerns about the future of Notes Domino, to clear evidence and
Chapter 2. Integration opportunities
39
anticipation of new abilities and effectiveness that can be gained from the
integration of the other Workplace family products.
Activity Explorer is a productivity component for the Workplace Managed Client
and provides a platform for sharing data and collaborating online. Activity
Explorer combines the strengths of real-time communications, such as instant
messaging, in which people focus on a particular problem simultaneously, with
the rich collaboration features of shared workspaces, in which people interact
asynchronously as they view and respond to documents saved on the server.
Using Activity Explorer, people create and share five types of objects: Persistent
chats, files, folders, notes, and screen shots. Any shared object can stand alone
as a complete interaction, or it can be the starting point for a complex discussion
in which multiple shared objects are connected into a hierarchically structured
document collection known as an activity, or activity thread. As a project
progresses and components of the project begin to take shape, members add
branches related to each component to the activity thread. Eventually, the activity
thread becomes a blueprint or map of the project, providing both a visual
representation of the way in which ideas evolved over time, and a repository for
the collected knowledge of the project.
The membership list for an object determines who can use it. When a user
creates an object, the user specifies a list of people with whom to share the
object. The people in this list become the initial members of the object. As a
member, a user has full control of the object. Members can open the object,
modify it, post responses to it, and even delete it.
Membership in an activity is dynamic and heterogeneous. By default, when a
member posts a response to another object, the response inherits the
membership list of the parent object. But any member can add or remove
members from the list at any time. Furthermore, the membership list of any
object in an activity is independent of the lists for other objects.
Collaboration between members can be synchronous or asynchronous,
depending on the type of object and whether other members of the object are
currently present in the object. For example, persistent chat and shared screen
objects can be used synchronously if multiple members of the object are active at
the same time. When multiple members of a persistent chat or shared screen are
present at the same time, if one member makes a change to the object, the
change displays to the other members as it is made, in real time.
By contrast, shared file and shared note objects can only be used
asynchronously. When a member opens a shared file or shared note, a
temporary, local copy of the object downloads to the member’s computer. Any
changes that the member makes occur in this local copy of the object. When the
member completes work on the object and saves it, the edited local copy
40
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
replaces the version of the object on the server. Thus, if multiple members edit a
shared file or shared note at the same time, when they save their work, only the
last version saved to the server will remain.
To encourage communication among members, Activity Explorer goes beyond
the use of generalized people awareness by embedding awareness information
in every shared object. When any member uses an object, the object is activated.
To indicate that an object is active, Activity Explorer highlights the object in green.
Object-level awareness serves as a catalyst for opportunistic collaboration,
because a member knows when another member is at work on an object that
they have in common.
In addition to providing awareness information, Activity Explorer also provides an
alert system to inform members when an object is being used or has changed.
As soon as a member activates an object, other members receive alerts
informing them that the object is in use and what actions have been taken.
Members can set preferences to control the types of alerts they receive.
Chapter 2. Integration opportunities
41
Figure 2-9 Illustration of Activity Explorer
2.5.1 Activity explorer navigation
Each component in the Activity Explorer display is described below.
Switcher bar
The Switcher bar enables members to select the Activity Explorer component.
Activity List pane
The Activity List pane includes tabs that display a member’s shared objects in a
list view and tree view.
42
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Activity Thread pane
The Activity Thread pane displays the entire activity thread for the object selected
in the Activity List pane.
򐂰 Details pane - The Details pane displays summary information for the object
selected in the Activity list pane.
򐂰 Instant Contacts pane - The Instant Contacts pane displays a member’s
contacts list.
򐂰 Preview pane - The Preview pane displays a preview of a selected object.
System tray icon
The system tray icon provides quick access to opening and closing Activity
Explorer, enables members to start a new activity when Activity Explorer is not
the active application, and displays a history of recent alert activity.
Attention: For the latest information and capabilities of the Notes plug-in
within the Workplace Managed Client, please refer to:
http://www.lotus.com/products/product5.nsf/wdocs/workplaceclienttech
Chapter 2. Integration opportunities
43
44
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3
Chapter 3.
Infrastructure/deployment
and skill considerations
The objective of this chapter is to identify the infrastructure requirements of some
typical installations of Release 2.0.1 of Lotus Workplace and IBM Workplace
Collaboration Services 2.5, as well as the product skill sets that are required to
successfully implement and maintain the product.
As with other parts of this book, we assume that the reader is intimately familiar
with IBM Lotus Notes/Domino, and new to both IBM WebSphere Portal and IBM
Workplace Collaboration Services.
© Copyright IBM Corp. 2004. All rights reserved.
45
3.1 Key infrastructure considerations for integration
Unlike Lotus Notes/Domino, which is basically a self-contained program where
the majority of functionality is accomplished via the installation of one server
product, Lotus Workplace 2.0.1and IBM Workplace Collaboration Services
leverages and integrates the best of breed capabilities of multiple IBM products,
including Domino. While there are great advantages to this approach, the
requirements of each product must be taken into account, and the skill sets
needed to manage the environment are also more extensive. A typical Lotus
Workplace 2.0.1 or IBM Workplace Collaboration Services environment will
require the implementation and support of:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
An HTTP server
A database server
A directory/LDAP server
A WebSphere Application Server
A WebSphere Portal server
The Lotus Workplace 2.0.1 server
In many organizations the needed skill sets may already exist, and managing a
Lotus Workplace 2.0.1 or IBM Workplace Collaboration Services 2.5
environment will require the involvement of a new team of technologists. In other
organizations, it may be necessary to build the skills necessary to manage the
IBM Workplace Collaboration Services environment. While the full complement
of skills required to be considered an expert are considerably more extensive
than with Domino, the basic skills needed to implement a working IBM Workplace
Collaboration Services environment can be readily learned by a competent
Domino administrator.
From a Domino perspective, obtaining many of the necessary product skills is an
investment in the future—not just for IBM Workplace Collaboration Services, but
for Domino as well. Most Domino administrators are intimately familiar with HTTP
and LDAP. Domino Release 7 will introduce the ability to utilize DB2 as an
alternative data store. Additionally, many of the companion products such as
Document Management, Instant Messaging, and Team collaboration will
increasingly utilize WebSphere Application Server.
It is not within the scope of this chapter to provide a guide for installing the
products or a tutorial on each of the products, but rather to introduce the reader
to the infrastructure requirements that will be required to install the product for
typical usage, as well as identify new or enhanced skills that may be required.
Where necessary, this chapter helps identify specific IBM material and resources
that will assist with the assimilation of the necessary skills.
46
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
For a comprehensive guide to installing, configuring, and deploying Lotus
Workplace 2.0.1 products, please refer to Lotus Workplace 2.0.1 Products:
Deployment Guide, SG24-6738:
http://www.redbooks.ibm.com/abstracts/sg246378.html?Open
3.2 System requirements
Note: The system requirements outlined in the section are specific to Lotus
Workplace 2.0.1. With the introduction of Workplace Collaboration Services
2.5, you should review these specifications.
Check the latest readme file for hardware requirements. The readme files for
Workplace can be found through the Lotus Documentation Web site at:
http://www.lotus.com/ldd/doc
As a general rule, Lotus Workplace 2.0.1 has the same hardware and software
requirements as IBM WebSphere Portal 5.0.2.1 because one of the main release
priorities is the ability to install over an existing portal. This is a departure from
Workplace 1.1, which installed its own version of WebSphere Portal and worked
best if installed on a clean environment (meaning that you either had to uninstall
Portal or start with a new server or two, depending on your deployment type).
Some minor software fix pack levels that are required for optimum performance
are detailed below and explained in upcoming chapters.
3.2.1 Hardware requirements
This section describes the minimum server CPU and memory requirements for
each server platform supported by the 2.0.1 versions of the IBM Lotus Workplace
products.
Microsoft Windows systems
The minimum requirements are:
򐂰 Two Intel® Pentium® 4 Xeon™ processors, 2.5 GHz or faster.
򐂰 4 GB or more RAM.
򐂰 Note that for a single-server demo deployment, you need a minimum of 6 GB
RAM and a quad processor server.
Chapter 3. Infrastructure/deployment and skill considerations
47
Linux systems
The minimum requirements are:
򐂰 Two Intel Pentium 4 Xeon processors, 2.5 GHz or faster.
򐂰 4 GB or more RAM.
򐂰 Note that for a single-server demo deployment, you need a minimum of 6 GB
RAM and a quad processor server.
AIX® systems
The minimum requirements are:
򐂰 Four 1.45 GHz or faster processors
򐂰 4 GB or more RAM
3.2.2 Network connectivity requirements
To use Lotus Workplace Products across a network, the computer running Lotus
Workplace Products requires:
򐂰 Network adapter and connection to a physical network that can carry IP
packets (for example, Ethernet, token-ring, ATM, and so on).
򐂰 Static IP address.
򐂰 Configured fully qualified host name. The portal system must be able to
resolve an IP address from its fully qualified host name. To ensure that the
host name is configured correctly, type the ping command from a command
line; for example, ping hostname.yourco.com, where hostname.yourco.com is
the fully qualified host name.
3.2.3 Software requirements
This section lists the supported versions of software for the Lotus Workplace
family of products.
Supported server operating systems
One of the following operating systems is required on the computer where Lotus
Workplace 2.0.1 products will be installed:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
48
Microsoft Windows 2000 Server with Service Pack 4
Microsoft Windows 2000 Advanced Server with Service Pack 4
Microsoft Windows 2003 Standard Server
Microsoft Windows 2003 Enterprise Server
Red Hat Enterprise Linux AS for Intel Version 2.1
SUSE LINUX Enterprise Server 32-bit Intel Version 8 (2.4 Kernel)
IBM AIX Version 5.1 with Maintenance Level 4
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 IBM AIX Version 5.2
Supported relational databases
Lotus Workplace 2.0.1 includes the IBM DB2 and Cloudscape™ relational
database systems, which are licensed for use only by Lotus Workplace Products.
If you have a DB2 or Oracle storage system, Workplace 2.0.1 can work with
them. If you do not have an existing storage system, the Workplace 2.0.1 installer
installs Cloudscape by default. Cloudscape is not a robust relational database,
and you should migrate your environment to DB2 or Oracle. For details on this
process, please refer to Chapter 4, “Installing, configuring Workplace Data store
on Windows,” in Lotus Workplace 2.0.1 Products: Deployment Guide,
SG24-6738:
http://www.redbooks.ibm.com/abstracts/sg246378.html?Open
Cloudscape is acceptable for single-server demo deployments.
򐂰 IBM DB2 Universal Database Enterprise Server Edition V8.1 with FixPak 4a
and the Special Hot Fix for Workplace (comes with Lotus Workplace CD set)
򐂰 IBM DB2 Universal Database Workgroup Server Edition Version 8.1 with
FixPak 4a and the Special Hot Fix for Workplace (provided with Lotus
Workplace CD set)
򐂰 Cloudscape Version 5.1.36
򐂰 Oracle 9i Enterprise Edition R2 9.2.0.4
򐂰 Microsoft SQL Server 2000 with Service Pack 2 (Learning Management and
Learning Delivery servers only)
Supported WebSphere Application Server version
The following are supported:
򐂰 IBM WebSphere Application Server Enterprise 5.0.2.3
򐂰 IBM WebSphere Application Server Network Deployment 5.0.2.3
IBM Lotus Workplace 2.0.1 will install over an existing version of WebSphere
Application Server if it is updated to Version 5.0.2.3. This update process will
be described in later chapters of this book.
If you do not have WebSphere Application Server installed, the Workplace
2.0.1 installer will recognize this and prompt you through the install.
Chapter 3. Infrastructure/deployment and skill considerations
49
Supported WebSphere Portal Server version
The following is supported:
򐂰 IBM WebSphere Portal Enable for Multiplatforms 5.0.2.1
IBM Lotus Workplace 2.0.1 will install over an existing version of WebSphere
Portal Server if it is updated to Version 5.0.2.1. This update process is
described in later chapters of this book.
If you do not have WebSphere Portal Server installed, the Workplace 2.0.1
installer will recognize this and prompt you through the install.
Supported HTTP servers
The following are supported:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
IBM HTTP Server, Version 1.3.26
IBM HTTP Server, Version 2.0.42.1
Apache 1.3.20 and 1.3.26
iPlanet™ Web Server Enterprise Edition 4.1, Service Pack 7, 8, or 9
Lotus Domino Enterprise Server (as Web server) 5.0.9a and later
Microsoft IIS 5.0
Sun™ ONE™ Web Server (formerly iPlanet), Enterprise Edition 6.0 SP4
Supported LDAP directories
Lotus Workplace Products require one of the following LDAP directory servers. A
directory server must be installed and configured prior to Lotus Workplace
installation.
򐂰 IBM Directory Server, Version 4.1 with Fix Pack 2
򐂰 IBM Directory Server, Version 5.1 with Fix Pack 2 (provided with Lotus
Workplace CD set)
򐂰 IBM Lotus Domino, Release 5.0.11+ (up to and including R6.5)
򐂰 Microsoft Active Directory - 2000
򐂰 Novell eDirectory Version 8.7
򐂰 Sun ONE Directory Server Version 5.1 Fix Pack 3
򐂰 IBM Lotus Domino Directory Assistance R6.5—supported to federate multiple
Domino directories only—(Domain Type = Notes, not LDAP)
Also note that IBM Tivoli Directory Integrator ships in the Workplace 2.0.1 CD
package for use in computing environments with multiple LDAP directories.
Check the latest readme file for hardware requirements. The readme files for
Workplace can be found through the Lotus Documentation Web site at:
http://www.lotus.com/ldd/doc
50
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Ensure that you also have the appropriate version of Windows. In our installation,
we used Windows 2000 Server (English), SP4.
3.2.4 Client software requirements
IBM Lotus Workplace 2.0.1 introduces the IBM Workplace Managed Client. A
brief overview of the client can be reviewed in 2.3.2, “IBM Workplace Managed
Client” on page 32.
This section describes software requirements for the traditional browser-based
clients for Version 2.0.1 of Workplace.
Supported client operating systems
All Lotus Workplace products support these client operating systems:
򐂰
򐂰
򐂰
򐂰
Microsoft Windows 2000 Professional, Service Pack 2 and later
Microsoft Windows XP
SUSE LINUX desktop 1.0 (now Novell Linux Desktop)
Red Hat Enterprise Linux Workstation 3.0 with Update 1
IBM Workplace Collaborative Learning supports these additional client operating
systems for browser access, excluding the portal-based student interface:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Macintosh 8.0
Macintosh OS 9
Macintosh OS X
Microsoft Windows 98
Microsoft Windows ME
Red Hat Linux 7.2 or later
Supported browsers
All Lotus Workplace Products support these browsers:
򐂰 Microsoft Internet Explorer® 5.5 with Service Pack 2 on Windows 2000, with
Microsoft Java Virtual Machine (JVM™) 1.1
򐂰 Microsoft Internet Explorer 6.0 SP1 on Windows 2000 and Windows XP with
the Microsoft Java Virtual Machine (JVM) 1.1 or Sun Java™ Runtime
Environment 1.4.2
򐂰 Mozilla 1.4 on Linux with Sun Java Runtime Environment 1.4.2
IBM Workplace Collaborative Learning supports these additional browsers:
򐂰 Netscape 6.0x on supported Windows platforms
򐂰 Netscape 6.2 or later all supported platforms
Chapter 3. Infrastructure/deployment and skill considerations
51
Supported mail clients
Lotus Workplace Messaging supports the following POP3 and IMAP clients:
POP3 clients
The following are supported:
򐂰
򐂰
򐂰
򐂰
Lotus Notes 6.5 on Windows 2000 and Windows XP
Microsoft Outlook XP/2002 on Windows 2000 and Windows XP
Microsoft Outlook Express 6 on Windows 2000 and Windows XP
WebSphere Portal Internet Mailbox versions 4.2 and 5.0
IMAP clients
The following are supported:
򐂰 Lotus Notes 6.5 on Windows 2000 and Windows XP
򐂰 Microsoft Outlook XP/2002 on Windows 2000 and Windows XP
򐂰 Microsoft Outlook Express 6 on Windows 2000 and Windows XP
Supported client Java Development Kit (JDK™)
The following is supported:
򐂰 JDK Version 1.4.2
The demo configuration
While the minimum stated requirements in the IBM Workplace Collaboration
Services release notes for Windows and Linux servers are a 2.0 Ghz P4 Intel
Processor and 4 GB of system memory, a usable demo system can be installed
and successfully used on a single high-end mobile computer.
During the process of writing this book, we created a demo system using a
Thinkpad with a 1.6GZ Intel Mobile Pentium 4 processor and 2 GB of memory. In
this configuration we were able to successfully install and configure Lotus,
Domino, DB2 Enterprise Edition, and Lotus Workplace 2.01.
Proof of concept/pilot mode
While it is possible to implement Lotus Workplace 2.0.1, or IBM Workplace
Collaboration Services for demos in the manner detailed above, a pilot
installation will require substantially better hardware to be successful.
A working pilot can be implemented for 20 or fewer users in an existing Domino
environment using just two additional servers.
In this implementation, an existing Domino server is used for LDAP services as
well as housing the pilot user’s mail files (if your configuration has a separate mail
server, this will obviously work as well).
52
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
An older generation server can be pressed into service as a DB2 server. (We
have had good results with P4/P3 servers with 1 GB of memory acting as the
DB2 server.)
Ideally a dual processor Xeon class server with 4 GB or more of memory should
be used as the server that will host the WebSphere Application Server, the
WebSphere Portal Server, and the IBM Workplace Collaboration Services server.
The Redbooks team in our lab/testing environment, however, had acceptable
performance with a dual P4 class server with 3 GB of memory. (As with any pilot,
it is important to balance available hardware with user expectations.)
3.3 Deployment scenarios
This section describes the various deployment scenarios that are available in
Lotus Workplace 2.0.1.
3.3.1 Introduction to deployment scenarios
Lotus Workplace supports a number of deployment scenarios that revolve
around the underlying WebSphere Application Server and WebSphere Portal
Server technologies. Deployment of Lotus Workplace is based on a four-tiered
deployment model and involves the following software components:
򐂰 HTTP server
򐂰 WebSphere Portal Server
򐂰 IBM Lotus Workplace Products (IBM Lotus Workplace Messaging, IBM Lotus
Team Collaboration, and IBM Lotus Collaborative Learning)
򐂰 WebSphere Application Server (Base Deployment or Network Deployment)
򐂰 Relational Database Management System (IBM DB2 or Oracle)
򐂰 LDAP server
The deployment of these components can take several forms:
򐂰 All required components on one machine for demo purposes only (with the
option to use a separate LDAP server)
򐂰 Relational database on one machine and all other Workplace components on
a second machine (with the option to use a separate LDAP server)
򐂰 High availability environments that utilize the IBM WebSphere Network
Deployment product
Chapter 3. Infrastructure/deployment and skill considerations
53
3.3.2 Four-tiered architecture
Each of the IBM Lotus Workplace deployment options relies on a four-tiered
architecture supported by the underlying WebSphere Application Server. The
four-tiered architecture is a programming model that enables the distribution of
application functionality across independent systems. A typical four-tiered
architecture is:
򐂰 Tier one: The Presentation tier (or user tier), consisting of client access
components
– HTTP Server
– WebSphere Portal Server (portlets provide the Web-based user
interfaces)
򐂰 Tier two: The Workplace tier
– WebSphere Portal Server
򐂰 Tier three: The Business Logic tier (or service tier), consisting of processes
running on remote servers
– WebSphere Application Server
– IBM Lotus Workplace Products
򐂰 Tier four: The Data/Resource tier, consisting of a discrete collection of
databases and resource managers
– Relational database
Tier one defined
The first tier bears responsibility for user interface presentation. These client
components enable the user to interact with the second, third, and fourth tier
processes in a secure and intuitive manner.
Tier two defined
The second tier bears responsibility for handling the user interaction, tracking the
user session details, and coordinating all interactions between the presentation
and business logic tiers in a secure manner.
Tier three defined
The third-tier processes are commonly referred to as the application logic layer.
These processes manage the business logic of the application, and are
permitted access to the fourth-tier services. The application logic layer is where
most of the processing work occurs. Multiple client components can access the
third-tier processes simultaneously, so this application logic layer must manage
its own transactions.
54
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Tier four defined
Fourth-tier services are protected from direct access by the client components
residing within a secure network. Interaction must occur through the third-tier
processes.
3.3.3 IBM Lotus Workplace deployment types
Before deploying IBM Lotus Workplace, and ultimately determining the extent to
which you wish to integrate your Domino environment, you must consider what
Workplace topology best suits your needs and how that topology fits into the
four-tiered architecture. Lotus Workplace 2.0.1 supports three basic topologies:
Demonstration, two-tier, and network deployment.
Note: For the purposes of this book, we only focus on a single server and a
two-tiered deployment scenario. For additional details on a network
deployment scenario, please consult the Lotus Workplace 2.0.1 Products:
Deployment Guide, SG24-6738:
http://www.redbooks.ibm.com/abstracts/sg246378.html?Open
A typical demonstration deployment involves the installation of every Lotus
Workplace component on a single machine (with the option to use an LDAP
directory on a different machine). In this deployment, each of the four
architectural tiers resides on a single server. Because of the tremendous
resource requirements for this type of deployment, it should be used for
demonstration only.
A two-tier topology (a system hosting a relatively small number of users) typically
involves the installation of the relational data store on one server and all other
Lotus Workplace components on another server. This deployment also includes
the option to use an LDAP directory on another server. In this scenario, the
Resource tier (DB2 or Oracle) is on one machine, and the other tiers (Business
Logic, Workspace, and Presentation) are on a second machine.
3.3.4 Workplace demonstration deployment: Single server
In a demonstration deployment, all of the components for each Workplace tier
reside on the same computer:
򐂰 The IBM Lotus Workplace component products (IBM Lotus Workplace
Messaging, IBM Lotus Collaborative Learning, and IBM Lotus Team
Collaboration)
򐂰 An IBM Cloudscape data store
򐂰 An IBM WebSphere Application Server
Chapter 3. Infrastructure/deployment and skill considerations
55
򐂰 An IBM WebSphere Portal Server
򐂰 An HTTP server
You may also choose to install an LDAP directory server on the machine, or you
may use a new or existing LDAP directory on another server.
When the IBM Lotus Workplace Collaborative Learning product is installed, the
Learning Server, Learning Delivery Server, and Course Content Server will all
reside on the same machine. When the IBM Lotus Workplace Messaging product
is installed, the SMTP and IMAP (or POP3) components will all reside on the
same machine.
Figure 3-1 on page 57 diagrams the demonstration deployment scenario.
56
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Workplace Collaboration Services - Single Tier Infrastructure
IBM HTTP Server
Client
WebSphere Application
Server
Admin Console
IBM Lotus Workplace
Team Collaboration
LDAP
Server
IBM Lotus Workplace
Messaging
IBM Lotus Workplace
Collaborative Learning
IBM DB2 Server
WebSphere Portal Server
IBM Lotus Workplace
Portlets
Domino Infrastructure
Figure 3-1 IBM Lotus Workplace demonstration deployment (single server)
Chapter 3. Infrastructure/deployment and skill considerations
57
Note: Example of team’s minimal demo configuration:
While the minimum stated requirements in the Lotus Workplace 2.0.1 release
notes for Windows and Linux servers are a 2.0 Ghz P4 Intel Processor and 4
GB of system memory, a usable demo system can be installed and
successfully used on a single high-end mobile computer.
During the process of writing this book, we created a demo system using a
thinkpad with a 1.6 GZ Intel Mobile Pentium 4 processor and 2 GB of memory.
In this configuration we were able to successfully install and configure Lotus,
Domino, DB2 Enterprise Edition, and Lotus Workplace 2.01.
3.3.5 Workplace two-tier deployment: Two servers
In the two-tier deployment, the Data/Resource tier is separate from the
Presentation, Workspace, and Business Logic (Service) tiers. In this deployment,
you install a relational database server on one computer to host Lotus Workplace
and WebSphere Portal data. This machine represents the Data/Resource tier.
On a second computer, install all other Lotus Workplace component software:
򐂰 The IBM Lotus Workplace component products (Workplace Messaging,
Collaborative Learning, and Team Collaboration)
򐂰 An IBM WebSphere Application Server
򐂰 An IBM WebSphere Portal Server
򐂰 An HTTP server
򐂰 A DB2 or Oracle client (to allow connectivity to the relational database server)
The second machine represents the Presentation, Workspace, and Business
Logic tiers. If you install Lotus Workplace Collaborative Learning, the Learning
Management Server, Learning Delivery Server, and Course Content Server all
reside on the second computer. If you install Lotus Workplace Messaging, the
SMTP and IMAP (or POP3) components also reside on the second computer.
You should also install an LDAP server on a third machine or use an existing
LDAP directory. Installation of LDAP on a machine that supports other Workplace
components is not recommended.
Figure 3-2 on page 59 shows the two-tier deployment scenario.
58
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Workplace Collaboration Services - 2 Tier Infrastructure
Tier 1, Tier 2 and Tier 3
(Presentation, W orkspace and
Business Logic)
Tier 4 (Data/
Resources)
IBM HTTP Server
Clients
W ebSphere Application
Server
Adm in Console
IBM Lotus W orkplace
Team Collaboration
IBM Lotus W orkplace
M essaging
IBM Lotus W orkplace
Collaborative Learning
IBM DB2 Server
W ebSphere Portal Server
IBM Lotus W orkplace
Portlets
LDAP
Server
Domino Infrastructure
Figure 3-2 IBM Lotus Workplace pilot deployment (two servers)
Chapter 3. Infrastructure/deployment and skill considerations
59
3.4 Expertise and skills required
Lotus Workplace 2.0.1 and subsequently, IBM Workplace Collaboration Services
is comprised of several IBM products, including WebSphere Application Server,
WebSphere Portal Server, and DB2. It can also leverage various industry
standard LDAP servers. Often an organization will want to assemble a team of
personnel with skill sets in these areas in order to make the initial installation of
IBM Workplace Collaboration Services a success; however, in other instances
the necessary skills will need to be learned or purchased. This section provides a
high-level overview of the key skill areas required for installing, configuring, and
administering a Lotus Workplace 2.0.1, or IBM Workplace Collaboration Services
2.5 environment, while subsequent sections in this chapter provide a more
in-depth look at the key skill areas.
3.4.1 LDAP administration
LDAP knowledge is one of the most critical areas of expertise required for a
successful implementation of IBM Workplace Collaboration Services. In many
cases, the readers of this book will want to utilize the Domino server as the LDAP
source, but it is also possible to utilize the IBM Directory Server that ships with
the product. Additionally, if you have an existing LDAP as part of your computing
infrastructure, chances are Lotus Workplace 2.0.1 or IBM Workplace
Collaboration Services 2.5 will support it. If you have a large, complex
organization with multiple LDAP directories, then it is possible to use the IBM
Tivoli Directory Integrator to integrate them. Within Chapter 4, “Integrating
Workplace with Domino LDAP” on page 153, we discuss the steps necessary to
integrate your Lotus Workplace 2.0.1, or IBM Workplace Collaboration Services
2.5 environment with a new or an existing Domino Directory using Domino LDAP.
In 3.5.1, “LDAP-related skills” on page 63, we also provide an overview of the key
skills and concepts required for a better understanding LDAP.
IBM Tivoli Directory Integrator
Attention: IBM Tivoli Directory Integrator ships on the Workplace 2.0.1 CD
package for use in computing environments with multiple LDAP directories.
This section provides a high-level overview of IBM Tivoli Directory Integrator. We
discuss its functionality, while also providing a list of resources where you can
learn more about the extensive capabilities of this product.
IBM Tivoli Directory Integrator is a flexible integration toolkit that is suitable for a
number of different technical scenarios and business problems. And the end of
60
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
this section, there are references to Redbooks and Redpapers that illustrate
different usage of IBM Tivoli Directory Integrator.
The primary usage of IBM Tivoli Directory Integrator is in the area of data
migration, synchronization, and coexistence. Please note that the word data is
used, and not directories. IBM Tivoli Directory Integrator is agnostic in terms of
the systems it communicates with. LDAP is treated the same as JDBC™,
Notes/Domino, Web Services, files, and the other systems, protocols, and
formats that IBM Tivoli Directory Integrator supports.
IBM Tivoli Directory Integrator deals flexibly with change detection and handling
of changed data. Therefore, IBM Tivoli Directory Integrator can provide near
real-time integration between systems that are able to provide change
notification and change data. IBM Tivoli Directory Integrator can also handle
systems that do not provide change data, such as a daily file report from an HR
system, driving such data through its “delta engine” that will output only the new,
changed, and deleted entries since the last scan.
For illustration purposes we provide you with the following IBM Tivoli Directory
Integrator scenarios:
򐂰 Directory coexistence. In this example a new directory needs to be
maintained with data from a legacy directory such as Domino and Active
Directory. IBM Workplace Collaboration Services will control the new
directory, but needs to be updated as the information changes in the legacy
directory. IBM Tivoli Directory Integrator can scan the changelog of the
directory for changes at regular intervals, as well as connect to the event
notification capabilities of Tivoli Directory Server, SunOne Directory, and
Microsoft Active Directory.
򐂰 Multi-directory integration. Large infrastructures often have multiple
directories that will provide the information into the IBM Workplace
Collaboration Services directory. IBM Tivoli Directory Integrator can select
subsets from the source directories and perform suitable transformation on
the data that is maintained in the target directory. IBM Tivoli Directory
Integrator can manipulate groups in the target system to identify the separate
sources for the user information. Furthermore, IBM Tivoli Directory Integrator
can pass information back to the source systems if IBM Workplace
Collaboration Services takes ownership of certain attributes.
򐂰 Password synchronization. Through custom plug-ins (Active Directory,
SunOne, IBM TDS, RACF®, and Domino HTTP password) IBM Tivoli
Directory Integrator can capture passwords as they are changed. Existing
passwords cannot be read (however, sometimes solutions can be created that
remedy this problem. See below). This means that users can continue to
manage their passwords in the legacy systems and use these passwords
when they log into Workplace.
Chapter 3. Infrastructure/deployment and skill considerations
61
򐂰 On demand integration. IBM Workplace Collaboration Services/Portal can call
out to IBM Tivoli Directory Integrator during user login, and ensure that
information about this user is created/maintained based on information in
other systems. The benefit of this solution is that the users names and
passwords are available in clear-text, meaning that IBM Tivoli Directory
Integrator can use this information to successfully authenticate into the legacy
system, extract the necessary information, and then create the user in the
IBM Workplace Collaboration Services directory with the same password that
the user has in the legacy system, before giving control back to IBM
Workplace Collaboration Services. At this stage the user will be successfully
authenticated by IBM Workplace Collaboration Services, and the user has
been provisioned in real time.
IBM Tivoli Directory Integrator supports the following list of protocols,
applications, APIs, and formats:
򐂰 Sources and targets: Files, RDBMS (JDBC), LDAP, Web Services, Domino
Users
򐂰 Domino databases, SNMP, TCP, HTTP, MQ
򐂰 Formats: XML, DSML, CSV, LDIF, HTML, custom (scripted parser)
Note: For further information about IBM Tivoli Directory Integrator, we
recommend referring to the following Redbooks and Redpapers:
򐂰 Flexible authentication solution with IBM Tivoli Directory Integrator and IBM
WebSphere Portal, REDP-3816
http://www.redbooks.ibm.com/abstracts/redp3816.html?Open
򐂰 A First Glance at IBM Directory Integrator: Integrating the Enterprise Data
Infrastructure, REDP-3729
http://www.redbooks.ibm.com/abstracts/redp3729.html?Open
򐂰 A Deeper Look into IBM Directory Integrator, REDP-3728-00
http://www.redbooks.ibm.com/abstracts/redp3728.html?Open
򐂰 Using LDAP for Directory Integration, SG24-6163
http://www.redbooks.ibm.com/abstracts/sg246163.html?Open
򐂰 Getting Started with IBM Tivoli Directory Integrator
http://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?topic
=/com.ibm.IBMDI.doc/gettingstarted.htm
62
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3.4.2 WebSphere Application and Portal Server administration
As with many IBM products, Lotus Workplace 2.0.1 and IBM Workplace
Collaboration Services leverages the power of the WebSphere Application
Server platform and the WebSphere Portal Server. While an experienced
WebSphere administrator would be a key contributor to your effort. the skills
needed for installation are readily learned. But make no mistake, these are
powerful and highly complex products that will take time to fully master. Domino
administrators will be well served if they can enhance their skill sets with the
requisite knowledge to become WebSphere Server and Portal Administrators.
3.4.3 DB2 administration
While Cloudscape can be used for the back-end repository for pilot and demo
installation, a production installation of IBM Workplace Collaboration Services
will require the use of an advanced data-store engine. IBM DB2 Universal
Database Enterprise Server Edition is the preferred database for use with IBM
Workplace Collaboration Services. Many organizations are structured with a
separate group that handles database administration and an individual from this
team would be an important resource. In-depth knowledge of the product will be
important more for the daily operation of the IBM Workplace Collaboration
Services environment than the actual install of the product. You will read in the
install chapters that the creation of the DB2 databases is a relatively quick and
easy process. However, as you operate your environment, you will notice that
you will need advice on daily administrative practices such as backup. Again,
basic knowledge of DB2 will be a great asset for the Domino Administrator, both
for IBM Workplace Collaboration Services and going forward with the
introduction of Domino 7.
3.5 New skills for Notes and Domino administrators
In this section we discuss new skills for Notes and Domino administrators.
3.5.1 LDAP-related skills
In this section we discuss the Lightweight Directory Access Protocol (LDAP).
LDAP knowledge and understanding is key to a successful product install and
integration.
Why LDAP is important
In order to integrate the products discussed in this book, it is necessary to
provide a common authentication standard that can be used to verify the users’
identities. The Lightweight Directory Access Protocol or LDAPA is an industry
Chapter 3. Infrastructure/deployment and skill considerations
63
standard solution to this need that can be implemented with many products. In
particular, but configuring Domino as an LDAP server, user information contained
in the Name and Address book can be used by other applications including IBM
Workplace Collaboration Services to verify user information.
A basic grounding in LDAP terminology
For those of you new to LDAP, there are many new terms and acronyms that you
need to be aware of and understand 100 percent before you install any of the
IBM Lotus Workplace Products.
Attributes
For our purposes, think of an LDAP server as a collection of information about
people, and how they are organized within a company. For example, it is typical
to store a person’s contact details in an LDAP server, such as their first name,
last name, telephone number, business address, mail location, personnel
number, etc. Each of these pieces of information is called an attribute with an
LDAP server. You can think of an attribute as being like a field in the Domino
world.
Objects
If we collect all the information (attributes) about a particular person together and
store it in the LDAP server then this is called an object. An object is simply a
pre-defined collection of attributes. So, we might create a person object that
contains attributes that are only relevant to a person.
Object inheritance
Object inheritance is the ability to create a new object from an existing one and
add new attributes to it while leaving the original object untouched. For example,
if we created an object called basicperson that has the two attributes firstname
and lastname, we can create a new object called betterperson, which is based on
basicperson and add some new attributes to it like title, initials, and nickname.
The new object betterperson automatically has the two attributes from the base
object, firstname and lastname.
64
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Inherits
basicperson
betterperson
firstname
lastname
firstname
lastname
________
title
Initials
nickname
Figure 3-3 LDAP object inheritance
Schemas
A schema is the collective term used for all the objects and attributes stored
within an LDAP server, how they are defined, and the relationships they have
between each other. When you install an LDAP server, they are typically
pre-configured with a set of objects and attributes for common items, such as
people and groups. Schemas are typically referred to by major vendors’ directory
servers, for example, the Netscape schema, the Active Directory schema, or the
IBM Directory schema.
Extending the schema
This is a term you might hear frequently. It means adding additional attributes or
objects to an existing schema. Depending on your company’s policies, extending
the schema might be possible or not.
The inetOrgPerson object
Instead of having to define all of these attributes yourself, the Internet
Engineering Task Force (IETF) has defined one that covers almost all the
attributes you might need for a person—it is called the inetOrgPerson object. The
full specification for this important object can be found at:
http://www.ietf.org/rfc/rfc2798.txt
Note: Lotus Workplace uses and expects all users within an LDAP server to
be based on the inetOrgPerson object for many of its functions.
Chapter 3. Infrastructure/deployment and skill considerations
65
As mentioned previously, LDAP is a lightweight version of the X500 directory
standard and the inetOrgPerson object is based on the organizationalPerson
object, which is in turn inherited from the person object. Table 3-3 on page 65
shows how the attributes defined in the inetOrgPerson object class are inherited
from existing classes. The fields from all three columns can be found within the
inetOrgPerson object.
Table 3-1 Definition of the inetOrgPerson object
person object
organizationalPerson
inetOrgPerson
cn
sn
userpassword
telephonenumber
seealso
description
title
x121address
registeredaddress
destinationindicator
preferreddeliverymethod
telexnumber
teletexterminalidentifier
internationalisdnnumber
facsimiletelephonenumber
street
postaladdress
postalcode
postofficebox
physicaldeliveryofficename
ou
st
l
audio
businesscategory
carlicense
departmentnumber
employeenumber
employeetype
givenname
homephone
homepostaladdress
initials
jpegphoto
labeleduri
mail
manager
mobile
pager
photo
preferredlanguage
roomnumber
secretary
uid
usercertificate
usersmimecertificate
x500uniqueidentifier
displayname
o
userpkcs12
While LDAP vendors provide the inetOrgPerson object within their schemas,
many of them extend it by creating new people objects based on it and add their
own attributes. For example, the IBM Tivoli Directory Server V5.1 has an object
called ePerson, which is based on the inetOrgPerson object. The ePerson object
adds additional attributes such as thumbNailLogo, street, personalTitle,
middleName, generationQualifier, and a number of others. The key point here is
that Lotus Workplace can work with any LDAP person object as long as it inherits
from the inetOrgPerson object.
66
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Distinguished names (DNs)
A distinguished name is the full hierarchical name for an object, for example, the
distinguished name for a person might be
uid=dave,cn=users,o=redbooks,dc=ibm,dc=com in IBM Directory Server or
perhaps cn=David Morrison,o=acme for Domino LDAP.
Unique identifiers
Objects in the LDAP directory, people in particular, should have a unique name
so that it is easy to search for them. The IBM Directory Server uses the uid
attribute from the inetOrgperson for this purpose and the Domino Directory LDAP
maps the user’s shortname to the UID attribute. Other directories may have
different attributes defined for this purpose.
Organizing an LDAP directory
LDAP directories are typically organized into a hierarchy that suits the
organization it is being deployed in. Every company will probably have a different
way of organizing their directory but they all follow a basically similar pattern.
Groups
At the simplest level, we can organize people in our directory into groups, based
on either the groupofNames or groupofUniqueName object classes. For
example, we could create a group called managers, and add all the managers in
the company to this group.
Suffixes
When you first configure and LDAP directory, you must first define something
called a suffix. The suffix is added to all other entries you create in the directory
and is considered to be the top level of the directory.
From here on, it is useful to consider the LDAP directory as a tree hierarchy with
a suffix at the top and branches descending from it.
Chapter 3. Infrastructure/deployment and skill considerations
67
Acme.com
Sales
Stephen
Development
Louise
Dawn
David
Figure 3-4 A simple organizational hierarchy
Figure 3-4 shows a very simple hierarchy that could be used to define a hierarchy
within an LDAP directory. At the top we see that everything descends from
Acme.com. Acme.com has two organizations below it, Sales and Development.
Each of those organizations has two people working within it.
Now let us turn this simple hierarchy into an LDAP hierarchy and use some new
terms.
dc=acme,dc=com
o=Sales
cn=Stephen
o=Development
cn=Louise
cn=Dawn
cn=David
Figure 3-5 A simple LDAP hierarchy based on the IBM Directory Server
Figure 3-5 shows us the same diagram we used in Figure 3-4 but we have added
some LDAP terms. dc=acme,dc=com has been defined as the suffix in the
directory; therefore, all entries below it will also contain this value. o=Sales and
o=Development are two organization objects that each have two people in them.
The people are defined using the cn attribute, or Common Name.
68
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
If we wanted to refer to Louise in LDAP terms, we would use the following
notation:
cn=Louise,o=Sales,dc=acme,dc=com
And likewise for David we would use:
cn=David, o=Development,dc=acme,dc=com
Base Distinguished Name (BaseDN)
You will see the term BaseDN, Base Distinguished Name, or sometimes Search
Scope used in the LDAP world. What this defines is where you want searches to
start from in the LDAP directory for your queries. This is not something you set
up at the LDAP server, but its used by applications that query the LDAP server.
Let us look at an example to make this easier to understand.
Figure 3-6 shows an expanded version of the simple LDAP tree we have been
building. Now we have an addition organizational structure that we have split by
country the c=us, c=uk and c=fr layers.
dc=acme,dc=com
c=us
c=fr
o=Marketing
o=Sales
cn=Stephen
c=uk
cn=Louise
cn=Paul
cn=Lisa
o=Development
cn=Dawn
cn=David
Figure 3-6 An example of using the Base DN value
Suppose we were installing our Lotus Workplace Products in the UK and only
wanted people in the UK to have access. We could achieve this be specifying a
BaseDN of c=uk,dc=acme,dc=com when we install and configure the Lotus
Workplace Products.
Using the BaseDN effectively has many impacts on the user experience and
server performance. We reduce the load on the LDAP server by restricting
searches to only a small portion of the LDAP server. Users will only ever see
users in the UK hierarchy, so when we search for a Dave in the directory, we will
not see any Dave’s in fr or us hierarchies.
Chapter 3. Infrastructure/deployment and skill considerations
69
Consequently, specifying the BaseDN has a serious planning implication. If you
incorrectly set this value then you can easily exclude a large chunk of your
organization from access to your system.
LDIF
Lightweight Directory Import Files (LDIF) is a standard text-based format that is
typically used to load a new LDAP server with its information. It can contain all
the users, groups, and hierarchy necessary to create a working LDAP server. It
can also be used to modify or delete entries from an existing LDAP server. The
LDIF standard is common among the majority of LDAP servers and you can
import and export the data freely.
3.5.2 DB2 - Overview and related skills
DB2 Universal Database is a relational database management system (RDBMS)
that lets you create, update, and administer relational databases using
Structured Query Language (SQL) statements entered by a user or contained in
an application program. In these respects, it resembles most other RDBMS
products available on the market today. However, in much the same way that the
English spoken in Australia differs from that spoken in the United States, DB2
has a slightly different dialect than that of other RDBMS products. This chapter
describes concepts specific to DB2 and explains database terms that have
slightly different meanings for users of DB2. It also identifies the GUI tools that
can be used when working with an object and the associated tasks that can be
performed. It does not provide definitions for common database terms.
DB2 Enterprise Server Edition is a multiuser version of DB2 that allows you
create and manage non-partitioned or partitioned database environments.
Partitioned database systems can manage high volumes of data and provide
benefits such as increased performance, high availability, and failover support.
Other features of DB2 Enterprise Server Edition include:
򐂰 A data warehouse server and related components.
򐂰 DB2 Connect™ functionality for accessing data stored on midrange and
mainframe database systems such as DB2 for iSeries™ or DB2 for z/OS®
and OS/390®. DB2 Enterprise Server Edition provides support for both local
and remote DB2 clients.
򐂰 Satellite administration capabilities allowing DB2 ESE to remotely administer
DB2 Personal Edition and DB2 Workgroup Server Edition database servers
that are configured as satellites. For more information about Satellite
capabilities, refer to the satellite administration documentation.
70
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
DB2 tools
The following section explains the basic GUI concepts for the DB2 tools for both
Windows and Linux environments.
Basic GUI navigation concepts
Here are some basic GUI concepts you should be familiar with.
Starting the tools in Windows
The Start menu is the starting point for using the GUI Administration tools in
Windows operating environments. From the Start menu, select IBM DB2 →
General Administration Tools → Control Center. You can also start other
centers or tools such as the Journal, the Replication Center, and the Task Center
from the Start menu, as well as select the command line tools, the development
tools, the monitoring tools, and the Information Center.
Starting the tools in Linux
To start the GUI Administration tools from the Linux desktop environment, open
the IBM DB2 folder on your Gnome or KDE desktop and then select Control
Center. On UNIX®-based systems, enter the db2cc command from a command
line.
Tool elements
Tool elements are discussed below.
Windows
Windows are panels that open and enable you to enter information pertaining to
the action you want to perform, for example, you can type information into fields
within a window. In the DB2 interface, fields that must be filled in are surrounded
by a thick red border.
Notebooks
A notebook is used to logically organize data into groups when there is too much
information to fit on one page. The resulting pages are organized with tabs that
reflect the particular page content.
Wizards
Wizards are integrated into the administration tools. They assist you in
completing a single task by stepping you through the task. To select a wizard,
from the Control Center window, select Tools → Wizards. The Wizards window
opens. Select the wizard you want to use. Select the object for which you want
help and follow the instructions to complete the task. The wizard task overview
on the first page of the wizard lists any prerequisite steps and briefly describes
every page of the wizard. Other pages of the wizard may contain links to
Chapter 3. Infrastructure/deployment and skill considerations
71
conceptual or reference information to help you understand the function of the
wizard. From a wizard, you can launch other wizards, windows, or notebooks.
Advisors
Advisors are integrated into the administration tools. They assist you with more
complex tasks, such as tuning and performance tasks, by gathering information
and recommending options that you may not have considered.
You can accept or reject the advice of the advisor. Advisors can be called from
the GUI as well as from APIs and the command line interface. To select an
advisor, from the Control Center window, select Tools → Wizards. The Wizards
window opens. Select the advisor you want to use. Select the object for which
you want help and follow the instructions to complete the task. Conceptual and
reference information is available to help you understand the function of the
advisor.
Launchpads
Launchpads are integrated into the administration tools. They assist you in
completing high-level tasks by stepping you through a set of tasks in the correct
order. Launchpads can call wizards or other dialogs to accomplish the high-level
task. To select a launchpad, from the Control Center window, select Tools →
Wizards. The Wizards window opens. Select the launchpad you want to use.
Select the object for which you want help and follow the instructions to complete
the task. Pages of the launchpad may contain links to conceptual or reference
information to help you understand the function of the launchpad.
Menu bars
The Menu bar is a special panel that is displayed at the top of the window.
Figure 3-7 Control Center menu
It contains menu options that allow you to access drop-down menus. From the
drop-down menus, you can select menu items. Items in the menu bar include
actions that affect the objects in the center you are using. For example, menu
items under Control Center include actions that affect the entire Control Center.
Menu items under Selected dynamically change to include only those actions
that apply to currently selected objects in the contents pane.
Menu items under Edit include actions that let you work with objects in the
contents pane. Menu items under View include actions that let you customize the
display of objects in the contents pane. Menu items under Help include actions
72
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
that display help information and allow you to work with the Information Center
and tutorials.
Toolbars
Toolbars are panels that contain icons representing functions you can perform.
Toolbars are located below the menu bar. To see a brief description of a tool,
place your cursor over its icon and hover help will tell you what function each icon
represents. Toolbars provide quick access to the functions you can perform. The
functions can also be selected in the View menu.
Figure 3-8 Toolbar
A Contents pane toolbar is located below the contents pane. It allows you to tailor
the information in the contents pane.
Figure 3-9 Content pane toolbar
Object trees
Object trees display the system and database objects graphically in the left
navigation pane, enabling you to see the hierarchical relationship between
different objects and to work with those objects. You can expand the object tree
to expose the objects that are contained within the object. The exposed objects
are displayed as folders beneath the object. Each folder represents an object
type. If the object tree is collapsed, the folders contained within the object no
longer appear in the view of the object tree. Objects on your local workstation
and any remote systems that can be connected to and from your local system
are displayed in the object tree. Some objects, such as tables and views, do not
contain other objects and appear at the bottom of the object tree. When you
select an object in the object tree, the objects that reside in the object are
displayed in the contents pane. To invoke an action on an object, right-click the
object to open a pop-up menu of available actions. You can also invoke an action
on the object by selecting the object then clicking the Selected menu option from
the menu bar.
Contents pane (Details view)
The Contents pane is also called the Details view. It allows flexibility in
representing large amounts of complex data in table format. From the Control
Center, you can create and save customized views by selecting View from the
Chapter 3. Infrastructure/deployment and skill considerations
73
Contents pane toolbar at the bottom of the Contents pane. From the View
drop-down, you can filter, sort, and customize columns and save these views as
the default view or save the view using another name. This enables you to group
the key elements and save them for future use. It also allows you to group rows of
data with the same value in a specific column.
Infopops
An infopop is a pop-up window that is displayed when a control in a window or
notebook has focus and you press F1. Holding the mouse cursor over a control in
a window or notebook also causes the infopop to display. Infopops contain a
description of the field or control. They may also list restrictions and requirements
or provide instructions. Infopops are disabled or re-enabled from the General
page of the Tools Settings notebook. To disable or enable infopops for the
Configuration Assistant, select the Display Infopops check box menu in the Help
menu from the Configuration Assistant tool.
Mandatory fields
Mandatory fields are fields for which you must supply information. Mandatory
fields are displayed with thick red borders around the field. When information is
entered in the mandatory field, the red border is no longer displayed.
Filtering
Filtering enables you to work with a subset of displayed objects in the Control
Center. Two forms of filtering exist. The first form of filtering allows you to create a
customized view of objects that you would like to appear in the Contents pane of
the Control Center. You select the subset of objects by right-clicking the object
folder in the object tree and selecting Filter → Create. The Filter notebook
opens, allowing you to select which columns you would like to have in your
customized view. Once you have created a filtered view of the objects in the
Contents pane, the filter icon appears beneath the filtered object in the object
tree to indicate that a filter has been set. To remove the filter and display all the
objects in the Contents pane, right-click the object folder and select Filter →
Remove.
Once you have filtered the objects in the Contents pane, you can customize your
view even further by selecting the filter icon from the Contents pane toolbar at the
bottom of the Contents pane.
Figure 3-10 Filter icon
74
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The Filter window opens and displays available columns for filtering. You specify
which columns you wish to view by supplying the information in the Filter
notebook. To enable the filter, select the Enable filter check box.
Help is available from icons on the toolbar or by using the Help menu.
Figure 3-11 Displays help for getting started with Control Center
Figure 3-12 Opens Infocenter so you can search for help on tasks, commands, and
information in DB2 library
The Help menu displays menu items for displaying the online help index, general
information about the Control Center, and keyboard help. The menu also displays
the list of tutorials available with DB2. You can invoke the following tools by
selecting their icon on the toolbar (Figure 3-13 on page 76).
Chapter 3. Infrastructure/deployment and skill considerations
75
Figure 3-13 Tools
Control Center
In this section we discuss the Control Center.
Starting the Control Center
You can start the Control Center in the following ways:
򐂰 Select Control Center from the Tools menu of another tool.
򐂰 Click the icon from the toolbar of another tool.
򐂰 Enter the db2cc command in the command line.
򐂰 On Windows systems, click the Start button and select Programs → IBM
DB2 → General Administration Tools → Control Center.
76
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 On Linux systems, open the IBM DB2 folder on the desktop and select
Control Center.
Figure 3-14 Control Center in Start Menu
Use the Control Center to manage systems, DB2 Universal Database instances,
DB2 Universal Database for OS/390 and z/OS subsystems, databases, and
database objects such as tables and views.
Chapter 3. Infrastructure/deployment and skill considerations
77
Figure 3-15 Control Center screen
What the Control Center is used for
In the Control Center, you can administer all of your systems, instances,
databases, and database objects. From the Control Center, you can also open
other centers and tools to help you optimize queries, jobs, and scripts; perform
data warehousing tasks; create stored procedures; and work with DB2
commands.
The following are some of the key tasks that you can perform with the Control
Center:
򐂰 Add DB2 systems, federated systems, DB2 for z/OS and OS/390 systems,
instances, databases, and database objects to the object tree.
򐂰 Manage database objects. You can create, alter, and drop databases, table
spaces, tables, views, indexes, triggers, and schemas. You can also manage
users.
򐂰 Manage data. You can load, import, export, and reorganize data. You can also
gather statistics.
򐂰 Perform preventive maintenance by backing up and restoring databases or
table spaces.
򐂰 Configure and tune instances and databases.
78
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 Manage database connections, such as DB2 Connect servers and
subsystems.
򐂰 Manage DB2 for z/OS and OS/390 subsystems.
򐂰 Manage applications.
򐂰 Analyze queries using Visual Explain to look at access plans.
򐂰 Launch other tools such as the Command Center and the Health Center.
In many cases, wizards and launchpads are available to help you perform these
tasks more quickly and easily.
Which objects you can administer
In the Control Center, you can administer many DB2 objects, including:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Systems
Instances
Databases
Table spaces
Tables
Views
Indexes
Schemas
Triggers
Stored procedures
User-defined types
User-defined functions
User-defined methods
Packages
Aliases
Event monitors
Buffer pools
Users and groups
To see which actions you can perform on an object, select the object and
right-click. A pop-up menu lists the available actions.
Command Line Processor
In this section we discuss the Command Line Processor.
Starting the Command Line Processor (CLP)
You can start the Command Line Processor (CLP) in the following ways:
򐂰 Click the icon from the toolbar of another tool.
򐂰 Enter the db2cmd command in the command line.
Chapter 3. Infrastructure/deployment and skill considerations
79
Figure 3-16 CLP window opened from a DOS window
򐂰 On Windows systems, click the Start button and select Programs → IBM →
DB2 → Command line Tools → Command Line Processor.
Figure 3-17 DB2 CLP window opened from the start menu
Attention: There is a difference in entering commands in the two different
CLP windows (Figure 3-16 and Figure 3-17). In Figure 3-16 you would need to
enter db2 connect to sample, and in Figure 3-17 only connect to sample to
connect to the database with the name sample.
80
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
What the command line processor is used for
The db2 command starts the command line processor (CLP). The CLP is used to
execute database utilities, SQL statements, and online help. It offers a variety of
command options, and can be started in:
򐂰 Interactive input mode, characterized by the db2 => input prompt
򐂰 Command mode, where each command must be prefixed by db2
򐂰 Batch mode, which uses the ’-f’ file input option.
Note: On Windows, db2cmd opens the CLP-enabled DB2 window, and
initializes the DB2 command line environment. Issuing this command is
equivalent to clicking the DB2 command window icon. QUIT stops the
command line processor. TERMINATE also stops the command line
processor, but removes the associated back-end process and frees any
memory that is being used. It is recommended that a TERMINATE be issued
prior to every STOP DATABASE MANAGER (db2stop) command. It may also
be necessary for a TERMINATE to be issued after database configuration
parameters have been changed, in order for these changes to take effect.
Note: Existing connections should be reset before terminating the CLP.
The shell command (!), allows operating system commands to be executed from
the interactive or the batch mode on UNIX-based systems, and on Windows
operating systems (!ls on UNIX, and !dir on Windows operating systems, for
example).
򐂰 db2-command
Specifies a DB2 command.
򐂰 sql-statement
Specifies an SQL statement.
򐂰 ?
Requests CLP general help.
򐂰 ? phrase
Requests the help text associated with a specified command or topic. If the
database manager cannot find the requested information, it displays the
general help screen.
򐂰 ? options
requests a description and the current settings of the CLP options. ? help
requests information about reading the online help syntax diagrams.
򐂰 ? message
Chapter 3. Infrastructure/deployment and skill considerations
81
Requests help for a message specified by a valid SQLCODE (? sql10007n,
for example).
򐂰 ? sqlstate
Requests help for a message specified by a valid SQLSTATE.
򐂰 ? class-code
Requests help for a message specified by a valid class-code.
򐂰 -- comment
Input that begins with the comment characters -- is treated as a comment by
the command line processor.
Note: In each case, a blank space must separate the question mark (?)
from the variable name.
򐂰 db2-command
Specifies a DB2 command.
򐂰 sql-statement
Specifies an SQL statement.
򐂰 ?
Requests CLP general help.
򐂰 ? phrase
Requests the help text associated with a specified command or topic. If the
database manager cannot find the requested information, it displays the
general help screen.
򐂰 ? options
Requests a description and the current settings of the CLP.
򐂰 options. ? help
Requests information about reading the online help syntax diagrams.
򐂰 ? message
Requests help for a message specified by a valid SQLCODE (? sql10007n,
for example).
򐂰 ? sqlstate
Requests help for a message specified by a valid SQLSTATE.
򐂰 ? class-code
Requests help for a message specified by a valid class-code.
82
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
CLP usage notes
Commands can be entered either in uppercase or in lowercase from the
command prompt. However, parameters that are case sensitive to DB2 must be
entered in the exact case desired. For example, the comment string in the WITH
clause of the CHANGE DATABASE COMMENT command is a case-sensitive
parameter.
Delimited identifiers are allowed in SQL statements.
Special characters, or metacharacters (such as $ & * ( ) ; < > ? \ ' ") are allowed
within CLP commands. If they are used outside the CLP interactive mode, or the
CLP batch input mode, these characters are interpreted by the operating system
shell. Quotation marks or an escape character are required if the shell is not to
take any special action. For example, when executed inside an AIX Korn shell
environment:
db2 select * from org where division > 'Eastern'
is interpreted as "select <the names of all files> from org where division". The
result, an SQL syntax error, is redirected to the file Eastern. The following syntax
produces the correct output:
db2 "select * from org where division > 'Eastern'"
Special characters vary from platform to platform. In the AIX Korn shell, the
above example could be rewritten using an escape character (\), such as \*, \>, or
\'.
Most operating system environments allow input and output to be redirected. For
example, if a connection to the SAMPLE database has been made, the following
request queries the STAFF table, and sends the output to a file named staflist.txt
in the mydata directory:
db2 "select * from staff" > mydata/staflist.txt
For environments where output redirection is not supported, CLP options can be
used. For example, the request can be rewritten as
db2 -r mydata\staflist.txt "select * from staff"
db2 -z mydata\staflist.txt "select * from staff"
The command line processor is not a programming language. For example, it
does not support host variables, and the following statement is syntactically
incorrect, because :HostVar is not a valid database name.
db2 connect to :HostVar in share mode
The command line processor represents SQL NULL values as hyphens (-). If the
column is numeric, the hyphen is placed at the right of the column. If the column
Chapter 3. Infrastructure/deployment and skill considerations
83
is not numeric, the hyphen is at the left.
To correctly display the national characters for single byte (SBCS) languages
from the DB2 command line processor window, a True Type font must be
selected. For example, in a Windows environment, open the command window
properties notebook and select a font such as Lucinda Console.
Database object hierarchy
Figure 3-18 illustrates the DB2 hierarchy of database objects.
Figure 3-18 Hierarchy of database objects
84
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Systems
The highest-level object in the DB2 hierarchy is a system. A system represents
an installation of DB2. A system can have one or more DB2 instances, each of
which can manage one or more databases. The databases may be partitioned
with their table spaces residing in database partition groups. The table spaces, in
turn, store table data.
A list of systems is maintained by the Control Center. It records the information
needed to communicate with each system (such as its network address,
operating system, and communication protocol). You can:
򐂰
򐂰
򐂰
򐂰
Add a system using the Configuration Assistant.
Add a system to the Control Center.
Remove a system using the Configuration Assistant.
Remove a system from the Control Center.
Instances
An instance is a logical database manager environment where you catalog
databases and set configuration parameters. You can create multiple instances
on the same physical server providing a unique database server environment for
each instance. With multiple instances, you can:
򐂰 Use one instance for a development environment and another instance for a
production environment.
򐂰 Tune an instance for a particular environment.
򐂰 Restrict access to sensitive information.
򐂰 Control the assignment of SYSADM, SYSCTRL, and SYSMAINT authority for
each instance.
򐂰 Optimize the database manager configuration for each instance.
򐂰 Limit the impact of an instance failure. In the event of an instance failure, only
that instance is affected. Other instances can continue to function normally.
Multiple instances require:
򐂰 Additional system resources (virtual memory and disk space) for each
instance
򐂰 More administration
On Windows operating systems, ensure that no instance name is the same as a
service name.You can:
򐂰 Add an instance using the Control Center or Configuration Assistant.
򐂰 Remove an instance using the Control Center or Configuration Assistant.
򐂰 Configure an instance using the Control Center or Configuration Assistant.
Chapter 3. Infrastructure/deployment and skill considerations
85
Databases
A relational database presents data as a collection of tables. A table consists of a
defined set of columns and any number of rows. The data in each table is
logically related, and relationships can be defined between tables. Data can be
viewed and manipulated based on mathematical principles and operations called
relations (such as, INSERT, SELECT, and UPDATE).
A database is self-describing in that it contains, in addition to data, a description
of its own structure. It includes a set of system catalog tables, which describe the
logical and physical structure of the data; a configuration file, which contains the
parameter values associated with the database; and a recovery log, which
records ongoing transactions and transactions that can be archived.
Databases can be local or remote. A local database is physically located on the
workstation in use, while a database on another machine is considered remote.
You can:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Create a database using the Control Center.
Add a database using the Control Center or Configuration Assistant.
Drop a database from the Control Center.
Back up a database using the Control Center.
Restore a database using the Control Center.
Configure a database using the Control Center.
Connect to a database using the Control Center.
Monitor a database with the event monitor.
Monitor database health with the Health Center.
Table spaces
The physical space within a database is organized into a collection of table
spaces. Each table space consists of a collection of containers, each of which is
an allocation of physical storage (for example, a directory on a machine, a
physical file, or a device such as a hard drive). The system attempts to spread
the data across the containers of its table spaces. Each table is assigned to a
table space. For improved performance, or for purposes of having table space
backups, you can store the indexes for a table in a second table space and the
large objects for the table in a third table space. More than one table can be
assigned to the same table space. In a partitioned database environment, table
spaces reside in database partition groups. Assigning tables to table spaces and
mapping table spaces to physical storage gives you some control over the
performance of your database. For example, you can use your fastest storage
devices for your most frequently used tables and store less frequently used data
on slower devices.
86
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
There are two types of table spaces:
򐂰 System managed space (SMS) table spaces in which the operating system
file system manager allocates and manages the space where a table is
stored. The user decides on the location of the files, DB2 controls their
names, and the file system is responsible for managing them. Container size
is dynamic and determined by the available space on the device.
򐂰 Database managed space (DMS) table spaces in which the database
manager controls the storage space. This storage model consists of a limited
number of devices whose space is managed by DB2. The database
administrator decides which devices to use, and DB2 manages the space on
those devices. The administrator also specifies the amount of space that can
be allocated and DB2 will not exceed that limit.
You can use the Control Center to:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Create a table space.
Drop a table space.
Alter the characteristics of a table space.
Grant and revoke privileges on a table space.
Show the objects related to a table space.
Monitor a table space with the event monitor.
Monitor table space health with the Health Center.
Catalogs
Catalogs are special tables that contain information about all the objects within a
database. This includes objects such as tables, views, and indexes, as well as
security controls like constraints and database-specific authorities. These system
catalog tables are created when the database is created. When an object is
created, altered, or dropped, DB2 inserts, updates, or deletes the rows of the
catalog that describe the object and how that object relates to other objects. For
example, when you use the Control Center to create a table, DB2 adds rows to
the system catalog tables.
Catalogs are primarily for read-only purposes because they are maintained by
DB2. Their data is available through normal SQL query facilities. However, there
is a special set of catalog views that are updateable. This set of views is defined
on the catalogs that are used to update database statistics. Manual update of
these views provides a means through which to influence the system optimizer or
to perform experiments on test databases.
You can:
򐂰 Use the Control Center to update the system catalog statistics on the data in
a table and its indexes.
Chapter 3. Infrastructure/deployment and skill considerations
87
򐂰 Use Visual Explain to examine the results of manual updates on optimization
experiments.
Aliases
An alias is an alternative name for a database, table, view, or even another alias.
Database aliases
Database alias names are local synonyms given to local and remote databases.
You cannot create a database on a DB2 server if that database name already
exists on the server. A DB2 client, however, can have connections to two different
databases with the same name, but on different servers, if each has its own alias.
Alias names must be unique within the system database directory in which all
aliases are stored for the individual instance of the database manager. When you
create a new database, the alias defaults to the database name if you do not
specify an alias. You can create an alias for a database when adding a database
using the Configuration Assistant or Control Center.
Table-related aliases
Table-related aliases are somewhat different from database aliases. Assigning
an alias to a database can avoid potential client connection problems in
environments where different servers might have databases with the same
name. Using a table or view alias lets you refer to an object indirectly so that an
SQL statement can be independent of the actual name of that object. Using an
alias in an SQL statement is equivalent to using the object’s name. The
advantage of using an alias instead of the object’s name is the ease with which
you can change the object to which the alias applies. Programs that use aliases
can be easily redirected from one object to another without any changes to their
code. You can:
򐂰 Create an alias for a table or a view using the Control Center.
򐂰 Drop an alias for a table or a view using the Control Center.
򐂰 Show alias relationships for tables and views using the Control Center.
88
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Useful DB 2 commands
Table 3-2 Useful DB2 commands
Command
Explanation
db2 connect to <database name>
You can connect to your DB2 databases to
see if they are catalogued properly.
db2 catalog db <databasename> at node
<your DB2 Servername>
Propagates this database to the client.
db2 uncatalog db <databasename>
Deletes a database from the catalog.
db2 uncatalog node <nodename>
Deletes a cataloged node from the
catalog.
db2 drop db <databasename>
Deletes a database.
db2stop
(If used from the CLP the typing would be
’!db2stop’.) Stops the current
databasemanager instance.
db2start
(If used from the CLP the typing would be
’!db2start’.) Starts the current
databasemanager instance.
db2 force application all
Forces local or remote user from the
system to allow maintenance on the
system.
db2 BACKUP DATABASE <Databasename> TO
<targetdirectory name>
Creates a database backup of the
specified database to the specified
directory. No applications/users are
allowed to be connected during this
operation.
restore DATABASE <name of the backed
up database> USER <username> USING
<user password> FROM <location of the
backup file> taken at <file name> INTO
<existing datbasename which to
replace> REPLACE EXISTING
This command covers the restore
functionality. Be aware of the created file
structure under Windows that you chose
the upmost directory. Additionally, a
database has to exist in DB2 that will be
replaced.
db2 list application
Displays all active databases.
db2cmd
To invoke the db2 environment in
Windows so commands will be
understood.
db2
Invoke db2 CLP on Linux from command
line.
Chapter 3. Infrastructure/deployment and skill considerations
89
Command
Explanation
?
To invoke help for commands or
statements (for example, ’?SQL30081’
displays help about the SQL30081
message).
!
To be able to run DB2 commands in the
CLP (for example, ’!db2start’).
3.5.3 WebSphere Application Server and Portal Administration
In this section we discuss WebSphere Application Server and Portal
Administration.
WebSphere administration basics
In this section, we introduce the WebSphere administrative console and describe
some of the basic tasks that are commonly performed by WebSphere
administrators.
Important: This section is intended to provide only an overview of WebSphere
Application Server administration. For more a in-depth reference, refer to IBM
WebSphere Application Server V5.1 System Management and Configuration
WebSphere Handbook Series, SG24-6195-01:
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246195.h
tml?Open
Introducing the WebSphere administrative console
The WebSphere administrative console is the graphical, Web-based tool that you
use to configure and manage an entire WebSphere cell. It supports the full range
of product administrative activities, such as creating and managing resources,
applications, viewing product messages, etc. The administrative console is a
standard J2EE 1.3 Web application running under the Deployment Manager
server, dmgr, and is installed by default when the Network Deployment Manager
is installed.
Note: The administrative console application also gets installed when you
install a base instance of the IBM WebSphere Application Server on a node.
However, as the node is added to a Network Deployment cell, the
administrative console application is removed from the node.
90
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The administrative console provides centralized administration of multiple nodes,
and allows nodes on multiple machines to be administered. The configuration
data for a Network Deployment cell is a set of XML documents arranged in a set
of cascading directories under the <WAS_ND_HOME>/config directory. With the
administrative console, we load and make changes to the master repository XML
configuration files. It is the Deployment Manager’s responsibility to push those
changes to the local XML repositories on the nodes.
Note: In the Network Deployment environment, it is possible to install the
administrative console on any of the nodes of the cell and to the server. This
allows for local administration of the server. However, any changes made to
the server configuration will be temporary. At the next scheduled data update
time (file synchronization time), the Deployment Manager pushes the master
configuration data to the nodes and any changes made at the server level are
lost. For changes to be permanent, they must be performed at the Deployment
Manager level.
In order for the administrative console to run, the dmgr server must be running in
the node where Network Deployment (and therefore the administrative console)
is installed.
In order for the changes to the master repository to be pushed to the nodes, the
node agents must also be running in the nodes where the WebSphere
Application Server V5 instances are installed.
Note: WebSphere scripting can also be used to configure and modify
configuration settings.
In WebSphere Application Server V5, the administrative console groups
administrative tasks as follows:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Servers
Applications
Resources
Security
Environment
System administration
Troubleshooting
Note: Users new to J2EE should be aware that there have been major
changes to the WebSphere administrative console between WebSphere V3.5
and WebSphere V5. Familiarity with the concepts underlying a J2EE runtime
environment is required in order to effectively manage a WebSphere V5
environment.
Chapter 3. Infrastructure/deployment and skill considerations
91
Starting the administrative console
In Network Deployment, the administrative console is deployed as a J2EE
application:
򐂰 Application binaries
<WAS_ND_HOME>/installedApps/<CELL>/adminconsole.ear
򐂰 Application configuration:
<WAS_ND_HOME>/config/cells/<CELL>/applications/adminconsole.ear
The application is managed by the Deployment Manager process, dmgr.
To start the administrative console:
1. Make sure that Deployment Manager, dmgr, is running:
– Windows: <WAS_ND_HOME>\bin\serverStatus -all
2. If the dmgr status is not STARTED, start it with the following command:
– On Windows: <WAS_ND_HOME>\bin\startManager
Note: In this section, we assume that a connection is made to the
administrative console installed in the Network Deployment node.
3. Open a Web browser to the URL of the administrative console. The default is
port is 9090 for HTTP and 9043 for HTTPS.
– http://<DM_hostname>:9090/admin
– https://<DM_hostname>:9043/admin
Where <DM_hostname> is the host name for the machine running the
Deployment Manager process, dmgr.
Note: If you need two concurrent sessions on the same client machine,
access the administrative console from two different browser types,
whether or not you use the same user ID. This will allow for two different
HTTP session objects.
4. The administrative console will load into the browser and you will be asked to
log in.
Logging into the administrative console
The user ID specified during login is used to track configuration changes made
by the user. This allows you to recover from unsaved session changes made
92
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
under the same user ID, for example, when a session times out or the user
closes the Web browser without saving.
The user ID used for login depends on whether WebSphere global security is
enabled.
򐂰 No security: If global security is not enabled, you can enter any user ID, valid
or not, to log in to the administrative console. The user ID is used to track
changes to the configuration but is not authenticated.
򐂰 WebSphere global security is enabled: If global security is enabled, you must
enter a valid user ID and password.
A user ID must be unique to the Deployment Manager. If you enter an ID that is
already in use (and in session), you will receive the message Another user is
currently logged with the same User ID and you will be prompted to do one
of the following:
򐂰 Force the existing user ID out of session. You will be allowed to recover
changes that were made in the other user’s session.
򐂰 Wait for the existing user ID to log out or time out of the session.
򐂰 Specify a different user ID.
Note: This message will appear if a previous session ended without a logout,
for example, if the user closed a Web browser during a session and did not log
out first or if the session timed out.
Recovering from an interrupted session
Until you save the configuration changes you make during a session, the
changes do not become effective. If a session is closed without a save being
done for the configuration changes made during the session, these changes are
remembered and you are given the chance to pick up where you left off.
When unsaved changes for the user ID exist during login, you will be prompted to
do one of the following:
򐂰 Work with the master configuration.
When enabled, this specifies that you want to use the last saved
administrative configuration. Changes made to the user's session since the
last saving of the administrative configuration will be lost.
򐂰 Recover changes made in prior session.
When enabled, this specifies that you want to use the same administrative
configuration last used for the user's session. This recovers all changes made
Chapter 3. Infrastructure/deployment and skill considerations
93
by the user since the last saving of the administrative configuration for the
user's session.
Tip: You may want to change the session timeout for the administrative
console application. This is the time for the session to time out when the
console is not used. The default is 30 minutes. To change the session timeout
value:
1.
2.
3.
4.
5.
Expand Applications and select Enterprise Applications.
Click the adminconsole application link.
Click Session Management under the Configuration tab.
Find Session Timeout and change the minutes.
Click OK.
As you work with the configuration, the original configuration file and the new
configuration file are stored in a user workspace at:
<WAS_ND_HOME>/wstemp/<user>/workspace/cells/<cell>
Once you have saved the changes, they are removed from the workspace.
For information about how to change the default location refer to the InfoCenter.
The graphical interface
The WebSphere administrative console has the following main areas:
򐂰
򐂰
򐂰
򐂰
Taskbar
Navigation tree
Workspace
Status area
Each area can be resized as desired.
94
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Task Bar
Messages
Workspace
Navigation Tree
Status/Messages
Figure 3-19 The administrative console graphical Interface
Taskbar
The taskbar is the horizontal bar near the top of the console. It provides the
following actions:
򐂰 Home: Displays the administrative console home page. It contains links to
information sources.
򐂰 Save: Allows you to save pending configuration changes. When you select
this you have the opportunity to view the pending changes and save or
discard them. A third option, Cancel, simply cancels the save action. It does
not discard any changes you made.
򐂰 Preferences: Allows you to specify several administrative console
preferences.
򐂰 Logout: Logs you out of the administrative console session and displays the
Login page. If you have changed the administrative configuration since last
saving the configuration to the master repository, the Save page will display
before returning to the Login page. Click Save to save the changes, Discard
to return to the administrative console, or Logout to exit the session without
saving changes.
Chapter 3. Infrastructure/deployment and skill considerations
95
򐂰 Help: Opens a new Web browser with detailed online help for the
administrative console. (This is not the InfoCenter.)
Navigation tree
The navigation tree on the left side of the console offers links for you to view,
select, and manage components in the WebSphere administrative cell.
Clicking a plus sign (+) beside a tree folder or item expands the tree for the folder
or item. Clicking a minus sign (-) collapses the tree for the folder or item.
Double-clicking an item toggles its state between expanded and collapsed.
The content displayed on the right side of the console, the workspace, depends
on the folder or item selected in the tree view.
The following folders are provided for selection:
򐂰 Servers: Enables configuration of administrative servers, application servers,
and clusters.
򐂰 Applications: Enables installation and management of applications.
򐂰 Resources: Enables configuration of resources and viewing of information
about resources existing in the administrative cell.
򐂰 Security: Enables configuration and management of WebSphere security and
SSL.
򐂰 Environment: Enables configuration of hosts, Web servers, variables, and
other components.
򐂰 System Administration: Enables configuration and management of nodes,
cells, and console security.
򐂰 Troubleshooting: Enables you to check for and track configuration errors and
problems. Also used to set PMI metrics.
Workspace
The workspace, on the right side of the console in Figure 3-19 on page 95 allows
you to work with your administrative configuration after selecting an item from the
console navigation tree.
When you click a folder in the tree view, the workspace lists information about
instances of that folder type. For example, selecting Servers → Application
Servers shows all the application servers configured in this cell. Selecting an
item (an application server in this example) will display the Properties page for
that item. The Properties page can then be used to view and edit property
values.
96
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Status and Messages areas
The Status area displays along the bottom of the console and remains visible as
you navigate through the administrative console. The area displays two frames:
򐂰 WebSphere Configuration Problems
򐂰 WebSphere Runtime Messages
Click Previous or Next to toggle between the frames. Click the number to view
details.
The interval between automatic refreshes can be adjusted by expanding
Preferences below the messages. In addition, the information displayed can be
refreshed at any time by clicking the icon in the upper-right of the area.
The Messages area displays messages relevant to your configuration.
Using the administrative console
The following sections describe how to use the graphical Web-based
administrative console tool to manage the WebSphere Application Server cell.
Finding an item
To locate and display items within a cell:
1. Select the associated task from the navigation tree. For example, to locate an
application server, select Servers → Application Servers.
2. Set the scope to a particular cell, node, or server.
3. Set preferences to specify how you would like information to be displayed on
the page.
Select task
The navigation tree on the left side of the console contains links to console pages
that you use to create and manage components in a WebSphere administrative
cell. For example, to create a JDBC provider you would expand Resources and
then select the JDBC Providers action.
Chapter 3. Infrastructure/deployment and skill considerations
97
Figure 3-20 Working with the administrative console
Select a scope
After selecting an action, use the scope settings to define what information is
displayed. Configuration information is defined at three different levels: Cell,
node, and server.
1. Configurations at the cell level apply to all nodes and servers in the cell. If the
node and server fields are blank, the scope is set to the cell level.
2. Configurations at the node level apply to all servers on the node. If a node is
specified but the server field is empty, the scope is set to that node.
3. Configurations at the server level apply only to that server. If a server is
specified, the scope is set to that server.
Click Apply to set the scope.
98
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The scope setting is available for all resource types, WebSphere variables,
shared libraries, and name space bindings.
Set preferences for viewing the console page
After selecting a task and a scope, the administrative console page shows a
collection table with all the objects created at that particular scope. For example,
Figure 3-20 on page 98 shows that there is only one JDBC provider, called DB2
JDBC Provider, created at the node level for node carlasr31. All application
servers running on that node can access the DB2 JDBC Provider.
You can filter the contents of the administrative console collection table by using
the Filter and Preference settings. For example, in Figure 3-21, we selected
Applications → Enterprise Applications. Then we used the filter settings to
display only those applications that have Samples in their name.
Figure 3-21 Settings that affect how information is displayed on the admin console
The types of characteristics you can filter on will vary depending on the items you
are filtering. For example, applications can be filtered by name or by node. JDBC
providers can be filtered by name or description.
Chapter 3. Infrastructure/deployment and skill considerations
99
The Preferences settings allow you to specify the maximum number of rows to
display per page and whether to remember search criteria.
Updating existing items
To edit the properties of an existing item, complete these tasks:
1. Select the category and type in the navigation tree. For example, select
Servers → Application Servers.
2. A list of the items of that type in the scope specified will be listed in a
collection table in the workspace area. Select an item from the table by
clicking it.
3. In some cases you will see a Configuration tab and a Runtime tab. In others
you will only see a Configuration tab. Updates are done under the
Configuration tab. Specify new properties or edit the properties already
configured for that item. The configurable properties will depend on the type
of item selected. Often, you will see a General Properties pane and an
Additional Properties pane. For example, if we click an application server, this
opens a properties page resembling Figure 3-22 on page 101.
100
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-22 Editing application server properties
The general properties are set directly from this window. Selecting an item in
the Additional Properties pane will take you to a new configuration page for
those properties.
4. Save changes to the workspace. Click OK to save your changes and exit the
page or Apply to save the changes without exiting. The changes are still
temporary. They are only saved to the workspace, not to the master
configuration. This still needs to be done.
5. As soon as you save changes to your workspace, you will see a message in
the Messages area reminding you that you have unsaved changes.
Chapter 3. Infrastructure/deployment and skill considerations
101
Figure 3-23 Save changes to the master repository
At intervals during your configuration work and at the end you should save the
changes to the master configuration. You can do this by clicking Save in the
message, or by clicking Save in the taskbar.
Adding new items
To create new instances of most item types, complete these tasks:
1. Select the category and type in the navigation tree.
2. Select Scope and click Apply to set it.
3. Click the New button above the collection table in the workspace.
Figure 3-24 Create a new item
In general you will be presented with one or more configuration pages in
which you have to specify the item properties. The first configuration page is
the General Properties page. Fill in the information and click Apply.
102
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
At this point you may be presented with more configuration options, either in
the form of a new configuration page or an Additional Properties pane may
appear below the General Properties.
Note: In the configuration pages you can click Apply or OK to store your
changes in the workspace. If you click OK you will exit the configuration
page. If you click Apply you will remain in the configuration page. As you
are becoming familiar with the configuration pages, we suggest that you
always click Apply first. If there are additional properties to configure, you
will not see them if you click OK and leave the page.
4. Click Save in the task bar or in the Messages area when finished.
Removing items
To remove an item, complete these tasks:
1. Find the item.
2. Select the item in the collection table by checking the box next to it.
3. Click Delete.
4. If asked whether you want to delete it, click OK.
5. Click Save to save the changes to the master repository.
For example, to delete an existing JDBC provider, select Resources → JDBC
Providers. Check the provider you want to remove and click Delete.
Chapter 3. Infrastructure/deployment and skill considerations
103
Figure 3-25 Deleting an item
Starting and stopping items
Most items can be started and stopped using the administrative console. To start
or stop an item using the console:
1. Select the item type in the navigation tree.
2. Select the item in the collection table by checking the box next to it.
3. Click Start or Stop.
The collection table will show the status of the server.
Note: The status of the server can also be unavailable. This will happen when
the node agent on the node in which the application server is installed is not
active. In this case, the server cannot be started or stopped.
For example, to start an existing application server, select Servers →
Application Servers. Place a check mark in the check box beside the
application server you want started and click Start.
104
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-26 Starting and stopping items
Table 3-3 shows how to start/stop the following items.
Table 3-3 How to stop/start items
Type
From
How
Applications
Console
Applications → Enterprise Applications
JMS servers
Console
Servers → JMS Servers
Application servers
Console
Servers → Application Servers
1
Since the Deployment Manager is running the administrative console application,
stopping the Deployment Manager from the administrative console will log you out of the
current session. Logging in under the same user ID will allow you to save any changes
made that were not published to the master configuration repository in the previous
session.
2 Stopping
the Deployment Manager does not stop any of the node agents or the
application servers running under those node agents.
Chapter 3. Infrastructure/deployment and skill considerations
105
Type
From
How
Deployment Manager
process (dmgr)
Command
prompt
<WAS_ND_HOME>/bin/startManager (.sh)
<WAS_ND_HOME>/bin/stopManager (.sh)2
Console1,2
(stop only)
System Administration> Deployment Manager
1
Since the Deployment Manager is running the administrative console application,
stopping the Deployment Manager from the administrative console will log you out of the
current session. Logging in under the same user ID will allow you to save any changes
made that were not published to the master configuration repository in the previous
session.
2
Stopping the Deployment Manager does not stop any of the node agents or the
application servers running under those node agents.
Saving work
As you work with the configuration, your changes are saved to temporary
workspace storage. For the configuration changes to take effect, they must be
saved to the master configuration and then synchronized (sent) to the nodes.
Consider the following:
򐂰 If you work on a page, and click Apply or OK, the changes will be saved in
the workspace under your user ID. This will allow you to recover changes
under the same user ID if you exit the session without saving.
򐂰 You need to click Save to save changes to the master repository. This can be
done from the taskbar, from the Messages area, or when you log in if you
logged out without saving the changes.
򐂰 If you do not save changes to the master repository, the changes will not be
pushed to your node’s configuration repository. Effectively, the new settings
are lost. They are just available as configuration settings in your temporary
workspace.
򐂰 The Save window presents you with the following options:
– Save.
– Discard: Discard reverses any changes made during the working session
and reverts to the master configuration.
– Cancel: Cancel does not reverse changes made during the working
session. It just cancels the action of saving to the master repository for
now.
– Synchronize changes with nodes: This distributes the new configuration to
the nodes.
106
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Before deciding whether you want to save or discard changes, you can see
what changes will be saved by expanding View items with changes in the
Save window.
Important: All the changes made during a session are cumulative.
Therefore when you decide to save changes to the master repository,
either at logon or after clicking Save on the taskbar, all changes will be
committed. There is no way of being selective about what changes will get
saved to the master repository.
򐂰 When you are done, log out of the console using the Logout option on the
taskbar.
Getting help
Help is accessible via:
򐂰 The Help menu in the taskbar. This opens a new Web browser with online
help for the administrative console. It is structured by administrative tasks.
See Figure 3-27.
Figure 3-27 Online help
򐂰 The Hide Field and Page Descriptions toggle. When disabled, console pages
will show an i icon at the top of the workspace for page descriptions, and
beside a field to see information just about that particular item. Click it to
access description information.
Chapter 3. Infrastructure/deployment and skill considerations
107
For example, Figure 3-28 shows that there is description information available
at the page level and field levels. This will just be a subset of the information
contained at the page level.
Figure 3-28 Description information
򐂰 The InfoCenter can be viewed online or downloaded from:
http://www.ibm.com/software/webservers/appserv/infocenter.html
3.5.4 WebSphere Portal Administration overview
This section describes a basic overview of how to use the administration portlets
provided by WebSphere Portal.
Important: This section is intended to provide only an overview of WebSphere
Portal administration. (Portal Administration is an in-depth topic that extends
far beyond the scope of this book.) For more a in-depth reference, refer to IBM
WebSphere Portal for Multiplatforms V5 Handbook, SG24-6098-00:
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246098.h
tml?Open
108
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3.5.5 Introduction to WebSphere Portal administration
In WebSphere Portal V5, the administration of Portal is done through Portal itself,
either in a centralized or delegated fashion. The administration interface for
Portal enables quick access to the administration portlets and greatly simplifies
the task of administering the portal. Administrators can deliver a new service to
users simply by adding new portlets to the pages of the portal. Since these are
portlets, just like bookmarks, reminders, news, or any other portlets,
administrators can control access to them, place them on portal pages, and
perform any of the usual steps.
WebSphere Portal V5 provides a node called Portal Administration, which, for
instance, allows the portal administrator to install portlets, create themes and
skins, work with users and groups, and secure portlets. The Portal Administration
node contains the following portlet pages:
򐂰
򐂰
򐂰
򐂰
򐂰
Portal User Interface
Portlets
Access
Portal Settings
Portal Analysis
3.5.6 Launching the Portal user administrative interface
In this section, we discuss how to log in to WebSphere Portal and access the
administration node.
WebSphere Portal V5 uses the WebSphere Application Server V5 administration
server. This has to be started before we use WebSphere Portal.
Starting and stopping the administrative server
In this section, we illustrate the starting and stopping of the administrative server.
1. Verify whether you have started server1, which is the default WebSphere
Application Server administrative server.
a. To do this, open a command prompt window and change the directory to
WebSphere/AppServe/bin.
b. Enter the command serverStatus server1.
c. If the server is stopped, make sure you start the server before you
proceed.
2. To start the server, enter the following command:
startServer server1
Chapter 3. Infrastructure/deployment and skill considerations
109
If you are running with security enabled in WebSphere Application Server,
you need to specify a user ID and password for security authentication. In this
case, enter the following command (in the following command, the user ID
can be wpsadmin, which is the admin_userid):
startServer server1 -user admin_userid -password admin_userid
To stop the server, use stopServer in place of startServer in the above
commands. You can test the above command by accessing the administrative
console of WebSphere Application Server by issuing the following URL in
your browser.
http://fullyqualifiedhostname:9090/admin
Once the Welcome page loads, click the Administration tab to log in as an
administrator.
3.6 Portal Administrative User Interface
Portal User Interface includes two portlets:
򐂰 Manage Pages portlet
򐂰 Themes and Skins portlet
You can use the Portal User Interface page to manage the portal look and feel
with the option to create pages, edit pages, and add a new theme or skin or
modify any existing theme or skin.
When you select the Portal User Interface page, you will see the window shown
in Figure 3-29 on page 111.
110
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-29 Portal User Interface page under Portal Administration node
3.6.1 Manage Pages
The Manage Pages portlet will help you to:
򐂰 Create a new page or label, and edit, delete, activate/deactivate, and re-order
a page, label or URL.
򐂰 Edit properties of pages, URLs, and labels.
򐂰 Assign access to pages, URLs, and labels.
Note: Pages can be in a tree structure within Portal. One page can have
multiple pages underneath.
When you open the Manage Pages portlet, you will see the window shown in
Figure 3-30 on page 112.
Chapter 3. Infrastructure/deployment and skill considerations
111
Figure 3-30 Manage Pages portlet
The Manage Pages portlet displays existing portal pages, labels, and URLs that
are available. It also provides information as to whether these portal resources
are active. It also allows you to edit the properties of these resources and have
access assigned on them.
In Figure 3-30 you can see the page My Portal as a node when you click it. It will
have child pages. Icons that are displayed corresponding to the resources
indicate the permissions you have on that particular resource. These icons and
links are dependent upon the permissions you have on the resource. Once you
complete the task, you will be returned to the Manage Pages portlet.
All the labels, pages, and URLs are associated underneath the Content Root.
Search pages, labels, and URLs
You can search for pages, labels, and URLs using this option.
1. Under the Manage Pages portlet, select the option that you want to search.
You can choose from the drop-down list. In our example, we have used for our
search criteria Title Contains, with Welcome as the keyword, as shown in
Figure 3-31 on page 113. Examples of other options include description
contains, markup contains, all available, unique name, and last modified.
112
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-31 Search label, pages, and URLs
2. Click Search to begin the search process and you will see the results in the
table.
Once you have the portal resource, you can perform any functionality using the
icons corresponding to that resource.
In Figure 3-31, highlighted numbers 1 and 2 correspond to the following:
Option 1: This is a new feature available in the WebSphere Portal V5
administrative portlet. You have a provision for listing all the available portal
resources pertaining to the selected portlet as a table. When you click the
Configure mode (which is indicated by the number 1 in the figure), you will see a
window similar to Figure 3-32 on page 114.
1. You will be able to control the number of resources displayed and also the
total number of resources per page. Enter the value you need.
2. Select the Show search expanded option to have the search feature
enabled.
3. Click OK to confirm changes or Cancel to return.
Chapter 3. Infrastructure/deployment and skill considerations
113
Figure 3-32 List available portal resources for the selected portlet
Option 2: This will allow you to specify a number of resources and a number of
resources per page that will be displayed on a selected administrative portlet.
Icon functionalities on a page, label, or URL
You can observe from Figure 3-33 on page 115 the different functionalities you
can execute from the icons associated with the resource.
114
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-33 Functionalities associated with the icons
Option 1: Edit page properties
You will be performing the same steps for editing properties on any existing label,
URL, or page.
1. Click the Edit Page Properties icon. You will see a window open as shown in
Figure 3-34 on page 116. For our example, we used the My Portal label.
However, if you have any nested portal resources under My Portal, you will
click My Portal and select the child page for which you need to edit page
properties.
2. Make the changes you need. You can select a different theme; preview the
theme by opening the Preview icon.
3. When you expand Advanced options, you will have the choice to choose
different markups that are available in the portal.
4. Click OK to save changes.
Chapter 3. Infrastructure/deployment and skill considerations
115
Figure 3-34 Edit page properties
5. You will see a confirmation message, as shown in Figure 3-35, about the
changes you made.
Figure 3-35 Confirmation message on the changes made to the portal resource
116
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Option 2: Set page permission
You can set access permissions by navigating to the page, label, or URL to which
you want to assign or modify access.
Click the Set Page Permission icon to set or edit permissions on a particular
portal resource (in our example, My Portal). You will see a window open as
shown in Figure 3-36.
Figure 3-36 Set page permissions
Option 3: Delete
You need to have manager privileges to delete a page, label, or URL.
Click the Delete icon associated with the resource you need to delete. A
confirmation message will appear before you delete. Click OK to continue and
the resource will be deleted. Once a resource is deleted, it cannot be restored.
Option 4: Edit Page Layout
The Edit Page Layout option allows you to add portlets and arrange portlets in
rows and columns. It also helps you to remove any portlets, columns, or rows. An
example is shown in Figure 3-37 on page 118.
Chapter 3. Infrastructure/deployment and skill considerations
117
Figure 3-37 Edit page layout
Tip: You can activate/deactivate a page, label, or URL using Manage Pages
portlet.
Select the page, label, or URL you need to deactivate. Click the Activate icon.
A confirmation message will pop up, asking you to confirm changes. Click OK
to deactivate the resource. Once you deactivate a page, label, or URL, you
cannot use them unless you activate the resource.
Creating a new page
You can create a new page under an existing page and perform all the
administrative functionalities on the page as described above.
You must have Administrator, Manager, or Editor role assignments for creating
public pages and Administrator or Privileged User role assignment for creating
private pages.
For our example, we have selected the option of creating a new page under My
Portal, as shown in Figure 3-38 on page 119.
118
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-38 Reordering pages and choosing the option to create a new page
You can reorder pages as shown in the figure above (up arrow and down arrow
circled in the figure), labels, and URLs. You must have the Privileged User,
Manager, Security Administrator, Editor, or Administrator role assignment on the
parent page to reorder items. A message will display as to whether you have
successfully swapped when you reorder pages, labels, or URLs.
1. Click the New Page icon on the Manage Pages portlet. You will see a new
window open as shown in Figure 3-39 on page 120.
a. In our example, for the Page Title option, we have named the new page
ITSOPage.
b. Select the theme for your page. You can preview the theme before you
finalize.
c. Select Advanced Options to have additional features or click OK if you
need to add the new page with default settings.
d. When you select Advanced Options, you can add the page to the My
Favorites list. When this feature is opted, users can bookmark this page
and it will be available from My Favorites in the banner. If you want this
page to be shared by others, select The contents of this page can be
shared by other pages.
Chapter 3. Infrastructure/deployment and skill considerations
119
e. Select the type of layout you need for the page, for example, two columns
or three columns.
f. Select A Page which uses content from a shared page if you want the
new page to reference an existing page. Initial content and layout
properties are inherited in this scenario. Changes made to the parent page
are inherited to the child page.
g. Click OK to save changes.
Figure 3-39 Creating a new page
2. You will see a confirmation message when a new page is created, as shown
in Figure 3-40 on page 121.
120
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-40 Confirmation message for the new page
3. The new page ITSOPage that we created will be listed under the titles for My
Portal, as shown in Figure 3-41 on page 122.
– You can edit the layout on this page, add portlets, and assign permissions
for the page.
– You can also add child pages to ITSOPage using the same steps as
described above for creating a new page.
Chapter 3. Infrastructure/deployment and skill considerations
121
Figure 3-41 New Page added successfully
4. You can confirm ITSOPage creation by opening My Portal, as shown in
Figure 3-42.
Figure 3-42 ITSOPage (New Page that we created) added to My Portal
122
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Creating a new label
Labels are used to group pages or URLs. To create a new label:
1. Select the New Label option from the Manage Pages portlet. You will see a
window open as shown in Figure 3-43.
Figure 3-43 Create a new label
a. In our example, we have the title for the new label as TestLabel.
b. Select a theme for the label. You can preview the theme you select before
you confirm. This option is available only when you create a root page.
c. The Advanced option will let you choose the markup that the page
supports. By default, html is selected.
d. Click OK to save the settings and create a new label or Cancel to return to
the Manage Pages portlet without creating a new label.
2. By clicking option 1, as shown in Figure 3-43, you can edit the properties for
the Create New Label portlet. For example, when you open the Create New
Label portlet, you can have WML and HTML as the markups supported by
default under the advanced options. This is done by editing the properties as
shown in Figure 3-44 on page 124 and clicking OK to save changes.
Chapter 3. Infrastructure/deployment and skill considerations
123
Figure 3-44 Edit properties for creating new label portlet
Creating a new page
You can create a new page under an existing page and perform all the
administrative functionalities on the page as described above.
You must have Administrator, Manager, or Editor role assignments for creating
public pages and Administrator or Privileged User role assignment for creating
private pages.
1. For our example, we have selected the option of creating a new page under
My Portal, as shown in Figure 3-38 on page 119.
124
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-45 Reordering pages and choosing the option to create a new page
2. You can reorder pages as shown in the figure above (up arrow and down
arrow circled in the figure), labels, and URLs. You must have the Privileged
User, Manager, Security Administrator, Editor, or Administrator role
assignment on the parent page to reorder items. A message will display as to
whether you have successfully swapped when you reorder pages, labels, or
URLs.
3. Click the New Page icon on the Manage Pages portlet. You will see a new
window open as shown in Figure 3-39 on page 120.
a. In our example, for the Page Title option, we have named the new page
ITSOPage.
b. Select the theme for your page. You can preview the theme before you
finalize.
c. Select Advanced Options to have additional features or click OK if you
need to add the new page with the default settings.
d. When you select Advanced Options, you can add the page to the My
Favorites list. When this feature is opted, users can bookmark this page
and it will be available from My Favorites in the banner. If you want this
Chapter 3. Infrastructure/deployment and skill considerations
125
page to be shared by others, select The contents of this page can be
shared by other pages.
e. Select the type of layout you need for the page, for example, two columns
or three columns.
f. Select A Page which uses content from a shared page if you want the
new page to reference an existing page. Initial content and layout
properties are inherited in this scenario. Changes made to the parent page
are inherited to the child page.
g. Click OK to save changes.
Figure 3-46 Creating a new page
4. You will see a confirmation message when a new page is created, as shown
in Figure 3-40 on page 121.
126
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3.6.2 Themes and skins
Themes and skins are templates that provide a page group's look and feel. They
provide specific control for branding, navigation, and decoration.
򐂰 Branding is the general scheme of the page. It usually encompasses logos,
color schemes, decorations, fonts, artistic layout, etc.
򐂰 Navigation refers to the way in which the user gets around on the site. There
are several themes that demonstrate some of the different navigation models.
򐂰 Decorations are the icons and images that are used to provide function and
content links as well as general look-and-feel enhancement.
Each place has a theme associated with it, and each theme has a set of skins
associated with it.
Themes
A theme is an attribute of a page group, meaning you create page groups and
then apply a theme to them. Themes are not user-specific. All users see the
same theme that is applied to the page group. This means that a user could be
presented with a completely different site experience when navigating from one
page group to the next.
Note: A theme determines the global appearance of all pages in a place. This
will ensure visual consistency. Themes affect the navigational structure, the
banner, colors, and fonts, and other visual elements of a page.
Themes contain various components:
򐂰 Cascading Style Sheets (CSS) files provide a mechanism to apply look and
feel to specific HTML tags. This can be done on a broad scale by specifying
the attributes of the specific HTML tag. Or you can create classes and apply
specific classes to the HTML attributes as desired. For example, you can
specify a font size to be used on the <P> (paragraph) tag or you can create a
class that specifies a font size, and then point to the class when you use the
<P> tag. This second method provides the ability to apply different attributes
to the same tag and achieve a variety of effects. CSS files can be found in the
product install directory.
򐂰 Images provide specific brands, logos, and decorations. The image
components of the theme's supported skins that are sensitive to theme
settings are kept with the theme's images.
򐂰 Each theme contains its own set of JSPs to render the page groups and
pages. This allows a completely different layout and brand experience from
one page group to the next.
Chapter 3. Infrastructure/deployment and skill considerations
127
򐂰 Assets (images, JSPs, etc.) that are used in themes and skins are resolved by
using WebSphere Portal supplied custom tags. There are several points
within the directory structure where assets can be located. When the
<wps:urlFindInxxx> tag is used, a search for the asset begins deep in the
directory structure where the asset may be deployed for a specific country
within a locale. If the assets are not found or the directory structure does not
exist, the search continues by traversing up the directory tree. It is important
to deploy default assets in the theme (or skin) root in order to avoid a not
found situation.
During portal aggregation, the portal determines the theme for display as follows:
򐂰 If there is a theme associated with the displayed page group, the portal uses
this theme.
򐂰 If there is no theme specified for the page group, the portal-wide default
theme is used.
򐂰 If no portal default theme is set, the portal uses the theme settings given in
the theme main directory, such as /theme/French for HTML.
Note: Theme or skin aggregation takes place in the following order:
1. /locale_region
2. /locale
3. client
4. /theme_name (for Theme) or /skin_name (for Skin)
5. /markup
A default theme is not required for the portal.
Here is a search order example:
<...background='<wps:urlFindInTheme file="banner.jpg">'>
\themes\html\science\ie5\en_US\default.jsp
\themes\html\science\ie5\en\default.jsp
\themes\html\science\ie5\default.jsp
\themes\html\science\en_US\default.jsp
\themes\html\science\en\default.jsp
\themes\html\science\default.jsp
\themes\html\en_US\default.jsp
\themes\html\en\default.jsp
\themes\html\default.jsp
\themes\default.jsp
128
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
In WebSphere Portal V5, themes are located under
was_root/installedApps/hostname/wps.ear/wps.war/themes/. The themes folder
contains a subdirectory for each markup type.
Note: In WebSphere Portal V4.x, themes were located under the
was_root/PortalServer/app/wps.ear/wps.war/themes directory.
Creating a new theme
To create a new theme:
1. Create a new directory for your theme:
<was_root>/installedApps/hostname/wps.ear/wps.war/themes/html/NewTheme
2. Choose a current theme closest to the layout you want:
/themes/html/Science
3. Copy the resources into the appropriate directories:
– JSPs: Default.jsp, Banner.jsp, Navigation.jsp, ...
– Images: banner.jpg, navfade.jpg, ...
– Style Sheet: Styles.css
Note: You may modify the tag definitions and the class definitions.
4. Customize to get the look and feel you are seeking.
5. Add this new theme using the Themes and Skins portlet under Portal
Administration and Portal User Interface.
Tip: Before you deploy this new theme for general use, it is recommended that
you deploy this new theme to a test page and test this new theme.
Skins
Skins are used to apply specific decorations to portlets. They are used in
conjunction with the theme in order to accomplish this. For instance, the theme's
Cascading Style Sheet is used to specify the color of the portlet’s title bar. Some
skins use images to produce rounded corners on the title bar. The rounded
corner images are stored with the different themes that support the skin. This is
done so that the colors match across all of the components of the portlet’s title
bar. The rest of the skin assets are generic and apply to all theme uses, so they
are kept in the skins folder.
Skins contain images that are used to create the visual effects of the portlet. The
visual portlet container (lines, shadows, backgrounds, etc.) and the portlet
navigation icons (edit, help, back, etc.) are the main components of a skin.
Chapter 3. Infrastructure/deployment and skill considerations
129
Skins are applied to the portlet via a JSP known as Control.jsp. Each skin has its
own version of Control.jsp. It is used to specify the exact implementation of the
skin.
Note: Skins are installed independent of themes, but a skin can be associated
with a theme.
The search for skin assets works the same way as the themes search. Using the
<wps:urlFindInSkin> tag, the file system is traversed starting with a specific
country within a locale and working up to the skin default.
Skin: A skin defines the frame around a portlet, thus determining the look of
the portlet. It affects only portlets. You can select a skin for each portlet in a
page if the theme has skins associated with it.
The portal determines the skin for display as follows:
1. If there is a skin specified for the portlet, the portal displays the component in
that skin.
2. If there is no skin specified for the component, the portal looks for a skin at
page level and uses it.
3. If no skin has been set for the page, the portal checks the page group for a
skin setting.
4. If the page group has no skin specified, the portal uses the default skin of the
page group.
5. If no skin has been found so far, the portal default skin is used.
To create a new skin, make a copy of one of the existing ones and modify the
images and the JSP in order to get the desired look and feel. Once you finish,
you will be able to choose it from the administration portlets.
In WebSphere Portal V5, skins are located under
was_root/installedApps/hostname/wps.ear/wps.war/skins/. The Skins folder
contains a subdirectory for each markup type.
Note: In WebSphere Portal V4.x, themes were located under the
was_root/PortalServer/app/wps.ear/wps.war/skins directory.
130
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Creating a new skin
To create a new skin, execute the following steps:
1. Create a new directory for your skin. Let us name it NewSkin
(was_root/installedApps/hostname/wps.ear/wps.war/skins/).
2. Choose a current skin closest to the layout you want (/skins/html/Science).
3. Copy the resources into the appropriate directories:
– JSPs: Control.jsp, RowContainer.jsp, ColumnContainer.jsp, etc.
– Images: title_edit.gif, etc.
4. Customize to get the look and feel you are looking for.
Control.jsp is the only JSP that you would want to modify. Images may be
modified or new ones created.
5. Add this new skin using the Themes and Skins portlet under Portal
Administration and Portal User Interface
Tip: Before you deploy this new skin for general use, it is recommended that
you deploy this new theme to a test page and test it.
If you have a faulty theme or skin, remove it from the theme or skin folder and
then remove it from WebSphere Portal using the Themes and Skins
administrative portlet.
Administering the Themes and Skins portlet
At this time, you will administer the Themes and Skins portlet:
1. From the Portal User Interface page, select the Themes and Skins portlet.
You should see the Themes and Skins portlet as shown in Figure 3-47 on
page 132.
Note: In WebSphere Portal V4.x, the Themes and Skins portlet was called
Manage Themes and Skins portlet.
Chapter 3. Infrastructure/deployment and skill considerations
131
Figure 3-47 Themes and Skins portlet
2. In the Themes and Skins portlet, you can see that we have WebSphere as the
portal default theme and Outline as the portal default skin.
3. The Themes and Skins portlet has four administrative capabilities:
–
–
–
–
Add New Theme/Skin.
Edit Theme/Skin.
Delete Theme/Skin.
Set Default Theme or Skin.
Add new theme
Add new theme will allow you to add a new theme.
1. Click the Add New theme option.
2. You will see a window open, as shown in Figure 3-48 on page 133.
132
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-48 Add a new theme
3. Enter the name for the theme (default locale title). In our example, we have
specified New Theme.
4. Enter the directory location of your theme. You can specify a relative path.
5. You will have All Skins to your left-hand side and you can use the arrow button
and choose the skin that you want for the theme.
Note: If only one skin is chosen, it is selected as the default. However, you
can choose multiple skins and click Set as Default to make it the default
skin. In WebSphere Portal V5.0, you have additional default skins and
themes as compared with WebSphere Portal V4.x.
6. You can confirm with the message at the bottom of your default skin. In our
example, we have chosen Diamonds as the default skin for our theme.
7. You can change the language and the theme title (locale-specific theme titles)
by selecting the Set locale specific titles option.
8. Click the Set locale specific-titles option. You will see a window similar to
Figure 3-49 on page 134.
Chapter 3. Infrastructure/deployment and skill considerations
133
Figure 3-49 Change theme title and language using set locale-specific titles option
9. Once finished, click OK to add the new theme or Cancel to return.
10.You will see New Theme being added to the list of available portlet themes.
Edit Theme
The Edit Theme option will help you modify which skin your theme uses.
1. Select the theme for which you need to modify the skin, as shown in
Figure 3-50 on page 135.
134
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-50 Edit theme
2. Select Edit theme.
3. Make the necessary changes. You can also edit local specific titles here.
4. Click OK to confirm the changes or Cancel to return.
Delete theme
Complete the following instructions to remove a theme:
1. Select the theme you want to delete and click Delete.
2. A pop-up window will ask you to confirm your deletion.
3. Select OK to confirm or Cancel to return.
Tip: The files that compose the theme are not deleted from the system.
Set as default portal theme
To set a portal-wide default theme, select a theme from the themes list, then click
Set as default portal theme.
If no theme is set for a place, the Portal default theme is used.
Tip: You should not apply the Admin theme to the portal. This theme is
intended for administrative portlets and renders the portlets without a title bar.
Chapter 3. Infrastructure/deployment and skill considerations
135
Add new skin
You can add a new skin using the Add New Skin option.
1. Select Add New Skin.
2. You will see a window similar to Figure 3-51.
Figure 3-51 Add a new skin
3. Specify a skin name (New Skin), a default locale, and the directory location
where this skin is stored. You can specify a relative path for the skin directory
name.
4. The Set locale specific titles option will help you change the locale-specific
titles.
5. Click OK to add the new skin or Cancel to return.
6. You should now see New Skin added to the list of available skins.
Delete skin
Execute the following steps to delete a skin.
1. Select the skin you want to delete.
2. A hint window will pop up asking you to confirm the deletion. Click OK if you
are sure or Cancel to return.
Set as default portal skin
This option will help you to set a portal-wide default skin for portlets:
1. Select a skin from the available skins list.
2. Click Set as default portal skin. If no default skin is set for a theme, the
portal default skin is used.
136
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The changes will be reflected when the page refreshes.
Important: You should not apply the skin with the name NoSkin to a portlet.
This skin is intended for administrative portlets and renders the portlet without
a title bar.
3.7 Portlets
The Portlets page in Portal Administration includes four portlets:
򐂰
򐂰
򐂰
򐂰
Install
Manage Applications
Manage Portlets
Web Clipping
You can use these portlets available under the Portlets section of Portal
Administration to install portlets; manage Web modules and portlet applications;
copy, configure, activate/deactivate, and delete portlets using Manage Portlets;
and build a portlet from clipped contents using the Web Clipping portlet. In this
section of the chapter, we explore these portlets and their functionalities
individually.
Note: A Web module is nothing but a Web application comprised of servlets,
JSPs, and static content such as HTML pages. A Web module can contain
more than one portlet application, JSP, servlet, and static HTML file. The Web
module is packaged in the Web archive (.war) file.
When you click the Portlets section under Portal Administration, you will see a
window similar to Figure 3-52 on page 138.
Chapter 3. Infrastructure/deployment and skill considerations
137
Figure 3-52 Portlets page in Portal Administration
3.7.1 Install
In WebSphere Portal V4.x, this portlet was named Install Portlets. This feature
will help you install a portlet application. A portlet application is installed through
a Web archive (WAR) file, or install remote portlets via UDDI directory (Web
Services portlet). The WAR file, which is used to install the portlet application,
can contain multiple portlets. The install process uploads the WAR file to the
server, installs portlets, adds them to the list of available portlets, and activates
the portlets. Once you install a portlet, it is automatically activated but with no
permissions. A new rule is added to Access Control, making the user who
installed the portlet the owner. The user can then go to the Resource
Permissions portlet and assign roles to users and groups for gaining access to
this portlet.
Tip: Before you install a portlet, make sure you have not installed the same
portlet earlier. If you try installing twice, you will get an error message.
The portlet name should not exceed 25 characters and the portlet path length
should not exceed 260 characters.
138
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Important: An administrator should have the manager role on the portal to
install portlets.
1. Select Install portlet. Browse for the WAR file as shown in Figure 3-53. Click
Next.
Figure 3-53 Browse the WAR file for installing portlet
2. Check for the list of portlets included in the WAR file, as shown in Figure 3-54
on page 140. Click Install to proceed with the installation. You can click
Cancel anytime to stop the installation process.
3. At the end of the portlet installation, if it was successful, you should see the
message Portlets Successfully Installed, as shown in Figure 3-55 on
page 140. You can click Next if you want to install more portlets.
Tip: If portlet installation fails, check for the Portal logs directory and check the
latest log file located under \WebSphere\PortalServer\logs\. The name of the
log file can be determined with the append of the latest time and date stamp
on it (for example, wps_2003.10.27-11.00.47.log).
Chapter 3. Infrastructure/deployment and skill considerations
139
Figure 3-54 Check for the portlets that will be installed
Figure 3-55 Portlet successfully installed
140
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3.7.2 Manage Portlet Applications
Manage Portlet Applications helps you to identify and manage existing installed
Web modules (WAR file). It also displays the concrete portlet application
corresponding to the selected Web module. Using this portlet, you can uninstall
the portlet application and modify dynamically configured parameters or portlet
application settings.
Select the Manage Portlet Applications portlet and you should see a window
open as shown in Figure 3-56 on page 142. Using the Manage Applications
portlet, you will be able to:
򐂰 Show Info.
򐂰 Update.
򐂰 Un-install.
Web modules can contain one or more portlet applications, servlets JSP files,
and other files, and are defined in the Web descriptor file (web.xml).
With the portlet applications belonging to the selected module, you can:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Activate/Deactivate.
Rename.
Copy.
Modify Parameters.
Show Info.
Delete.
Portal applications can contain one or more portlets. They are created implicitly
when the WAR file is deployed and they are packaged as an enterprise
application (ear file). You will see the default Web modules in Figure 3-56 on
page 142. This is installed during the WebSphere Portal installation.
Note: You need to select the portlet application belonging to the selected Web
module in order to see the icons for Activate/Deactivate, Copy, Modify
Parameters, Show Info, and Delete.
Chapter 3. Infrastructure/deployment and skill considerations
141
Figure 3-56 Manage Applications portlet
Show Info
Show Info describes the content of the WAR file (Web module), abstract portlet
application, and abstract portlet (complete portlet application).
1. Select a WAR file and click Show Info.
2. You will be shown the selected Web module, portlet application name,
concrete portlet applications belonging to the Web module, and portlets, as
shown in Figure 3-57 on page 143.
3. Click Done to come back to Manage Portlet.
142
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-57 Manage Portlet Applications
Update
The Update option helps you to modify your existing portlet application without
the need to uninstall your existing portlet application.
Note: Update functionality includes updating configuration parameters in your
portlet and replacing the portlet code with new code, incorporating all the
changes.
1. Select any WAR file that you need to update. Click Update and it will take you
to a window similar to Figure 3-58 on page 144.
Chapter 3. Infrastructure/deployment and skill considerations
143
Figure 3-58 Update existing Web module
2. Enter or browse for the updated WAR file.
3. Click Next. You can also click Cancel to return without updating the WAR file.
4. You will get a window highlighting the portlets that will be installed during the
update. Check for accuracy and click the Install option. You can select
Cancel to return.
5. If the WAR file is successfully updated, you should see The web module was
updated successfully.
Tip: It is not required for you to add the portlet to the page again after doing an
update. Changes are incorporated to the page where the portlet was installed
automatically.
Uninstall
Uninstall helps to uninstall your existing portlet application.
1. Highlight the Web module to uninstall.
2. A confirmation window will prompt for confirmation. Click OK if you want to
uninstall or click Cancel to return to the Manage Portlet Application portlet
without uninstalling the Web module.
144
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3. If you click OK, you will get the message The web module was uninstalled
successfully in the Manage Portlet Applications portlet and this Web module
will be removed from the Web module section and also from the page where
the portlet is deployed.
Portlet applications belonging to the selected Web module
When you select a Web module, you will find the list of portlet applications
corresponding to the selected Web module. When you select any of these portlet
applications, you will see the options to Activate/Deactivate, Copy, Modify
Parameters, Show Info, and Delete, as shown in Figure 3-59.
Figure 3-59 Select portlet application belonging to the Web module
Activate/Deactivate
The Deactivate feature helps to temporarily suspend access to your selected
portlet application and then with activating, provide access to the portlet
application.
1. Highlight the portlet application to activate or deactivate. By default, the
portlet application will be in Active state.
2. Click Activate/Deactivate to deactivate the portlet application and vice versa.
Tip: Once you deactivate your portlet application, all the portlets that are part
of the deactivated application will disappear from your customized portal page.
Chapter 3. Infrastructure/deployment and skill considerations
145
Copy (Cloning)
This option helps to copy your concrete portlet application.
Note: This is useful when different portlet configuration parameters are
required for different instances of a portlet.
You can activate or deactivate based upon your requirements. When you copy a
Portal application, the newly created application is active by default. However,
portlets that are part of the newly created Portal application are Inactive. To
customize this Portal application, you will have to activate it, using the
Activate/Deactivate option.
1. Highlight the portlet application corresponding to WAR file of your choice.
2. Select Copy. A window will prompt you to enter the name for the copy.
3. Click OK. You can hit Cancel to avoid copying.
Once it is copied, you should see the new portlet application under the portlet
applications belonging to the selected Web module.
Note: Prior to the release of this book, we were informed of a possible error in
the use of the copy feature. This has been corrected and the fix will be
included in the release of WebSphere Portal 5.0.2.
Modify Parameters
Modify Parameters allows you to modify the configuration parameters of the
portlet application. Parameters are originally set by portlet.xml for that instance.
1. Highlight the portlet application you want to modify. Select Modify
parameters.
2. You will see a window similar to Figure 3-60 on page 147 with the portlet
application name and the existing parameter values.
146
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 3-60 Select Portlet Application for modifying parameters
3. To add a new parameter and value, enter the new values.
4. Click Add and Save. The parameter and value are saved and you will be
taken back to the Manage Applications portlet.
5. Click Cancel to stop modifying any parameters and you will be taken back to
the Manage Applications Portlet.
6. To test, select the page that contains the portlet for which you modified the
parameters. You should see the new modified parameters in your portlet.
7. You can also rename a portlet application. When you clone a portlet
application, you may wish to rename one of the portlet applications to avoid
duplicate names. Renaming helps with this functionality.
a. To change the title of the portlet, select the portlet and click Modify
Parameters.
b. Under Edit Locale Specific Titles, as shown in Figure 3-61 on page 148,
select the locale for which you want to change the title.
c. Click Set title for selected locale.
d. Enter the name of the file.
e. Click OK to make changes or Cancel to return.
f. If you test it, the portlet will have a new title for the locale you selected.
Chapter 3. Infrastructure/deployment and skill considerations
147
Figure 3-61 Set locale-specific title
Show Info
This option shows information for each concrete portlet application. It displays
the names of the concrete portlets that are part of the selected portlet
application.
1. Select the concrete portlet application corresponding to the Web module and
click Show Info.
2. You should see a window open with information that includes the portlet
application name and the corresponding portlets.
3. Click Done to return to the Manage Applications portlet.
Delete
This deletes the portlet application.
1. Select the portlet application that you wish to delete. Click Delete.
2. A prompt window will appear to confirm. Click OK to delete the portlet
application or Cancel to avoid deleting, depending on your requirement.
3. If the deletion was successful, you will not see the portlet application.
3.7.3 Manage Portlets
Manage Portlets allows you to selectively activate, deactivate, rename, copy, and
delete portlets and modify portlet parameters instead of portlet applications as
we did in the previous section.
򐂰 Manage Portlets will display the list of all available portlets in the portal, as
shown in Figure 3-62 on page 149.
148
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 You can also search for portlets by specifying the search criteria
(Active/Inactive state) and clicking Go.
Note: When you take the default of displaying all portlets, the other selection
options are greyed out.
You need to select a portlet to see the options Activate/Deactivate, Copy,
Modify Parameters, Show Info, and Delete.
Figure 3-62 Manage Portlets
Activate/Deactivate
This option helps to activate/deactivate portlets.
1. You can select the portlet you want to activate/deactivate and click
Activate/Deactivate.
2. Once you select the Activate/Deactivate option, the page will refresh and you
should see the current status in the portlet.
Users who have active references to the inactive portlets on a portal page will
see a message stating that the portlet is temporarily disabled.
Copy
In this section, we copy a portlet. We use the Hello World portlet and the
following steps:
1. Create a copy of the Hello World portlet. The copy will be named
HelloWorld2. Navigate to the link Administration → Portlets → Manage
Portlets.
Chapter 3. Infrastructure/deployment and skill considerations
149
2. Select the HelloWorld portlet from the list of available portlets.
3. Click Copy. You will see the new portlet just before the portlet is cloned.
Please note the Inactive state of the new portlet. Additionally, the Portal
shows a message stating that the portlet was cloned successfully.
4. Select the new HelloWorld portlet in the results list. Click Modify parameters
and modify the title.
5. Select English and click Set title for selected locale.
6. Change to HelloWorld2.
7. Click OK. Click Save and click Cancel.
8. Select HelloWorld2 and click Activate/deactivate to activate the portlet.
9. Add the HelloWorld2 portlet to My Page → My label → New Page as
described in step 5 of this exercise. Put HelloWorld2 in the other column.
10.Navigate to My Page → My label → New Page and verify that HelloWorld2
exists.
Note: To copy a portlet, the user must have an Administrator, Manager, or
Editor role for public pages and an Administrator or Privileged User role for
private pages for both portlets and portlet applications.
Modify parameters
Portlets have configuration parameters that need to be changed after
deployment. Changing these parameters through the code is a time-consuming
option. The Modify parameters option allows you to modify the parameter values
of your portlet.
1. Select the portlet for which you need to modify parameters.
2. Click Modify parameters.
3. You will see a window, as shown in Figure 3-63 on page 151, with portlet
configuration parameters and titles. Select the parameter that requires
editing. Enter the new parameter or value.
4. You can also add a new parameter when you click Add.
5. The Edit Locale Specific Titles option will help you change the Portlet Title.
Select the locale and click Set title for selected locale.
6. A new window will open. Make changes and then click OK. You will return to
the portlet Configure parameter and title page.
Note: The Change title option is not mandatory. It can be used based on
individual requirements.
150
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7. Click Save and then Close.
You will be taken back to the Manage Portlets page.
Figure 3-63 Modify portlet parameters
Show Info
This shows the portlet name, portlet title, and portlet description.
1. Highlight the portlet for which you need information.
2. Click Show Info.
You should see a window, as shown in Figure 3-64 on page 152, with the
portlet information for the selected portlet.
3. Click Done to return to the Manage Portlets page.
Chapter 3. Infrastructure/deployment and skill considerations
151
Figure 3-64 Show Portlet Info
Delete
You can delete any portlet.
1. Select the Portlet you need to delete.
2. Click Delete.
3. You will get a pop-up window for confirmation. Click OK to confirm deletion
and Cancel to return.
4. The Manage Portlets page will refresh and the portlet will be deleted.
Tip: Make sure you do not delete any administrative portlets.
152
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4
Chapter 4.
Integrating Workplace with
Domino LDAP
A key decision in the implementation of any of the IBM Workplace family of
products is the choice of directory for storing and managing user information. By
utilizing the LDAP standard, it is possible to integrate different directory services
with the IBM Workplace software products to fit the unique needs of the
organization. For organizations that have implemented Lotus Domino, there is
great benefit to utilizing the Domino Directory (NAB) via LDAP for this purpose.
Many organizations have already implemented LDAP in their environment for use
with other products such as IBM Lotus software products like QuickPlace and
Lotus Sametime. Certainly if access to Domino data is desired, then using the
Domino LDAP will provide easily controlled access to the data.
Release 2.01 of Lotus Workplace and Lotus Notes/Domino 6.x has been
enhanced with features designed to help you integrate Lotus Workplace into an
existing Notes/Domino environment, and IBM Workplace Collaboration Services
2.5 and Domino Release 7 will continue to provide additional integration options.
This allows you to offer your users a choice of tools most suited to their specific
needs, while protecting and leveraging your on-going investment in Lotus
Notes/Domino.
This chapter describes the steps necessary to integrate the Lotus Domino
Directory LDAP service with the IBM Workplace family of products.
© Copyright IBM Corp. 2004. All rights reserved.
153
Note: The steps and procedures outlined in this chapter were performed using
Lotus Workplace 2.0.1. While the procedure for configuring Domino LDAP for
IBM Workplace Collaboration Services 2.5 will be quite similar, we strongly
advise you to refer to specific IBM Workplace Collaboration Services 2.5
documentation. This can be found at:
http://www-10.lotus.com/ldd/notesua.nsf/find/lwp25
154
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4.1 LDAP integration
When first installing Lotus Workplace 2.0.1, it is possible to run IBM Workplace
using only the default Cloudscape database, without security enabled. This
configuration is primarily recommended for a pilot deployment. When considering
deploying into a production environment, it is recommended to upgrade from
Cloudscape to DB2, and to then enable security. It is at this point—when
enabling security—that you will want to integrate Lotus Workplace 2.0.1 with your
Domino LDAP Environment.
Figure 4-1 illustrates how the WAS and Portal installation and configuration steps
relate to the other functional services required for Lotus Workplace 2.0.1. More
specifically, it highlights the Enabling Security step, which involves the integration
between Workplace and Domino LDAP. Additionally, it highlights the key steps
that will be followed during the installation process.
Functional components/services which comprise Lotus Workplace
1
Directory
Services
(LDAP)
- Install
- Validate
Schema, Base DN
- Setup / Add users
3
App Server
& Portal
Services
2
Data
Services
- Install
RDBMS
Apply Fixpacks
LWP Data Only
- Configure
Run Scripts/Targets
- DB2 Admin Client
Installing without existing
Portal
- Install WAS & Portal
- Validate functionality
- Migrate Cloudscape ->DB2
- Enable Security
- Appy SDK Fixes and PDM
feature pack
Installing over exsting Portal
- Verify version of WAS &
Portal
Apply Fixpacks
Upgrade to 5.0.2.3 &
5.0.2.1 if required
- Validate functionality
- Migrate Cloudscape ->DB2
- Enable Security
4
Lotus
Workplace
Services
- Install
- Configure
Run Scripts/Targets
- Validate / Test
Integration Point Domino LDAP used
for enabling security
Figure 4-1 Domino LDAP integration with Workplace
Chapter 4. Integrating Workplace with Domino LDAP
155
After you have successfully installed and upgraded WebSphere Portal Server
and you migrated data from Cloudscape to DB2, your next step is to enable
security. Enabling security on the Workplace server involves the following:
򐂰
򐂰
򐂰
򐂰
Mapping the WMM extId attribute to a unique LDAP ID
(Optional) Configuring read-only LDAP
Updating wpconfig.properties with LDAP entries
Running the enable security scripts
Note: The detailed process of installing Lotus Workplace 2.0.1 is beyond the
scope of this chapter. For extensive details on installing Lotus Workplace
2.0.1, please refer to the Redbook Lotus Workplace 2.0.1 Products:
Deployment Guide, SG24-6378-00:
http://www.redbooks.ibm.com/abstracts/sg246378.html
Note: This chapter does not cover using SSL with LDAP. For more information
about configuring SSL, please consult the Workplace Information Center at:
http://www-10.lotus.com/ldd/notesua.nsf/find/workplace
You may also search for technical articles on Workplace on the Lotus
developerWorks site at:
http://www-106.ibm.com/developerworks/lotus/library/
4.2 LDAP overview
LDAP, which is short for Lightweight Directory Access Protocol, is an open
industry standard used by a wide variety of applications to store and retrieve
information about people and resources.
򐂰 The information is stored in a tree structure, which is referred to as the
Directory Information Tree (DIT).
򐂰 User names, group names, and information about each are mapped to
various standard attribute names. Typical attributes are:
–
–
–
–
–
156
CN (Common Name)
SN (Surname or last name)
FN (First Name)
O (Organization)
C (Country)
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
We explain and identify many of these attributes later in this book. For a more
in-depth understanding of LDAP refer to the following IBM Redbooks:
򐂰 Understanding LDAP - Design and Implementation, SG24-4986-01
http://www.redbooks.ibm.com/abstracts/sg244986.html
򐂰 Using LDAP for Directory Integration - SG24-6163-01
http://www.redbooks.ibm.com/abstracts/sg246163.html
4.3 Understanding your Domino LDAP structure
The key to successfully integrating your Domino LDAP with the IBM Workplace
family is understanding how your unique organizational hierarchy maps to the
LDAP tree structure.
Typically, most organizations have implemented Domino with a hierarchical
structure with resulting user names such as:
򐂰 Bill Smith/Westford/IBM
򐂰 Jill Jones/Lotus/CA
򐂰 George Patterson/Dallas/HQ/Acme/US
In each case, these names can be mapped into LDAP structure with a
combination of four LDAP attributes:
򐂰
򐂰
򐂰
򐂰
cn
o
ou
c
In all cases, cn is the common name of the individual, so we can begin the
definition by assigning a value to the cn attribute:
cn=Bill Smith
cn=Jill Jones
cn=George Patterson
Next we need to determine which parts of the name are assigned to the
organization (o) and which are assigned to organizational units (ou). The rule of
thumb here is that every organization will have only one o attribute, but could
potentially have multiple ou attributes. In the examples above, IBM, Lotus, and
Acme would all be o attributes, whereas Westford, HQ, and Dallas would be ou
attributes. We can now expand the example names above as:
cn=Bill Smith, ou=Westford, o=IBM
cn=Jill Jones, o=Lotus
cn=George Patterson, ou=Dallas, ou=HQ, o=Acme
Chapter 4. Integrating Workplace with Domino LDAP
157
Finally, when a country code has been used we need to assign that to the c
attribute, which then completes our names:
cn=Bill Smith, ou=Westford, o=IBM
cn=Jill Jones, o=Lotus,c=CA
cn=George Patterson, ou=Dallas, ou=HQ, o=Acme,c=US
4.4 Tools for working with an LDAP Directory
Once you have mapped out your naming attributes, it is advisable to use an
LDAP directory tool to verify that you can retrieve user names using these
attributes. Within the following section, we discuss both ldapsearch and a GUI
ldap tool that illustrates the hierarchical structure of the directory.
4.4.1 ldapsearch
Lotus Domino ships with a command line tool, ldapsearch, that can be used for
verification. To use LDAPSeach, change to your Notes directory and execute the
tool using the following syntax:
C:\Notes> ldapsearch -h 192.168.0.10 cn="Bill Smith"
Or, using the DNS name of your server:
C:\Notes> ldapsearch -h Ldap.acme.com cn="George Patterson"
The display should return several lines similar to the following:
CN=Jill Jones,O=Lotus,C=CA
cn=Jill Jones
mail=Jill [email protected]
httppasswordnotessync=1
inetpublickey=30819A30 0D06099A 863886F7 0D010111
originalmodtime=20050304104937Z
objectclass=dominoPerson
objectclass=inetOrgPerson
objectclass=organizationalPerson
objectclass=person
158
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Attention: If you do not allow anonymous access to your LDAP directory
(recommended) then you will need to use additional parameters with the
LDAP search tool.
If you have defined a user ID with access to your LDAP called WPSBIND, and
given it the password Domino then you would use a syntax similar to the
following:
C:\Notes> ldapsearch -h ldap.lotus.com -D cn=wpsbind,0=lotus,c=na -w Domino
cn="Jill Jones"
4.4.2 Graphical LDAP browsers
While the LDAP search tool is an excellent aid, like many tools, having a
graphical interface can greatly improve the tool’s usability. There are several
products available as shareware; the best known of these is the LDAP browser
from Softerra at http://www.ldapbrowser.com. This tool will allow you to browse
your entire LDAP structure and is invaluable when diagnosing LDAP problems.
There is also a nice Java-based LDAP Browser/Editor available at
http://www.iit.edu/~gawojar/ldap/ that allows you both to browse and to edit
LDAP entries.
For the Java LDAP Browser/Editor, you need to have Java installed on your
system. We went to http://www.java.com and clicked on the Free Download link
in order to launch the automated Java installation. Once Java is installed, you
need to set the JAVA_HOME system variable if your system is running Windows.
In our case, we created it as a system variable with a value of C:\Program
Files\Java\j2re1.4.2_04 by right-clicking My Computer and going to the
Environment Variables section.
Restriction: Do not put quotes around the path, even though it contains a
space, or else you will receive a Java error since the LDAP Browser program
will misinterpret the JAVA_HOME variable if it is enclosed in quotes.
Once you launch your favorite LDAP browser, you will probably have to create a
profile where you specify the host name, base DN, user name, and password
with which to bind to the LDAP server. If you do not have a user name and
password, you can opt to bind anonymously. Once that is done, you can connect
to the server and browse the tree.
Chapter 4. Integrating Workplace with Domino LDAP
159
Figure 4-2 Example of a GUI LDAP browser
The tree structure is clear in the GUI if you treat moving from left to right as going
from top to bottom. You have the base DN, DC=IBM,DC=COM, at the far left,
which acts as the root of the tree. Moving to the right, you have the countries
c=us, c=de, and c=mx indented at the next level. Descending the tree by
continuing to move right, you have ou=people, ou=groups, and ou=resources.
Finally, you reach the bottom-most leaf nodes, which are the actual people
entries of objectclass inetOrgPerson.
Alternatively, Figure 4-3 on page 161 illustrates a graphic representation of the
hierarchy in the LDAP tree.
160
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
DC=
C=
OU=
groups
de
people
ibm,com
mx
resources
Carlos Luz
groups
people
us
resources
groups
Alberto Bravo
Tatjana Savov
people
resources
Gregory Chadbourne
Jeffrey Slone
John Bergland
Phil Monson
William Tworek
Figure 4-3 Graphical representation of hierarchy in LDAP tree
4.5 Domino LDAP-specific requirements
There are a number of steps that you need to take to properly configure your
Domino Directory for use with the IBM Workplace Products.
4.5.1 Adding dominoUNID to the Domino Directory
The first step that is needed is adding and populating a field called dominoUNID
in your Domino Directory (NAB). Prior to explaining the actual steps to adding the
dominoUNID field to the schema, we also explain the role of WebSphere
Member Manager and mapping the extld attribute.
Overview - Mapping the WMM extId attribute
WebSphere Portal, which is one of the underlying components of the Workplace
Products, includes a component called WebSphere Member Manager (WMM)
that manages Lotus Workplace user and group attributes or user and group
information such as names, e-mail addresses, and telephone numbers.
WebSphere Member Manager collects attributes associated with each user and
group in profiles. All Lotus Workplace components share profiles so that users
can log in once to use any Lotus Workplace component. The Member Manager
user directory configuration supported by Lotus Workplace is a lookaside
database used along with an LDAP directory. The LDAP directory stores
attributes that are defined in the LDAP directory schema, for example, first
names, last names, and e-mail addresses. The lookaside database stores
attributes that are particular to Lotus Workplace Products. Member Manager
Chapter 4. Integrating Workplace with Domino LDAP
161
manages the lookups to the LDAP directory and to the lookaside database. You
must map the Member Manager extId attribute to the attribute used for the unique
LDAP IDs.
The default schema for the Domino Directory does not contain a suitable unique
ID attribute for this purpose. However, by creating a field called dominoUNID and
populating it with the value of the DocumentUniqueID field we can create a field
that will be unique for every user in your organization.
Modifying your Domino Directory to add the dominoUniqueID field
The following directions step you through modifying your Domino Directory
(NAB) to add the dominoUniqueID field, and then populate it with values.
Note: The recommended method for customizing the Domino Directory is
making changes in a copy of the Domino Directory template (PubNames,NTF)
and then applying the changes to the Domino Directory database. See
Domino Administrator Help for more information.
Restriction: Once you customize your Domino Directory, you need to
carefully control design updates since you can no longer allow your directory
to be updated by PUBNAMES.NTF whenever you install a new version of
Domino. If you do not want to customize your Domino Directory design, you
can skip to step 8 on page 165. However, you will then need to manually
update the LDAP Schema to include dominoUNID as a valid LDAP attribute.
1. Follow these steps to create a copy of the Domino Directory template
(PUBNAMES.NTF); you will make the design change in this copy. Skip this
step if you have customized the directory previously and so have already
made a copy of the template.
a. Choose File → Database → New.
b. In the Server field at the top of the dialog box, select the server to store the
new template.
c. In the Title field, type a title for the customized template, for example,
Acme’s Domino Directory.
d. In the File Name field, type a name for the customized template file, for
example, ACMENAMES.NTF.
e. In the Server field at the bottom of the dialog box, select a server that
stores the default Domino Directory template (PUBNAMES.NTF).
f. Click Show advanced templates.
g. Choose Domino Directory (PUBNAMES.NTF) from the list of templates.
162
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
h. Ensure that the "Inherit future design changes" field is not checked. If this
is selected, then your changes will be overwritten when a new version of
the default Domino Directory template becomes available.
i. Click OK. The customized Domino Directory template is now open.
j. Choose File → Database → Properties, and then click the Design tab
(the fourth tab from the left).
k. Choose Database file is a master template, and then in the Template
name field, enter a name for the master template, for example,
StdAcmeDominoDirectory.
l. Close the Properties box.
2. Log in to Domino Designer® using the name and password of a server
administrator.
3. Open the customized template you created in step 1.
4. Add a field named dominoUNID to the Person, Group, and Server\Certifier
forms. Create it as a Computed when Composed field and specify the
following formula for it:
@If(dominoUNID != ""; dominoUNID; @Text(@DocumentUniqueID))
Chapter 4. Integrating Workplace with Domino LDAP
163
Figure 4-4 Shared text field
5. Save your changes.
6. Follow these steps to apply the design change to the Domino Directory
database (NAMES.NSF):
a. Open the Domino Directory database (NAMES.NSF).
b. Choose File → Database → Replace Design.
c. Click Template Server, and select the server that stores your custom
Domino Directory template.
d. Click Show advanced templates to display the custom template in the
templates box.
e. Select the custom template in the templates box.
f. Verify that the "Inherit future design changes" field is selected, and then
click Replace.
164
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7. To add the field to the schema, enter this command from the Domino server
console:
tell ldap reloadschema
8. Domino automatically populates the dominoUNID attribute in new Person,
Group, and Server\Certifier documents. To create a Domino agent that
populates the attribute in existing Person, Group, and Server\Certifier
documents, follow these steps:
a. Open the Domino Directory database (NAMES.NSF).
b. Choose Create → Design → Agent.
c. Type a name for the agent.
d. In the Runtime box, select the following options: On event, Action menu
selection, and Target All selected documents.
e. Close the properties box.
f. In the Objects pane, click Action.
g. From the drop-down list, select Formula and type the following formula:
FIELD dominoUNID := @If(dominoUNID != ""; dominoUNID;
@Text(@DocumentUniqueID));
h. In the Objects pane, click Document Selection.
i. Click Add Condition, select By Form as the condition, select the Group,
Person, and Server\Certifiers forms, and click Add.
j. Save the agent.
k. Right-click the agent in the agent view, click Design Properties, select the
third tab, and select Prohibit design refresh or replace to modify.
l. To run the agent, choose Actions from the Notes menu.
9. (Domino 6.5 only) If the Domino LDAP service searches additional Domino
Directories configured through directory assistance, repeat steps 1 through 8
for each additional directory.
If you do not want to regulate the design of your Domino Directory, then you can
schedule the agent detailed in step 8 to run once a day and forego changing the
design of your Domino Directory. However, if you do so, you will need to manually
publish dominoUNID as a valid LDAP attribute by following the process in the
schema.nsf database.
4.5.2 Setting up the required administrative accounts
You now need to set up two administrative users in Domino that will be used to
administer the portal and access the LDAP directory.
Chapter 4. Integrating Workplace with Domino LDAP
165
1. Using the Domino administrator client, create a user called WPSADMIN.
2. Again, using the Domino administrator client, set up another user called
WPSBIND.
3. Make sure that you configure an Internet password for both.
4. Now create a group called wpsadmins in the Domino Directory. Add the
WPSADMIN and WPSBIND user names to this group along with the names
of any other IDs that will administer your workplace server. Add the
WPSADMINS group to the Domino Directory's ACL and give that group Editor
access. Assign the following role types to the WPSADMINS:
–
–
–
–
GroupCreator
GroupModifier
UserCreator
UserModifier
5. Finally, make sure that WPSADMIN and WPSBIND are added to the
necessary groups to have access to your Domino server.
4.5.3 Modifying the Global Configuration document
You must also add or edit the Global Configuration document to include the
necessary LDAP attribute types. To add the attribute types:
1. Open the Domino Administrator and choose Server → Configurations.
2. Open the Global Configuration document, or create one if it does not already
exist.
3. On the Basic tab enable the option “Use these settings as default setting for
all servers.”
4. Click the LDAP tab, and click Select Attribute Types.
5. In the object class, choose the asterisk (*), and then click Display Attributes.
Add the following attributes:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
HTTP-HostName
MailFile
MailServer
NetAddresses
Sametime
dominoUNID
Note: The attribute and corresponding Domino field will not always have the
same name.
166
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Your configuration should now contain the following attributes in Table 4-1 on
page 167.
Note: Your implementation may contain additional attributes. You do not need
to remove entries that are not on this list.
Table 4-1 Mapping between LDAP attributes and Domino fields
LDAP attribute types
Domino fields
AltFullName
AltFullName
dominoCertificate
Certificate
dominoUNID
dominoUNID
FullName
FullName
givenName
FirstName
HTTP-Hostname
HTTP_Hostname
ListName
ListName
Location
Location
mail
InternetAddress
MailAddress
MailAddress
MailDomain
MailDomain
MailFile
MailFile
MailServer
MailServer
member
Members
NetAddresses
NetAddresses
PublicKey
PublicKey
SametimeServer
SametimeServer
sn
LastName
uid
ShortName
Reload the schema by issuing the following command from the Domino server
console:
tell ldap reloadschema
Chapter 4. Integrating Workplace with Domino LDAP
167
Tip: We recommend that you create a full text index in the Domino Directory to
get better performance results with LDAP searches. If you do not create a full
text index, linear searches will be performed on the Domino Directory, which
can impact performance.
Editing the WMM configuration files - Domino
Mapping the extId attribute consists of editing the WMM configuration files.
Before mapping the extId attribute when using Domino for LDAP services, you
must first add dominoUNID to your LDAP schema. For instructions on adding
dominoUNID to the LDAP schema, please see 4.5.1, “Adding dominoUNID to the
Domino Directory” on page 161.
To map the WMM extID to dominoUNID in Domino:
1. Using an Explorer window, browse to the <wpsroot>\config\templates\wmm
directory.
Note: <wpsroot> refers to the root of the directory tree that contains the
WebSphere Portal portion of your installation. If during the install you
specified D:\IBM\WEBSPHERE as the location for your installation, then
<wpsroot> refers to the directory D:\IBM\WEBSPHERE\PortalServer.
In similar fashion, <wasroot> and <lwproot> refer to
D:\IBM\WEBSPHERE\appserver and
D:\IBM\WEBSPHERE\WorkplaceServer.
2. Open wmm_LDAP.xml.DOMINO502.3.wmm in your editor of choice.
3. Find the <ldapRepository> tag and set the wmmGenerateExtId attribute to
false. This prevents WMM from generating values for ibm-entryUuid in the
LDAP directory:
<ldapRepository name="wmmLDAP"
wmmGenerateExtId="false"
4. Find the supported LdapEntrytypes tag and update the values in bold below:
<supportedLdapEntryTypes>
<supportedLdapEntryType name="Person"
rdnAttrTypes="cn"
objectClassesForRead="dominoPerson"
objectClassesForWrite="dominoPerson"/>
<supportedLdapEntryType name="Group"
rdnAttrTypes="cn"
objectClassesForRead="dominoGroup"
objectClassesForWrite="dominoGroup"/>
<supportedLdapEntryType name="Organization"
168
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
rdnAttrTypes="o"
objectClassesForRead="dominoOrganization"
objectClassesForWrite="dominoOrganization"/>
<supportedLdapEntryType name="OrganizationalUnit"
rdnAttrTypes="ou"
objectClassesForRead="dominoOrganizationalUnit"
objectClassesForWrite="dominoOrganizationalUnit"/>
5. Save and close the file.
6. With your editor of choice, open the wmmLDAPAttributes_DOMINO502.xml
file from the \WebSphere\PortalServer\config\templates\wmm directory.
7. Search for the <attributeMap> tag for the external identifier and change the
pluginAttributeName parameter to dominoUNID:
<attributeMap wmmAttributeName="extId"
applicableMemberTypes="Person;Group;Organization;OrganizationalUnit"
pluginAttributeName="dominoUNID"
dataType="String"
multiValued="false"
readOnly="true"/>
8. Save and close the file.
Additional configuration for Domino 6
If you are using a Domino 6 LDAP server instead of a Domino R5 server, then
you need to perform the following additional steps:
1. Using an Explorer window, browse to the <wpsroot>\shared\app\wmm
directory.
2. Open wmm.xml in your editor of choice.
3. Find <supportedMemberTypes> and check that the rdnAttrTypes, especially
the Person and Group ones, are correctly set to cn, o, and ou.
<supportedMemberTypes>
<supportedMemberType name="Person" rdnAttrTypes="cn" defaultParentMember=""
defaultProfileRepository="LDAP1"/>
<supportedMemberType name="Group" rdnAttrTypes="cn" defaultParentMember=""
defaultProfileRepository="LDAP1"/>
<supportedMemberType name="Organization" rdnAttrTypes="o"
defaultParentMember="" defaultProfileRepository="LDAP1"/>
<supportedMemberType name="OrganizationalUnit" rdnAttrTypes="ou"
defaultParentMember="" defaultProfileRepository="LDAP1"/>
</supportedMemberTypes>
Chapter 4. Integrating Workplace with Domino LDAP
169
Important: You will need to complete two final steps for mapping the extld
attribute once security has been enabled. These are described in “For Domino
6 LDAP - Completing the mapping of the extld attribute once security is
enabled” on page 177.
4.5.4 Modify the security_domino.properties file
It is now time to perform the most critical step in enabling Domino LDAP
integration—modifying the default configuration with your unique organizational
information.
All of the configuration information for the WebSphere Portal engine is located in
a file called WPCONFIG.PROPERTIES, which is found in the
PortalServer/Config directory. This is the master file of configuration information
for your implementation and contains numerous entries. Rather than editing this
file directly, we will modify a helper file that contains only the configuration values
that are needed to implement Domino Security and then merge these changes
into the master properties file.
You can find the helper file for Domino security in
<wpsroot>\config\helpers\security_domino.properties.
Tip: We strongly recommend that you use the helper file
security_domino.properties described above for modifying the
wpconfig.properties file.
Note: When deploying Lotus Workplace 2.0.1, you must edit the values within
the helper file, then run specific commands to implement security (for
example, there is no specific wizard available for use with Workplace 2.0.1).
IBM Workplace Collaboration Services 2.5 and Workplace Services Express
enable you to change the values in the helper file, and then use an included
wizard (located in <wpsroot>/Config/Wizard) to implement security.
You should first review the file and read the comment sections to understand the
values you will need to change, and how they will be modified for your particular
organizational structure.
Attention: Some values are case sensitive. In general, use only lowercase
unless specified in the examples.
170
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The configuration examples contained in the helper file use the example of the
organization that has set up Domino using an Internet format such as ibm.com®,
and as a result uses the format of dc=IBM, dc=com in the examples. Since many
organizations use traditional Domino hierarchical names, we will use a fictitious
US company with a hierarchical certifier of Bikeworks/US in our examples below.
In our examples the two administrative users have been set up with IDs and each
use the password pedal, the LDAP server has a fully qualified host name of
LDAP.bikeworks.com, and users will access the IBM Workplace Collaboration
Server as workplace.bikeworks.com.
Find each value in the helper file and carefully make the appropriate changes.
The items in the table below represent each of the properties that must be
changed or verified for enabling security against an IBM Lotus Domino Server.
To configure security_domino_server.properties:
1. Open a Windows Explorer window and browse to
\WebSphere\PortalServer\config\helpers\.
2. Open security_domino.properties in your editor of choice.
3. Change or verify the values in security_domino_server.properties using
Table 4-2 as a guide.
Table 4-2 Properties for Domino Server (security_domino_server.properties)
Property
Description
Value
WASUserId
Name used to authenticate
the WebSphere
Application Server
administrator
cn=wpsadmin,o=bikework
s,c=us
Password for WebSphere
Application Server
administrator
pedal
The name of the
WebSphere Portal host
Workplace.bikeworks.com
WasPassword
WpsHostName
Specify your administrator
account for the application
server.
Specify your administrator
password.
Specify your host name.
Chapter 4. Integrating Workplace with Domino LDAP
171
Property
Description
Value
PortalAdminId
Name used to authenticate
the WebSphere Portal
Server administrator
cn=wpsadmin,o=bikework
s,c=us
Specify your administrator
account for the Portal
server.
PortalAdminShort
Short name for the user
above
wpsadmin
Specify the short name of
your administrator as a
non-qualified name.
PortalAdminPwd
Password for the user
above
pedal
Specify your administrator
password.
PortalAdminGroupId
PortalAdminGroupIdShort
LTPAPassword
Name of the WebSphere
Portal Server administrator
group
cn=wpsadmins
Short name of the
WebSphere Portal Server
administrator group
wpsadmins
Password to encrypt and
decrypt the LTPA keys
pedal
Specify your Portal
administration group.
Specify the short name of
your administrator as a
non-qualified name.
Adapt to your environment.
SSODomainName
Domain name for all Single
Sign-On hosts
Bikeworks.com
Specify your domain
name.
LookAside
LDAPHostName
To configure LDAP with an
additional Lookaside
database
true
LDAP Server host name
ldap.bikeworks.com
Must be set to true.
Adapt to your environment.
172
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Property
Description
Value
LDAPAdminUId
LDAP administrator ID
cn=wpsadmin,o=Bikework
s,c=us
Adapt to your environment.
LDAPAdminPwd
LDAP administrator
password
pedal
Specify the administrator
password.
LDAPServerType
LDAPBindID
The type of LDAP server to
be used by the WebSphere
Portal
DOMINO502
The user ID for LDAP user
authentication
cn=wpsbind,o=Bikeworks,
c=us
Leave this value
unchanged.
Specify a user account for
searching the LDAP
directory.
LDAPBindPassword
The password for LDAP
bind authentication
pedal
Specify the password of
the LDAP search account.
LDAPSuffix
The LDAP suffix
appropriated for your
LDAP server
No entry/leave blank.
LDAPUserPrefix
The LDAP prefix
appropriate for your LDAP
server
cn
LDAPUserSuffix
The LDAP suffix
appropriate for your LDAP
server
No entry/leave blank.
LDAPGroupPrefix
The LDAP group prefix
appropriate for your LDAP
server
cn
The LDAP group suffix
appropriate for LDAP
server
No entry/leave blank.
LDAPGroupSuffix
Adapt only if necessary.
Adapt only if necessary.
Chapter 4. Integrating Workplace with Domino LDAP
173
Property
Description
Value
LDAPUserObjectClass
The LDAP user object
class appropriate for your
LDAP server
inetOrgPerson
The LDAP group object
class appropriate for your
LDAP sever
groupOfNames
The LDAP group member
attribute name appropriate
for your LDAP server
uniqueMember
LDAPUserFilter
LDAP filter used to search
the LDAP server for users
(&(|(cn=%v)(uid=%v))(obje
ctclass=inetOrgPerson))
LDAPGroupFilter
LDAP filter used to search
the LDAP server for groups
(&(cn=%v)(|(objectclass=g
roupOfNames)(objectclass
=groupOfUniqueNames)))
LDAPGroupObjectClass
LDAPGroupMember
Adapt only if necessary.
Adapt only if necessary.
Adapt only if necessary.
Once you have verified the entries in the security helper file, your next step is to
merge the helper file with wpconfig.properties.
Merging the Domino security helper with wpconfig.properties
Once you have verified the entries in the security helper file, you need to merge
the entries with the Portal configuration file, wpconfig.properties. Before
performing the merge, consider making a backup copy of wpconfig.properties
should you need to restore it.
To merge the helper data into wpconfig.properties:
1. Open a command prompt and navigate to <wpsroot>\config.
2. Enter the following command to merge security_domino.properties with
wpconfig.properties:
WPSconfig -DparentProperties=config/helpers/security_domino.properties
-DSaveparentProperties=true >security-helper.log
3. When the merge has completed (and you are returned to the command
prompt), enter the command:
write security-helper.log
Examine the contents of the file <wpsroot>\config\security-helper.log to check
that no errors have occurred and the message Successfully copied
properties appears at the end of the log file.
4. Once you have successfully merged the settings from the helper file, your
next step is to run the scripts to enable security.
174
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4.5.5 Using the WPSCONFIG script to implement security
The moment of truth has come. It is time to run the tasks that will configure your
server to use the Domino LDAP for security. Before you start the task, you will
need to verify the following:
1. Check that the required servers and tasks are running.
a. Make sure that your LDAP server is started and that you can use the bind
client that you defined to access the directory.
b. Make sure that the WebSphere Application Server is started. In order to
start the server, open a command prompt and change to the directory
<wasroot>/bin and run "startserver server1".
c. If you have implemented Lotus Workplace 2.0.1 with an alternative
database such as DB2, you will need to ensure that the database server is
running and available.
2. Finally, before formally implementing security, we need to validate that our
LDAP entries are correct. To do this, open a command prompt and change to
the directory <wpsroot>/config.
a. Run the following task at the command prompt:
<wpsroot>\PortalServer\Config>Wpsconfig validate-ldap
Note: Modify the above command for your operating system.
wpsconfig.bat is used with Windows, and wpsconfig.sh is used with
Linux/UNIX.
This task will run several actions with an end result similar to that shown in
Example 4-1.
Example 4-1 LDAP check and validation
validate-ldap:
action-validate-ldap-connection:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsadmin, o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] ###############################################################
action-validate-ldap-suffix:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsadmin, o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] objectDn
:
Chapter 4. Integrating Workplace with Domino LDAP
175
[ldapcheck] ###############################################################
[ldapcheck] ###############################################################
action-validate-ldap-was-admin-user:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsadmin, o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] ###############################################################
action-validate-ldap-portal-admin-user:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsadmin, o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] ###############################################################
action-validate-ldap-portal-admin-group:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsadmin, o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] objectDn
: cn=wpsadmins
[ldapcheck] ###############################################################
[ldapcheck] ###############################################################
action-validate-ldap-bind-user:
[ldapcheck] ###############################################################
[ldapcheck] ldapURL
: ldap.bikeworks.com
[ldapcheck] ldapUser
: cn=wpsbind,o=bikeworks,c=us
[ldapcheck] ldapPassword : *
[ldapcheck] ldapSslEnabled : false
[ldapcheck] ###############################################################
BUILD SUCCESSFUL
If the task fails, recheck the wpconfig.properties file for errors, and make
corrections until you get a BUILD SUCCESSFUL message.
Tip: If you have a utility such as Norton Ghost or Acronis True Image, it is
highly recommended that you make an image of your server at this point. If the
implementation of security fails, you can correct your errors and re-run the
task, but some times it is advisable to restore a fresh image and start over.
Assuming that you do see a BUILD SUCCESSFUL message with the LDAP
validation step, are now ready to implement Domino LDAP Security.
176
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Implementing Domino LDAP Security
To implement Domino LDAP Security:
1. Open a command prompt and change to the directory <wpsroot>\config and
execute the following command:
Wpsconfig enable-security-ldap >Securty.txt
Tip: As shown in the command line syntax example above, it is a good
practice to redirect the output of the task to a file (in this case Security.txt)
that will capture all of the output for review.
2. This script will take several minutes to run and will generate a number of
messages.
3. When the script completes, open the file security.txt and check to see that the
process ends with the message BUILD SUCCESSFUL.
4. If the script failed, BUILD FAILED will be reported to the console and placed
at the end of the security.txt file. If the script fails, verify the settings in
wpconfig.properties and then run the validation script again. Often, the cause
of the failure will not be apparent, and you may need to contact IBM support
for assistance with the problem.
Tip: A common cause of failure when running the script is a time-out error. If
this is the case, you should edit the file <wasroot>\properties\soap.client.props
and change the value of com.ibm.SOAP.requestTimeout=6000.
Tip: For more details on troubleshooting issues related to implementing
security, we recommend reviewing the Lotus Workplace 2.0.1 Products:
Deployment Guide, SG24-6378-00:
http://www.redbooks.ibm.com/abstracts/sg246378.html
For Domino 6 LDAP - Completing the mapping of the extld
attribute once security is enabled
Attention: The steps described within this section only apply if you are using
a Domino 6 LDAP server. These steps complete the configuration
requirements pertaining to “Additional configuration for Domino 6” on
page 169.
Chapter 4. Integrating Workplace with Domino LDAP
177
Once you have successfully run the enable-security task, you have one final
configuration step to perform for completing the mapping of the WMM extld
attribute when using a Domino 6 LDAP server. You will need to make this change
within the WMM.XML file, which is found in the <wpsroot>\shared\app\wmm
directory.
1. Using an Explorer window, browse to the <wpsroot>\shared\app\wmm
directory.
1. Open wmm.xml in your editor of choice.
2. Find ldapRepository name="wmmLDAP” and add a 6 between Domino and
LdapAdapterlmpl.
<ldapRepository name="wmmLDAP" UUID="LDAP1"
adapterClassName="com.ibm.ws.wmm.ldap.domino.Domino6LdapAdapterImpl"
3. Replace the default attribute values for the supportedLdapEntryTypes tag with
the following values:
<supportedLdapEntryTypes>
<supportedLdapEntryType name="Person"
rdnAttrTypes="cn"
objectClassesForRead="dominoPerson"
objectClassesForWrite="dominoPerson"/>
<supportedLdapEntryType name="Group"
rdnAttrTypes="cn"
objectClassesForRead="dominoGroup"
objectClassesForWrite="dominoGroup"/>
<supportedLdapEntryType name="Organization"
rdnAttrTypes="o"
objectClassesForRead="dominoOrganization"
objectClassesForWrite="dominoOrganization"/>
<supportedLdapEntryType name="OrganizationalUnit"
rdnAttrTypes="ou"
objectClassesForRead="dominoOrganizationalUnit"
objectClassesForWrite="dominoOrganizationalUnit"/>
4. Save and close the file.
Congratulations, you have now set up your server to use the Domino LDAP for
security.
178
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
5
Chapter 5.
Extending the reach of
Notes/Domino applications
This chapter discusses various approaches to extending the functionality of your
existing Notes and Domino applications by integrating them with Lotus
Workplace 2.0.1 and IBM Workplace Collaboration Services using specific Lotus
Collaborative Portlets.
򐂰 For the Domino Application Portlet (DAP), we provide a detailed overview of
its functionality and discuss how to configure it. The Domino Application
Portlet (DAP) integrates the content and technology of existing Domino Web
Applications into the Workplace and Portal environment. It allows clients to
insert these existing applications into portlets and display them on a
Workplace server with minimal development effort. Most importantly, it
renders the portlets of the Domino Web application within the context of the
portal, thereby keeping the user within the context and navigational scheme
of the portal.
򐂰 We discuss how to configure the the Domino Web Access (iNotes) portlet ,
allowing a user to view and work in a Notes mail database that has a Domino
Web Access design, optimized for access using a Web browser.
򐂰 Finally, this chapter also addresses the Common PIM Portlet (CPP). This
portlet lets you utilize the Lotus Workplace mail user interface with your
existing Domino messaging infrastructure. The user interface is served up
using the J2EE page generation technologies provided by WebSphere Portal,
© Copyright IBM Corp. 2004. All rights reserved.
179
and the data is retrieved from normal Domino mail files. This lets you treat the
Notes Mail portlet as just another client for the Domino mail server. Users can
continue to use the Notes client, Domino Web Access, or Web mail if they
chose.
5.1 Integration Option using the Domino Application
Portlet
The Domino Application Portlet (DAP) integrates the content and technology of
existing Domino Web Applications into a IBM Lotus Workplace or Portal
environment. It allows clients to insert these existing applications into portlets
and display them on a portal server with minimal development effort. Most
importantly, it renders the portlets of the Domino Web application within the
context of the portal, thereby keeping the user within the context and navigational
scheme of the portal.
Attention: While this section covers the basics of how to install and configure
the Domino Application Portlet, you may also find more in-depth information in
the following Redpaper: Domino Application Portlet: Configuration and Tips,
REDP3917:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3917.html
The key features for the Domino Application Portlet include:
򐂰 Designed to allow Domino Web apps to be surfaced in a Lotus
Workplace/Portal environment.
򐂰 User experience remains within IBM Lotus Workplace / Portal.
򐂰 No changes to the Domino application required.
򐂰 Reverse Proxy - Portlet uses a set of rules to map Domino-generated URLs to
Workplace/Portal such that all requests are channeled through Portal server.
򐂰 Default set of Domino rules defined and configured (mail, discussion,
teamroom).
򐂰 Rules can be added for support of any Domino Web application.
5.1.1 Considerations
The Domino Application Portlet acts like a reverse proxy, proxying the content
from the back-end servers through to the browser. It appears to the browser to be
the real content server. DAP channels all requests from the user client (browser)
through the portal and on to the Domino HTTP server in the back end. The
180
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
portlet contains an iframe with an embedded servlet that is responsible for the
actual connection and display of the Domino content. It manages cookies,
caching, user authentication, and framing. Rules-based parsers rewrite the
content produced by the Domino HTTP server. Figure 5-1 shows the Domino
Application Portlets page before configuration.
Figure 5-1 Domino Application Portlet
5.1.2 Implementation details for the Domino Application Portlet
This section describes the setup and configuration of the Domino Application
Portlet (DAP). It examines the basic setup and gives an overview of the
configuration options available. It also contains examples that show how to set up
DAP and write rules to tailor it for your own application. To fully explain this
process, we provide complete details concerning:
򐂰
򐂰
򐂰
򐂰
Initial setup
Configuration options
Edit options
Result
Note: While this section covers the basics of how to install and configure the
Domino Application Portlet, you may also find more in-depth information in the
following Redpaper: Domino Application Portlet: Configuration and Tips,
REDP3917:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3917.html
Initial setup
DAP is set up like any other portlet, namely the WAR file is installed and then the
portlet is added to a page. When installing as a standalone portlet from the
portlet catalog, you complete the following tasks to deploy portlet:
1. Install the portlet WAR file. The Domino Application portlet is provided by the
portlet application, DAP50.war.
2. Create a place or pages for the portlets.
3. Add the portlets to a page.
Chapter 5. Extending the reach of Notes/Domino applications
181
Configuration options
To configure the Domino Application Portlet you must have administrator access
rights. The configuration menu may be accessed by clicking the wrench icon
(Figure 5-2) in the upper right-hand corner of the portlet. It contains five main
tabs; they are:
򐂰
򐂰
򐂰
򐂰
򐂰
Source and Display
Authentication
Caching
Rules
Debug
Figure 5-2 DAP - Access to configuration menu
Source and Display
The Source and Display tab (Figure 5-3 on page 183) allows the user to define
which Domino server and database the portlet is to display (Domino Source
Sever options). In addition to this, it also allows the user to direct DAP to look for
the Domino content via a proxy server. This is a useful feature if the user wishes
to see what requests are being made by the portlet to the Domino server. Finally,
this tab also lets the user configure the iframe in which the DAP portlet displays
the Domino content.
The Show in edit mode check box permits some of these options to be made
available to a normal portlet user in edit mode. So, for example, a normal user
could configure a DAP portlet to point to his/her mail database without having to
have administrator rights for the portlet.
182
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-3 Source and Display UI
Authentication
The authentication settings may be modified on the Authentication tab
(Figure 5-4 on page 184) of the configuration menu. These settings define the
model DAP will use to authenticate with the Domino server and also where in the
Credential Vault the user name and password may be found.
There are four different authentication models that the Domino Application Portlet
(DAP) can use to authenticate with the target Domino server. They are none,
basic, session, and Single Sign-On (SSO).
A number of options may be set including storage in the Credential Vault or use
of Single Sign-On. A more in-depth description of authentication may be found in
IBM Lotus Domino Application Portlet: Configuration and Tips, REDP3917:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3917.html
Chapter 5. Extending the reach of Notes/Domino applications
183
Figure 5-4 Authentication UI
Caching
Within the Caching tab (Figure 5-5 on page 185), settings that affect the storage
of cached objects from DAP may be set. While the browser has its own caching,
a user may also define a number of caching mechanisms for the DAP portlet.
Essentially these mechanisms define where and how objects that are passed
between Domino and DAP are stored. This caching takes place on the Portal
server and use of caching here prevents unnecessary calls to the Domino server.
A detailed description of the options here may be found in IBM Lotus Domino
Application Portlet: Configuration and Tips, REDP3917:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3917.html
184
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-5 Caching UI
Rules
The Rules tab (Figure 5-6 on page 186) defines the rules that are used to
transform URLs and links in the Domino content so that they point to DAP
instead of to the Domino server. These rules come in two forms that are mutually
exclusive, Regular Expression Rules or HTML Rules. While there is too much
detail to go into here and a detailed explanation is given in IBM Lotus Domino
Application Portlet: Configuration and Tips, REDP3917, the essential difference
between the two is that Regular Expression Rules are very flexible, but
complicated, while HTML rules are simpler and faster, but less flexible.
Chapter 5. Extending the reach of Notes/Domino applications
185
Figure 5-6 Rules UI
Debug
Select the Debug tab (Figure 5-7) to view debugging information for the
application specified in the Source and Display tab or in the Edit display. Click
Start to turn on debugging mode. You will see a preview of the Domino database
application that is specified in the Source and Display tab or Edit mode.
Figure 5-7 Debug UI
Note: Clicking Save has no effect on the state of debugging mode (on or off).
If you close the configuration display with debugging switched on it will remain
on until you return to the configuration display and click Stop.
186
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Edit options
The edit options may be accessed by selecting the pencil icon in the top
right-hand corner on the DAP portlet page (Figure 5-8).
Figure 5-8 DAP - Edit UI
The Edit page is where a user must enter their Domino user name and password
if they are using Basic or Session-based authentication. This page also contains
any of the options that the Administrator decided to allow a normal user to
configure. These may include the Domino Database settings and the display
settings.
Figure 5-9 Edit Domino source server
After editing the settings, click Save or Close to close the Edit display.
Note: If you do not click Save before closing the display you will lose any
changes you have made.
Results
After configuring and editing the DAP portlet, you will be able to view the Web
application within the portlet. Using our sample application, the result of the
Domino Application Portlet page is shown in Figure 5-10 on page 188.
Chapter 5. Extending the reach of Notes/Domino applications
187
Figure 5-10 Domino application as seen through DAP
5.2 Integrate using the Domino Web Access (iNotes)
portlet
The Domino Web Access (iNotes) portlet Version 5.0.2.2 allows the user to view
and work in a Notes mail database that has a Domino Web Access design,
optimized for access using a Web browser.
Considerations for deploying the Domino Web Access Portlet
The user can set up the portlet to display any or all of the following functional
areas:
򐂰
򐂰
򐂰
򐂰
򐂰
򐂰
Welcome (default)
Mail
Contacts
Calendar
To Do
Notebook
In the next section, we show you how to install, configure, and deploy the Domino
Web Access Portlet on your server. As an IBM Lotus Workplace 2.0.1 / Portal
administrator, you can change the area that displays in the portlet. You can also
188
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
pre-configure all the other settings users can modify in edit mode, such as setting
up a reverse proxy server, and specifying an instance number for the portlet
when the current portal page contains more than one instance of Domino Web
Access.
Implementation details for the Domino Web Access Portlet
This section describes how to use the Domino Web Access (iNotes) portlet to
display information from one of the mail databases within the portal context view.
To fully explain this implementation, we provide complete details concerning:
򐂰 Initial setup
򐂰 Edit options
򐂰 Results
Initial setup
The Domino Web Access (iNotes) portlet is set up like any other portlet—the
WAR file is installed and then the portlet is added to a page. This is true for the
standalone version available from the portlet catalog. Click the My Workplace
link and then click the Mail link. Otherwise, complete the following tasks to deploy
portlet:
1. Install the portlet WAR file.The Domino Web Access portlet is provided by the
portlet application, dominowebaccess.war.
2. Create a place or pages for the portlets.
3. Add the portlets to a page.
Edit options
For the edit options:
1. In the title bar, select the Edit icon in the top right-hand of the portlet window,
as shown in Figure 5-11.
Figure 5-11 Editing a portlets’ properties
2. In this form, Figure 5-12 on page 190, you can customize the following
variables for Domino Web Access Portlet.
Chapter 5. Extending the reach of Notes/Domino applications
189
Figure 5-12 Configuring the Domino Web Access portlet
3. Under Functional Area, select one of the following areas to display in this
instance of Domino Web Access: All, Welcome, Mail, Calendar, To Do List,
Contacts, or Notebook.
– If you select All, under Start with, specify the functional area that displays
when this instance of Domino Web Access opens.
– You do not need to specify an instance number unless you add more than
one instance of Domino Web Access to a page, and both instances
display All; in that case, give each instance a different number.
4. (Optional) Under Application title, change the title to whatever you want (for
example, My Company's Domino Web Access), as long as you do not leave
the field blank.
5. (Optional) Under Width, type a number of pixels for this instance of Domino
Web Access to span regardless of column width.
6. (Optional) Under Height, type a number of pixels.
7. Under Source, select one of the following:
– Automatically find my mail database.
This option uses the name and password under which you logged in.
190
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
– Let me manually select my mail database.
If you select this option, you must also specify a source database as
described in “Pointing Domino Web Access to a source mail database” on
page 191.
8. (Optional) Specify a reverse proxy server. For more information about
specifying a reverse proxy server, please refer to the Lotus Workplace 2.0.1
Information Center:
http://www.lotus.com/ldd/doc
9. (Optional) Under Protocol, change from the default to HTTPS (SSL), a secure
protocol, if you know the Domino server containing the database containing
the selected view uses that protocol. If you do not know, set this view to detect
the server's protocol automatically.
3. Click Save to keep or Cancel to discard changes.
Figure 5-13 Domino Web Access - Instance
Tip: If you select All, under Start with, specify the functional area that displays
when this instance of opens. You do not need to specify an instance number
unless you add more than one instance of to a page, and both instances
display All; in that case, give each instance a different number (Figure 5-13).
Pointing Domino Web Access to a source mail database
To do this:
1. Under Source, select Let me manually select my mail database, as shown
in Figure 5-14 on page 192.
2. Under Server, specify the name of a Domino server, for example,
itso-dom.cam.itso.ibm.com.
After typing a value, you can select the check box next to the field to fill in the
Database filename field with available databases on the server. Then you can
select one of the databases for the next step.
Chapter 5. Extending the reach of Notes/Domino applications
191
3. Under Database filename, specify the path and file name for a Domino Web
Access source mail database, for example, mail/manderle.nsf.
Figure 5-14 Configuring the Domino Web Access portlet - Manually
Repeat the steps for the Calendar, Address Book, and other links.
Figure 5-15 Calendar Portlet
192
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-16 Contacts Portlet
5.3 Using the Common PIM Portlet
WebSphere Portal comes with a number of portlets that facilitate various forms of
collaboration, such as Web conferencing and instant messaging. Two new
portlets introduced in Release 5.1 are the Common Mail and Common Calendar
portlets, which combined are called the Common PIM (Personal Information
Management) Portlets (or CPP for short). The CPP are called common because
they are designed to be the common user interface for multiple back-end servers
(currently, the CPP support Lotus Domino, Microsoft Exchange 2000, IMAP, and
POP3).
Chapter 5. Extending the reach of Notes/Domino applications
193
Common PIM Portlet Features
Sortable
Columns
Folders
Status Icons
Attachments
Calendar Entries
Figure 5-17 Illustration of Common PIM Portlet (CPP)
The CPP will be a viable integration option for some organizations. Certainly the
CPP cannot replace the full featured Notes Mail client for high-end power users,
but it does provide organizations with a consistent, nearly full featured access to
multiple mail systems. In a pilot or evaluation scenario, users can fully experience
a portal-centric environment while maintaining access to mail without the need to
integrate the mail systems at the infrastructure level.
If you have seen the IBM Workplace Messaging mail and calendar portlets, you
notice how similar they are to the CPP. In the future, the CPP will merge with the
IBM Workplace Messaging mail and calendar portlets, providing you with a rich
and robust user interface and with the added ability to select IBM Workplace
Messaging as your back-end server.
194
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The CPP user interfaces use the J2EE page generation technology provided by
WebSphere Portal, and when configured for Lotus Domino, the data is retrieved
from the Notes mail files. This lets you treat each of these two portlets as just
another client for the Domino mail server. Users can continue to use the Notes
client, Domino Web Access, or Web mail if they choose.
For some users (especially those who have grown accustomed to using
Web-based e-mail), the functionality offered by the CPP may meet all their
needs. Others will find these portlets ideal for occasionally checking their mail
and calendar quickly from their corporate portal, while still using Lotus Notes or
Domino Web Access for most of their e-mail activities. The CPP can also be
configured to launch your rich mail client, such as Lotus Notes or Domino Web
Access, so you can easily access other mail and calendar features.
In the following sections, we describe how to get the Common PIM Portlets up
and running.
5.3.1 Configuring the Common PIM Portlet
To navigate to the Common PIM Portlet, log into the Portal 5.1 environment and
click the My Work tab, then the E-mail tab, as shown in Figure 5-18 on
page 196.
Chapter 5. Extending the reach of Notes/Domino applications
195
My Work Tab
Email Tab
Figure 5-18 Navigating to the Common PIM Portlet
To view or change the current configuration, log into WebSphere Portal as an
administrator (for example, wpsadmin) and go into configuration mode by clicking
the wrench icon.
In the title bar, select the Edit icon in the top right-hand of the portlet window, as
shown in Figure 5-19.
Figure 5-19 Editing a portlets’ properties
Entering basic mail configuration
After you enter configuration mode, you see the Mail Configuration screen
(Figure 5-20 on page 197). This screen allows you to enable or disable specific
mail protocols, and also lets you define a default mail protocol for your CPP
users.
196
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-20 Mail configuration
By default, Lotus Domino is specified as the current server type in the table. To
disable a server type, select the lightning bolt icon for that Server Type/Protocol
row. When this is disabled, you cannot access the configuration information
(wrench icon) for the selected server type. To view or configure the Domino
server type, click the wrench icon in the corresponding table row (Figure 5-21 on
page 199). The Domino Mail Configuration screen is shown with options to
change your source, authentication, and various other features. As shown in
Figure 5-21 on page 199, enter the appropriate information for your mail server,
the authentication, and the appropriate credential vault slot.
You can specify the following settings:
򐂰 Source: To give administrators better control over which servers are being
used by their users, this section allows you to specify the default mail server
for all users and also contains an option to allow or prevent users from
changing the mail source in edit mode. There are also fields for proxy server
name and for enabling the CPP to use a secure connection. If you are using
Single Sign-On authentication, most of these source settings are not required
because CPP has the capability to auto-discover the mail server and mail
source file for the current user. If you add a default mail server on this screen,
however, this setting overrides what is auto-discovered as the user's home
mail server.
򐂰 Authentication: This section allows administrators to enable or disable SSO
for the portlet. If basic authentication is selected, configure a Credential Vault
slot to store user credentials for authentication. For information about vault
slots, see this document on Portlet authentication.
http://www-306.ibm.com/software/genservers/portal/library/enable/InfoCenter
/wps/wpsadvdev.html
Chapter 5. Extending the reach of Notes/Domino applications
197
Note: In this example, we have only chosen basic authentication. By
default, however, Single Sign-On (SSO) is selected. For Single Sign-On to
work, it must be configured correctly between the Domino Server and the
Portal server. While configuring SSO is beyond the scope of this book,
please refer to Chapter 4 and Chapter 8 of the redbook Lotus Domino 6.5.1
and Extended Products Integration Guide, SG24-6357:
http://www.redbooks.ibm.com/abstracts/sg246357.html?Open
򐂰 Features: This section allows the administrator to select features to make
available or unavailable to users, such as the rich text editor, the ability to
launch Lotus Notes or Domino Web Access, and the ability to create and
send attachments. Each mail protocol will have a different set of features
available for its users.
198
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-21 Mail Configuration screen
Once you have entered the necessary configuration information into the Mail
Configuration Screen, click OK. This will return you to the Mail Configuration
(shown in Figure 5-20 on page 197). Then click Done to return to the portlet
page.
Chapter 5. Extending the reach of Notes/Domino applications
199
Entering the common mail user preferences (edit mode)
The user preferences page, arrived at from clicking the pencil icon, is where
users can define and manage personal configuration choices.
Figure 5-22 Edit mode
Once you have entered this mode, you can select specific preferences
(Figure 5-23 on page 201).
Examples include their mail source (if allowed by the administrator), user
signature, out-of-office settings, and the ability to manage the blocked sender list.
These settings are for your CPP non-administrative users. Administrators (for
example, wpsadmin) should not save any user preferences. Instead, they should
log in with their non-administrative user ID. The Mail Preferences screen is
shown in Figure 5-23 on page 201.
200
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-23 Mail Preferences screen
If you select the option to allow portlet users to change the mail server in edit
mode while in configuration mode, then non-administrative users will see the Edit
Mail Source button (shown in Figure 5-23) in edit mode. This allows users to view
or edit their mail source settings while in edit mode. Figure 5-24 on page 202
shows the Mail Configuration page displayed when users click the Edit Mail
Source button.
Chapter 5. Extending the reach of Notes/Domino applications
201
Figure 5-24 Mail Configuration page, edit mode
Finally, click OK to return to the portlet page. Once you have completed your
configuration steps to reference your mail file, you will see your mail file appear in
a portlet page similar to Figure 5-18 on page 196.
202
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 5-25 Example of configured Common Mail portlet
Chapter 5. Extending the reach of Notes/Domino applications
203
204
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
6
Chapter 6.
Messaging Integration
between Domino and
Workplace Messaging
This chapter discusses options for integration between Domino and Lotus
Workplace Messaging. These integration options may be very useful when
introducing a pilot program for Lotus Workplace 2.0.1, or IBM Workplace
Collaboration Services within your organization, while allowing users of Lotus
Workplace Messaging to route mail to Domino Messaging users within the same
domain.
Before we talk about mail routing between Domino and Workplace Messaging,
we assume you already have Domino and Lotus Workplace 2.0.1 (including
Lotus Workplace Messaging) installed. The specific software versions referred to
throughout this chapter are:
򐂰 Domino/Notes 6.5.3
򐂰 Lotus Workplace 2.0.1
򐂰 IBM Directory Server 5.1
© Copyright IBM Corp. 2004. All rights reserved.
205
Note: The steps and procedures outlined in this chapter were performed using
Lotus Workplace 2.0.1.
While the procedure for configuring mail routing between a Domino
messaging environment and IBM Workplace Collaboration Services 2.5 will be
quite similar, we strongly advise you to refer to specific IBM Workplace
Collaboration Services 2.5 documentation. This can be found at:
http://www-10.lotus.com/ldd/notesua.nsf/find/lwp25
206
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
6.1 Introduction to Lotus Workplace Messaging
IBM Lotus Workplace Messaging provides a secure mail application that runs on
the IBM WebSphere Portal Server as a foundation, and uses IBM DB2,
Cloudscape, or Oracle as the data store. Lotus Workplace Messaging is
designed to integrate with an existing corporate infrastructure and use an LDAP
directory for automatic user account creation, address resolution, and mail
routing.
Lotus Workplace Messaging supports two clients, a full-featured rich client and a
browser client for access to mail, calendar, and an address book. Lotus
Workplace Messaging also supports POP3 and IMAP clients for access to mail
on the server. Support for IMAP clients is limited to small scale deployments as
IMAP is intended for pre-production use for evaluation purposes.
Lotus Workplace Messaging uses standards-based SMTP to route mail between
servers and cells and to route incoming and outgoing mail to other mail systems.
Lotus Workplace Messaging looks up users in WebSphere Member Manager
and LDAP directories, including users in other mail cells, to determine where to
route internal messages, and uses the Domain Name System (DNS) to route
outgoing messages.
To administer Lotus Workplace Messaging, you must have experience as an
IBM, AIX, or Microsoft Windows 2000 system administrator and be familiar with
administering a mail system, such as IBM Lotus Domino or Microsoft Outlook. In
addition, you must know how to install and configure DB2, WebSphere Portal
Server, and WebSphere Application Server (Network Deployment Edition).
Further, you must have experience managing an LDAP directory. This
documentation does not describe installing, configuring, or managing DB2, the
WebSphere Application Server, WebSphere Portal Server, or an LDAP directory.
(Please refer to Chapter 3, “Infrastructure/deployment and skill considerations”
on page 45, for an overview and details on recommended skills for configuring
and managing Lotus Workplace 2.0.1.)
Common messaging administration tasks include configuring a mail cell and the
Mail Services; creating user policies that allow or restrict user access to mail,
address book, and calendar features; setting mail size quotas; scheduling
administrative tasks such as backing up mail files and archiving deleted
messages; configuring spam filtering; setting up filters to block untrusted
connections; and modifying directory attributes to create and manage mail
accounts. You can use the Tivoli Performance Viewer to monitor and collect data
about SMTP, POP3, IMAP, and LDAP connections; messages; and message
queues.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
207
You can set up Lotus Workplace Messaging and other mail systems to route
messages between each other, whether they exist in the same Internet domain
and use a shared directory, or reside in different domains and use separate
directories.
Furthermore, you can use Lmadmin commands to perform many messaging
administrative tasks as well as the WebSphere Administrative Console to
administer an entire mail cell.
6.1.1 Mail cells
Lotus Workplace Messaging uses the same cell and node architecture used by
the WebSphere Application Server. The concept of a Lotus Workplace
Messaging mail cell is based on the concept of a cell as a logical grouping of one
or more nodes in a WebSphere distributed network. In its simplest form, a mail
cell consists of the following Mail Services:
򐂰
򐂰
򐂰
򐂰
򐂰
SMTP Inbound service
Message Handler service
SMTP Outbound/Delivery service
POP3 service
IMAP service
A mail cell also contains the messaging portlets (mail, address book, calendar,
and spell check) running on a WebSphere Portal Server; a WebSphere
Administrative Console to manage cell and server properties; and DB2,
Cloudscape, or Oracle database as the data store.
More typically, a mail cell contains two or more WebSphere Application Server
and WebSphere Portal Server machines, each with all the Mail Services
installed. These servers are managed by a third Deployment Manager server
that has the Administrative Console installed. The cell uses a single DB2 data
store and the mail service queue directory (a Temporary File Store) to store
messages before they are delivered.
The cell processes mail for one or more domains and relies on WebSphere
Member Manager and an LDAP directory for name look ups and mail routing.
Though installing all Mail Services on each machine in the cluster is typical, it is
possible to install Mail Services components on separate machines. It is also
possible for a cell to consist of a single server running all the necessary Lotus
Workplace Messaging components (typically a demonstration or pilot
deployment).
Lotus Workplace Messaging maps one WebSphere Portal Server to each mail
cell, distributing the work load and improving performance.
208
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Mail cell configuration
You configure a mail cell through the WebSphere Administrative Console or by
using the Lmadmin commands. You set cell-wide settings such as domains that
are local to the cell, the postmaster mail address, the dead letter address, and
the frequency with which Lotus Workplace Message empties user trash folders.
Two settings affect all servers in the cell: The domain name system (DNS)
servers and the network path of the queue directory. You specify one or more
directories to use for mail addressing and routing. If you have multiple machines
running Mail Services, such as SMTP Inbound or SMTP Outbound Services, you
can configure settings in one place without having to configure each server
separately. You can configure anti-spam and anti-virus filters for all SMTP
inbound connections in the mail cell.
While you can set properties at the service level, it is best to set them at the cell
level because doing so simplifies administration.
In this chapter, we use Administrative Console to administrate mail cells when
necessary.
6.1.2 Mail routing to another mail system in the same domain
Lotus Workplace Messaging can route mail to other mail system users (Notes or
Outlook users) in the same Internet domain using smart host mail routing or a
technique known as mail cell routing. Lotus Workplace Messaging can also route
mail to other Lotus Workplace Messaging mail system users in other mail cells in
the same Internet domain using mail cell routing. The sections that follow
describe when to use smart host mail routing or mail cell routing.
Smart host mail routing
A smart host is a mail server that you specify in Lotus Workplace → Mail
Cell-Wide Settings → SMTP Outbound/Local Delivery settings to deliver
messages when:
򐂰 The recipient's e-mail address is in the local domain.
򐂰 The recipient cannot be found in the local directory.
򐂰 The recipient cannot be found in any directory used by a mail cell registered
with the cell.
Typically, a smart host is used in organizations that employ multiple mail systems
within a single Internet domain. Users on these systems may not be in the local
directory. For example, if some users are on a UNIX sendmail system but their
inbound messages are routed through Lotus Workplace Messaging, you can set
up a smart host to ensure proper address resolution.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
209
When you have Lotus Workplace Messaging and one other mail system in the
same domain, you must determine which mail system, Lotus Workplace
Messaging or the other mail system, will be the routing system responsible for
determining whether a user exists. Make sure you enable only one mail system
to be the smart host of the other; otherwise messages to invalid users will loop
between the two mail systems.
After you set up a smart host, when Lotus Workplace Messaging receives a
message, if the domain part of the recipient's address matches the local Internet
domain, the Mail Service looks up the address in the cell's local directory or any
directory used by a mail cell registered with the cell. If the address is not found,
the message is forwarded to the configured smart host. Lotus Workplace
Messaging sends all messages addressed to unknown recipients in the local
Internet domain to the configured smart host.
The smart host directory server either routes the message to another mail
system that knows about the target recipient or returns the undeliverable
message.
Mail cell routing
Mail cell routing is the method by which the Mail Service looks up users in other
mail cells in the same Internet domain. If the recipient is found to be a member of
another mail cell, the message is routed to the SMTP address of the inbound
server of the of mail cell.
Mail cell routing requires that the mail cell know about other mail cells. Register
other mail cells in your Lotus Workplace Messaging configuration by clicking
Lotus Workplace → Directories → Directory Settings for Messaging. Under
Additional Properties, click Mail Cells. Use mail cell routing for the following
scenarios:
򐂰 When there are two or more Lotus Workplace Messaging mail cells in the
same domain.
򐂰 When there are two or more mail systems in the same domain as Lotus
Workplace Messaging and you want Lotus Workplace Messaging to route
mail to users on other mail systems.
When registering a mail cell, you must define the mail cell name, the SMTP
server in the mail cell, and how you want to look up users in the cell. You can
search users by organizational attribute, cell attribute, group membership, and so
on. Once you have defined the mail cells, you copy these definitions by copying
the file WebSphere\AppServer\config\cells\<machine name>\lwpmailcell.xml to
all other mail cells. The servers must be restarted for these changes to go into
effect.
210
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
To look up users in other mail cells using a cell attribute, you must either extend
the LDAP directory schema to create a mail cell attribute for each person record,
or use an existing, unused attribute and adopt it as the mail cell attribute. The
attribute's value is the name of the cell, for example, ibm-mailCell=California.
Tip: As an alternative to each cell looking up users in all mail cells, then
routing mail to the correct mail cell, you can make one mail cell the smart host
for the other mail cells. You would register all mail cells in the smart host mail
cell, then any mail cell that lacked the full set of mail cell definitions would
route mail to the smart host, which would then route mail to its final
destination. Configure the local domain smart host for a mail cell in the
WebSphere Administrative Console under Lotus Workplace → Mail Cell
Wide Settings → SMTP Outbound/Local Delivery.
For more information about administration of the Lotus Workplace Messaging
system, please refer to Lotus Workplace 2.0.1 Information Center:
http://www.lotus.com/ldd/doc
6.2 Integrating Domino and Lotus Workplace Messaging
In this book, we assume that you already have Domino installed. So when
considering whether to deploy Lotus Workplace Messaging, the first thing you
need to determine is the relationship between Domino and Lotus Workplace
Messaging.
Figure 6-1 Messaging user profiles
Chapter 6. Messaging Integration between Domino and Workplace Messaging
211
In general, Lotus Workplace Messaging will be more appropriate to host users
whose requirement to functionality and frequency of use are both low.
Alternatively, Domino is appropriate to host heavily used users, whose
requirement to functionality and frequency are both high. Integration of the two
systems can help your organization to retain investment in Domino, while also
leveraging advantages provided by Lotus Workplace and meeting requirements
for a different population of users.
Based on specific requirements, as well as a network infrastructure, integration
of Lotus Workplace with an existing Domino system generally presents one of
the following scenarios:
򐂰 Messaging integration scenario 1 - Lotus Workplace Messaging and Lotus
Domino are deployed with separate Internet domains and separate LDAP
directories (6.3, “Scenario 1: Using different directory and Internet domain
name” on page 213).
If the Lotus Workplace 2.0.1 environment will host a new group of users and
you do not want to make significant changes to an existing Domino system, or
the Domino and Workplace Messaging servers will not be located in same
Local Area Network, you may wish to consider deploying Lotus Workplace
2.0.1 as a separate system.
򐂰 Messaging integration scenario 2 - Lotus Workplace Messaging and Lotus
Domino share a common Internet domain with separate LDAP directories,
and use a smarthost to facilitate proper mail routing (6.4, “Scenario 2: Sharing
a common Internet domain with separate LDAP directories” on page 222).
This is a loosely defined integration scenario. You have different user
directories so you can manage Domino users and Lotus Workplace
Messaging users separately. Keep in mind that this multi-directory
infrastructure is transparent to the outside world, since all users have the
same Internet domain name in their Internet addresses.
򐂰 Messaging integration scenario 3 - Lotus Workplace Messaging and Lotus
Domino share a common Internet domain and the Domino LDAP directory
(6.5, “Scenario 3: Domino and Lotus Workplace Messaging share same
Internet domain and directory” on page 236).
This is the most tightly integrated scenario. All users will be defined in the
same Domino Directory and managed centrally. Domino will host part of the
users, and act as an LDAP server for Lotus Workplace 2.0.1.
In the upcoming sections of this chapter, we discuss each of these scenarios in
detail, including solution analysis and detailed configuration steps.
212
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
6.3 Scenario 1: Using different directory and Internet
domain name
In this section we discuss scenario 1.
6.3.1 Solution analysis
This section provides an overview of the technical approach to be discussed in
this scenario. Specific technical details for implementing this approach are
discussed in the next section.
Deploying Workplace Messaging and Domino as separate systems is the easiest
configuration from a routing perspective. In this scenario, the two systems use
separate domains with separate LDAP directories. You can administer each mail
system separately, while routing between the systems is handled through DNS
lookups.
Local Internet domain
Mail Messages are
exchanged
by SMTP protocol
Domino Server
Domino System
LDAP Server
Workplace Server
Workplace System
Figure 6-2 Domino and Lotus Workplace Messaging as separate systems
Chapter 6. Messaging Integration between Domino and Workplace Messaging
213
Since Domino and Lotus Workplace Messaging are separate mail systems, you
can set up mail routing between them through SMTP. The major steps defined
within this scenario are:
1. Set up Domino to send/receive SMTP mail.
2. Make sure Lotus Workplace Messaging messaging works without any errors.
3. (Optional) Add Domino server's IP address to the Trusted IP list in Lotus
Workplace Messaging.
Important: Before you begin to configure Domino and Lotus Workplace
Messaging, you should make sure you add DNS entries for both servers
properly, so they can find each other through DNS lookups.
Set up Domino to send/receive SMTP mail
Listed below are the detailed steps for how to set up the Domino Messaging
server to send and receive SMTP mail messages.
Set up Domino to send SMTP messages to another Internet domain
To send messages over SMTP to destinations outside of the local Internet
domain (for example, to the Internet or another private network) you must enable
external SMTP routing.
To enable SMTP routing outside of the local Internet domain:
1. From the Domino Administrator, click the Configuration tab and then expand
the Messaging section.
2. Choose Configurations.
3. Select the server’s Configuration Settings document and then click Edit
Configuration. If the server does not have a Configuration Settings
document yet, click New Configuration to create one.
4. On the Router/SMTP - Basics tab, set field SMTP as the protocol to be used
when sending messages outside the local Internet domain to Enabled.
214
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-3 Enabling SMTP in Domino Configuration Settings document
5. Save and close the document.
6. The change takes effect after the next router configuration update. To put the
new setting into effect immediately, reload the routing configuration by
entering below Domino console command:
>Tell router update config
Or restart the Domino server.
Set up Domino to receive SMTP messages
To set up a Domino server to receive SMTP-routed messages, you must enable
the SMTP Listener. This allows the server to listen for SMTP traffic over the
TCP/IP port (usually port 25) and receive SMTP messages in the MAIL.BOX
databases.
Enabling the SMTP listener causes the server SMTP task to start up
automatically every time the Domino server starts. Disabling the SMTP listener
prevents the SMTP task from starting up when the server starts.
Attention: Do not add SMTP as a task to the task list in the NOTES.INI file or
this feature will not work.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
215
To enable the SMTP Listener, follow the steps listed below:
1. From the Domino Administrator, select File → Open Server. Select the
server you are about to administer.
2. Click the Configuration tab and then expand the Server section.
3. Select the Server document to be edited from the All Server Documents list,
then click Edit Server.
4. On the Basics tab, make changes on these fields if necessary:
– Fully qualified Internet host name
The server's complete combined host name and domain name, including
the top-level domain, for example, dominoserver.ibmitso.com, where
dominoserver is the host name and cam.itso.ibm.com is the domain name.
In the absence of a Global domain document, the router uses the entry in
this field to determine the local Internet domain. Typically, the fully qualified
host name is added to the Server document during server setup or by the
Administration process (AdminP). A routing loop can result if this field
does not contain a valid entry.
– SMTP listener task
Set this field to Enabled to turn on the listener so that the server can
receive messages routed via SMTP routing.
Figure 6-4 Enable SMTP listener in Domino Server document
5. Click Ports → Internet Ports → Mail tab.
6. In the Mail (SMTP Inbound) column, ensure that the TCP/IP port status is set
to Enabled (default).
7. Click Save and Close to save the Server document.
216
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
8. Restart Domino to make sure all changes take effect.
(Optional) Use Global domain document to define Domino local
Internet domain name
Every organization has a primary Internet domain name, for example, acme.com.
By default, Domino considers the local, primary Internet domain to be the domain
specified in the server's Fully Qualified Internet host name. For example, for a
server with the host name Server1.acme.com, both Server1.acme.com and
acme.com are considered local Internet domains. The server does not accept
messages addressed to recipients in any other Internet domain.
In addition to having a primary Internet domain, some organizations use
alternate Internet domain names. If your organization uses more than one
Internet domain name, you will want Domino to consider other domain suffixes as
local. A Global domain document identifies the Internet domains that are
considered to be internal to a Domino domain and for which the local domain can
accept mail. By default, the Domino Directory does not contain a Global domain
document. Within the Global domain document, you specify one primary Internet
domain name and multiple secondary domains. Secondary domains are listed as
alternate Internet domain aliases.
To create a Global domain document, follow these steps:
1. Make sure you already have a Configuration Settings document for the
servers to be configured. For Domino Release 5 and greater servers, a
Configuration Settings document is required to set up SMTP routing.
2. From the Domino Administrator, click the Configuration tab and then expand
the Messaging section.
3. Choose Domains, and then click Add Domain.
4. On the Basics tab, complete these fields:
– Domain type. Choose Global domain.
– Global domain name. A word or phrase that describes the domain. Never
use the name of an existing domain for your Global domain.
– Global domain role. For Domino Release 5 and greater SMTP servers,
choose R5 Internet Domain.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
217
Figure 6-5 Basics tab for Global domain document
5. Click the Restrictions tab and complete this field:
Domino domains and aliases. The Domino domain name and aliases.
Domino uses the domain name and aliases when accepting mail from the
alternate domains listed in the Global domain document.
Figure 6-6 Restrictions tab of Global domain document
Note: The Domino domain name is different from the Internet domain
name. To verify the Domino domain name used in your system, you can
open Server document, and look in the Basics tab for the value of the
Domain field.
6. Click the Conversions tab. Complete these fields:
– Local primary Internet domain
This represents the primary Internet domain name that your company
uses to represent themselves to the outside world; in our sample scenario,
we used ibmitso.com.
– Alternate Internet domain aliases
218
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Additional Internet domain names that your company uses, for example,
still.another.com, yet.another.com, have.another.com, and so on. Multiple
entries should be separated by semi-colons.
– Internet address lookup
Set to Enabled.
Figure 6-7 Conversions tab of Global domain document
7. Save and close the document. Restart the server to put the changes into
effect. The server reloads information in the Global domain document into
memory only after a restart.
Set Internet address for users
If the Internet Address field had not been populated for users, you can use the
steps listed below to populate them:
1. From Domino Administrator, click the People and Groups tab.
2. Select all users need to be filled with an Internet address.
3. Expand Tools - People at the right side.
4. Click Set Internet Address.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
219
5. In the Set Internet Address dialog box, set the appropriate settings to
construct a user’s Internet address. If you want to set the Internet address as
[email protected], you can set the settings as:
– Default format. Select Use Custom Pattern.
– Format pattern: Enter the letter s, which represents the short name.
– Internet domain: Enter the Internet domain.
Figure 6-8 Set the Internet Address dialog box
6. Click OK.
You should see a dialog box as shown in Figure 6-9. Make sure there are no
errors. You can also open a user’s Person document to make sure the Internet
Address field has been populated as desired.
Figure 6-9 Result of Set Internet address
Make sure Lotus Workplace messaging works successfully for
SMTP
By default, Lotus Workplace Messaging has the ability to send/receive SMTP
messages. No additional configuration will be needed. You may use a browser or
other mail client to test the mail routing.
Add Domino server as trusted server in Lotus Workplace
Messaging
You may want to add Domino server into Lotus Workplace Messaging server’s
trusted server list, to avoid anti-relay checks or DNS verifications on the Domino
server.
220
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
To add Domino into the Lotus Workplace Messaging server’s trusted server list:
1. In the WebSphere Administrative Console, click Lotus Workplace → Mail
Cell-Wide Settings.
2. Scroll down to Additional Properties and click Filters for SMTP Inbound
connections.
3. Click Trusted to view the properties.
Figure 6-10 Add Domino to Lotus Workplace Messaging Trusted IP addresses list
4. In Trusted TCP/IP addresses, add the Domino server’s IP address. You can
use a comma to separate multiple addresses. You can use an asterisk (*) as a
wildcard.
5. Make sure the option “Force trusted addresses to authenticate” is unchecked.
6. Leave all other options as default.
7. Save the settings.
8. Restart the Lotus Workplace Messaging server to make sure the changes
take effect.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
221
Figure 6-11 Save settings in Lotus Workplace Messaging administrative console
After completing the steps listed above, you will be able to send mail messages
between Domino and the Lotus Workplace 2.0.1 environment.
6.4 Scenario 2: Sharing a common Internet domain with
separate LDAP directories
Most organizations will use only one Internet domain name for convenience and
consistency. So, if you do not want to add Workplace Messaging users into an
existing Domino Directory, you can configure Domino and Lotus Workplace 2.0.1
as described in this scenario by adding workplace users into a separate directory
and using a smarthost to ensure routing of outgoing mail to the proper mail
server. The smarthost will deliver your mail to the other mailservers on your
behalf.
Note: By defining a particular mail server as a smarthost, this will ensure
routing of outgoing mail to the proper mail server. The smarthost will deliver
your mail to the other mailservers on your behalf.
This is a loosely defined integration strategy, in that you will have different user
directories so you can manage Domino users and Workplace Messaging users
separately. This multi-directory infrastructure is transparent to the outside world,
since all users have the same internet domain name in their internet addresses.
222
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Solution analysis
This section provides an overview of the technical approach to be discussed in
this scenario. Specific technical details for implementing this approach are
discussed in the next section.
When a Workplace Messaging user tries to send a mail message to a Domino
user, he will type the recipient’s internet address, like [email protected]
However, the problem is that the Lotus Workplace Messaging server will
mistakenly recognize this domain name as a local Internet domain name, so it
will try to look up the user in the local directory. When the user name cannot be
found, Lotus Workplace Messaging will return the mail to the sender. On the
Domino side, the same problem exists. We need to use smarthost to solve the
problem and ensure that mail messages are delivered to the proper mail server.
Lotus Workplace Messaging will deliver mail messages to its smart host when:
򐂰 The recipient's e-mail address is in the local domain.
򐂰 The recipient cannot be found in the local directory.
򐂰 The recipient cannot be found in any directory used by a mail cell registered
with the cell.
Domino will deliver mail messages to its smart host when:
򐂰 The recipient's e-mail address is in the local domain.
򐂰 The recipient cannot be found in the local directory.
򐂰 The recipient can be found in the local directory, but the mail system is set to
other internet mail.
So if Domino is configured as the smart host of Lotus Workplace Messaging,
when a Lotus Workplace Messaging user sends mail to a Domino user, Lotus
Workplace Messaging will route the mail to the smart host, and Domino can then
deliver the mail to the recipients.
On the Domino side, you can set up directory assistance to refer to Lotus
Workplace Messaging’s LDAP server, so that Domino can perform a lookup in
the LDAP directory during mail routing. When a Domino user sends mail to a
Lotus Workplace Messaging user, Domino can find the user in the LDAP
directory. You also need to add a mailServer attribute for each user, so Domino
can also find where the recipient’s mail server is located, and hence route the
mail. This solution is discussed in greater detail in the upcoming section.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
223
Local Internet domain
Use Directory
assistance to
connect to
Workplace LDAP
Server
Domino
Directory
LDAP Server
Domino find
users in LDAP
directory,
then route
mail to Workplace
server
Domino Server
Domino System
Workplace
Messaging route
mail
to smart host
(Domino) when
can't find
user in local
LDAP directory
LDAP
Workplace Server
Workplace System
Figure 6-12 Mail routing when Domino and Lotus Workplace Messaging share same
Internet domain - Smarthost solution
Finally, there is also a choice to set the Lotus Workplace Messaging server as a
smart host for Domino, so Domino users can send mail messages to Lotus
Workplace Messaging users without a problem. However, with this approach, a
problem arises when Lotus Workplace Messaging users send mail to Domino
users. Within Lotus Workplace Messaging 2.0.1, Lotus Workplace Messaging
only uses the primary LDAP directory for mail routing. So Lotus Workplace
Messaging cannot correctly send the messages (it will not know where to send
the messages to), unless you add all Domino users into Lotus Workplace
Messaging’s LDAP directory and configure mail cells in Lotus Workplace
Messaging.
As you might expect, maintaining the same set of user accounts in two different
directories adds a large additional administrative workload. If you must take this
approach, first add all of Domino users into Lotus Workplace Messaging’s LDAP
directory, then follow the instructions in 6.5, “Scenario 3: Domino and Lotus
Workplace Messaging share same Internet domain and directory” on page 236.
224
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Note: You cannot set both servers as a smart host for each other, because
when a recipient does not exist in both directories, the mail will loop between
the two servers and will have negative a affect on mail server performances.
Key configuration steps for creating a smarthost
As described above, to set up mail routing between Domino and Lotus
Workplace Messaging using a smart host, you need to follow the steps shown
below:
1. Set up Domino to send/receive SMTP mail.
2. Make sure Domino and Lotus Workplace Messaging are using the same
Internet domain.
3. Set up Directory Assistance in Domino.
4. Set smart host for Lotus Workplace Messaging server.
5. Extend the LDAP schema in the Lotus Workplace Messaging directory.
The detailed steps are described below.
Set up Domino to send/receive SMTP mail
For detailed steps about how to set up Domino to send/receive SMTP mail, see
“Set up Domino to send SMTP messages to another Internet domain” on
page 214 and “Set up Domino to receive SMTP messages” on page 215.
Make sure Domino and Lotus Workplace Messaging are using
same Internet domain
The local Internet domain name on Domino and Lotus Workplace Messaging
should be configured as the same name.
To review Internet domain settings on Lotus Workplace Messaging:
1. Open the Administrative Console for Lotus Workplace. For example, type this
URL in browser:
http://intlwpnd.cam.itso.ibm.com:9091/admin
2. Log in with Portal administrator's ID and password.
3. In the WebSphere Administrative Console, click Lotus Workplace → Mail
Cell-Wide Settings.
4. Review values in “Domains that are considered local.” Make sure the desired
Internet domain name is included. If it is not included, type it in the field and
save the settings.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
225
To review Internet domain settings on Domino:
1. From Domino Administrator, open the Domino server.
2. Click the Configuration tab.
3. If you are using Global domain document, click Messaging - Domains, open
the Global domain document, and make sure the desired Internet domain
name is listed in Local Primary Internet domain field or the Alternate Internet
domain aliases field.
4. If you are not using a Global domain document, click Servers, open the
Server document, make sure the Fully Qualified Internet host name field is
populated with the correct hostname.domainname, where domainname is the
desired Internet domain name.
Set up Directory Assistance in Domino
Directory assistance is a feature Domino can use to look up information in a
directory other than local Domino Directory (names.nsf). In our scenario,
directory assistance is used when Domino tries to look up user information for
Lotus Workplace Messaging users.
To set up directory assistance, you need to create a directory assistance
database, set up directory assistance for the LDAP server Lotus Workplace
Messaging is using, and specify the directory assistance database file name in
the Domino Server document.
Create directory assistance database
If you have multiple Domino servers in one domain, create a directory assistance
database on one server, and then create a replica of the database on each
server in the domain that will use it for directory assistance. A server can use one
directory assistance database only.
226
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-13 Create directory assistance database on Domino
From the Domino Administrator or Notes client, create the database:
1. Choose File → Database → New to open the New Database dialog box.
2. Enter the name of the server on which to create the database.
3. Enter a title for the database, for example, Directory Assistance. You can
enter any title.
4. Enter a file name for the database, for example, DA.NSF. You can enter any
file name with the extension .NSF.
5. Click Show advanced templates.
6. Click Template Server and select a server that stores the Directory
Assistance template (DA50.NTF).
7. Select the Directory Assistance template (DA50.NTF) from the list of
templates.
8. Keep "Inherit future design changes" selected.
9. Click OK.
Set up directory assistance for the LDAP directory used by Lotus
Workplace Messaging
To set up directory assistance for a remote LDAP directory, create a Directory
Assistance document for the directory in a directory assistance database as
Chapter 6. Messaging Integration between Domino and Workplace Messaging
227
follows. (Make sure you have read about directory assistance services and
concepts.)
1. Make sure you have created and replicated a directory assistance database.
2. From a Notes client, choose File → Database → Open, select the server on
which the directory assistance database is located, select the directory
assistance database from the list, and click Open.
3. Click Add Directory Assistance.
Figure 6-14 Add Directory Assistance - Basics tab
4. On the Basics tab, complete these fields:
– Domain type. Choose LDAP.
– Domain name. A domain name of your choice that is different from the
domain name specified for any other Directory Assistance document
(Notes or LDAP) in the directory assistance database, for example, lwp.
– Company name. (Optional) The name of the company associated with this
directory. Multiple Directory Assistance documents can use the same
company name.
– Search order. (Optional) A number affecting the order in which servers
search or refer LDAP clients to this directory relative to other directories
configured in the directory assistance database.
– Make this domain available to. Check both options for "Notes clients and
Internet Authentication/Authorization" and "LDAP Clients."
– Group Authorization. Leave it as No (default).
– Enabled. Choose Yes to enable directory assistance for this LDAP
directory.
5. Leave the Naming Contexts (Rules) tab unchanged.
228
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-15 Add Directory Assistance - LDAP tab
6. On the LDAP tab, complete these fields:
– Hostname. The host name for the remote LDAP directory server, for
example, itso-ldap.cam.itso.ibm.com. A Domino server uses this host
name to connect to the remote LDAP directory server, or to refer LDAP
clients to the LDAP directory.
– Optional Authentication Credential. Leave these fields blank if the LDAP
server allows anonymous access. If the LDAP server does not allow
anonymous access, enter a LDAP distinguished name in the Username
field, for example, cn=root, and the corresponding password in the
Password field. This distinguished name and password must be valid in
the LDAP server.
– Base DN for search. A search base, if the LDAP directory server requires
one, for example, dc=ibm,dc=com.
– Channel encryption. Choose SSL when you use the remote LDAP
directory for client authentication or to look up the members of groups for
database authorization. In our scenario, we will use None.
– Port. The port number Domino servers use to connect to the remote LDAP
directory server. If you choose SSL in the Channel encryption field, the
default port is 636. If you choose None in the Channel encryption field, the
default port is 389. If the LDAP directory server does not use one of these
default ports, enter a different port number manually.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
229
– Timeout. The maximum number of seconds allowed for a search of the
remote LDAP directory; the default is 60 seconds. If the remote LDAP
directory server also has a timeout setting, the lower setting takes
precedence.
– Maximum number of entries returned. The maximum number of entries
the LDAP directory server can return for a name for which a Domino
server searches. If the LDAP directory server also has a maximum setting,
the lower setting takes precedence. If the LDAP directory server times out,
it returns the number of names found up to that point. The default is 100.
– Dereference alias on search. Choose one to control the extent to which
alias dereferencing occurs during searches of the remote LDAP directory.
If aliases are not used in the LDAP directory, selecting Never can improve
search performance.
– Preferred mail format. Choose Internet Mail Address (default).
– Attribute to be used as Notes Distinguished Name (Optional). Leave this
field blank.
– Type of search filter to use. Choose one to control which LDAP search
filters are used to search the directory. In our scenario, choose Standard
LDAP (default).
7. Click Save & Close.
For more information about setting up directory assistance, see Domino 6
Administration Help. You can find this within the Lotus Documentation section of
the Lotus Developer’s Domain at:
http://www-10.lotus.com/ldd/notesua.nsf/6c87a7297ac2aa71852569810051910
9/1a9c0035042e3e9d852569930062f063?OpenDocument
Specify directory assistance database file name in Server document
You must specify the directory assistance database file name in the Server
document so that Domino server can use the directory assistance. You can enter
the directory assistance database file name to a Server document manually:
1. Make sure that you have already created and replicated the directory
assistance database to each server that will use the directory assistance.
2. From the Domino Administrator, click the Configuration tab.
3. In the left pane, choose Server - All Server Document.
4. Select a specific Server document, and then click Edit Server.
5. In the "Directory Assistance database name" field in the Directory Info section
on the Basics tab, enter the file name that you gave to the replica of the
directory assistance database on this server, for example, DA.NSF. If the
230
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
directory assistance database is in a subdirectory under the data directory,
include the path relative to the data directory, for example,
DIRECTORIES\DA.NSF.
Figure 6-16 Add directory assistance database file name to Domino Server document
6. Click Save & Close.
7. If the Domino Directory you changed is not the replica of the server whose
directory assistance database file name you specified, replicate the updated
Domino Directory to the server.
8. Restart the server so it detects the directory assistance database file name
now in its Server document.
Set smart host for Lotus Workplace Messaging server
In Lotus Workplace Messaging, a smart host is an SMTP server to which
messages are sent when a recipient in the local domain cannot be found in the
LDAP directory, when the recipient is not a member of the local cell, or when the
recipient does not have an LDAP mail cell attribute that defines an alternate
destination.
In our scenario, Domino and Lotus Workplace Messaging will share the same
Internet domain name, so we need to set Domino as the smart host in Lotus
Workplace Messaging, so Lotus Workplace Messaging can route mail to Domino
when it cannot find the user in its own directory.
To set a smarthost for Lotus Workplace Messaging server:
1. Open the Administrative Console for Lotus Workplace. For example, type this
URL in the browser:
http://intlwpnd.cam.itso.ibm.com:9091/admin
2. Log in with the Portal administrator's ID and password.
3. In the WebSphere Administrative Console, click Lotus Workplace → Mail
Cell-Wide Settings, scroll down to Additional Properties, and click SMTP
Outbound/Local Delivery to view properties. Use this panel to view or
change properties for all servers in this cell. To change the properties for a
Chapter 6. Messaging Integration between Domino and Workplace Messaging
231
single server on a single node in this cell, click Servers → Lotus Workplace
Servers.
4. In the Local domain smart host field, specify the host name or IP address of
the Domino server.
Figure 6-17 Set smart host for Lotus Workplace Messaging
5. Click Apply.
6. Click Save to save the settings. Restart the Lotus Workplace Messaging
server to make the change take effect.
Extend the LDAP schema in Lotus Workplace Messaging
directory
When a mail message is sent from a Domino user to a Lotus Workplace
Messaging user, Domino can find the user’s information in the directory
assistance we configured earlier. In order for Domino to know to where the mail
should be sent to, you must extend the LDAP schema in the Lotus Workplace
Messaging directory.
The object class for users must be extended to contain a MailServer attribute.
Then you must add the new MailServer attribute to each person record in the
directory. Set the attribute to the host name or MX name for the Lotus Workplace
Messaging server or cell.
In our scenario, we are using IDS 5.1 as the LDAP directory. We need to add a
mailServer attribute to the inetOrgPerson object class, then populate this
attribute for each user. Below are the steps indicating how to do this.
232
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
If you are using an LDAP directory other than IDS 5.1, refer to the server’s
documentation about how to extend the schema and how to add the attribute to
users.
Add mailServer attribute into inetOrgPerson object class
This can be done in IDS Web Administration interface.
1. Open IDS Web Administration in a browser and log in as a user with
Administration access, for example, cn=root.
2. Expand Schema management in the navigation area, then click Manage
object classes.
3. Find inetOrgPerson in the object classes list, click the radio button next to it,
and click Edit.
4. Click the Attributes tab.
5. Select the mailServer attribute from the alphabetical list of Available attributes
and click Add to required to make the attribute required or click Add to
optional to make the attribute optional for the object class. The attribute is
displayed in the appropriate list of selected attributes.
6. Click OK to apply the changes.
Populate mailServer attribute for each user
You can use the IDS Web Administration console to populate the mailServer
attribute for each user. Or you can use any LDAP browser to do so. The
mailServer attribute is a string attribute. Its value should be the fully qualified host
name of the Lotus Workplace Messaging server, for example,
intlwpnd.cam.itso.ibm.com.
After populating this attribute, a typical user should be as listed in Table 6-1.
Table 6-1 Attribute names and values
Attribute name
Value
ibm-appuuid
85450180-c613-11d8-bb10-837340db296f
sn
wpsadmin
userpassword
xxxx(encrypted)
mail
[email protected]
displayname
WPS Admin
objectClass
organizationalPerson
objectClass
person
Chapter 6. Messaging Integration between Domino and Workplace Messaging
233
Attribute name
Value
objectClass
top
objectClass
inetOrgPerson
objectClass
ibm-appuuidaux
uid
wpsadmin
mailServer
intlwpnd.cam.itso.ibm.com
cn
wpsadmin
Add Domino server as trusted server in Lotus Workplace
Messaging
You may want to add the Domino server into Lotus Workplace Messaging
server’s trusted server list, to avoid anti-relay check and DNS verifications for the
Domino server.
To add Domino into Lotus Workplace Messaging server’s trusted server list:
1. In the WebSphere Administrative Console, click Lotus Workplace → Mail
Cell-Wide Settings.
2. Scroll down to Additional Properties and click Filters for SMTP Inbound
connections.
3. Click Trusted to view the properties.
Figure 6-18 Add Domino to Lotus Workplace Messaging Trusted IP addresses list
234
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4. In Trusted TCP/IP addresses, add Domino server’s IP address. You can use a
comma to separate multiple addresses. Use asterisk (*) as a wildcard.
5. Make sure the “Force trusted addresses to authenticate” option is unchecked.
6. Leave all other options as default.
7. Save the settings. Restart the Lotus Workplace Messaging server to make
sure the changes take effect.
Figure 6-19 Save settings in Lotus Workplace Messaging administrative console
Routing process explained
After you have completed making the configuration changes described in the
previous sections, Domino users and Lotus Workplace Messaging users can
now exchange mail messages.
When a Lotus Workplace Messaging user selects a local domain user that is not
in Lotus Workplace Messaging, Lotus Workplace Messaging sends the message
to the smart host. If the smart host is set to Domino, then Domino looks to see if
the addressee is a local Domino user. If the address is a local user, then the
message is routed and delivered. If not, then the message is not delivered.
When a Domino user sends a message to a Lotus Workplace Messaging user,
Domino retrieves the user information from the Workplace directory by means of
LDAP as configured in Directory Assistance. Domino routes the message to the
destination specified in the MailServer attribute using the e-mail address in the
mail attribute.
When mail messages are sent from the Internet to a local domain user, either
Domino or Lotus Workplace Messaging will receive the mail (depending upon
Chapter 6. Messaging Integration between Domino and Workplace Messaging
235
DNS settings), and follow the above process to deliver the mail to the final
recipient.
Note: If your organization allows mail messages to be sent to groups from the
Internet, the groups will have Internet addresses such as
[email protected] Domino will encounter a problem when the
group is defined in the LWP LDAP directory. To avoid this problem, we
recommend for to you map a local Internet domain to the Lotus Workplace
Messaging server in DNS, then use the Lotus Workplace Messaging server to
receive all mail messages for the local Internet domain.
6.5 Scenario 3: Domino and Lotus Workplace
Messaging share same Internet domain and
directory
Domino and Lotus Workplace Messaging can share the same Internet domain
name and the same directory. In this scenario, a Domino server running the
LDAP service will be the LDAP server for the Workplace Messaging server. All
users will be defined in the Domino Directory. Some of them are using Domino
mail, while others are using Lotus Workplace Messaging.
6.5.1 Solution analysis
This section provides an overview of the technical approach to be discussed in
this scenario. Specific technical details for implementing this approach are
discussed in the next section.
In this scenario, since all users are defined in the same directory, when a user
tries to send mail to another user, both Domino and Lotus Workplace Messaging
will recognize the recipient as a local user and try to perform a local delivery. To
make sure mail messages are delivered to the proper mail server for the
recipient, you must differentiate Domino and Lotus Workplace Messaging users
in the directory, then configure Domino and Lotus Workplace Messaging to route
mail messages appropriately.
As we discussed in 6.4, “Scenario 2: Sharing a common Internet domain with
separate LDAP directories” on page 222, Domino will deliver mail messages to
its smarthost when:
򐂰 The recipient's e-mail address is in the local domain.
򐂰 The recipient cannot be found in the local directory.
򐂰 The recipient can be found in the local directory, but the mail system is set to
other internet mail.
236
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
To address this need for differentiating Domino and Lotus Workplace Messaging
users, you should define Lotus Workplace Messaging users by setting the field
for mail system to other internet mail, and setting the Lotus Workplace
Messaging server as a smarthost for the Domino server. Once this configuration
is completed, mail messages from Domino users to Lotus Workplace Messaging
users can be delivered properly.
For Lotus Workplace Messaging to route mail properly to Domino, you need to
define separate mail cells for Domino and Lotus Workplace Messaging. This is
necessary so that Lotus Workplace Messaging can route mail to the appropriate
server defined in mail cells.
Local Internet domain
Domino
Directory
LDAP
Workplace Messaging
delivers
mail to users
belonging to Workplace
Messaging
mail cells
Workplace
Messaging
mail cell
Domino
mail
cell
Domino Server
Domino System
Workplace
Messaging
routes mail to
Domino Users
who belong to
Domino mail cell
Mail cells defined in
Workplace Messaging
Domino routes
mail to smart
host (Workplace) for
Workplace Messaging
users
Workplace Server
Workplace System
Figure 6-20 Mail routing when Domino and Lotus Workplace Messaging share same
Internet domain and directory
To set up mail routing between Domino and Lotus Workplace Messaging in this
scenario, make sure you have already performed the following tasks:
򐂰 Set up Lotus Workplace Messaging to use Domino as the LDAP server.
򐂰 Set up Domino to send/receive SMTP mail.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
237
For detailed steps about how to set up Domino to send/receive SMTP mail,
see “Set up Domino to send/receive SMTP mail” on page 214.
Additionally, you need to follow the major steps outlined below:
1. Make sure Domino and Lotus Workplace Messaging are using the same
Internet domain name.
2. Add Lotus Workplace Messaging users into the Domino Directory.
3. Set the Lotus Workplace Messaging server as a smart host for Domino.
4. Extend the LDAP schema in Domino LDAP.
5. Create mail cells in the Lotus Workplace Messaging server.
The detailed implementation steps are described in the following sections.
Make sure Domino and Lotus Workplace Messaging are using
same Internet domain
To verify the domain name Lotus Workplace Messaging is using, in the
WebSphere Administrative Console, click Lotus Workplace → Mail Cell-Wide
Settings. Under General Properties, in the "Domains that are considered local"
field, make sure the corporate domain (domain.com) is listed. If it is not there,
type it in the field.
To verify Domino is using the same domain name, if Domino is using the Global
domain document, make sure this domain is also listed in the Primary Internet
domain suffix or Alternate Internet domain suffix fields. If Domino is not using the
Global domain document, make sure in the Server document, the domain name
part in the Fully qualified Internet host name field matches this domain name.
Add Lotus Workplace Messaging users into Domino Directory
To enable a Domino user to send a message to a Lotus Workplace Messaging
user using an Internet e-mail address ([email protected]), the Lotus Workplace
Messaging user has to be set up as follows in the Domino Directory:
1. From the Domino Administrator, click the People & Groups tab.
2. Select the Domino Directory, and then click People.
3. From the Tools pane, click People - Register.
238
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-21 Register user in Domino Administrator
4. Name the person according to the organization policy, including:
–
–
–
–
First name
Last name
Short name
Password
5. Click Password Options, and check Set Internet password option.
6. In the Mail System field, choose Other Internet.
7. Click to check the Advanced option. On the Address tab, fill in the Forwarding
Address field with the user’s Internet address.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
239
Figure 6-22 Fill in Forwarding Address for the Lotus Workplace Messaging user
8. Click the green check mark to add the user to the registration queue. Click
Register or Register All to register the user.
The person document for a typical Lotus Workplace Messaging user will look like
Figure 6-23.
Figure 6-23 Person document for a typical Lotus Workplace Messaging user
240
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
To migrate existing users to Lotus Workplace Messaging, see 6.6, “Moving mail
accounts” on page 251. If you only need to make an existing user become a
Lotus Workplace Messaging user, without migrating his data (for example, mail
messages, contacts, calendar entries), you can only perform the steps in
“(Optional) Modify person documents after migration” on page 269.
Set Lotus Workplace Messaging server as smart host for
Domino
To set the Lotus Workplace Messaging server as smart host for Domino:
1. From the Domino Administrator, click the Configuration tab and then expand
the Messaging section.
2. Choose Configurations.
3. Select the server’s Configuration Settings document and then click Edit
Configuration.
4. On the Router/SMTP - Basics tab, in field Local Internet domain smart host,
type Lotus Workplace Messaging server’s fully qualified host name.
Figure 6-24 Set smart host for Domino in Configuration document
5. Click Save & Close.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
241
6. The change takes effect after the next Router configuration update. To put the
new setting into effect immediately, reload the routing configuration by
entering Domino console command:
>Tell router update config
Or restart the Domino server.
Adding mail cell attribute in Domino LDAP
To look up users in other mail cells using a cell attribute, you must first either
extend the LDAP directory schema to create a mail cell attribute for each person
record, or use an existing, unused attribute and adopt it as the mail cell attribute.
When all users are defined in the same Domino Directory, each user should have
a mail cell attribute in his person record.
In our example, we use an attribute named carLicense as the mail cell attribute.
This attribute already exists in the dominoPerson object class in Domino LDAP
schema.
Note: You can also extend the Domino LDAP schema to add new attributes.
For how to extend Domino LDAP schema, see Domino 6 Administration Help.
(Optional) Make the cell attribute searchable for anonymous access
In case you configured Lotus Workplace Messaging to bind to Domino LDAP as
anonymous, you need to perform this step to make the carLlicense attribute
searchable for anonymous access.
To use the domain Configuration Settings document to customize anonymous
LDAP search access to a specific Domino Directory or Extended Directory
Catalog served by the LDAP service, first open the document, then configure
anonymous search access.
1. Open the domain Configuration Settings document in the directory:
a. From the Domino Administrator, open a server within the domain that runs
the LDAP service.
b. Click the Configuration tab.
c. In the left pane, expand Directory, then LDAP, and then select Settings.
d. Do one of the following:
242
•
If you see the prompt Unable to locate a Server Configuration
document for this domain. Would you like to create one now?,
click Yes, then click the LDAP tab on the document.
•
If you do not see the prompt, click Edit LDAP Settings.
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
2. Customize anonymous LDAP search access to the directory:
a. Next to "Choose fields that anonymous users can query via LDAP" select
Select Attribute Types to open the LDAP Attribute Type Selection dialog
box.
b. The Queriable Attribute Types box at the right of the dialog box shows the
attributes anonymous LDAP users can access.
c. In the Object Classes box, select dominoPerson.
d. Click Display Attributes to display in the Selectable Attribute Types box
all the attributes defined for the selected object classes.
Figure 6-25 Add attribute to queriable attribute types
e. Select the attribute carLicense in the Selectable Attribute Types box, and
click Add to add the attribute to the Queriable Attribute Types box.
Note: For information about the object classes and attributes defined in
the schema, see the Domino LDAP Schema database.
f. Click OK to close the LDAP Attribute Type Selection dialog box.
3. Click Save & Close to save the changes in the Configuration Settings
document.
4. If you made the changes to a Domino Directory replica on a different server,
replicate the changes to the server. Restart the server.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
243
Populate values in cell attribute for each user
In order for Lotus Workplace Messaging to correctly determine which mail cell a
user belongs to, the cell attribute must be populated with an appropriate value.
In our example, we populate the values as:
򐂰 For Lotus Workplace Messaging users, set carLicense as Lotus Workplace.
򐂰 For Domino users, set carLicense as Domino.
These values should be populated into the carLicense field in each user’s Person
document.
There are a number of methods to populate values into a field in the Person
document. For example, you can create two agents to do so:
1. From Domino designer, create an agent in the Domino Directory.
Figure 6-26 Example for creating an agent
2. Name it Set mail cell to LWP.
3. Set the agent trigger to the On event - Action menu selection.
4. Set Target to All selected documents.
5. Select Simple action(s) from the list, then click Add Action.
244
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-27 Example for add simple action in agent
6. In the Add Action dialog box, do the following:
–
–
–
–
From Action list, select Modify Field.
Set Modify by to Replacing.
From The value in list, select carLicense.
In With the new value box, type lwp.
7. Click Add to close the Add Action dialog box. Save the agent.
Create another agent named “Set mail cell to Domino” with the same steps. Type
domino in the “With the new value” box in step 6.
After you have created the two agents, you can manually select Person
documents for all Lotus Workplace Messaging users. Choose Set mail cell to
LWP from the Action menu. Then select Person documents for all Domino users,
and choose Set mail cell to Domino from the Action menu. Or you can use
other methods such as LotusScript to fill in the field value.
After filling in the field value, open the document properties box for a Person
document, and make sure the carLicense field value is set as desired.
Figure 6-28 on page 246 shows the document properties dialog box for a Lotus
Workplace Messaging user.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
245
Figure 6-28 Document properties dialog box for a Lotus Workplace Messaging user
Figure 6-29 shows the document properties dialog box for a Domino user.
Figure 6-29 Document properties dialog box for a Domino user
Create mail cells in Lotus Workplace Messaging
Follow these steps to create mail cells from a Lotus Workplace Administration
Console:
1. From the Lotus Workplace Messaging Administration Console, click Lotus
Workplace → Directories.
2. Click Directory Settings for Messaging, then under Additional Properties,
click Mail Cells.
3. Click New to create new mail cells.
4. For Mail Cell Name, type the name of the mail cell. When setting up to route
mail to a cell for other mail systems, determine what you plan to name the cell
for each Lotus Workplace Messaging or non-Lotus Workplace Messaging
mail system, or example, Domino1 for Domino users, or Exchange1 for
Microsoft Exchange users.
Important: Lotus Workplace Messaging mail cells must be named
according to their real cell names (same as WebSphere Application Server
cell names). Mail cells for other mail systems should be named uniquely.
246
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
5. For SMTP Address, type the SMTP address of the incoming server for the
mail cell. The SMTP address is a fully qualified domain name, for example,
boston.acme.com.
6. Type the membership filter clause for searching the mail cell for users or
groups. The filter must exactly match all members of the cell. The filter can be
defined to match any of the person attributes that are configured for
WebSphere Member Manager, such as organizational attributes, mail cell
attribute, group membership, and so on.
Here we type “(carLicense=lwp)” for the Lotus Workplace Messaging mail
cell and “(carLicense=domino)” for the Domino mail cell.
Important: The attribute name is case sensitive. Make sure you type the
attribute name with the exact case; otherwise mail routing to that cell will
not work since Lotus Workplace Messaging cannot match users to mail
cells accurately.
7. Click OK to create the mail cell.
8. Repeat step 3 to 7 to create another mail cell.
Figure 6-30 Example of Lotus Workplace Messaging mail cell settings
Chapter 6. Messaging Integration between Domino and Workplace Messaging
247
Figure 6-31 Example of Domino mail cell settings
9. After create the two mail cells, click Save to save the settings.
10.Restart the Lotus Workplace Messaging server to make the changes take
effect.
Routing process
The following steps describe how a message would be routed between Lotus
Workplace Messaging and Domino using cell attributes:
1. Lotus Workplace Messaging user Joe sends a message to Domino user Fred
as [email protected]
2. Lotus Workplace Messaging determines that redbook.com is a local domain.
3. Lotus Workplace Messaging does a search in its directory for
[email protected] and finds the record for Fred.
4. Lotus Workplace Messaging checks the mail cell attribute and finds a value of
Domino.
5. Lotus Workplace Messaging searches its local list of mail cells for a cell
attribute that equals Domino.
6. From the Domino mail cell entry, Lotus Workplace Messaging obtains the
SMTP host attribute and value.
7. Lotus Workplace Messaging routes the message to the specified SMTP host.
Where this method really has an advantage over using Domino as the Lotus
Workplace Messaging smart host is when you deploy into more complex Domino
routing environments, where having a single inbound server from Lotus
248
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Workplace Messaging to Domino is not optimal. By breaking the Domino user
community up into a number of Lotus Workplace Messaging mail cells, you can
have multiple mail cells that contain different SMTP hosts. Then Lotus Workplace
Messaging can route each grouping of Domino users to a different SMTP host,
which can then maximize the capabilities of the underlying Domino routing
infrastructure.
When a Domino user selects a Lotus Workplace Messaging user from the
directory, since the user’s mail system is Other internet mail, the Domino Router
will route the mail to smart host, which is the Lotus Workplace Messaging server
in this scenario.
6.5.2 Mail routing to other Internet domains
We have discussed mail routing between Domino and Lotus Workplace
Messaging in previous sections. In these mail routing scenarios, Domino and
Lotus Workplace Messaging can both send mail directly to another Internet
domain. But in some organizations, they may need to send all outgoing mail
messages through a single point. A relay host is needed under such
circumstance.
A relay host can be a server within your organization of an Internet Service
Provider (ISP) that routes messages addressed to destinations outside the local
Internet domain. Often the same server acts as a firewall through which your
organization funnels all messages outbound to the Internet.
Either Domino or Lotus Workplace Messaging can act as a relay host. Or you
can use some other SMTP server capable of SMTP mail routing, such as a UNIX
sendmail server, as relay host.
Important: You can set Domino as a relay host for Lotus Workplace
Messaging, or set Lotus Workplace Messaging as a relay host for Domino. But
be sure not to set both at the same time, otherwise all outgoing mail
messages will loop between the servers.
After you decide which server should act as a relay host, follow the steps below
to change the settings.
Set relay host for Domino
To set the relay host for Domino:
1. From Domino Administrator, open the server you need to configure.
2. Click the Configurations tab.
3. Click Messaging - Configurations.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
249
4. Select the configuration document for the server, and click Edit
Configuration.
5. On the Router/SMTP - Basics tab, type the fully qualified host name or IP
address of your relay host in the “Relay host for messages leaving the local
internet domain” field. If you use an IP address here, add brackets [] around
the IP address, such as [192.168.1.1].
Figure 6-32 Relay host setting for Domino
6. Click Save & Close.
7. The change takes effect after the next Router configuration update. To put the
new setting into effect immediately, reload the routing configuration by
entering the Domino console command:
>Tell router update config
Or restart the Domino server.
Set relay host for Lotus Workplace Messaging
To set the relay host for the Lotus Workplace Messaging server:
1. Open the Administrative Console for the Lotus Workplace. For example, type
this URL in a browser:
http://intlwpnd.cam.itso.ibm.com:9091/admin
2. Log in with the Portal administrator's ID and password.
250
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3. In the WebSphere Administrative Console, click Lotus Workplace → Mail
Cell-Wide Settings, scroll down to Additional Properties, and click SMTP
Outbound/Local Delivery to view properties.
Figure 6-33 Relay host setting for Lotus Workplace Messaging
4. In the “Name of relay server” field, type the fully qualified host name or IP
address of your relay host.
5. Click Save to save the settings.
6. Restart the Lotus Workplace Messaging server to make the changes take
effect.
Note: Relay host settings are separate from smart host or mail cell settings.
Setting the relay host for Domino or Lotus Workplace Messaging will not affect
other configurations we discussed earlier in this chapter.
6.6 Moving mail accounts
Lotus Workplace allows you to migrate existing Domino mail accounts to Lotus
Workplace Messaging without losing calendar and address book data.
As we discussed earlier in this chapter, Lotus Workplace Messaging is more
appropriate to serve users who do not necessarily need rich client, full
functionality for calendaring and scheduling. After deploying Lotus Workplace
Messaging in your organization, you may wish to move such users to Lotus
Workplace Messaging.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
251
The existing users may already have mail messages, contact lists, and calendar
entries in their Domino mail file. All these data can be migrated automatically
from Domino to Lotus Workplace Messaging.
Note: Currently you can only migrate mail messages, contact lists, and
calendar entries from Domino to Lotus Workplace Messaging. There is no
means (at the present time) to migrate Lotus Workplace Messaging data back
to Domino. If some users go back from Lotus Workplace Messaging to
Domino, the mail messages, contact lists, and calendar entries
received/modified/created in Lotus Workplace Messaging cannot be migrated
back to the Domino mail file. Accordingly, we recommend that you take this
into consideration before you begin the migration.
Migration of mail accounts, including contacts and calendar information, involves
two major steps: Create Lotus Workplace mail accounts for users to be migrated,
and migrate all data in the mail file to Lotus Workplace Messaging. We will
discuss these tasks in detail in following sections.
6.6.1 Requirements for migration
You need the following software for migrations:
򐂰 Notes 6 client
򐂰 IBM Tivoli Directory Integrator (IDI 5.2 CD is included in Lotus Workplace
2.0.1 CDs.)
You also need some files to complete the migration. These files can be found on
the Lotus Workplace installation CD labelled cdSetupLWP, under the \coexist
directory:
common.mail.api.jar
g11n.lcu4j.jar
log4j.jar
lwputil.jar
mailbox.core.resjar
mailbox.sys.jar
migration.request.jar
olc.mapping.jar
ical.exe
icu4j.jar
Logger.dll
mapping.dll
mfc71d.dll
msvcp71d.dll
msvcr71d.dll
olcStoreAccess.dll
252
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Domino migration AssemblyLine and property file:
Domino.xml
Domino.properties
notes.jar
Note: The same migration process also applies for migrating Exchange mail
accounts. According to the Lotus Workplace 2.0.1 Information center, the
source mail systems (Domino and Exchange) are generally referred to as a
legacy mail system. To be consistent with the Information Center and other
materials, we also use the term legacy mail system in this section to refer to
our Domino Messaging system.
6.6.2 Create mail accounts in Lotus Workplace for users to be
migrated
Note: In this testing team’s lab environment, when Lotus Workplace
Messaging was configured to use IDS 5.1 as the LDAP directory, the migration
process did not automatically create the users in the LDAP directory.
Accordingly, we have added the information below. This issue is still under
technical review.
To migrate users from Domino to Lotus Workplace Messaging, the first thing you
need to do is create user accounts in Lotus Workplace. If the Domino Directory is
not the LDAP directory for Lotus Workplace, you need to create these users in
the LDAP directory with the same name.
The specific process for creating new users in the LDAP directory depends on
what LDAP server you are using. A typical method is to export the users to an
LDIF file from Domino, modify the LDIF file if necessary, and then import the
LDIF file to LDAP directory.
Alternatively, Lotus Workplace Messaging can automatically create mail
accounts for users listed in the LDAP directory. The LDAP directory must be
configured to map person record attributes to WebSphere Member Manager.
Lotus Workplace Messaging creates a new mail account automatically the first
time a user logs in or when mail is first delivered to the account.
To make sure a user account can be created automatically, perform the following
steps:
1. Ensure that all users who need an account are listed in the LDAP directory.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
253
2. If you have not specified a local domain in the WebSphere Administrative
Console, click Lotus Workplace → Mail Cell-Wide Settings to specify
domains that are considered local.
3. Ensure that each person record in LDAP contains an e-mail address. The
mail domain in the e-mail address must match a local domain specified in
step 2. User e-mail addresses must use the mail or mail alias attribute in the
person record.
4. In the WebSphere Administrative Console, click Lotus Workplace →
Users → Manage User Policies.
5. If you have not specified how users are assigned to user policies, click the
Policy Assignment button to choose the DN scope matching method or
policy attribute method.
6. Click New to create a new user policy or click the name of an existing policy. If
you do not create a new user policy or specify an existing policy, users are
assigned to the Default User Policy.
7. If you are creating a new policy, enter a policy name in the User policy name
field.
8. In the Scope of user policy field, enter a unique scope in distinguished name
format only if you use DN scope matching; for example, to assign all members
of the sales organization to the same policy, enter a DN scope such as
"ou=Sales, ou=Boston, o=Acme, c=US" in the policy. If you assign policies
based on a policy attribute, remove the asterisk (*) and leave this field blank.
Note that only the Default User Policy may have an asterisk in the scope field.
9. (Optional) In the Allowed clients field, select Rich client to enable policy
users to use the rich client for mail. By default, user policies allow access to
mail, including access by POP3 clients.
10.Click Apply.
11.Scroll down to the bottom of the policy under Additional Properties, click Mail
details, then select Automatically create mailboxes.
12.Click OK, then OK again.
6.6.3 Migrate data in Domino mail file to Lotus Workplace Messaging
To migrate all data in the Domino mail file to Lotus Workplace Messaging, you
need to carry out the following tasks in sequence:
1. Install and configure IBM Tivoli Directory Integrator.
2. Enable the IBM Tivoli Directory Integrator to access your Domino mail
system.
3. (Optional) Set the polling interval for the Domino migration AssemblyLine.
254
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
4. Extend the SOAP request timeout.
5. Set up password files for migration.
6. (Optional) Set up the IBM Tivoli Directory Integrator to encrypt passwords.
7. (Optional) Generate keys to encrypt and decrypt passwords.
8. Generate migration requests.
9. Set person record attributes for migration.
10.Process migration requests.
The migration process is as in Figure 6-34.
Figure 6-34 Diagram for mail migration process - Part 1
Chapter 6. Messaging Integration between Domino and Workplace Messaging
255
Figure 6-35 Diagram for mail migration process - Part 2
We will discuss each tasks in detail in following sections.
Install and configure IBM Tivoli Directory Integrator
Use the IBM Tivoli Directory Integrator and the migration AssemblyLine, a
particular script interpreted by the IBM Tivoli Directory Integrator, to generate
migration requests. Or you can use the IBM Tivoli Directory Integrator and a
coexistence AssemblyLine to generate person records in a coexisting directory
for Lotus Workplace Messaging.
You use the Migrate command in Lotus Workplace Messaging to process
migration requests.
The migration AssemblyLine inspects changes to person records in the legacy
directory at a configured poll interval. The migration AssemblyLine looks for
person records in the directory that have been flagged for migration. When it
discovers a person record with the migration flag, the migration AssemblyLine
creates a migration request and writes log information to ibmdi.log at the root
directory or the directory where you installed the IBM Tivoli Directory Integrator.
Complete the following tasks to install and configure the IBM Tivoli Directory
Integrator for mail migration:
1. Install IBM Tivoli Directory Integrator Version 5.2 on a Windows 2000
machine by following the installation instructions on the IBM Tivoli Directory
Integrator CD.
2. Set the environment PATH variable on the operating system to include the
directory you installed the IBM Tivoli Directory Integrator product to, for
example, C:\IBM\IBMDirectoryIntegrator.
256
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3. Copy migration.request.jar from the \lwp.build\setup\cdSetup\coexist folder
into the following directory: <drive>:\IBM\IBMDirectoryIntegrator\jars. The
migration AssemblyLine uses the migration.request.jar file for generating
migration requests.
4. Copy notes.jar from the CD labelled cdSetupLWP \coexist folder into the
following directory: <drive>:\IBM\IBMDirectoryIntegrator\jars\connectors. The
Domino migration AssemblyLine requires this revised version of notes.jar for
generating migration requests.
5. Using a text editor, open ibmdisrv.bat located in the root directory where the
IBM Tivoli Directory Integrator is installed.
6. Copy the following files from the CD labelled cdSetupLWP \coexist folder into
the following directory: <drive>:\IBM\IBMDirectoryIntegrator. Add the following
files to MYCLASSPATH in ibmdisrv.bat:
–
–
–
–
–
–
–
–
migration.request.jar
g11n.lcu4j.jar
lwputil.jar
icu4j.jar
mailbox.core.res.jar
mailbox.sys.jar
olc.mapping.jar
common.mail.api.jar
7. Save the file.
Example 6-1 Sample ibmdisrv.bat
@echo off
setlocal
set
MYCLASSPATH="IDILoader.jar";"jars\log4j-1.2.jar";"jars\dsml.jar";"jars\activati
on.jar";"jars\comm.jar";"jars\ibmjndi.jar";"jars\imap.jar";"jars\jaas.jar";"jar
s\ldapbp.jar";"jars\mail.jar";"jars\mailapi.jar";"jars\pop3.jar";"jars\smtp.jar
";"jars\xalan.jar";"jars\xercesImpl.jar";"jars\dom.jar";"jars\sax.jar";"jars\xs
ltc.jar";"jars\xml-apis.jar";"jars\xmlParserAPIs.jar";"jars\ibmjlog.jar";"jars\
saaj-api.jar";"jars\saaj-ri.jar";"jars\commons-logging.jar";"jars\wsdl4j.jar";"
jars\ncso.jar";"jars\dom4j.jar";"jars\ibmpkcs.jar";"jars\ibmpkcs11.jar";"jars\d
b2j.jar";"jars\antlr-2.7.2.jar";"jars\dsml2.jar";"jars\ldapjdk.jar";"jars\casto
r-0.9.4.1-xml.jar";"jars\jakarta-regexp-1.2.jar";"common.mail.api.jar";"g11n.lc
u4j.jar";"icu4j.jar";"lwputil.jar";"mailbox.core.res.jar";"mailbox.sys.jar";"ol
c.mapping.jar";"log4j.jar"
set PATH=d:\IBMDirectoryIntegrator\_jvm\bin;d:\IBMDirectoryIntegrator\libs;
Chapter 6. Messaging Integration between Domino and Workplace Messaging
257
"d:\IBMDirectoryIntegrator\_jvm\bin\java" -cp %MYCLASSPATH%
"-Duser.dir=d:\IBMDirectoryIntegrator" com.ibm.di.loader.IDILoader
com.ibm.di.server.RS %1 %2 %3 %4 %5 %6 %7 %8 %9
endlocal
Enable the IBM Tivoli Directory Integrator to access your
Domino mail system
This section describes how to prepare a Domino server for migrating Domino
mail, contacts, and calendar information to Lotus Workplace Messaging. You
must enable the Domino Server for HTTP, IMAP, DIIOP, and LDAP. You must also
enable Java access for users who are to be migrated.
Referenced files are supplied in the CD labelled cdSetupLWP in the \coexist
folder.
1. Using a text editor, open the Domino server’s notes.ini file. You can find the
notes.ini file in Domino server’s program folder.
2. Find Servertasks= line, and make sure the HTTP, IMAP, DIIOP, and LDAP
tasks are listed. If one or more task names are not listed, type them in;
separate each task name with comma. The Servertasks line may looks like:
Servertasks=router, sched, calconn,...,http,imap,diiop,ldap
3. Make sure that you have Editor access or Author access with the Group
Creator role in the Domino Directory.
4. From the Domino Administrator, click the People & Groups tab.
5. From the Servers pane, select the server to work from.
6. Select Domino Directories, and then select Groups → Add Group to create
a group containing all the migrating users. Add all users that need to be
migrated in the members field.
7. Click Save and Close.
8. Click the Configuration tab, and open the Server document from the All
Server documents list in the Domain Directory.
9. On the Security tab under "Programmability Restrictions Who can --", add the
Domino administrator name to the "Run restricted LotusScript/Java agents"
and "Run unrestricted methods and operations" fields.
10.Add the group name that you created in step 6 to the "Run restricted
LotusScript/Java agents" field.
258
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-36 Programmability restrictions in Server document
11.Click Save and Close.
12.Restart the server.
13.Instruct migrating users to copy and paste documents from their local address
book into the All Documents view of their mail database in the Domino server.
Users should copy the documents into the All Documents view to avoid
having the contact documents picked up by the mail migration process and
showing up in the user's Lotus Workplace Mail inbox.
Note: The People view ($Contacts) in the mail database is hidden from the
Notes client, so after pasting the documents, you will not able to see them,
but the Lotus Workplace Messaging migrate command will pick up the
documents.
14.If users are set up to use either WebMail or Domino Web Access (iNotes Web
Access), they can upload their contact information by entering one of the
following commands:
– Actions > iNotes Web Access > Synchronize Contacts (for R5 users)
– Actions > Synchronize Address Book (for R6 users)
You can provide the user with a Notes agent that will copy the contacts
documents from the user's local personal address book to the mail database.
The following is a copy of the agent (Example 6-2).
Example 6-2 Sample code for copying contacts documents to mail database
Set session = New notessession
Set contactdb = session.Getdatabase("", "names.nsf")
Set maildb = session.currentDatabase
If contactdb.isopen Then
Chapter 6. Messaging Integration between Domino and Workplace Messaging
259
Set view = contactdb.GetView("People")
If view Is Nothing Then
Messagebox("Unable to find People View in your Personal Address
Book")
Exit Sub
End If
Set doc = view.GetFirstDocument()
Do Until doc Is Nothing
fname = doc.FullName(0)
Call doc.CopyToDatabase(maildb)
Set doc = view.GetNextDocument(doc)
numb = numb + 1
Loop
Else
Messagebox("Unable to open personal Address")
Exit Sub
End If
15.Enable each user's mail file for IMAP. At the Domino Administrator console for
the mail server, enter the following commands:
load convert -m mail\usermailfile.nsf * mail50.ntf
load convert -e mail\usermailfile.nsf
16.Install a Lotus Notes 6.x client on the same machine as the IBM Tivoli
Directory Integrator.
17.Copy the Ical.exe file from the CD labelled cdSetupLWP \coexist folder into
the Notes executable directory, for example, c:\notes of the Notes client.
18.Log on to the Notes client using a Notes ID with administrator privileges.
When asked if you want to copy the Notes ID that has administrative
privileges to the c:\notes\data directory, click Yes.
19.In the Notes client, select File → Security → User security and supply the
password again.
20.At the bottom of the screen, select the field "Don't prompt for a password from
other Notes-based programs (reduces security)".
260
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 6-37 Change user security settings in Notes client
21.Instruct migrating users in the Notes client to select File → Database →
Access Control and add the user identified by the Notes ID with
administrator privileges (see step 18) to the list of users with Reader access.
Performing this step ensures that calendar data will be migrated.
22.Create the IBM Tivoli Directory Integrator configuration directory on the
machine where IBM Tivoli Directory Integrator installed, for example,
C:\IDI_Configuration.
23.Copy the following files from the installation kit to the new configuration
directory:
– Domino.properties
– Domino.xml
24.Use a text editor to open the migration AssemblyLine file Domino.xml.
25.Replace c:\YourDirectory with the directory name of the configuration
directory you created in step 22.
Before change:
<Path>C:\YourDirectory\Domino.properties</Path>
After change:
<Path>C:\IDI_Configuration\Domino.properties</Path>
26.Save the file.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
261
27.Use a text editor to open Domino.properties. Edit the file by modifying the
following parameters, and save the file when finished:
DominoAdmin:<admin name>
<admin name> is the Domino canonical name of the Domino Administrative
user (for example, Joe Administrator/Acme).
DominoAdminPassword:<password>
<password> is the password for the user entered in DominoAdmin.
DominoServer:<IP Address>
<IP Address> contains the IP address of the Domino Server.
DominoServerName:<Canonical Name>
<Canonical> is the Domino canonical name of the Domino Server (for
example, Acme/lotus).
InLegacyPwdFile:<path>
<path> specifies a fully qualified file name for the file you use to specify the
legacy IMAP passwords that will be used in building the migration requests.
This file will be created as described in “Set up password files for migration”
on page 264, so you can just write a file name here, and create the file
afterwards.
MigrateReqs:<request path>
<request path> is the path to the directory where migration requests and
contact lists will be written. Make sure the directory you specify here already
exists on your file system.
MigrateToZip:<zip path>
<zip path> is the fully qualified path name of the ZIP files. This directory
should already exist on a file system that can be accessed by both the IBM
Tivoli Directory Integrator server as well as the Migrate command that you will
invoke on the Lotus Workplace server machine. If this parameter is not
configured, the request will migrate the account and contact information
directly to the Lotus Workplace mail store. Use this option only if you want the
migrated content to be written to an intermediate zip format for import at a
later time.
MigrateReqSecure:<yes/no>
This enables the use of an encrypted password for the migration request. The
default is to generate an encrypted password. To generate a non-encrypted
password, this must be set to No. If you do not set this to No, you must set up
your machine so that the AssemblyLine can encrypt the password that it will
use in the migration request.
MigrateKeyFile:<public key file>
262
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
<public key file> is the fully qualified name of the file containing the public key
used for encrypting passwords. This is only required when MigrateReqSecure
is set to Yes. For how to generate the key file, see “(Optional) Generate keys
to encrypt and decrypt passwords” on page 264.
NotesDir:<path>
<path> specifies a fully qualified path name of where the Notes 6.x client is
installed.
Example 6-3 Sample Domino.properties file
DominoAdmin:admin/itso
DominoAdminPwd:password
DominoServer:9.33.85.73
DominoServerName:dominoserver/itso
InLegacyPwdFile:D:\idi_config\user-password.csv
InWorkplacePwdFile:
LDAPSearchBase:cn=users,o=redbooks,dc=ibm,dc=com
LDAPServer:ldap://itso-ldap.cam.itso.ibm.com:389
LDAPServerAdminName:cn=root
LDAPServerAdminPwd:l0tusredb00k
MigrateKeyFile:
MigrateReqSecure:no
MigrateReqs:D:\idi_config\reqs\
MigrateToZip:no
NotesDir:d:\Notes65\
SetLegacyFwdAddress:no
Extend the SOAP request timeout
Increase the SOAP request time-out value when migrating mail files greater than
10 MB.
1. On the machine where WebSphere Application Server is installed, navigate to
...\WebSphere\AppServer\properties.
2. Use a text editor and open the file soap.client.props.
3. Scroll through the file to the line:
com.ibm.SOAP.requestTimeout=180
Change the value from 180 to 0. Zero implies no timeout.
com.ibm.SOAP.requestTimeout=0
4. Save the file.
Note: You may have already changed this value to 6000 during Lotus
Workplace setup. So you can leave it unchanged as 6000, or change to 0 for
no timeout.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
263
Set up password files for migration
When generating a migration request, the migrate command needs the user's
password, but Domino does not provide programmatic access to user
passwords. The legacy mail system administrator must provide the user
password in a form that is accessible to the Migrate command. User names and
passwords must be in a text file in a directory that is accessible by the Migrate
command. You create one file for all migrating users.
Use a text editor to create a text file that contains user legacy passwords. The
format of the file is as follows:
<user name1> ; <password1>
<user name2> ; <password2>
Note: In Domino systems, <user name> is the canonical form of the user
name in the user's person record, and <password> is the Internet password
for Domino. For example, if the user name field contained the Domino user
Joe User/Acme, then the canonical name form that is entered in the password
file is cn=Joe User/o=Acme.
Make sure you specified the fully qualified name for this file in the
Domino.properties file, InLegacyPwdFile parameter.
(Optional) Set up the IBM Tivoli Directory Integrator to encrypt
passwords
If you plan to generate migration requests that contain encrypted passwords, you
must set up the IBM Tivoli Directory Integrator so that it can use the encryption
capability of the migration AssemblyLine.
1. Using a text editor, open the following file:
...\IBMDirectoryIntegrator\_jvm\lib\security\java.security
2. Find the following line:
security.provider.2=com.ibm.crypto.provider.IBMJCA
3. Replace the line in step 2 with the following line:
security.provider.2=com.ibm.crypto.provider.IBMJCE
4. Save and exit the file.
(Optional) Generate keys to encrypt and decrypt passwords
This optional procedure describes how to generate keys to store passwords
securely. You use the Java security keytool to generate a self-signed RSA key
pair in a specified keystore file. The keystore file is password protected and the
private key in the keystore has its own password.
264
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
1. Start a DOS command window.
2. Start the Java security keytool. The Java security tool is a standard Java utility
available with the Java 1.3 runtime.
3. Enter a command to create an RSA key pair using the Java security keytool.
The following command generates a key pair with an alias myMigrateKey and
stores it in the specified keystore file. The alias passwords (for key and
keystore) will be needed when using the secure form of the Migrate
command.
C:\>keytool -genkey -keyalg RSA -alias myMigrateKey -keypass
myMigrateKeyPassword -dname "cn=John Doe,o=ibm,c=us" -keystore
c:/myDirectory/.keystore -storepass myKeystorePassword
4. Using the migrate command, export the public key from the keystore file to a
file that can be used by the migration AssemblyLine for encrypting the
password in the request. <key_alias> is the alias that you assigned to your
key pair when generating the keys, and <publicKey_file_name> is the fully
qualified file name to specify where the public key will be written:
migrate -k <keystore_filename> -kp <keystore_password> -pa <key_alias>
/exportkey -file <pubKey_file_name>
5. Configure the migration AssemblyLine to use encrypted passwords and
specify the generated public key file to encrypt the password.
6. Check that the public key is the same as the one originally generated in step
one by using the following command:
migrate -k <keystore_filename> -kp <keystore_password> -a <key_alias>
/thumbprint
7. To use the migrate command with password security for one migration
request, use the following syntax:
migrate -k <keystore_filename> -kp <keystore_password> -a <key_alias> -p
<privKey_password> -requestfile <request_filename> [-responsefile
<response_filename>]
8. To use the migrate command with password security to process all migration
requests, use the following syntax:
migrate -k <keystore_filename> -kp <keystore_password> -a <key_alias> -p
<privKey_password> [/mail | /contacts | /calendar] -requestfolder
<request_foldername> [-responsefolder <response_foldername>]
Flagging the Domino person record for migration
You need to set a flag in each person document that you want to migrate. You
can do this manually, or create an agent to do so.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
265
To set the flag in Domino person document manually:
1. In Domino Administrator, open the person record.
2. Click the Administration tab.
3. Type one of the following values in the Setup profile field:
–
–
–
–
MigrateLWM (mail, contacts, and calendar)
MigrateLWMContacts (contacts only)
MigrateLWMMail (mail only)
MigrateLWMCalendar (calendar only)
4. Save and close. If the migration AssemblyLine is running it will detect the
changes to this user's directory entry and generate the appropriate request.
Upon completion it will update the value of the attribute to one of the following
values:
– MigrateRequestGenerated
– MigrateRequestGenerationFailed
Generate migration requests
To migrate mail from legacy mail systems, you first create an XML file that
contains all the information necessary to facilitate the migration of mail, calendar,
and contacts from a specified legacy mail account to a specified Lotus
Workplace Messaging mail account. You generate migration requests outside
Lotus Workplace Messaging using the IBM Tivoli Directory Integrator and the
migration AssemblyLine, an XML script interpreted by the IBM Tivoli Directory
Integrator. The XML script reads a set of properties to generate the migration
request. Each mail migration request specifies whether mail or contacts, or both,
are to be migrated. For migration to work, make sure users already copied all
contact information to the mail database on the server.
Note: When migrating users from Domino, the uid attribute in the directory
that Lotus Workplace Messaging uses must match the ShortName value in
the Domino Directory. If there is more than one ShortName, the first one in the
list is used. When the migration request is generated, this value is used to
map the legacy mail account to the Lotus Workplace Messaging account.
To generate the migration requests:
1. Open a command line window on the machine where IBM Tivoli Directory
Integrator is installed.
2. Navigate to the IBM Tivoli Directory Integrator directory. For example:
C:\>cd IBMDirectoryIntegrator
266
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3. Run the following command from a command line. Note that "Migrate" is
case-sensitive:
ibmdisrv -c"c:\YourDirectory\Domino.xml" -r"Migrate"
-l"c:\YourDirectory\DomUsrs.log"
Please change “c:\YourDirectory” to the IBM Tivoli Directory Integrator
configuration directory you created earlier, for example, c:\IDI_Configuration.
4. Request files for the users will be generated in the directory you specified in
the Domino.properties file, MigrateReqs parameter.
For example, a request file may look like Example 6-4.
Example 6-4 Sample req.xml file
<?xml version="1.0" encoding="UTF-8" ?>
- <lotusMigrationRequest>
<lwm11>1.0</lwm11>
<legacyHostId>dominoserver/itso</legacyHostId>
<legacyHostIP>9.33.85.73</legacyHostIP>
<legacyUserId>CN=Michael/O=itso</legacyUserId>
<legacyUserMailFile>mail\michael</legacyUserMailFile>
<legacyUserPwd>michael</legacyUserPwd>
<contactsSource>domino</contactsSource>
<calendarSource>file</calendarSource>
<calendarFile>D:\idi_config\reqs\Michael_cs.ics</calendarFile>
<lwmUserId>Michael</lwmUserId>
<lwmDN />
<migrationOption>direct</migrationOption>
<mailOnly>yes</mailOnly>
<contactsOnly>yes</contactsOnly>
<calendarOnly>yes</calendarOnly>
</lotusMigrationRequest>
You can view log information in the directory integrator configuration directory to
confirm that the IBM Tivoli Directory integrator has created migration requests.
General information is logged to ibmdi.log at the IBM Tivoli Directory Integrator
root directory and migration-specific information is logged to the file you specify
in the command line.
Process migration requests
After the request files are generated successfully, you need to process these
requests on the Lotus Workplace.
Use the Lmadmin Migrate command to migrate mail, contact, and calendar
information to the Lotus Workplace message store.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
267
For Domino migrations, the mail content, the contact information, and the
calendar information or all three are copied to the message store. Alternately,
you can specify that you want to migrate mail, contacts, and calendar information
to a zip file, which you can import to the mail store later. Because there is no
industry-standard protocol that supports downloading contacts from the server,
Domino contacts are fetched directly from the Domino mail server using a
Domino API. Calendar information is migrated using the industry standard iCal
format.
The performance observed when migrating mail from Domino to Lotus
Workplace will largely depend on the composition of the mail messages in
Domino. When Domino serves up messages to an IMAP client it must first
convert each message from Domino CD format to MIME. The time taken to do
this conversion is the principal factor affecting performance and will depend on
the complexity of each mail message. If messages are already stored in Domino
in MIME format, the migration will be a lot faster.
When you run the migrate command, mail is retrieved from the legacy mail
system one message at a time. If some unexpected exception occurs and the
migration is abnormally terminated, the mail migration will be only partially
completed. If you run the migration command a second time, the migration
process will create duplicate messages in the Lotus Workplace account for those
that were migrated in the partially successful migration.
The migrate command will report a successful completion if it processes all of the
migration requests in the specified folder, regardless of the processing status for
each individual migration request. The processing status of each of the migration
requests is logged in SystemOut.log as well as in the response file that is
generated for each processed request.
Upon completion of the processing of a migration request, the migration
command deletes the request, and creates an XML response document in the
same folder as the request. The response document indicates whether the
migration request was processed successfully. While it is not necessary, you can
check the migration log files in
<was_root>\logs\LotusWorkplace_Server\SystemOut.log and
<was_root>\logs\LotusWorkplace_Server\trace.log.
The detailed steps for the migration are as follows:
1. Copy all the generated request files from the request directory (for example,
c:\IDI_Configuration\reqs) to the machine running the Workplace server.
2. Open a command prompt and go to the bin directory of WebSphere
Application server, for example, C:/WebSphere/AppServer/bin.
268
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
3. Type the following and press Enter. Change the user name and password to
your Lotus Workplace administrator’s name and password.
lmadmin -user wpsadmin -password wpsadmin -port 8882
4. The WAS Admin console will open.
Figure 6-38 WAS Admin console
5. Run the command:
lm migrate -requestfile 'path of the request file in local disk'
For example:
lm migrate -requestfile C:/michael_req.xml
Note: You need to specify the file name include path. Use a slash (/)
instead of a back slash (\) in the path.
This will finally migrate the mail messages from the Domino Server mail
account to the Workplace Server mail account connected to the specific
LDAP. Log in to Lotus Workplace with the user name. You will see all mail
messages, calendar entries, and contacts now migrated to Workplace.
(Optional) Modify person documents after migration
As we discussed in 6.5, “Scenario 3: Domino and Lotus Workplace Messaging
share same Internet domain and directory” on page 236, Domino and Lotus
Workplace Messaging can route mail to each other when share the same
Internet domain and directory. If you are migrating users under such a scenario,
you will need to modify the user’s person document after migration.
1. From Domino Administrator, open the server you want to administrate.
2. Click the People and Groups tab.
3. Open the person document for the migrated user.
4. On the Basics tab, make the following changes:
a. Delete the value in the Mail server and Mail file field.
b. Fill in the Internet address into the Forwarding address field.
c. Change Mail system to Other internet mail.
5. Save and close the document.
Chapter 6. Messaging Integration between Domino and Workplace Messaging
269
6. (Optional) If there is a mail cell attribute defined, for example, carLicense,
change the value of this field accordingly.
If there are multiple users that have been migrated, you can also make these
changes through an agent.
Note: Make sure the Mail server and Mail file fields are cleared, otherwise
Domino will still deliver mail messages to the mail file, instead of delivering
mail messages to the Lotus Workplace Messaging server.
270
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7
Chapter 7.
Integrating IBM Lotus
Workplace 2.0.1 with Lotus
Sametime 6.5.x
Important: The integration described in this chapter is only supported
between Sametime 6.5.x and IBM Lotus Workplace 2.01. It is a not a
supported configuration when working with IBM Workplace Collaboration
Services 2.5.x and Sametime 6.5.x or Sametime 7.
This chapter covers the technology and techniques for integrating instant
messaging and awareness between a IBM Lotus Workplace environment and a
IBM Lotus Sametime environment. Such integration efforts are needed because
each of these environments uses a different infrastructure to support its
presence and instant messaging functionality. For example, the Lotus Sametime
server uses an infrastructure based on the proprietary IBM Lotus Virtual Places
(VP) protocol while the Lotus Workplace server uses an infrastructure based on
the open standard Session Initiation Protocol (SIP).
To support the seamless integration of these two environments and technologies,
IBM has developed and released the Lotus Instant Messaging (LIM) Gateway.
© Copyright IBM Corp. 2004
271
This software-based gateway is basically an intermediary, or translator, between
the two separate IBM instant messaging environments. This chapter provides an
understanding of this gateway technology, including a review of usage scenarios,
installation guidelines, and troubleshooting techniques.
Note: It is assumed that any readers of this chapter will already have a certain
level of knowledge and familiarity with the Lotus Sametime (and Lotus
Workplace) products and technologies. Readers not yet familiar with these
core technologies should reference the following Redbooks/Redpapers for
information about these core products prior to continuing with this chapter:
IBM Lotus Workplace Team Collaboration 2.0.1:
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/redp3929.html
Lotus Domino 6.5.1 and Extended Products Integration Guide:
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246357.html
Note: For the remainder of this chapter, the environment based upon IBM
Lotus Instant Messaging and Web Conferencing (Sametime) is abbreviated as
the LIMWC environment.
272
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7.1 Introduction to the LIM Gateway
As described in the introduction of this chapter, the Lotus Instant Messaging
(LIM) Gateway is a software-based gateway that supports a seamless integration
between the two IBM Lotus instant messaging technologies. It basically acts as a
proxy, passing messages and awareness between the two separate
environments without the knowledge of the end user that two separate
environments are actually involved.
Figure 7-1 on page 274 highlights the seamless integration provided by this
gateway technology. It shows a LIMWC (for example Sametime) and a Lotus
Workplace user chatting, both using the native interfaces of their specific product,
and both unaware that the other user is not using the same product. In this
particular example, a user named Marco Foellmer is using the Sametime Java
Connect client and is connecting to a Lotus Sametime server, while a user name
Mario Gereci is using the Web browser based interface to the Lotus Workplace
server.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
273
Marco using LIMWC (for example Sametime) Sametime Java Connect Client
Mario using browser-based
Instant Messaging Client
through Workplace
Figure 7-1 LIMWC and Lotus Workplace users seamlessly chatting
This seamless integration can be demonstrated further in terms of the integration
of basic presence awareness, as shown in Figure 7-2 on page 275. This figure
shows the same users’ buddylists within the native product interfaces,
highlighting the fact that the presence awareness of other users looks the same to
both users. In this example, the user Markus Adolph is a Lotus Workplace user
who has currently set a “Do not disturb” status, and this awareness status shows
correctly in both the LIMWC and Lotus Workplace environments/technologies,
even though Markus is a Lotus Workplace-only user.
274
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-2 LIMWC and Lotus Workplace users with seamless presence awareness
LIM functionality
While the LIM Gateway provides a seamless experience for end users, it is
important to clarify the functionality that is supported by this gateway in such a
seamless fashion.
In general, users who communicate with the other environment through the LIM
Gateway can use regular instant messaging and presence client features to
engage in the activities listed below:
򐂰 One-to-one chat.
A user in one environment can engage a single user from the other
environment in a one-on-one chat session.
򐂰 Add an individual user or a public group to a buddy list.
Users can add an individual user or group of users to buddy lists, regardless
of which environment the user primarily works in.
򐂰 Change presence status (I am active, I am away, Do not disturb).
When a user changes his presence status on a client connected to a server in
one environment, this change is also reflected in the buddy lists of clients
connected to a server in the other environment.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
275
򐂰 Alert me when.
A user in the LIMWC environment can use an Alert me when client feature to
receive alerts when a user in the Lotus Workplace environment comes online.
Note that Lotus Workplace clients do not have an Alert me when feature at
this time.
򐂰 Auto away.
Users in both environments can use client features that change a user's
status to Away after a specified period of keyboard and mouse inactivity on
the user's local computer. When the user's status changes, the gateway
detects the change and communicates the new status to the other
environment.
Any client functionality not included in the list above is not supported by the LIM
Gateway. Specific features which are not supported by the LIM Gateway are as
follow.
򐂰 Nway chats
Chats between more than one user are not supported by the LIM Gateway. If
a user in one of the two instant messaging environments uses the Invite
others button to invite multiple users to an nway chat, any users within the
other proxied environment will not receive the invitation.
򐂰 Buddylists
If a user operates clients in both the LIMWC environment and the Lotus
Workplace environment, the buddy list changes a user makes in one
environment are not reflected in the other environment. Users must manage
buddy lists independently in the two environments. This is due to the fact that
Buddy lists are stored on the respective servers and are maintained
independently in each environment. The LIM Gateway does not synchronize
these lists between the environments.
򐂰 Instant meetings
A user in one environment cannot start an instant whiteboard or application
sharing meeting with a user in the other environment. The LIM Gateway does
not support the integration of meeting capabilities.
򐂰 AOL instant messaging
The Sametime Connect 3.1 client provides support for external AOL user
communities at a client level. Since this is purely a client feature in LIMWC,
the external AOL community support does not extend to the Lotus Workplace
environment through the LIM Gateway.
276
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7.1.1 How the LIM Gateway works
Now that we have explained the end user experience to use the LIM Gateway, it
is important to define how the LIM Gateway works behind the scenes.
At a high level, once it is installed and configured, the LIM Gateway performs four
basic functions to enable instant messaging and presence communications
between the LIMWC environment and the Lotus Workplace environment:
1. Monitoring client logins to one environment and loging users into the other
environment
2. Monitoring the client logouts in one environment and logging users out of the
other environment
3. Detecting changes in a user's presence status and reflecting those changes
via the “proxied” user logged into the other environment
4. Handling instant messages that are sent between users in the two
environments
However, the difficulties are always in the details, so one must examine specifics
of how the LIM Gateway interacts with both LIMWC and Lotus Workplace users
and environments to truly understand its operations.
How the LIM Gateway works with LIMWC users
To enable LIMWC users to communicate with Lotus Workplace users, the LIM
Gateway logs LIMWC users into the Lotus Workplace environment and transmits
presence status information and instant messages from those users into the
Lotus Workplace environment.
To optimize performance and scalability, the LIM Gateway does not automatically
log every online LIMWC user into the Lotus Workplace server. The LIM Gateway
logs an LIMWC user into the Lotus Workplace server only if an Lotus Workplace
user has subscribed on the LIMWC user.
An Lotus Workplace user subscribes on an LIMWC user in either of these
scenarios:
1. The Lotus Workplace user adds the LIMWC user to a buddy list in an Lotus
Workplace instant messaging client.
2. An LIMWC user initiates a chat session by sending an instant message to an
Lotus Workplace user. In this scenario, the chat window that opens on the
Lotus Workplace user's computer programmatically subscribes on the
LIMWC user. The chat window subscribes on the LIMWC user even if no
Lotus Workplace users have added the LIMWC user to a buddy list.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
277
The following steps summarize the operations that occur to log LIMWC users into
the Lotus Workplace environment:
1. When the LIM Gateway starts, it connects to servers in both the LIMWC and
Lotus Workplace environments (Figure 7-3, No.1).
2. An Lotus Workplace server sends the LIM Gateway lists of all LIMWC users
and groups that are subscribed on by all Lotus Workplace users (Figure 7-3,
No.2).
3. The LIM Gateway then sends SIP register requests to an Lotus Workplace
server to register the subscribed on LIMWC users into the Lotus Workplace
environment (Figure 7-3, No.3).
After registering an LIMWC user into the Lotus Workplace environment, the LIM
Gateway performs the following activities on behalf of the LIMWC user:
򐂰 Detects the LIMWC user's presence status (for example, "I am active" or "I am
away") on the LIMWC server and communicates the user's presence status to
the Lotus Workplace environment. If an LIMWC user changes presence
status, the LIM Gateway detects this status change on the LIMWC server and
transmits this change to the Lotus Workplace server. The Lotus Workplace
server notifies the interested Lotus Workplace users of this status change
(Figure 7-3, No.4+5).
򐂰 Handles instant messages sent from the LIMWC user to an Lotus Workplace
user. When an LIMWC user sends an instant message to an Lotus Workplace
user, the message is sent from the LIMWC client to the LIM Gateway and
transmitted from the LIM Gateway to the Lotus Workplace server. The Lotus
Workplace server transmits the message to the Lotus Workplace user.
򐂰 Detects the user logouts on the LIMWC server and logs the users out of the
Lotus Workplace environment.
Figure 7-3 How the LIM Gateway works with LIMWC users
278
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
How the LIM Gateway works with Lotus Workplace users
To enable Lotus Workplace users to communicate with LIMWC users, the LIM
Gateway logs the Lotus Workplace users into the LIMWC environment. After
logging Lotus Workplace users into the LIMWC environment, the LIM Gateway
transmits presence status information and instant messages from those users
into the LIMWC environment.
It is important to note that because the LIMWC server has a larger user-handling
capacity than the Lotus Workplace server’s current capabilities, the LIM Gateway
logs all online Lotus Workplace instant messaging and presence users into the
LIMWC server.
The steps below summarize the operations that occur to log Lotus Workplace
users into the LIMWC environment:
1. When the LIM Gateway starts, it connects to servers in both the LIMWC and
Lotus Workplace environments (Figure 7-4 on page 280, No.1).
2. The Lotus Workplace server notifies the LIM Gateway each time an Lotus
Workplace user logs in (Figure 7-4 on page 280, No.2).
3. The LIM Gateway logs the Lotus Workplace user into the LIMWC server
(Figure 7-4 on page 280, No.3).
After logging an Lotus Workplace user into the LIMWC environment, the LIM
Gateway performs the following activities on behalf of the Lotus Workplace user:
1. Detects the Lotus Workplace user's presence status and communicates the
user's presence status to the LIMWC environment. If an Lotus Workplace
user changes presence status, the LIM Gateway detects this status change
on the Lotus Workplace server and transmits this change to the LIMWC
server. The LIMWC server notifies the interested users of this change
(Figure 7-4 on page 280 No.4 and 5).
2. Handles instant messages sent from an Lotus Workplace user to a user in the
LIMWC environment. These messages are sent from the Lotus Workplace
user to the LIM Gateway and transmitted from the LIM Gateway to an LIMWC
server. The LIMWC server transmits the message to the LIMWC user.
3. Detects the user logouts on the Lotus Workplace server and logs the users
out of the LIMWC environment.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
279
Figure 7-4 How the LIM Gateway works with Lotus Workplace users
7.1.2 LIM usage scenarios
At this point, we have explained what the LIM Gateway is, how it interacts with
the end user, and how it interacts with LIMWC and Lotus Workplace
environments. To complete the picture, it is important to discuss the various
scenarios in which the LIM Gateway might be used.
There are two main ways in which the LIM Gateway can be utilized:
򐂰 Integration of separate LIMWC and Lotus Workplace environments
This scenario involves separate Lotus Sametime, and Lotus Workplace
environments, where there are no immediate plans for the sunset of one
environment or the other. This scenario may be applicable toward two
divisions within a company that have each made a different technology
decision, or may even be applicable for two companies in the process of
merging. The important consideration in this scenario would be to ensure that
adequate directory integration exists between the two environments to allow
the LIM Gateway to function properly. This directory integration concern is
highlighted in “Directory considerations” on page 288.
򐂰 Migration of a LIMWC environment to Lotus Workplace
The more typical usage of the LIM Gateway will involve the migration of an
existing LIMWC environment to a newer Lotus Workplace environment. In this
scenario, the LIM Gateway is deployed only for the time that both
environments exist. The LIM Gateway allows users in both environments to
continue to use instant messaging without any knowledge of the migration.
Once all LIMWC users have been migrated onto the newer Lotus Workplace
platform, the LIMWC environment can be sunset, and the LIM Gateway can
be turned off.
280
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Additionally, it is important to highlight the fact that the LIM Gateway is simply a
rather small software component and thus does not necessarily require
dedicated hardware in either of the above scenarios. While all diagrams up until
this point have shown the LIM Gateway installed on a separate piece of
hardware, there are no limitations keeping the LIM Gateway from being installed
on the LIMWC or Lotus Workplace servers, or any other server in your
environment, such as a WebSphere Portal server. As long as adequate capacity
is available, and the server meets the requirements defined in “LIM system
requirements” on page 284, there are no software conflicts in running the LIM
Gateway alongside other software components.
7.1.3 LIM Gateway versus the LIMWC SIP Connector
One item of common confusion regarding the LIM Gateway is its comparison to
the SIP Connector available as part of Lotus Sametime. This SIP capability that
is part of the LIMWC environment is intended to allow users in one LIMWC
community to communicate with users in a different LIMWC community using
SIP.
To support these external communities, an administrator installs an LIMWC
feature called the SIP Connector in each LIMWC community. When SIP
Connectors are used to connect two different LIMWC communities, users in one
LIMWC community can use SIP to share presence and instant messaging
capabilities with users in another LIMWC community.
Since the SIP Connector is used to connect multiple LIMWC communities, and
the LIM Gateway is intended to connect LIMWC and Lotus Workplace
communities, confusion can obviously occur. However, the key difference
between the SIP Connector capabilities and the LIM Gateway capabilities
discussed in this chapter can be highlighted via two key aspects of the SIP
Connector:
1. The SIP Connector is intended to allow integration between two different
LIMWC communities; the SIP Connector capabilities cannot be utilized to
integrate with an Lotus Workplace environment. A typical use of the SIP
Connector can be seen in Figure 7-5 on page 282, which depicts the IBM
usage of the LIMWC SIP Connector capabilities to integrate with external IBM
Business Partner and client LIMWC environments.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
281
Figure 7-5 An example usage of the LIMWC SIP Connector capabilities at IBM
2. The SIP Connector does not provide for a seamless integration from the end
user’s perspective as is provided by the LIM Gateway. Rather than logging
users from one community into the other community in a “proxy” fashion like
the LIM Gateway, the SIP Connector simply provides the users with the ability
to request information or communication with an external user. The end user
leveraging SIP Connector integration must know that they wish to
communicate with a user in an external community, and specifically request
this. This specific request to chat with an external community is shown in
Figure 7-6 on page 283.
282
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-6 LIMWC client requesting an external community via the SIP Connector
The interface in Figure 7-6 should be compared to the interface shown in
Figure 7-1 on page 274, which showcases the seamless integration provided by
the LIM Gateway.
Table 7-1 provides a summary of the differences between the LIM Gateway and
SIP Connector.
Table 7-1 Comparing the SIP Connector and LIM Gateway
LIMWC SIP Connector
LIM Gateway
Can be used to integrate
two or more LIMWC
communities
Yes
No
Can be used to integrate a
LIMWC community to a
Lotus Workplace
community
No
Yes
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
283
LIMWC SIP Connector
LIM Gateway
Integration provided is
seamless to the end user
No
Yes
Proxies user logins from
one community to another
No
Yes
More information about the LIWMC SIP Connector can be found in the IBM
Redpaper Connecting Communities Using the Lotus Instant Messaging SIP
Gateway, available at:
http://www.redbooks.ibm.com/abstracts/redp3834.htm
7.1.4 LIM system requirements
As described previously, a LIM Gateway can be installed on a dedicated
machine, or can be installed and run on one of the existing LIMWC or Lotus
Workplace machines in your environment. Of course, if you are installing the LIM
Gateway on the same computer as an Lotus Workplace server, an LIMWC
(Sametime) server, or an IBM Lotus Portal server, the computer should exceed
the minimum LIM requirements to the extent necessary to accommodate both
the functionality of the LIM Gateway and the functionality of the other server
application.
Microsoft Windows server™ installation requirements
Minimum hardware:
򐂰 CPU: Pentium II 400 MHz
򐂰 Memory: 512MB (minimum), 1 GB (recommended)
Operating system:
򐂰 Windows 2000 Server/Advanced Server
򐂰 Windows 2003
IBM AIX installation requirements
Minimum hardware:
򐂰 Server: An IBM pSeries® server based on PowerPC® (RISC) technology
򐂰 Memory: 512MB (minimum), 1 GB (recommended)
Operating system:
򐂰 IBM AIX 5.1 with patch level 4 (5100-04)
򐂰 IBM AIX 5.2 with patch level 2 (5200-02)
284
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Note: The LIM Gateway also requires the IBM JVM 1.3.1 on both Windows
and Linux. However, this JVM is installed by the LIM Gateway installation.
Supported LIMWC environments
For the LIM Gateway to interoperate with a Lotus Sametime environment, the
server side of the LIMWC environment must meet the following version and
operating system requirements:
򐂰 Sametime 3.1 (or higher) servers that operate on Windows, AIX, Solaris™,
and OS/400® platforms. If your Sametime servers are Sametime 3.0 (or
earlier), you must upgrade your servers to use them with the LIM Gateway.
Note: The platforms listed above include all platforms supported by the
LIMWC (Sametime) server at the publication date of this Redbook. If the
LIMWC server is built on an additional platform in the future, check with an
IBM representative to determine if the LIM Gateway operates with the
server on the additional platform.
򐂰 IBM WebSphere Portal 5.0 (or higher) servers. If your LIMWC environment
includes IBM WebSphere Portal servers, the portal servers must be version
5.0 or higher. Only portlet presence and instant messaging clients that
operate with portal server version 5.0 or higher can be used with the LIM
Gateway.
򐂰 Lotus Domino 6.5 (or higher) servers. If your LIMWC environment includes
Lotus Domino servers, they must be version 6.5 or higher. Only Lotus Notes
clients that operate with version 6.5 or higher can be used with the LIM
Gateway.
Additionally, any LIMWC clients used when the LIM Gateway is deployed must
also meet a defined set of requirements, or any users utilizing non-support
clients will not be able to take advantage of the LIM Gateway’s capabilities.
In general, all instant messaging and awareness clients that operate with the
server versions listed above are supported, including:
򐂰 Sametime Connect (both the Windows and browser versions).
򐂰 Any client developed with a Sametime Links toolkit that is created for use with
Sametime 3.1 or higher servers. These clients include:
– Any portlet provided in the Collaboration Center of a Portal 5.0 (or higher)
server that supports instant messaging and presence, such as a Lotus
QuickPlaces portlet or a buddy list portlet.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
285
– Any portlet (5.0 or higher) developed by IBM Lotus that operates with a
Lotus Domino and LIMWC server to combine Domino functionality and
LIMWC presence and instant messaging functionality, such as the Web
Access (iNotes) portlet.
– Sametime links (or "live names") embedded into a Lotus Notes 6.5.x client
to integrate instant messaging and awareness with the Notes client.
– Any other presence and instant messaging client built with any IBM Lotus
developer toolkit created for use with Sametime 3.1 or higher servers.
Supported Lotus Workplace environments
For the LIM Gateway to interoperate with a Lotus Workplace environment, the
server side of the Lotus Workplace environment must be at release 2.0.1 (only),
with servers that operate on the Windows, AIX, or Linux operating system.
Note: The platforms listed above include all supported platforms for the Lotus
Workplace server as of the publication date of this Redbook. If the Lotus
Workplace server is built on an additional platform in the future, check with an
IBM representative to determine if the LIM Gateway operates with the server
on the additional platform.
Restriction: At the time of this publication, the LIM Gateway is only supported
for Lotus Workplace 2.0.1. A technical issue has been identified which
prevents integration at this time with Workplace Collaboration Services 2.5.
The Lotus development team is aware of this issue and plans to have this
resolved for release 2.6.
Additionally, all instant messaging and presence clients that operate with an
Lotus Workplace 2.0.1 server are supported. No modifications to these presence
and instant messaging clients are required to operate with the LIM Gateway.
These clients include:
򐂰 Any portlet provided with an Lotus Workplace 2.0.1 server that supports
instant messaging and presence.
򐂰 Workplace Managed Client (WMC) clients (for example, the Lotus Workplace
Managed Client for Messaging and Documents).
򐂰 Any other instant messaging and presence client built with any IBM Lotus
developer toolkit created for use with the Lotus Workplace 2.0.1 server.
286
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Note: If users in your Lotus Workplace environment use third-party SIP clients
to access an Lotus Workplace server, the third-party SIP client users may be
unable to respond to chat messages initiated by users from the LIMWC
environment, depending on how the third-party SIP clients are programmed.
The SIP clients developed by IBM Lotus for use with the Lotus Workplace
server avoid this problem because these clients are designed to
programmatically subscribe on users who initiate chat sessions with them.
7.2 LIM Gateway deployment considerations
To discuss the various areas that need careful consideration when deploying a
LIM Gateway environment, we must start with a basic or typical deployment, as
shown in Figure 7-7.
This figure depicts a basic LIM Gateway deployment with several characteristics:
򐂰 The LIMWC and Lotus Workplace environments share a common
authentication and name directory.
򐂰 The LIM Gateway has been installed on its own dedicated hardware or logical
partition.
򐂰 The LIMWC environment is leveraged for embedded awareness within both a
WebSphere Portal environment and a Lotus Domino environment.
Figure 7-7 A typical architecture for installation of a LIM Gateway
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
287
It is when going beyond this typical architecture that various deployment options
must be analyzed and carefully considered. The remained of this section will
discuss these key items to be considered in a LIM Gateway deployment.
7.2.1 Directory considerations
In general, one can use the LIM Gateway with any type of directory that is
supported by an LIMWC or Lotus Workplace environment. The LIM Gateway
interacts directly with the LIMWC servers and Lotus Workplace servers in the two
environments, but does not access the directories used in those environments on
its own.
Based on this, the type of directory used in each environment is irrelevant to the
LIM Gateway. If the directory is supported by that environment, and the
environment functions appropriately with that directory, the LIM Gateway will also
function correctly when working with the environment.
For example, the LIM Gateway will operate successfully with any of these
directory configurations (assuming that the directories used are supported in
each environment):
򐂰 An LIMWC environment that operates with a native Domino Directory and an
Lotus Workplace environment that operates with an LDAP directory.
򐂰 An LIMWC environment that operates with an LDAP directory and an Lotus
Workplace environment that operates with a different LDAP directory. (For
example, one environment operates with a Domino LDAP directory while the
other environment operates with an IBM LDAP directory.)
򐂰 An LIMWC environment and an Lotus Workplace environment that operate
with the same LDAP directory.
򐂰 If an environment uses multiple directories, and the environment functions
appropriately with the multiple directory configuration, the LIM Gateway will
also function correctly when working with the environment.
Although the type of directory used in an environment is irrelevant to the LIM
Gateway, there are specific requirements regarding the person entries and
Internet e-mail addresses that appear in the directories if two separate
directories are used in the LIMWC and Lotus Workplace environments.
򐂰 A single user must have a person entry in both the directory used in the
LIMWC environment and the directory used in the Lotus Workplace
environment. These duplicate directory entries are mandatory regardless of
whether the user accesses the clients from only one environment or both
environments.
288
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
For example, the user John Smith must be entered in both the LIMWC and
Lotus Workplace directories to enable the LIM Gateway to represent him in
both environments. If John Smith uses only Lotus Workplace clients, he still
must have a directory entry in the LIMWC directory to communicate with the
LIMWC users. Similarly, if John Smith uses only LIMWC clients, he must have
a directory entry in the Lotus Workplace directory to communicate with the
Lotus Workplace users.
򐂰 The Internet e-mail address for each user must be identical in both
directories. For example, if John Smith has an the Internet e-mail address of
[email protected] in the LIMWC directory, he must have this same
Internet e-mail address specified in the Lotus Workplace directory.
If necessary, the administrator must manually edit the directory entries or use
script files to ensure that each user has an identical Internet e-mail address in
each directory.
The fact that user names and e-mail address must exist in both directories when
two directories are utilized leads to the possibility that a directory synchronization
tool may be needed to integrate the two directories in this manner.
Additionally, groups must also be considered when two directories are utilized.
As with user names in the directory, to enable a user to add a group from one
environment to a client that operates in the other environment, the administrator
must ensure that the group exists in the directory used in the other environment
as well.
This group aspect again speaks to the importance of a good directory
synchronization strategy, should multiple directories be involved in your LIM
Gateway deployment. Obviously, the ideal solution would be to have a single
directory as depicted in Figure 7-7 on page 287. However, this will not always be
feasible in a real world environment.
7.2.2 Security considerations
There are several security issues that must be understood with the LIM Gateway.
These involve the security of the gateway’s communications with both the Lotus
Workplace and LIMWC environments, as well as the ports and protocols used by
the gateway.
LIM Gateway security in the Lotus Workplace environment
The LIM Gateway connects to every Lotus Workplace server in an Lotus
Workplace environment. When establishing these connections, the LIM Gateway
must transmit a name (Internet e-mail address) and password to each Lotus
Workplace server so that each Lotus Workplace server can authenticate the
connection from the LIM Gateway.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
289
To support this, an administrator must create a unique LDAP directory entry for
each Lotus Workplace server in the environment to be used for login from the
LIM Gateway. For example, if there are three Lotus Workplace servers in the
environment, you must create three unique LDAP directory entries. Each of
these LDAP directory entries must include a different user name, Internet e-mail
address, and password.
Note: All of the configuration settings for the LIM Gateway are set within a text
file known as the IMAProxy.poperties file. This includes the parameters
defining the ID and passwords used for the LIM Gateway to log in to Lotus
Workplace servers. Thus, access to this properties file must be carefully
controlled to ensure that these IDs and passwords are kept confidential.
Additionally, all data transmitted between the LIM Gateway and the Lotus
Workplace servers is encrypted with Transport Layer Security (TLS). To enable
this encryption, the administrator specifies TLS as the connection protocol for
LIM Gateway connections to the Lotus Workplace server when configuring the
LIM Gateway.
LIM Gateway connections with the LIMWC environment
Connections from the LIM Gateway to the LIMWC server are authenticated using
the IP address of the LIM Gateway in the normal LIMWC trusted server model.
The administrator must allow the LIM Gateway as a trusted server on the LIMWC
configuration.
To log Lotus Workplace users into the LIMWC server, the LIM Gateway uses the
standard light log-in functionality provided for LIMWC Web-based clients in the
LIMWC server developer toolkits.
Finally, all data transmitted between the LIM Gateway and the LIMWC servers is
encrypted using RC 2 with a 128-bit key for symmetric encryption. No
configurations are required by the administrator to encrypt this data.
Ports used for Lotus Workplace connections
If a firewall exists between the LIM Gateway and the Lotus Workplace servers,
the following ports must be open through the firewall to enable the LIM Gateway
to communicate with the Lotus Workplace servers.
򐂰 Port 5061 (using TLS): The LIM Gateway communicates with the SLSP
component of an Lotus Workplace server on this port by default.
򐂰 Port 1516 (using TCP): The LIM Gateway communicates with the Presence
server component of an Lotus Workplace server on this port by default.
290
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 Any available port on the LIM Gateway computer (using TLS): A port must be
available to transmit instant messages between the LIM Gateway and the
Lotus Workplace environment.
When an Lotus Workplace user sends an instant message to an LIMWC user,
the instant message must be transmitted on a connection from the Lotus
Workplace server to the LIM Gateway. The administrator selects the port used
for this connection when configuring the LIM Gateway. The administrator can
select a specific port for this purpose or configure the LIM Gateway to
dynamically select any available port on the LIM Gateway computer.
Ports used for LIMWC connections
If a firewall exists between the LIM Gateway and the LIMWC servers, TCP port
1516 must be open through the firewall to enable the LIM Gateway to
communicate with the LIMWC servers.
All communications between the LIM Gateway and the LIMWC environment
occur using port 1516.
7.2.3 Scalability considerations
As the size of a LIMWC or Lotus Workplace environment grows, additional LIM
Gateways will be needed to support the volume. To understand the number of
LIM Gateways to utilize, it is important to understand the specific
communications happening with each connection. The number of LIM Gateways
must thus be considered from both an Lotus Workplace and an LIMWC
perspective.
LIM scalability regarding Lotus Workplace connections
Due to the architecture of the instant messaging environment within Lotus
Workplace, there are two areas of communication between the LIM Gateway and
an Lotus Workplace environment:
򐂰 Stateless SIP Proxy (SLSP)
The administrator configures the LIM Gateway to establish a connection with
the Stateless SIP Proxy (SLSP) component on one Lotus Workplace server in
the environment. Over this connection, the LIM Gateway sends the SIP
methods that register LIMWC users into the Lotus Workplace environment.
򐂰 Presence Server
The administrator also configures the LIM Gateway to establish a connection
to the Presence server component on each Lotus Workplace server in the
environment. Over these connections, the LIM Gateway receives the following
information about user activity on each of the Lotus Workplace servers in the
environment:
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
291
– Lotus Workplace user logins and logouts occurring on each Lotus
Workplace server
– Lotus Workplace user presence status changes occurring on each Lotus
Workplace server
– LIMWC users that are subscribed on by the Lotus Workplace users
connected to each Lotus Workplace server
With an understanding of these connections, one could scale LIM Gateways
interaction with LPW via scenarios featuring one, two, three or more gateways.
Single LIM Gateway scenario
If you deploy one LIM Gateway into an environment that includes a single Lotus
Workplace server, the LIM Gateway must establish two connections to the Lotus
Workplace server: one connection to the SLSP component of the Lotus
Workplace server and one connection to the Presence server component of the
Lotus Workplace server.
Figure 7-8 Single LIM Gateway connects to single Lotus Workplace server
If you deploy one LIM Gateway into an environment that includes multiple Lotus
Workplace servers, you can configure the connections in the following way:
򐂰 LIM Gateway 1 connects to the SLSP component on Lotus Workplace server
1.
򐂰 LIM Gateway 1 connects to the Presence server components on all Lotus
Workplace servers in the environment, including the Presence server
component of Lotus Workplace server 1.
292
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-9 Single LIM Gateway connects to multiple Lotus Workplace servers
Two LIM Gateways scenario
If you deploy two LIM Gateways to support three Lotus Workplace servers, you
can configure the connections in the following way:
򐂰 LIM Gateway 1 can connect to both the SLSP component and the Presence
server component on Lotus Workplace server 1.
򐂰 LIM Gateway 2 can connect to the SLSP component on Lotus Workplace
server 2.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
293
򐂰 LIM Gateway 2 can connect to the Presence server components on both
Lotus Workplace server 2 and Lotus Workplace server 3.
Figure 7-10 Two LIM Gateways connecting to three Lotus Workplace servers
Three LIM Gateways scenario
If you deploy three LIM Gateways to support three Lotus Workplace servers, you
can configure each LIM Gateway to establish its connections with a different
Lotus Workplace server. Configuring the connections in the following way
provides the most efficient performance:
򐂰 LIM Gateway 1 can connect to both the SLSP component and the Presence
server component on Lotus Workplace server 1.
򐂰 LIM Gateway 2 can connect to both the SLSP component and the Presence
server component on Lotus Workplace server 2.
294
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
򐂰 LIM Gateway 3 can connect to both the SLSP component and the Presence
server component on Lotus Workplace server 3.
Figure 7-11 Example for connecting three LIM Gateways with three Lotus Workplace
servers
LIM scalability regarding LIWC connections
Scaling a LIM Gateway to support the connections to an LIMWC environment is
a bit different than from the Lotus Workplace side of things, due to the single
events channel of the LIMWC architecture. Basically, when multiple LIMWC
servers operate together as a community, all LIMWC community events are
handled on a single channel. This single events channel is available on all
LIMWC servers in the community through intraserver connections between the
LIMWC servers. This design enables the LIM Gateway to connect to a single
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
295
LIMWC server in the community and communicate with all LIMWC servers in the
community.
Thus, if only one LIM Gateway service is deployed, it does not matter which
specific LIMWC server it is configured to communicate with, because all LIMWC
community servers will participate on the single events channel that is part of the
community. This is depicted in Figure 7-12.
Figure 7-12 Single LIM Gateway connects to a group of LIMWC servers
If multiple LIM Gateways are deployed, each LIM Gateway can connect to the
same LIMWC server in the LIMWC community, or each LIM Gateway can
connect to a different LIMWC server (as shown in Figure 7-13 on page 297).
However, there are no real performance advantages to having multiple LIM
Gateways connect to multiple LIMWC servers, other than a certain level of
failover and redundancy.
296
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-13 Example to connect multiple Lotus Workplace servers to multiple LIMWC
servers
7.2.4 Miscellaneous deployment considerations
We have covered the key areas of directory, security, and scalability associated
with a LIM Gateway deployment. However, there are a few other items than any
administrator should be aware of with any LIM deployment.
Mixed OS installations are not an issue
After you have installed the LIM Gateway on an AIX or Windows operating
system, the LIM Gateway can communicate with servers running on these
platforms:
򐂰 Sametime 3.1 (or later) servers running on Windows, AIX, Solaris, or OS/400
򐂰 Lotus Workplace 2.0.1 servers running on Windows, AIX, or Linux
For example, an LIM Gateway running on a Windows computer can
communicate with an iSeries (OS/400) Sametime 3.1 server and a Linux Lotus
Workplace 2.0.1 server.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
297
Impact on Lotus Workplace and LIMWC capacity should be
considered
It is important that any administrator remember the proxy operations of the LIM
Gateway in terms of the increased load that will be placed on LIMWC and Lotus
Workplace environments when they are connected together with a LIM Gateway.
For example, if the Lotus Workplace environment is scaled for 1 000 users, and
the LIMWC is also scaled for 1 000 users, each environment may have 2 000
users logged in once a LIM Gateway is implemented! This is because the LIM
Gateway will end up performing proxied logins on behalf of each user in one
environment into the other environment.
Thus, careful analysis should be made of the available capacity in both LIMWC
and Lotus Workplace environments, and of the impact of an increased user load,
prior to implementing the LIM Gateway.
Server failover
The LIM Gateway performs failover functions if it loses communication with either
an LIMWC server or an Lotus Workplace server.
򐂰 If the LIM Gateway loses communication with an LIMWC server, the gateway
logs all users of that LIMWC server off of the Lotus Workplace server(s) to
which the LIM Gateway is connected.
򐂰 Similarly, if the LIM Gateway loses communication with an Lotus Workplace
server, the gateway logs all users of that Lotus Workplace server off of the
LIMWC server(s) to which the LIM Gateway is connected.
When the LIM Gateway loses communication to either an LIMWC server or an
Lotus Workplace server, the LIM Gateway automatically attempts to reconnect to
the server at 60 second intervals.
Avoiding unnecessary logins of LIMWC users to Lotus
Workplace
As discussed in “How the LIM Gateway works with LIMWC users” on page 277,
the LIM Gateway logs an LIMWC user into the Lotus Workplace server only if the
LIMWC user is subscribed on by an Lotus Workplace user. However, in certain
cases, this characteristic of the LIM Gateway can still result in unnecessary
logins of LIMWC users to the Lotus Workplace server.
For example, if an Lotus Workplace user subscribes on a public group that
includes all members of the LIMWC server community, the LIM Gateway may log
all members of the LIMWC server community into the Lotus Workplace server.
For example, if a user subscribes on a public group that contains 150 people, but
is only interested in chatting with 15 of these group members, this user can
create up to 135 unnecessary logins to the Lotus Workplace server. This
298
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
scenario may result in an unnecessary drain on the system resources of the
Lotus Workplace server.
Administrators should work to avoid situations where Lotus Workplace users
subscribe on large public groups when the users are only interested in chatting
with a few members within the group. Furthermore, administrators may want to
caution Lotus Workplace users against adding large groups to the buddy lists or
suggest breaking larger groups into smaller groups, as necessary, to prevent this
unnecessary drain on the system resources of the Lotus Workplace server.
Reverse proxy and firewall considerations of the LIM Gateway
The LIM Gateway must establish connections with both Lotus Workplace servers
and LIMWC servers.
You cannot use a reverse proxy server with the LIM Gateway. The LIM Gateway
cannot connect to an Lotus Workplace server or an LIMWC server through a
reverse proxy server.
7.3 LIM Gateway installation guidelines
This section provides procedures and guidelines for installing and configuring the
LIM Gateway on Microsoft Windows. These procedures can be used regardless
of whether the LIM Gateway is being installed on a dedicated Windows computer
or on the same Windows computer as another server service.
Note: Instructions for installing on AIX are included within the product
documentation. However, configuration steps documented in this section
would be the same for any operating system.
7.3.1 High-level installation and configuration steps
The steps are:
1. Install the LIM Gateway code.
2. Configure Lotus Sametime to accept LIM Gateway connections.
3. Configure Lotus Workplace to accept LIM Gateway connections.
4. Configure the LIM Gateway via the IMAProxy.properties file.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
299
7.3.2 Installing the LIM Gateway code
To install:
1. Verify that the computer that will host the LIM Gateway meets the Windows
system requirements specified in “LIM system requirements” on page 284.
2. Log in to the Windows operating system as a user with Administrator rights.
3. Download the Windows version of the Lotus Instant Messaging Gateway
package from the IBM Developerworks site:
http://www-136.ibm.com/developerworks/lotus/products/instantmessaging/
4. Extract the contents of the LIM package to the root (C:\) of the Windows
computer.
Extracting the contents of this package to the root (C:\) automatically creates
a C:\IMGateway directory on the Windows computer. The LIM Gateway files
are placed in the C:\IMGateway directory.
Important: The C:\IMGateway directory is used by default for running the
LIM Gateway. Running it from another location without performing any
customization will create errors.
To change the installation directory, you must open the install.bat file with a
text editor and change the installation directory parameter in this file. Make
this change before running the install.bat file.
set IMAWORKDIR=c:\IMGateway
set JVMPATH=%IMAWORKDIR%\jre\bin\classic\jvm.dll
JavaLauncher -i service=IMGateway jvmdll=%JVMPATH%
class=com/ibm/wkplc/ProxyMain -Djava.class.path=.;imaproxy.jar;config
-Djava.ext.dirs=lib;%IMAWORKDIR%\jre\lib\ext wrkdir=%IMAWORKDIR%
If the installation is supposed to be made to a different directory, the
parameter set IMAWORKDIR has to be changed.
5. Run the install.bat file provided in the C:\IMGateway directory to install the
LIM Gateway as a Windows service. For example, enter this command from
the server command prompt:
C:\IMGateway>install.bat
This batch file executes a Java process, which in turn creates a Windows
service called IMGateway, as shown in Figure 7-14 on page 301.
300
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-14 IMGateway Windows Service
Note: After this step, the LIM Gateway can be launched by running the
IMGateway windows service, or can be manually started from a command line
by executing the IMGatewayLaunch.exe command, which can be found within
the C:\IMGateway directory.
7.3.3 Configuring LIMWC to accept LIM Gateway connections
To enable an LIMWC server to operate with the LIM Gateway, you must specify
the IP address of the LIM Gateway as an IP address that is allowed to establish
connections with the LIMWC server, and you must confirm the proper LDAP
configuration of your LIMWC server.
Trusting the LIM Gateway in LIMWC
To perform this configuration, enter the IP address of the LIM Gateway into the
CommunityTrustedIps field of the CommunityConnectivity document in the
Configuration database (stconfig.nsf) on the LIMWC server.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
301
1. Use a Lotus Notes client to open the Configuration database (stconfig.nsf) on
the LIMWC server.
Figure 7-15 Opening the stconfig.nsf
2. Open the CommunityConnectivity document in the stconfig.nsf database by
double-clicking the date associated with the document.
Figure 7-16 Select the CommunityConnectivity document from the view All- By Form and
Date
If the CommunityConnectivity document does not exist in the stconfig.nsf
database, you must create it. To create the CommunityConnectivity
document, choose Create → CommunityConnectivity from the menu bar in
the stconfig.nsf database.
302
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 7-17 Optional: creating the CommunityConnectivity document
3. In the CommunityTrustedIps field, enter the IP addresses of the LIM Gateway.
Figure 7-18 CommunityConnectivity document
4. Save and close the CommunityConnectivity document.
5. Restart the LIMWC server; it is now ready for the LIM Gateway.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
303
Verifying proper LIMWC LDAP configuration
While an existing LIMWC server will obviously be configured properly to
authenticate to your directory, if the directory used is an LDAP directory, then the
LIMWC must be configured to also recognize the correct e-mail address LDAP
attribute of all users. This is needed because the LIM Gateway utilizes the e-mail
address as the “unique ID” for each user, and thus must resolve the e-mail
address of a LIMWC user to be able to proxy log them into the Lotus Workplace
environment.
Verification of the LDAP configuration of your LIMWC server is performed within
the Sametime Administration Web interface (stconfig.nsf).
1. Open the Sametime Administration page in your Web browser:
http://yoursametimeservername/stconfig.nsf
2. Go to the LDAP Directory’s Basics section.
3. Verify that the LDAP attribute name listed for the e-mail address is the correct
LDAP attribute name from your LDAP server, as shown in Figure 7-19.
Figure 7-19 Sametime LDAP E-mail attribute verification for LIM Gateway
304
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
7.3.4 Configuring Lotus Workplace to accept LIM Gateway
connections
To configure an Lotus Workplace server to operate with the LIM Gateway, you
must perform two procedures:
1. Replace the presenceimservices.jar file on the Lotus Workplace server with
the presenceimservices.jar file provided with the LIM Gateway package. This
step is required for the 2.01 release of the Lotus Workplace Products only. It
may not be needed for future releases.
2. Specify the IP address of the LIM Gateway as an IP address that is allowed to
establish connections to the SIP Presence server component of the Lotus
Workplace server.
You must replace the presenceimservices.jar file that currently exists on the
Lotus Workplace server with the presenceimservices.jar file provided with the
LIM Gateway package.
1. Make a back-up copy of the presenceimservices.jar file located in the
following directory on the Lotus Workplace server.
c:\WebSphere\WorkplaceServer\ps_extdir
Store this copy in a safe location. You can use this file to restore the Lotus
Workplace server to its original configuration if necessary.
2. Copy the presenceimservices.jar file provided by the LIM Gateway installation
over the presenceimservices.jar file on the Lotus Workplace server.
The presenceimservices.jar provided with the LIM Gateway is located in the
following directory on the LIM Gateway computer:
c:\IMGateway\lib
3. Repeat this procedure on every Lotus Workplace computer in the Lotus
Workplace environment.
Next, use the WebSphere Administrator's Console on an Lotus Workplace server
to specify the IP address of the LIM Gateway as trusted. If multiple Lotus
Workplace servers operate in a WebSphere cell, you must repeat this procedure
on each Lotus Workplace server in the cell.
To add the IP address of the LIM Gateway to the list of IP addresses that are
allowed to establish connections to the SIP Presence server component of the
Lotus Workplace server, follow these steps:
1. Open the WebSphere Administrator's Console on the Lotus Workplace
server.
http://yourfullqualifiedhostname:9091/admin
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
305
2. Select Servers → Application Servers → Portal Server → Custom
Properties.
3. Set the lwpSIPBypassTrustedIps field to True.
4. In the lwpSIPTrustedIps field, enter the IP address of the computer on which
the LIM Gateway is installed.
5. Restart the Lotus Workplace server. It is now ready for the LIM Gateway.
7.3.5 Configuring the LIM Gateway (IMAProxy.properties)
To complete the LIM Gateway installation, you must configure settings in the
IMAProxy.properties file to enable the gateway to function correctly with your
Lotus Workplace and LIMWC environments.
The IMAProxy.properties file is located in the following directory of the server on
which the LIM Gateway is installed:
<root>\IMGateway\config (Windows)
The IMAProxy.properties file includes configuration settings that enable it to
connect to and communicate with servers in both the Lotus Workplace
environment and the LIMWC environment. These configurations include
SIP-related parameters needed to establish connections with Lotus Workplace
servers as well as the addresses of servers in both environments.
As noted in “Directory considerations” on page 288, the LIM Gateway also
presents a different name (Internet e-mail address) and password to each Lotus
Workplace server in an environment to authenticate when connecting to the
Lotus Workplace servers. The administrator must also enter these valid user IDs
and passwords when configuring the IMAProxy.properties file.
To configure the IMAProxy.properties file, open it with a text editor and enter the
settings appropriate for your environment. To assist you with the configuration of
the IMAProxy.properties file, a description of every setting in this file is provided
in Table 7-2 on page 307.
Important: If you have already configured the IMAProxy.properties file, and
you want to alter an existing setting, you must alter the setting and then restart
the LIM Gateway service for the new setting to take effect.
IMAProxy.properties file settings descriptions
The IMAProxy.properties file is divided into three sections: Proxy Main
Information, Lotus Workplace Information and ST Information. All of the settings
in the IMAProxy.properties file are described in the table below.
306
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Table 7-2 IMAProxy.properties settings description
IMAProxy.properties settings
Description
PROXY MAIN INFORMATION:
The PROXY MAIN INFORMATION settings
below enable or disable error/trace message
reporting and specify the file to which
error/trace messages are written.
proxy.traceEnable
This setting enables or disables error/trace
message reporting for troubleshooting
purposes. When this setting is enabled,
error/trace messages are written to the file
specified in the proxy.traceFileName setting
below. This setting can have a value of either
true (enabled) or false (disabled). An example
setting is:
Proxy.traceEnable=true
proxy.traceFileName
This setting specifies the path and file name
to which error/trace messages are written.
The file specified in this setting is created only
when the proxy.traceEnable setting above is
set to true (enabled).
An example setting on a Windows system is:
Proxy.traceFileName=c:\temp\IMGateway.txt
LWP INFORMATION:
The LWP INFORMATION settings below
enable the LIM Gateway to operate with the
Lotus Workplace server environment.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
307
IMAProxy.properties settings
Description
javax.sip.OUTBOUND_PROXY
This setting specifies the DNS host name,
port, and the connection protocol used to
establish a connection to the Stateless SIP
Proxy (SLSP) component of one Lotus
Workplace server in the environment. The
LIM Gateway registers LIMWC users into the
Lotus Workplace environment over this
connection. An example setting is:
javax.sip.OUTBOUND_PROXY=lwpserver1.ibm.
com:5061/tls
Note: This setting must specify only one
Lotus Workplace server. If you have deployed
multiple LIM Gateways, other LIM Gateways
can also connect to this same SLSP
component on the same Lotus Workplace
server, if necessary. For more information
about configuring multiple server
environments, see “Scalability considerations”
on page 291.
308
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IMAProxy.properties settings
Description
javax.sip.listeningPoint.1
This setting specifies the SIP listening point
associated with the LIM Gateway. This setting
should contain the DNS host name of the
computer on which the LIM Gateway is
installed, the port on which the LIM Gateway
listens for SIP connections, and the
connection protocol used to establish SIP
connections.
When an Lotus Workplace user sends an
instant message to an LIMWC user, the
message is transmitted from the Lotus
Workplace client to the Lotus Workplace
server. The SLSP component of the Lotus
Workplace server then establishes a
connection to the LIM Gateway using the
address specified in this setting. The SLSP
component routes the instant message to the
LIM Gateway over the connection established
using this address. An example setting is:
javax.sip.listeningPoint.1=limproxy.ibm.
com:5060/tls
Optionally, an administrator can enter 0 (zero)
as the port number to enable the LIM
Gateway to randomly generate a port number
for this purpose. For example:
javax.sip.listeningPoint.1=limproxy.ibm.
com:0/tls
com.ibm.ssl.protocol
This setting must have the value SSL if you
want to encrypt the data transmitted between
the IMA Gateway and the Lotus Workplace
servers with TLS (TLS is a newer version of
SSL). An example value for this setting is:
com.ibm.ssl.protocol=SSL
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
309
IMAProxy.properties settings
Description
com.ibm.ssl.keystore
com.ibm.ssl.keyStorePassword
com.ibm.ssl.truststore
com.ibm.ssl.trustStorePassword
These settings specify the key store and the
trust store files that support TLS encryption of
the data transmitted between the LIM
Gateway and the Lotus Workplace servers,
and the passwords required to access these
files. Example values for these settings are:
com.ibm.ssl.keystore=DummyClientKeyFile.
jks
com.ibm.ssl.keyStorePassword=keyfilepass
word
com.ibm.ssl.truststore=DummyClientTrustF
ile.jks
com.ibm.ssl.trustStorePassword=trustfile
password
You can use different key store and trust
store files to support the TLS encryption. To
use different key store and trust store files,
copy the key store and trust store files into the
LIM Gateway installation directory and use
the settings above to specify the file names
and passwords appropriate for these new
files. For more information, see “Optional
additional setup” on page 315.
310
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IMAProxy.properties settings
Description
proxy.lwp.presenceservername.#
proxy.lwp.proxyname.#
proxy.lwp.password.#
These three settings enable the LIM Gateway
to establish a connection to the Presence
server component of one Lotus Workplace
server and to present that Lotus Workplace
server with authentication credentials when
establishing this connection.
An example configuration for these three
settings appears below:
proxy.lwp.presenceservername.1=lwpserver
1.ibm.com:1516/tcp
[email protected]
proxy.lwp.password.1=password1
The proxy.lwp.presenceservername.#
setting should specify the host name of the
Lotus Workplace server, the port on which the
Presence server component of an Lotus
Workplace server listens for connections, and
the connection protocol used to establish the
connection.
The LIM Gateway uses this information to
establish a connection with the Presence
server for the purpose of receiving needed
information about Lotus Workplace user
activities (that is, logins/logouts, presence
status changes, and subscription
information).
The proxy.lwp.proxyname.# setting and the
proxy.lwp.password.# setting specify the
name (Internet e-mail address) and password
the LIM Gateway uses to authenticate when
connecting to the Presence server
component of an Lotus Workplace server.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
311
IMAProxy.properties settings
Description
proxy.lwp.presenceservername.#
proxy.lwp.proxyname.#
proxy.lwp.password.#
These three settings are always specified
together to provide the LIM Gateway with the
connection information and authentication
credentials required to establish a connection
to the Presence server component of a single
Lotus Workplace server. In a multiple Lotus
Workplace server environment, you must
repeat this group of three settings for each
Lotus Workplace server to which you want
this LIM Gateway to connect. For example, if
you want one LIM Gateway to connect to two
Lotus Workplace servers, you must have
entries like these in the IMAProxy.properties
file:
(continued)
proxy.lwp.presenceservername.1=lwpserver
1.ibm.com:1516/tcp
[email protected]
.com
proxy.lwp.password.1=firstserverpassword
proxy.lwp.presenceservername.2=lwpserver
2.ibm.com:1516/tcp
[email protected]
m.com
proxy.lwp.password..2=secondserverpasswo
rd
Note: When listing multiple servers in the
IMAProxy.properties file, always increment
the numeric identifier of the server by one so
that the servers are listed sequentially. Do not
skip numbers. For example, if you have two
servers, do not specify the first server as
proxy.lwp.presenceservername.1 and the
second server as
proxy.lwp.presenceservername.3. The
second server must be listed as
312
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
IMAProxy.properties settings
Description
proxy.lwp.presenceservername.#
proxy.lwp.proxyname.#
proxy.lwp.password.#
proxylwp.presenceservername.2. The LIM
Gateway will not function correctly if the
servers are not numbered sequentially.
As discussed earlier, you can deploy multiple
LIM Gateways to support multiple Lotus
Workplace servers. The examples below
illustrate how to configure these settings in an
environment that includes multiple LIM
Gateways.
This example assumes you have deployed
two LIM Gateways to support three Lotus
Workplace servers. In this example, one of the
LIM Gateways must connect to the Presence
server component of one Lotus Workplace
server and the other LIM Gateway must
connect to the Presence server components
of the remaining two Lotus Workplace servers.
In the IMAProxy.properties file on LIM
Gateway 1, the settings should be configured
as illustrated below:
proxy.lwp.presenceservername.1=lwpserver
1.ibm.com:1516/tcp
[email protected]
.com
proxy.lwp.password.1=firstserverpassword
(continued)
In the IMAProxy.properties file on LIM
Gateway 2, the settings should be configured
as illustrated below:
proxy.lwp.presenceservername.1=lwpserver2
.ibm.com:1516/tcp
[email protected]
.com
proxy.lwp.password.1=secondserverpassword
proxy.lwp.presenceservername.2=lwpserver3
.ibm.com:1516/tcp
[email protected]
com
proxy.lwp.password..2=thirdserverpassword
ST INFORMATION:
The ST INFORMATION setting below
enables the LIM Gateway to operate with the
LIMWC server environment.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
313
IMAProxy.properties settings
Description
proxy.sametime.hostname
This setting specifies the DNS name of an
LIMWC server. The LIM Gateway establishes
a connection to this LIMWC server to
communicate with all LIMWC servers in the
LIMWC community.
An example setting is:
proxy.sametime.hostname=sametimeserver.i
bm.com
If you have deployed multiple LIM Gateways,
each LIM Gateway can connect to the same
LIMWC server in the environment, or each
LIM Gateway can connect to a different
LIMWC server.
As a further guideline to readers in configuring their own IMAproxy.properties file,
Example 7-1 provides a sample IMAProxy.properties file that was successfully
used for all of our testing in our test lab environment.
Example 7-1 Sample IMAProxy.properties file
#########################
# PROXY MAIN INFORMATION
##########################
proxy.traceEnable = true
proxy.traceFileName = IMAProxy.txt
#######################
# LWP INFORMATION
#######################
# SLSP address of LWP primary server
javax.sip.OUTBOUND_PROXY = intlwpst.cam.itso.ibm.com:5061/tls
# listening point of the proxy
javax.sip.listeningPoint.1 = intlwpst.cam.itso.ibm.com:5060/tls
# SSL properties to be used by sip stack
com.ibm.ssl.protocol=
com.ibm.ssl.keyStore=DummyClientKeyFile.jks
com.ibm.ssl.keyStorePassword=WebAS
com.ibm.ssl.trustStore=DummyClientTrustFile.jks
com.ibm.ssl.trustStorePassword=WebAS
# LWP presence server to connect
314
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
proxy.lwp.presenceservername.1 =intlwpst.cam.itso.ibm.com:1516/tcp
proxy.lwp.proxyname.1 = [email protected]
proxy.lwp.proxypassword.1 = lwpstserver1
######################
# ST INFORMATION
######################
proxy.sametime.hostname = intdomst.cam.itso.ibm.com
After all of the appropriate settings have been defined, the LIM Gateway service
must then be stopped and started. If everything is working properly, seamless
awareness should now exist between the two environments. If awareness is not
functioning, then the reader should proceed to “LIM Gateway troubleshooting
guidelines” on page 316.
7.3.6 Optional additional setup
One optional procedure that can be performed is to change the default key store
file and trust store file that support TLS encryption of the connections between
the LIM Gateway and the Lotus Workplace servers.
To support TLS encryption of the connections between the LIM Gateway and the
Lotus Workplace server, the LIM Gateway installation places a
DummyClientKeyFile.jks and a DummyClientTrustFile.jks file in the
C:\IMGateway directory. These are the same jks files that IBM provides by
default with all WebSphere servers.
If you want to use different jks files as the key stores that support TLS
connections, follow the instructions below:
1. Copy the new key store jks file and new trust store jks file that you want to use
into the C:\IMGateway directory or the <root>/IMGateway directory.
2. Open the IMAProxy.properties file with a text editor and alter the following
settings so that they specify the new key store file name and new trust store
file name, and the passwords required to access the new files.
– com.ibm.ssl.keystore=<enter the new key store file name>
– com.ibm.ssl.keyStorePassword=<enter the password for the key store
file>
– com.ibm.ssl.truststore=<enter the new trust store file name>
– com.ibm.ssl.trustStorePassword=<enter the password for the trust store
file>
3. Save and close the IMAProxy.properties file.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
315
4. Restart the LIM Gateway.
7.4 LIM Gateway troubleshooting guidelines
Even the most skilled installer and administrator will undoubtedly run into
occasions where they need to troubleshoot an issue with the LIM Gateway.
Fortunately, the LIM Gateway provides a rather thorough logging capability that
allows you to resolve most issues. This section describes how to enable the
logging, where to look for log files, and how to interpret the logs files once they
are found.
7.4.1 Turning on error/trace message logs
To enable error/trace message reporting, the administrator configures these two
parameters in the IMAProxy.properties file on the LIM Gateway computer:
򐂰 proxy.trace.Enable=true
򐂰 proxy.traceFileName=<file path and file name>
The proxy.traceFileName value is at your discretion. For example, if you enter
c:\temp\IMGateway.txt, the trace messages are written to the IMGateway.txt file
in the c:\temp directory on the LIM Gateway computer.
Instructions to enable error/trace message reporting
To enable error/trace message reporting:
1. Open a text editor on the computer on which the LIM Gateway is installed.
2. Open the IMAProxy.properties file at the following location:
c:\IMGateway\config
3. In the IMAProxy.properties file, populate the proxy.traceEnable and
proxy.traceFileName parameters as shown below:
– proxy.traceEnable=true
– proxy.traceFileName=c:\temp\IMGateway.txt
4. Close and save the IMAProxy.properties file.
5. Restart the LIM Gateway.
7.4.2 Interpreting the log files
The IMGateway.txt log files can seem overwhelming at initial glance. However,
once you understand the key processes involved in LIM conversations, the log
files can be quickly understood.
316
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
The key LIM processes, and log entries, that any administrator should
understand can be broken up into those processes that monitor the LIMWC side
of the conversation, and those that monitor the Lotus Workplace side of the
conversation:
Key log entries related to LIM-LIMWC communications
The key process involved in LIMWC communications is called the
STUsersSideMgr. As communications occur with the LIMWC servers, the
following types of messages will be seen in the trace file.
򐂰 If the LIM Gateway logs out from LIMWC server, the message
>> LoginSAMgr::Loggedout reason: ... will appear in the trace file.
򐂰 If the LIM Gateway logs into the LIMWC server, the message LoggedIn to ST
server =... will appear in the trace file.
򐂰 When a user from Lotus Workplace logs in, and thus the LIM Gateway needs
to proxy that login to LIMWC, the message STUsersAgent::doLogin:
userName = will appear in the trace file.
򐂰 As part of a proxied login, the LIM Gateway will need to first resolve the Lotus
Workplace user on the LIMWC side. When this name resolution takes places,
then messages regarding a “Resolver” process will appear in the trace file,
such as Resolver::setFQNuserId: [email protected] userFQNid
= {CN=William Tworek,O=IBM,}. As you can see, the eMailAdd is empty.
򐂰 When a user from the Lotus Workplace logs out, and thus the LIM Gateway
needs to log out the proxied user in LIMWC, the message
STUserObject::doLogout: for = will appear in the trace file.
򐂰 When a new message from a user on the Lotus Workplace side to a user on
the LIMWC side is received by the LIM Gateway, the message
STUserObject::continueMessage: from =... to = ... will appear in the
trace file.
򐂰 When a user from the Lotus Workplace side changes his status, and thus the
LIM Gateway must proxy this status change, the message
STUserObject::changeStatusOfUser -> user = will appear in the trace file.
Key log entries related to LIM-Lotus Workplace communications
The key process involved in LIMWC communications is called the
LWPSideMonitoring. As communications occur with the LIMWC servers, the
following types of messages will be seen in the trace file.
򐂰 When a user from the LIMWC side logs in, the LIM Gateway will attempt to
proxy this login to the Lotus Workplace side, and the message
LWPUserAgent::doLogin: new request received initiator name = .. will
appear in the trace file.
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
317
򐂰 If no Lotus Workplace user has yet to “subscribe” to the LIMWC user, then
this LIMWC user does not yet need to be logged into Lotus Workplace, and
will instead be added to a “waiting table," and the message
LWPUserAgent::doLogin: add to waiting table initiator name = ... will
appear in the trace file.
򐂰 When a user from LIMWC side logs out, the LIM Gateway will log out the
proxied user from the LW side (or remove them from the “waiting table”), and
the message LWPUserAgent::doLogout: new request received initiator
name = will appear in the trace file.
򐂰 When a user from the LIMWC side changes his status, the LIM Gateway will
proxy this status change to the Lotus Workplace side, and the message
LWPUserAgent::changeStatus: new request received initiator name = will
appear in the trace file.
򐂰 When a message from a user on the LIMWC side is sent to a user on the
Lotus Workplace side, the message LWPUserAgent::doMessage: new request
received from =... to = ... will appear in the trace file.
򐂰 If the LIM Gateway failed to connect to the Lotus Workplace side server, a
message stating LWPConnection::reCreateConnection to ... will appear in
the trace file as the LIM Gateway attempts to retry the connection.
7.4.3 Example troubleshooting
To further aid in troubleshooting efforts, a few examples can be shown of
common issues that the redbook team experienced within their test lab. These
examples are in no way comprehensive, but rather are simplistic illustrations of
the types of issues that one might see in a real world environment.
SSL not configured properly
When initially setting up our LIM Gateway environment, we experienced issues
regarding the ability to negotiate an SSL connection to the Lotus Workplace
servers. The initial symptom was that users were unable to communicate through
the LIM Gateway. However, we were able to isolate the issue to an SSL error as
follows:
1. We examined the trace file and found that all LIM Gateway services appeared
to happily initialize until the “SIPStackMgr”:
SipStackMgr::init....
com.ibm.workplace.jain.protocol.ip.sip.SipStackImpl.SipStackImpl: trying to
load sip stack
2. Immediately in the trace files after this init statement, multiple Java stack
traces and error messages appeared as follows:
java.security.NoSuchAlgorithmException: No such algorithm:
318
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
....
java.lang.IllegalStateException: No such algorithm at
com.ibm.workplace.sip.stack.transaction.transport.connections.tls.SIPConnec
tionFactoryImpl.initSSL
....
com.ibm.workplace.sip.stack.transaction.transport.SIPConnectionsModel.initL
isteningPoints: could not instansiate Listenning connection!
3. The fact that the errors were related to the SIP pointed to an issue with the
Lotus Workplace connection, since SIP is used to talk to Lotus Workplace,
while the VPBuddy protocol is used to talk to LIMWC. The Java exceptions
related to SSL algorithm negotiations pointed towards the SSL handshake as
the breakdown in this communication.
4. We then examined our IMAProxy.properties file, and found the issue. We
made a typo in defining the SLSP server.
# SLSP addres of LWP primary server
javax.sip.OUTBOUND_PROXY = intlwpst.cam.itso.ibm.com:5061/tcp
We had inadvertently replaced the /tls at the end of the SLSP server with a
/tcp. While TLS is a valid SSL protocol, TCP is an underlying transport, and
therefore not valid.
5. After changing the properties file to properly refer to the tls protocol, and
restarting the LIM Gateway, the connection to Lotus Workplace succeeded.
LIM Gateway not trusted
Once we had the conversations working properly to the Lotus Workplace side of
the equation, we then had an issue communicating with the LIMWC server side.
The symptom in this case was, again, that the LIM Gateway was not providing
any of the expected integration. We once again looked into the trace files to
examine the situation.
1. First, we noticed that the connection the Lotus Workplace side was now
succeeding.
SipStackMgr::init m_lp.host 9.33.85.103 m_lp.port = 5060 m_lp.transport =
tcp transport = tls
SipStackMgr::initialized - transport = tls
2. Thus, we next turned our attention to verifying the LIMWC side connection.
We then noticed the following error in the trace files associated with the
LIMWC side of things:
Try login to ST server = intdomst.cam.itso.ibm.com
m_name = Java Co-Existence Proxym_prevCommunity = nullm_prevLoginId =
nullm_prevAgreedKey = nullm_quickTokenEncrypted = nullm_quickTokenCacheTime
= 0
IPs from Dns:
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
319
IP (0)intdomst.cam.itso.ibm.com/9.33.85.102
Trying to connect to: intdomst.cam.itso.ibm.com/9.33.85.102
VPKernel(0)onLogout: reason = 80000207
3. While we did not have immediate access to the error code 80000207, we knew
that our LIMWC server was up and running, and could see traffic flowing
between the LIM Gateway and LIMWC server via a quick network trace.
Therefore, we double-checked that the LIM Gateway was indeed a trusted
server to LIMWC, and found that we had a typo in the IP address that we
defined as trusted as described in “Trusting the LIM Gateway in LIMWC” on
page 301.
4. After correcting the typo and restarting both the LIMWC and LIM Gateway
servers, the connection to the LIMWC servers succeeded.
IPs from Dns:
IP (0)intdomst.cam.itso.ibm.com/9.33.85.102
Trying to connect to: intdomst.cam.itso.ibm.com/9.33.85.102
Receiver: run started
ConnectionFactory: Connection initialized:
VPKernel(0): Loging in as Java Co-Existence Proxy
VpKernel: Attempting server login
VPKernel(0)onLogin: UserInstance =
{[email protected] name = id = {{,}}
desc = loginId
= {16 09215566,}}
PKernel(0)onSetPrivacyMode: privacyMode = 1
VPKernel(0)onSetPrivacyList: privacyList = Excluding { }
VPKernel(0)onSetStatus: type = 20, time = 0, description =
LoggedIn to ST server = intdomst.cam.itso.ibm.com
Unable to resolve e-mail address for Sametime users
Another issue we experienced was the LIM Gateway working in one direction
only. LIMWC users could see awareness of Lotus Workplace users, and even
send Lotus Workplace users an instant message. However, Lotus Workplace
users always saw LIMWC users as offline, and could not reply to any messages
received.
In this case, we had to dig a little more deeply into the trace files to understand
the issue. We were logging in to the LIMWC environment with the user name
Jane Doe, so we started looking for information and events in the log associated
with this user. We identified the following basic sequence of events with each
login, or status change, from Jane Doe:
STusersSideMgr::onUserLoggedIn -> user = CN=Jane Doe,OU=LWP,O=Redbook,C=BU
server = 0
...
STUserAgent::onUserStatusChanged -> need to find eMail for user {CN=Jane
Doe,OU=LWP,O=Redbook,C=BU,}
320
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
...
Resolver::findUserEmail: user name = CN=Jane Doe,OU=LWP,O=Redbook,C=BU
initiator name
...
Resolver::setFQNuserId: eMailAdd = userFQNid = {CN=Jane
Doe,OU=LWP,O=Redbook,C=BU,}
This specific log entry is a little harder to interpret, since no specific error is listed.
However, after some analysis, we noticed that the Resolver was attempting to
find Jane’s e-mail address, but the result returned was blank. No e-mail address
was returned.
We quickly realized that we had forgotten the key step of ensuring that the LDAP
attribute for user e-mail was clearly defined to the Sametime server. After going
back and updating the Sametime server’s LDAP settings as described in
“Verifying proper LIMWC LDAP configuration” on page 304, everything worked
as expected. The resolver was able to locate an e-mail address for Jane, and all
instant messages and status changes properly flowed through the environment.
Resolver::setFQNuserId: eMailAdd = [email protected] userFQNid = {CN=Jane
Doe,OU=LWP,O=Redbook,C=BU,}
7.5 Summary
In this chapter, we introduced the Lotus Instant Messaging Gateway and its
ability to seamlessly integrate a Lotus Sametime, and Lotus Workplace
environment. We discussed various deployment considerations, installation and
configuration aspects, and provided troubleshooting hints and tips. This paper
should help any reader to better understand the role of the LIM Gateway, and
assist in getting it deployed and working within any environment.
For details about the latest Lotus Sametime products and capabilities, visit:
http://www-306.ibm.com/software/lotus/collaboration/
To download the Lotus technical whitepaper for the Lotus Instant Messaging
Gateway, visit:
http://www-10.lotus.com/ldd/notesua.nsf/find/sametime
For other IBM Redbooks that cover Lotus Sametime and Workplace
technologies, please visit:
http://publib-b.boulder.ibm.com/redbooks.nsf/portals/Lotus
Chapter 7. Integrating IBM Lotus Workplace 2.0.1 with Lotus Sametime 6.5.x
321
322
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
8
Chapter 8.
Integrating Lotus
QuickPlace with Workplace
This chapter discusses the interoperability points available in the IBM Lotus
QuickPlace product, both now, in the 6.5.1 release, and in the future, in the 7.0
release and beyond. The goal is not only to provide some scenarios for
interoperability between existing deployments of QuickPlace and IBM Workplace
Collaboration Services, but also to identify how clients can begin to gather
information about their environment, which will help make decisions in the future
about interoperability plans as functionality in the Workplace Product family
continues to grow.
© Copyright IBM Corp. 2004. All rights reserved.
323
8.1 QuickPlace interoperability potential
IBM Lotus QuickPlace is known for generating widespread and diverse use
cases within organizations. The client base is deploying it in larger and more
complex environments, leading to increased needs for administration and
interoperability capabilities. The broad feature set combined with the ease of use
has led to rapid adoption throughout client firms. Thus, the ideal scenario for
administrators in the QuickPlace environment is to be able to make decisions
about interoperability at the place level, since different places can be used in
significantly different ways. This requires clients to better understand and control
their environments.
The potential administration capabilities that can facilitate interoperability provide
rich opportunities for business partners and clients to innovate in the areas of
reporting, control, and interoperability. With regard to reporting, the goal should
be to provide IT managers with the ability to understand which QuickPlace
features are being used in which places, the size of places and frequency of
usage across the environment, and the delegated administrative structure of
places in the environment. With regard to control, the goals should be to map
IBM Workplace Collaboration Services roles to administrative roles in
QuickPlace, allow clients to have a common set of rules based on the reporting
results, and consolidate the administrative interface both within QuickPlace and
within the broader set of Workplace family of products. With regard to
interoperability, the focus may be to align these administrative capabilities with
the administrative capabilities of the IBM Workplace Products through a common
user interface so that clients can move towards a common managed
environment while maintaining use of the various product areas.
Many companies that are implementing or planning to implement IBM Workplace
Collaboration Services also have large investments in QuickPlace. These
companies want to make sure that they can optimize their infrastructures by
integrating the two environments on both a short-term and a long-term basis.
Some may also want to migrate data, customizations, and users from one
environment to another.
This section also discusses the Team Spaces application template of IBM
Workplace Collaboration Services. While the Team Spaces application in
Workplace Collaboration Services is not intended to be a one-to-one match with
QuickPlace, IBM is providing a specific roadmap for integrating QuickPlace and
Team Spaces based on an XML API that will be delivered in QuickPlace 7.0. In
short, this approach will facilitate the co-existence/integration/migration of
content between the platforms. The potential for integrating specific
customizations within the QuickPlace Product will need to be addressed on a
case-by-case basis.
324
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
For the integration capabilities with IBM Workplace Collaboration Services: Team
Spaces, the roadmap and goals are as follows:
򐂰 To provide the XML API for data and customization access to QuickPlace
content
򐂰 To build a QuickPlace business component within the Team Spaces
application to provide integration capability
򐂰 To focus first on data migration and co-existence, and finally on customization
migration and co-existence
8.2 QuickPlace 6.5.1 integration points
Clients who have deployed the 6.5.1 release of QuickPlace should feel confident
that certain aspects of interoperability can be achieved with their existing
deployment, and should be able to make the decision to upgrade to the 7.0 or
future releases only if the added functionality merits the upgrade. Thus, it should
not be assumed that interoperability requires the upgrade, if the desired value
can be achieved with the XML API of QuickPlace 6.5.1.
QuickPlace 6.5.1 allows control and management of certain aspects of the
server via XML, which is processed in the Java API of QuickPlace. Detailed
information about using this API, either through the command line interface of
qptool or the Java API included in quickplace.jar, is available in the IBM Lotus
Team Workplace 6.5.1 Developers Guide at:
http://doc.notes.net/uafiles.nsf/docs/TW651/$File/TW651DG.pdf
QuickPlace provides administrative control via XML, allowing administrators to
query for the servers, places, and members in the QuickPlace environment. XML
can also be used to provide instructions for place or place type level archiving,
upgrades, sending weekly or daily newsletters, repairing a place or refreshing the
design of a place. Limited data management is also provided at the place level; it
is possible to create and remove places, as well as add, remove, rename, and
update profile information for members. Finally, it is possible to send search
commands through the XML API to search for data across the QuickPlace
deployment.
8.2.1 Using a Java servlet to access QuickPlace's XML API
Since all of the above commands are sent via XML, and the results are returned
via XML, it is possible to write an application that interacts with QuickPlace
without requiring Domino or C++ skills. Domino 6.5.1 allows the use of Java
servlets on the server; for details on how to set up a servlet on a Domino server,
Chapter 8. Integrating Lotus QuickPlace with Workplace
325
consult the article "Domino Development with Servlets” on IBM developerWorks,
at:
http://www-128.ibm.com/developerworks/lotus/library/ls-servlets/index.html
Setting up a servlet on the Domino server to accept a set of instructions in the
QuickPlace XML schema would allow remote access to the appropriate
instructions.
The following example shows how a remote application, such as an application
within Workplace Collaboration Services, would access QuickPlace to create a
place, add a member, and then search the place's contents. It assumes
familiarity with setting up a servlet in Domino, and with the QuickPlace API, both
described in documents referenced above.
Here are the steps we followed in our example.
1. First, ensure you have the required configuration: A QuickPlace server
running on a Domino server, with an LDAP directory configured for a user with
QuickPlace.
2. For the initial setup, enable servlets on the Domino server, using the steps in
the developerWorks article cited above.
3. Write Java code that takes in an instruction set via XML as a string, calls the
QuickPlace API, and returns the results as a string.
a. Set up the class and main method. Include the com.lotus.quickplace.api
class (included in the Domino program directory's quickplace.jar); see
Example 8-1.
Example 8-1 Setting up the class and the main method
package QPServletExample;
import
import
import
import
import
import
import
import
java.net.*;
javax.servlet.http.*;
java.util.*;
java.io.*;
javax.servlet.*;
org.apache.xerces.parsers.*;
org.w3c.dom.Element;
org.xml.sax.*;
import com.lotus.quickplace.api.*; //For TW XML API
public class QPServletExample extends HttpServlet {
b. Implement the doPost method and read the servlet request into a string;
see Example 8-2 on page 327.
326
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Example 8-2 Inserting the doPost method
public void doPost(HttpServletRequest request, HttpServletResponse response)
throws java.io.IOException{
InputStream instr = request.getInputStream();
if(instr != null && instr.available() > 0)
{
String inputXML = "";
InputStreamReader isrdr = new
InputStreamReader(instr, "UTF8");
BufferedReader bfr=new BufferedReader(isrdr);
String line = "";
while ((line = bfr.readLine()) != null)
if (line.length() > 0)
inputXML += line;
instr.close();
isrdr.close();
bfr.close();
c. Inputs to the method are XML instructions and an LDAP Distinguished
Name of the user to perform the instruction set in <qpdn> tags. Output is
an XML stream, as shown in Example 8-3.
Example 8-3 XML instructions as an input method
String sessionDN = inputXML.substring(
inputXML.indexOf("<qpdn>")+6,
inputXML.indexOf ("</qpdn>"));
inputXML = inputXML.substring(0,
inputXML.indexOf("<qpdn>"));
response.setContentType(
"text/xml; charset=utf-8");
} else {return}
d. Transform the user DN into an org.w3c.dom.Element object.
Example 8-4 Transforming user DN into org.w3c.dom.Element object
DOMParser parser = new DOMParser();
Element session = null;
sessionDN = "<session><person><dn>" +
sessionDN + "</dn></person></session>";
StringReader sessionSR=new StringReader(sessionDN);
Chapter 8. Integrating Lotus QuickPlace with Workplace
327
InputSource sessionIS = new InputSource(sessionSR);
parser.parse(sessionIS);
session= parser.getDocument().getDocumentElement();
e. Transform the XML instructions into an org.w3c.dom.Element object.
Example 8-5 Transforming XML instructions into an org.w3c.dom.Element object
Element input = null;
StringReader inputSR = new StringReader(inputXML);
InputSource inputIS = new InputSource(inputSR);
parser.parse(inputIS);
input = parser.getDocument().getDocumentElement();
f. Call QPAPI.process() with the above input; this will execute the
QuickPlace code to interact with QuickPlace.
Example 8-6 Calling QPAPI.process()
QPAPI.process( session, input);
g. Transform the returned XML tree and put it in the response object.
Example 8-7 Putting returned XML into the response object.
String xmlOutput = DOM2Writer.nodeToString(input);
PrintWriter output = response.getWriter();
output.println(xmlOutput);
output.flush();output.close();
return;
}
4. Identify the newly created servlet in the Domino server setup according to the
steps in the Domino servlet article referenced above.
5. The servlet can be accessed by sending the command via a URL or HTTP
Post. The result code returned via XML can be used to render a result to the
client's browser window, either noting success or failure, or rendering search
results.
Consult the Team Workplace Developer's Guide for XML instructions that can
be passed to the QuickPlace server.
328
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
8.2.2 Using a Web Service to access QuickPlace's XML API
The following article on IBM developerWorks describes the use of Web services
to access QuickPlace's My Places data: "Creating a Web Services Interface to
QuickPlace My Places,” found at:
http://www-10.lotus.com/ldd/today.nsf/lookup/WebServicesQP
The example in this article uses the Domino Java API to directly access the view
in PlaceCatalog.nsf, which contains the place membership information, and then
return this as XML. Using the structure of this article to design the Web service,
but then using the QuickPlace Java/XML API as in the above servlet example, it
is possible to access any QuickPlace XML API call via a Web service. The Web
service would simply take in the XML instruction set as an input, and call
QPAPI.process(), exactly as in the above servlet example, then return the output
as XML. Note that in the 7.0 release of Domino, a Web service creation interface
will be available in the Domino Designer, similar to the Agent creation interface
currently available.
8.3 Planning for future versions
In future releases, extended capabilities in QuickPlace will allow for greater
interoperability between QuickPlace and the IBM Workplace Collaboration
Services products. As these capabilities are introduced, it becomes more
important for QuickPlace environments to be better understood. The following list
includes specific elements of the QuickPlace environment that may be relevant to
consider when building tools that will aid in deciding what level of interoperability
to seek on a place-by-place basis.
򐂰 Reporting
– Place level
•
Form usage: Which forms are being used?
•
Field usage: Statistics for a field in a custom form.
•
Place size/room size.
•
Active versus inactive places, using whichever metric is appropriate for
the client.
•
Collaborative versus broadcast places, using whichever metric is
appropriate for the client.
– Server level
•
Managed places for a given user.
Chapter 8. Integrating Lotus QuickPlace with Workplace
329
•
Offline logging and tracking to determine which places are heavily used
offline.
򐂰 Control
– Newsletter: Use of the XML API to control frequency of all content
notifications across QuickPlace and other products.
– User interface: Use of the XML API to provide a common area for
managers to provision QuickPlaces and other content stores such as
Team Spaces.
Many of the above areas are under consideration for future releases of
QuickPlace, but it is important to note that the existing API provides access to the
relevant data required to produce the functionality described above from a
third-party application running on top of the 6.5.1 release. Two specific examples
of application development potential for business partners to assist the
QuickPlace integration story with Team Spaces and other Workplace
Collaboration Services are listed below.
򐂰 Common administration interface for provisioning places
The place creation API currently available in QuickPlace can be leveraged to
create a common interface for users to create places and team spaces, based
on whichever is appropriate for their particular situation.
򐂰 Analysis for types and levels of place usage
Many of the decisions described above require a deep understanding of both
the type and level of usage of particular places. Analysis tools can be built to
report on the forms used to create data in QuickPlace, the membership
structure and levels recent usage, and the use of QuickPlace features such as
document threading and workflow. This data is currently available via the
NSFs used to store place data, and will be more readily reported in the
upcoming XML API enhancements for the Lotus QuickPlace 7.0 release.
Additionally, there exists a set of detailed design differences between QuickPlace
and Team Spaces, discussed in 8.7, “Functional differences: QuickPlace and
IBM Workplace Collaboration Services Team Spaces” on page 341. These
require either an acknowledgement that the differences are permanent by
design, or an effort to implement a co-existence or integration capability between
the two products.
8.4 QuickPlace 7.0
The planned capabilities in QuickPlace 7.0 provide QuickPlace business
partners and developers the potential for building applications that exploit the
openness of the QuickPlace architecture.
330
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 8-1 illustrates the QuickPlace XML object model. This diagram shows the
expanded XML object model coming in the QuickPlace 7.0 release. Access will
be provided, via XML, to the entire QuickPlace structure, content, and
membership areas.
The possibility of XML export and import on the fly, to and from Lotus Workplace
(perhaps into IBM Workplace Collaboration Services Team Spaces), allows the
two collaborative solutions to coexist with a common user interface that does not
require complete data migration. XML also provides a more open means of
archiving QuickPlace content for long-term storage, as opposed to the current
functionality, which archives QuickPlace data into an NSF that requires a Domino
infrastructure to access.
Figure 8-1 QuickPlace XML object model
The XML capabilities of QuickPlace have the potential to be combined with
similar XML functionality in other products such as IBM Domino Document
Manager and competitive products. This would allow the import of external data
into the QuickPlace environment.
Even within QuickPlace, the XML improvements have an impact. A popular client
request has been to be able to move portions of one place to another; for
example, a custom form created in one place can easily be exported via XML,
and processed via an XML engine to create instructions to import this same form
to another place.
Chapter 8. Integrating Lotus QuickPlace with Workplace
331
8.5 QuickPlace and Workplace Collaboration Services:
Team Spaces
The integration of QuickPlace as a business component in IBM Workplace
Collaboration Services Team Spaces is one option that can demonstrate future
potential for integration. This is not currently available out of the box, but
demonstrates a potential integration scenario that preserves investment in
QuickPlace with a lower total cost of ownership than that associated with being
forced to migrate data and customizations into the Workplace environment. For
more information about this, please see the Redpaper Building a Component for
IBM Workplace, REDP3952, at:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3952.html?Open
This option allows a group already collaborating in a QuickPlace to create a
Team Space, then associate their old QuickPlace with the new Team Space. The
high value integration points can be addressed first:
򐂰 Membership integration: when a member is added/removed from Team
Space, the appropriate membership action is performed in the QuickPlace.
򐂰 Search integration: When a search is done within the context of a Team
Space, the search query is also passed to the QuickPlace and results from
both are returned.
򐂰 Portlet for QuickPlace: The QuickPlace will be rendered as a portlet in the
Team Space so that the UI customizations and experience can be preserved
when working in that context.
As shown in Figure 8-2 on page 333, a QuickPlace place is integrated as a
business component within Team Spaces. Membership and search are shared
between the Team Space and place, and the place is viewable through a portlet
in the Team Space.
332
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Figure 8-2 Rendition of a potential integration scenario with IBM Workplace Collaboration
Services Team Spaces
The next steps for integration follow a similar path of performing higher value
integrations first:
򐂰 Tasks/calendar entry migration: Since these maintain a consistent data
format, they can be migrated to Team Spaces with a lower cost than that
associated with typical data.
򐂰 Data migration: Data can gradually be migrated to Team Space, with active
data moving first. Note that the business component option allows
interoperability without any pressure to ever migrate data, or migrate portions
of the data, as appropriate.
򐂰 Shared forms template: Forms that are created in QuickPlace can be
migrated as shared form templates in Team Spaces.
These future directions demonstrate that coexistence and interoperability can be
achieved with tremendous flexibility: Individual clients should be prepared to
make decisions based on the balance between value offered by specific
components of Team Spaces and cost of integration/migration with QuickPlace,
with no decisions being forced upon clients. As stated previously, it is also
important to note that the design of QuickPlace and certain functional elements
will never match one-to-one with Team Spaces since the underlying architecture
and inherent design are different. QuickPlace will still continue to offer value to
clients, even if it is within the context of co-existence for the longer term, rather
than full integration with Workplace.
Chapter 8. Integrating Lotus QuickPlace with Workplace
333
8.5.1 QuickPlace: IBM Workplace Collaboration Services Team
Spaces integration scenarios
The following example scenarios describe capabilities required for typical client
scenarios related to the integration of QuickPlace with Team Spaces. These
example scenarios may exist on a place-by-place or server-wide basis, based on
the client's environment, to build an integrated environment that leverages both
offerings.
򐂰
򐂰
򐂰
򐂰
Active Lotus QuickPlace Places with minimal customization
Active Lotus QuickPlace Places with significant customization
Inactive Lotus QuickPlace Places
Hybrid environments
Active places, minimal customization: Migrating active places
to Team Spaces
After reviewing the comparison tables below, if an active place fits into the Team
Space’s application template model, one option is to fully migrate the place to a
Team Space. Upcoming functionality in the QuickPlace 7.0 release can be used
to extract QuickPlace data and customization information to XML. Once Team
Spaces supports data import, the XML can be imported into Team Spaces to
form a workplace application for the team. The benefit of this option is a
consolidated environment where the need for duplicate server maintenance is
lessened.
Active places, significant customization: Creating a Team
Workplace component in Team Spaces
The Lotus Workplace API can be used to create a Workplace Component that
incorporates a specific place into the Team Space application. In this
environment, one Team Space is associated with one place, and both server
platforms are maintained. The QuickPlace UI for the place is rendered in an
HMTL iFrame displayed within the Team Space. Membership is shared between
the Team Space and the place. This would allow the QuickPlace functionality to
remain accessible alongside the Team Space functionality. The QuickPlace
search API can also be utilized to federate a search across QuickPlace data. For
more information about components in Workplace, please see the Redpaper
Building a Component for IBM Workplace, REDP3952, at:
http://www.redbooks.ibm.com/redpieces/abstracts/redp3952.html?Open
Inactive places: Archive inactive QuickPlace places
In an integrated environment, certain places that no longer have active usage
may be archived so that they remain searchable but minimize the maintenance
required for the QuickPlace server. In the current 6.5.1 release of QuickPlace,
archival to an NSF is supported. In the upcoming 7.0 release, archival to XML
334
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
format is possible; this would allow data to be imported into the DB2 environment
of Workplace, and made searchable without requiring the Domino server.
Hybrid scenarios
It is important to note that the above options can be combined, even at the place
level. If a Workplace component is used to bring a place into a team space, the
place managers may decide that it is appropriate to bring some of the
functionality of the place into the team space directly. For example, a forms
template may be created for a custom form from the place. Certain data, such as
discussion threads from the place, can be migrated individually, via the
QuickPlace 7.0 XML API. It may even be appropriate to move some of the place
data to archival status within the Workplace environment.
8.6 Design comparison: QuickPlace and IBM Workplace
Collaboration Services Team Spaces
This section is intended to provide information about workspace design
differences between the two products. When building an integrated environment,
decisions will have to be made on a place-by-place basis about how to map the
design of QuickPlace to the design of Team Spaces.
8.6.1 QuickPlace design elements
The following section reviews the design elements used in QuickPlace. It also
provides a hierarchical illustration of the level of design elements.
򐂰 Place: Container for team collaboration "rooms.”
– Room: CONTAINER for "folders" and "forms":
•
Folder: Container for documents, created from forms.
•
Documents: Each can include a variety of fields ranging from rich text
with embedded images to date-time and member list selection.
– Forms: Contains a set of field names and types comprising a data schema
for documents created from the form.
򐂰 Access levels: Manager, Editor (coming in QuickPlace 7.0), Author, Reader.
Levels are applied at the room level and can also be applied to particular
documents.
Chapter 8. Integrating Lotus QuickPlace with Workplace
335
8.6.2 IBM Workplace Collaboration Services Team Spaces elements
The following section reviews the design elements used in Team Spaces within
Workplace Collaboration Services. It also provides a hierarchical illustration of
the level of design elements.
򐂰 Team Spaces: Container for team collaboration elements listed below.
– Document Libraries: Nested folders containing documents created via a
document form.
– Discussion Forums: Threaded contextual discussion that can be
associated with particular documents and document libraries.
– Tasks: Library of team tasks created via a task form.
– Form Templates: Documents from custom forms created server-wide. One
template exists per form, with information about display.
򐂰 Access levels: Moderator and Contributor. Roles can be defined that map
each of these two levels to particular document libraries and discussion
forums.
336
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Table 8-1 Object model comparison
QuickPlace
IBM Workplace
Collaboration
Services Team
Spaces
Relevant factors to consider
Place
Team Space
Access control roles may be different;
see Table 8-2.
Team Space
If rooms represent largely independent
collaboration spaces with significant
membership differences from the
parent room, a new Team Space is the
best option.
One Document
Library + One
Discussion Forum
If rooms are used as a logical subset of
the place, and membership is relatively
similar to that for the place, it is
possible to map one room to the
combination of one document library
and one discussion forum.
Folder
If membership in the room is identical
to that for the place, the room can be
represented as a folder, especially
since nested folders are currently
supported in Team Spaces.
Folder
Folder in Document
Library
Column display is not controllable in
Team Spaces as it is in QuickPlace.
Also, specific folder types need to be
mapped as appropriate; see specifics
in Table 8-2. Note that folders in
subrooms can be placed in Team
Spaces and preceded by the
QuickPlace room name.
Form
Form Template
Forms are accessible server-wide in
the forms template portal to anyone
who has access to the forms template.
Document
Document in
Document Library
Responses to a document must be
made in the associated discussion
forum, and are limited to text, rather
than full documents.
Object Model
Room
Field
Specific field types in QuickPlace may
not be available in Team Spaces; in
these cases, existing data can be
mapped to HTML.
Chapter 8. Integrating Lotus QuickPlace with Workplace
337
Folder Types
Table 8-2 Folder type comparison
338
QuickPlace
IBM Workplace
Collaboration
Services Team
Spaces
Relevant factors to consider
Discussion
Discussion Forum
QuickPlace discussion documents
are full documents, so it might be
necessary to use a document library
with associated forums, depending
on the usage of the folder.
Simple List
Doc. Library
These are the easiest to migrate.
Headline
Doc. Library
In QuickPlace, these usually
represent five or fewer pages; future
potential exists to programmatically
create a UI with links to mimic the
headline display of QuickPlace.
Slide Show
Doc. Library
In QuickPlace, these are usually 30
or fewer pages; future potential exists
to programmatically create a UI with
"back" and "next" links to mimic the
slideshow display.
Ordered List
Doc. Library
This is a Simple List folder with an
extra field for the order. A re-ordering
option is not available in Team
Spaces, but the current order in
QuickPlace is maintainable.
Folder linked to a
Form
Form Template
In Team Spaces, a form contains the
display information and the data
schema. Thus, if the same data
schema is required with multiple
column display views, different forms
must be created.
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Doc.Types
Table 8-3 Doc type comparison
QuickPlace
IBM Workplace
Collaboration
Services Team
Spaces
Relevant factors to consider
Page
Document
If specific non-supported fields exist,
page can be converted to HTML and
imported as HTML.
Task
Tasks
Can map to Team Space tasks with
limitations.
Calendar
Team Calendar
component?
Places using calendar pages created
from any form will be limited to using
the calendar entry form.
Imported Page
Document
The original source document will be
stored as a document attachment
along with the generated HTML.
Chapter 8. Integrating Lotus QuickPlace with Workplace
339
Table 8-4 Custom elements comparison
QuickPlace
IBM Workplace
Collaboration
Services Team
Spaces
Relevant factors to consider
Text/HTML
Document
The Plain Text, Text Area, and Rich
Text fields can exist in Team Spaces
without the embedded images and
graphic text support of QuickPlace.
Pop-up List
Date-Time
Name
Document
Task
Task
Attachments
Attachments
Custom
Non-Editable fields
340
The various Date-Time fields in
QuickPlace are only available in the
Calendar and Task form.
The ability to include a field that
displays a list of all members in the
place is not available.
Non-editable fields in QuickPlace
forms such as Notification, Static
Rich Text, Author, Creation Date,
Last Editor, Last Modified, Size, and
Serial Number need to be rewritten
using the Workplace designer. Future
potential exists to have this done
programmatically.
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Table 8-5 Membership comparison
QuickPlace
IBM Workplace
Collaboration
Services Team
Spaces
Relevant factors to consider
Manager
Moderator
The Moderator role can be applied
directly to any discussion forum.
Editor
Author
Contributor
Reader
Contributor
Each member's ability to subscribe to
notifications and calendar events and
indicate a need for handicapped
accessibility does not have
equivalent mappings in Team
Spaces.
Membership
Member Info
There is no option for a Reader in
Team Space; broadcast-style places
with a large readership and minimal
contributors will have to decide if
existing readers can become
authors.
8.7 Functional differences: QuickPlace and IBM
Workplace Collaboration Services Team Spaces
This section is intended to provide information about the current and future
potential for functionality to map from QuickPlace to Workplace Team Spaces.
Plans about whether to migrate data between environments, build a Workplace
component to integrate, or redesign team workspace applications should be
made with an understanding that product functionality will continue to evolve, and
facets of an integrated environment such as common search, membership, and
provisioning can add value to merit investment in integration.
Table 8-6 provides a functional comparison between QuickPlace and IBM
Workplace Collaboration Services Team Spaces.
Table 8-6 Functional comparison
Function
Current status and future potential
PlaceBot
- Domino agents will not work on DB2 data storage in Team Spaces.
- If the code is preserved, application logic can be rewritten by
Workplace designer.
Chapter 8. Integrating Lotus QuickPlace with Workplace
341
342
Function
Current status and future potential
Theme
- Overall color scheme from a theme can be similarly controlled in a
Team Space.
- Document library and form template look and feel is controlled by
the relevant portlets, not by the Team Space, so skins such as Page
and Folder will not map.
- Room level themes will apply if the rooms are mapped to individual
Team Spaces.
- In migration scenarios, all theme information should be preserved
so that future potential to control look and feel of associated portlets
can be leveraged.
Folder Image
- Folders in document libraries do not have a mechanism for
displaying an image as a logo. However, the folder image can be
preserved as a document within the folder.
Place logo
- Team Spaces do not have a mechanism for displaying a logo.
Place
Types
- Place Types are Domino templates, which will have to be rebuilt as
Workplace templates using the Workplace/Team Spaces object
model.
- Future potential exists for ISV developed tooling to translate
PlaceTypes.
Table of
Contents
- The Team Spaces table of contents provides separate access to the
different elements: Document libraries, discussion forums, form
templates, and tasks.
- Potential exists to build a table of contents as a set of links to the
various elements designated as items in the TOC.
Notifications
- Electronic mail notifications are not currently used in Team Spaces.
- Future potential exists for generated messages based on the data
added to a Team Space. If this exists, decisions made in the place to
send notifications about calendar events and daily versus weekly
newsletters will be preserved.
Workflow
- Documents in Team Spaces do not currently have the ability to have
a workflow associated with them.
- Future product releases will support this.
Incoming Mail
- It is not currently possible to send an e-mail to an address
associated with a Team Space and have the contents of the e-mail
appear as a document in the Team Space. Business processes
designed around e-mailing a place can be redesigned within the
Workplace environment to develop different methods of input.
- Future product releases will support this functionality, at which point
existing places can migrate mail-in processes to Team Spaces.
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Function
Current status and future potential
Offline
- Team Spaces use the Workplace offline experience, driven by IBM
Workplace Managed Client.
- Thus, the user experience when offline is different from the online
browser experience, as opposed to the QuickPlace offline
experience, which maintains the browser interface.
Local
Users/Groups
- The only users supported in Team Spaces are LDAP users.
- This will require clients in an extranet environment to open a branch
of their LDAP directory to be able to create user accounts for extranet
users.
- If the Workplace Component model is used for integration, local
users will remain supported only for access to the specific
QuickPlace data.
Chapter 8. Integrating Lotus QuickPlace with Workplace
343
344
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Related publications
The publications listed in this section are considered particularly suitable for a
more detailed discussion of the topics covered in this redbook.
IBM Redbooks
For information about ordering these publications, see “How to get IBM
Redbooks” on page 347. Note that some of the documents referenced here may
be available in softcopy only.
򐂰 A Deeper Look into IBM Directory Integrator, REDP-3728-00
http://www.redbooks.ibm.com/abstracts/redp3728.html?Open
򐂰 A First Glance at IBM Directory Integrator: Integrating the Enterprise Data
Infrastructure, REDP-3729-00
http://www.redbooks.ibm.com/abstracts/redp3729.html?Open
򐂰 Building a Component for IBM Workplace, REDP3952
http://www.redbooks.ibm.com/redpieces/abstracts/redp3952.html?Open
򐂰 Domino 6.5.1 and Extended Products: Integration Guide, SG24-6357
http://www.redbooks.ibm.com/abstracts/sg246357.html
򐂰 Domino Application Portlet: Configuration and Tips, REDP3917
http://www.redbooks.ibm.com/redpieces/abstracts/redp3917.html
򐂰 Flexible authentication solution with IBM Tivoli Directory Integrator and IBM
WebSphere Portal, REDP-3816-00
http://www.redbooks.ibm.com/abstracts/redp3816.html?Open
򐂰 IBM WebSphere Application Server V5.1 System Management and
Configuration WebSphere Handbook Series, SG24-6195-01
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246195.html?Ope
n
򐂰 IBM WebSphere Portal for Multiplatforms V5 Handbook, SG24-6098-00
http://www.redbooks.ibm.com/Redbooks.nsf/RedbookAbstracts/sg246098.html?Ope
n
򐂰 Lotus Domino 6.5.1 and Extended Products Integration Guide, SG24-6357
http://www.redbooks.ibm.com/abstracts/sg246357.html?Open
© Copyright IBM Corp. 2004. All rights reserved.
345
򐂰 Lotus Workplace 2.0.1 Products: Deployment Guide, SG24-6738
http://www.redbooks.ibm.com/abstracts/sg246378.html?Open
򐂰 Understanding LDAP - Design and Implementation, SG24-4986-01
http://www.redbooks.ibm.com/abstracts/sg244986.html
򐂰 Using LDAP for Directory Integration, SG24-6163-00
http://www.redbooks.ibm.com/abstracts/sg246163.html?Open
Other publications
These publications are also relevant as further information sources:
򐂰 "Creating a Web Services Interface to QuickPlace My Places”
http://www-10.lotus.com/ldd/today.nsf/lookup/WebServicesQP
򐂰 "Domino Development with Servlets”
http://www-128.ibm.com/developerworks/lotus/library/ls-servlets/index.html
򐂰 Getting Started with TDI
http://publib.boulder.ibm.com/infocenter/tiv2help/index.jsp?topic=/com.ibm.
IBMDI.doc/gettingstarted.htm
򐂰 IBM Lotus Team Workplace 6.5.1 Developers Guide
http://doc.notes.net/uafiles.nsf/docs/TW651/$File/TW651DG.pdf
Online resources
These Web sites and URLs are also relevant as further information sources:
򐂰 Domino 6 Administration Help
http://www-10.lotus.com/ldd/notesua.nsf/6c87a7297ac2aa718525698100519109/1a
9c0035042e3e9d852569930062f063?OpenDocument
򐂰 IBM InfoCenter
http://www.ibm.com/software/webservers/appserv/infocenter.html
򐂰 inetOrgPerson object - Full specification
http://www.ietf.org/rfc/rfc2798.txt
򐂰 Java
http://www.java.com
򐂰 Java-based LDAP Browser/Editor
http://www.iit.edu/~gawojar/ldap/
346
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration
򐂰 LDAP browser from Softerra
http://www.ldapbrowser.com
򐂰 Lotus Developerworks site
http://www-106.ibm.com/developerworks/lotus/library/
򐂰 Lotus Documentation Web site
http://www.lotus.com/ldd/doc
򐂰 WebSphere Portal and Lotus Workplace Catalog
http://catalog.lotus.com/wps/portal/portalworkplace
򐂰 Workplace Collaboration Services Information Center
http://www.lotus.com/ldd/doc
򐂰 Workplace Information Center
http://www-10.lotus.com/ldd/notesua.nsf/find/workplace
How to get IBM Redbooks
You can search for, view, or download Redbooks, Redpapers, Hints and Tips,
draft publications and Additional materials, as well as order hardcopy Redbooks
or CD-ROMs, at this Web site:
ibm.com/redbooks
Help from IBM
IBM Support and downloads
ibm.com/support
IBM Global Services
ibm.com/services
Related publications
347
348
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration
Index
A
Access Control List 138
Access page 109
Accessing native Notes Databases through the
Notes plug-in 39
Accessing Notes Mail through the plug-in 37
Accessing the Calendar through the Notes plug-in
38
ACL 138
Active Directory 50, 61, 65
Activity Explorer 42
Activity explorer 39
Activity explorer navigation 42
Add attribute to Queriable Attribute Types 243
Add Directory Assistance - Basics tab 228
Add Directory Assistance - LDAP tab 229
Add directory assistance database file name to
Domino server document 231
Add Domino to Lotus Workplace Messaging Trusted
IP addresses list 221, 234
Adding dominoUNID to the Domino Directory 161
Address Book 64, 192, 207–208, 251
administration portlets 108
administrative console
adminconsole.ear 92
application 92
changing the session timeout for the adminconsole application 94
filters 99
home page 95
logging in 92
preferences 95
scope 98
starting 92
administrative server 109
AIX system requirements 48
An example of using the Base DN value 69
Apache HTTP server 50
application programming interface (API) 19,
324–326
applications
starting and stopping 105
assets 128
© Copyright IBM Corp. 2004. All rights reserved.
attributes 64
Authentication UI 184
B
Base Distinguished Name
see BaseDN
base DN 69, 159–160, 229
BaseDN 69
Basics tab for Global domain document 218
Benefits of the IBM Workplace model 5
branding 127
Browse the WAR file for installing portlet 139
C
Caching UI 185
Calendar Portlet 31, 192
Calendar portlet 30
Cascading Style Sheet (CSS) 127, 129
cell 90–91
Change theme title and language using set locale-specific titles option 134
Change User security settings in Notes client 261
Check for the portlets that will be installed 140
classes 127
Client software requirements 51
cloning 146
Cloudscape database 49
CLP window opened from a DOS window 80
cluster 96
Collaboration Center 285
ColumnContainer.jsp 131
Command Line Processor (CLP) 79, 81–82
Common PIM Portlet (CPP) xi, 2, 26, 29, 179, 193,
195
CommunityConnectivity document 303
Complete Enterprise Option (CEO) 20
concrete portlet application 148
configuration change 92–93, 95, 106, 235
Configuring LIMWC to accept LIM Gateway connections 301
Configuring Lotus Workplace to accept LIM Gateway connections 305
Configuring the Common PIM Portlet 195
349
Configuring the Domino Web Access portlet 190
Configuring the Domino Web Access portlet - Manually 192
Configuring the LIM Gateway (IMAProxy.properties)
306
Confirmation message for the new page 121
Confirmation message on the changes made to the
portal resource 116
console
See administrative console
Contact Information 259, 268
Contacts Portlet 193
Content pane toolbar 73
contents pane 72–74
Control Center 71–73, 78–79
Contents pane 74
general information 75
menu items 72
Control Center in Start Menu 77
Control Center menu 72
Control.jsp 130–131
Conversions tab of Global domain document 219
CPP Roadmap 2004-2005 28
CPU and memory requirements 47
Create a new item 102
Create a New Label 123
Create directory assistance database on Domino
227
Create mail accounts in Lotus Workplace for users
to be migrated 253
Creating a new page 120, 126
custom form 329, 331, 335–336
D
DAP - Access to configuration menu 182
DAP - Edit UI 187
Database managed space (DMS) 87
DB2 49
DB2 - Overview and related skills 70
DB2 administration 63
DB2 CLP window opened from the start menu 80
Debug UI 186
decorations 127
default portal skin 136
default skin 130, 133
Deleting an item 104
demonstration deployment
single server 55
350
Deployment Manager
starting 92
starting and stopping 106
deployment planning 48
CPU and memory requirements 47
hardware requirements 47
HTTP servers 50
IBM Workplace Client Technology - Rich Client
Edition 51
required fix packs for DB2 49
supported browsers 51
supported client operating systems 51
supported LDAP directories 50
supported mail clients 52
supported relational database systems 49
supported server operating systems 48
supported versions of WebSphere Application
Server 49
supported versions of WebSphere Portal 50
Deployment scenarios 53
deployment scenarios
single server (demonstration) 55
two-tier deployment (dual server) 58
deployment topologies 55
Description information 108
Diagram for mail migration process - part 1 255
Diagram for mail migration process - part 2 256
directory assistance 165, 223, 225–226, 228
Directory considerations 288
Directory Information Tree (DIT) 156
Directory Integrator 62
Displays help for getting started with Control Center
75
Distinguished Name 67
Distinguished Name (DN) 229–230, 254
dmgr 90–92
See also Deployment Manager
starting 92
DN 67
Document Library 336, 342
Document Properties dialog box for a Domino user
246
Document Properties dialog box for a Lotus Workplace Messaging user 246
Domain Name System (DNS) 207, 209
Domino 6.5 10
Domino 6.5.1 325
Domino Administrator 46, 63, 162, 166, 214,
216–217
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Register user 239
Domino and Lotus Workplace Messaging as separate systems 213
Domino application as seen through DAP. 188
Domino Application Portlet 181
Domino Directory 24, 26, 153, 161–162, 212, 217,
222, 231
default schema 162
full text index 168
Lotus Workplace Messaging users 238
ShortName value 266
Domino LDAP integration with Workplace 155
Domino LDAP Specific Requirements 161
Domino server 52, 60, 165–167, 182–184,
214–216, 325–326, 328, 335
anti-relay check and/or DNS verifications 234
anti-relay checks and/or DNS verifications 220
Domino canonical name 262
following command 167
IP Address 262
IP address 232
notes.ini file 258
Domino User 62, 212, 222–224, 232, 235
Domino user
Document Properties dialog box 246
mail messages 237
Then select Person documents 245
Domino Web Access 18–19, 180, 188–189, 195,
259
Domino Web Access - Instance 191
dominoUNID 161–163
dominoUNID attribute 165
E
Edit Domino Source Server 187
Edit mode 200
Edit Page Layout 118
Edit Page Properties 116
Edit Properties for Creating New Label Portlet 124
Edit Theme 135
Editing a portlets’ properties 189, 196
Editing application server properties 101
e-mail address
mail domain 254
Enable SMTP listener in Domino Server document
216
Enabling SMTP in Domino Configuration Settings
document 215
ePerson 66
error/trace message 307, 316
Example for add simple action in agent 245
Example for connecting three LIM Gateways with
three LWP servers 295
Example for create an agent 244
Example of a GUI LDAP Browser 160
Example of configured Common Mail Portlet 203
Example of Domino mail cell settings 248
Example of Lotus Workplace Messaging mail cell
settings 247
Example to connect multiple LWP servers to multiple LIMWC servers 297
Example troubleshooting 318
Existing portlets
QuickLinks 180
Web clipping portlet 180
Web page portlet 188
Expertise and skills required 60
Extending the reach of existing Notes and Domino
Applications 179
extld attribute 161, 170, 178
F
Fill in Forwarding Address for the Lotus Workplace
Messaging user 240
Filter icon 74
FixPak 4a for DB2 49
Four-tiered architecture 54
four-tiered architecture 54
Functionalities associated with the icons 115
G
Graphical LDAP Browsers 159
Graphical representation of hierarchy in LDAP tree
161
H
Hardware requirements 47
hardware requirements 47
Hierarchy of database objects 84
High-level installation and configuration steps 299
host name 171
How the LIM Gateway works 277
How the LIM Gateway works with LIMWC users
278
How the LIM Gateway works with LWP users 280
Index
351
HTML tags 127
HTTP servers 50
I
IBM DB2 19, 21, 49, 53, 207
database management 20
folder 77
IBM DB2 Universal Database Enterprise Server Edition Version 8.1 49
IBM Directory Server, Version 4.1 50
IBM Directory Server, Version 5.1 50
IBM HTTP Server 50
IBM Lotus Collaborative Learning 53, 55
IBM Lotus developer toolkit 286
IBM Lotus Domino 12, 18, 50, 183–184, 207
IBM Lotus Domino Application Portlet 185
IBM Lotus Domino at the foundation of the road to
IBM Workplace 11
IBM Lotus Domino Directory Assistance 50
IBM Lotus Domino Document Manager 18
IBM Lotus Domino Server 171
IBM Lotus Instant Messaging 18, 24, 27, 271
IBM Lotus instant messaging technology 273
IBM Lotus Notes at the foundation of the road to IBM
Workplace 12
IBM Lotus Team Collaboration 53, 55
IBM Lotus Team Workplace xi, 2, 18
IBM Lotus Workplace
2.0.1 49, 51
Collaborative Learning product 56
component product 55, 58
deployment option 54
deployment type 55
IBM Lotus Workplace demonstration deployment
(single-server) 57
IBM Lotus Workplace deployment types 55
IBM Lotus Workplace Messaging 53, 55, 207
IBM Lotus Workplace Messaging product 56
IBM Lotus Workplace pilot deployment (two servers)
59
IBM Lotus Workplace product 54
IBM Lotus Workplace Team Collaboration 2.0.1
272
IBM TDS 61
IBM Tivoli Directory Integrator
CD 256
further information 62
high level overview 60
352
product 256
server 262
IBM Tivoli Directory Integrator (IDI) 50, 60, 62, 252,
254, 256
IBM Workplace xi, 1, 3, 20, 23–25, 47, 50, 53, 55,
64, 153, 271, 323–325
client strategy 13
Collaboration Server 171
Collaboration Service 2–4, 7, 14, 45, 155, 324
Collaboration Services 2.5 xi, 1, 170
Collaboration Services application 13
Collaboration Services experience 18
Collaboration Services Messaging 14, 20
Collaboration Services platform 20
Documents rich client offering 35
Domino applications xi, 2
environment 7
experience 25
family xi, 1, 6, 23, 157
future evolution 10
IBM Workplace Collaboration Services 14
individual collaboration components 9
integral part 9
integrated collaboration components 14
Managed Client 7, 10, 14–15, 32–33
Managed Client environment 20
Managed Client plattform 32
Messaging 194
Messaging environment xi, 2
Messaging mail 194
model 5–6
model adapt 6
offering 17
Product Family 7
Services Express 25
strategy 3, 17
technology 15
vision 15, 18, 20
IBM Workplace Client Technology - Rich Client Edition 51
IBM Workplace Collaboration Service xi, 1–3,
155–156, 170, 324
IBM Workplace Managed Client 6–7, 9, 14, 19,
32–33, 343
IBM Workplace Model 5, 10
IBM Workplace Product Families 7
IBM Workplace Services Express 7
IBM Workplace WebSphere Everyplace 14
IBM Workplace WebSphere Portal 13
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Icon functionalities 114
IDI 254
Illustration of Activity Explorer 42
Illustration of Common PIM Portlet (CPP) 29, 194
images 127
IMAP
clients 52
IMAP client 52, 207, 268
IMAProxy.prop erties
multiple servers 312
IMAProxy.properties 299, 306, 312
IMGateway Windows Service 301
Implementation detail 181, 189
Implementation details for the Domino Application
Portlet 181
Incremental Change 16
inetOrgPerson 65
inetOrgPerson object 65–66
Infrastructure / Deployment and Skill Considerations
45
init m_lp 319
Install 138
install portlets 137
Installing the LIM Gateway code 300
instant message 277–279
Integrate using the Domino Web Access (iNotes)
portlet 188
Integrating Domino and Lotus Workplace Messaging 211
Integrating IBM Lotus Workplace with IBM Lotus Instant Messaging and Webconferencing (Sametime)
271
Integrating Workplace with Domino LDAP 153
Integration Opportunities 23
Integration Option 2 - The Domino Application Portlet 180
internet address 212, 219, 222–223, 236
Internet domain 208–210, 212, 249
name 212, 216–217
setting 226
Internet Service Provider (ISP) 249
Interpreting the log files 316
Introduction 1, 53
Introduction to Lotus Workplace Messaging 207
Introduction to the LIM Gateway 273
Introduction to WebSphere Portal administration
109
IP address 48, 214, 221, 235, 290, 301, 303
iPlanet Web Server Enterprise Edition 4.1 50
ITSOPage(New Page that we created) added to My
Portal 122
J
Java Development Kit (JDK) 52
Java LDAP Browser/Editor 159
Java Server Page (JSP) 20
Java Virtual Machine (JVM) 51, 285, 300
JDBC provider 97, 99, 103
JMS servers
starting and stopping 105
K
Key infrastructure considerations for integration 46
L
label 112
Launching the Portal user administrative interface
109
LDAP
attributes 64
BaseDN 69
basic terminology 64
DN 67
ePerson 66
example of a GUI LDAP Browser 160
Graphical representation of hierarchy in LDAP
tree 161
inetOrgPerson 65
object inheritance 64
objects 64
schemas 65
Simple LDAP hierarchy based on the IBM Directory Server 68
suffixes 67
tools
Java LDAP Browser/Editor 159
unique identifiers 67
LDAP administration 60
LDAP browser 159–160, 233, 347
LDAP Check and validation 175
LDAP Directory xi, 2, 24, 30, 50, 55, 58, 60, 67,
158–159, 161, 207–208, 211, 223, 288, 290, 304,
326, 343
LDAP directory
directory assistance 227
general information 24
Index
353
new users 253
LDAP group
member attribute name 174
object class 174
suffix 173
LDAP integration within installation of the IBM Workplace Collaboration Services 155
LDAP object inheritance 65
LDAP overview 156
LDAP Related skills 63
LDAP search
account 173
filter 230
tool 159
LDAP server 46, 53, 58, 159, 169, 171, 212, 223,
226, 229, 236–237, 304
persons contact details 64
small portion 69
LDAP service 52, 168, 236, 242
LDAP user
authentication 173
object class 174
ldapsearch 158
LDIF 70
Lightweight Directory Access Protocol
see LDAP
Lightweight Directory Access Protocol (LDAP) 63,
153, 155, 269, 304
Lightweight Directory Import Files
see LDIF
LIM Gateway 273, 275–276
configuration settings 290
firewall considerations 299
instant messages 291
IP address 290, 301, 305
LIMWC environments 285–286, 290
LWP environment 276
other environment 275
typical usage 280
LIM Gateway deployment considerations 287
LIM Gateway installation guidelines 299
LIM Gateway troubleshooting guidelines 316
LIM Gateway versus the LIMWC SIP Connector
281
LIM system requirements 284
LIM usage scenarios 280
LIMWC and LWP users seamlessly chatting 274
LIMWC and LWP users with seamless presence
awareness 275
354
LIMWC client requesting an external community via
the SIP Connector 283
LIMWC community 281
LIMWC servers 314
same LIMWC server 296
SIP Connector 281
LIMWC environment 276–277, 279
LIM Gateway connections 290
LWP user 279
LWP users 279
presence communications 277
server side 285
LIMWC environments 281, 285, 289
LIMWC server 278–279, 285, 296, 314
DNS name 314
intraserver connections 295
LIM Gateway logs 317
LWP user 279
LWP users 290
presence users 279
status change 278
user logouts 278
LIMWC side 317–319
change 318
connection 319
log 317
LWP user 317
LIMWC SIP Connector capabilities at IBM - example
282
LIMWC user 277–278, 280, 304
e-mail address 304
LIM Gateway lists 278
LIM Gateway works 277–278
unnecessary logins 298
Linux system requirements 48
List available portal resources for the selected portlet 114
Lotus Domino 2, 27, 35, 50, 52, 153, 158, 207, 212,
272, 285, 287
Lotus Instant Messaging
and Web Conferencing 273–274
Gateway 26, 321
Gateway package 300
product 321
server 273
SIP Gateway 284
Workplace 2.0 Instant Messaging xi, 2
Lotus Instant Messaging (LIM) xi, 2, 18, 27, 153,
271–272, 280
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Lotus Note xi, 1, 7
Lotus Notes 10, 20
development roadmap 10
Lotus Workplace xi, 1, 47–48, 156, 205, 207,
271–273, 331, 334
instant messaging environment 291
LDAP directory 253
mail accounts 253
user accounts 253
Lotus Workplace 1.1
and unique identifiers 67
Lotus Workplace Message 209, 267
Lotus Workplace Messaging
configure mail cells 224
Domino users 224
Internet domain settings 225
IP list 214
migration requests 266
relay host 249–250
Save settings 222, 235
Set smart host 225, 231–232
single inbound server 248
smart host 223
LW side 318
LWP environment 276–278
LIM Gateway registers LIMWC users 308
LIM Gateway security 289
LIMWC user 278
LIMWC users 277–278, 291
LWP computer 305
LWP server 289
server side 286
LWP server 277–279
1 292–294
2 293–294
3 294–295
environment 307, 312
following directory 305
host name 311
LIM Gateways 295
LIMWC server community 298
LIMWC user 277, 298
online LIMWC user 277
Presence server component 291
Presence server components 292
presenceimservices.jar file 305
SIP Presence server component 305
SLSP component 292, 309
status change 279
supported platforms 286
user logouts 279
LWP side 295, 317–318
LWP user 273–275, 277–278
LIM Gateway works 279–280
M
mail cell 207–209
attribute 211, 231, 242
definition 211
local domain smart host 211
name 210, 246
other Lotus Workplace Messaging mail system
users 209
routing 209–211
setting 247–248, 251
smart host 211
SMTP server 210
Mail cells 208
Mail Configuration 197
Mail Configuration page, edit mode 202
Mail Configuration screen 199
mail message 214, 222–223, 232, 268
Mail Preferences screen 201
Mail routing to another mail system in the same domain 209
Mail routing to other internet domains 249
Mail routing when Domino and Lotus Workplace
Messaging share same internet domain - smarthost
solution 224
Mail routing when Domino and Lotus Workplace
Messaging share same internet domain and directory 237
mail system 28, 30–31, 194, 207–210
Mail cells 246
mailServer 232–234
MailServer attribute 223, 232–233
Manage Applications portlet 142
manage applications portlets 137
Manage Pages 111
Manage Pages portlet 110–112
Manage Portlet Applications 141, 143
Manage Portlets 148–149
manage portlets 137, 148
master configuration 93
master repository 91, 95
maximum number 100, 230
Message Vision for Notes and Domino Customers
Index
355
3
Messaging Integration between Domino and Workplace Messaging 205
Messaging user profiles 211
Microsoft Active Directory 2000 50
Microsoft Internet Explorer 5.5 with Service Pack 2
51
Microsoft Internet Explorer 6.0 SP1 51
Migrate all data in Domino mail file to Lotus Workplace Messaging 254
migration AssemblyLine 253–254, 256
encryption capability 264
migration request 255–257, 262, 264
encrypted password 262
password security 265
Miscellaneous deployment considerations 297
modify parameters option 146, 150
Modify Portlet Parameters 151
Modify the security_domino.properties file 170
Modifying the Global Configuration Document 166
Moving forward with Notes/Domino 7 and beyond
19
Moving mail accounts 251
Mozilla 1.4 on Linux 51
mydata directory 83
N
Navigating to the Common PIM Portlet 196
navigation 127
Network connectivity requirements 48
network connectivity requirements 48
New Page added successfully 122
New skills for Notes and Domino Administrators 63
node agent 91
Notes client 24, 30, 180, 195, 227–228, 259, 286,
302
Change User security settings 261
heavy users 24
Notes Plug-in 34
NOTES.INI file 215, 258
task list 215
Notes/Domino 6.5.x - Where we are today? 18
Notes-plug-in witihn Workplace Managed Client 36
Novell eDirectory 50
O
object inheritance 64
objects 64
356
Online help 107
Opening the stconfig.nsf 302
opens the Infocenter so you can search for help on
tasks, commands and information in the DB2 library
75
Opportunities for future integration 27
Opportunities for Integration 24
Opportunities for integration between IBM Lotus
Domino and IBM Workplace Collaboration Services
26
Optional
creating the CommunityConnectivity document
303
Optional additional setup 315
Organizational hierarchy 68
Overview of capabilities within a single architectural
model 8
overview of Deployment scenarios 53
Overview of IBM Workplace Managed Client 9
Overview of IBM Workplace Model 5
Overview of the Notes plug-in 36
P
page 112
Person document for a typical Lotus Workplace
Messaging user 240
Person Record 211, 232, 242
person record
mail alias attribute 254
mail cell attribute 211, 242
Personal Information Management (PIM) 10, 27,
179, 193, 195
Phases of adoption 15
PMI metrics 96
POP3 clients 52
Portal Administration node 109
Portal Administrative User Interface 110
Portal aggregation 128
Portal Analysis page 109
Portal applications 141
Portal default theme 135
Portal server 284
Portal Settings page 109
Portal Themes and Skins
Add a new skin 136
Add a new theme 133
Portal User Interface 109–110
Portal User Interface page under Portal Administra-
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
tion node 111
portlet 26–28, 109–112, 179, 285–286, 332
Inactive state 150
portlet application 137–138, 141–142, 145, 181,
189
configuration parameters 146
new portlet application 146
Portlet successfully installed 140
portlet’s title bar 129
Portlets 137
portlets 13, 54, 108–109, 179
easy creation 13
Portlets page 109
portlets page 137
Portlets page in Portal Administration 138
Programmability Restrictions in Server document
259
Properties page 96
proxied user 317–318
proxy.trac eEnable 307, 314, 316
proxy.trac eFileName 307, 314, 316
parameter 316
value 316
Q
QuickPlace 18
R
Read/Unread mark 30
Red Book 2, 52, 58, 63
Redbooks Web site 347
Contact us xiv
Register user in Domino Administrator 239
relational database installed by default 49
relay host 249–251
Relay host setting for Domino 250
Relay host setting for LWP 251
Reordering pages and choosing the option to create
a new page 119, 125
required fix packs for DB2 49
Requirements for Migration 252
Restrictions tab of Global domain document 218
Result of Set Internet address 220
RowContainer.jsp 131
Rules UI 186
S
Sametime 18
Sametime LDAP E-mail attribute verification for LIM
Gateway 304
Sample code for copying contacts documents to
mail database 259
Sample Domino.properties file 263
Sample ibmdisrv.bat 257
Sample IMAProxy.properties file 314
Sample req.xml file 267
Save changes to the master repository 102
Save settings in Lotus Workplace Messaging administrative console 222, 235
Scalability considerations 291
Scenario 1 - Domino and Lotus Workplace Messaging use different directory and different Internet domain name 213
Scenario 3
Domino and Lotus Workplace Messaging share
same Internet domain and directory 236
schema.nsf database 165
schemas 65
scope 98, 102
Search Label, Pages and URLs 113
security 93
Security considerations 289
security_domino 170–171, 174
see DN
Select Portlet application belonging to the Web
module 145
Select Portlet Application for modifying parameters
147
Select the CommunityConnectivity document from
the view All- By Form and Date 302
selected portlet
portlet information 151
serverStatus 92
Session Initiation Protocol (SIP) 271, 278, 281
Session Timeout 94
Set Internet Address dialog box 220
Set locale specific title 148
Set Page Permissions 117
Set smart host for Domino in Configuration document 241
Set smart host for Lotus Workplace Messaging 232
Setting up the required administrative accounts 165
Settings that affect how information is displayed on
the admin console 99
Shared Text Field 164
Index
357
Show Info 141–142, 145
show info 141, 148
Show Portlet Info 152
side of things (ST) 306, 313, 315
single interface 4, 7
Single LIM Gateway connects to a group of LIMWC
servers 296
Single LIM Gateway connects to multiple LWP servers 293
Single LIM Gateway connects to single LWP server
292
Single Sign-On (SSO) 183
SIP Connecter 281–283
external community 283
key aspects 281
typical use 281
skill set 45–46, 60
skins 129
SLSP component 290, 292
LIM Gateway communicates 290
smart host 209–211
SMTP Listener 215–216
SMTP mail 214, 225, 237
Software requirements 48
software requirements 48
Solution Analysis 213, 236
Source and Display UI 183
SQL statement 81, 83
standalone version 189
Starting and stopping items 105
startManager 92, 106
Stateless SIP Proxy (SLSP) 291, 308
stopManager 106
Structured Query Language (SQL) 70
suffixes 67
Summary 321
Sun ONE Directory Server Version 5.1 50
supported client operating systems 51
supported LDAP directories 50
supported relational database systems 49
supported server operating systems 48
supported versions of WebSphere Application Server 49
supported versions of WebSphere Portal 50
synchronization 91
System managed space (SMS) 87
System requirements 47
358
T
table space 78–79, 85–87
Team Space 13, 324–325, 330, 332, 342
business component 332
DB2 data storage 341
equivalent mappings 341
form templates 333
specific components 333
Team Workplace 334
Team Workplace integration story 330
Team Workplace 27, 153, 323–325
6.5.1 325
6.5.1 integration point 325
7.0 324, 330, 334–335
7.0 release 323, 329–331
7.0 XML API 335
administrative roles 324
API 326
architecture 330
business component 325
business partner 330
code 328
content 331
content notifications 330
current order 338
data 324–325, 329, 331, 334, 343
deployment 325
design element 335
detailed design differences 330
Developer 328
discussion document 338
environment 324–325, 329
feature 324, 330
functionality 334
future releases 330
graphic text support 340
headline display 338
integration story 330
Java/XML API 329
large investments 324
Non-editable fields 340
offline experience 343
one-to-one match 324
place 332
product 324
room name 337
search API 334
server 326, 328, 334
Specific field types 337
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
structure 331
UI 334
various Date-Time fields 340
XML API call 329
XML capabilities 331
XML object model 331
XML schema 326
text editor 257–258, 261, 300, 306, 315
install.bat file 300
The administrative console graphical Interface 95
The Common PIM Portlets (CPP) 27
The Journey 15
The path to IBM Workplace 20
The path to IBM Workplace - you are already on it
17
The role of Lotus Notes and Domino within IBM
Workplace 9
The role of WebSphere Everyplace within IBM
Workplace 14
The role of WebSphere Portal within IBM Workplace
13
themes 127
Themes and Skins 127
Themes and skins 127
Themes and Skins portlet 110, 131–132
third-tier process 54–55
title bar 129, 135, 137, 189
rounded corners 129
Toolbar 73
Tools for working with an LDAP Directory 158
trace file 317–318
following error 319
Transport Layer Security (TLS) 290
Turning on error/trace message logs 316
Two LIM Gateways connecting to three LWP servers 294
two-tier deployment
two servers 58
Typical architecture for installation of a LIM Gateway
287
U
Understanding your Domino LDAP structure 157
uninstall 141
unique identifiers
67
update 141
Update existing Web module 144
URL 92, 110–111, 225, 231, 250, 328
user Id 92–93, 110, 159, 173, 200
unsaved changes 93
user interface
IBM Workplace products 324
user interface (UI) 6, 13, 17, 179, 324, 331
User name 156–157, 166, 223, 264, 269, 289–290
user name
canonical form 264
Login Lotus Workplace 269
Using the Common PIM Portlet 193
Using the WPSCONFIG script to implement security
175
V
value SSL 309
W
WAR file 138–139, 141, 181, 189
WAS Admin console 269
WAS and Portal installation relative to other steps installing Workplace 155
WCS environment 46
daily operation 63
Web archive 137
Web browser 25, 92–93, 96, 273, 304
Web Clipping portlet 137, 180
administration portlet 180
overview 180
runtime portlet 180
Web Conferencing 13, 271–272, 280–281
Web descriptor file 141
Web module 137, 145
Web modules 137, 141
Web Services portlet 138
web.xml 141
WebSphere Administrative 208–209, 211
local domain 254
mail cell 209
WebSphere Application and Portal Server administration. 63
WebSphere Application Server
bin directory 268
existing version 49
Websphere Application Server 20, 46, 49, 53, 171,
175, 207–208, 246, 263
WebSphere Application Server and Portal Administration 90
Index
359
WebSphere Member Manager (WMM) 161,
207–208, 247
WebSphere Portal 7, 10, 12, 25–27, 45–47, 156,
161, 168, 179
new domino implementation 26
WebSphere Portal Administration overview 108
What is IBM Workplace Collaboration Services? 13
Where does Notes/Domino fit in the IBM Workplace
Strategy? 17
William Tworek 317
Windows XP 51
Working with the administrative console 98
Workplace 2.0.1
CD package 50, 60
installer 49
Workplace Client Technology, Rich Edition 10
Workplace Collaboration Service xi, 1, 179, 205,
207, 211, 330
Team Spaces 336
Workplace Collaboration Services
Team Spaces application 324
Workplace Demonstration deployment
single server 55
Workplace environment 4, 26, 324–325, 329
archival status 335
Workplace Managed Client (WMC) 32, 286
Workplace product 24, 161
underlying components 161
Workplace Services Express 7
Workplace Services Express (WSE) 25, 170
Workplace Two-tier deployment
two servers 58
workspace 96
wpconfig.prop erties 156, 170, 174
backup copy 174
Domino security helper 174
helper data 174
helper file 174
WPSCONFIG script 175
WSE 25
X
XML instruction 327–328
360
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Lotus Workplace release 2.0.1
products and Lotus Domino
6.5.x Together Integration
Lotus Workplace release 2.0.1 products and
Lotus Domino 6.5.x Together Integration
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x Together Integration Handbook
Lotus Workplace release 2.0.1 products and Lotus Domino 6.5.x
Lotus Workplace
release 2.0.1 products
and Lotus Domino 6.5.x
Lotus Workplace
release 2.0.1 products
and Lotus Domino 6.5.x
Back cover
®
IBM Lotus Workplace release 2.0.1
products and Lotus Domino 6.5.x Together
Integration Handbook
Coexistence and
integration
strategies
Lotus Instant
Messaging
Gateway
Configuration
Domino LDAP
integration
Release 2.0.1 of Lotus Workplace products (predecessors of IBM
Workplace Collaboration Services) and Lotus Notes/Domino 6.5x
offer features designed to help you integrate Lotus Workplace
products into an existing Notes/Domino environment. This allows
you to offer your users a choice of tools most suited to their specific
needs, while protecting and leveraging your on-going investment in
Lotus Notes/Domino.
INTERNATIONAL
TECHNICAL
SUPPORT
ORGANIZATION
The objective of this book is to discuss specific ways in which you
can integrate Lotus Workplace products (and going forward, IBM
Workplace Collaboration Services) and Lotus Notes/Domino. In this
book we:
- Define different levels/strategies of coexistence.
- Discuss/illustrate integration of existing Domino portlets into
Workplace—having a single UI with blended Workplace and
Domino-based services behind it.
- Describe messaging functionality in each environment and
illustrate how to configure mail routing between a native Domino
Mail server and a Workplace Messaging environment.
- Discuss how to configure Lotus Workplace 2.0.1 and IBM
Workplace Collaboration Services to use your existing corporate
Domino Directory as its LDAP directory.
- Discuss interoperability between Lotus Sametime and Lotus
Workplace 2.0.1 Instant Messaging via the Lotus Instant Messaging
(LIM) Gateway.
- Discuss interoperability points available in Lotus QuickPlace —in
the 6.5.1 release, the 7.0 release and in the future.
BUILDING TECHNICAL
INFORMATION BASED ON
PRACTICAL EXPERIENCE
SG24-6484-00
ISBN 0738490202
IBM Redbooks are developed by
the IBM International Technical
Support Organization. Experts
from IBM, Customers and
Partners from around the world
create timely technical
information based on realistic
scenarios. Specific
recommendations are provided
to help you implement IT
solutions more effectively in
your environment.
For more information:
ibm.com/redbooks

* Your assessment is very important for improving the work of artificial intelligence, which forms the content of this project