This preview shows pages 1–7. Sign up to view the full content.
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
This preview has intentionally blurred sections. Sign up to view the full version.View Full Document
Unformatted text preview: Front cover Lotus Notes and Domino 7 Enterprise Upgrade Best Practices
New features of Notes and Domino 7 described How to effectively plan and execute the upgrade Taking advantage of new administrative features Lisa A. Chase Tina Feuer Jean-Noel Koval Yuhsuke Murakami ibm.com/redbooks Redpaper International Technical Support Organization Lotus Notes and Domino 7 Enterprise Upgrade Best Practices April 2006 Note: Before using this information and the product it supports, read the information in "Notices" on page vii. First Edition (April 2006) This edition applies to IBM Lotus Notes and Domino 7, with some applicable references to IBM Lotus Notes and Domino Releases 5 and 6. Copyright International Business Machines Corporation 2006. All rights reserved. Note to U.S. Government Users Restricted Rights -- Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. Contents
Notices . . . Trademarks . . . Preface . . . The team that wrote this Redpaper . . . Become a published author . . . Comments welcome. . . . . vii . viii .. .. .. .. ix ix xi xi Chapter 1. Introduction . . . 1 1.1 Overview of Lotus Notes and Domino 7 . . . 2 1.1.1 Lotus Notes and Domino 7 design goals . . . 2 1.1.2 What is new for users . . . 2 1.1.3 What is new for administrators . . . 5 1.1.4 What is new for developers . . . 6 1.2 Top reasons to consider upgrading . . . 7 1.2.1 Support more users with less server and network resources . . . 7 1.2.2 Opportunity to reduce time and costs for software deployment and configuration 7 1.2.3 Leverage integrated capabilities . . . 8 1.2.4 Preserve existing investments while moving forward with a solid road map. 8 1.2.5 Provide infrastructure flexibility . . . 8 1.2.6 Provide high availability for your information and your environment . . . 9 1.2.7 Protect your information . . . 9 1.2.8 Extend your applications to serve the needs of an On Demand Business . . 9 1.2.9 Enable users to be more productive . . . 9 1.2.10 Lower total cost of ownership . . . 10 1.3 Scope and focus of this paper . . . 10 1.4 Structure of this paper . . . 11 Chapter 2. Preparing for your upgrade . . . 2.1 Brief overview of an upgrade project . . . 2.1.1 Building a project schedule . . . 2.1.2 Phases of an upgrade . . . 2.2 Understanding system requirements . . . 2.2.1 Software requirements . . . 2.2.2 Hardware requirements and considerations . . . 2.3 Performance considerations: Hardware resource use in the real world . . . 2.3.1 Reviewing the performance data for Notes/Domino 7 . . . 2.3.2 CPU, disk I/O, and memory: Resource utilization . . . 2.4 Defining the basic outlines of a new environment . . . 2.4.1 Basic policies . . . 2.4.2 System design for the new environment . . . 2.4.3 System management for the new environment. . . 2.5 Transition planning . . . 2.5.1 Transition planning for Domino servers . . . 2.5.2 Transition planning for clients . . . 2.5.3 Transition planning for applications. . . 2.6 Preparation for a successful upgrade . . . 2.7 Checklists . . . 2.8 Other considerations for the upgrade project . . . Copyright IBM Corp. 2006. All rights reserved. 13 14 14 17 20 20 23 26 27 28 30 30 38 38 39 39 43 48 55 57 61 iii 2.8.1 Server platform choice . . . 2.8.2 Server consolidation . . . Chapter 3. Upgrading the Domino server . . . 3.1 Getting organized: Defining the server upgrade stages . . . 3.2 Defining the sequence of the upgrade . . . 3.2.1 Why upgrade in this order rather than an alternative one? . . . 3.2.2 Alternative upgrade sequences . . . 3.3 Reviewing new features when upgrading . . . 3.3.1 New features and design considerations for Domino 7: Domino Directory . 3.3.2 AdminP changes . . . 3.3.3 Changes in Domino 7 extended products . . . 3.3.4 Template changes in Domino 7 . . . 3.4 Upgrading the Domino Directory . . . 3.4.1 Controlling and managing your Domino Directory design . . . 3.4.2 Upgrading the design of your Domino Directory . . . 3.5 Upgrading the Domino server . . . 3.5.1 Template strategy: Efficiently managing your templates. . . 3.5.2 Server upgrade checklist . . . 3.6 Executing the server upgrade . . . 3.6.1 Cleaning up your environment before starting the upgrade process 3.6.2 Performing a backup of your server . . . 3.6.3 Installing Domino 7 on your server . . . 3.6.4 Actions to take before restarting your server . . . 3.6.5 Post-upgrade operations . . . 3.6.6 Running the Domino 7 installation on Linux for Intel (stand-alone). 3.7 Special considerations . . . 3.7.1 Windows Domino server: Running Domino as a service . . . 3.7.2 Linux server (x86) . . . 3.7.3 Language packs . . . 3.7.4 Clustering in Domino 7: Features and upgrade considerations . . . 3.7.5 Upgrading when working with partitioned servers. . . 3.7.6 Directory services . . . Chapter 4. Coexistence and interoperability in a mixed environment . . 4.1 Definition of a mixed environment . . . 4.2 Key implications and considerations when upgrading . . . 4.3 On-disk structure (ODS) . . . 4.3.1 ODS versions and compatibility . . . 4.3.2 Upgrading the ODS: Benefits of ODS 43 . . . 4.3.3 Maintaining an earlier ODS version . . . 4.4 Database design and templates . . . 4.4.1 Coexisting in 6.x and 7.x code streams . . . 4.4.2 A review of the Notes ID . . . 4.4.3 Options for replicating design elements . . . 4.5 Key system databases to consider during the upgrade . . . 4.5.1 Domino Directory database (NAMES.NSF) . . . 4.5.2 Resource Reservations database . . . 4.5.3 Administration Requests database (ADMIN4.NSF) . . . 4.5.4 Mail files . . . 4.6 Calendar and scheduling . . . 4.7 Archiving . . . 4.8 Monitoring Configuration database (EVENTS4.NSF) . . . 61 62 63 64 64 66 67 68 69 79 81 86 91 93 99 106 107 118 119 119 121 121 127 129 130 134 134 134 136 136 140 143 147 148 148 148 148 149 150 150 150 150 152 153 153 156 157 157 158 159 160 iv Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 4.9 Domino domain monitoring (DDM) . . . 4.10 Smart Upgrade . . . 4.11 Domino Web Access . . . 4.12 ID files . . . 4.12.1 Flat names and flat IDs . . . 4.12.2 Large key support in Release 7.0: 128 and 1024 bit . . . 4.13 ID recovery . . . 4.14 Extended products . . . Chapter 5. Client upgrade considerations and best practices . 5.1 Before you upgrade . . . 5.1.1 Know your environment . . . 5.1.2 Inventory . . . 5.1.3 Preparing your users for the upgrade . . . 5.1.4 Considerations . . . 5.2 Client installation and upgrade options . . . 5.2.1 Client installation options . . . 5.2.2 Manual installation . . . 5.2.3 Smart Upgrade . . . 5.2.4 Seamless mail upgrade . . . 5.2.5 Upgrade by mail . . . 5.2.6 Domino Web Access . . . 5.3 Templates . . . 5.4 Client features . . . 5.4.1 Roaming users . . . 5.4.2 Confirming to close Notes . . . 5.4.3 Save state on exit . . . 5.4.4 Autosave . . . 5.4.5 Mail features . . . 5.4.6 Calendar and scheduling features . . . Chapter 6. Domino administration enhancements . . . 6.1 Automatic diagnostic data collection . . . 6.1.1 What is the automatic diagnostic data collection tool? . . . 6.1.2 Configuring automatic diagnostic data collection . . . 6.1.3 How the automatic diagnostic data collection tool works . 6.1.4 Console logging and NSD file generation for diagnostic data collection . 6.2 Introduction to Fault Analyzer . . . 6.2.1 Getting started with Fault Analyzer . . . 6.2.2 How Fault Analyzer works. . . 6.2.3 The Fault Analyzer failure report . . . 6.2.4 How Fault Analyzer determines a percentage match . . . 6.2.5 Managing resolved issues . . . 6.3 Monitoring your infrastructure at a glance . . . 6.4 Server Health Monitoring . . . Appendix A. Policy basics and troubleshooting policies . . . A.1 Policies and policy settings . . . A.1.1 Policy basics . . . A.1.2 Organizational and explicit policies. . . A.1.3 Policy hierarchy . . . A.2 The Dynamic Client Configuration tool . . . A.3 Policy profiles and documents in the $Policies view . . . A.4 Policy documents . . .
Contents 160 161 162 164 164 164 166 168 169 170 170 171 171 172 174 175 175 179 195 197 197 199 201 201 206 207 208 210 212 217 218 218 219 222 223 227 227 228 229 231 233 235 236 245 246 246 247 249 251 253 254 v A.5 The cleanup procedure . . . Appendix B. Considerations when upgrading from Domino 5 directly to Domino 7 259 B.1 Primary differences between the Domino 5 and Domino 7 installations . . . B.1.1 On-disk structure implications. . . B.1.2 Differences in the public key used . . . B.1.3 Personal agents implementation . . . B.1.4 Resource Reservations database considerations . . . B.2 Notes client considerations . . . B.2.1 Soft deletions functionality . . . B.2.2 Upgrade folder design . . . B.2.3 Unread marks behavior . . . Related publications . . . IBM Redbooks . . . Online resources . . . How to get IBM Redbooks . . . Help from IBM . . . 256 260 260 261 261 262 262 262 262 263 265 265 265 267 267 vi Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not give you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A. The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk. IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrates programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy, modify, and distribute these sample programs in any form without payment to IBM for the purposes of developing, using, marketing, or distributing application programs conforming to IBM's application programming interfaces. Copyright IBM Corp. 2006. All rights reserved. vii Trademarks
The following terms are trademarks of the International Business Machines Corporation in the United States, other countries, or both:
With the introduction of IBM Lotus Notes and Domino 7, IBM Lotus continues to set the standard for innovation in the messaging and collaboration market that Lotus defined two decades ago. With Lotus Notes and Domino 7, IBM has enhanced the scalability, security features, administration, interoperability, productivity, and performance, enabling companies to achieve the most from their infrastructure. Upgrading to the latest version of Lotus Notes and Domino can help your organization to realize high return on investment, potentially lower your cost of ownership, and help improve user productivity and business responsiveness. This IBM Redpaper provides best practices for enterprise customers about how to approach the planning and deployment of their upgrade to Lotus Notes and Domino 7. It serves as a guide to planning and deploying a successful upgrade for administrators and IT architects and includes hints and tips to ensure a successful upgrade. In addition to discussing the approach to upgrading, we highlight specific features within Notes and Domino 7 on which administrators will want to focus in order to most effectively exploit the benefits of an upgraded environment. The team that wrote this Redpaper
This Redpaper was produced by a team of specialists from around the world working at the International Technical Support Organization, Cambridge Center. Lisa A. Chase is an Engineer in the Lotus Software division of the IBM Software Group. She has been part of the IBM Messaging and Collaborative Software group for the past four years, has been a member of the Lotus Notes client team, and is currently part of the team engineering the Domino Access for Microsoft Outlook client. Drawing on her knowledge of the Notes client calendar and scheduling functionality and of Microsoft Outlook and Exchange, she is responsible for the current incarnation of the Domino Migration Tool. Tina Feuer is a Staff Software Engineer with the IBM Lotus support team. Her area of expertise includes server administration, configuring Domino servers, and troubleshooting server problems. She is a Principal Certified Lotus Professional (PCLP) for Lotus Notes/Domino Releases 5, 6, and 7 in both system administration and development. Additional certifications include IBM DB2 V8 Administration. Tina received her bachelor degree in Computer Science at the University of Texas at Austin. She can be reached at mailto:[email protected] Copyright IBM Corp. 2006. All rights reserved. ix Jean-Noel Koval works as Project Manager for the Global Infrastructure, Center of Excellence organization in Europe. Previous to this role, he was a Senior IT Specialist for IBM Software Group (Lotus). He joined IBM nearly 10 years ago and has been working with early deployments of Lotus Notes and Domino since 1997 and Domino 4.6. Jean-Noel's areas of expertise include Domino administration, infrastructure, and performance optimization. He has also been an early adopter of Linux since 1999 with a dedicated focus on Domino. Jean-Noel can be reached at mailto:[email protected] Yuhsuke Murakami works in IBM Japan Systems Engineering, IBM Japan's Technical Support Organization located in Tokyo. His area of expertise includes Notes/Domino system migration, system design, administration, XML and Web Application development for more than eight years. He serves on the System Assurance board and has performed hundreds of technical reviews for Notes/Domino upgrade and migration projects in Japan. He also develops and teaches workshops for Domino upgrade and migration. He is coauthor of the IBM Redbook XML Powered by Domino How to use XML with Lotus Domino, SG24-6207. He can be reached at mailto:[email protected] John Bergland is a Project Leader at the International Technical Support Organization, Cambridge Center. He manages projects that produce RedbooksTM about Lotus software products. Before joining the ITSO in 2003, John worked as an Advisory IT Specialist with IBM Software Services for Lotus, specializing in Lotus Notes and Domino messaging and collaborative solutions. Additional contributors to this Redpaper effort
Thanks to the following people for their contributions to this project: Frederic Dahm, Systems Architect, IBM Software Group, Lotus, IBM, Toronto Carol Sumner, Lotus Service Manager, Premium Support Services, IBM John Lamb, Certified Sr. Consulting IT Architect, IBM Global Services, IBM, Somers, NY Tomoko Ohshima, Manager of Lotus Technical Sales, Software Group, IBM Japan Masaki Nakabayashi, Messaging and Collaboration IT Specialist, IBM Japan Systems Engineering Co., Ltd. Kana Takeichi, IT Specialist, IBM Japan Systems Engineering Co., Ltd. Tomoharu Fujiishi, Open Systems Technology Co., Ltd. Pierre Antoine Campoy, Lotus Europe Software Support Engineer, IBM France Xavier Defossez, Lotus IT specialist, IBM France Jon Champlin, Advisory Software Engineer, IBM Software Group Susan Bulloch, WorkplaceTM, Portal, and Lotus Collaboration Software, IBM, Charlotte, NC Nishant H. Shah, Software Engineer, IBM India Shane O'Sullivan, Software Developer, IBM Ireland x Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Become a published author
Join us for a two- to six-week residency program! Help write an IBM Redbook dealing with specific products or solutions, while getting hands-on experience with leading-edge technologies. You'll team with IBM technical professionals, Business Partners and/or customers. Your efforts will help increase product acceptance and customer satisfaction. As a bonus, you'll develop a network of contacts in IBM development labs, and increase your productivity and marketability. Find out more about the residency program, browse the residency index, and apply online at: ibm.com /redbooks/residencies.html Comments welcome
Your comments are important to us! We want our papers to be as helpful as possible. Send us your comments about this Redpaper or other Redbooks in one of the following ways: Use the online Contact us review redbook form found at: ibm.com /redbooks Send your comments in an e-mail to:
[email protected] Mail your comments to: IBM Corporation, International Technical Support Organization Dept. HYTD Mail Station P099 2455 South Road Poughkeepsie, NY 12601-5400 Preface xi xii Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1 Chapter 1. Introduction
With the introduction of IBM Lotus Notes and Domino 7, IBM Lotus continues to set the standard for innovation in the messaging and collaboration market that Lotus defined two decades ago. With Lotus Notes and Domino 7, IBM has enhanced the scalability, security features, administration, interoperability, productivity, and performance, enabling companies to achieve the most from their infrastructure. Upgrading to the latest version of Lotus Notes and Domino can help your organization to realize high return on investment, potentially lower your cost of ownership, and help improve user productivity and business responsiveness. This IBM Redpaper provides best practices for enterprise customers about how to approach the planning and deployment of their upgrade to Lotus Notes and Domino 7. It serves as a guide to planning and deploying a successful upgrade for administrators and IT architects and includes hints and tips to ensure a successful upgrade. In addition to discussing the approach to upgrading, we highlight specific features within Notes and Domino 7 on which administrators will want to focus in order to most effectively exploit the benefits of an upgraded environment. Copyright IBM Corp. 2006. All rights reserved. 1 1.1 Overview of Lotus Notes and Domino 7
Lotus Notes and Domino 7 software products deliver a reliable, security-rich messaging and collaborative environment that can help companies enhance the productivity of people, streamline business processes, and improve overall business responsiveness. Enhanced integration of IBM Lotus Sametime with other Lotus and IBM software enables users to have immediate access to the people and tools they need to do their jobs more effectively and make better, more informed business decisions. Many new productivity features enable users to better manage daily information and resources. Because the focus of this IBM Redpaper is upgrading, we do not try to enumerate all the features of Notes and Domino 7. Instead, this section concentrates on new and enhanced features introduced in IBM Lotus Notes and Domino 7. Ultimately, this chapter also demonstrates that key benefits from upgrading include the ability to: Support more users with fewer server resources Facilitate administration and minimize downtime, using advanced monitoring and predictive analysis tools Expand the scope of collaboration, through standards-based interoperability and enhanced integration with complementary software Boost end-user productivity with client software enhancements 1.1.1 Lotus Notes and Domino 7 design goals
Major design goals of the entire Lotus Notes and Domino 7 project include: Increased scalability Enhanced administration and security features Expanded interoperability and integration options Improved productivity features Expanded support for Linux Opportunity for reduced total cost of ownership Lotus Notes and Domino 7 deliver on these goals. 1.1.2 What is new for users
This section highlights what is new for users in Lotus Notes and Domino 7. Lotus Notes 7 client
Lotus Notes 7 offers a number of new calendar and scheduling features and tighter integration with IBM Lotus Sametime. Other functional areas that have been enhanced include mail, desktop, accessibility, and interoperability. Significant improvements have been made to the desktop, enabling users to customize their interaction with the desktop, by saving window state on exit and by determining which tabs open on startup. Further, a user no longer has to wait while a view updates. Because the update happens in the background, the user can work in other areas while the view is updated, providing the opportunity for improved productivity. In addition, a new Autosave feature has been introduced to help prevent data loss when unexpected outages occur. Users can enable Autosave in their preference on the Lotus Notes client to save their work every few 2 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices minutes when working in Autosave-enabled applications, and designers can enable Autosave on forms in new and existing applications. Calendar and scheduling
Calendar and scheduling has been updated to better reflect customer needs. A new calendar cleanup action enables users to easily and quickly delete old entries from their calendar. Handling of conflicts has been improved, first by giving the user the option to allow Autoprocess to accept conflicts, and also by improving the display of schedule conflicts. Additionally, users can now cancel the calendar/scheduling workflow when sending comments. View and miniviews of calendar information have been improved for better usability, and the needs of calendar managers have been addressed. Further, many improvements have been made to the way rooms and resources are managed, including the ability to restrict rooms and to designate a room as restricted to those attempting to reserve it, and changes to the workflow to prevent double-booking, in addition to providing greater granularity of control to administrators in charge of the rooms and resources process. Tighter integration with Lotus Sametime
In Lotus Notes 7, you will find much closer integration with Lotus Sametime. Integration has been added to templates for the mail file, teamroom, and discussion databases, the personal Name and Address Book, the Lotus Domino Directory, and the rooms and resources databases. In these databases, not only can users see who is online, they can initiate an instant messaging session directly by clicking the Status icon. Also, this release adds several preferences for Lotus Sametime integration that enable a user to specify an automatic or manual login process, to save transcripts of instant messaging conversations to the mail file, and support set preferences about how screen sharing, whiteboarding, and audio and video are used through the Lotus Notes client. Usability improvements
Numerous usability improvements have been made to mail. Among the highlights are a no subject warning, the ability to sort by subject out of the box, quick access to flag items for follow-up, and the ability to see mail threads within an e-mail. The right-click menu has been expanded as well, and administrators can now control mail preferences through policies. Finally, this release provides visual tags to indicate whether an e-mail was sent to the recipient only, and a user can now find out what folders hold a document using the "Discover Folders" action. To increase your options, the Lotus Notes application plug-in is included as part of the Lotus Notes and Domino 7 release, which was designed to work with IBM Workplace Managed ClientTM. For additional information, consult the product documentation for IBM Workplace Collaboration Services 2.5, available at:
http://www.ibm.com/developerworks/workplace/documentation/collaborationservices/ Finally, this release makes a number of improvements to the archiving process. For details about these and all other new client features, see the Lotus Notes and Domino 7 Release Notes on the IBM developerWorks site:
http://www.lotus.com/ldd/notesua.nsf/e18d5eb0b8be97d9852567e50052ad16/ec099861d91381fc85 2570360051903c For more information about the Lotus Notes 7 client and special considerations during the Notes 7 client upgrade, see Chapter 5, "Client upgrade considerations and best practices" on page 169. Chapter 1. Introduction 3 IBM Lotus Domino Web Access
In some situations, accessing e-mail and discussion forums from a thick client installed on a dedicated workstation is not practical. For example, employees require the flexibility to access important information when at home, while traveling, or when using a shared workstation. For those situations, we created Lotus Domino Web Access, the premier Web client from IBM for accessing a Lotus Domino-based mail file. Lotus Domino Web Access offers a rich user experience for Microsoft Internet Explorer, Mozilla, and Firefox browsers through the use of dynamic HTML (DHTML). As a DHTML application, Lotus Domino Web Access client performance is governed by server performance, network performance, and client configuration. Lotus Domino Web Access 7 has many improvements in the areas of performance and usability. Highlights include: Opportunity for improved client and server performance Enhanced security features Expanded presence awareness and instant messaging integration Updated user interface Added mail and calendar productivity features Enhanced support for Linux New administration and management features Improved offline access to personal data IBM Lotus Domino Web Access 7 software is a sophisticated Web client for Lotus Domino server. Lotus Domino Web Access software gives your employees the power to create rich text messages, schedule meetings, manage tasks, and collaborate with colleagues--whether they are using their own workstation, an Internet kiosk, or another user's PC. With Lotus Domino Web Access 7, you get the best of both worlds: access to a robust, reliable, enterprise-class messaging and collaboration platform with the ease of simply opening a browser. For more information about Lotus Domino Web Access 7, see Chapter 3, "IBM Lotus Domino Web Access," in IBM Lotus Notes and Domino 7 Reviewers Guide, available at:
ftp://ftp.lotus.com/pub/lotusweb/product/domino/ND7_Reviewers_Guide.pdf Note: Lotus Domino Web Access 7 takes advantage of Lotus Domino 7 server performance improvements, both in the core server functionality and in HTTP. For more information about performance improvements in Lotus Domino 7 server, see 2.3.1, "Reviewing the performance data for Notes/Domino 7" on page 27. IBM Lotus Domino Access for Microsoft Outlook
Lotus Domino Access for Microsoft Outlook offers the ideal solution for companies that want to leverage the robustness and security advantages of the Domino server, while preserving their dedicated Microsoft Outlook user base. Additionally, in the case where a company merger or acquisition leads to a mixed-client environment, Lotus Domino Access for Microsoft Outlook enables user to run the Outlook or Lotus Notes client over the same Lotus Domino mail file data. Company mergers and acquisitions can mean having multiple e-mail clients in use. Whether you choose to migrate fully to a Lotus Notes and Domino environment, or allow the Lotus Notes and Lotus Domino Access for Microsoft Outlook clients to coexist, Lotus Domino Access for Microsoft Outlook provides the functionality to smoothly integrate Microsoft Outlook users into your Lotus Domino infrastructure, while letting them continue to access mail and work with calendar functions through a familiar interface. 4 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices The highlights of Lotus Domino Access for Microsoft Outlook 7 include: Opportunity for improved client software performance, reducing the time to launch the application compared to 6.5.3. Native support for Internet standards, including X.509 and Secure/Multipurpose Internet Mail Extensions (S/MIME). Installation option for separate program and data directories, enabling multiple users to share the same machine using Microsoft Windows operating system security. New mail notification options, including playing a sound, briefly changing the mouse cursor, and showing an envelope icon in the notification area. Option to use a local copy of your global address book; this can be a full copy of the directory or a condensed directory catalog to save space on your workstation. Additionally, Lotus Domino Access for Microsoft Outlook 7 users can use Lotus Domino applications through a browser, dramatically increasing access to your existing Lotus Domino applications. Finally, because Lotus Domino Access for Microsoft Outlook 7 does not require a Lotus Domino 7 server, you can take advantage of these improvements today, before you complete your server upgrade, as long as your users' mail files reside on Lotus Domino Release 6.5.1 or later. For more details about the improvements to Lotus Domino Access for Microsoft Outlook 7, see Chapter 4, "Domino Access for Microsoft Outlook 7," in IBM Lotus Notes and Domino 7 Reviewer's Guide at:
ftp://ftp.lotus.com/pub/lotusweb/product/domino/ND7_Reviewers_Guide.pdf 1.1.3 What is new for administrators
The new and improved features of Lotus Domino 7 enable you to leverage your existing investments in hardware, operating systems, application software, and administration skills. Domino 7 provides you with the flexibility to choose the most appropriate server and client platforms and take advantage of important new features without having to overhaul your entire environment. These things provide a very attractive value proposition: the potential to decrease the total cost of ownership of your messaging and application infrastructure while increasing productivity. To this end, Lotus Domino 7 was designed with you in mind. To maintain a competitive edge and improve responsiveness, companies must maximize productivity and facilitate collaboration between customers, partners, and suppliers. With this in mind, development of the Lotus Domino 7 Server was driven by these high-level goals: Decrease Lotus Notes client deployment and support costs Limit time spent troubleshooting Improve e-mail management Allow Lotus Domino administration on Linux All of these feed into the overall goal of continuing to lower the total cost of ownership of Lotus Notes and Domino. With the new tools in IBM Lotus Notes and Lotus Domino software, you can be more responsive and productive. Highlights
Some highlights of Lotus Domino 7 include: Powerful administration tools, including Domino domain monitoring and Activity Trends
Chapter 1. Introduction 5 Improved performance and scalability Expanded support for industry standards Enhanced security features and SPAM control Unmatched platform support Lotus Domino 7 can help you improve the productivity of your people, enhance interoperability and integration, and simplify administration. The combination of these benefits can help you lower your total cost of ownership. With Lotus Domino 7, IBM extends the reach of IBM Lotus Notes and Domino messaging and collaboration solutions while continuing to leverage your IT and application investments. Lotus Domino server includes powerful features that simplify management and configuration and provide centralized control over your entire collaboration infrastructure. With autonomic and proactive features in tools such as Lotus Domino domain monitoring and Activity Trends, you can more easily identify and resolve problems in your Lotus Domino infrastructure, optimize your deployment, and intelligently distribute your server workload. Other tools enable you to automate repetitive administration tasks and simplifying user management, save valuable time, and focus on more critical tasks. Improved client upgrade and installation tools can often decrease deployment time and costs. And enhanced security features and SPAM controls help you to safeguard your environment and keep your productivity up. 1.1.4 What is new for developers
Application architects and system integrators have not been left out. Code profiling provides you with valuable information about how your code is running in deployment, enabling you to identify and correct bottlenecks in your applications. With Lotus Domino 7, long-running agents can be identified using agent probes in Domino domain monitoring, and then application developers can use that information to profile an agent. Coupling administration tools with application development tools provides a total package designed to help you get, and keep, your environment running smoothly. 1.2 Top reasons to consider upgrading
Lotus Notes and Domino 7 offer you an unprecedented opportunity to enhance user productivity, extend your existing IT investments, increase the security features and robustness of your messaging infrastructure, and leverage new technologies. 1.2.1 Support more users with less server and network resources
Lotus Notes and Domino 7 delivers enhanced performance: Performance benchmarks indicate that Lotus Domino 7 server has the potential to support up to 80% more Lotus Notes mail users (up to 50% more Lotus Domino Web Access users) with up to 25% less CPU resources than Lotus Notes and Domino 6.5. For more information about performance, as well as key factors to take into consideration when evaluating the potential performance benefits to be expected when upgrading to IBM Lotus Domino 7, refer to 2.3.1, "Reviewing the performance data for Notes/Domino 7" on page 27. Network bandwidth utilization can be minimized by using integrated compression techniques streaming replication and server caching introduced in Lotus Notes and Domino 6.5. 1.2.2 Opportunity to reduce time and costs for software deployment and configuration
Lotus Notes and Domino 7 make deployment and configuration easier: Lotus Domino domain monitoring provides a single view of the overall health of Lotus Domino servers in an enterprise, suggests probable causes and possible solutions, and allows proactive analysis of correlated events. The Activity Trends feature of Lotus Domino 7 incorporates predictive analysis technology, formerly delivered as a separate product. It offers autonomic and capacity planning tools. Lotus Domino policy-based administration enables administrators to centrally manage standards and enforce corporate IT policies. Lotus Domino 7 extends policy-based administration to include settings stored in user mail files. Chapter 1. Introduction 7 Lotus Notes Smart Upgrade enables installation and configuration of users' machines without visiting a single desktop. Lotus Domino 7 provides enhancements to further automate client installation and upgrade processes. 1.2.3 Leverage integrated capabilities
Notes and Domino 7 provides unprecedented integration options: Lotus Notes and Lotus Domino Web Access offer instant messaging and (optional) Web conferencing integration. With Version 7, presence awareness extends beyond mail to calendar, address book, and application templates such as teamrooms and discussions. Lotus Notes and Domino provide organizations with an effective way to manage conference rooms and meeting resources, such as audio-visual equipment, online meetings and more, with a centralized database. 1.2.4 Preserve existing investments while moving forward with a solid road map
Lotus Notes and Domino 7 lets you match your environment to your needs, skills, and investments: Lotus Domino supports a wide range of server operating system platforms (IBM AIX 5LTM, IBM i5/OS, IBM z/OS, Linux for Intel and IBM Eserver zSeries, SunTM SolarisTM, and Microsoft Windows 2000 and 2003). Client offerings provide flexibility to choose the supported option best tailored for your users: Lotus Notes, Lotus Domino Web Access (on Windows and Linux), POP or IMAP clients, or Microsoft Outlook (using Lotus Domino Access for Microsoft Outlook). Lotus Domino lets you leverage your current directory infrastructure through support for Microsoft Active Directory and LDAP. With Lotus Domino, you can take advantage of ongoing performance enhancements. Lotus Domino 7 server performance enhancements support the dramatic scalability increases described earlier for Lotus Notes and Lotus Domino Web Access users. With client performance enhancements in Lotus Domino Web Access 6.5.4 and 7, users have reported improved response times of up to 40%. Performance enhancements in Lotus Domino Access for Microsoft Outlook, introduced in Release 6.5.4, can significantly reduce application launch time. 8 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1.2.6 Provide high availability for your information and your environment
Lotus Notes and Domino 7 enable your users to remain productive: Lotus Domino provides many capabilities to help maximize the availability of your mission-critical information and help reduce downtime, including proactive monitoring tools, transaction logging, and server fault recovery. Advanced clustering technology provides failover for data as well as processor resources. 1.2.7 Protect your information
Lotus Notes and Domino 7 provide unrivalled security features: Security-rich functionality is the foundation of Lotus Notes and Domino. Advanced and proven security features include multilevel access control from the server all the way down to a field on a form, server and local file encryption, digital signatures, support for Internet security standards, and more. Execution control lists in the Lotus Notes client keep unauthorized scripts, code, and formulas from running on your workstation without your consent. 1.2.8 Extend your applications to serve the needs of an On Demand Business
Lotus Notes and Domino 7 enable you to leverage all of your IT investments: Lotus Domino-based collaborative applications can contribute to high return on investment. Many case studies demonstrate the business value of applications developed inhouse, custom-designed by IBM Business Partners, or available from independent software vendors. Lotus Domino Designer 7 enables you to rapidly built, test, and deploy security-rich, mission-critical business applications in house, using an open development environment. Lotus Notes and Domino 7 and IBM WebSphere Portal offer tools to help extend the reach of Lotus Domino applications to business portals. Using Lotus Domino Designer 7, your application developers can leverage Java or LotusScript technology to create Web services and expose Lotus Domino applications to external systems, including Java 2 Platform, Enterprise Edition (J2EETM) and Microsoft .NET environments. With the Lotus Domino 7 option to use IBM DB2 Universal Database as a data store, along with new design elements in Lotus Domino Designer 7, application developers can easily blend collaborative services with relational data. Using IBM Lotus Enterprise Integrator, you can create, manage, and schedule batch and real-time access to provide integration among a variety of relational systems such as IBM DB2, Oracle, Microsoft SQL Server, and more. 1.2.9 Enable users to be more productive
Lotus Notes and Domino 7 support increased user productivity: Many enhancements in Lotus Notes 7 and Lotus Domino Web Access 7 are designed to help users to manage the vast quantities of mail they receive on a daily basis and to manage their schedules and resources more effectively. Lotus Notes 7 offers multithreading for mail file views and instant messaging windows, enabling users to work productively while background tasks run. Enhancements to instant messaging integration include the ability to paste Lotus Notes links into instant messages and save online conversations to your mail file. General Lotus Notes 7 productivity enhancements include an Autosave feature, customization and management of open windows, access to more features from the rightclick menu, and a confirmation prompt when closing the application.
Chapter 1. Introduction 9 1.2.10 Lower total cost of ownership
Preliminary analysis of Lotus Notes and Domino 7 by Ferris Research indicates that Release 7 continues the downward trend in total cost of ownership (TCO) begun by Lotus Notes and Domino 5, and built upon by Lotus Notes and Lotus Domino 6 and 6.5. Initial studies suggest that direct costs and user productivity costs will each decrease by 15% over Lotus Domino 6. Ferris cites six main reasons for this continued reduction in TCO: More efficient use of server processor resources Easier administration of server infrastructure Much more comprehensive policy-based management Enhancements to Smart Upgrade Pervasive integration with Lotus Sametime Client productivity enhancements Additionally, Ferris goes on to state: Release 7 is a significant upgrade of the Notes/Domino infrastructure. Although the IBM product plan primarily classifies Notes/Domino 7 as a "server feature" release, the client component has benefited from significant and valuable improvements as well. For more information or to download the Ferris Report, visit this link:
http://www.ibm.com/software/swnews/swnews.nsf/n/nhan6fyn7f?OpenDocument&Site=default 1.3 Scope and focus of this paper
While the benefits and new features within Notes and Domino 7 carry across the entire portfolio of Notes and Domino 7 and the extended products, the scope of this paper is on the core Notes and Domino 7 products. Our focus is to provide best practices as they relate primarily to: Upgrading the Domino 7 server Upgrading the Notes 7 client Using several of the key new administrative features to more effectively monitor and optimize your Domino infrastructure Note: Additional IBM Redbook resources that focus on application development and security considerations for Notes and Domino 7 include: Lotus Domino 7 Application Development, REDP-4102:
http://www.redbooks.ibm.com/abstracts/redp4102.html Security Considerations in Notes and Domino 7: Making Great Security Easier to Implement, SG24-7256
http://www.redbooks.ibm.com/abstracts/sg247256.html 10 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1.4 Structure of this paper
In this paper, we discuss how to prepare for an upgrade and specific approaches, best practices, and specific steps for performing the upgrade: This chapter introduces IBM Lotus Notes and Domino 7, discusses its key new features, and presents the potential benefits that can be achieved through an upgrade. Chapter 2, "Preparing for your upgrade" on page 13 provides basic information about how administrators should best prepare for the upgrade before starting the project. In this chapter, we cover the following topics: - Brief overview of upgrade project, defining the rough schedule Understanding system requirements for software and hardware Performance considerations in the real world - Defining the basic outlines of new environment Transition planning - Preparation for the upgrade Chapter 3, "Upgrading the Domino server" on page 63 discusses best practices commonly used to get your Domino infrastructure upgraded to Domino Release 7. This chapter discusses the upgrade from a server perspective, assuming a straightforward upgrade of the entire environment to Domino 7. Where appropriate, it discusses some high-level considerations for dealing with a temporary phase in which mixed versions of Domino server and clients exist in the environment. Chapter 4, "Coexistence and interoperability in a mixed environment" on page 147 discusses interoperability of the Lotus Notes/Domino 7 features and considerations an administrator should take when working in a mixed release Notes and Domino 7 environment. This chapter does not focus specifically on the implementation itself, but instead discusses what behavior to expect when working in a mixed release environment. Where applicable, we recommend best practices for managing an upgrade to Domino 7 in a mixed environment. Chapter 5, "Client upgrade considerations and best practices" on page 169 discusses the considerations a Lotus administrator must make when upgrading the Notes clients to Release 7. We include some of the best practices for upgrading the Notes clients and discuss the new features from which you will benefit in doing so. The goal of this chapter is to assist administrators considering different upgrade options for the client in conjunction with considering how it will impact you from an administrative perspective and the client from an end-user perspective. Chapter 6, "Domino administration enhancements" on page 217 discuss several new administrative features introduced in Notes and Domino 7 that make it possible to administer your Domino infrastructure more easily and effectively. We focus on the following features: - Automatic diagnostic data collection Fault Analyzer - Server Health Monitoring and performance charting Chapter 1. Introduction 11 12 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 2 Chapter 2. Preparing for your upgrade
This chapter provides basic information about preparing for your Domino upgrade before starting the project. It is very important to create a detailed plan prior to performing the server upgrade. In this chapter, we cover the following topics: Brief overview of upgrade project, defining the rough schedule Understanding system requirements for software and hardware Performance considerations in the real world Defining the basic outlines of the new environment Transition planning Preparation for the upgrade Finally, we provide a checklist to use before the upgrade. At the end of the chapter, we briefly discuss some of the issues related to a Domino upgrade that you should consider prior to performing the server upgrade. Copyright IBM Corp. 2006. All rights reserved. 13 2.1 Brief overview of an upgrade project
When you start an upgrade project, there are many issues to consider. Planning is the first phase of a server upgrade, and it is very important for administrators to have detailed upgrade plans. Before starting the upgrade project, you must consider the following issues: Understand what is required to perform the upgrade. Define the upgrade tasks and build the schedule, considering all dependencies. Find skilled people to perform the upgrade tasks. In this section, we address a brief overview of an upgrade project from the viewpoint of creating a project plan. 2.1.1 Building a project schedule
The most important thing to understand before beginning the Domino upgrade project is what tasks the Domino administrator has to perform. When you know the tasks you need to perform, you can develop a rough schedule of the project. Include the following tasks in the Domino upgrade schedule: Develop an upgrade policy. Create a transition plan for the Domino servers. Create a transition plan for the Notes clients. Choose or develop migration assistant tools. Develop and administer test plans. Upgrade servers. Upgrade clients. Plan the application upgrade. Test and modify applications for the new environment. Apply a new application design for the new environment. Some of these steps are not always necessary for the upgrade plan. As the Domino administrator, you must determine which tasks are required at the beginning of the planning phase. Table 2-1 provides a brief summary of what is involved in each phase of the upgrade plan.
Table 2-1 Phase Develop an upgrade policy. **** Project phase and its outline (**** very important, *** important, ** recommended, *if needed) What administrators have to do in this phase Define the clients you use. Define the types of mail clients you use. Define the new features you will use. Define other changes you will make in your environment. 14 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Phase Create a transition plan for the Domino servers. *** * What administrators have to do in this phase Determine the flow of the upgrade. Define a detailed time schedule. Consider mixed environment issues. Define the system management for the new environment. Define how you will use the new Domino 7 features and how you will migrate these new features into your current environment. Create a transition plan for the Notes clients. *** This phase is required If you plan to upgrade your clients. Define how you will use the new Notes and Domino Web Access 7 features. Define how you will upgrade the client module into Notes 7 or how you will deploy Domino Web Access 7. Define how you will upgrade the mail template into Domino 7. Define the detailed schedule. Choose or develop migration assistant tools. * These tools are not necessary for the upgrade operation, but you might want to obtain them if there is a possibility that you will make some other improvements in the project. Choose and verify third-party migration assistant tools if necessary. If you need a migration tool but do not find the appropriate one, develop your own tools that will help you configure the environment automatically (for example, Domino Directory, database property, and personal address book). Typical tools are written in Notes application language (for example, a Notes NSF database containing agents written in LotusScript), shell script, or Perl script. Test the basic functions of Domino 7 that you will use in the new environment. Ensure that Domino 7 works well in a mixed environment. Ensure that the migration tool works correctly if you plan to use it. Ensure that the administration tool you are currently using can work well with Domino 7. Collect some data to create a detailed upgrade schedule (for example, time required for fixup). Develop and administer test plans. ** Upgrade servers. *** * Upgrade the clients. * This step must be included if you plan to upgrade the clients. Plan the application upgrade. ** Real upgrade operation as you planned in the previous phase. Real upgrade operation as you planned in the previous phase. Design a policy for testing and modifying existing applications into the new Domino 7 environment. Generally, Notes/Domino 5 and 6 applications work fine in the Domino 7 environment, but we still recommend that you check all of your mission-critical applications in case of incompatibility. Create a schedule to test and if necessary modify existing applications. Test and modify applications for the new environment. * Apply the new application design for the new environment. *** Test and modify the applications as you planned in the previous phase. Apply the modified design for Domino 7 in a production environment as you planned in the previous phase. Chapter 2. Preparing for your upgrade 15 We cover each phase outlined in Table 2-1 on page 14 in greater detail in the following sections of this chapter. All of the upgrade planning phases have a close dependency on each other, and while these dependencies might be different in each project, it is always true that some of the upgrade tasks do not happen until the previous task has finished. Figure 2-1 shows a brief example of an upgrade project. Plan Preparation Pilot Production time Total Develop a policy Server Client Transition planning Transition planning Testing Upgrade operations Upgrade operations (develop migration tools) Application Transition planning Testing and modifying Applying the new design Figure 2-1 Rough schedules for upgrade projects In an upgrade project, you must create a work breakdown structure (WBS) at the beginning of the project. Figure 2-2 on page 17 shows an example of a WBS in an upgrade project. In this sample project, the WBS has planned for servers, clients, and applications. Note that this is just a sample scenario and you must plan enough time for each stage appropriate for your environment. 16 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices TaskNo.
A A A A A A A A A A A A A A A A A B B B B B B B B B B B B B B B B B B B B B B B B B B B B 1 1 1 1 1 1 1 2 2 2 2 3 3 3 3 3 3 1 1 1 1 1 1 1 1 1 1 1 1 2 2 2 2 2 2 2 2 2 3 3 3 3 3 3 3 To Do
Total Planning current servey client choice new features planning Failover / Disaster Recovery deciding project goal Prepare software and hardware System Design Basic design Servers Topology Security System Administration Daily Schedule Server Monitoring User and group administration Desktop and clint management Additional configuration/preparation Upgrade servers Build a test plan for upgrade Build a solution for mixed-environment Create pilot environment Test in a pilot environment Build deitaled schedule Build a rollback plan Upgrade directory Upgrade administration server Upgrade hub servers Upgrade mail servers Upgrade application servers Upgrade clients Build a detailed upgrade plan Test client upgrade procedure Test client in a pilot environment Build a plan to configure clients Build a plan to upgrade mail template Test template upgrade procedure Upgrade clients Upgrade mail templates Application Transition current servey prioritrize Priority A test and modify Priority B test and modify Switch to new design for server Switch to new design for client Who Check Feb Mar Apr May Jun Jul Aug Sep 4 1118 254 111825 1 8 152229 6 1320273 1017241 8 1522295 1219261 8 152229
Planning Div Planning Div Planning Div Planning Div Planning Div Planning Div Server Team Server Team Server Team Server Team Server Team Server Team Server Team Server Team 1 2 3 4 5 6 1 2 3 1 2 3 4 5 1 2 3 4 5 6 7 8 9 10 11 1 2 3 4 5 6 7 8 1 2 3 4 5 6 Server Team Server Team Server Team Server Team Server Team Server Team Server Team Server Team Server Team Server Team Server Team Client Team Client Team Client Team Client Team Client Team Client Team Client Team Client Team App Team App Team App Team App Team App Team App Team Figure 2-2 Example WBS in upgrade project Creating a WBS is usually done by a project manager, but it requires specific experience and skills related to Domino upgrades. As the Domino administrator, you must understand what they have to do in each phase and how long it takes to accomplish all the required tasks. 2.1.2 Phases of an upgrade
When planning a detailed schedule, one of the most important concepts that all the administrators should know is the four phases of planning, preparation, pilot, and production. Understanding these four "p"s will help you to execute the upgrade operation with lower risks. Planning
In the planning phase, there are two important stages you have to manage: 1. Develop an upgrade policy and strategy. 2. Develop transition plans for servers, clients, and applications. Developing an upgrade policy and strategy requires defining the goal of the project, so this task is very important for your server upgrade plan. First of all, the system planning division should define a basic upgrade policy to use Domino 7 in their environment. In some cases, the system planners just want to upgrade their environment into Domino 7 to receive the full benefit of building robust infrastructure. In the other cases, they want to implement the full breadth of the Domino 7 features in their environment. Chapter 2. Preparing for your upgrade 17 The planning phase is not just for planning an upgrade to Notes/Domino 7. It is also essential to consider opportunities for improvement of your Notes/Domino domain. You might want to address the following issues as part of the Domino upgrade project: Changing message clients Applying failover Deploying disaster recovery Web-enabling Making an inventory and discarding unnecessary databases Server consolidation, which might also include Domino Domain consolidation Platform change In our experience, a server upgrade is an appropriate time to consider these improvements because they can happen within the context of the upgrade project. In many cases, some of these improvements are very complicated operations and we recommend that you perform these operations sequentially. Eventually, you will achieve a robust and stable infrastructure with Domino 7. To make your environment more reliable, we recommend applying a Domino cluster across a LAN or WAN to prepare for any server issues. Domino clustering is the best solution for failover, and we sometimes even use Domino clustering across a WAN to provide a disaster recovery solution. Note that handling multiple events simultaneously is challenging even for a skilled Domino administrator. You should carefully create a schedule and a plan with a well-considered sequence and dependencies. Understanding the required milestones will help you to create a schedule. Tip: It is always a best practice not to perform multiple large-scale upgrade events simultaneously. To minimize the project risk, you should perform each operation separately and sequentially. For example, if you are planning to include server consolidation in the upgrade project, consolidate the servers first in the same release you are currently running (for example, Domino 6.5.4), and then upgrade the server next. Every project should have its original approach. Managing the project in this sequential approach depends on many aspects, such as costs, period, risks, and so on. Above all, you must keep in mind that the best way to mitigate risk in the upgrade project is to not perform large-scale and challenging tasks simultaneously. After the goal of your domain is complete, you should arrange a detailed transition plan to upgrade the servers, clients, and applications. Preparation
Subsequent to making an overall plan for the upgrade project, as the administrator, you should start testing prior to the actual upgrade operation. Preparation needs to be part of the planning phase, because the result of preparation affects the upgrade operation itself. The main goals of preparation include: Check that your upgrade operation plan works well. Check that your configuration plan for the new Domino 7 environment works well. Check that your current tools for administration work well with the new Domino 7 environment. 18
Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Justify the operation for a rollback plan. General preparation begins with setting up a test environment. Create the test environment in a similar manner to the release you are currently running. Naturally, the environment should be built in the same platform as you currently use. Follow this upgrade operation according to the detailed plan created in the planning phase. Through these operations, you can devise a final detailed schedule and you can also create a checklist for the pilot operation. It goes without saying that preparation is also needed if you upgrade your Notes client. It is not always necessary to upgrade or change your client in an upgrade project, but If you want to use Notes 7, or Domino Web Access 7, you must check the required client environment and prepare upgrade tests for clients in this phase. Pilot
The next stage is the pilot phase. You might already have tested the upgrade plan with some trial-and-error when you completed the plan in the previous phase. However, it is very important to perform a simulated upgrade operation in a similar environment from the same release currently installed to the target release on same platform. It is also very important to use the same configuration that you are planning to deploy in a new Domino 7 environment. To have a successful upgrade, it is important to document everything that happens in this pilot operation. For example, you should record the detailed operation, detailed commands you type, the hours required to perform the upgrade, and any error messages you encounter. Remember that upgrading this pilot environment to Domino 7 itself is not the goal of the pilot phase. To make an evaluation for the new environment, this environment must be used by several users to ensure that you are ready to upgrade the production environment. It is also important to let all the database administrators test in this pilot environment. Although Notes and Domino applications developed in earlier releases usually work fine on the newer servers, it is a good practice to test in the new environment, especially for mission-critical applications. Note: Some cautious Domino administrators might want to have a benchmark test using the Server.load tool to ensure that their server can support the required number of users. If you can use the same hardware with the same configuration, it will be very useful to perform these tests. In that case, the most important thing is how you simulate the user's operation in Server.load scripts. You can get some good ideas for doing this in "Appropriate sizing" on page 24. Using the current status of a statistic report might help you understand how many concurrent users your server has at peak time. The show stat server command in the Domino Console shows all the statistics related to the server condition. You can see the number of current user access in Server.Users and at the peak time in Server.Users.Peak. You should simulate these number of users in Server.load. If you have a good estimation about performance, these operation are not always necessary. Performing these pilot steps can help complete your upgrade project with lower risks. It is possible for you to skip this phase and go into the production phase directly, but we highly recommend that you perform a pilot phase for the following reasons: You can confirm that the upgrade operation you planned is correct. You can check whether the new release server has potential bugs that may affect your environment. 19 Chapter 2. Preparing for your upgrade You can confirm that the new release server works with the appropriate performance if you have some benchmark test. You can confirm that your current applications work well with Domino 7. Production
If the pilot phase is successful, it is time to upgrade your environment into Domino 7. You should perform the production upgrade identically to the pilot phase. Of course, in the production phase, end users will be using the new environment, so an announcement of the upgrade, user training, and support planning are required, as well as preparing for system management. The production phase can be divided into several phases. As you see later in this paper (see "Building schedule" on page 40), there is a recommended sequence to upgrade servers. You can also use an early adoption program before upgrading all of your environment into Domino 7. For an early adoption program, administrators should select a specific server to upgrade first. Because this task has some effect on the production environment, it must be carefully carried out following the detailed plan. If you are planning a client upgrade as well, we recommend that you follow the early adoption program and upgrade specific clients to Notes 7 or Domino Web Access 7. Choose the users for the early adoption program carefully because this is an unpredictable scenario requiring highly skilled users. Members of the Domino administration group are often the best users to upgrade their client environment first, but upgrading a "real-world" user is also essential to gain their feedback prior to the enterprise-wide upgrade. In some cases, you might have only one production server in a very small environment. In this situation, do not take an early adoption program for a server, though it might be useful for the client upgrade. 2.2 Understanding system requirements
This section describes the requirements for running the Domino 7 server. This information might be updated periodically on the Web. This paper describes the latest information at the time of writing, but we recommend that you check the latest information as you plan the upgrade. You can obtain this information at the following Web page:
http://www.lotus.com/ldd/doc This section also includes our experiences with software and hardware considerations not available on the Web. You might find this information useful, in addition to that available on the Lotus Web site. 2.2.1 Software requirements
When upgrading your environment to Domino 7, you must pay careful attention to its software requirements. Some of the platforms and versions you used on Domino 6 are no longer supported. Platforms and versions
Before upgrading your server to Domino 7, you must verify whether your current operating system is supported. Here, we provide the supported list of operating systems for the Domino 7.0 server. As we mentioned at the beginning of this section, refer to the Domino 7 Release Notes for the most current information. Microsoft Windows 2000 Server 20 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Microsoft Windows 2000 Advanced Server Microsoft Windows Server 2003 Standard Edition Microsoft Windows Server 2003 Enterprise Edition IBM AIX 5L Version 5.2 IBM AIX 5L Version 5.3 SUSE Linux Enterprise Server (SLES) 8 SUSE Linux Enterprise Server (SLES) 9 Red Hat Enterprise Linux (RHEL) 4 Sun Solaris 9 IBM i5/OS Version 5, Release 3 IBM z/OS Version 1, Release 5, and later SUSE Linux Enterprise Server (SLES) 8 on zSeries (31-bit) SUSE Linux Enterprise Server (SLES) 9 on zSeries (64-bit) Red Hat Enterprise Linux (RHEL) 4 on zSeries (64-bit) Note: IBM AIX 5L V5.1, Microsoft Windows NT, IBM OS/400 V5R1 and V5R2, IBM z/ OS V1R3 and V1R4, Solaris 8, Red Hat 7.2, Red Hat Enterprise Linux AS 2.1, and United Linux 1.0 other than those listed are not supported. Additionally, you must be careful not only about the version of operating system, but also detailed patches for each operating system. The Release Notes describes the details. You must check the latest Release Notes and configure the operating system as it is. If your current platform version is not supported in Domino 7, you need to consider upgrading your operating system before you upgrade your Domino environment to Domino 7. You can also change your platform at this time if necessary. Refer to 2.8.1, "Server platform choice" on page 61. Remember that you should not perform this operation unless absolutely required, because it makes the project very complex and increases the risks. Third-party software
When upgrading your current Domino environment, you also need to consider the third-party software applications that you currently use, such as antivirus, backup, user administration, server monitoring, database management, and other applications that you might use. You must verify that each product is supported in Domino 7 on the same platform you currently use. For example, if your Domino 6 server runs antivirus software on AIX 5L V5.2, you must verify whether this product is also supported in Domino 7 on AIX 5L V5.2. In some cases, you might need to upgrade the third-party tool itself to use it in the Domino 7 environment. Tip: If you do not know what software tools you are currently using, checking your server's NOTES.INI file will help you find these products. Locate the following parameters:
Servertasks= NSF_Hooks= If you are running any additional server tasks, it is usually described in the Servertasks line. If this is not a standard Domino task, be careful of this task during the upgrade. The NSF_Hooks parameter also shows additional tasks performed on the server. Although this approach might not find all of the tools in your domain, you will find the critical applications running on the server. Chapter 2. Preparing for your upgrade 21 Client software
The client you choose will specify its own supported operating system. For Notes and Domino Web Access client, the Release Notes describe the supported platforms. Note that Microsoft Windows 95 and 98 are not supported in Notes 7. Here is the supported list of operating systems for Notes 7: Microsoft Windows 2000 Professional Microsoft Windows XP Professional Microsoft Windows XP TablePC Edition Windows XP Tablet PC Edition 2005 Supported operating systems for Domino Administrator client and Domino Designer are: Microsoft Windows 2000 Professional Microsoft Windows XP Professional Note: Windows 95 and 98 are no longer supported in Notes 7. Macintosh is not a supported platform at the release of Notes 7.0; however, there is a plan of support in the future. Notes 7 is also supported on Citrix MetaFrame Presentation Server 3.0. There is a description in the technote "Supported Configurations and Support Policy for Citrix MetaFrame," at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21098489 Table 2-2 lists the supported operating systems and browsers for Domino Web Access.
Table 2-2 Supported matrix of operating systems and browsers for Domino Web Access 7 Microsoft Windows 2000 Professional Microsoft Windows XP Internet Explorer 6.0 Mozilla 1.4.1 and 1.7.x Mozilla Firefox 1.0a Supported Unsupported Supported Novell SUSE Linux Enterprise Server (SLES) 8 Novell SUSE Linux Enterprise Server (SLES) 9 N/A Supported Supported a. Supported by the DWA7.NTF mail template only; not supported by INOTES6.NTF templates. Note: Each Web browser has its known limitations for running Domino Web Access, which the Release Notes describe. We strongly recommend that you check the Release Notes before deploying Domino Web Access. Also note that Windows 95, Windows 98, Windows NT, Red Hat 7.2, Red Hat 8.0, Mozilla 1.3.1, and Microsoft Internet Explorer 5.5 are not supported in Domino Web Access 7.0. This issue is especially important when you upgrade from iNotesTM 5 or Domino Web Access 6 to Domino Web Access 7. If have Post Office Protocol Version 3 (POP3) or Internet Message Access Protocol (IMAP) mail clients, you can select from many mail clients that support POP3/IMAP and Simple Mail Transfer Protocol (SMTP) protocols. Each mail client has its own supported operating system. Provided you are currently using a POP3/IMAP mail client, you do not need to be concerned 22 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices about the environment for client software, because changing the server release does not have any influence on this client. However, if you are planning to migrate your Notes clients into a POP3/IMAP mail client, when you must choose the client, pay attention to its supported platforms. Domino Access for Microsoft Outlook has the following software requirements for Domino 7: Microsoft Windows operating system (Windows 2000 Professional or Windows XP Professional) Microsoft Outlook 2000, or Outlook XP with SP3, or Outlook 2003 with SP1 Domino server running 6.5.1 or later Mail databases created using a Mail7.NTF, Mail7ex.NTF, or DWA7.NTF template 2.2.2 Hardware requirements and considerations
When you upgrade your environment to Domino 7, you must also consider the hardware capacity. If you do not estimate the hardware capacity correctly, your server might not provide an adequate response time. There is a brief description in the IBM Lotus Notes, Domino, Domino Designer Release Notes Version 7 about the required resources. Table 2-3 lists the supported and recommended hardware for each server platform.
Table 2-3 Required hardware for each server platform Minimum processor Intel Pentium or later and compatibles Intel Pentium or later and compatibles PowerPC RAM 256 MB minimum 512 MB or more recommended per CPU 512 MB minimum 512 MB or more recommended per CPU 512 MB minimum 512 MB or more recommended per CPU 512 MB minimum 512 MB or more recommended per CPU 512 MB minimum 512 MB or more recommended per CPU 288 MB minimum 512 MB or more recommended Disk space 1.5 GB minimum per partition Server platform Microsoft Windows 2000 Microsoft Windows 2003 1.5 GB minimum per partition 1.5 GB minimum 1.5 GB or more recommended 1.5 GB minimum 1.5 GB or more recommended 1.5 GB minimum 1.5 GB or more recommended 1.6 GB minimum 2 GB or more recommended IBM AIX Linux Intel Pentium or later and compatibles UltraSPARC and newer Sun Solaris Domino for IBM i5/OS IBM Eserver iSeriesTM server based on PowerPC (RISC) technology Eserver i5 Model 520 or later Any that supports your release level of z/OS Any that supports your release level of Linux on zSeries IBM z/OS 1 GB minimum 2 GB or more recommended 1 GB minimum 2 GB or more recommended Three 3390-3 volumes minimum 2.5 GB minimum 2.5 GB or more recommended Linux on zSeries Chapter 2. Preparing for your upgrade 23 You cannot easily to determine the server hardware for a production environment just by checking the Release Notes. You must perform an adequate sizing when you acquire new hardware. Remember that this hardware requirement is only available for a production server whose workload is extremely limited. Even if you are planning to keep using your current hardware, we still recommend that you check its configuration and performance and determine whether it is possible to upgrade the current production server to Domino 7. We discuss additional performance issues in 2.3, "Performance considerations: Hardware resource use in the real world" on page 26 with referring performance data from IBM developerWorks. Disk space and templates
In addition to hardware capacity, you need to carefully check the disk space usage on the Domino server. This is required for both program file size and data file size. The most important consideration points for server must be the size of mail templates. Table 2-4 lists the installed sizes for both of Domino 6.5.4 and Domino 7 on a Windows platform.
Table 2-4 Template MAIL6.NTF/MAIL7.NTF MAIL6EX.NTF/MAIL7EX.NTF INOTES6.NTF/DWA7.NTF Template size differences between Domino 6.5.4 and Domino 7 Domino 6.5.4 13,107,200 13,631,488 13,631,488 Domino 7 17,039,360 17,825,792 17,381,504 If you are currently using Single Copy Template (SCT), the increase of the template size should not be a problem. However, the required disk space will be increased f you do not use SCT. This size increase affects not only the size of disk system, but also the amount of time required and the size required for backup operations. Note: As we describe in "Disk I/O" on page 29, the number of disk drives are very important in determining performance. From that point, it is not always necessary to care too much about disk usages because having enough disk drives usually means that you have enough disk size. If you are considering whether to use the Single Copy Template (SCT), we recommend that you read the technote "Corruption in a Single Copy Template can affect databases based on that template" because SCT can be a single point of failure:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21208475 Appropriate sizing
When using new hardware for Domino 7, you must receive an adequate sizing service prior to determining the hardware requirements.The critical factor in sizing is how you determine users' access to the server. The administrator must decide this carefully because the initial assumption will greatly influence the result and often make the required hardware size totally different. An administrator needs to consider the following points before sizing: How many users are registered on the server? How many concurrent users will have access to the server? How heavily does each user use the server (heavy user or not)? Which clients will the users run (Notes, Domino Web Access, and so on)? 24 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices How large is the mail file size for each user? Are there additional tasks or functions that affect performance (cluster, antivirus, SSL, mail journaling, and so on)? Consider these issues and find the appropriate organization to provide sizing services for Lotus Domino 7. Hardware requirements for clients
When you upgrade your client environment to Notes 7 or Domino Web Access 7, your client hardware also needs to meet the hardware requirements. Check the minimum and recommended required levels in the Release Notes. Table 2-5 lists the supported and recommended hardware for each Notes client platform.
Table 2-5 Required hardware for each client platform Processors supported Intel Pentium RAM 128 MB minimum 256 MB or more recommended Microsoft Windows XP Intel Pentium 128 MB minimum 256 MB or more recommended 275 MB required Disk space 275 MB required Client platform Microsoft Windows 2000 When upgrading from Notes 6 to Notes 7, it is a good idea to compare the minimum required hardware for each version. Table 2-6 shows the comparison on the Microsoft Windows XP platform.
Table 2-6 Release Notes 6.5.4 on Windows 95, 98, or NT Comparison between Notes 6.5.4 and Notes 7 Processors supported intel Pentium RAM 64 MB minimum 128 MB or more recommended Notes 6.5.4 on Windows XP Intel Pentium 128 MB minimum 256 MB or more recommended Notes 7 on Windows XP Intel Pentium 128 MB minimum 256 MB or more recommended 275 MB required 275 MB required Disk space 275 MB required Microsoft Windows 95, Windows 98, and Windows NT are no longer supported for the Notes 7 client. Therefore, if you are running one of these operating systems, you need to upgrade to a supported operating system. Although the Release Notes mention the minimum and recommended system requirements, it is a best practice to check the performance with your representative client environment. There are also hardware requirements for Domino Web Access and Domino Access for Microsoft Outlook.
Improving performance, and consequently reducing the total cost of ownership, is a major goal of Lotus Notes and Domino 7. For Notes remote procedure call (NRPC) users, the native Notes/Domino protocol using port 1352, the code has been streamlined and certain constraints have been removed to allow more users to be serviced at a given level of processor utilization. As a result, most Notes/Domino 7 platforms show a reduction in CPU utilization with the same number of Notes 6 users. The CPU savings represent the maximum level of performance improvement we would expect to see in a customer environment. While Notes/Domino 7 might yield significant benefits in terms of CPU utilization, be aware that total performance depends on more than just CPU utilization. Total performance benefits depend on numerous additional hardware resources, subsystems, and other factors within the environment. 26 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices In addition to focusing on CPU utilization, we highlight the importance of considering the following primary hardware resources: CPU Memory Disk I/O When administrators understand the performance impact as it relates to each of these hardware resources, they can set proper expectations and plan, or if necessary modify, their environment accordingly. Note: The intent of this section is to help administrators better understand how different hardware resources can have an impact on the overall system performance. It is also intended to guide you to the most current, detailed published data about Domino 7 performance. This section is not intended to be a definitive, stand-alone source about performance data for Notes and Domino 7. 2.3.1 Reviewing the performance data for Notes/Domino 7
As a starting point to thoroughly understand the performance improvement data, we recommend beginning with the following series of articles published on IBM developerWorks. At the time of writing, the following performance reports are available: Lotus Domino 7 server performance, Part 1: Lotus Notes client workloads
http://www.ibm.com/developerworks/lotus/library/nd7-perform/index.html Lotus Domino 7 server performance, Part 2: Domino 7 performance for Domino Web Access users
http://www.ibm.com/developerworks/lotus/library/domino7-internet-performance/index.html Lotus Domino 7 server performance, Part 3: Enterprise mail performance
http://www.ibm.com/developerworks/lotus/library/domino7-enterprise-performance/ Lotus Domino 7 performance in production at IBM on pSeries servers
http://www.ibm.com/developerworks/lotus/library/domino7-pseries-performance/index.html As you read these reports, it is clear that Domino 7 offers significant performance benefits, especially in terms of CPU usage. Accordingly, it is easy to assume that an upgrade to Domino 7 will simply improve your system's performance without additional considerations. However, if we take a look at the real-world performance, we need to consider architectural differences and focus on the potential bottlenecks for server performance. Note: Although upgrading to Domino 7 might result in significant performance increases, it is important to understand that numerous resources contribute to overall performance. Performance improvements in Domino 7 depend on the source of a specific performance bottleneck. If the bottleneck is CPU related, the performance benefits might be substantial. If the bottleneck exists primarily due to I/O, this should be addressed prior to an upgrade. In certain circumstances, a server running Domino 6 does not always support the same number of concurrent access users on Domino 7. Performance results will vary, because the benefits of Domino depend on architecture, infrastructure, types of application usage, and finally, the source of a performance bottleneck. Chapter 2. Preparing for your upgrade 27 In the next sections, we address additional hardware resources to illustrate that while Domino 7 can provide significant performance improvements due to more efficient CPU utilization, each environment is unique and might have bottlenecks outside of the CPU. Accordingly, it is very important to focus on all aspects of the system, including memory and disk I/O. 2.3.2 CPU, disk I/O, and memory: Resource utilization
Table 2-7 and Table 2-8 have been taken from the results of Lotus Domino 7 server performance, Part 3: Enterprise mail performance. These results represent data from an enterprise mail server running on AIX 5L. We include these results to highlight trends based on hardware resources.
Table 2-7 Resource CPU percent busy Disk read requests/second Disk write requests/second Shared memory used (MB) Process memory used (MB) Network bytes/sec Table 2-8 Resource CPU percent busy Disk read requests/second Disk write requests/second Shared memory used (MB) Process memory used (MB) Network bytes/sec Resource utilization numbers for tests performed with MAIL6.NTF template Domino 6.5 97 20,728 30,733 1209 63 19,203 Domino 7 71 22,065 32,980 1032 109 20,779 Change (percent) -27 6 7 -15 73 8 Domino 7 users with MAIL7.NTF, Domino 6.5 users with MAIL6.NTF mail template Domino 6.5 97 20,728 30,733 1209 63 19,203 Domino 7 76 28,466 37,712 1045 105 22,671 Change (percent) -22 37 23 -14 67 18 CPU
As shown in numerous reports from our performance team (and in Table 2-8), an upgrade to Domino 7 will significantly improve CPU utilization. If your current Domino server's bottleneck is directly associated with CPU, you can expect a significant performance benefit by upgrading your Domino server to Domino 7. This might be the case with a large system that has a very large disk system, numerous disk drives, and a high level of disk cache. In the real world, however, the bottleneck affecting performance often lies beyond the CPU utilization of the Domino server, especially in the case of servers that are heavily accessed by Notes clients. Important: Prior to upgrading it is advisable to check the original server's CPU usage and to gather enough data to identify accurate usage and trends. The way to check the current usage differs in each platform. For example, you can check this using the performance monitor tool in Windows or using the vmstat command in UNIX. 28 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Memory
Understanding and discussing memory usage is one of the more challenging topics in Domino server performance. Because Domino uses a shared memory model, you need to carefully consider both the shared memory usage and the process memory usage. As discussed in the developerWorks article referenced in Table 2-7 on page 28 and Table 2-8 on page 28, Domino 7 has performance benefits for shared memory in this environment. However, although this article shows some disadvantages in process memory usage, that is not a significant consideration, because the Notes client does not require much process memory. Furthermore, the memory results from performance testing should not be considered as strongly as CPU or disk I/O, because these results vary significantly depending on environment, platform, parameters, and amount of memory installed. Note: There are several supported NOTES.INI file parameters related to memory usage, some of which are documented in Lotus Domino 7 Administrator Help and in IBM Technotes. However, controlling parameters related to memory is very difficult and requires indepth knowledge of memory usage, so we do not recommend using these parameters without the assistance of IBM support staff. Disk I/O
Finally, we highlight the importance of disk I/O as a resource and potential bottleneck. In many cases, our experience shows that the Domino server's bottleneck is often in disk I/O, especially in the case of Domino mail servers. We recommend that you analyze your server's disk I/O statistics and establish a baseline of trend data to better understand how an upgrade might impact disk I/O performance when upgrading your Domino server into Domino 7. Some of the testing results from our performance team show an increase of I/O when you upgrade the server and templates from 6 to 7. If the servers you are planning to upgrade currently have a bottleneck in disk I/O, this can cause further performance bottlenecks that your new server cannot support, even with the same number of concurrent access users you currently have. You must check your current status carefully in advance of the server upgrade and, if necessary, strengthen the I/O capability. Tip: If you want to see the status of the disk and statistics related to disk I/O, you can use performance monitoring tools from within the operating system. For example, you can check the disk status in the Disk Idle Time percentage in Windows and the iowait parameter of the vmstat result in UNIX. Addressing disk I/O
To address a potential bottleneck as the result of disk I/O, adding physical disk drives is the best way to increase I/O capacity. Generally, the capability of disk I/O depends on how many disk drives you have, the RPM of the drives, what kind of RAID configuration you have, how much disk read/write caches you have, and so on. Adding disk drives is one of the simplest ways to improve this bottleneck. Confirming the current usage of server resources is very important prior to starting your upgrade, so gather enough data to determine a solid baseline. In many cases, disk I/O is a very important performance point, but you should also check all of your resources. If your environment has specific weak points, and is illustrating trends of reaching a capacity limitation, we recommend that you address and correct this prior to upgrading to Notes/Domino 7. Chapter 2. Preparing for your upgrade 29 Note: Frequently, questions are raised about recommendations for how many concurrent users can be supported on a single server running on specific hardware. For example, "How many users can I support using an xSeries 346 in Domino 7?" The answer to the question differs, depending on each specific environment. For example, if you change the disk systems, this can raise the number of concurrent users because disk I/O is the most likely case for Domino to be a bottleneck, especially for a small server. As we have discussed in this section, administrators often consider performance issues to be only related to CPU utilization or memory usage, but disk I/O is also a very important resource. For additional resources about Notes and Domino performance and sizing recommendations, also refer to publications on developerWorks:
http://www.ibm.com/developerworks/lotus/products/notesdomino/ With an understanding these basic issues, we take a closer look at how we consider each resource when we perform an upgrade. 2.4 Defining the basic outlines of a new environment
While understanding system requirements and considering the performance for a new environment are very important, there are several more issues that the administrator should consider. In this section, we demonstrate in detail how to plan and design your new environment. Defining basic upgrade policies and determining your upgrade goal, determining how you implement your Domino 7 server, and how you administrate these environments are the major points to consider in the upgrade project. 2.4.1 Basic policies
At the beginning of an upgrade project, the administrator or system planning division must decide the basic policies and strategies for performing the upgrade. The upgrade project sometimes involves more than upgrade itself, for example, changing the type of clients and building fail-over and disaster recovery solutions. Furthermore, it is also common to change server platforms or perform server consolidation. We provide an additional section at the end of this chapter to address these issues briefly. Refer to 2.8, "Other considerations for the upgrade project" on page 61 if necessary. Client choice
The Domino 7 server can be accessed by the Notes client, Domino Web Access, POP3, or IMAP/SMTP client. If Microsoft Outlook is installed on the client machine, you can also access the Domino server using Domino Access for Microsoft Outlook. Each client offers its particular advantages, as well as potential disadvantages. You must consider carefully any loss of functionality resulting from a client change, because this will be noticeable to your users and potentially result in additional support calls. Table 2-9 on page 31 is the brief table presenting both the advantages and disadvantages. Although the character of these clients is totally different and it cannot be exhaustively described in a small chart, this is a good starting point for considering a client change. We recommend that you test the clients yourself and decide which client is the most appropriate for your future environment. 30 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 2-9 Brief advantages and disadvantages of each messaging client Advantages Easily integrated into Domino environment (for example, easy to create workflow). Many merits as a dedicated client for Domino, including local replication, rich text editing, preview pane, type ahead addressing, short cut keys, and more. Disadvantages Need to install on each client machine. Need to configure roaming service if you want to use from another client machine. Client types Notes client Domino Web Access Notes mail-like interface. Can be used from any supported browser from any location. Easily integrated into portal. Difficult to customize. Features are similar to Notes but still limited. Domino Offline Services is needed if you want to have offline access and local archive. Much more server resources (especially CPU and memory) are needed compared to the Notes client. POP3, IMAP/SMTP Internet standard. Can choose your favorite POP3/IMAP client. No support for calendar and scheduling. LDAP server is needed to search address. If you do not plan to access your Domino application database or mail files from a Web browser, we recommend that you use the Notes client as your primary mail client. In this case, you have the option of using Domino Web Access as a secondary mail client. Domino Web Access or POP3/IMAP can be an option if you plan to discontinue using the Notes client, which requires that you consider Web-enabling all of your Notes/Domino applications. You can also access the Domino 7 server from Microsoft Outlook using Lotus Domino Access for Microsoft Outlook. However, this case is usually limited because your users need to have Microsoft Outlook installed on their client machines. Notes and Domino 7 new features
Upgrading to Notes/Domino 7 offers the advantage of building a robust infrastructure, in addition to performance benefits, even if you do not use any of the new Notes/Domino 7 features. However, the greatest benefit to your environment is applying all of the new features offered in Notes/Domino 7. Here, we present a number of new features offered in Domino 7. We recommend that you also review the "Overview - New features in IBM Lotus Notes and Domino 7" topic in IBM Lotus Notes/Domino 7 Release Notes and the IBM Lotus Notes and Domino 7 Reviewers Guide (ftp://ftp.lotus.com/pub/lotusweb/product/domino/ND7_Reviewers_Guide.pdf) to familiarize yourself with the new features introduced in Domino 7. Start using Domain Name System (DNS) blacklist and whitelist filtering and create spam-free mail infrastructure. Domino 7 improves on the DNS blacklist feature available in Domino 6, enabling you to gain better control over spam mail by using DNS blacklist and whitelist filtering.
Chapter 2. Preparing for your upgrade 31 Start using Domino domain monitoring (DDM) to monitor your Domino environment. DDM provides better monitoring of your servers and domains. Start using automatic diagnostic data collection and Fault Analyzer to troubleshoot server and client failures. If your Domino server crashes, you can automatically collect diagnostic information with automatic diagnostic data collection and analyze the crash using Fault Analyzer to determine the source of the crash. Develop and deploy Web services. Now you can rapidly create a Web service provider in Domino 7 and Domino Designer 7. Domino natively supports SOAP messages and creating Web Services Description Language (WSDL) using LotusScript. Develop and deploy the Web applications using Java virtual machine (JVMTM) 1.4.2. While Domino 6 offered the JVM 1.3.1 environment, Domino 7 now has JVM 1.4.2. This helps developers to use Java classes requiring JVM 1.4. Start using new rooms and resources. Rooms and resources have been greatly improved in Domino 7, eliminating double booking, limiting future reservations, and enabling rooms and resources to used in a clustered environment. Start using the policy lock-down feature to gain better control of clients. The policy lock-down features enables you to lock down the client configuration. Start using mail policy to have better control of mail database settings. By using the mail policy feature, you can gain control over Notes users' mail and calendar usage. This enables you to control detailed configuration of mail and calendar and can be used in conjunction with the policy lock-down feature. These are just a few examples of the new Domino 7 features you can easily implement in your environment, rendering your Domino domain much more stable and easy to administrate. Transaction logging
Transaction logging was introduced in Domino 5 and greatly improved in Domino 6. The basic architecture of transaction logging is to catch all the changes or transactions to each database and log them to a disk drive sequentially. Transaction logging poses huge advantages for the Domino server, and the upgrade process is an opportune time to implement transaction logging if you have not already done so. The advantages of transaction logging include: Quick and safe recovery from a server crash After a server crash, each database that was in use at the time of failure requires fixing up to ensure its integrity. Applying transaction logging will let the server skip this process, recovering the database directly from the transaction log instead. This will give you quick and safe recovery from a system failure. Furthermore, you can take advantage of the View Logging feature introduced in Domino 6, which provides transaction logging support for views and folders. Enabling this feature is especially effective for the Domino Directory $Users and $ServerAccess views, because these hidden views are crucial to the Domino system and also require a long time to rebuild after a crash if you are not using this view logging feature. 32 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Performance benefit Because transaction logging writes transactions sequentially to disk, it can help reduce the bottleneck of disk I/O. If transaction logging is not implemented, the Domino server must write transactions directly to each database, requiring the disk arm to have a random access, which is much slower than sequential access. If you use transaction logging, the Domino server will write transaction logging first and update these transaction later in the each database. Note that the capacity of disk drives for transaction logging is critical to performance, and they must be physically dedicated to transaction logging to make the most efficient use of sequential writing. We recommend that you have separate physical disk drives for transaction logging, data directory, and paging file of the operating system. You will find several performance reports for transaction logging on IBM developerWorks: - Assessing the impacts of new transaction logging features
http://www.ibm.com/developerworks/lotus/library/ls-D6translog/ - More on Domino 6 transaction logging
http://www.ibm.com/developerworks/lotus/library/ls-More_D6_Trans_Logging/ Incremental backup Performing an incremental backup will help reduce your backup time. Note that this does not mean you do not need perform a full backup, and you should periodically carry out a full backup operation. However, you can capture daily changes by applying an incremental backup, a great time-saver when performing a weekday backup. Fail-over and load balance solution
For an administrator who wants to build a robust infrastructure and reduce unavailable time, a cluster solution is advisable. The upgrade process is a good time to implement this solution. Because implementing a fail-over solution is time-consuming, you should include the planning process for clustering into your schedule. There are two primary technologies to achieve a cluster solution. The first is applying the Domino cluster service provided natively by Notes and Domino, and the second is using an operating system-level cluster provided by an operating system vendor or third party. When planning a cluster solution, you must understand the difference between these and choose the appropriate solution for the environment. Figure 2-3 on page 34 demonstrates how Domino clustering works. This is an application-level cluster based on Domino replication technology. Each Domino server is working as a logically different server (for example, as Server01/IBM and Server02/IBM), and they are replicating almost in real time with each other, which is known as cluster replication. The Notes client knows what servers are in the same cluster and has a feature of dynamic failover in case it is unable to access to one of the servers. The clustering solution provides failover whether the access failure is caused by the Domino server, operating system, hardware, or network issues. Another key advantage of Domino clustering is load balancing. In a Domino cluster, two or more servers are working and providing the same service simultaneously, and you can configure them to provide load balancing as well. You can control the server load for system availability or concurrent users. Chapter 2. Preparing for your upgrade 33 Cluster Replication Server1 Server2 NotesDB
Figure 2-3 The basic architecture of Domino clustering NotesDB Unlike the Notes client, a browser does not offer dynamic fail-over functionality. Fortunately, the Domino server offers a feature for Web clustering called Internet Cluster Manager (ICM). ICM works as a front-end Web server for Web browsers followed by a back-end Domino cluster. The main function of ICM is redirecting the very first HTTP request from a Web browser to an available Domino Web server. An alternative Web browser solution is IP sprayers instead of ICM. Domino cluster itself has an automatic replication feature and works fine with IP sprayers, such as IBM WebSphere Edge Server. This architecture is quite common for deploying clustering for WebSphere Application Server. You can achieve a similar architecture if you fit Domino cluster technology and WebSphere Edge Server technology together. In this case, Domino does the data replication, and IP sprayers perform the failover and load balancing. Tip: Because Domino cluster architecture is a duplicate database model, you have to consider how you will copy a database to another server when you start to implement Domino clustering. From our experience with the upgrade project, we recommend that you create a replica of the database using Domino rather than making an OS copy if you plan to run load convert. A technote documenting this behavior, "Load Convert Causes Frameset Corruption of Domino 6.x Database," is available at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21155787 The other way to build a cluster is by using operating system clustering, which depends on each operating system (for example, HACMPTM on IBM AIX 5L) or cluster products. Note that this cluster solution is similar to the Domino cluster, but the architecture of the cluster is absolutely different. Operating system clustering requires a shared disk instead of data duplication, and both servers are connected with a heartbeat line and provide failover if the other server is unavailable. One server is usually providing service and the other is waiting, so it cannot provide a load balancing solution. If there is some problem for the primary server, the secondary server takes over all the resource, including IP address and shared disk, and starts up as though it was the primary server. The server monitor usually handles only the health condition of the operating system and not application process status, such as a crash or hang. Fortunately, Domino has a very useful 34
Lotus Notes and Domino 7 Enterprise Upgrade Best Practices function called Fault Recovery, which enables the server to automatically recover from its crash. Because an operating system cluster is based on a shared disk model, the fail-over time usually depends on the environment and how much disk quota is available. Because the minutes for takeover will be critical for clustering, consult an OS clustering expert. In contrast, Domino clustering provides a zero downtime cluster because the Notes client automatically detects a failure and shifts to the other cluster member. Figure 2-4 illustrates how an operating system cluster works. Heartbeat Server 1
Share d Disk (Server 1 ) Figure 2-4 The basic architecture of operating system clustering Table 2-10 provides a comparison list for choosing your cluster solution. Domino clustering was introduced in Domino 4.5 and is becoming the preferred clustering option.
Table 2-10 Brief comparison between Domino cluster and OS cluster Domino cluster Application failure Automatic fault recovery for server crash, and failover by Notes client for hang. Automatic failover to the other server by Notes client. Automatic failover to the other server by Notes client. Data can be recovered with RAID recovery although it takes time. Dynamic failover by Notes client. Logically different servers with replicated databases (different database icons). OS cluster Automatic fault recovery for server crash. Requires monitoring from the other server to detect failure. OS cluster handles. RAID recovery. Hardware failure, OS failure Disk failure Downtime for take over How Domino server works for users Requires minutes, depending on the size of the disk, and so on. Same server using same server ID and database (it can be seen as the same server). Chapter 2. Preparing for your upgrade 35 Domino cluster Consideration for application OS cluster Need to be coded to work in a cluster. Perfectly works as same. Hard-coded server names are not preferable. Also need to have ICM or load balancer for Web browser. Because it has replicated data on the other side, the administrator can easily stop one of the server without having unavailable time for users (for example, backup or other administration operation). You can have load balancing solution for both availability and maximum users. Requires special skill other than Notes/Domino. Need to have a shared disk. Additional consideration points Load balancing There are no load balancing solutions. As you can see, Domino cluster has lots of merits, especially for its reduced downtime and the easy shutdown the other side servers, although it has some tricky consideration points. Consider all these issues in planning phase and decide which to use. Tip: For further information about the Domino on Windows serverTM clustering technology, refer to the technote "Is Domino supported on Windows Server Clustering Technology?", available at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21165986 Disaster recovery solution
In addition to providing a fail-over solution, it is also important to have a disaster recovery plan. Building a disaster recovery solution generally requires creating a similar backup environment in a geographically remote location. To devise this solution in Notes/Domino 7, you must consider the following issues: How to move data to the remote location To provide a similar service at the remote location, it must have the same or very similar data. Therefore, you must consider how you will move your Domino database to the remote place. The most logical method requires using the Domino replication feature. You can use either schedule-based replication or cluster replication. If you use schedule-based replication instead of cluster replication, it will reduce network traffic, especially during peak times. The other approach involves using a tool included with the operating system or disk system. For example, some storage systems provide a peer-to-peer remote copy solution. The most low-tech solution uses a backup tape to move it to the remote site. How to switch all users to the backup site in case a disaster recovery solution is required Domino clustering provides the best solution for switching users to the remote location dynamically. An alternate solution is to change your IP routing and mimic the original network environment at the remote site, which requires that the Domino server run with the original server ID. Reconfiguring your network system in this manner is much more difficult to implement than Domino clustering, but holds the advantage that it is applicable to almost all types of TCP/IP applications. The requirements for the backup site You must define what is required for the backup site. For example, if you use schedule-based replication to minimize the network bandwidth, that means your data is not synchronized in real time. If the goal of disaster recovery is simply providing the infrastructure for emergency e-mail routing, you do not need to hold and synchronize the 36
Lotus Notes and Domino 7 Enterprise Upgrade Best Practices original data at the backup data center. Your backup site design depends on your goal for disaster recovery. In most cases, Domino clustering across a wide area network (WAN) works well to provide disaster recovery. We recommend this solution, especially when switching all users to the remote server without any reconfiguration. However, there are several factors to consider, as outlined in Table 2-11.
Table 2-11 Points Required network bandwidth Consideration points for Domino clustering across a WAN Explanation Domino clustering replicates updated data within a few seconds. This requires a lot of network traffic between the cluster servers. In this case, you can alternatively use schedule-based replication and it will reduce network traffic. An IBM guideline for supporting clustered Domino mail servers across a WAN is that one T1 will handle 1,000 registered users. Other than replication traffic, you must consider the end user's direct access in case you allow failover or load balancing. Even though the Domino cluster works well to redirect users to the backup server, you need to consider server agents, tasks, and so on that are not supported in the Domino cluster. Domino cluster is not designed primarily for disaster recovery. If you want to make users access backup servers only at the time of disaster, configure in this manner. For example, restrict users using the NOTES.INI file Server_Restricted=2 parameter and remove it at the time of the disaster. Features that are not supported in Domino cluster Accessed when it is not a disaster solution Note: We recommend reviewing the technote "Can clustering function properly across a WAN?" available at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21085536 Figure 2-5 on page 38 shows a typical usage of Domino clustering as a disaster recovery solution. In this case, three servers are in the same cluster group. Data Center A is the primary location to provide service, and Data Center B is a backup site in the case of disaster. Server A is a primary server and the home server for all users. Server B works as a standby of Server A in case of failure and users are automatically transferred to Server B as a Domino clustering feature in case they cannot use Server A. Server C is running as a member of the cluster, but is restricted until the administrator allows users to access the server. At the time of disaster, the administrator will remove the restriction setting and allow users to access it. Chapter 2. Preparing for your upgrade 37 Server A,B and C are in the same cluster group Server B Server C
DB Data Center A Data Center B Server A
Figure 2-5 Sample scenario for disaster recovery using Domino cluster 2.4.2 System design for the new environment
If you plan to add new servers during the upgrade process to Domino 7, you need to create a usage design for them. When creating a Domino 7 environment with new server hardware, design the system before you start transition planning. The new server configuration must be similar to the current servers. Consider the following general tasks: Naming of the server and detailed naming convention if you have one Security configuration Messaging and replication topology Web site configuration if it is a Web server Other detailed configuration for the Server document, Server Configuration document, NOTES.INI file, and so on 2.4.3 System management for the new environment
Before upgrading your server to Domino 7, you must consider system management in the new environment. Include system management in the planning process, and create a minimum test plan for the preparation phase. The basic design of the system management for the new environment should be the same as the current one, but we recommend reviewing your entire system management policy at the time of the upgrade. Table 2-12 lists the typical issues that you should consider when planning system management for Domino 7.
Table 2-12 Check points for system administration Detailed explanation Schedule for maintenance tasks, server agents, and backups. Timing is crucial, and we recommend that you do not perform backup and other maintenance tasks at the same time. Periodic restart. Periodic restart makes the server run reliably. Based on our experience, we recommend loading compact and updall tasks to your Domino Directory offline after you stop the server. Check points Server schedule 38 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Check points Server monitoring Detailed explanation Monitoring server health (running status, performance, available resources, and so on) and security. Consider using Domino domain monitoring. Server fault recovery Set up and configure for server failure (fault recovery, cleanup script, NSD settings, console logging, and so on). Consider using automatic diagnostic data collection. User and group administration Basic operation for registering users, changing names, changing departments, deletions, group administration, and recertification. Infrastructure for AdminP (topology for ADMIN4.NSF, database ACL, and so on). Administration of mixed environment for Domino 6 and 7. New user administration planning if you change the client type. Make Desktop and client management sure that the policy works in the new environment. If you use explicit policies, you have to categorize users into several groups. Consider the mail policy. Consider the new mail and calendar functionality. Database management Policies for designing and deploying database and templates. A server upgrade is a good time to standardize your database design or access control list (ACL). Maintaining database catalog. Parameters, configurations Check your parameters and server configuration. 2.5 Transition planning
Now that you understand the components of an upgrade, the planning phase can be separated into two parts: 1. Developing an upgrade policy 2. Developing transition plans for servers, clients, and applications When you have finished developing your upgrade policy, you can design a detailed transition plan for servers, clients, and applications. In this section, we illustrate how to develop a transition plan. 2.5.1 Transition planning for Domino servers
Transition planning for Domino servers requires several considerations, including the following main components: Create a detailed schedule for upgrading the server: Build a weekly, and if needed, daily schedule. - Build a detailed timetable and procedure manual for each upgrade operation. Consider interoperability and coexistence. Create a detailed plan for rollback in case it is needed. Chapter 2. Preparing for your upgrade 39 Additionally, you must consider additional steps if you are making improvements to your infrastructure, such as server consolidation. Interoperability and coexistence
Coexistence means there will be some period of time during which Domino 7 runs in the same domain with previous server releases. If you will have a coexistence scenario, you need to verify interoperability prior to the upgrade. Note: If your domain is running earlier Domino releases, you must consider issues with prior server versions. Although this paper does not cover Domino 4 issues, review the IBM Redbook Upgrading to Lotus Notes and Domino 6, SG24-6889, for additional information:
http://www.redbooks.ibm.com/abstracts/SG246889.html Table 2-13 outlines factors to consider when planning for coexistence.
Table 2-13 Preparation for coexistence Explanation You need to decide if you will upgrade the Domino Directory on all of your servers in the domain or not. If you do not want to use the template (NTF) of the Domino 7 Domino Directory design on the earlier release servers, you have to configure your Domino Directory's ACL before you start upgrading. For a detailed explanation, review 3.4.1, "Controlling and managing your Domino Directory design" on page 93. If you are modifying your Domino Directory template, you must consider the directory upgrade issue. As we demonstrate in later chapters, managing system templates in a mixed environment should be done with care, and there are several ways of managing this issue. During an upgrade project, there are several coexistence scenarios for a user environment. Some users' home servers will run Domino 6 and others Domino 7. Some users will run the Notes 6 client and others Notes 7. If your mixed environment continues for a long period of time, you need devise a plan for moving or recertifying users. The Notes/Domino messaging infrastructure works well with mixed release Notes templates. You should encounter no problems exchanging e-mail messages between Notes 6 users and Notes 7 users if you follow the basic upgrade flow we define later. If you have multiple client releases, you need to at least test mission-critical applications and modify them if necessary. For a detailed explanation, refer to 2.5.3, "Transition planning for applications" on page 48. Points for coexistence Design of Domino Directory Design of system templates User administration Design of mail template Design of each applications Understanding these issues and preparing for coexistence is very important before you create an upgrade schedule. Building schedule
Table 2-14 on page 41 defines the steps to build an upgrade schedule. 40 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 2-14 Steps Upgrade steps for Domino servers (clients and applications) Explanation You can access and control all of your Domino R5/6/7 servers from Domino Administrator 7. You can choose to upgrade your Domino Directory before upgrading your Domino servers. Relevance to the project schedule The administrator will usually do this operation before upgrading the first server or Domino Directory. You need to perform testing before upgrading the Domino Directory. 1. Upgrade the Domino Administrator client. 2. Upgrade the Domino Directory. 3. Upgrade the administration server. Upgrading the administration server of You need to perform testing to prepare your Domino Directory allows the server for coexistence. to process all types of AdminP requests from your domain. If your administration server is installed as a partition server, you might also need to upgrade other servers at the same time. Upgrading the administration server is the first upgrade operation for the production server, so document the process in detail. Upgrading hub servers gives the domain less influence than upgrading spoke servers, because few users directly access these servers. Depending on the number of hub servers, it might take several weekends and nights to complete this operation. You can also do this operation during the week, but this might cause message delivery or replication delays. It really depends on the number of servers you have. Usually, it takes whole weekends to do this operation for servers in one region. We recommend that you separate this operation a few times for easier rollback in case of problems. 4. Upgrade the hub servers. 5. Upgrade the spoke servers. Upgrade all the servers including mail, application, and Web servers. We generally recommend that you upgrade the mail server the first, application server the next, and Web server last. In many cases, multiple programs run on the application and Web servers, so starting with the mail servers ensures a smooth upgrade. Upgrade the client to Notes 7, or if wanted, change the client entirely (for example, migrate to Domino Web Access 7). Start to use new Domino 7 features. Perform this operation after your upgrade operation is complete. 6. Upgrade the clients. This is a time-consuming operation, so you must plan accordingly. 7. Start applying new features. This depends on the type of features you want to use. To create a detailed schedule, you must consider the following issues: How many days successfully running the first server do you require before upgrading the second server? We recommend at least one week, because server administration is based on a weekly cycle. How many locations do you have in your domain? How many servers do you have in each location? Chapter 2. Preparing for your upgrade 41 Create a detailed flow and timetable for the operation
After you have created the upgrade the schedule, you must create a detailed procedure manual and timetable. Usually, this operation differs slightly with each server. For example, the operations might vary between "upgrading Domino Directory," "upgrading administration server," "upgrading hub server," "upgrading mail server," and "upgrading application server." However, the basic operations are similar, so you can reuse most of the schedule. To create a procedure manual, refer to Chapter 3, "Upgrading the Domino server" on page 63 for a checklist to create a time schedule. Figure 2-6 is a small example of the timetable. In this chart, we added the name of the person responsible for each task. In an upgrade project, you will often cooperate with another organization to complete the process, so it is important to document who or which organization will be responsible for each operation. We added a rollback plan as an example, which is advisable depending on the time allowed for your upgrade project.
# 1 2 3 4 5 6 7 8 9 Upgrade Tasks Who Check Check if you are ready to upgrade. Jean-Noel Drop all sessions, cleanup and stop the server Tina Make a system backup and full backup for all database Yuhsuke Install Domino 7 Yuhsuke Delete or replace templates, edit notes.ini Yuhsuke Start server and maintain databases (and lunch) Tina Configure Domino and operating system Jean-Noel Test the server All Announce users finish the operation John ROLLBACK judgement Check mail.box, admin4.nsf and stop the server Uninstall and reinstall the old Domino Restore all database Modify notes.ini, convert design, put templates Announce users finish the operation John Tina Yuhsuke Yuhsuke Yuhsuke John 9 10 11 12 13 14 15 16 17 18 19 20 21 1 2 3 4 5 Figure 2-6 Brief example of timetable Tip: Also refer to 3.5.2, "Server upgrade checklist" on page 118 for a list of specific tasks to include in the project plan. Create a rollback plan
A rollback plan might not be necessary, because Domino 7 has proven stable in production usage and uses the same proven on-disk structure (ODS) and view indexes as Domino 6. However, we recommend creating a rollback plan to mitigate risk. There are several components to upgrade to Domino 7, including Domino Directory, servers, clients, and templates, and Table 2-15 describes each component as part of a rollback plan.
Table 2-15 Basic idea for rollback plans Explanation Typically, you do not need to consider a rollback plan for Domino Directory, because it works well with Domino R5/6 servers. If you have trouble with a particular server, attempt to convert to the old design of Domino Directory and configure the server not to replicate design elements. Upgrading your server means not only upgrading the software module, but sometimes also the ODS and view indexes of all Domino databases when upgrading from Domino 5. Therefore, the administrator should create a rollback plan for degrading the server module and recovering the database configuration to the previous release. Rollback point Domino Directory Domino server 42 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Rollback point Notes client Explanation We do not recommend a rollback of the Notes client after upgrading all the clients. To avoid problems running your existing applications in Notes 7, you should have a testing phase for critical applications and an early adoption program for clients in a production environment. We do not recommend a rollback after you upgrade the mail template. Test the implementation of the new design template during an early adoption program. Mail template On the day of the upgrade operation, send an announcement to users that the service is temporarily unavailable and provide an unavailability schedule. The administrator must finish the upgrade operation by the end of the unavailable schedule, and you should plan for a rollback operation in case the upgrade operation is not completed according to schedule. Here are several points to consider for the server rollback plan: Server modules If you perform system backup before the upgrade operation, you can restore the system using this backup. If you do not have a system backup, uninstall the new Domino 7 and reinstall the previous release. Note that upgrading the server automatically changes some of the NOTES.INI variables, so it is important to replace the original NOTES.INI after the rollback. Back up at least the LOG.NSF file and all the other log files to analyze the cause of the upgrade failure, and back up mail.box in case there are some undelivered mails. Database If you upgrade from Domino 6 to Domino 7, there is no need to perform any maintenance tasks on the Domino databases. However, if you are upgrading from Domino R5 to Domino 7, you might already have updall and compact tasks running on all your databases during the upgrade operation. In that case, you must make the database work with R5. Because Domino R5 does not read ODS 43, the following order is very important: a. Issue compact R to all the databases from the Domino 7 console. b. Downgrade the server module. c. Run updall R on all the databases. It is also possible to use the latest database backup, if the users have not started to use the Domino 7 server. This is an appropriate way to roll back, but you have to be sure that all the new data, including new mails, is not stored in the current Domino 7 server. Tip: The most common timing for rollback is in the middle of an upgrade operation. In the case of a required rollback, you can still use data from a backup. The success of a rollback also assumes that the backup data is current, and that your servers have not accepted new data since the last backup. Timetable You must allow time for the updall and compact operations and finish these tasks prior to the announced deadline. Make sure that you allow time in the schedule to validate that these operations were successful. 2.5.2 Transition planning for clients
If you plan to upgrade your client or change the type of your client, you need to include this in the transition planning. You must decide which client to use and check the supported Chapter 2. Preparing for your upgrade 43 hardware and software for that client, using the information provided in "Client choice" on page 30, "Client software" on page 22, and "Hardware requirements for clients" on page 25. In this transition planning phase, consider the following issues: How to upgrade or migrate the clients How to configure the clients How to upgrade the mail templates Create a detailed schedule for your client upgrade Figure 2-7 provides an overview of the workflow for the client upgrade process, while Chapter 5, "Client upgrade considerations and best practices" on page 169 provides additional details. Note the additional considerations if you are changing to a new client. Notes client? No DWA? No POP3/IMAP? No DAMO? Yes
How to upgrade your clients Yes
DWA Considerations Yes
POP3/IMAP Considerations Yes
DAMO Considerations How to configure your clients User name and password Client configuration Offline access (Domino Offline Services) Encryption Etc... How to upgrade mail templates Create a schedule
DAMO = Domino Access for Microsoft Outlook DWA = Domino Web Access Figure 2-7 Basic flow for transition planning How to upgrade the clients
Notes 7 offers two options for upgrading your Notes client: Smart Upgrade Upgrade by e-mail Having your users upgrade their Notes client manually is another option, but we do not recommend this approach unless you are certain all clients have enough disk space to install the client and enough network bandwidth to download an upgrade module. We recommend at least 275 MB of disk space to install the Notes client, though you should allow additional space for decompression. 44 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Smart Upgrade is generally preferable to upgrading by e-mail because you can control the timing and target users with ease. However, Notes 6 is required to perform a Smart Upgrade, so if you are running Notes 5, you should use the e-mail or manual upgrade option. Tip: Smart Upgrade forces each client to download nearly 150 MB to upgrade. If your environment does not have enough network bandwidth, you must prepare for it. Possible solutions are dividing Smart Upgrade servers or having several stages. The Smart Upgrade server is defined in the server configuration. Each user will use the server that is defined in the Server Configuration document of the person's home server. This means that you can divide users' access if you have more than one mail server. Figure 2-8 shows an example. Location A Location B Server Config Doc Smart Upgrade Smart Upgrade Server Config Doc Figure 2-8 Smart Upgrade example You can also control the starting timing using explicit policies and have several stages to the Smart Upgrade. If your location does not have a Domino server but does have a file server, you can also distribute your upgrade module on a shared network drive. You can configure it within the Smart Upgrade Kit. For more details, see 5.2.3, "Smart Upgrade" on page 179. If you are changing your mail client during the upgrade process, you need to include a transition plan for migrating to the new mail system. Consider the following points: How do you configure the initial setting for your new client? - Server address, URL, and so on - User name and initial password When do you switch to the new clients? How do you migrate previously saved messages into the new mail system? How do you migrate your personal address book? If you will be using Domino Web Access as your mail client, you must configure some initial settings in the Domino Web Access server. Consider the following settings: Default Welcome page Default mail sending format (text or HTML) Chapter 2. Preparing for your upgrade 45 E-mail encryption Domino Offline Services and archive How to configure the clients
The upgrade from Notes 6 to Notes 7 does not require any reconfiguration of your bookmarks, address book, or workspace. However, if you want to make changes to the client environment, applying a policy document is a good solution. If you use Smart Upgrade, you can include a desktop policy to distribute customized client configurations. If you are upgrading from Notes 5 to Notes 7, your current configuration will work in the new client. However, because policies were not available in Notes 5, we recommend that you consider using policies for your Domino domain. You can make use of both organizational and explicit policies by categorizing your user group from the perspective of desktop management. If your current organizational structure is not categorized, you can create explicit policies. How to upgrade the mail templates
Perform the mail template upgrade after upgrading your client to Notes 7. Consider the following issues: What mail template will you use for Notes 7? How and when will you upgrade your mail templates? If you are currently using the standard Notes 6 or Notes 5 template, we recommend upgrading your mail template to Notes 7 when you upgrade your Notes client. However, if you are using a customized template, you have three choices depending on your environment, as documented in Table 2-16.
Table 2-16 Option Continuously use the same template Implement the standard Notes 7 mail template Choices for a customized Notes mail template when you upgrade into 7 Explanation You do not need to upgrade each user's template in this case. We recommend this option, because the standard template has been thoroughly tested and is supported. You can modify the original Lotus Notes 7 mail template if necessary, but you must test the customized template in Notes 7 and also test migration your current template to the new template. Create your own template based on Notes 7 design Note: We do not recommend making too many changes to the standard mail template. Review the technote about mail template modification, "Modifications to Notes System Templates" at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27003134 After you decide which template to use, consider how you will upgrade your mail template, using either of these schemes: Upgrade the design of each mail file after each client is upgraded to Notes 7. This functionality was introduced in Domino 6. 46 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Upgrade the design of all mail files after all clients are upgraded to Notes 7. Figure 2-9 shows the difference between using the load convert command to upgrade the mail template and seamless mail upgrade.
Case 1: Load convert Load Convert time
Notes7/mail6.ntf User A User B User C Notes6/mail6.ntf Notes6/mail6.ntf Notes7/mail7.ntf Notes7/mail7.ntf Notes7/mail7.ntf Notes6/mail6.ntf Case 2: seamless mail upgrade time
Notes7/mail7.ntf Notes7/mail7.ntf Notes7/mail7.ntf User A User B User C
Figure 2-9 Notes6/mail6.ntf Notes6/mail6.ntf Notes6/mail6.ntf Load convert versus seamless mail upgrade You also need to convert your template if you plan to change your mail client to Domino Web Access, Domino Access for Microsoft Outlook, or IMAP. In this case, use the load convert task on the server. Note: If that your organization allows users to replicate their mail database, you must expect some level of replication performance impact performance and increased network traffic due to the replication of new design elements. As an alternative, some organizations choose to provide users with the new mail template on their local machine, and let them convert it at their local workstation prior to a server-side conversion. Create a detailed schedule
Finally, you will create a detailed schedule for upgrading clients, considering the following points: Have an early adoption program for clients, for these reasons: You can confirm that Smart Upgrade works. - You can confirm that the mixed-environment for mail template work. - You can confirm if that mission-critical applications work with Notes 7. We recommend allowing a month or more to complete the early adoption program. Distribute network load for Smart Upgrade. Chapter 2. Preparing for your upgrade 47 2.5.3 Transition planning for applications
While our experience demonstrates that most Domino 5 or Domino 6 applications run successfully in Notes 7 without any modifications, we recommend testing your current applications before upgrading to Domino 7. You must include the following tasks in your transition planning: Set guidelines for testing and modifying your applications in the new environment: Understand each application and how critical it is. - Understand how you should test the application. Create a basic schedule for testing and modifying. Application testing should generally be performed by the application owners and developers. Quick review of upgrade application
Table 2-17 outlines our recommendations for upgrading your applications, based on our experience.
Table 2-17 Steps 1. Collect the database information and identify all Domino databases. 2. Prioritize the applications. 3. Check for any known incompatibilities. Example of upgrading an application Explanation Generally, you can use the Catalog database (CATALOG.NSF) to accomplish this. Prioritize the applications and categorize them into several groups. Check Lotus Domino 7 Designer Help and IBM Technotes for the latest incompatibility information. Usually the @version command and NotesBuildversion property work well for handling incompatibilities across releases. Test the application based on its priority. Modify the application if you find any incompatibilities. Verify that the modifications have not created problems. Educate users again if the modification have some impact on users. This phase will be usually skipped. Change the database according to the schedule. We recommended documenting your upgrade process for use by other organizations who will be upgrading. This phase can be skipped. 4. Decide how you will handle any incompatibilities in your domain. 5. Test the application. 6. Modify the application. 7. Test applications again. 8. Educate users again. 9. Change the database on production server. 10. Make a note for the future migration. Prioritize your applications
Depending on the number of applications in your current environment, you might not be able to test all of them. We recommend categorizing your applications into several groups and prioritizing to create a test schedule. Table 2-18 on page 49 shows a typical example of application categorization. 48 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 2-18 Category Priority A Priority B Priority C Example of application categorization Explanation Mission-critical applications or public applications available on the Internet. These must be tested before upgrading. Applications that have complicated logic and will be heavily used in Domino 7. Should be tested after group A. Applications based on standard Lotus templates, less important databases, or those including few or no scripts. These do not require testing, or can be minimally tested. The best way to identify and categorize the applications in your domain is to use the database catalog. The CATALOG.NSF file contains information about each database, outlined in Table 2-19. Note that you can create a private view in the CATALOG.NSF file to prioritize your Domino databases.
Table 2-19 Information Database name Database server Useful information in CATALOG.NSF Domino field Title Server Explanation The title of the database. This is important if you want to categorize your database by servers. You can know how this database is in action. If you create a template standard in your environment, you can test and modify every template, but not every database. This shows how frequently users access this database, enabling you to prioritize the databases. Database last modified DBModifiedDate Template to inherit design from DbInheritTemplateName Database activity summary DbActSummDisp Figure 2-11 on page 51 shows an example of a customized private view in the Catalog database. In this example, we display the name of the servers, templates, titles, monthly read and write numbers, and last database modified date with the column sort option. Here is a quick guide to how we created this private view, which you can customize for your own purposes: 1. Open CATALOG.NSF in Domino Designer. 2. Move to the Views area and click New View to create an application census private view. 3. In the Create View dialog box, set any appropriate name for View name (for example, Application census), select Private for the View type, and remove "& !(DBListInCatalog = "0")" from the Selection conditions. Chapter 2. Preparing for your upgrade 49 Figure 2-10 Create a private view Tip: By default, the database catalog does not show all the databases in your domain. This is because there is a flag in each database property, "List in Database Catalog." Removing the line "& !(DBListInCatalog = "0")" enables you to capture all the database information in your domain. 4. Delete the first column that shows the database title. 5. Click the ReplicaID column, set the field DBInheritTemplateName and change the column title to Template. 6. Click the File Name column, set the formula Title+" ("+Pathname+")" and change the column title to Template. 7. Click the next column, set the formula DBActSummDisp, and change the column title If necessary (in this example, MR = Monthly Read). Tip: The database activity is in the DBActSummDisp field. If you want to capture other statistical information, change the last number in the brackets. You can use the format of DBActSummDisp[N] in Notes 6, or @Subset(@Subset(DBActSummDisp;N);-1) in Notes 5. In this example, we use 8 and 9 to display the monthly activity: 1: Number of uses in previous 24 hours 2: Number of reads in previous 24 hours 3: Number of writes in previous 24 hours 4: Number of uses in previous week 5: Number of reads in previous week 6: Number of writes in previous week 7: Number of uses in previous month 8: Number of reads in previous month 9: Number of writes in previous month 10: Number of days in reporting period 11: Number of uses in reporting period 12: Number of reads in reporting period 13: Number of writes in reporting period 50 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 8. Click the next column, set the formula DBActSummDisp, and change the column title If necessary (in this example, MW= Monthly Write). 9. Add a new column, set the field DBModifiedDate, and change the column title if necessary. 10.Adjust the size of each column and set the sort option for each column header. In this example, we captured the template name because you do not need to test all of the databases if they are using the same template. See Figure 2-11. Figure 2-11 Example of making your own application census private view Test and modify your applications
Prior to the testing your applications, check the documented differences between Domino 7 and previous releases. Lotus Domino 7 Designer Help provides this information. In the "What's new in Domino Designer 7" topic, a document titled "Programing" outlines these differences. This documentation is also available at:
http://www.lotus.com/ldd/doc/domino_notes/7.0/help7_designer.nsf/b3266a3c17f9bb7085256b8 70069c0a9/9f553d9eb0e5968f8525704a003f1e01 There are several ways to find incompatible functions in your Domino databases. You can use the Domino Designer function, Design Synopsis, to output your database information to a searchable document. Third-party tools are also available to accomplish this. When you find an incompatible module in your database, you must modify it to work in Domino 5, 6, and 7 for the mixed environment period. Follow this method to modify incompatible modules: 1. Identify common logic that will work with both the earlier and latest releases. Chapter 2. Preparing for your upgrade 51 2. If the first step is not possible, identify the release number (for example, the @version command or NotesBuildVersion property in LotusScript) and divide the logic or design elements. For detailed information about the @version command is documented in Domino Designer Help. Table 2-20 outlines the version numbers used by Notes/Domino.
Table 2-20 Version number and Notes/Domino release Notes/Domino release Release 4.6 Release 5.0 Releases 6.0 and 6.0.1 Release 6.0.2 Releases 6.0.3 and 6.5 Release 7.0 Version number 147 166 190 191 194 256 Tip: An example of the best practice for handling multiple releases of clients is exemplified by Domino Directory. Even though Notes 4 clients cannot render tabbed tables, our Domino Directory template team used the @version command to make the Domino Directory accessible by multiple releases of clients. It is generally a best practice to modify your applications in earlier releases of Domino Designer. However, based on our experience, you might need to modify in a later release if you cannot save the modified design element when you add a new function in your application logic. Tip: Review the technote explaining the $DesignerVersion flag for each design, "What Is the $DesignerVersion Flag Meant For?" at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21094045 When testing your applications, it is critical to know where the code is running because it can run on the server or the client. Table 2-21 shows where various types of code run and outlines points to test.
Table 2-21 Place Server The effect of upgrading servers and clients Types of code and typical points for testing Server agents: - Schedule based - Triggered by new mails Triggered by documents Web applications: - Web agents - HTML generating for forms, views, and pages 52 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Place Client Types of code and typical points for testing Form: - Table rendering Prints - Actions - Event handlings View: - Rendering Actions Navigators Because the Domino server upgrade affects Web applications and some of your server agents, all the testing and modification for critical Web applications and server agents must be finished prior to the server upgrade. Chapter 2. Preparing for your upgrade 53 Tip: By default, the amgr task writes out a statistical report of its activity at 12 a.m. If this report shows any agents running on the server, you need to test these agents. You can check this report in the LOG.NSF file.
12/13/2005 12:00:08 AM AMgr: Logging daily statistics for Admin03 ITSO/Users/IBM 12/13/2005 12:00:08 AM Total scheduled runs: 23 12/13/2005 12:00:08 AM Total event triggered runs: 0 Total errors: 0 12/13/2005 12:00:08 AM Total access denials: 0 12/13/2005 12:00:08 AM Total agent elapsed run time (seconds) 0 12/13/2005 12:00:08 AM 12/13/2005 12:00:08 AM AMgr: Total daily statistics 12/13/2005 12:00:08 AM Total scheduled runs performed: 24 12/13/2005 12:00:08 AM Total event triggered runs: 0 12/13/2005 12:00:08 AM Total unsuccessful runs: 0 12/13/2005 12:00:08 AM Total access denied runs: 0 You can also get further information from the Domino Console using the tell amgr status command:
12/13/2005 01:04:32 PM AMgr: Status report at '12/13/2005 01:04:32 PM' 12/13/2005 01:04:32 PM Agent Manager has been running since '12/08/2005 01:52:39 PM' 12/13/2005 01:04:32 PM There are currently '1' Agent Executives running There are currently '1' agents in the 12/13/2005 01:04:32 PM Scheduled Task Queue There are currently '0' agents in the Eligible Queue There are currently 12/13/2005 01:04:32 PM '0' databases containing agents 12/13/2005 01:04:32 PM triggered by new mail There are currently '0' agents in the New Mail Event Queue There are currently '0' databases 12/13/2005 01:04:32 PM containing agents 12/13/2005 01:04:32 PM triggered by document updates 12/13/2005 01:04:32 PM There are currently '0' agents in the Document Update Event Queue 12/13/2005 01:04:32 PM AMgr: Current control parameters in effect: 12/13/2005 01:04:32 PM AMgr: Daily agent cache refresh is performed at '12:00:00 AM' 12/13/2005 01:04:32 PM AMgr: Currently in Daytime period 12/13/2005 01:04:32 PM AMgr: The maximum number of concurrently '1' 12/13/2005 01:04:32 PM AMgr: The maximum number of minutes a LotusScript/Java agent is allowed to run is '10' 12/13/2005 01:04:32 PM AMgr: Executive '1', total agent runs: 86 12/13/2005 01:04:32 PM AMgr: Executive '1', total elapsed run time: 0 executing agents is In case you do not know the exact database that has the server agent, it is a good idea to use the tell amgr schedule console command. Note that this command will return the list of queued agents and does not return the agent that has already run on that day:
12/13/2005 01:07:16 PM Remote console command issued by Admin03 ITSO/Users/IBM: tell amgr schedule S S 01:14 PM Today Schedule print agent.nsf Testing upgrade compatibility requires testing your code, formula language, LotusScript language, Java/CORBA, and so on. However, if rendering or printing results are important for you, we also recommended testing in that area, because our experience shows there are some differences in this area between major releases. After you have completed all the testing, confirm that the new design works with the Notes 5, Notes 6, and Notes 7 clients. Then, apply the new design in the production environment prior to the upgrade. 54 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Create a schedule for testing
Your application test schedule depends on the schedule for upgrading servers and clients, as well as the priority of your applications. Figure 2-12 shows an example of an application testing schedule. In this example, the administrator prioritizes the applications into three groups, each of which has a test and modification phase. You must finish critical application testing for server agents and Web functions, and any modifications, prior to upgrading your application server to Domino 7. Note that "Client Upgrade" in this diagram means the start of a mixed-release client.
App Server Upgrade Client Upgrade time
Transition Planning Priority A Test and Modification Server Agent Web Application
Test and Modification Server Agent Web Application Prioritize, Test and modify Other Notes design Other Notes design Priority B Priority C Modify if needed Figure 2-12 Brief example of schedule 2.6 Preparation for a successful upgrade
There are a few more factors to consider before completing the upgrade process, and in this section, we discuss issues such as maintaining databases, troubleshooting, checking the Domino Directory, and deleting unused databases. Maintain databases
You might encounter some errors or failures when you upgrade your environment to Domino 7, and it is important to identify whether or not the upgrade operation is the source of those errors. Maintaining all your databases is crucial in preparing for unexpected error messages during the upgrade operation. Upgrading from Domino 6 to Domino 7 does not require running the updall or compact tasks, because the ODS and index structures are the same. However, running fixup and updall R against all of your databases prior to the upgrade helps ensure your databases' integrity and reduces the chance of unexpected messages during upgrade. Note that updall R rebuilds the database indexes. Chapter 2. Preparing for your upgrade 55 Tip: We recommend performing these operations during off-peak hours, because they can be time-consuming. The compact c task is a good way to make the Domino databases clean and stable and can often recover nearly corrupted databases. However, this operation changes the database instance ID (DBIID) of the database and you must be careful when using transaction logging. Create an environment that is easy to troubleshoot
Collecting detailed information before and after the upgrade operation will help you identify whether unknown messages encountered during the upgrade result from the upgrade process and enable you to more easily debug these issues. The salient information to collect differs depending on the type of servers. Consider the following typical components you should collect, while you also trace messaging, replication, and other Domino operations if necessary: Logging agent activity This is important for tracing agent activity when something does not work in the new environment. Use the NOTES.INI parameter Log_AgentManager=1. Detailed information is available in Lotus Domino 7 Administrator Help. Logging indexing activity This is important if you have experienced indexing troubles in the past. The indexing operation has a significant impact on performance and you can trace the activities. Use the NOTES.INI parameter Log_Update=2. Detailed information is available in Lotus Domino 7 Administrator Help. Logging console information If you are running Domino 6, use the NOTES.INI parameter Console_Log_Enabled=1. This parameter writes console logging information to the file console.log file in the folder IBM_TECHNICAL_SUPPORT in the Domino data directory. If you are running Domino 5, you can use the NOTES.INI parameter debug_outfile=<file name> or use file the UNIX file redirection process. Note: For additional information, review the technote "Should DEBUG_OUTFILE Be Used on a Domino 6.x Server?" at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21181562 Running Notes System Diagnostics (NSD) for server fault If you are running Domino 6, select the Run NSD To Collect Diagnotic Information option in the Server Configuration document. NSD output provides the IBM support team with information to analyze the source of a crash. 56 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Tips: Although there are advantages and disadvantages of using Debug_ThreadID by default, it is a useful parameter for tracing Domino activities because the Domino server works as a multithreaded model. This parameter enables you to see each process ID and thread ID in each line at the server console. NSD output is very useful for debugging the server status as a snapshot and includes thread information, but Debug_ThreadID will better help you understand how the server thread works from the output to the console. For addition information, review the technote "How To Interpret Debug_ThreadID Output in Correlation with a NOTES.RIP Generated in a Server Crash" at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21086042 Check the configuration of Domino Directory and NOTES.INI
Domino Directory is the heart of Domino. Therefore, keeping the Domino Directory small is very important for maintaining a stable domain. In our experience, the Domino domain commonly has some unused documents, and the server upgrade is a good time to review the configuration of the Domino Directory and delete any unused documents. The upgrade process is also an opportune time to review your NOTES.INI file. Some of the NOTES.INI parameters will be unavailable in Domino 7, so you should check these parameters. If you find unnecessary parameters, such as unnecessary tasks specified in ServerTasks=, you should delete or reconfigure them. Delete unused databases
When databases are no longer used, they still impact servers and administrators in the following ways: Performance issues (server tasks, backup, and so on) Disk space consumption Difficulty of administration (the need to avoid naming conflicts, and so on) We recommend that you delete any unused databases from the server during the upgrade process, preferably after making a permanent backup. There are several ways to find unused databases and you can use the method we introduced in "Prioritize your applications" on page 48. 2.7 Checklists
In this section, we provide three checklists for upgrading servers, clients, and applications. Checklists before you upgrade servers
You must consider many factors before upgrading your servers to Domino 7. Table 2-22 on page 58 provides a checklist for upgrading Domino servers. Although some steps might not be necessary in your environment, we recommend reviewing the list before upgrading to minimize risk. Chapter 2. Preparing for your upgrade 57 Table 2-22 Checklist for servers To do Check for the prerequisite. 1 Check that you have defined your upgrade goal. Create a brief goal for the upgrade. For example, consider the following objectives: Upgrading the server only Upgrading your client into 7 also Changing your client type Having a fail-over solution Having a disaster recovery solution Adding other improvements, such as transaction logging 2 3 Check that your server platform is supported. Check that your operating system is configured properly. Read the latest Release Notes to determine whether it is supported. You should also look for any required patches. Check the latest Release Notes for its appropriate configuration. For example, if you are working on Linux on x86, refer to the "Domino for Linux on x86 configuration" topic in the Release Notes and configure it as it is written. Check third-party applications, such as antivirus software, system administration, and backup, and whether they are supported in Domino 7. Check the current performance, considering CPU usage, disk I/O and paging. Confirm if you will or will not have additional users after upgrading the server. Upgrade hardware if necessary, and perform sizing if upgrading the hardware. Consider the increase of mail template size, and determine whether the disk size is sufficient. It might be a problem to recognize these limitations after you upgrade the environment. Read them before, and provide these limitations to users if necessary. There are several clients that you can select. The best approach is to use the same client you currently use. Explanation Y/N 4 Check what third-party application tools you currently use and check whether they are supported in Domino 7. Check the performance. 5 6 7 Check the available disk size. Read "Known limitations, problems, and workarounds" in Release Notes before upgrade. Check that you have decided which type of clients to use. 8 Server configuration and system management. 1 2 Check if you have new servers. Define the schedule for each server's daily and weekly operation. Backup operation. Check how to monitor new servers. If you have new servers at the time of the upgrade, you must decide how to configure these servers before the upgrade operation. Define the schedule for server tasks, agents, backup, and periodical restart. Consider how you will backup your database. Consider the schedule, backup software, and so on. You can usually use the same monitoring as you are using now, but check whether it will work in Domino 7 and consider temporary coexistence. 3 4 58 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices To do 5 Check for the user administration. Explanation You can usually use the same way as you are doing now. However, check whether it will work in Domino 7 and consider temporary coexistence. Y/N Domino Web Access, if used. 1 Client hardware. Check the latest Release Notes for hardware requirements. It is best to test the response time from the least powerful client, and because most of the Domino Web Access functionality takes place on the client side, it depends heavily on the client hardware. Check the latest Release Notes for supported Web browsers. It is very important to check the Domino Web Access functionality. It is very difficult to customize Domino Web Access, and although it looks like the Notes client, it is a browser-based application. It might be a problem to recognize these limitations after you upgrade the environment. Read them before, and provide these limitations to users if necessary. With Domino Web Access, it is very important to consider the HTTP topology, including reverse and forward proxy. The response time might be affected if there are some proxies in the HTTP topology. You can reduce network traffic if you use GZIP compression. However, some of the proxies dislike GZIP compression, and we recommend that you check this in the production network environment. Domino Offline Services is a good solution for providing offline access to Web application users. Domino Offline Services works well, especially for Domino Web Access, but we recommend that you check the Release Notes for its known limitations. You should also check whether you use local archiving. You can use either Domino PKI or S/MIME. You can choose a default page of Domino Web Access in the Server Configuration document. If you do nothing before users begin to use it, it shows the default welcome page. We recommend considering this before use. When you send Internet mail, there are two types of messages, plain text, and MIME/HTML. You can select whether to force users to use text or make the format selectable by users. If you have not used an Internet password, you must set the initial password and notify users. 2 3 Check the Web browser. Check Domino Web Access functionality. Read "Known limitations, problems, and workarounds" before the upgrade. Check your production network topology. 4 5 6 Check whether you use GZIP compression. 7 Check your Domino Offline Services. 8 9 Check whether you encrypt your e-mail messages. Decide the default page. 10 Decide the default message type for sending. Decide how you set the initial password for each user. 11 Project management and upgrade operations. 1 Check your project schedule. You must have set a service-in date and decide the sequence to upgrade your domain into 7. Consider Domino Directory, servers, clients, and templates. Decide who will do which operations. Determine when and how you will upgrade. Make sure that you know how to handle a mixed environment. 2 Check how you plan to upgrade the your Domino Directory. Chapter 2. Preparing for your upgrade 59 To do 3 Check whether you have a specific procedure manual and timetable for the server upgrade. Check that you finished all the database cleanup operations. Check that you finished configuring logging information. Check that you have finished considering mixed templates. Check whether your application team had finished its test for upgrading servers. Explanation We recommend that you create a specific procedure manual and timetable for each server upgrade. Do this procedure at least one time in a pilot environment. We recommend that you have a rollback plan. As you can see in "Maintain databases" on page 55, we recommend that you fix up the databases before the upgrade. As you can see in "Create an environment that is easy to troubleshoot" on page 56, we recommend that you create an environment that is easy to debug before upgrading. During an upgrade period, you will have a mixed release environment. The servers share their system templates, and you need to consider this during the upgrade process. All of your application must be ready for Domino 7 server before upgrading. This usually means that you test all your Web applications and server agents. Y/N 4 5 6 7 Checklists before you upgrade clients
Table 2-23 outlines a checklist to use prior to the server upgrade operation. If you are not planning to upgrade your client, or migrate to another type of client, you do not need to use the checklist in this table.
Table 2-23 Checklist for clients To do 1 Check whether your client platform is supported. Decide how you will upgrade your clients. Check how you will use Smart Upgrade (if applicable). Finish testing for Smart Upgrade. Check that you have a standard for desktop configuration and how you will configure it. Check that you defined how to use policies. Check which mail template to use in the Notes 7 environment. Explanation Read Release Notes to determine if it is supported. You must also check whether it is supported for Domino Designer and Domino Administrator. Decide whether to use Smart Upgrade or not. Note that using Smart Upgrade requires at least Notes 6 for your current client. You must consider which server should be a Smart Upgrade server, whether to divide the server, and how you will implement policies for client users. Create a test to upgrade your client using Smart Upgrade. Create a desktop standard for each user if necessary. Y/N 2 3 4 5 6 Organization or explicit policies. Decide how you apply those policies for each user. Create policy documents. We recommend that you use the standard Notes 7 mail template. If you will not use the standard template, make sure that you finish all template testing in Notes 7, including testing for a mixed environment. We recommend that you use a policy or run a convert task on the server. Decide how you will upgrade the mail template, and finish the testing for upgrading them. Create a detailed schedule for upgrading all of your clients. Note that this schedule depends on application testing and modification. 7 8 Decide how you upgrade your mail template. Check that your schedule for upgrading clients is defined. 9 60 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices To do 10 Check that all the application have finished testing and modification before the first day of upgrading Notes client into 7. Explanation You must finish all the application testing before upgrading your client to Notes 7. Plan for any coexistence periods during which your application must work with both Notes 7 and your previous release. Y/N Checklists for Domino applications
The upgrade process requires not only server and client operation but also application tests and modifications. The application owner, application developer, or the administrator must test some of the critical applications before you upgrade the environment into Notes/Domino 7. Table 2-24 provides a checklist for applications.
Table 2-24 Checklist for applications Explanation You have to decide which applications to test and modify before upgrading. It is best to test all your applications, but if time does not allow, prioritize the applications to test. You must consider testing for server agents and Web applications. Y/N To do 1 Prioritize applications and determine which should be tested. Check that you have tested all the server-side functions before upgrading your server into Domino 7. Check whether you have tested all the application code and modified it to work with both Notes 7 and the previous release. 2 3 You must check all the application code including forms, views, actions, and so on. 2.8 Other considerations for the upgrade project
In this section, we discuss changing the server platform or consolidating servers, both likely scenarios in a server upgrade. 2.8.1 Server platform choice
While we generally recommend that you maintain the same server platform when performing an upgrade, you might need to change the server platform if your current platforms are not supported in Notes/Domino 7. The supported platform list described in 2.2.1, "Software requirements" on page 20 will help you determine whether a platform change is required. The Domino database structure is usually very flexible, and it is not difficult to move existing databases to the other server platform unless you change the name of Domino server (server.id). You should keep the original file system directory structure when moving Domino databases to a new server platform. Performance is one of the important factors in choosing a platform, but cost and ease of administration are also important issues. For example, as the administrator, you might need to apply fix pack programs for both operating systems and application programs, create performance data, or create shell scripts. It is preferable to have the same platform for your third-party applications because you can use similar shell scripts or monitoring programs. In addition, check the supported platforms for your third-party tools, and take this into consideration when choosing the best platform for Domino 7. Chapter 2. Preparing for your upgrade 61 Note: As a general practice, it is required to issue the updall R command to each database if you move the database by file transfer. Furthermore, our past experience shows that you still have very small chances to get some database corruption unless you move them by replication. (Note that you cannot usually use replication because we prefer to use the same server ID for both the old and new server.) Therefore, we also recommend using fixup v and compact c on the migration day to have less risks in case you have some extra time for the migration operation. 2.8.2 Server consolidation
Consolidating servers is one of the best ways to reduce the total cost of ownership. For some upgrade projects, the main goal of the project is not upgrading itself, but consolidating servers. You should determine whether your Domino servers need consolidating prior to starting the server upgrade project. The technique for consolidating servers during the upgrade project differs for each project, but you should select the solution based on the cost, time period, and risk. To minimize the project risk, we recommend that you consolidate your server at the current release you use, and then upgrade the server to Domino 7. Note: The server consolidation phases are as follows: 1. Create and configure the new Domino 7 server on new hardware. 2. Move all the database files into the new server, ensuring that you do not to duplicate the name of any database files. 3. Change the database configuration (access control list and agent) if necessary. 4. Change the mail server fields of Person documents in Domino Directory. 5. Change the client configuration. You can use either AdminP or a manual reconfiguration to complete the consolidation. If you use AdminP, you have to carefully build the infrastructure for AdminP, including replication topologies and database configurations. You must also consider any Notes 4 clients you are running, because Notes 4 clients cannot reconfigure their local parameters dynamically. Note that application server consolidation is more complex because you must consider access control lists, readers and authors fields, hard-coded server names in the design, each user's workspace icons, and so on. For a test and modification schedule, you can use the transition plan for applications as a guideline. 62 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 3 Chapter 3. Upgrading the Domino server
This chapter discusses best practices commonly used to upgrade your IBM Lotus Domino infrastructure to Domino Release 7. In particular, this chapter focuses on upgrading the Domino server, assuming a straightforward upgrade of the entire environment to Domino 7. Where appropriate, we discuss some high-level considerations for dealing with a temporary phase in which mixed versions of Domino server and clients exist in the environment. Note that Chapter 4, "Coexistence and interoperability in a mixed environment" on page 147 focuses on the more complex issues to take into account when managing a mixed environment. In this chapter, we discuss the following topics: Defining your sequence order Reviewing the new features of Domino 7 Directory upgrade: Why, how, and when Getting started with the preparation and cleaning job Upgrading your servers Special considerations for clustered environments and partitioned servers Domino Web Access: Special considerations Post-upgrade steps Important: In this chapter, we assume that you run a full Domino 6 environment and all of your databases use on-disk structure (ODS) 43, which is the default format from Domino 6. For more information about ODS 43, refer to the IBM Redbook Upgrading to Lotus Notes and Domino 6, SG24-6889:
http://www.redbooks.ibm.com/abstracts/SG246889.html Copyright IBM Corp. 2006. All rights reserved. 63 3.1 Getting organized: Defining the server upgrade stages
Throughout this chapter, we discuss the approach to upgrading the Domino server in several stages. To help clarify these different stages, and how each section of the chapter relates to the overall Domino server upgrade process, we refer frequently to the diagram shown in Figure 3-1. This figure is repeated several times in the chapter, with the outlined box indicating where we are in the overall process. Road map to upgrade your Domino environment
1 2 3 4 Upgrade path Reviewing new features and functions in Domino 7
Reviewing new functions and features - Understanding how and where to configure -How these features can impact design -Reviewing template changes
- Upgrading the Directory Upgrading your server Defining the proper approach to your upgrade
- -Controlling and managing directory replication - Directory upgrade procedure -Managing your template distribution - Create your server upgrade checklist -Clean up your environment - Installation of Domino 7 - Win32 - Linux (Intel) - Post upgrade tasks Figure 3-1 First stage for your upgrade: Defining the upgrade sequence 3.2 Defining the sequence of the upgrade
Upgrading the Domino infrastructure in an organized process is a key factor for a successful upgrade, resulting in the most efficient use of administrative effort. More importantly, this minimizes the potential for disrupting end users. As we discussed in Chapter 2, "Preparing for your upgrade" on page 13, thorough planning and preparation are very important prior to the actual implementation of the upgrade. When planning the upgrade to Domino 7, one of the first and most important considerations is which components of the Domino infrastructure to upgrade first and are there any key dependencies in the upgrade process? The following upgrade sequence has been recommended by IBM Lotus and has been used in the IBM early deployment and during deployment for many early adopter client. The recommended sequence is as follows: 1. Administrator client: This should be the first person accessing a Domino 7 environment using a Domino Administrator 7 client. 64 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 2. Directory upgrade: In this scenario, we upgrade the design of the directory for the whole domain before upgrading any servers in your production environment. However, all the inter operability tests have to be done in a pilot environment. Adding any new changes in a production world without first testing them is a risky approach. 3. First server upgrade. This should be your administration server. It is not mandatory but it follows a logical top-down approach. 4. Hubs servers and directory servers. 5. Mail servers and applications servers. We refer here only to upgrading the Domino code, not to applying new templates for mail or functions for applications. 6. Clients, including the Lotus Domino Designer client. 7. Finally, complete the upgrade process by upgrading the design of your mail databases and any new application functionality. At this stage, you can really start to take the full advantage of your upgraded Domino infrastructure, especially from an application point of view. Note: The sequence defined here is based on the sequence in the IBM Redbook Upgrading to Lotus Notes and Domino 6, SG24-6889. That sequence is still accurate and has proven to work well. This represents an updated version of sequence, with the primary difference being that references to an on-disk-structure (ODS) conversion process have been removed. Upgrading from Domino 6 to Domino 7 does not require an ODS upgrade, thus full-text indexes and view indexes remain based on the same global text retrieval (GTR) engine. This avoids the need to force a full rebuild of your database indexes. In upgrade requirements for previous releases, this was a very time-consuming operation. Chapter 3. Upgrading the Domino server 65 Figure 3-2 illustrates the upgrade sequence we recommend. 1 Upgrade Domino Administrator client 2 Upgrade Domino Directory
Domino Directory 3 Upgrade administration server and remaining system databases 4 Upgrade hub servers and control design and template distribution 5 Upgrade spoke servers mail, application, Web control design, template 6 Upgrade clients 7 Apply new Notes and Domino 7 features
Figure 3-2 Recommended upgrade plan 3.2.1 Why upgrade in this order rather than an alternative one?
The upgrade sequence proposed here is one that we recommend, but is not the only upgrade sequence. Alternatively, you can also consider another sequence, as outlined in 3.2.2, "Alternative upgrade sequences" on page 67. With the recommended approach we outlined in Figure 3-2, we are trying to achieve the following goals: Provide a logical upgrade sequence, which results in a successful upgrade and which follows enterprise best practices,. Use a top-down approach to minimize downtime, service disruption, and end-user frustration. Avoid introducing too many variables at the same time, which can be confusing and make it extremely difficult to properly troubleshoot any issues. 66 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Allow time to assess and train users to use the new features. Train all the administrators involved with the upgrade process, and upgrade their Administrator client first. They can continue to manage the Domino domain with this new client release. 3.2.2 Alternative upgrade sequences
Among the other possibilities available to upgrade your infrastructure, you might want to consider the following approaches. Server code first (on administration server), and then design and remaining servers
In this approach, the goal is to upgrade only one server in your domain (ideally your administration server), without changing the design of your Domino Directory or other key system databases. After the first server has been upgraded and tested as stable, you can deliver the new design for those key system databases and upgrade the remaining servers. The following list summarizes the high-level steps for this approach: 1. Upgrade the server code on your administration server, but be careful to remove all of the Domino 7 templates installed with the server code. (This will prevent an unexpected upgrade of system databases on other servers.) For now, you can keep using the templates from Notes/Domino 6 until you are ready to upgrade the design of key system databases. 2. Manually upgrade the Domino Directory, Administration database, Monitoring Configuration database, and Catalog database, and let them replicate across your domain. 3. Upgrade other hub and spoke servers to Domino 7 code. At this point, due to system database replication, your Domino Directory and key system databases will already be upgraded. 4. Upgrade your client to Notes 7. 5. Upgrade design applications (including mail, Web users, and so on). Upgrade administration server and Domino Directory design together
In this case, instead of separating and isolating each step, you can combine upgrading the administration server code with upgrading the design of the Domino Directory: 1. While upgrading your administration server (or any server that has at least designer rights for the Domino Directory and all other system databases), you can choose to apply the new Domino Directory design when prompted during the first server restart. 2. Allow replication to push the Domino Directory design changes to the others servers. 3. Upgrade the remaining servers to Domino 7. 4. Upgrade the client to Notes 7. 5. Upgrade the mail template and other applications. Chapter 3. Upgrading the Domino server 67 Important: In each of the upgrade sequences previously listed, the upgrade of the client was still listed at the end of the process, after you upgraded your server environment to Domino 7. Keep in mind, however, that there is no technical or hard-coded restriction that does not allow for the Notes client to be upgraded before the servers, or at anytime during the server upgrade process. A Notes 7 client can access a Domino R6 server or a Domino R5 server without trouble. The primary reason for waiting to upgrade the client until the end is to help train end users first on the new functionality available in Notes and Domino 7 and to prevent, or at least minimize, the issues of end users trying to use Notes 7 client functions that are not supported in an earlier release of Domino. In particular, the MAIL7.NTF and DWA7.NTF templates for mail files offer features that can only be taken advantage of when using a Domino 7 server. Retaining earlier design on subset of servers
Finally, you might want to also retain a specific design on a subset of your servers because they might have a specific requirement to continue running on Domino 6 and a Domino Directory 6 design for an extended period of time. This can be especially relevant for servers using third-party tools for which you have not yet been able to verify Domino 7 compatibility. For recommendations about maintaining this type of coexisting environment, refer to Chapter 4, "Coexistence and interoperability in a mixed environment" on page 147, or refer to Chapter 5 in the IBM Redbook Upgrading to Lotus Notes and Domino 6, SG24-6889, to learn how to retain a specific design on your Domino Directory (or any other databases):
http://www.redbooks.ibm.com/abstracts/sg246889.html 3.3 Reviewing new features when upgrading
Prior to beginning the upgrade, we want to highlight the new features of Domino 7. We divide this into several primary functional areas: Domino Directory-related enhancements AdminP enhancements Key template changes 68 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-3 shows stage 2 of the upgrade process. Road map to upgrade your Domino environment
1 2 3 4 Upgrade path Reviewing new features and functions in Domino 7
Reviewing new functions and features - Understanding how and where to configure -How these features can impact design -Reviewing template changes
- Upgrading the Directory Upgrading your server Defining the proper approach to your upgrade
- -Controlling and managing directory replication - Directory upgrade procedure -Managing your template distribution - Create your server upgrade checklist -Clean up your environment - Installation of Domino 7 - Win32 - Linux (Intel) - Post upgrade tasks Figure 3-3 Stage 2: Reviewing and understanding new features and functionality 3.3.1 New features and design considerations for Domino 7: Domino Directory
The Domino 7 Domino Directory introduces several new features, most of which can be controlled directly from the Server document or the Server Configuration document. In the following section, we focus on key areas that can have an impact during your upgrade design. Note: If you are interested only in proceeding with the upgrade and are already familiar with the new features in Domino Directory 7, proceed to 3.4, "Upgrading the Domino Directory" on page 91. Automatic server recovery
A new field in the Server Configuration document has been introduced in the Automatic Server Recovery section called Server Shutdown Timeout. This is in the Server document Basic tab, as shown in Figure 3-4 on page 70. This feature allows a timeout on server shutdown and to eventually force this shutdown if a task takes more time than specified in this field. (Values are in seconds from a range to 1 to 1800 seconds.) Assigning a value equal to 0 or leaving this field empty will disable this control. The timeout starts for each task in sequential order. After a task successfully exits, the timeout is reset to that original value for the next exit process. Therefore, if a task hangs during a shutdown (expected or not) the process will continue to achieve a successful shutdown and server restart.
Chapter 3. Upgrading the Domino server 69 Figure 3-4 Server Shutdown Timeout Fault Analyzer
Fault Analyzer works in conjunction with the automatic diagnostic data collection feature, which has been available since Domino 6.0.1. automatic diagnostic data collection collects information about a client or a server crash into a centralized mail-in database (with a specific design from LDNFR.NTF), which becomes the central and single place for the administrators to get information about crashes. However, administrators had to look manually at several documents, and in many cases, the same occurrence of a single problem was not immediately obvious. To help our administrators, and to automate the debugging operations as much as possible, Fault Analyzer has been introduced into Domino 7 code stream. It is a server task running against the Notes/Domino Fault Reports database when automatic diagnostic data collection stores crash data:
11/25/2005 03:15:55 PM Fault Analyzer started When a new crash information is received, Fault Analyzer is invoked and starts to process the new information to define if this is a new crash or if a match can be done from data about an existing, earlier crash. 70 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices You can configure the Fault Analyzer using the Domino Directory in the Configuration Settings Diagnostics tab, as shown Figure 3-5. Figure 3-5 Fault Analyzer Configuration Settings on Domino Directory Enhanced router/SMTP controls
New functions have been added to give better control to inbound/outbound SMTP controls and to avoid unwanted e-mail. Junk e-mail and spam cause unnecessary traffic in your infrastructure and unnecessary traffic for the SMTP servers. Within Domino 6, you were able to refer external Web sites to get a list of sites or IP addresses well known to be spammers, as well as suspected spammers, including open-relay servers. This function has been widely expanded and improved in Domino 7, where now you can set your own settings to give your more granularity. Indeed, when referring to blacklist Web sites, you were dependent on algorithms used by those sites to determine their own classification. This was not always an accurate method. Note: While this section addresses the new features regarding DNS blacklists and whitelists, we also recommend that you refer to Security Considerations in Notes and Domino 7: Making Great Security Easier to Implement, SG24-7256, for a more detailed examination of these features:
http://www.redbooks.ibm.com/abstracts/sg247256.html Private blacklist
You can now specify either specific IP addresses (or a range of IP addresses) for a bind zone of incoming e-mails that you will not accept. Those addresses or range can be valid for any other company, but not for you. This is why they are not blacklisted in DNSBL sites. DNS blacklists (DNSBLs) are databases that keep a record of Internet SMTP hosts that are known sources of spam or permit third-party, open relaying. Available logging options are: Log only. Log and tag messages (a $DNSDLsite field is added to the note with the value PrivateBlacklist). Log and reject message. Chapter 3. Upgrading the Domino server 71 For this last option, you can define a custom SMTP message that will be sent back to the originator to explain why you have rejected this message (Figure 3-6). Figure 3-6 Delivery failure after PrivateBlackList rejection Keep in mind that most of the time mail headers for SPAM have been truncated and delivery failures do not hit the source. Note: For Example 3-1 on page 72, the IBM Redbook team created a private blacklist regarding incoming mail from google.com and gmail.com. Obviously, the intent was not to present these domains as potential spammers, but instead was merely just for demonstration purposes. We removed this private blacklist immediately after the test.
Example 3-1 Example blacklist 11/27/2005 01:47:20 AM SMTP Server: Remote host 184.108.40.206 (nproxy.gmail.com) found in blacklist at PrivateBlacklist 11/27/2005 01:47:20 AM SMTP Server: Message from 220.127.116.11 (nproxy.gmail.com) rejected by private blacklist filter Private whitelists
Unlike private blacklists, you can use private whitelists to ensure that mail coming from certain ranges or domains will reach your users, regardless of their status on blacklists. Ultimately, an effective whitelist enables you to use a stricter blacklist without the risk of falsely identifying messages as SPAM. You should build your own whitelist carefully because you do not want to create the reverse effect and get deluged with spam by allowing permissive rules. Private whitelists provide a logging option that enables you to track the incoming traffic and take appropriate counteraction if needed. These logging options are: Silently skip blacklist filters. Log only. Log and tag message (a $DNSWLsite field is added to the note with the value PrivateWhitelist). 72 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-7 on page 73 shows a Notes item added when an e-mail meets the PrivateWhitelist condition. Figure 3-7 Notes item added when e-mail meets PrivateWhitelist condition The challenge of building a private whitelist is how to build the list and where to begin. As a starting point, you can check your existing logs to determine the domains most commonly used and rejected from your DNS blacklists. Alternatively or in addition, you can set up a forum where your users can post their own whitelists and then validate with the group the real business need behind each list, for example:
11/27/2005 01:32:38 AM PrivateWhitelist SMTP Server: Remote host web26812.mail.ukl.yahoo.com (18.104.22.168) found in whitelist at DNS whitelists
Domino 6 only provided the features of the DNS blacklist to refer to external Web sites (URLs) that maintain a list of potential or well-known spammers or those servers allowing open SMTP relays. Domino 7 offers DNS whitelist functionality to perform the reverse function and use Web sites that maintain a list of trusted domains. Logging options are: Silently skip blacklist filters. Log only. Log and tag message. The Notes item $DNSWLsite will be added to the document with the name of the server host name and IP address and the name of the site containing this server. These settings can be used in conjunction with server mail rules for a specific action (for example, journaling the message, changing the routing state, or redirecting to a specific database), especially if you only log and tag the message. For more information about how to use these advanced functions, refer to Chapter 6, "Domino administration enhancements" on page 217. You can configure the new settings for the blacklist and whitelist features in the Server Configuration document. Select the Router/SMTP tab Restrictions and Controls SMTP Inbound Controls, as shown in Figure 3-8 on page 74. Chapter 3. Upgrading the Domino server 73 Figure 3-8 New SMTP controls Tip: You can get quick statistics regarding both private whitelists and blacklists by typing the following command at the server console:
sh stat SMTP.Private* SMTP.PrivateBL.TotalHits = 8 SMTP.PrivateWL.TotalHits = 9 2 statistics found These statistics have been collected since the last server startup or task restart. You can also extract SMTP statistics for DNS whitelists by adding the following parameter to the NOTES.INI file for your SMTP server:
SMTPExpandDNSWLStats=1 You can generate extra information about the total number of connecting hosts found on all your DNS whitelists with a breakdown per site by typing the following command at the server console:
sh Stat smtp.DNSWL.* Message disclaimers
Domino 7 introduces the ability to add a disclaimer message to all SMTP outbound messages sent by your Lotus Notes clients to an Internet address. These message disclaimers include comments typically added to the bottom of external messages to inform recipients about certain restrictions (for example, regarding the misuse of contents or a warning that the message might have been badly routed or might contain confidential information that cannot be disclosed under a legal agreement). The message disclaimers can be added either at the client level or by a server that runs SMTP. Normally, all messages sent to your internal Domino domain will not be disclaimed as long as you route those message through Notes remote procedure call (NRPC). However, if you use SMTP inside your Domino domain, depending on your server settings, those messages can have a disclaimer message added. Adding a disclaimer to a message requires more Domino server resources and can negatively impact performance. 74 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Restriction: In order to enable message disclaimers in a mixed environment, all your Domino servers must be running Domino Directory 7 to interpret the mail policy related to message disclaimers. In addition, your SMTP servers that have been configured to add disclaimers need to run on Domino 7 and the Domino Directory 7 design. Follow these steps to configure message disclaimers on your Domino server: 1. Open the Domino Server Configuration document and select the Router/SMTP tab. Select the Message Disclaimers tab to enable message disclaimers, enable disclaimers on S/MIME signed or encrypted messages, and define the level of logging option. See Figure 3-9. Figure 3-9 Enabling Message Disclaimers from the Server Configuration document Note: If you enable the option to add a disclaimer to S/MIME signed or encrypted messages, recipients might not be able to read your encrypted message or validate the signature. If disclaimers are added at the server level, the SMTP task will modify the body of this message and invalidate the signature. When disclaimers are added directly from the Notes client, the SMTP task will not modify the body to add a disclaimer. When the message disclaimer is added from the Notes client, the message is marked as containing the disclaimer information and will bypass server checking. We recommend enabling the Notes client to add a disclaimer through a mail policy document and let the server only add a disclaimer if it has not been added by the Notes client. Chapter 3. Upgrading the Domino server 75 2. Message disclaimers can only be added by the Notes client if you create a mail policy with disclaimer information and enable it in the Server Configuration document for your SMTP server, as shown in Figure 3-10. Reference the Lotus Domino 7 Administrator Help for detailed information about creating a mail policy that enables message disclaimers. Figure 3-10 Mail policy for a specific user Tip: To ensure that message disclaimers function on the Notes client, you need to ensure that the Notes user's Location document and the user's Person document in the Domino Directory contain an Internet name. In addition, the home mail server and mail file location must be correct in the user's Location document. New Domino server mail rules
Domino server mail rules are used to control incoming messages received by SMTP or the Notes mail.box. Two new types of server mail rules have been introduced in Domino 7: Support for $DNSWLsite and $DNSBLsites tags. If you decide to tag these messages processed by SMTP, rather than silently skipping or rejecting them, you can define subsequent rules to handle them in a specific manner (for example, journeying, redirecting to a database, or changing routing). See Figure 3-11. Figure 3-11 New server mail rules to support tagging from private whitelists and blacklists 76 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Domino 7 has added an exit condition to specify, based on a condition being met, when to stop processing mail rules. This condition is specified in the Server Mail Rule dialog box from the Server Configuration document. See Figure 3-12. Figure 3-12 Stop processing rules from Server Configuration document Important: Mail rules that specify an exit condition will function only on Domino 6.5 servers or a later release of Domino 6.0.3 /6.5 due to a change in the Formula Engine. New policy settings
New policy settings are available in Domino Directory 7 under the Policy menu, as illustrated in Figure 3-13 on page 78. Policies enable the administrator to push settings down to the Notes client that the user cannot override. Using these settings, you can define the following explicit or organizational policy settings for your users: Mail User configuration, letterhead, spell checking Calendar & To Do Display, scheduling, alarms, autoprocessing, rooms and resources Access & Delegation Access to your calendar and your schedule Message Disclaimers Chapter 3. Upgrading the Domino server 77 Figure 3-13 illustrates an overview of the mail policy settings. Figure 3-13 Overview of new Mail policy settings Open Mail File
In the new Domino Directory design, from the People view, you will notice a new Open Mail File button, as shown in Figure 3-14. This button enables you to directly open the mail file of another user who has granted access to his or her mail file, a significant improvement over the process required to open another user's mail file in the previous version of Domino Directory. This function is also available using the Domino Administrator 7 client. Figure 3-14 Open Mail File from People view 78 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Note: All the new capabilities available thorough the new Domino Directory design will only work if you enabled them on a Domino 7 server. If you run a Domino Directory based on this new design against Domino 6 servers (and even Domino 5 servers), these new enhancements will be discarded by the server. Keep in mind that as soon you upgrade the Domino code, you turn on these new functions as well. 3.3.2 AdminP changes
The Administration Request task (AdminP) process has been enhanced to support DB2 UDB as an alternate storage method for Domino-based databases. DB2 is in limited availability, and you can find additional information about DB2 functionality at the following Web site:
http://www.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/nsfdb2 Figure 3-15 on page 80 offers an example of the additional fields added to Administration Request document for DB2 support. Chapter 3. Upgrading the Domino server 79 Figure 3-15 Additional fields in the Administration Request document In addition to the DB2 support, the fields shown in Table 3-1have been added to the Administration Request document as well.
Table 3-1 Enhanced Administration Request in Domino 7 Description Administration request created when modifying the keyrelated fields in a user's Person document from the Domino Directory Administration request created when modifying one of the key-related fields on the Administration tab of the Server document New process request Certify new person key request Certify new server key request 80 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices New process request Rename person - name change ignored by user Modify DB2 access connection Description Revert action when a user did not accept name change request Administration request generated when you use Edit DB2 access connection from the Tools panel in the Domino Administrator 7 client Administration request generated when moving to a new DB2 tablespace Administration request to store user name and password used by Domino server to access DB2 back end Information generated to mark Domino as DB2 enabled server Move DB2 tablespace to a new container Set DB2 password in server's ID file Store DB2 information in Server Document Important: As described in the "New policy settings" on page 77, a new AdminP request is available to support immediate propagation of the new mail policy from a server-based console command:
tell adminp process mail policy You must invoke the command explicitly, because it will not be processed if you use the following command:
tell adminp process all Determining the appropriate ACL for the Administration Requests database is challenging. Normally, this ACL can be mapped from the ACL that you use for the Domino Directory. However, in order for users to be allowed to submit their AdminP requests to the AdminP database, they must be assigned at least Depositor access. 3.3.3 Changes in Domino 7 extended products
In this section, we discuss changes in IBM Lotus Domino Web Access and Sametime 7, as well as some of the enhancements. Domino Web Access
The Domino Web Access user interface in Domino 7 has been significantly improved to more closely match the Lotus Notes 7 rich client experience, as illustrated in Figure 3-16 on page 82. The new Domino Web Access 7 template, DWA7.NTF, inherits its design from both the MAIL7.NTF and FORMS7.NSF templates. Important: If you need to support any R5 iNotes users on your Domino 7 server, ensure that the INOTES5.NTF template and FORMS5.NSF is installed in your Domino data server folder, because the Domino 7 installation will not add these files. Only INOTES6.NTF and DWA7.NTF will be installed by default. Chapter 3. Upgrading the Domino server 81 Figure 3-16 New user interface for Domino Web Access on the Firefox browser In Table 3-2, we summarize some of the new features available in Domino Web Access 7. For a complete list, refer to:
http://www.ibm.com/software/sw-lotus/products/product1.nsf/wdocs/dwawhatsnew Table 3-2 List of new features available in Domino Web Access 7 Description Domino Web Access 7 provides a mail usage indicator so that users can view what percentage of their mail quota they are using. S/MIME is now supported in Domino Web Access 7. Messages in the inbox indicate whether they have been replied to or forwarded. Users can view mail threads, which group a message together with its responses. Mail threads can be viewed from the Mail Threads view, or when reading mail. Users can create stationery to reuse for their mail messages. New feature Mail usage indicator S/MIME support Mail indicators Mail threads Stationery 82 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices New feature Disable drag and drop Local archiving Description Users can set a calendar preference to disable drag-and-drop and in-place editing in their calendar. Archiving can be done locally rather on the server. Several settings have been added to the Domino Web Access tab of the Domino Server Configuration document to enable greater control over your Domino Web Access infrastructure. The most important areas that have been added are: Browser Cache Management Force reuse of child Windows to improve browser performance Access to rooms and resources system Instant Messaging configuration Previously, you needed to configure this setting using a server NOTES.INI parameter. For more information about obsolete NOTES.INI settings in Domino 7, refer to 3.5.2, "Server upgrade checklist" on page 118. Use of untrusted Internet Certificates for S/MIME encryption Display mail threads in your mail Chapter 3. Upgrading the Domino server 83 Figure 3-17 shows these settings. Figure 3-17 New settings in Domino Web Access section from Server Configuration document Sametime integration
Domino Directory 7 has been enabled to support Lotus Sametime integration. If you use the integrated Notes Sametime client, you can star an instant messaging discussion with people or groups listed in the Domino Directory. Individuals can add a group to their buddy list as well. See Figure 3-18 on page 85. 84 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-18 Close Sametime integration in the Domino Directory Tivoli Enterprise Console integration
In the implementation of Domino domain monitoring, you can now forward generated events to IBM Tivoli EnterpriseTM Console in order to federate all those events into a single enterprise interface. This configuration is available in the Domino Server Configuration document, under the Basic tab, as illustrated in Figure 3-19. Figure 3-19 Configuration of logging events into Tivoli Enterprise Console Important: For more information about Tivoli Enterprise Console, see:
http://www.ibm.com/software/tivoli/products/enterprise-console/ For more information about Domino domain monitoring introduced in Domino 7, read the Redpaper Lotus Domino Domain Monitoring, REDP-4089:
http://www.redbooks.ibm.com/abstracts/redp4089.html Chapter 3. Upgrading the Domino server 85 3.3.4 Template changes in Domino 7
Table 3-3 provides an exhaustive list of all the templates available with Domino 7, including those that have been modified. We recommend using this table as a reference for considering template deployment as part of the Domino upgrade process. Important: In addition to understanding the template changes prior to planning the details of your upgrade, we also strongly recommend that you read and consider a strategy for managing and controlling the distribution of database templates. See 3.5.1, "Template strategy: Efficiently managing your templates" on page 107.
Table 3-3 Templates installed on your server during the upgrade Template title Template name N D 6 X X X X X X X X N D 7 X X X X X X X X Template change No Yes No No No Yes No No Comments Template file name ACTIVITY.NTF ADMIN4.NTF ALOG4.NTF ARCHLOG50.NTF BILLING.NTF BOOKMARK.NTF BUSYTIME.NTF CACHE.NTF Activity Trends Administration Request Agent Log Archive Log Billing Bookmark Local Freetime info Local Document Cache Catalog Domino Certificate Authority Certification Log StdAcitivitytrendsDatabase StdR4AdminRequests StdR4AgentLog StdR50ArchiveLog StdR4Billing Bookmarks BusyTime NotesDocCache CATALOG.NTF CCA50.NTF StdNotesCatalog StdNotes50SSLAuth X X X X Yes No No design change for system > Notes Domino 6.51. No design change for system > Notes Domino 6.02. No design change for system > Notes Domino 6.51. No design change for system > Notes Domino 6.51. CERTLOG.NTF StdNotesCertificationLog X X No CERTPUB.NTF Certification Requests StdCertPubRequests X X No CERTREG.NTF Certification Requests StdCertificateRequests X X No 86 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Template file name Template title Template name N D 6 X N D 7 X Template change No Comments CLDBDIR.NTF4 Cluster Directory StdR4ClusterDirectory No design change for system > Notes Domino 6.51. CLUSTA4.NTF CSRV50.NTF Cluster Analysis Server Certificate Admin Directory Assistance Database Analysis Domino Directory Cache Database Library Domino Domain Monitor Decommission Server Reports DECS Administrator Template Directory Catalog StdR4ClusterAnalysis StdNotes50SSLAdmin X X X X No No DA50.NTF DBA4.NTF DBDIRMAN.NTF StdMasterAddressBook4.5 StdR4DBAnalysis StdDbDirMan X X X X X X Yes No No DBLIB4.NTF DDM.NTF StdR4DatabaseLib StdDomainMonitor X X X Yes N/A New to Domino 7. DECOMSRV.NTF StdNotesDecommissionServer X X Yes DECSADM.NTF DECS Administrator Template X X Yes DIRCAT5.NTF Lightweight Directory X X No No design change for system > Notes Domino 6.51. File will remain on the server, unless manually removed. File will remain on the server, unless manually removed. File will remain on the server, unless manually removed. DISCSW6.NTF Discussion Notes & Web (6) StdR6Disc X N/A DOCLBM6.NTF Discussion Notes & Web (6) StdR6DocLibMS X N/A DOCLBS6.NTF Lotus SmartSuite Library (6) StdSmartSuiteR6DocLib X N/A Chapter 3. Upgrading the Domino server 87 Template file name Template title Template name N D 6 X N D 7 Template change N/A Comments DOCLBW6.NTF Doc Library Notes & Web (6) StdR6WebDocLib File will remain on the server, unless manually removed. New version for Domino 7 will be added. New version for Domino 7 will be added. New version for Domino 7 will be added. New version for Domino 7 will be added. DISCSW7.NTF Discussion Notes & Web (7) Discussion Notes & Web (7) Lotus SmartSuite Library (7) Discussion Notes & Web (7) Domino Offline Services Administration Template Domino Offline Services Resources Template Domino Administrator Domino Web Server Configuration Domino Change Control Domino Web Server Log Design Synopsis Server Planner: Analyst Server Planner: Decision Maker StdR7Disc X N/A DOCLBM7.NTF StdR7DocLibMS X N/A DOCLBS7.NTF StdSmartSuiteR7DocLib X N/A DOCLBW7.NTF StdR7WebDocLib X N/A DOLADMIN.NTF Domino Offline Services Admin 1.0 X X Yes DOLRES.NTF Domino Offline Services Resource Template 1.0 X X Yes DOMADMIN.NTF DOMCFG5.NTF StdAdminDatabase StdR5DominoWebServerConfi guration DominoChangeControl X X X X Yes Yes DOMCHANGE.NTF X X Yes DOMLOG.NTF DSGNSYN.NTF DSPA.NTF Domino Web Server Log Template DesignSynopsis Server.Planner: Analyst X X X X X X Yes No No DSPD.NTF Server.Planner: Decision Maker X X No 88 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Template file name Template title Template name N D 6 X N D 7 X Template change No Comments DSPV.NTF Server Planner: Vendor Domino Web Access (7) Server.Planner: Vendor DWA7.NTF dwa7 X N/A New design for Domino 7 (formerly called iNotes). EVENTS4.NTF HEADLINE.NTF ICL.NTF Monitoring Configuration Subscriptions Issued Certificates List Mail (IMAP) iNotes Web Access (R5) StdR4Events StdNotesHeadlines5.0 Issued Certificates List X X X X X X Yes No No No design change for system > Notes Domino 6.51. IMAPCL5.NTF INOTES5.NTF StdR50IMail iNotes5 X X X No No No design change for system > Notes Domino 6.52. No design change for system > Notes Domino 6.54. No design change for system > Notes Domino 6.54. INOTES6.NTF Domino Web Access (6) iNotes6 X No IWAREDIR.NTF Domino Web Access Redirect Personal Journal Lotus Notes/Domino Fault Reports Lotus Notes/Domino Smart Upgrade Tracking Reports Notes Log Notes Log Analysis Extended Mail (6) Extended Mail (7) DWAREDIRECT X X No JOURNAL6.NTF LNDFR.NTF Std7Journal Lotus Notes/Domino Fault Reports Lotus Notes/Domino Smart Upgrade Tracking Reports X X X X Yes Yes LNDSUTR.NTF X X Yes LOG.NTF LOGA4.NTF MAIL6EX.NTF MAIL7EX.NTF StdNotesLog StdR4LogAnalysis ExtR6Mail ExtR7Mail X X X X X Yes Yes N/A X N/A New template. Chapter 3. Upgrading the Domino server 89 Template file name Template title Template name N D 6 X N D 7 Template change N/A Comments MAIL6.NTF MAIL7.NTF MAILBOX.NTF MAILJRN.NTF MTSTORE.NTF Mail (6) Mail (R7) Mail Router Mailbox Mail Journaling Domino MailTracker Store News Articles NNTP Discussion NNTP Cross-Post NT/Migration Users' Passwords Personal Address Book Personal Web Navigator StdR6Mail StdR7Mail StdNotesMailbox StdMailJournaling MailTrackerStore X X X X X X X N/A Yes Yes No New template. NNTPCL6.NTF NNTPDI50.NTF NNTPOST.NTF NTSYNC45.NTF StdR7NNTPClient StdR5.0NNTPDisc StdR46NNTPPostBox StdNotesNewUserPasswords X X X X X X X Yes No No N/A PERNAMES.NTF PERWEB50.NTF StdR4PersonalAddressBook StdR50PersonalWebNavigator X X X X Yes No No design change for system > Notes Domino 6.54. PHONEBOOK.NTF PHONEBOOK7.NTF POLCYSYN.NTF PUBNAMES.NTF PUBWEB50.NTF REPORTS.NTF PhoneBook PhoneBook Policy Synopsis Domino Directory Server Web Navigator Message Tracking Reports Resource Reservations Resource Reservations (7) StdPhonebook StdR7Phonebook StdPolicySynopsis StdR4PublicAddressBook StdR50WebNavigator StdReportsDatabase X X X X X X X X X X N/A N/A No Yes No No Design change for system > Notes Domino 6.04. RESRC60.NTF RESRC7.NTF StdR60ResourceReservation StdR7ResourceReservation X X N/A N/A New implementation with dedicated server task. 90 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Template file name Template title Template name N D 6 X X X X X N D 7 X X X X Template change No Yes No Yes N/A Comments SCHEMA.NTF SMUPGRADE.NTF SRCHSITE.NTF STATREP5.NTF TEAMRM6.NTF TEAMRM7.NTF USERLICENSES.NTF Domino LDAP Schema Smart Upgrade Kit Search Site Monitoring Results TeamRoom (6) TeamRoom (7) Domino User Licence Tracking User Registration Queue Domino Web Administrator StdDominoLDAPSchema StdNotesKits StdNotesSearchSite StdR5StatReport StdR6TeamRoom StdR7TeamRoom StdLicenseTracking X X X N/A No New file. USERREG.NTF StdUserRegistrationQueue X X No WEBADMIN.NTF StdWebAdminDatabase X X Yes Tip: Using the Lotus Domino Administrator client, you can easily list all the template available on your Domino server. At the server console, issue:
sh directory ntf This produces the following output:
DbName C:\Lotus\Domino\Data\webadmin.ntf C:\Lotus\Domino\Data\userreg.ntf C:\Lotus\Domino\Data\userlicenses.ntf V6 C:\Lotus\Domino\Data\teamrm6.ntf C:\Lotus\Domino\Data\statrep5.ntf C:\Lotus\Domino\Data\srchsite.ntf C:\Lotus\Domino\Data\smupgrade.ntf C:\Lotus\Domino\Data\schema.ntf C:\Lotus\Domino\Data\resrc60.ntf Version Logged ---Modified Time---V6 N/A 11/16/2005 05:00:55 AM V6 N/A 11/16/2005 05:00:55 AM N/A 11/16/2005 05:00:54 AM V4 N/A 11/16/2005 05:00:54 AM V6 N/A 11/16/2005 05:00:54 AM V4 N/A 11/16/2005 05:00:53 AM V6 N/A 11/16/2005 05:00:53 AM V4 N/A 11/16/2005 05:00:53 AM V4 N/A 11/16/2005 05:00:52 AM 3.4 Upgrading the Domino Directory
Now that you have considered which sequence to follow for executing the upgrade, we focus on the details involved with upgrading the Domino Directory. First, we highlight new features of the Domino Directory for Domino 7 and discuss how and why these can benefit your environment. We also describe the actions you should take to proactively and safely upgrade both your Domino Directory and your Domino servers. Chapter 3. Upgrading the Domino server 91 Figure 3-20 illustrates the overall process for executing the upgrade. Road map to upgrade your Domino environment
1 2 3 4 Upgrade path Reviewing new features and functions in Domino 7
Reviewing new functions and features - Understanding how and where to configure -How these features can impact design -Reviewing template changes
- Upgrading the Directory Upgrading your server Defining the proper approach to your upgrade
- -Controlling and managing directory replication - Directory upgrade procedure -Managing your template distribution - Create your server upgrade checklist -Clean up your environment - Installation of Domino 7 - Win32 - Linux (Intel) - Post upgrade tasks Figure 3-20 Stage 3: Tasks related to upgrading the Domino Directory As illustrated in Figure 3-2 on page 66, before you begin to upgrade any of your servers, we recommend upgrading the design of your Domino Directory. This design is fully compatible with both Domino 5 and Domino 6 servers. We maintain a backward compatibility for the Domino Directory with previous versions of Domino, as shown in Table 3-4.
Table 3-4 Domino Directory design backward compatibility matrix Domino Directory design Domino server release Domino R5 Domino R6.0.x Domino R6.5.x Domino R7 R5 Supported Notes Domino 6.0.x Supported Notes Domino 6.5.x Supported Supported Notes Domino 7 Supported Supported Supported Not recommended Supported Not recommended Not recommended Supported Not recommended Not recommended Not recommended Supported Tip: From a best practices approach, we strongly recommend using the latest design available for your Domino Directory. This is also a recommendation and general guideline provided from IBM support. 92 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Note: While we do recommend that you use the latest design for the Domino Directory (and also the Administration Requests database), this is not the case with all databases. In particular, for the mail template (including Domino Web Access) or more widely used application templates, we recommend that you do not use a later release than the version used by both the Notes client and the Domino server. For more information about this interoperability matrix, refer to Chapter 4, "Coexistence and interoperability in a mixed environment" on page 147. However, before explaining the process of how to upgrade the Domino Directory, we explore some of the actions you need to take to consider replication of the Domino Directory design and other important pre-upgrade steps to proactively and safely upgrade both your Domino Directory and your servers. 3.4.1 Controlling and managing your Domino Directory design
Because the Domino Directory is the heart of your Domino infrastructure, you need to ensure that only authorized users are allowed to make modifications to the Domino Directory. In this section, we discuss how to restrict access to your Domino Directory by using an access control list (ACL). Setting the right ACL for your Domino Directory
Your ACL requirements can vary depending on the size of your organization, number of administrators, and other factors. However, as a general rule, you can use Table 3-5 as a guideline for determining the ACL in your Domino Directory. Typically, only the administration server for your Domino Directory (and therefore of your domain) will be given manager access, in addition to your senior Domino administrators. You can also grant the hub servers manager access as a group.
Table 3-5 Example of a recommended ACL for your Domino Directory Who Default, anonymous, and terminations No Trusted other domain (users and servers) End users (clear the Create documents check box) Local administrators Roles No No No No [groupCreator] [GroupModifier] [UserCreator] [UserModifier] No Same as local administrator, plus [ServerModifier] [NetCreator] [NetModifier] No No No All roles ACL rights No Access Depositor Reader Author Editor Servers (other than hubs) Regional administrators Designer Manager No Administration server Hub servers Global administrators Chapter 3. Upgrading the Domino server 93 In an alternate scenario, you might list only the administration server and your senior administrators as managers, designate the hub servers and regional administrators as editors, with all remaining servers listed as only readers. Using this scheme, a design refresh would be done at the administration server and replicated to all other others servers using a direction replication document. Tip: The administration server is the server listed as Administration Server in your database ACL, which may be a different server than your administration server of your domain. Figure 3-21 illustrates a high-level overview of how to define ACL settings for the Domino Directory. Global Administrators Mail & Application servers User Population
Figure 3-21 High-level overview to define ACL settings for the Domino Directory You can also enforce a consistent ACL across all server replicas to maintain your ACL integrity. In this case, even if a user has manager access and attempts to update the ACL of the Domino Directory on a server that is not listed explicitly as having manager replication, a replication error will result and the server NAMES.NSF file will not be updated. 94 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Tip: Replication errors must be closely monitored by enabling an event handler looking for the following string during the replication of NAMES.NSF:
Replication replicas cannot proceed because cannot maintain uniform access control list on If users will be accessing the Domino Directory from a Web browser, you must decide the maximum Internet level to grant these users. You need to grant at least author access to the Domino Directory (listed into the ACL as a specific group) and enable minimum author access into the Maximum Internet Name and Password field. If you grant these users lower access, Domino Web Access users will not be able to perform name lookups when composing mail messages. You must enable editor access in the Maximum Internet Name and Password field if you want to allow the Domino Web Access users to change their Internet password. If no users will be accessing the Domino Directory through a Web browser, we recommend removing any authorization for Web access. Figure 3-22 shows an example of ACL settings for your Domino Directory to support a Domino Web Access implementation. 1. Dedicated people group for you Domino Web Access users with Authors rights 2. Advanced configuration settings to support full Domino Web Access functionality Figure 3-22 Example of ACL settings for Domino Directory to support Domino Web Access Important: In the ACL of your Domino Directory, we recommend removing Anonymous access and ensuring the Default access is set to "no access without any role and attribute." Modifying Domino Directory template inheritance
To ensure that the design task (either invoked by program documents, nightly server tasks, or invoked manually from a console command) will not override your design settings, change the default inheritance template name (StdR4PublicAddressBook) to a name that matches your
Chapter 3. Upgrading the Domino server 95 enterprise directory naming convention. Using the Domino Administrator 7 client, you can define which inheritance template is set for all you Domino server databases, as illustrated in Figure 3-23. Figure 3-23 Listing template inheritance from Domino Administrator client After you determine the template file name, you can change the template name and specify the same template name in the design inheritance properties for the Domino Directory. You can also change the replica ID of your Domino Directory template to avoid any unwanted design mixtures, especially if you run a mix of releases in your environment. You will notice that when you change the template name, a reference to the previous template name still exists. For detailed instructions about changing your template inheritance, refer to the Lotus Domino 7 Administrator Help. Figure 3-24 on page 97 shows the process workflow to define a new design template name for your Domino Directory. 96 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-24 Process workflow to define a new design template name for your Domino Directory Tip: If you do not have any servers running an earlier release than Domino 6.0.1, you can select the Refresh Design on Admin Server Only option from the database properties to update the design only on the administration server during the nightly server refresh. Customized design
You might have customized your current Domino Directory to enhance functionality or to support third-party applications, such as fax applications, mobile connections, or enterprise directory connections. Those modifications can be as simple as creating a new view, or involve more complex operations, such as incorporating new agents or script libraries. When planning your upgrade to Domino Directory 7, you should consider whether you still need these changes. If you want to retain these customizations, add them manually to the new Domino Directory template, rather than copying and pasting those changes from the old template. If you need to extend a new view, we recommend creating your own view rather than modifying an existing view. We recommend keeping track of all template customizations and testing them thoroughly before implementing them on the Domino 7 production server. Important: Do not modify any of the $ views contained into the Domino Directory (such as $Users), because these views are used by Domino processes and modifying them can cause failures.
Chapter 3. Upgrading the Domino server 97 $Users view changes
The Domino Directory 7 design introduces a number of changes to the $Users view, which are backward compatible with Domino 5 and Domino 6. Therefore, running a Domino 6 server with a Domino Directory based on a 7 design will not break the day-to-day operation of your server. The following elements have been added to the $Users view: Single sign-on (SSO) functionality has been added by providing mapping to the LPTA token in a mixed environment where both environments do not share the same directory. To ensure that the LTPA token will be sent with the appropriate form, a new field has also been added in the Person document in the Domino Directory to specify the correct value to return, as illustrated in Figure 3-25. Figure 3-25 Change in Person document from Domino Directory, Administration tab Another addition is DB2 integration, which enables a user to gain access to data stored in a DB2 database using a DB2 access view. Figure 3-26 on page 99 shows a side-by-side comparison of the $Users view from the Domino Directory based on Domino 6.54 and Domino 7. 98 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-26 Side-by-side comparison for $Users view from Domino DIrectory based on Domino 6.54 and Domino 7 3.4.2 Upgrading the design of your Domino Directory
In this section, we outline two methods for upgrading to Domino Directory 7: Using the Domino Administrator client Using the Domino server console to initiate the upgrade Regardless of which approach you take, we recommend making a backup of your Domino Directory prior to upgrading the Domino Directory design. Note: For servers using transactional logging, by default, the $Users and $ServerAccess views in the Domino Directory have been marked to be logged. If you do not want to take advantage of the view logging feature, you need to disable the logging of those views in Domino Designer. We recommend using transaction logging to speed up the server restart process in case of failure and improve overall server performance. Chapter 3. Upgrading the Domino server 99 Upgrading Domino Directory using Domino Administrator 7 client
Follow these steps to upgrade your Domino Directory design using the Domino Administrator 7 client: 1. Drop all users from the Domino server. Using your Domino Administrator 7 client, open a server console on the administration server where you are going to upgrade the Domino Directory design. Issue a drop all command at the server console:
drop all Remote system no longer responding By issuing this command, you will be dropped off as well, so you must re-open a live session to access your Domino server. 2. Restrict server access by issuing the following server console command:
set conf server_restricted=1 All users will be prevented from opening a session on this server until the next Domino reboot or until you revert the command back to:
server_restricted=0 As the administrator, your server access will still be granted, including replication and mail routing. Example 3-2 shows the restricted state.
Example 3-2 Restricted state Lotus Domino (r) Server (Release 7.0 for Windows/32) 12/01/2005 11:23:13 AM Server name: Cambridge-Domino7/Infrastructure/JNKWPS - Cambridge WinServer Server directory: F:\ND70_installation\Data Partition: F.ND70_installation.Data Availability Index: 100 (state: RESTRICTED) 3. Pause AdminP activities by shutting down this task. This is not required, but will reserve CPU resources to update the Domino Directory views of the Domino Directory after the design update. Pausing the AdminP task should not impact your business as long you do not keep it down for an extended period of time. In addition, AdminP requests remain in queue for several days, so nothing will be lost. Issue the following command:
tell adminp q 12/01/2005 02:31:00 PM Administration Process shutdown 4. Stop the replication of your Domino Directory during the design upgrade. From the Domino Administrator 7 client, open the File tab and ensure you are connected to the correct Domino server and to the server data folder. Select the Domino Directory (NAMES.NSF), and then from the pane on the right, expand the Database menu and select Replication. In the dialog box that opens, select Disable to turn off replication for this database. Click OK. See Figure 3-27 on page 101. 100 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1. Select your Domino Directory. 2. From the right pane, expand the Database menu and select Replication. 3. Select Disable from the Replication dialog box and click OK to submit your section for immediate processing. Figure 3-27 Disabling replication for Domino Directory 5. Replace the design of your Domino Directory (see Figure 3-28): a. Select your Domino Directory, and right-click the appropriate file. b. Select File from the menu bar in the Domino Administrator 7 client, and then select Database Replace Design. Figure 3-28 Database: Replace Design c. From the dialog box, select the server that stores your new template that needs to be stored locally on your Administrator workstation. Chapter 3. Upgrading the Domino server 101 d. Select the correct template from the drop-down list. Select Show advanced templates to display the entire list of available templates at your selected location. See Figure 3-29. Figure 3-29 Select the right template to use e. Click OK to launch the action. You will receive an alert notifying you about replicating all design elements except private ones, as displayed in Figure 3-30. If you are unsure, click No; otherwise, click Yes to launch the process. Figure 3-30 Alert message to warn you, last chance to cancel The replication will be performed in the background, and you can watch the progress bar at the bottom of your Domino Administrator 7 client, as shown in Figure 3-31. Figure 3-31 Progress bar from the Domino Administrator 7 client Tip: At this time, you can select the Inherit future design change option if you want to maintain your Domino Directory design with the design task. If you changed the template name as previously outlined, this new name will be defined as the default template. 102 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 6. After the design has been replaced, Domino will start to update the Domino Directory views. Starting in Domino 6, a specific indexer thread is exclusively dedicated to keeping Domino Directory views up to date. Therefore, you do not need to force a rebuild of the Domino Directory, because it has been triggered automatically. See Example 3-3.
Example 3-3 Domino will start to update the Domino Directory views Idle task Listen for connect requests on TCP Port:80 Executive '1': Idle Idle Idle Idle Idle Idle Database Server DOMWS Convert AddIn Idle HTTP Server Agent Manager Directory Indexer Indexer Agent Manager Rooms and Resources Idle Stats Router 7. After you have upgraded the design, you can now start to test several points (even if you still have restricted the use of the server, mail routing and replication will still occur): a. Connect to the Domino server from a Notes client using your administrator ID. b. From another server, test the design upgrade by initiating replication of a database other than NAMES.NSF (replication is still disabled for this file). In this example, we use the ADMIN4.NSF file. See Example 3-4.
Example 3-4 Test the design upgrade by initiating replication of a database other than NAMES.NSF rep. jnkwps-domino7/infrastructure/JNKWPS admin4.nsf 12/01/2005 05:52:47 PM Database Replicator started 12/01/2005 05:52:47 PM Replicator is set to Ignore Database Quotas 12/01/2005 05:52:48 PM Starting replication with server JNKWPS-Domino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Finished replication with server JNKWPSDomino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Database Replicator shutdown c. Send a message to a mail-in database hosted on your Domino server and verify the delivery. 8. When you have completed your test, revert the server restriction parameter at the Domino server console to allow users to gain access to the server:
set conf server_restricted=0 9. Restart the AdminP task using the following Domino server console command:
load adminp 12/01/2005 06:15:00 PM Admin Process: JNKWPS-Domino7/Infrastructure/JNKWPS is the Administration Server of the Domino Directory. 12/01/2005 06:15:00 PM Administration Process started 10.Enable replication of your Domino Directory. Unless you have explicitly disabled design changes on target Domino servers, this replication will propagate the new directory design to the rest of your Domino environment, based on the replication schedule. Alternatively, if you do not want to wait until the next replication cycle to propagate your design changes, you can initiate replication from the Domino server console. Use the replication command to replicate server groups using the following command:
rep <servergroup> names.nsf Chapter 3. Upgrading the Domino server 103 Note: Only groups created in the Domino Directory with the specific group type of Servers Only can be used to initiate a such replication job. Other group types are: Multi-Purpose: For mailing and ACL Access Control Only: Contains people and servers Mail Only: For mail mailing only Servers Only: Contains servers only and used with ACL or replication group Deny List Only: Contains people and servers When replicating groups, you can only use a group that contains a list of server names. A nested group is not acceptable. In addition, never change the type of LocalDomainServers from Multi-Purpose (default) to Servers Only. If you want to use this group of servers, create a specific group as Servers Only that will contain the nominative list. Upgrading Domino Directory from the server console of Domino server
You can upgrade your Domino Directory from the Domino server console using the following steps: 1. Disable the replication of the Domino Directory using the steps outlined in "Upgrading Domino Directory using Domino Administrator 7 client" on page 100. 2. Correctly assign the template name to the inheritance field of the Domino Directory. If this field is left empty, your design elements will not be updated. 3. Restrict server access using the following command at the Domino server console:
set conf server_restricted=1 4. Pause AdminP activities by shutting down this task by typing the following command at the Domino server console. This action reserves CPU resources to update the Domino Directory after the design change.
Tell adminp quit 5. Load the designer task, assuming that the target template to update is already located on your Domino server. Type the following command at the Domino server console:
load design -f names.nsf lo design -f names.nsf 12/01/2005 09:46:21 PM Database Designer started 12/01/2005 09:46:22 PM Updating 'ActionButton.gif' into database 'home's Directory' from template 'Domino Directory' 12/01/2005 09:46:22 PM Updating 'bg_DIALOGBAND' into database 'home's Directory' from template 'Domino Directory' If you want to update a template hosted on a remote Domino server, type the following command at the Domino server console:
load design jnkwps-Domino7/Infrastructure/JNKWPS -f names.nsf Designer Updating home's Directory from the Domino Directory design template... 6. After you have upgraded the design, test several points, as outlined here. Even if you still have restricted the use of the server, mail routing and replication will still occur. a. Connect to the Domino server from a Notes client using your administrator ID. 104 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices b. From another server, test the design upgrade by initiating a replication of a database other than NAMES.NSF (replication is still disabled for this file). In this example, we use the ADMIN4.NSF file:
rep jnkwps-domino7/infrastructure/JNKWPS admin4.nsf 12/01/2005 05:52:47 PM Database Replicator started 12/01/2005 05:52:47 PM Replicator is set to Ignore Database Quotas 12/01/2005 05:52:48 PM Starting replication with server JNKWPS-Domino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Finished replication with server JNKWPSDomino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Database Replicator shutdown c. Send a message to a mail-in database hosted on your Domino server and verify the delivery. 7. When you have completed your test, revert the server restriction parameter at the Domino server console to allow users to gain access to the server:
set conf server_restricted=0 8. Restart the AdminP task using the following Domino server console command:
load adminp 12/01/2005 06:15:00 PM Admin Process: JNKWPS-Domino7/Infrastructure/JNKWPS is the Administration Server of the Domino Directory. 12/01/2005 06:15:00 PM Administration Process started 9. Enable replication of your Domino Directory. Unless you have explicitly disabled design changes on target Domino servers, this replication will propagate the new directory design to the rest of your Domino environment, based on the replication schedule. Alternatively, if you do not want to wait until the next replication cycle to propagate your design changes, you can initiate replication from the Domino server console. Use the replication command to replicate server groups using the following command:
rep <servergroup> names.nsf Considerations for upgrading Domino Directory during a scheduled shutdown (server offline)
Before bringing down your server, ensure that you completed the following tasks: 1. Disable the replication of the Domino Directory. 2. Assign the template name to the inheritance field of the Domino Directory. 3. Make the source template available either on the server directory or on another remote server and ensure that your Domino server has access to this server. 4. Update your server NOTES.INI file with the parameter Server_restricted=2. When you restart the server, it will be marked as unavailable until you make it accessible again. 5. Set the location for your Domino executable files in your Windows path or UNIX path statement. Perform the following steps: 1. When your server is down, open a DOS command window, change to the directory where you have installed your data, and open the Domino Designer 7 client program: - On a the Windows 32-bit platform, type the following command at the MS-DOS prompt:
d:\dominodata\ndesign -f names Chapter 3. Upgrading the Domino server 105 - On a UNIX platform, type the following command at the DOS prompt:
[[email protected] dominodata]$ design -f names.nsf 2. After performing this operation, you can rebuild key Domino Directory views manually. This is an optional step, because the views are rebuilt automatically at the next server startup. There are two methods for performing a manual rebuild of your Domino Directory views: - Force a full rebuild of all the existing views. All existing, used views will be updated. Depending on number of documents in your Domino Directory, this can be a long process. - Rebuild only key views and let the Domino server update the remaining views at startup. Key views are $Users and $ServerAccess. Table 3-6 provides command syntax to rebuild views in the Domino Directory.
Table 3-6 Command syntax to rebuild views in the Domino Directory UNIX-based platform updall R names.nsf Description Force full rebuild of all used views Update only $Users view Update only $ServerAccess view Win32 platform nupdall R names.nsf nupdall names.nsf t "($Users)" R updall names.nsf t /($Users) R nupdall names.nsf t "($ServerAccess)" R updall names.nsf t /($ServerAccess) R Tip: On an SMTP machine, you can run several updall threads in parallel to speed up the process. However, we do not recommend using more threads than your physical CPU will allow. 3. Restart the server and test connectivity and replication, as outlined in "Upgrading Domino Directory from the server console of Domino server" on page 104. After you finish testing, make the server available by changing the value to 0 for Server_Restricted. At the server console, type:
Set Conf server_restricted=0 4. You can enable replication for the Domino Directory to push the new design elements to your remaining servers by using your replication schedule. Refer to "Upgrading Domino Directory using Domino Administrator 7 client" on page 100 for additional details and steps. 3.5 Upgrading the Domino server
In this section, we address the steps to prepare for and execute the actual server upgrade. We begin by emphasizing the importance of having a template management strategy. Next, we provide a checklist of server upgrade tasks, and finally, we execute the steps of the server upgrade. Figure 3-32 on page 107 illustrates this stage. 106 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Road map to upgrade your Domino environment
1 2 3 4 Upgrade path Reviewing new features and functions in Domino 7
Reviewing new functions and features - Understanding how and where to configure -How these features can impact design -Reviewing template changes
- Upgrading the Directory Upgrading your server Defining the proper approach to your upgrade
- -Controlling and managing directory replication - Directory upgrade procedure -Managing your template distribution - Create your server upgrade checklist -Clean up your environment - Installation of Domino 7 - Win32 - Linux (Intel) - Post upgrade tasks Figure 3-32 Stage 4: Steps for upgrading the server 3.5.1 Template strategy: Efficiently managing your templates
As the Domino administrator, managing both the changes to and distribution of your templates needs to be one of your principal concerns during the Domino upgrade process. Consider the following questions when designing your template strategy during the Domino upgrade process: What templates do you need to support for the company's business operations? Do you need to have all templates defined and hosted on all servers? Today, how can you handle this template distribution? Are you happy with this process or there is room for improvement? Have you previously experienced issues with mixed design, or unexpected results during a design refresh or design change? How can you distribute design refreshes for databases and applications? Are you using the Designer task on all Domino servers, a subset of the servers, or none of the servers? What is the process for creating a new database or a new application? Have you already defined some template guidelines to determine what access you will allow? What is your process for maintaining standards for all databases and applications, including their templates? Chapter 3. Upgrading the Domino server 107 There are several approaches for managing your template strategy during the upgrade process: Disabling the replication of all the templates Removing all templates from the Domino server and removing the nightly run of the design task Centrally managing these templates from one Domino server or a subset of servers Modifying the template name inheritance, replica ID, and template file name Modifying the ACL to grant limited rights to the servers and potential users In the following section, we explore one possibility to carefully manage your template distribution and strategy. However, as stated earlier, this is not the only solution available, and it might not be best suited for your organization. Finally, we want to point out that this is a sensitive subject, and one for which there can be various solutions. You can, of course, build your own solution based on a mixed approach as highlighted earlier. One possible solution for managing the template distribution
We recommend creating your own template package that can be used on your Domino servers. Secure your templates in the same manner as your Domino databases, particularly for the following system templates: Domino Directory (PUBNAMES.NTF) Administration Requests (ADMIN4.NTF) Activity Trends (ACTIVITY.NTF) Local Freetime Info (BUSYTIME.NTF) Catalog (CATALOG.NTF) Cluster Directory (CLDBDIR.NTF) Directory Assistance (DA50.NTF) Domino Directory Cache (DBDIRMAN.NTF) Domino Domain Monitor (DDM.NTF) Directory Catalog (DIRCAT5.NTF) Domino Change Control (DOMCHANGE.NTF) Domino Web Server Log (DOMLOG.NTF) Domino Web Access (DWA7.NTF, INOTES5.NTF, INOTES6.NTF) Monitoring Configuration (EVENTS4.NTF) Lotus Notes/Domino Fault Reports (LNDFR.NTF) Notes Log (LOG.NTF) Mail (MAIL6.NTF, MAIL7.NTF and MAIL6EX.NTF, MAIL7EX.NTF) Mail Router Mailbox (MAILBOX.NTF) Domino Mail tracking Store (MTSORE.NTF) Resource Reservations (RESRC7.NTF) Smart Upgrade Kit (SMUPGRADE.NTF) TeamRoom (TEAMRM6.NTF, TEAMRM7.NTF) Domino Web Administrator (WEBADMIN.NTF) 108 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices You need to maintain consistency between all template replicas located on your Domino servers, noting that since Lotus Notes 4 all the templates share the same replica ID per file. To maintain consistency between your template replicas, follow these steps: 1. Define which templates will be used and which cannot be removed, such as the following templates: - PUBNAMES.NTF - ADMIN4.NTF - LOG.NTF ACTIVITY.NTF CLDBDIR.NTF EVENTS4.NTF STATREP5.NTF CATALOG.NTF - DDM.NTF - WEBADMIN.NTF 2. Change the replica IDs for the templates included with Domino 7, because they will likely use the same replica IDs of the template from the previous Domino release, as illustrated in Figure 3-33. In an environment with a distributed infrastructure, the risk of template overwriting becomes significant, particularly when upgrading the Domino server. By changing the replica IDs of your templates, you can avoid a template overwrite. Template ReplicaID Template using the same ReplicaID Figure 3-33 Example of same template replica ID from two different Domino releases Note: If you already created a customized template, you do not need to change its replica, because it should not conflict with any other template shipped with Domino 7. Chapter 3. Upgrading the Domino server 109 The easiest way to change a replica ID is to create a new copy of the template using the Domino Administrator 7 client, and then connect to a test server running Domino 7 that will store all the templates: a. From your Domino Administrator 7, select the appropriate server and go to the Files tab. You will see the folder structure of your Domino server displayed in the left panel. By default, Domino installs all its templates on the root directory. However, if you have moved those templates to a specific directory, navigate to that folder. From the menu bar on the right side, select Templates only to display all the templates available on this directory, as shown in Figure 3-34. 1. Select your server. 2. Navigate across the Directory structure if needed. 3. Select Templates only to display only the templates available in your select directory. Figure 3-34 Navigating into Domino Administrator client b. Select the database of which you want to change the replica ID, select File from the menu bar, and then select Database New Copy. This opens a dialog box where you can specify the location to store this new template. c. We recommend copying your template locally under a specific folder, such as MyCompanyTemplate. Do not change the file name and select the Database design only option. Figure 3-35 on page 111 describes the sequence to follow for changing the replica ID of a template. You can use a third-party tool, Replica Change Database, to accomplish the Replica ID change. For more information, refer to the following Web site:
http://www.turtleweb.com/turtleweb.nsf/otherpageslookup/toolsandtoys?opendocument 110 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1. From the Administrator client, select the file to copy. Select File -> Database -> New Copy. 2. From the Copy Database, select Database design only without changing the template file name. 3. Define a location to store the new template (locally and under a specific folder. 4. The copying operation occurs in the background. Figure 3-35 Workflow to create a new template copy with a new replica ID Note: Ensure that you do a database New Copy instead of doing a New Replica. Only selecting New Copy will change the replica ID, while selecting New Replica will reuse the existing replica ID. 3. Change the template name. If you view the database properties using the Domino Administrator 7 client, you will see a column titled Template that indicates on which template name your database is based, and therefore which template name is used when the design task runs by default or is invoked manually. Figure 3-36 demonstrates the Template name information. Figure 3-36 Seeing template name information set for databases Chapter 3. Upgrading the Domino server 111 If the field in front of a specific database is blank, it means that the database does not inherit any deisgn. Therefore, the design task will not update it, because no reference link for a template is available. However, the design of this database can be changed manually by a user who has at least designer rights to this database. After you determine which template name is used with your database, you need to match that name with the template file name. For more information about template names and template file names, refer to Table 3-3 on page 86, which outlines the match between template file names and template names for all the templates included in Domino 7. Tip: You can use the Domino database catalog (CATALOG.NSF) to retrieve the same information displayed in Figure 3-36. You can also use the Domino database catalog to make an inventory of all your databases and templates available across your Domino domain. To take a full advantage of the Catalog database, you need to deploy a replica of this database on each server where you will gather database information and periodically run the catalog task on these servers. By default, the catalog task runs each night at 1 a.m. (same time as the design task):
SERVERTASKSAT1=Catalog,Design To force a full rebuild of your Catalog database, you can invoke the following command at any server console:
>load catalog -p >11/22/2005 04:43:06 PM Starting update of database catalog >11/22/2005 04:43:07 PM Updated database AgentRunner.nsf in catalog >11/22/2005 04:43:07 PM Added database DefaultA.nsf to catalog >11/22/2005 04:43:07 PM Updated database DomBlog221.ntf in catalog The goal at this stage is to build a list based on Table 3-7 to create reference information, which will be used to change the template name and propagate the new name to all the affected databases. The new template name has to be self-explicit and can be used as a version tracking device.
Table 3-7 Example of master template list references Former template name StdActivityTrendsDatabase New template name ActivityTrendsV7 Databases inheritance ACTIVITY.NSF Servers Server01 Server02 Server03 Template file name ACTIVITY.NTF CATALOG.NTF StdNotesCatalog CatalogTemplateV7 CATALOG.NSF Server01 Server02 Server03 Server04 NAMES.NSF ADMIN4.NSF All servers All servers PUBNAMES.NTF StdR4PublicAddressBook ADMIN4.NTF StdR4AdminRequests CompanyDirectoryV7 AdministravitesrequestsV7 Using the Domino Administrator 7 client, open the folder where you created the new copy of your templates, select each one, and right-click, and select Properties. Select the fourth tab and ensure that the Database is a master template option is selected. In the Template Name field, specify the new name that you defined for this template. Figure 3-37 on page 113 shows these steps. 112 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 1. For each template, under your template directory, right-click and select Properties. 2. Navigate to the fourth tab. 3. Select Database file is a master template. 4. Enter the new Template name and close the dialog box by clicking the x at the top right. Figure 3-37 Setting a new Template Name information for a template file In addition, you can also change the Database Title and define Database Properties in the last tab from the right. These properties are important, because when you upgrade a Domino database with a template, the database acquires the properties that you have defined in the design properties. See Figure 3-38. Figure 3-38 Advanced options from a template file Chapter 3. Upgrading the Domino server 113 After you have defined the new template name, you need to propagate this new name to the databases that will use it as a reference, known as template inheritance. Using the Domino Administrator 7 client, connect to the server that has administrative privileges and select the database that will inherit the new template. Right-click and select Database Properties. Select the fourth tab. Ensure that the Inherit design from master template is selected and type the new template name in the Template field, as illustrated in Figure 3-39. 1. Select Inherit design from master template. 2. Enter the template name. 3. Select Refresh design on admin server only. Note that you still have a reference to the former template name and version. That reference exists for both the NSF file and the NTF files. Figure 3-39 Changing the template name in a database In addition, you can specify a new option called "Refresh design on admin server only." In this case, the design task only runs on the administration server, so even if the design task is initiated against this server on a different server, the design will not be updated, as illustrated here:
11/22/2005 04:35:19 PM Database Designer started 11/22/2005 04:35:19 PM Design error: Design Refresh can only be done on the Administration server of this database. 11/22/2005 04:35:19 PM Database Designer shutdown Note: The design task performs a refresh of a specific database. But if a user who has designer rights to the database performs a design replace from the client, the user bypasses this restriction. If the replace has been done on the administration server or on a server that has enough privileges to propagate these changes as well, remove the flag that prevents the refresh from the administration server. 4. Define a common access control list (ACL) for the template distribution and creation. As mentioned previously, you need to secure the ACL for all of the templates you are going to deploy. For each template, you need to specify a group a users allowed to read it for database creation and a list of administrators allowed to manage it for distribution, and, of course, list the group of servers to which it will replicate. For each template ACL you can use the example in Table 3-8 on page 115. 114 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 3-8 Default example ACL for your company template Default ACL Administration Server Hub Servers DomainAdmin ACL for database creation [hub Servers] [DomainAdmin] Type Server Servers Group Person Group ACL rights Manager Designer Editor Author Depositor Reader No Access User allowed to create database (locally) -defaultanonymous [-default-] [anonymous] Person group Unspecified Unspecified Spoke Servers [Spoke Servers] Server Group In addition, for each entry, you need to specify a set of attributes and roles. Entries in brackets will become the default settings when a database is created with that template, maintaining common ACL settings across the organization by default. Note: Define an administration server for these templates with the appropriate settings available in the Advanced Properties panel: Action - Do not modify name fields - Modify all readers and authors fields Modify all name fields Enforce consistent Access Control List across all replicas Maximum Internet name and password If you create the database directly on a server, these parameters will be inherited from the template, while the administration server will be the server that hosts the database, not the template. However, note that administration process will not change the name listed in the ACL of a template even if you have defined an administration server. Using the Domino Administrator client, you can easily update the ACL on a large set of databases, including templates and applications, following one of two methods: - To define a standard ACL to apply to each template using the Domino Administrator 7 client, open the Domino Directory on the server containing your master templates, and then select Template only from the menu bar. Select the source template that holds your ACL baseline, right-click, and select Access Control Copy. Select all the templates to which you want to apply this ACL by selecting each with the combination of pressing Ctrl and right-clicking, and then right-clicking again to recall the Properties box and selecting Access Control Paste. Figure 3-40 on page 116 shows this method. Chapter 3. Upgrading the Domino server 115 1. Select the source ACL template from an existing template, right-click, and select Access Control -> Copy. 2. Select your template (press Ctrl and right-click), right-click, and select Access Control -> Paste. Figure 3-40 Setting a common ACL for the templates The ACL log for each template you work with will contain a similar entry:
11/23/2005 10:53:46 AM Jean-Noel Koval/France/IBM pasted entire ACL In addition, the status bar from your Domino Administrator 7 client will display the overall status and progression. Important: When you use copy and paste for the ACL, if the source ACL does not contain any roles, or roles with specific names, these roles will be applied to all the templates that you have selected for pasting, regardless of the database design. If the source ACL does not have any roles, all roles existing in the selected template will be removed. Pay special attention to PUBNAMES.NTF or any other template that uses roles, such as the following: CCA50.NTF (Domino Certificate Authority) DDM.NTF (Domino Domain Monitor) DOMCHANGE.NTF (Domino Change Control) MAILJRN.NTF (Mail Journaling) MTSTORE.NTF (Domino Mailtracker Store) PHONEBOOK.NTF (Phonebook) PUBNAMES.NTF (Domino Directory) PUBWEB50.NTF (Server Web Navigator) RESRC7.NTF (Resource Reservation) SRCHSITE.NTF (Search Site) WEBADMIN.NTF (Domino Web Administrator) 116 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices - Using the Domino Administrator 7 client, open the Domino Directory on the server containing your master templates, and then select the templates for which you want to manage the ACL. Select Tools menu in the right-hand pane, and then select Databases Manage ACL, as illustrated in Figure 3-41. 1. Select the templates that you want to manage. 2. Select Manage ACL from the menu on the right. 3. In the Manage Multiple ACLs dialog box, select the template you want to edit from the View/edit single ACL drop-down list. 4. This opens the normal Access Control List dialog box. Do your update, and click OK. You return to the previous dialog box where you can select another template. Figure 3-41 Managing ACL on different templates 5. Sign your template with a corporate ID that has been deployed in your execution control list (ECL). 6. Although we recommend that you make the file name explicit (for example, CompanyTeamRoomV7.NTF), some system databases require you to use the default file name template. The Domino server creates these Domino databases based on a specific template file name. If any of the following templates are not available, the database creation process will fail: LOG.NTF CATALOG.NTF WEBADMIN.NTF DDM.NTF LNDFR.NTF EVENTS4.NTF REPORTS.NTF Chapter 3. Upgrading the Domino server 117 7. After you define and modify all of your templates, create a template package that will be used to replace all the standard templates, including your corporate mail template. When you create a template package, if a template is overwritten by any new installation, the server will not propagate these changes, and the design task will not update any Domino databases with the new template. 3.5.2 Server upgrade checklist
Before upgrading your Domino server, there are several tasks you must complete. Table 3-9 outlines the steps to follow before performing the Domino server upgrade.
Table 3-9 Upgrade checklist Upgrade tasks Check the Domino Directory design present on your server (Database Properties Design information). It should be inherent from the Domino Directory 7 design. Perform a full backup of your server (even if you use incremental backup for logged servers). Disable unused program documents from your directory related to the server that you are going to upgrade. Turn off Domino Directory replication. Turn off other connection documents (replication and routing information). Drop all users from server sessions and restrict server usage. Force routing of all mails still waiting for delivery, and then stop the router and SMTP task. Purge all administrative requests. Stop the Domino server. Turn off the Domino server as a service for the Windows 32-bit operating system. Disable the cron job on UNIX platforms for automatic restart and clean up shared memory segments. Install Domino 7 code. Check out templates, replace the "out of the box" templates, and remove unused templates. Edit the server NOTES.INI file to remove older parameters. Perform maintenance operation on the NAMES.NSF and ADMIN4.NSF files. Rebuild view of NAMES.NSF offline, using the updall R command. Delete BUSYTIME.NSF and move out the LOG.NSF file and MAILXX.BOX file. Restart your server. Reset your Domino server as a Windows service. Perform additional settings to launch your Linux Domino server. Test your Domino server, open users' access, and turn on replication and connection documents. Prepare the next Domino sever upgrade. X X X X X Optional X Optional X Optional X X X Win32 platform X UNIX platform X X X X Optional X X Optional X X X X X Optional X X Optional X X X X X Optional X Optional X 118 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 3.6 Executing the server upgrade
After you define a checklist to prepare for the Domino server upgrade, you should also define an upgrade sequence based on the following list: 1. Upgrade the Domino Administrator client for all the administrative users, or those people involved in the upgrade project. 2. Upgrade the Domino Directory design. 3. Upgrade the administration server of your domain. 4. Upgrade the hubs and directory servers. 5. Upgrade the spoke servers (mail, application, Web, and gateway servers). 6. Upgrade the Notes client. 7. Upgrade custom Notes applications and application design. 3.6.1 Cleaning up your environment before starting the upgrade process
Upgrading your Domino server offers a good opportunity to clean up all unused program documents, server connection documents, and even databases that are no longer used. You might consider removing and archiving old files present in your Domino data directory, such as old NSD files or temporary files. In addition, consider removing all the current Domino server NOTES.INI settings that are not supported in Domino 7, as outlined in Table 3-10. There are two areas where you might find obsolete settings: Domino server NOTES.INI file Domino Server Configuration document
Table 3-10 Obsolete NOTES.INI variables in Domino 7.0 Description Since Domino R5.0.1, this setting is ignored. For Domino 5 and later, bind a Notes TCP port to a specific address and then have the LDAP service use the Notes port. Enabled by the directory information setting database "Trust the server based condensed directory catalog for authentication with Internet protocol" in the Server document of your Domino Directory. IPX/SPX is not supported. IPX/SPX is not supported. Functionality enabled by the Active Directory filter. Functionality enabled by the Domino Web Access instant messaging setting "Instant Messaging Features" in the Server Configuration document. Functionality enabled by the Domino Web Access instant messaging setting "Online Awareness" in the Server Configuration document. Functionality enabled by the Domino Web Access setting "Local Archiving" in the Server Configuration document. NOTES.INI setting LDAPAddress Namelookup_Trust_Dircat NWNDSPASSWORD NWNDSUSERID WebAuth_AD_Group iNotes_WA_Chat iNotes_WA_LiveNames iNotes_WA_NoLocalArchive Chapter 3. Upgrading the Domino server 119 NOTES.INI setting iNotes_WA_OOO_RunOnWeekends iNotes_WA_SametimeJavaConnect Description Used only by the INOTES5.NTF template, which is no longer available in Domino 7. Functionality now enabled by the Domino Web Access instant messaging setting "Prefer Sametime Java Connect for browsers" in the Server Configuration document. Functionality now enabled by the Domino Web Access instant messaging setting "Set and instant messaging server hostname for all Domino Web Access users" in the Server Configuration document. Functionality now enabled by the Domino Web Access instant messaging setting "Allow secrets and tokens authentication" in the Server Configuration document. Functionality now enabled by the Domino Web Access instant messaging setting "Loading stlink from Domino Application servers" in the Server Configuration document. Functionality now enabled by the Domino Web Access setting "Local Archiving" in the Server Configuration document. Use Server document. iNotes_WA_SametimeServer iNotes_WA_SametimeToken iNotes_WA_STLinksLocal iNotes_WA_NoLocalArchive Shared_Mail Note: Domino 6 shipped with two GTR engines, gtr40nts.dll (default for Domino 6) and gtr34nts.dll (used by Domino 5.0.3 and later). Domino 7 is only installed with gtr40nts.dll, but in case of an upgrade, gtr34nts.dll will not be removed by the installation kit and will remain in your binaries directory. However, you cannot invoke it as the default engine, because the NOTES.INI setting FT_LIBNAME has not been supported since Domino 6. Invoking it will cause the server to crash, as in the following example:
### FATAL THREAD 7/68 [ nserver:07ac:089c] ### FP=0x0325f0c0, PC=0x074874e1, SP=0x0325ecc0, stksize=1024 ### EAX=0x00000000, EBX=0x00000000, ECX=0x0000006b, EDX=0x00000000 ### ESI=0x00000000, EDI=0x00000000, CS=0x0000001b, SS=0x00000023 ### DS=0x00000023, ES=0x00000023, FS=0x00000038, GS=0x00000000 Flags=0x00010202 Exception code: c0000005 (ACCESS_VIOLATION) [ 1] 0x074874e1 gtr34nts (2a85314,0,1010000,6c5c3a63) @[ 2] 0x601d4f92 [email protected]+258 (7420000,b,0,600d5fd8) To determine whether the setting FT_LIBNAME is in your server's NOTES.INI file, at the server console, type:
>show conf lib_ftname* If this setting does not exist in the NOTES.INI file, you will see the following output:
>Invalid value for command option When you upgrade your server, NNTP executables will be removed as the associated entry in server task line. Nevertheless, NNTP connection documents from the Domino Directory remain untouched. You have to delete them manually unless you are running Domino 5. 120 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Tip: You can set NOTES.INI parameters by using a Server document, which can be applied by default to all the servers if a dedicated document exists. If you plan to set a NOTES.INI parameter on all your servers, we suggest using a Server document on each server, rather than using a global variable. 3.6.2 Performing a backup of your server
We recommend performing a full backup of your Domino server before starting the server upgrade process. If you are unable to perform a full backup of all your Domino servers, we suggest backing up at least the following elements: Server ID and all other IDs present on your system. NOTES.INI files. The Domino Directory, or the NAMES.NSF file. This database is replicated to all of your servers, but having a backup ready will speed up your rollover plan. The mail.box file and multiple mail.box files available on your server. These mail.box files should be empty before stopping the server. The LOG.NSF file to provide a record of your previous server activities. All other directory databases such as the Directory Assistance, Extended Directory Catalog, Condensed Directory Catalog, and Schema database. Any customized templates. Any specific extension managers that you use. 3.6.3 Installing Domino 7 on your server
Before shutting down the Domino server in preparation for the Domino 7 upgrade, review the following steps to ensure that you have completed all upgrade tasks. Use your Domino Administrator client to perform the following steps: Disable replication for your Domino Directory, as explained in "Upgrading Domino Directory using Domino Administrator 7 client" on page 100. Turn off all connection documents on the existing Domino server if you want to isolate it from external access. Connection documents are used for scheduled replications and mail routing topology. Drop all users' connections to the Domino server by issuing the following command at the server console:
> drop all Purge any pending requests from the Administration Requests database. This step is not required, because your server should not lose any requests if the Domino server is down for a short time. However, if need to purge your Administration Requests database, use the commands shown in Table 3-11 at the server console.
Table 3-11 Command tell adminp process daily Administrator command to pass at the server console Action Processes: All new and modified daily requests to update Person documents Any outstanding Rename Person in Unread list Processes all new and modified delayed requests. Chapter 3. Upgrading the Domino server tell adminp process delayed 121 Command Action tell adminp process interval Processes all immediate requests and all requests that are usually processed according to the Interval setting in the Server document. tell adminp process people Processes all new and modified requests to update Person documents. Alternatively, you can use the following command at the server console, although it requires significantly more resources:
tell adminp process all 12/03/2005 04:04:13 PM Admin Process: Checking for all requests to perform Tip: If you want to know for a specific server which databases have an administration server defined into its ACL and which ones do not, at the server console, type:
tell adminp show database 12/03/2005 04:07:15 PM Admin Process: These databases have CambridgeDomino7/Infrastructure/JNKWPS designated as their Administration Server. 12/03/2005 04:07:15 PM Title: Domino Directory Cache (6) File name: dbdirman.nsf 12/03/2005 04:07:15 PM Title: Lotus Notes/Domino Fault Reports File name: faultreport.nsf 12/03/2005 04:07:15 PM Admin Process: These databases have specified that the Administration Process maintain the names in their Readers and Authors fields. 12/03/2005 04:07:15 PM Title: Lotus Notes/Domino Fault Reports File name: faultreport.nsf 12/03/2005 04:07:15 PM Admin Process: These databases have specified that the Administration Process maintain the names in their Names fields. 12/03/2005 04:07:15 PM Admin Process: These databases have no Administration Server designated. 12/03/2005 04:07:15 PM Title: Activity Trends (Cambridge-Domino7) File name: activity.nsf Restrict server access by using the following command at the server console:
set conf server_restricted=1 If you want to maintain this restriction even after restarting the server, use the following command:
set conf server_restricted=2 Ensure that all mail has been routed and the server's mail.box file is empty using the command in Example 3-5 at the server console. This command returns a status message, as shown in Example 3-5.
Example 3-5 State of mail.box State DEAD DEAD DEAD DEAD DEAD Size Count From 1405 1 Cambridge-Domino7/Infrastructure/JNKWPS 1405 1 Cambridge-Domino7/Infrastructure/JNKWPS 3110 1 Cambridge-Domino7/Infrastructure/JNKWPS 1405 1 Cambridge-Domino7/Infrastructure/JNKWPS 1405 1 Cambridge-Domino7/Infrastructure/JNKWPS 1405 1 Cambridge-Domino7/Infrastructure/JNKWPS tell router ls Mbx Note ID 1 00000906 0083268C 1 0000090E 000028D8 1 000008FE 00758399 1 00000916 00542B1B 1 0000092E 00576572 1 00000936 005E93BF DEAD 122 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices An empty mail.box opens, as shown in the following example:
Mbx Note ID State Size Count From If necessary, you can force the delivery of messages in the mail.box file. Additionally, you can issue a route command to delivery the messages to a specific destination server using the following command:
route <destination server address> Alternatively, you can check the mail.box status using the Messaging tab of the Domino Administrator 7 client, as shown in Figure 3-42. Figure 3-42 View of Messaging tab from the Domino Administrator 7 client As soon you clear the mail.box files from your server, shut down the Domino server to avoid any new incoming mail. From a server console command, type what is shown in Example 3-6.
Example 3-6 Shutting down the Domino server to avoid new incoming mail RDEBUG Server: Waiting for all tasks to complete DOMWS Convert AddIn Terminating Router: Shutdown is in progress Router: Done freeing transfer queues (1) AMgr: Executive '1' shutting down. Process id '3964' 12/03/2005 05:01:51 PM Schedule Manager Calendar Connector shutdown Mail Router shutdown Administration Process shutdown DOMWS Convert AddIn Termination Complete Agent Manager shutdown complete Event Monitor shutdown Database Replicator shutdown Index update process shutdown Domino Off-Line Services HTTP extension unloaded. 12/03/2005 05:01:54 PM RDEBUG Server: All tasks have completed 12/03/2005 05:01:57 PM RDEBUG Server: Stats agent shutdown Server shutdown complete quit 12/03/2005 05:01:51 PM 12/03/2005 05:01:51 PM 12/03/2005 05:01:51 PM 12/03/2005 05:01:51 PM 12/03/2005 05:01:51 PM shutdown complete 12/03/2005 05:01:51 PM 12/03/2005 05:01:51 PM 12/03/2005 05:01:52 PM 12/03/2005 05:01:52 PM 12/03/2005 05:01:52 PM 12/03/2005 05:01:52 PM 12/03/2005 05:01:52 PM 12/03/2005 05:01:53 PM 12/03/2005 05:01:53 PM Shutdown 12/03/2005 05:01:57 PM Shutdown 12/03/2005 05:02:03 PM 12/03/2005 05:02:20 PM HTTP Server: After your server is down, on a Windows 32-bit platform, disable Windows services to avoid a server restart if you restart your operating system. On a UNIX platform, disable any cron jobs that would be used to start the Domino server automatically with an operating system restart. Chapter 3. Upgrading the Domino server 123 To ensure that you had a clean shutdown, you can also invoke Notes System Diagnostics (NSD) to clear any shared memory segments and remaining Domino tasks using the command shown in Example 3-7.
Example 3-7 Notes System Diagnostics F:\ND70_installation\Data>f:\ND70_installation\binaries\nsd -kill ERROR (0): no active processes found for this instance Host Name : Dom6upgradeND7 User Name : Domino7 Date : Sat Dec 03 17:28:48 2005 Windows Dir : C:\WINDOWS Arguments : f:\ND70_installation\binaries\nsd -kill NSD Version : Release 6.54 ERROR (0): nothing to report: no active processes found for this instance Started at: Sat Dec 03 17:28:48 2005 Ended at: Sat Dec 03 17:28:53 2005 Generated Messages: ERROR (0): no active processes found for this instance ERROR (0): nothing to report: no active processes found for this instance NSD is available on other platforms, including Linux, AIX 5L, and Sun Solaris. Running the Domino 7 installation on Windows 32-bit operating system
The Domino 7 installation uses a new InstallShield Multiplatform Server Installer (ISMP) to offer a method for performing a silent server install, as well as a new option to run an Express installation. Domino 7 Express installation
You can invoke the Express installation by passing express as a parameter when running the Domino server setup from an MS-DOS window. The Express installation is available only for the Windows 32-bit platform. Using this option offers you three choices for the installation of the Domino 7 server components, as shown in Figure 3-43 on page 125. Note: When you select an installation option, you need to ensure that you have the appropriate license for that installation option. The Domino 7 Express installation has been designed for the requirements for small and medium-sized enterprises. See the following URL for more information:
http://www.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominoexpress This installation script has been designed to offer a preselected installation scenario. In addition, as soon the Domino installation is complete, the server will be restarted automatically. That an important point to consider, especially if you had some post-upgrade operations to complete before restarting the Domino server. 124 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-43 Domino Express installation Domino full setup installation
For a Domino full setup installation, perform the following steps: 1. After invoking the Setup.exe file to launch the Domino 7 installation program, Java-based InstallShield Wizard dialog box opens, as shown in Figure 3-44. Figure 3-44 New Domino Java-based installer 2. After navigating through the license agreement dialog box, which you need to read and accept, you will be prompted to select a folder for the Domino executable files and data files. By default, the installation program will install the new files to the same location where your current Domino server is installed. 3. You will be asked if you want to install a partitioned server. We cover this installation option, as well as upgrade details, in 3.7.5, "Upgrading when working with partitioned servers" on page 140. Chapter 3. Upgrading the Domino server 125 4. After specifying a location for the Domino 7 installation, the dialog box shown in Figure 3-45 opens, offering selections for the server types and features to install. Figure 3-45 Available choices during the Domino upgrade 5. If you customize your Domino server installation, the dialog box illustrated in Figure 3-46 opens, offering numerous features to install. Figure 3-46 List of features available when selecting Customize during Domino Upgrade 126 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices After you select your installation settings, click Next to launch the Domino 7 server installation. Table 3-12 shows the available space required for each type of installation.
Table 3-12 Available space required for each type of installation Available size required 810 MB 811 MB 856 MB Type of installation Domino Utility Server Domino Messaging Server Domino Enterprise Server 6. After the installation completes, click Finish, as shown in Figure 3-47. You can now start the Domino 7 server. However, before doing so, refer to 3.6.4, "Actions to take before restarting your server" on page 127 for additional considerations. Figure 3-47 Final Windows installation window Important: When you upgrade your first server to Domino 7, this should be your administration server. Make sure that you upgrade the design of your Administration Requests database (ADMIN4.NSF) based on ADMIN4.NTF. 3.6.4 Actions to take before restarting your server
This section outlines a list of actions you should take before bringing the Domino 7 server online: 1. Ensure that you have the correct templates on your server: - Replace the standard templates with your own template set, if appropriate. - Delete templates that will not be used on the Domino server (for example, discussion libraries and teamrooms on a mail server).
Chapter 3. Upgrading the Domino server 127 - If you are going to use the standard out of the box template, be prepared to manage replication conflicts and possible unexpected design errors. 2. Remove any obsolete parameters from your server NOTES.INI file, as listed in the 3.6.1, "Cleaning up your environment before starting the upgrade process" on page 119. 3. If you have already upgraded the design of your Domino Directory and if you do not want to be prompted in the future to upgrade your design, we suggest adding the following parameter to your server NOTES.INI file:
Server_Upgrade_No_Directory_ReDesign=1 This ensures that you are not prompted at the first server restart to replace your Domino Directory design. 4. The server shutdown period is an opportune time to perform maintenance operations on the Domino Directory and administration database and to run fixup and compact tools on these databases. Table 3-13 outlines the parameters for the fixup tool, and Table 3-14 describes the parameters for the compact tool. For more information about the fixup and compact tools, refer to Upgrading to Lotus Notes and Domino 6, SG24-6889: Fixup on the Windows 32-bit platforms:
d:\dominodata\nfixup names.nsf -j -f -l -v d:\dominodata\nfixup admin4.nsf -j -f -l Fixup on UNIX platforms:
[notes @dominodata data]$fixup names.nsf -j -f -l -v [notes @dominodata data]$fixup admin4.nsf -j -f -l Table 3-13 Description of switches used by the fixup tool Description Exhaustive fixup to force all documents to be checked. Include transaction logging database; otherwise, fixup will skip this database. Exclude views to be checked as rebuild later. Log the fixup process. Switch parameter f j v l Compact on Win32 platforms:
d:\dominodata\ncompact names.nsf -C -F -U -K d:\dominodata\ncompact admin4.nsf -C -F -U Compact on UNIX platforms:
[notes @dominodata data]$compact names.nsf -C -F -U -K [notes @dominodata data]$compact admin4.nsf -C -F -U Table 3-14 Description of switches used by the compact tool Description Use copy style compaction method and recover unused space. Creates a temporary file requiring the same about of space available in the data directory as the size of the database you are going to compact. Enable "Document table Bitmap optimization" from your database properties. Disable "Maintain unread marks." Switch parameter C F U 128 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Switch parameter K Description Enable large UNK tables (greater than 64 KB). Important: If you use an incremental backup for transactional logged servers, you will need to run a full backup because the database ID for NAMES.NSF and ADMIN4.NSF has been changed by the fixup and compact tools. 5. You can rebuild the view of your Domino Directory to ensure that it is up to date by running the updall R task against NAMES.NSF: Compact on Win32 platforms:
d:\dominodata\nupdall names.nsf -R Compact on UNIX platforms:
[notes @dominodata data]$updall names.nsf -R 6. Remove the LOG.NSF file from your Domino server data directory and remove mail.box to let the server re-create a new mail.box file based on the Domino 7 template. To avoid any confusion, you can rename the existing LOG.NSF file to an explicit file name extension such as LOG_DATE.NSF for a later reference. Important: Be sure that you have LOG4.NTF and MAILBOX.NTF available on each server, or the server will not create a new LOG.NSF and MAIL.BOX file. 7. Delete the existing file BUSYTIME.NSF (or CLUBUSY.NSF in a clustered environment). Domino 7 uses a dedicated server task to maintain information for the Rooms and Resource database. Important: The Rooms and Resources Manager (RnRMgr) works only if the Rooms and Resources database has been created using the RESRC7.NTF template. If you do not delete the previous database, upgrade your Rooms and Resources database using the RESRC7.NTF template. You must add the task RnRMgr in the line ServerTasks to the server NOTES.INI file:
ServerTasks=Update,Replica,Router,AMgr,AdminP,CalConn,Sched,HTTP, RnRMgr Alternatively, you can create a program document to load this task at server startup. 8. After you have addressed the previous tasks, you can restart your Domino server. 3.6.5 Post-upgrade operations
Before granting users access to the upgraded Domino server, ensure that it works properly and that you have removed any server restrictions by setting the parameter Server_Restricted=2. Use the following steps to ensure that the Domino 7 server is working properly: 1. Connect to the Domino 7 server from a Notes client using your administrator ID. 2. From another Domino server, initiate the replication of a database other than NAMES.NSF (replication is still disabled for this database):
rep jnkwps-domino7/infrastructure/JNKWPS admin4.nsf 12/01/2005 05:52:47 PM Database Replicator started Chapter 3. Upgrading the Domino server 129 12/01/2005 05:52:47 PM Replicator is set to Ignore Database Quotas 12/01/2005 05:52:48 PM Starting replication with server JNKWPS-Domino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Finished replication with server JNKWPSDomino7/Infrastructure/JNKWPS 12/01/2005 05:52:48 PM Database Replicator shutdown 3. Send a mail message to a mail-in database hosted on the Domino 7 server and verify the delivery. When you complete your server test, complete these steps: 1. Set conf server_restricted=0 to allow users access to the Domino 7 server. 2. Enable Domino Directory replication. 3. Turn on all connection documents that you had previously turned off. 4. Monitor the server for any failures and prepare for the next server upgrade. At this point, your installation is complete. 3.6.6 Running the Domino 7 installation on Linux for Intel (stand-alone)
In this section, we outline the steps to upgrade your Domino server on a Linux platform. Unlike the Windows 32-bit operating system, the Domino 7 installation uses a Perl script to install the new server files and the configuration choices are more limited than Win32. Note that this section documents a stand-alone installation (for example, only one Domino server running on the Linux platform). For details about Domino partitioning on a Linux platform, refer to 3.7.5, "Upgrading when working with partitioned servers" on page 140. Important: This section assumes knowledge of the process for installing a Domino server on a Linux platform. For more information about installing a Domino server on a Linux platform, refer to the IBM Redbook Lotus Domino 6 for Linux, SG24-6835. To upgrade your Domino server under Linux, you need to be functioning as the root user. 1. As the root user, untar the Domino.tar file into a temporary folder, and then launch the installation script from the folder linux/domino:
[[email protected] Domino]# ./install 2. This action opens an installation window, as shown in Figure 3-48 on page 131. Follow the instructions on the window to move forward using the Tab key to display the license agreement information. You need to accept this agreement to continue with the Domino installation. 130 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 3-48 Licence agreement: Linux-based installation Tip: Although we use the X Window System in this section to perform screen captures and display graphics, you do not need to have an X Window System server running to perform the Domino server upgrade on a Linux platform. 3. The next window prompts you to install a data directory only, and you must respond No, as shown in Figure 3-49 on page 132. This setting is used for adding a Domino partition to your system, but Domino does not support adding a partition while performing a server upgrade. If you want to add a new partition to your system, you need do this using Domino 6.5.4, and then upgrade all of your the partitions Domino 7. For more details about how to upgrade a Domino partition, refer to 3.7.5, "Upgrading when working with partitioned servers" on page 140. Important: Domino partition refers to a specific installation method where one single program directory (by default, /opt/ibm/lotus) is used against several Domino data directories (for example, /home/dir01/data and /home/dir02/data). Since Domino 6, you can run several Domino servers on the same box. However, in this case, each Domino server has it own program directory and data directory and will be seen as a stand-alone server, so must be upgraded individually. Chapter 3. Upgrading the Domino server 131 Figure 3-49 Data directory installation for Linux 4. The next window prompts you to select which type of server you are upgrading: - Domino Enterprise Server - Domino Messaging Server - Domino Utility Server For more information about these installation types, refer to the "Domino full setup installation" on page 125. 5. The next steps prompt you to install all of the Domino 7 templates and inquire if you have already selected your template, as outlined in 3.5.1, "Template strategy: Efficiently managing your templates" on page 107. 6. Next, you must choose whether to install Application Services Provider (ASP) functionality. This option requires you to have selected the Enterprise Domino installation. If you have not previous used this functionality, we recommend choosing the default setting of No. You can find additional information about ASP in Upgrading to Lotus Notes and Domino 6, SG24-6889. 7. You must next define in which directory you want to install the Domino 7 server. The default is /opt/ibm/lotus. Press Enter to edit this choice and confirm by pressing the Tab key. 8. In the next window, choose whether to run more than one server-based installation. This information is required for Domino partitioning. In our case, you can choose the default value of No. 9. The next window asks you to define your Domino data directory. The default is /local/notesdata. 10.The next two windows relate to the user information under which the Domino 7 server will run. It cannot be the user root, which has been used only to run the installation script. You must provide a UNIX user name and the user's UNIX group. 132 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 11.In the next window, define the server startup method, choosing one of the options outlined in Table 3-15. We recommend using the Manual Server Startup method.
Table 3-15 Sever startup technique Description At the end of the installation script, the server will not be started. You need to start the server manually or use a startup script. When the installation is finished, the server launches under the user name provided in step 10 and attached to the current console. This setting is useful when you are installing a new server. As soon the installation process is finished, the server launches in listen mode to be configured remotely from another server using the Domino Administrator client through the remote server setup. Server startup method Manual Server Startup Local Server Startup Remote Server Setup 12.In the next window, review all the settings you selected and confirm if correct. 13.The Domino installation window invokes a CheckOS program to validate the release level of your Linux box and warn you of any missing patches or unsupported platforms, as outlined in Chapter 2, "Preparing for your upgrade" on page 13. Important: The CheckOS task was introduced in Domino 6 to validate the platform level for Linux. In Domino 7, it ends the installation process if a patch is missing or the platform is unsupported. This is just an informational check done to assist you in case of potential installation issues. Before any new upgrade, carefully read the list of supported platforms. A progress window provides information about the status of the Domino server upgrade, as illustrated in Figure 3-50. Figure 3-50 Installation progress window Chapter 3. Upgrading the Domino server 133 14.When the installation finishes, and if you selected Server Startup Manual, you will be prompted with an additional message explaining how to manually start the server. Now, you have the new code installed on your server (either Windows or Linux) However, before reloading it, perform the actions described in the following section. 3.7 Special considerations
This section highlights specific issues that might be applicable to your environment. In particular, if you are running Domino within a clustered environment, see 3.7.4, "Clustering in Domino 7: Features and upgrade considerations" on page 136. If you are working with Domino on a partitioned server, see 3.7.5, "Upgrading when working with partitioned servers" on page 140. 3.7.1 Windows Domino server: Running Domino as a service
If you disabled Domino to start as a Windows service, the first time you start your Domino server on a Win32 platform, you need to explicitly enable the Domino Windows services to start each time you restart your Windows operating system. Alternatively, if you launch the Domino server directly from the Windows desktop, you will be asked to select the subsequent method for starting the Domino server. See Figure 3-51. Figure 3-51 Domino as a Windows service 3.7.2 Linux server (x86)
By default, the Linux kernel limits the number of file descriptors that a process can use and open. The default setting is 1024, which is quite restrictive for Domino, and prevents scaling above a few Notes clients. The Linux administrator can increase this setting, but this depends on how you launch your Domino server. Launching Domino for Linux from a login session
If you are launching your Domino server from a simple login session, you need to modify the /etc/security/limits.conf file to add or modify the following lines:
DominoUser soft notfile 20000 DominoUser hard nofile 49152 In this example, DominoUser is the user running the Domino server. The "soft" setting represents the default file descriptor limit, and "hard" equals the maximum value possible for this specific user. To make these values functional while your are using a login session, you need to add the following line to the right pam.d login file (see Table 3-16 on page 135):
session required /lib/security/pam_limits.so 134 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 3-16 Login file to modify to match your login session method Pam file to modify /etc/pam.d/login /etc/pam.d/rlogin /etc/pam.d.ssd Login method used telnet rlogin ssh After performing these changes, you need to log in as the Domino user before launching the Domino server. Launching Domino with an automated script
If you start your Domino server by invoking a script, you need to add the following line at the beginning of your startup script:
ulimit -n 2000 At the same time, we suggest adding the modifications described in "Launching Domino for Linux from a login session" on page 134 just in case you want or need to start the Domino server from a login session. Implementation of the Tunekrnl program
To support large-scale Domino environments, a new program called Tunekrnl is automatically invoked by Domino at its startup. This adds some kernel parameters, as defined in Table 3-17. As a Linux or Domino administrator, you do not need to modify anything other than the files indicated earlier. Tunekrnl runs with root authority and sets a few values to the /proc file system. This is why if you relaunch Domino without restarting the Linux server, these values will not be updated. An exception has been made for /proc/<pid>/mapped_base (on SUSE Linux Enterprise Server), which is updated each time Domino starts.
Table 3-17 Values modified by Tunekrnl Kernel setting /proc/sys/fs/file-max /proc/sys/kernel/sem /proc/sys/kernel/shmmax /proc/sys/net/ipv4/tcp_fin_timeout /proc/sys/net/ipv4/tcp_max_syn_backlog / proc/sys/net/ipv4/tcp_tw_reuse /proc/sys/net/ipv4/ip_local_port_range / proc<pid>/mapped_base Default value <8192 250 32000 32 128 32 mo 60 1024 0 32768 61000 1 GB Tunekrnl value 131072 250 256000 32 1024 256 mo 15 16384 1 1024 65535 16 MB Chapter 3. Upgrading the Domino server 135 The first time that you start your Domino Linux server, you see the following lines:
[[email protected] serverdominodata]$ /opt/ibm/lotus/bin/server /proc/sys/kernel/shmmax has been set to "268435456". /proc/sys/kernel/sem has been set to "250 256000 32 1024". /proc/sys/net/ipv4/tcp_fin_timeout has been set to "15". /proc/sys/net/ipv4/tcp_max_syn_backlog has been set to "16384". /proc/sys/net/ipv4/tcp_tw_reuse has been set to "1". /proc/sys/net/ipv4/ip_local_port_range has been set to "1024 65535". 3.7.3 Language packs
Be aware that Domino 7 setup will remove any existing language packs available on your server. Before upgrading the server, ensure that the appropriate language packs are available to be reinstalled after the upgrade is complete. 3.7.4 Clustering in Domino 7: Features and upgrade considerations
This section highlights the key new features within Domino 7 clustering and addresses some tips for upgrading cluster members. A Domino cluster is a group of two or more servers that provides users with redundancy. Clusters provide: Constant access to data. Balanced workload between several servers. Improved server performance and availability. Domino continuously synchronizes databases so that whichever replica a user opens, the user is presented with the correct version of the data. Clustering benefits
Running a clustering infrastructure will help you with the objectives shown in Table 3-18.
Table 3-18 Advantage High availability of your data Cluster advantages Meaning Providing failover for your data is still available even in case of server failure. The user will be automatically redirected to an available servers that contains a replica of the database. You can spread the load on several clusters, ensuring that your server remains busy at the appropriate level and user gets data quickly. Cluster replication (CLREPL) ensures that your data remains up-to-date across the cluster membership in few seconds. Cluster replication is a event-driven, which means that when a change occurs on one database, the change is immediately replicated to all replica in the cluster environment. You can increase your cluster size and add a new server to the cluster at the same speed that your organization or demand is growing. In addition, Domino clustering works regardless operating system or hardware specification. In the same cluster, you can easily mix multiple OS and hardware. Domino comes from with several tools that will help you to monitor your cluster activity and efficiently administer your environment. Workload balancing Data synchronization Scalability Monitoring tools 136 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices How does clustering work?
From a server perspective, there are several components that work together to make clustering function correctly. Even if the components remain the same in Lotus Domino 7 (clustering was introduced in R4.5), some enhancements have been made. List of cluster components
Table 3-19 lists the components that make up a Domino cluster.
Table 3-19 Cluster components Description It runs on each server in the cluster and tracks the state of all the other servers in the in the cluster (probing) and keeps a lists of server availability to provide either failover or load-balancing. A replica of the Cluster Database Directory (CLDBDIR.NSF) resides on every server in the cluster and it contains a document about each database and replica available in the cluster environment with the localization (DB name, server, path, ID, and so on). On each server, it creates CLDBDIR.NSF (or replicates it) and keeping it up to date. For each database that you add in the cluster, a new document is created (or updated if this is a change) into CLDBDIR.NSF by Cluster Database Directory Manager. It performs housekeeping tasks related to the cluster maintenance such as: Starting CLDBDIR task when a server is added to the cluster Starting CLREPL when a sever is added to the cluster Removing cluster settings when you put away a server in the cluster Cluster Replicator CLREPL task) CLREPL is in charge to maintain and synchronize data among replicas in a cluster. When a changes occurs, CLREPL pushes the change to other. CLREPL works in conjunction with CLADMIN to determine which database have replicas on the other cluster members. CLREPL is event-driven, opposite of REPLICA, which is a schedule-driven. Component Cluster Manager Cluster Database Directory Cluster Database Directory Manager (CLDBDIR task) Cluster Administrator (CLADMIN task) Cluster enhancements in Lotus Domino 7
This section highlights a list of enhancements related to clustering capabilities in Domino 7. The Cluster Administrator (CLADMIN)
The Cluster Administrator is now a server thread. This server thread performs the same set of functions as in previous Domino releases, plus it now launches the Cluster Replicator (CLREPL task) and the Cluster Database Manager (CLDBDIR task) at each server startup. This means that you no longer need to include CLREPL and CLDBDIR in the NOTES.INI setting "ServerTasks=". Chapter 3. Upgrading the Domino server 137 Important: When you upgrade a clustered server to Domino 6, both CLDDBIR and CLREPL will be automatically removed from your NOTES.INI file, and one instance of CLREPL will be automatically started. Therefore, if you use several instances of the Cluster Replicator, you need to specify it either from a NOTES.INI setting or using a Server Configuration document. The NOTES.INI setting is CLUSTER_REPLICATORS=n (where n is the number of instances that you want to run). Enabling several instances of the Cluster Replicator task
In previous Domino releases, you had to add CLREPL several times to the Servertasks= line in your server-based NOTES.INI file. Now, there is a new parameter that helps you specify this number:
CLUSTER_REPLICATORS=n Where "n" is the number of Cluster Replicator instances that you want to add. If you do not want to have to edit each server's NOTES.INI file, use a Server Configuration document, as shown in Figure 3-52. Figure 3-52 Cluster Replicators Additionally, you still have the possibility of adding any Cluster Replicator instance during your server operations by using either your Domino Administrator 7 client or any server remote console, such as the Web administrator or remote Java console. The following command is not persistent across a server restart. If you need to add another Cluster Replicator instance for a long period of time, we suggest that you use the CLUSTER_REPLICATORS setting.
lo clrepl 01/11/2006 08:54:47 PM Cluster Replicator started 01/11/2006 08:54:47 PM Cluster Replicator is set to Ignore Database Quotas 138 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Tip: If for any reason you want to disable cluster replication for an entire server, you use the following setting (from NOTES.INI files, Server Configuration document, or at the server console level):
DISABLE_CLUSTER_REPLICATOR =1 The Cluster_replicators=0 setting does not stop Cluster Replicators. Server_Availbilty_Threshold more consistent and predictive
Ensuring the server availability index gives a more accurate indication of the availability of each server in a cluster. Therefore, you no longer need to override the SERVER_TRANSINFO_NORMALIZE parameter to improve accuracy. Important: In order to take full advantage of Domino load balancing capabilities, consider avoiding the use of the Servers_MaxUsers and Server_MaxSessions parameters, which were used in the first release of clustering in R4.5. For more information about how to use load balancing, refer to the Release Notes and the Lotus Web site. Specific considerations for a cluster upgrade
Since the beginning of Domino clustering, Lotus has technically supported running different code releases in the same cluster. Therefore, you do not need to upgrade all your other servers in the cluster at the same time. However, we encourage and consider it a best practice to have your clusters at the same code release and recommend that you upgrade them at similar times. Although you can upgrade your clustered servers at different times, keep in mind that the cluster replication task will not restrict the replication of any design elements. While replicating the Domino 7 design elements to the Domino 6 servers is backward compatible, hey will overwrite your Domino 6 design elements, so be careful if you made any customizations to your databases or templates. Note: Restricting design elements from replicating in a database's replication settings (File Replication Settings Advanced Receive these elements from other replicas) is not acknowledged by Cluster Replicator, and design elements will replicate despite this settings. Domino administrators often wonder what the proper procedure is for upgrading a Domino cluster. Upgrading a clustered server is very similar to upgrading a non-clustered server in your environment. In addition to the procedures we previously described for upgrading the servers, note the following information: Before upgrading your server, remove the Clustered Freetime database (CLUBUSY.NSF) while the server is down. This database will be re-created when the sched, CalCon, and RnRMgr tasks are loaded. The CLDBDIR.NSF file will be automatically upgraded (while the database title will remain the same without any mention to Domino 7), but the database is fully compatible with previous releases of Domino. Chapter 3. Upgrading the Domino server 139 Note: If you use and host the new Rooms and Resource Reservation database (RESRC7.NTF), in a clustered Domino environment, there can be a maximum of two replicas of any Rooms and Resources databases on other servers in the cluster on which the Rooms and Resources Manager runs. You can have more than two replicas in a cluster only if two of those replicas are on systems that run Rooms and Resources Manager. What concerns most administrators in regards to upgrading Domino clusters is maintaining as much availability as possible. While most administrators will have failover set up in mail and Web access, it is worth mentioning that these tasks do not automatically failover. Mail routing
Mail routing and delivery is not cluster aware by default. If a server has mail to deliver to a user on Server A, it often waits for that server to become available even if Server B in the mail cluster is online and available. Perform the following steps to configure Domino so that it knows to fail over mail delivery if it cannot find the user's home mail server: 1. Open the Server Configuration document. 2. Select the Router/SMTP tab. 3. Select the Advanced tab. 4. Select the Controls tab. 5. Make sure that the Cluster Failover field is set to Enabled for all transfers in this domain. Cluster tips: If one of your cluster servers is the primary Mail Exchange Record (MX) for your domain, set up the other cluster servers as lower priority MX entries. Have a dedicated inbound SMTP server that then delivers mail to one of the cluster servers. Web application and Domino Web Access
Its important to note that Web access does not automatically failover. Although there are many methods to redirect or fail over servers, proxy servers, reverse proxies, or Internet Cluster Manager (ICM), note that you might need to do some reconfiguring to ensure that Web users are redirected to an available server. Accelerated create replica
Although accelerated create replica is not directly impacted as a result of an upgrade, administrators often use this time to add additional replicas to a cluster and delete or re-create full text indexes. Keep in mind that accelerated create replica will fail (and default to standard replication) if: The server is pre-Release 6. The source database has a full text index, but when you create a new replica on the server in the cluster in the Create Replica dialog box, you do not choose to create a full text index. 3.7.5 Upgrading when working with partitioned servers
In this section, we discuss upgrade considerations when using Domino partitioning. 140 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices The term Domino partitioning indicates that the same binaries folder and directory is used by several Domino servers on the same physical machine or on the same logical OS partition, known as a LPAR on UNIX-based machines. The binaries folder shared is most commonly /opt/ ibm/lotus. Because the directory containing the binary files is shared, when you want to upgrade a partitioned server, you need to upgrade all of the partitions on the server or LPAR at the same time. Therefore, you need to prepare for multiple upgrades and plan to bring up each Domino server individually directly after the upgrade. Note: In this section, we refer to the term Domino partition as multiple server instances that share a common set of binary files. This has been a term used with Lotus Notes and Domino technology since Lotus Notes Release 4. Beginning with Domino 6, Lotus introduced the capability for Domino to run several servers on a UNIX system (including Linux) on the same box without sharing anything. In some cases, this might also be referred to as a partition. Keep in mind that for the sake of discussion and clarification, we refer to Domino partitions as multiple server instances that share a common set of binary files. For multiple Domino servers running on a single machine that do not share any common files, you can view these Domino servers as isolated from each other and can be upgraded as any other stand-alone server. Before starting your server upgrade, you must ensure that all of the Domino partitions are stopped. Tip: To ensure that all your Domino partitions are stopped, use the following command by Domino user:
$ ps -ef | grep <domino_user> Alternatively, on a Linux server, use:
$ ipcs | grep -i 0xf8 The output of this command should return an empty string. Otherwise, you can kill the remaining servers by executing the following command on its data directory:
<domino_data_directory_partition1>/nsd -kill You need to specify where your partition data folder will be located and the user name under which the server will run for each of them, as illustrated in this example:
/home/data1 notes1:notes /Home/data2 notes2:notes /home/data3 notes3:notes For the remainder of section, we provide a concrete example illustrating how to upgrade Linux-based Domino partitioned servers, following these steps: 1. Read and agree to the license agreement. 2. You will be prompted to install data directories only. Select the default answer of No, because Domino 7 does not support the direct addition of new partitions and upgrading at the same time. 3. Select your setup type from the following options: - Domino Enterprise Server - Domino Utility Server Chapter 3. Upgrading the Domino server 141 Restriction: Only Domino Utility Server and Domino Enterprise Server can be used for a partition installation. There is no technical limitation, but for licensing purposes, Domino Messaging does not officially support clustering and partitioning. 4. You must decide if you want to install all templates files. As mentioned in 3.5.1, "Template strategy: Efficiently managing your templates" on page 107, your answer will be based on your template management strategy. 5. ASP functionality is only possible if you have selected the Domino Enterprise Server in step 3. 6. You are asked to provide the path where the Domino executable files will be installed. By default, this path is /opt/ibm/lotus. If you choose a different location for the executable files, you will be asked if you want to create a symbolic link from your installation folder to the default one (/opt/ibm/lotus). This link is useful, because most of the startup scripts will look to the default directory by default. 7. In the next window, as shown in Figure 3-53, which is now specific to the partitoning upgrade, indicate that you want to upgrade a server that runs several instances of Domino based on the same installation directory. Figure 3-53 Selection of several Domino instances to upgrade 8. The installation script determines the number of Domino instances that you have to upgrade. Check that the number of partitions is accurate and update this number if necessary. See Figure 3-54. Figure 3-54 Determining the number of partitions to upgrade 142 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 9. After you validate the number of partitions to upgrade, enter the directory location for the binary files and the data directories. You also need to enter the Domino user name and group name for each partition being upgraded. For example, if you have two partitions to upgrade, you need to provide the directory location for the binaries and data, as well as the Domino user name and group name for partition 1 and partition 2. See Figure 3-55. 10.Before launching the complete installation process, you have a final opportunity to validate all your upgrade settings to check for errors. Figure 3-55 Validating the installation settings 11.When the installation is complete, restart your upgrade process, as described in 3.6.4, "Actions to take before restarting your server" on page 127. 3.7.6 Directory services
Often in a large organization, you use several directories for user authentication. In this chapter, we mainly focus on the Domino Directory, which is the primary directory for your Domino infrastructure, but you also need to consider the remaining directory services that you use internally. Directory Assistance
Directory Assistance (based on the DA50.NTF template) has changed significantly since Domino 6. You can update its design structure on your directory server and let the updated design replicate over your server infrastructure seamlessly. Because Directory Assistance is a very small database used as a reference to other directories, there is not any performance impact when the design gets upgraded. Chapter 3. Upgrading the Domino server 143 Extended Directory Catalog
Extended Directory Catalog is based on the PUBNAMES.NTF template and is used to aggregate Domino Directories from other domains or locations. You might want to upgrade its design during the server upgrade. To upgrade your Extended Directory Catalog (EDC), use the replica design approach, although we recommend performing this operation during off-hours. Indeed, EDC is often a large database with large view indexes that can take significant time to update. Perform the following steps: 1. Disable the replication of your EDC from the master server where you aggregate directory information. 2. From the Domino Administrator 7 client, select File Database Replace Design and select the same template that you used to replace the design of your Domino Directory. 3. When the new design has been pushed to the EDC, you can enable replication of this directory. Condensed Directory Catalog
There have been no design changes to the Condensed Directory Catalog since Domino 6.5.1 (DIRCAT5.NTF). Therefore, if you run this server release or later, you do not need to do anything. For an earlier release in the Domino 6.0.x code stream, you might want to use the same method used for the Directory Assistance database. LDAP services
LDAP is becoming more widely used, and Domino 7 offers improvements to the Domino LDAP services. Change detection
LDAP searches across other LDAP directories using Directory Assistance. Domino 7 can quickly detect whether entries in certain configured LDAP directories have been changed and make these changes available for incoming searches. Domino 7 takes advantage of different LDAP servers that support this change detection mechanism. This change detection is built in to Domino 7, but you need to ensure that other LDAP directories used in your organization support this change detection mechanism. Additionally, you need to update your Directory Assistance database to reflect the latest LDAP directories. Domino universal ID (UNID)
The Domino 7 LDAP service now supports 32-character Domino universal IDs (UNID). Designed for use with advanced LDAP applications such as IBM Workplace, the UNID allows LDAP applications to uniquely identify documents in the Domino Directory, even when the directory object's FullName/ListName (LDAP DN), ShortName (LDAP UID), or other identifying field values change. If you use IBM Workplace with Domino, you can use the dominoUNID attribute to map IBM Workplace member entries in WebSphere Member Manager to LDAP person records. For those using existing Domino Directories, you need to perform the following steps to make dominoUNID fully available: 1. Reload the LDAP schema by using the tell ldap reloadschema command at the server console:
tell ldap reloadschema 12/09/2005 05:27:35 PM LDAP Schema: Started loading... 12/09/2005 05:27:45 PM Schema: Finished loading LDAP 144 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 2. In the Server Configuration document of you Domino Directory, select Select Attribute Types next to the setting Choose fields that anonymous users can query via LDAP. The LDAP Attribute Type Selection dialog box opens. From here, you can either: - Add the dominoUNID attribute automatically by clicking Use Default Values. All default attributes for anonymous users will be selected. - Manually add dominoUNID by choosing the wildcard class (*) in the Object Classes drop-down list. We recommend this option if you customized your attribute list for anonymous. See Figure 3-56. Figure 3-56 Defining dominoUNID for LDAP services in Domino 7 Chapter 3. Upgrading the Domino server 145 146 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 4 Chapter 4. Coexistence and interoperability in a mixed environment
In this chapter, we discuss the interoperability of the Lotus Notes and Domino 7 features and considerations an administrator should take when working in a mixed release Lotus Notes and Domino 7 environment. This chapter does not focus on the implementation itself, but rather discusses what behavior to expect when working in a mixed release environment, Where applicable, we recommend best practices for managing an upgrade to Domino 7 in a mixed environment. We discuss key new features in Domino 7 and how they interoperate with previous versions of Lotus Notes and Domino, focusing on Domino 6 and 7. We provide some discussion about Release 5 interoperability when necessary. We discuss the following topics in this chapter: On-disk structure ID files Database design and templates Archiving Domino domain monitoring Smart Upgrade Domino Web Access Extended products Copyright IBM Corp. 2006. All rights reserved. 147 4.1 Definition of a mixed environment
For the purposes of this paper, we define a mixed environment as a Domino infrastructure in which your Domino domain will include one or more Release 7.x servers and one or more servers from a previous release. Assuming that you have more than one server in your domain, working in a mixed environment is inevitable, at least for a brief period of time. You can or at least should be only upgrading one server at a time. If you have more than one server, as soon as your first 7.x server starts, your environment is now mixed. In some cases, this might only be a temporary state that lasts until the upgrade process is complete. In other cases, there might be valid business reasons that dictate that some servers remain on an earlier release of Domino. In this case, the mixed environment represents the ongoing working environment. 4.2 Key implications and considerations when upgrading
The goal of this chapter is to make you aware of the most common coexistence issues. Most commonly, we discuss new features in Lotus Notes and Domino 7 and how they behave when interacting with a Lotus Notes 6 environment. In some sections, we briefly discuss Release 5. We begin by discussing the underlying on-disk structure (ODS), which is at the core of the Notes and database design. 4.3 On-disk structure (ODS)
The file format, commonly referred to as on-disk structure (ODS) has not changed from Release 6 to 7. This section briefly describes the different on-disk structures, advantages to upgrading the ODS, and maintaining an earlier version of the on-disk structure if it is necessary. Note: The on-disk structure (ODS) has not changed from Release 6 to 7. In Releases 6.x and 7.x, the ODS version is ODS 43. 4.3.1 ODS versions and compatibility
Previous to Domino 7, each version of Domino made varying changes to the on-disk structure, implemented as different versions of ODS. Table 4-1 lists the versions of ODS as they relate to versions of Domino.
Table 4-1 ODS version compatibility Lotus Notes/Domino release Release 1 and 2 Release 3.x Release 4.x Release 5.x Release 6.x and 7.x ODS version ODS 16 ODS 17 ODS 20 ODS 41 ODS 43 148 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices All of these ODS versions are backward compatible on a Domino 6 and 7 server. In other words, you can have a database with ODS 20, 41, or 43 in Releases 6.x and 7.x. ODS, however is not forward compatible. If there are any existing R5 servers or clients in your environment, you need to take caution when moving a database through your operating system, from external media, or on your network. You cannot have an ODS 43 formatted database on an R5 server or client. Moving the database by creating a new replica or new copy on another server or client is considered a best practice as opposed to moving a database using an OS copy or through a network share. The server or client creating the replica or copy will convert the ODS if it is necessary. For example, if an administrator creates a new database or replica from a Domino 7.x server, it will automatically know to convert this database to ODS 41 on the destination R5 server. Important: Because release ODS 43 cannot run on an R5 server or client, you need to take caution when moving a database through your operating system. It is a common mistake, for example, to burn a database to CD and move it to a server or client. By moving a databases in this manner, you can unintentionally put an ODS 43 database on an R5 client or server. Note You might notice that many database templates are not upgraded to a later ODS format. This is done by design to minimize the sizes of the templates. The R5, 6.x, and 7.x ODSs are larger than the R4 ODS. 4.3.2 Upgrading the ODS: Benefits of ODS 43
The ODS has not changed from Release 6.x to Release 7. If the ODS was not upgraded to ODS 43 when upgrading to Release 6, you can do so in Domino 7. After your server is upgraded, it is a best practice to upgrade the file format of your databases in that server. With each version of the ODS, additional features and performance benefits are included to improve the fuctionality, performance, and scalability of the Domino databases. Several features in Lotus Notes and Domino 7 require an ODS 43 version, including: LZ1 compression Single Copy Template (SCT) View logging Quota management. When a copy-style compact is run a database, the ODS will be upgraded to ODS 43. Copy-style compact switches include:
load compact [-C] [-D] [-f] [F] [-h] [-H] [-L] For a complete list of the compact switches available on your server, type the following command at your server console:
load compact -? For more information about upgrading your on-disk structure, refer to the Upgrading to IBM Lotus Notes/Domino 7 or the Lotus Domino 7 Administrator Help, available at:
http://www.lotus.com/ldd/doc Chapter 4. Coexistence and interoperability in a mixed environment 149 Tip: The compact task will perform a copy-style compaction regardless of the style compact parameters if the mail file has undergone a structural change, such as a mail file design replacement or conversion or it detects that the database ODS is earlier than the current version. To maintain an earlier ODS version, refer to the following section. 4.3.3 Maintaining an earlier ODS version
A Domino 7 server or client can host a database created on a Domino 6 server, and a Domino 6 server can host a database created on a Domino 7 server. As we previously discussed, there has not been any changes made to the ODS. If a database needs to be created or maintained in an R5 format (ODS 41), because you expect users to access it locally from an R5 client, you have the following options: Through the operating system, rename the .NSF extension .NS5. If the database has already converted to an ODS 43 format, you can create a new replica or copy and name it with the NS5 extension. Running compact with the R switch reverts to the previous ODS version. Note: When a database is created with an NS4 or NS5 extension, a special flag is added to the database header to prevent the compact task from upgrading the ODS, After this flag is in place, the only way to remove it or upgrade the ODS is to create a new database replica or copy. Changing the database back to an NSF extension will have no effect. When a database is stored on the Domino server, it is always a best practice to upgrade the the on-disk structure to the most recent version. 4.4 Database design and templates
This section discusses the best practices for database design and templates. We focus on issues that you will encounter in a mixed environment on Release 6 and 7 of Lotus Notes and Domino. 4.4.1 Coexisting in 6.x and 7.x code streams
Domino 7 is designed to be backward compatible to a Domino 6 server. Consideration has been taken in the templates to help make sure that design elements from future releases of Domino 6, for example 6.5.5 and later, will not overwrite design elements in Domino 7.0. To help understand why, we need to review some concepts of replication and Notes IDs. 4.4.2 A review of the Notes ID
Before we discuss replicating design elements between templates and databases, we provide a refresher about how the replicator decides what to replicate. Each document and design element within a database contains a Notes ID. To view a Notes ID, simply right-click a note, select document properties, and select the advanced properties tab. 150 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Sequence Time UNID Sequence Number Database ID Notes ID Figure 4-1 The anatomy of a Notes ID The first two lines combined (OF406244E9:4929254B-ON85256370:004F611A) make up the universal ID, commonly referred to as the UNID. The Notes replicator uses the UNID to match the notes in one database with their respective replica copies in other databases. The sequence time (SD8525705D:00829BCC) is the time and date when the sequence number is created or changed. The Sequence Time member is a sequence number qualifier that allows the Domino replicator to determine which note is later given identical sequence numbers. The sequence number (SN000016C5) is incremented each time a Notes ID edited. For example, when a new note is created, it starts with the sequence number of SN00000001 and will increment each time it is edited and saved. A Notes ID identifies a particular note within a given database. The Notes ID does not change when the note is modified. The Notes ID is the file position of the record relocation vector (RRV) for the note. An RRV is an offset in a file. Replication scenarios include: If the sequence number and sequence time for two notes are the same, the notes are in sync. If the sequence number is the same and sequence time is different, a replication conflict can occur. The sequence time will be used to determine the outcome of a conflict. If the sequence number is greater on a note, it overwrites the other with a lesser sequence number at the time of replication. Tip: For additional information about the anatomy of a Notes ID, refer to: Technote 7002668, "What Are the Components of a Note ID?"
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668 C API programming for Lotus Notes/Domino
http://www.ibm.com/developerworks/lotus/library/capi-nd/index.html In Figure 4-2 on page 152, notice that the sequence number in the 7.0 design element is higher than the corresponding 6.5.4 design element. In future releases of Notes and Domino, specifically Release 7.0.2 and later, there will be dramatic increases in the sequence number to guarantee that the Release 7.x elements are not overwritten by future 6.x elements. In this example, the sequence numbers differ by 78. In other words, the design element from 6.5.4 will need to be edited and save 79 times to overwrite the Release 7 design element. Chapter 4. Coexistence and interoperability in a mixed environment 151 Design element in Release 6.5.4 Design element in Release 7 Figure 4-2 ID of a design element (Person form) in 6.5.4 versus 7.0 4.4.3 Options for replicating design elements
This section briefly describes some options when replicating your design elements. Upgrading your server and allowing everything to replicate
Although Lotus provides backward compatibility to previous versions, allowing 6.x design elements to mix with 7.x design elements can cause confusion in administering your environment, particularly in databases such as EVENTS4.NSF with the integration of Domino domain monitoring and your Domino Directory with the addition of new policy design elements and additions made to the Server document. In most cases, if you attempt to use a feature or form that was not designed for a 7.x server or client, there will not be any adverse effects and it simply will not work. Other databases, such as the Administration Requests database do not have a problem replicating the design, because the added design elements or requests are not be used. Tip: Take caution when upgrading your Release 6 servers or editing your 6.x templates while maintaining 7.x servers. Although the sequence numbers for your Release 7 servers should be higher, there will not be a significant increase in the 7.x sequence numbers until Release 7.0.2. Maintaining separate designs
If keeping track of which features and elements are supported in what Domino versions seems too difficult or confusing, an alternative approach is to maintain release-specific designs of your databases (keep a Release 6 design on Release 6 servers and a Release 7 design on Release 7 servers. To maintain release-specific designs, you can take one of the following actions: Limit ACL access. Designer access or above is required to replicate design elements. Disable the design from replicating by editing replication settings (non-clustered servers): a. Open the Domino Directory. b. Select File Replication Settings. c. Select the Advanced section. d. Clear the Design elements option (see Figure 4-3 on page 153). Note: Note that templates can also replicate if you replicate all the databases on your server through a connection document. 152 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 4-3 Replication Settings 4.5 Key system databases to consider during the upgrade
Thus section highlights the key databases to focus on during an upgrade. 4.5.1 Domino Directory database (NAMES.NSF)
The Domino Directory 7 design is backward compatible to previous versions of Domino. We discuss the options and considerations when deciding to have a consistent Release 7 design or a distributed design in your environment. Moving to a Domino 7 design
After your administration server is upgraded, you can replicate it throughout your environment. The additional design elements (forms, fields, and so on) will be added to your Release 6 and earlier Domino Directory. Although this does not have any adverse effects on your Release 6 and earlier servers, be aware that some of the elements and features added to your Release 6 design, such as the mail settings documents, policy lock-down, and additional fields added to some forms, might not function on a Release 6 server. Important: If you want a consistent Domino 7 Domino Directory design across your environment, make sure to replace the Release 6 PUBNAMES.NTF template with the Release 7 template. If you do not, when the design task runs (by default at 1 a.m.), it refreshes the design and overwrites the design elements with the Release 6 design and creates a mixed design. Pay careful attention when upgrading a Release 6.x server. Replace the PUBNAMES.NTF template with the Release 7 template before upgrading. Policy document compatibility
Policy documents were introduced in Release 6 and designed to replace user setup profiles used in previous releases. Policies enable administrators to centrally manage their users in a single location. In Releases 3, 4, and 5, it was nearly impossible to administer client workstations without going to each person's machine. Improvements in managing clients in Releases 6 and 7 with the use of policies enable administrators to upgrade, configure, and maintain the Notes clients, often without having to go to the machine. Finally in Domino 7, Chapter 4. Coexistence and interoperability in a mixed environment 153 administrators also have the ability to lock-down the policy settings, prohibiting the end user from changing them. There are now six different areas in policies in Release 7: Archiving: Enables you to control how archiving should be controlled on the client. Desktop: Enables you to configure client desktop settings including most location settings, bookmarks, template versions, and Smart Upgrade. Registration: Enables you to configure how to register a user, what certifier to use, where to store the ID file, and how to configure roaming. Mail: Enables you to configure mail and calendar preferences, including letterhead, spell checking, soft deletions, message disclaimers, autproccessing of invitations, and to-dos. Security: Enables you to configure password settings, policies, and expiration. It also enables you to configure execution control list (ECL) settings. Setup: Configures Notes client settings at the initial client setup only. Note: Creating policies might result in Domino Directory replication failures on server/client releases earlier than 4.67a. You will see a warning each time you attempt to create a policy or policy settings document. Mail settings documents and policy lock-down
The mail settings document is new to Release 7 and extends the fuctionality of policies, enabling administrators set mail file and calendar preferences. Administrators also have options to lock-down a policy. Policy lock-down prevents end users from changing any preferences the administrator specifies (Figure 4-4). Policy lock-down is available in all the policy settings documents. Keep in mind that mail policies and policy lock-down will only work on a Release 7 Notes client. If your users are on a Lotus Notes 6.x client, these settings will not have any adverse effects; they just simply will not apply. Figure 4-4 Mail Settings document 154 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 4-4 on page 158 provides a policy compatibility chart.
Table 4-2 Policy compatibility chart Release 6 and lock X X X N/A Release 7 X X X X X X X X X Release 7 and lock X X N/A X X X Policy settings document Release 6 Archiving Desktop Registration Mail Security Setup Tip: Setup profiles are still supported and continue to be backward compatible. Remember that the user setup profiles take precedence over policies, and you cannot use both. If you have a setup profile in place for a user, you cannot combine them with policies. Remove all setup profiles before you deploy policies. Security settings policy
There have been several enhancements made to the security settings policy document. Note the following new features, fields located in the security settings document, and their expected behavior on Release 6.x and 7.x clients: Custom passwords policy The custom password policy section of the security settings document is new to Domino 6.5.4. This section, which is also available in Release 7, will not work in Notes clients prior to Notes 6.5.4. Keys and Certificate tab - User Public Key Requirements (Figure 4-5) Figure 4-5 Domino 7 Server document: Key strength and certificate expiration settings - Certificate Expiration Settings Chapter 4. Coexistence and interoperability in a mixed environment 155 Pushing down NOTES.INI parameters and Location document settings
Beginning in Domino 7, Lotus has documented instructions about how you can push down NOTES.INI parameters and Location document settings to Lotus Notes clients by customizing a desktop settings document. These settings will also successfully get pushed down on a Lotus Notes 6.x client. 4.5.2 Resource Reservations database
There have been significant enhancements and increased functionality of processing room and resource reservations. Special consideration for coexistence in a mixed environment is critical when replicating the Release 7 Resource Reservations database to a pre-Notes/Domino 7 server. Domino 7 consolidates the functionality previously combined in the template, router, and schedule manager task into a new Rooms and Resources Manager (RnRMgr) task. Note: Resource Reservations databases (RRDB) based on a 6.x or earlier design do not function properly on Domino 7 servers. Overbooking of rooms and resources can easily occur if you attempt to use a pre-Domino 7 RRDB on a 7.0 server. Replace the design of the Resource Reservation template (RESRC7.NTF) immediately. In Releases 7.0.2 and later, this is done automatically at server startup. The Resource Reservations database must have a Release 7 design, and you need to replace the design of this database immediately following your upgrade. For each Resource Reservations database, the Administration Server setting, located on the Advanced tab of the access control list, needs to be set as soon as possible. This setting must be the same as the server setting for any preexisting rooms or resources in the database. If the value is different, autoprocessing of requests for new rooms or resources might experience sporadic delays due to conflicting data in the Domino Directory. Tip: Room and resource reservations will not be processed unless the RnRMgr task is loaded on the server where the Resource Reservations database resides. To ensure that the RnRMgr task is loaded on server startup or restart, add it to the ServerTasks= line of the servers NOTES.INI file if it is not already there. To manually load the task, use the load rnrmgr console command. The new Resource Reservations design and architecture also now allows for multiple replicas of this database on multiple servers and is cluster-aware. There are several considerations to take note of when creating replicas of this database. Clustering
There is a maximum of two replicas of the Resource Reservations database in a cluster in which the Rooms and Resources Manager (RnRMgr) task can run. In other words, you can have a replica of the database on each server in your cluster, but only two of your servers can run the RnRMgr task. Pre-Domino 7 servers
Replicas of the Rooms and Resources database can be created on pre-Domino 7 servers only if the following criteria is met: The router task is not running on the pre-Domino 7 server. (In Domino 7, the router no longer updates the Rooms and Reservations database.) 156 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices The pre-Domino 7 server is using the Domino 7 Rooms and Resources template. The Rooms and Resources database resides on a Domino 7 server. When the list of cluster servers is sorted alphabetically, the pre-Domino 7 server is not one of the first two servers listed. Note: If you have a replica of the Rooms and Resources database on a pre-Domino 7 server, move the RESRC7.NTF file over as well. Delete the RESC60.NTF file, because it is no longer needed. If you plan to upgrade Release 6.x to future releases, remove the Release 6.x template before launching the server to ensure that the design of this database is not overwritten. For more information about the Rooms and Resources manager and Resource Reservations database, refer to the Lotus Domino 7 Administrator Help. 4.5.3 Administration Requests database (ADMIN4.NSF)
The Administration Requests database (ADMIN4.NSF) design will automatically be upgraded when you upgrade your Domino 7 server. This database can replicate throughout your domain. 4.5.4 Mail files
After upgrading both the server and client to Release 7, it is a best practice to upgrade the users, mail files to the Release 7 template. Using the latest template enables the end user to take advantage of all the latest features in release. Table 4-3 provides best practices for the mail file templates.
Table 4-3 Best practices for mail file templates Lotus Notes 7.x Release 7 template Release 6 template Release 5 template Supported Supported Supported Lotus Notes 6.x Supporteda Supported Supported Lotus Notes 5.x Unsupportedb Unsupportedb Supported a. Although this configuration is supported, it is not considered a best practice because there will be limited functionality available to the end user. b. For a more detailed description of the supported configuration of mail templates, refer to technote 7006547, "Supported Configurations of Notes and Domino 7.0," available at: http://www.ibm.com/support/docview.wss?rs=899&uid=swg27006547 Tip: Use the seamless mail upgrade to avoid potential incompatibility issues (the template will not upgrade until client does). For information about the seamless mail upgrade, refer to Chapter 5, "Client upgrade considerations and best practices" on page 169. For information about Notes client features and the server and template dependencies, refer to the Upgrading to IBM Lotus Notes/Domino 7 guide. This guide outlines each new feature and whether it is client version dependent or dependent on the template. Chapter 4. Coexistence and interoperability in a mixed environment 157 4.6 Calendar and scheduling
Calendar and scheduling is always a concern when upgrading your servers. Most of the features for the Notes 7 client are dependent on the new mail template. One of the more common issues in calendar and scheduling is when one person opens another person's mail file to manage his or her calendar. If the users are on different code streams of the Notes client, they risk seeing and using features that the other person cannot. Make sure that administrative assistants and planners are on the same code streams of the calendars they manage. Autoprocess meeting invitations
In Domino 7, there is a new feature that enables you to specify what action should be performed on a user's meeting invitations. If a user is on a pre-Domino 7 server but has upgraded their Notes client and template to Domino 7, the "Automatically accept even if time is not available" option in calendar and scheduling does not work. The meeting invitation is either not processed or it is declined. The "Automatically accept even if time is not available" option can be set from the Notes client, using Tools Preferences Calendar & To Do Autoprocess. In a mixed release clustered environment, if a user is on a Domino 7 server and Notes client, but fails over to a Domino 6 server in the cluster, the user will encounter this issue. Figure 4-6 Calendar Preferences to autoprocess invitations Table 4-4 lists the calender and scheduling features and their dependencies. Keep these dependencies in mind, especially if you plan to enforce any of these in the new mail settings policy document.
Table 4-4 Calendar and scheduling Notes/Domino 7.0 server dependency? No No No No 7.0 template dependency? MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. Notes calender and scheduling feature Ability to minimize calender and scheduling to mini-view Instant messaging awareness Improved meetings view: new views and formatting of those views Additional subtab for calender and scheduling preferences 158 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Notes calender and scheduling feature Cleanup capability Notes/Domino 7.0 server dependency? Yes. However, this is OK if mail is local and archiving is done locally. The calender and scheduling cleanup calls into the archiving code; Domino 7 archiving has new functionality that enables this. Yes. Router and router code changes. 7.0 template dependency? MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. Autoprocess option to auto-accept even if there is a conflict MAIL7.NTF, MAIL7EX.NTF: Template design elements were added/changed. MAIL7.NTF template: Preferences change. 4.7 Archiving
In Lotus Notes 7, the user interface for archiving in the client has been enhanced and users now users have the option to archive documents older than a certain number of days, months, or years (Figure 4-7). This feature is also available through an archiving settings document using a policy (Figure 4-8 on page 160). In order to take advantage of this feature, the database being archived must first reside on a Notes 7 client or Domino 7 server. Figure 4-7 Archive Criteria settings from the Lotus Notes 7 client Chapter 4. Coexistence and interoperability in a mixed environment 159 Figure 4-8 Archive Criteria in an Archive Criteria Settings document 4.8 Monitoring Configuration database (EVENTS4.NSF)
The Monitoring Configuration database (EVENTS4.NSF) is the primary configuration point for the Domino Domain Monitor database (DDM.NSF). This database, including the design elements, can replicate through your domain. Important: If you are in a mixed environment running Release 6.x and 7.x servers, remove the EVENTS4.NTF database before launching the new Domino 6 server. Because this database is heavily integrated with DDM, ensure that the design elements of this database are not overwritten through replication. Note: The Monitoring Configuration database (EVENTS4.NSF) was renamed in Release 6. Previously, it was called Statistics and Events. 4.9 Domino domain monitoring (DDM)
Domino domain monitoring is new to Release 7.x and is available on all supported platforms. DDM is release 7.x specific, because the code behind the DDM probes are only on a Domino 7 server. There are several probes that pre-Domino 7 servers cannot run. However, the Domino 7 server can probe the Release 6.x configurations that in the Domino Directory that exists on the Domino 7 server. These probes include the best practices probes for security and the Web. Tip: Pre-Domino 7 event generators can report to the DDM database. Note that the event types and severities to log by default are fatal and failures. If you need a specific event generator to report to DDM, make sure to adjust the filter or event severity accordingly. For additional information about the Domino Domain Monitor database (DDM.NSF) and sample scenarios, see the Redpaper Lotus Domino Domain Monitoring, REDP-4089, or see the Lotus Domino 7 Administrator Help. 160 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 4.10 Smart Upgrade
Lotus development continues to invest and enhance the Smart Upgrade feature for Notes and Domino. The Smart Upgrade feature: Provides a mechanism to upgrade Notes clients from 6.x to 7.x and all incremental releases in between by making the upgrade executables available for download or to run from a network drive. Controls what users can upgrade and to what release they are allowed to upgrade. Eliminates the need to visit each user's workstation. Eliminates the dependency on a third-party tool. Enables you to track and log upgrades. Reduces TCO. In this section, we discuss the Smart Upgrade feature and the interoperability of its features with the Lotus Notes client. For further details about best practices when implementing Smart Upgrade, see Chapter 5, "Client upgrade considerations and best practices" on page 169. Table 4-5 presents the new features of Smart Upgrade and when these features were made available. It also notes whether the features are dependent on the client version, server version, or template version. Take this table into consideration when planning your client upgrades.
Table 4-5 Smart Upgrade feature and server, client, or a specific template version dependency Notes client dependency 6.0.3/6.5 or later 6.5.1 or later 6.0 or later 6.0 or later Domino server dependency 6.0.5/6.5 or later 6.5.1 or later 6.5.1 or later 6.5.1 or later Template dependency 6.5.1 Smart Upgrade Kits (SMUPGRADE.NTF) N/A 6.5.1 Domino Directory (PUBNAMES.NTF) N/A Smart Upgrade feature Multiple source versions. Pattern matching for source version. Upgrade deadline (and "remind me every hour"). Automatic prompting occurs when authenticating to user's home server is down, but a server in the cluster contains a Smart Upgrade database. Notes client fails over when attempting to find Smart Upgrade database and the user's home server is down, but a server in the cluster is up containing a replica of the Smart Upgrade database. 6.5.1 or later 6.0 or later N/A Administrator can specify both a shared path and an attached kit. Background thread initiates Smart Upgrade. Attached kits detach in the background. Smart Upgrade tracking. 6.5.1 or later 6.5.3 or later 6.5.3 or later 6.5.3 or later 6.5.1 or later 6.0 or later 6.0 or later 6.0 or later 6.5.1 Smart Upgrade Kits (SMUPGRADE.NTF) N/A N/A 6.5.3 Domino Directory (PUBNAMES.NTF) 6.5.3 Smart Upgrade Kits (SMUPGRADE.NTF) Chapter 4. Coexistence and interoperability in a mixed environment 161 Smart Upgrade feature Smart Upgrade console commands: SUCACHE SHOW and SUCACHE REFRESH. Smart Upgrade Governors. Notes client dependency 6.0 or later Domino server dependency 6.0.5/6.5.4 or later Template dependency N/A 6.0.5/6.5.4 or later 6.0.5/6.5.4 or later 6.0.5/6.5.4 Domino Directory (PUBNAMES.NTF) 6.5.5 Smart Upgrade Kits (SMUPGRADE.NTF) N/A All clients versus Notes client only differentiation. Prompt when detaching kits in background complete. 6.5.5 or later 7.0 or later 6.0 or later 6.0 or later Smart Upgrade Governor
The Smart Upgrade Governor was introduced in Lotus Domino 6.5.4/6.0.5. This feature enables an administrator to control the maximum number of concurrent downloads to upgrade the Notes client in the network. The Domino server must be at Domino 6.5.4/6.0.5 or later. The Notes clients also must be 6.5.4/6.0.5 or later to adhere to these settings. Tip: If the Notes clients are earlier than Release 6.5.4, use the Allowed Users & Servers field on the Administration tab of a Smart Upgrade kit to limit the number of users allowed to upgrade their client. 4.11 Domino Web Access
Domino Web Access 7 (formerly called iNotes) introduces a new mail template DWA7.NTF and FORMS7.NSF. You will notice that FORMS6.NSF and FORM5.NSF are also included in the iNotes subdirectory for backward compatibility. In a mixed server environment, if you make a replica of a Domino Web Access database on a Domino 6 server, this server loads the Release 6 design automatically despite if you are using a Release 6.x design or a Release 7.x design. Users will get the fuctionality of the version of the server they are on; they will not have the features available to them in DWA7.NTF on a Domino 6.x server. Figure 4-9 on page 163 and Figure 4-10 on page 163 illustrate the same mail database using the Domino Web Access 7 DWA7.NTF on the user's mail file. Notice in Figure 4-10 on page 163 that the database automatically loads to reflect a Release 6 design. If you have users who use Domino Web Access on two servers with different releases, inform them about the user interface changes they will experience. 162 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 4-9 Domino Web Access 7 database on a Domino 7 server Figure 4-10 Domino Web Access 7 database on a Domino 6 server Important: Key rollover is a Domino 7 feature that enables Notes 7 users and Domino 7 servers to obtain the larger Notes encryption and signing keys supported by this release. Key rollover is not supported for Domino Web Access users and Domino Access for Microsoft Outlook users. If Domino Web Access also has a Notes ID file, the user needs to log in to their Notes clients for their ID files to be updated. Compatibility with Release 5.x
The INOTES5.NTF template will not be included in the Domino 7.x code stream. Domino 7 is backward compatible for existing iNotes5 users; meaning, if necessary, you can still use your INOTES5.NTF template on a Domino 7 server. However, you cannot create new iNotes5 users using the Release 7 Domino Administrator client. IBM Lotus supports upgrading existing users, not creating new iNotes5 users on Domino 7. Chapter 4. Coexistence and interoperability in a mixed environment 163 4.12 ID files
Lotus Notes ID files have been enhanced in Domino 7 to provide increased encryption and security. In Release 6.x, ID files are encrypted with a 64-bit key derived from the ID file password. In Domino 7, you have the option to use a 128-bit key to encrypted an ID file (Figure 4-11). Domino 7 also can store 1024-bit RSA keys and 128-bit RC2 document encryption keys in the ID file. In this section, we briefly discuss the new features of the ID files as well as considerations for a mixed environment. Figure 4-11 Password Options 4.12.1 Flat names and flat IDs
When Lotus was first introduced, it offered only one type of certification, flat certification. Hierarchical certification was introduced with Release 3 of Notes. Now, in Lotus Notes and Domino 7, the flat naming convention will no longer be supported due to its inherent lack of security and its inability to be used with the AdminP process. As you upgrade to 7.0, convert all flat names to hierarchial names. To update a flat user name and ID to a hierarchial name, use the AdminP process Upgrade to Hierarchial. For additional information about upgrading a user's flat name, refer to the Lotus Domino 7 Administrator Help or the Upgrading to IBM Lotus Notes/Domino 7. 4.12.2 Large key support in Release 7.0: 128 and 1024 bit
As with previous releases, Lotus Domino 7.0 offers enhanced security features. New security functionality includes stronger keys for encryption (1024-bit RSA keys and 128-bit RC2 for Notes cryptographic operations). If you are in a Release 6 and 7 environment, the use of larger keys will not impact performance or impact the end users. Consider upgrading your ID files with longer keys for added security. Note: You can view the encryption strength of an ID file by looking at the ID properties. Interoperability with previous releases: 7.0 - Can generate and use 1024-bit RSA keys. Can generate and use 128-bit RC2 keys. 164 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices - Adds underlying support for 2048-bit RSA keys. 6.0 - Can use 1024-bit RSA keys, but will not generate them. Can use 128-bit RC4 keys. - Cannot use 128-bit RC2 keys. 6.0.4/6.5.1 + - Can use 1024-bit RSA keys, but will not generate them. - Can use 128-bit RC2 keys, but will not generate them. R5 - Fails cleanly when presented with a large key. Interoperability with Release 5
Note: A Release 5.x client or server cannot authenticate with a 1024-bit key 7.0 server. A 1024-bit RSA key is not compatible with a Release 5 environment. In this section, we discuss the precautions to take and common errors received when attempting to use these keys in a Release 5.x or earlier client. The Domino server
In Domino 7, the server ID created during first server installation is 1024-bits wide. If a Notes 5 client attempts to access the server, it will fail. If Release 5.x clients need to access a Domino 7 server, the following NOTES.INI parameter can be used to immediately roll over the server key to 630 bits:
Syntax: Setup_First_Server_Public_Key_Width=630 The Notes client
If a user on an R5 client attempts to use an ID file with a large notes key, the error shown in Figure 4-12 appears. Figure 4-12 Error: Using an R5 client with a large key Additional errors an R5.x server of client might encounter when dealing with a large key include: Document has been modified or corrupted since signed. The encrypted data has been modified or the wrong key was used to decrypt it. Failed to authenticate: Attempted encryption operation is not supported by this version of Notes. Server error: Attempted encryption operation is not supported by this version of Notes. Tip: Pay attention during the registration of users. Wait to roll over to large keys if 5.x clients or servers are being used. Chapter 4. Coexistence and interoperability in a mixed environment 165 Figure 4-13 Registering a user For more information about options for registering and rolling over to larger keys, refer to Upgrading to IBM Lotus Notes/Domino 7 and Lotus Domino 7 Administrator Help. Note: We also recommend that you refer to Security Considerations in Notes and Domino 7: Making Great Security Easier to Implement, SG24-7256, at:
http://www.redbooks.ibm.com/abstracts/sg247256.html 4.13 ID recovery
ID recovery is an excellent mechanism to store and back up Lotus Notes ID files. It is also a secure mechanism to recover a password in the event an end user forgets a password. Additional enhancements have been provided in Lotus Notes and Domino 7 to make the process more configurable by the administrator. Lotus Notes 7 has enabled administrators the ability to change the minimum length of the recovery password used to recover an ID file to a shorter length (6 or 8), as shown in Figure 4-14 on page 167. 166 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 4-14 Edit Recovery Information dialog box Note: Selecting a recovery password length less than 16 for the recovery authorities will only permit recovery passwords to be extracted by 7.0 or later Administrator clients. If you attempt to extract the recovery password on a Release 6.x client, it works, but only will be a length of 16 characters and numbers. Figure 4-15 and Figure 4-16 illustrate the recovery passwords from the same backup ID file. The administrator had set their preference for the recovery password length to 8. Note that in the Release 6.x client, the recovery password is converted to 16 characters. Figure 4-15 Recovered password from a 7.0 Administrator client Figure 4-16 Recovered password from the same ID from a 6.5.4 Administrator client Chapter 4. Coexistence and interoperability in a mixed environment 167 Release 5.x clients
Starting in Domino 6 and including Release 7, recovery information for ID recovery is automatically pushed down to a user's ID file when the user authenticates with the server. In R5, ID recovery was implemented through e-mail. If you upgrade these clients to Notes 7, in order to ensure that the ID recovery information is incorporated into the user IDs, perform the following steps: 1. Export recovery information from the certifier ID file and have the user accept it. 2. Modify the certifier's recovery information in some way and save it. For more information about ID recovery, see the Lotus Domino 7 Administrator Help. 4.14 Extended products
Table 4-6 describes what Lotus extended products are supported on a Lotus Domino Release 7 server or client. Note that some versions are supported only as a temporary measure during the upgrade process and should also upgraded to the corresponding Release 7 version as soon as possible. Note: Beginning with Release 6.5.1 of Domino and the extended products, all products will be compliant with future Domino maintenance releases. If future compliance cannot be met, a new maintenance release of that product will be released with that Domino version. No longer will your Domino environment have to be mixed in order to maintain a supported environment based on the requirements of your extended products. Clients will no longer need to spend time wondering (and testing) which version of which product works with which version of Domino. This translates to faster time to value for clients by enabling them to upgrade more frequently and more easily.
Table 4-6 Supported configurations for Lotus extended products Domino 7.x Not supported Supported Supported Not supported Supported during upgrade only Supported Not supported Not supported Supported Not supported Supported Supported Notes 7.x Not supported Supported Supported Supported Supported Supported Not applicable Not applicable Not applicable Not supported Supported Supported Extended product Domino.Doc 3.1 and 3.5 Document Manager 6.5.1 Document Manager 7.0 Sametime 3.1 Lotus Instant Messaging and Web Conferencing 6.5.1 Sametime 7.0 QuickPlace 3.0.1 Team Workplace 6.5.1 QuickPlace 7.0 Workflow 3.0.1 Workflow 6.5.1 Workflow 7.0 168 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 5 Chapter 5. Client upgrade considerations and best practices
This chapter discusses the considerations a Lotus administrator must take when upgrading the Lotus Notes clients to Release 7. We include some of the best practices for upgrading the Notes clients and discuss the new features from which you will benefit. The goal of this chapter is to assist you when considering different upgrade options for the client in conjuction with how it will impact you from an administrative perspective and the client from an end-user perspective. In this chapter, we discuss the following topics: Preparing to upgrade Upgrade options, including Smart Upgrade, silent installation, and seamless mail upgrade New Release 7 client features Copyright IBM Corp. 2006. All rights reserved. 169 5.1 Before you upgrade
This section discusses the requirements and considerations you need to examine before upgrading the Lotus Notes clients to Release 7. 5.1.1 Know your environment
Before you consider upgrading ensure that you know your environment. The success of upgrading your server is depends on the success of the end users because they are your most visible audience. This section discusses the hardware, software, and file permissions requirements to successfully upgrade the Notes client. Hardware considerations
Refer to 2.2.2, "Hardware requirements and considerations" on page 23, and read the latest Release Notes, available at:
http://www.lotus.com/ldd/notesua.nsf/RN Make sure that the machine that will be upgraded meets the minimum hardware and software requirements. Note that Microsoft Windows NT and Windows 95/98 are not supported platforms for release 7.x.
Table 5-1 Platform Supported operating system version Basic hardware requirements Microsoft Windows 2000 Microsoft Windows 2000 Professional (see Release Notes for Service Pack information). Intel Pentium. 128 MB required. 256 MB or more recommended. 256 MB required. Color Monitor required. Microsoft Windows XP Microsoft Windows XP Professional (see Release Notes for Service Pack information). Intel Pentium. 128 MB required. 256 MB or more recommended. 256 MB required. Color Monitor required. Supported processors RAM Disk space Supported monitors The installation itself requires ~32 MB of temporary space. By default, this space is the Temp environment variable for the machine and is located on the C:\ drive. Operating systems
Lotus Notes 7 supports the following operating systems: Microsoft Windows 2000 Professional and Windows XP Professional Windows XP Tablet PC Edition (Digital Ink Input is not supported in the Notes 7 client.) Note: Windows NT and Windows 95/98 are no longer supported. You need to upgrade the operating system before installing a Lotus Notes 7 client. 170 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Note: IBM Lotus is planning to provide a Notes 7 client for the Macintosh platform, complete with popular integrated instant messaging capabilities on par with those found in Notes for the Microsoft Windows platform. This, however, was not a feature of Lotus Notes 7.0. Until this becomes available, Lotus recommends that you use the latest 6.5.x version. Access and permissions to the workstation
It is a best practice to install the Notes client with administrative rights. Administrative rights are required for features, such as the client single logon and multiuser installation. It is possible to install the Notes client as a power user and with elevated privileges. We do not, however, suggests installing Lotus Notes 6 as a restricted user. Without the use of the elevated installation privileges, restricted users will fail to successfully install due to insufficient access to write keys to the system registry. Note that to successfully install, upgrade, and use Lotus Notes 7, users must have write and modify permissions to the Lotus program directory, data directory, and all associated subdirectories below the data directory. Multiple versions of Notes
Lotus does not recommend installing more than one Notes client on a single operating system. Installing a Release 6.x and 7.x client on a test machine for support staff and testing purposes is a common question and request. For instructions about how to do this, refer to the "Notes 7 and Notes 6.x coexistence" topic in the Release Notes. 5.1.2 Inventory
It is important to understand how many clients you will need to upgrade and what types of clients you are using in order to develop a good upgrade strategy. This inventory will help you plan the following issues: How long will your migration will take? What upgrade method do you want to use? What types of clients are you using? Know what version of Lotus Notes clients are used. You need to have this information when you decide what method to use to upgrade the clients. For example, Smart Upgrade only works with Release 6 and later clients. In addition, determine whether the users are Note client users only or if they use all three (Notes, Administrator, and Designer) clients. Approximately how many clients will you upgrade? This will assist you with planning your resources, how to spread out your upgrade, prepare your help desk, and decide on a method of upgrading. Where are the clients located? Take physical location into consideration. Maintain upgrade files and Smart Upgrade databases close to the user to avoid delayed download times. Prepare to inform mobile users of the upgrade. 5.1.3 Preparing your users for the upgrade
The transition from Lotus Notes Release 6.x to Release 7.x should be a smooth one for the end user. The navigation of the Notes client has not changed, and only subtle changes were made to the user interface. Chapter 5. Client upgrade considerations and best practices 171 Perform the following steps: 1. Send an announcement out ahead of time making users aware that their client will be upgraded to a new release, their user interface will be enhanced, and their mail file will have additional functionality. 2. Inform and train the user community and support community, such as the help desk, in the new and changed features. 3. Make sure that your help desk has access to upgrade resources, such as: - This Redpaper - Upgrading to IBM Lotus Notes/Domino 7 guide
http://www.lotus.com/ldd/notesua.nsf/ddaf2e7f76d2cfbf8525674b00508d2b/de2da7b609c6cb 038525703b005e2f59?OpenDocument - Lotus Notes, Administrator, and Designer Help files The Lotus Knowledge Base
https://www-927.ibm.com/search/SupportSearchWeb/SupportSearch?pageCode=SBS&brand=lotus - A link to the Notes/Domino 6 and 7 discussion forum
http://www.lotus.com/ldd/nd6forum.nsf 4. Provide users with a central location for training materials, provide a discussion database, and take advantage of Sametime if you have it enabled in your environment. 5. Provide users with very basic training, a cheat sheet, or both. 6. Take advantage of the polices to push down bookmarks, links, welcome pages, and enforce certain user settings and preferences. 5.1.4 Considerations
It is important to have an understanding how the upgrade will impact the end user. This section outlines the different types of user and how it will affect them. We include design changes, template changes, replication, and the options you will have to upgrade these users. Table 5-2 provides considerations when upgrading each type of user.
Table 5-2 User type Lotus Notes client users Considerations when upgrading each type of user Consideration Machine privileges. Workstation requirements. Are they remote users? Do they work using local replicas? Are they familiar with the upgrade mechanism you will be using (Smart Upgrade, seamless mail upgrade, upgrade by mail)? Are the users roaming? Lotus Notes client, administrator, and designer Coexistence considerations when developing applications. Coexistence considerations when upgrading the Administrator client. 172 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices User type Domino Web Access users only Consideration These users do not have a client to upgrade their template design. Use load convert or File Database Replace Design. Mail files and design
Here we discuss several factor that you need to consider before upgrading the design of a user mail file. It is a best practice to upgrade the Notes client before the template to avoid compatibility and coexistence issues. Tip: For a complete list of the Notes client and template dependencies, refer to the "Notes Client features and their Domino server and template dependencies" section in Lotus Domino 7 Administrator Help. Mail file customizations
Many companies make minor customizations to the Lotus Notes mail file to include a company logo, display the file size, and include customized views. Make sure to carefully compare the customization you want to include to the Domino 7 templates. Lotus considers it a best practice to use the out-of-the-box standard templates and to keep customizations down to a minimum. Local replicas
It is common to have local replicas of mail files and other system databases. Be aware that if a user replicates to the mail file on the server, that user can potentially replicate design elements and customizations that exist on that user's local replica to the server's replica. To avoid design elements from replicating to the server's mail file, you can: Ensure that users have editor access to there mail files instead of designer or manager access. With editor access, users will not be able to replicate the design elements but will still have access to important features such as the out of office agent. Disable the server's replica from receiving design elements. (From the mail file, select File Replication Settings, select the Advanced section, and clear the Design elements in the Receive these elements from other replicas area.) Important: Cluster replication ignores the selective replication, and the entire advanced section of the Replication tab. Take this into consideration when upgrading clustered servers and converting mail files to a new design. Policy-based administration
Lotus Notes and Domino 7 has both expanded and improved the policy documents functions. Advancements have also been made to the client dynamic configuration to push down policies more reliably. Using policies, administrators have the ability to: Configure nearly every preference on the client and calendar. Push down Location document settings and NOTES.INI parameters. Configure security settings and custom password policies. Enforce archiving. Push down replicas and bookmarks.
Chapter 5. Client upgrade considerations and best practices 173 Set up policies before deploying or upgrading your Notes clients. Keep in mind that policy settings will not get applied if a setup profile is in place for the user, so make sure to remove these. If the policies are in place before the upgrade, they will be applied after the upgrade is complete when the upgrade client authenticates with its home mail server. Backing up essential files
If your clients are upgrading from Lotus Notes Release 6.x to Release 7, backing up files is not critical because there is no change in the ODS. If you need to roll back to a 6.x client, you can simply reinstall the executables over the top. However, if you are upgrading from Release 5.x to Release 7, consider backing up the user's essential files if you need to roll back. After a user upgrades to Lotus Notes 7, the key databases will be upgraded to ODS 43. The files to backup are usually located in the Lotus Notes data directory and include those listed in Table 5-3.
Table 5-3 File NAMES.NSF BOOKMARKS.NSF DESKTOP5.DSK Local databases (*.NSF) Customized Notes database templates (*.NTF) Files to backup before upgrading form Release 5.x to 7 Database description Address book Bookmarks Workspace 5.2 Client installation and upgrade options
Rolling out a new release of Notes clients is usually the most time-consuming effort of the upgrade process. Lotus has invested and continues to invest in this effort to assist you in managing the client upgrade. This section focuses on your upgrade options. We discuss the different tools and methods to use and the considerations to take when using them. Table 5-4 describes the Notes client upgrade options. Tip: Set up policies before you upgrade the Notes client to ensure that they are in place immediately following the upgrade.
Table 5-4 Notes client upgrade options Advantage Easily back up files before upgrading. Disadvantage Time-consuming. Administrator has to visit each workstation or leave the installations and configuration up to the end user. Administrators are unable to determine when upgrades occur. Does not work on pre-Release 6 clients. Upgrade option Manual upgrade Upgrade by mail This upgrade is capable of upgrading pre-Release 6 clients (R4.6 and later). Lots of automation. Set upgrade deadlines. Smart Upgrade 174 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 5.2.1 Client installation options
The Lotus Notes client, Designer client, and Administrator client are all bundled on the installation CD. During the installation, a user will be presented with the option to install the Notes client or all three clients on their machine. You can also download the Lotus Notes client files from the IBM Passport Advantage Web site. If you install using a downloaded Web kit, you have the option to download the Notes client only or all three client (Notes, Administrator, and Designer). 5.2.2 Manual installation
The manual installation changed very little from Release 6.x to Release 7. We briefly describe what to expect from a manual installation of the Notes client: 1. If you are installing from a downloaded installation file from the Web, double-click the executable, and you will be first prompted to select a location for the extracted files, as shown in Figure 5-1. By default, the location to save the files will be the TEMP environment variable the user set on their machine. For the package with all three clients, you need 190 MB of free space. Figure 5-1 Install Shield Wizard: Location to Save Files (Web kit): Dialog box 1 Chapter 5. Client upgrade considerations and best practices 175 2. You are prompted with the window shown in Figure 5-2. Click Next. Figure 5-2 Welcome window: Dialog box 2 3. Read and accept the license agreement, as shown in Figure 5-3. Figure 5-3 License Agreement: Dialog box 3 176 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 4. You are prompted for customer information, as shown in Figure 5-4. Notes retrieves the same information from the client currently installed. You can modify it as needed. Click Next. Figure 5-4 Customer Information: Dialog box 4 5. In the next installation dialog box, provide the installation path, as shown in Figure 5-5. The installation path defaults where the Notes clients are currently installed, and the Change button might be unavailable. This information is from the \HKEY_LOCAL_MACHINE\SOFTWARE\Lotus\Notes registry key. If you want to install the Notes client to a different path, we recommend that you uninstall the previous client before installing the new version. Figure 5-5 Installation Path Selection: Dialog box 5 Chapter 5. Client upgrade considerations and best practices 177 6. Select which features to install, as shown in Figure 5-6. By default, the installation selects the minimum recommended files for the Note client installation. Select the Domino Designer and Domino Administrator clients here if you need to install all three clients. You can highlight some features for a feature description or select each client to check how much hard drive space is required for each client. Click Next. Figure 5-6 Custom Setup: Dialog box 6 7. Install the program, as shown in Figure 5-7. This is the last dialog box that will allow you to go back and change any of the previous options without canceling the installation. Figure 5-7 Install: Dialog box 7 While the Notes client is being installed, a window with a progress bar is displayed. 178 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 8. After installation completes, the dialog box in Figure 5-8 opens. Click Finish. You can relaunch the Notes client. Figure 5-8 Install complete: Dialog box 8 Using transform files
The InstallShield Tuner for Lotus Notes is included on the software CD to create a customized installation. Use the InstallShield Tuner to create customized transforms to add resources, change defaults, or hide features present in the standard Lotus Notes 7 kit. If you have a transform file, invoke this file through the command line using the following syntax:
C:\InstallFiles> msiexe /i "Lotus Notes 7.0.msi TRANSFORMS="custom.mst" Important: Note that IBM Technical Support does not provide assistance for InstallShield Tuner for Lotus Notes. However, InstallShield Tuner for Lotus Notes does include comprehensive online help to familiarize you with the process of customizing an industry-standard Windows Installer (.MSI) package. For additional details about InstallShield Tuner OEM, visit the InstallShield Web site at:
http://www.macrovision.com/products/flexnet_installshield/index.shtml 5.2.3 Smart Upgrade
Lotus Smart Upgrade was developed in Release 6.x to assist Lotus administrators in upgrading the Notes client. It can be easily configured to notify Notes client users when a new release of the client is available. Smart Upgrade can also be used to upgrade the Notes clients from Release 6.x to Release 7. Using Smart Upgrade prevents administrators and support staff from visiting each desktop, reduces the dependency on third-party tools, and reduces the total cost of upgrading. Tip: For details about how Smart Upgrade works, its features, and steps to deploy it, see the excellent tutorial available about Smart Upgrade at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27006422 The end-user experience
This section illustrates what the end user will see and experience with Smart Upgrade. For this example, we configured Smart Upgrade to run silently, with absolutely no user interaction after selecting Upgrade Now. Chapter 5. Client upgrade considerations and best practices 179 After Smart Upgrade is set up, when the end user logs in to Lotus Notes, the dialog box shown in Figure 5-9 opens. Figure 5-9 Smart Upgrade prompt If the user selects Update Notes Now, the kit downloads to their machine's temp directory. (If the user running 6.5.4 or later, the kit is downloaded in the background, as shown in Figure 5-10. Users can continue to work while this is occurring.) Figure 5-10 Smart Upgrade kit downloading in the background After the kit download completes, it launches the upgrade. Figure 5-11 displays the progress of the upgrade that will be displayed on the client. Figure 5-11 Progress bar for user to monitor When the installation completes, the user will be presented with a window stating that the upgrade was successful, as shown in Figure 5-12. Figure 5-12 Final window: Successful upgrade Deploying Smart Upgrade
In this section, we discuss your options for deploying the Smart Upgrade feature. There are several options to consider. 180 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Requirements
The following requirements are necessary to deploy Smart Upgrade: Lotus Notes 6.0 or later client. Lotus Domino 6.0 or later server. At least one Smart Upgrade database is configured. The end user's Location document correctly specifies a home mail server. The mail server's configuration document contains a link to the Smart Upgrade database. The end user has appropriate rights to install Louts Notes on their machine. Deployment options
Lotus Smart Upgrade is configured in a Smart Upgrade database. This database houses the location of the upgrade files to a shared network drive or the files as an attachment. This database can exist one or several servers. Consider how many users need to upgrade, the location of the upgrade, and the bandwidth of your network when deciding if all you need is one central Smart Upgrade server or several that are statagically located in different locations. Understand your users, how they work, and what versions of the client they are running when choosing your deployment. Note: Refer to Table 4-5 on page 161. This table describes the new features of Smart Upgrade and when these features were made available. Table 5-5 describes the advantages and disadvantages of the deployment options.
Table 5-5 Deployment options for Smart Upgrade Advantage Easy to administer. All servers point to a single Smart Upgrade database (use [All Servers] configuration document). Distributed upgrade across several servers/clusters. No single point of failure. Disadvantage Single point of failure. All network traffic will be pointed to a single server. Deployment option Consolidated deployment Distributed deployment Slightly more difficult to manage. Replication considerations (note the readers field, Allowed Users & Server). Setting up the Smart Upgrade database
This section illustrates an example scenario for setting up a Smart Upgrade database for all Lotus Notes 6.x users to upgrade to the Lotus Notes 7.0 client. For additional information about the Smart Upgrade database and for descriptions of the fields in an upgrade kit, see the Lotus Domino 7 Administrator Help or refer to the Lotus Education On Demand: Lotus Domino/Notes 6 Smart Upgrade Tutorial, available at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27006422 Creating a Smart Upgrade database
Perform the following steps: 1. In the Domino Administrator client, select File Database New. Chapter 5. Client upgrade considerations and best practices 181 2. In the New Database dialog box shown in Figure 5-13, enter the server name and database title. 3. Enter a file name in the File name field. 4. Select the template server, and then select the server on which the database will reside. 5. Select the Show advanced templates check box. 6. Select Smart Upgrade Kits from the Template list, and then click OK. Figure 5-13 Creating a Smart Upgrade database 7. After you create the Lotus Notes Smart Upgrade database, create a database link in your configuration settings document in the Domino Directory (Figure 5-14 on page 183). Configuring the configuration settings document
Perform the following steps: 1. In the Domino Administrator, open the Lotus Notes Smart Upgrade database that you created. 2. Select Edit Copy as link Database link. 3. Open the Domino Directory, and then open the Server Configurations view. 4. Select the server, and then click Edit Configuration to edit an existing configuration settings document. Note: Lotus Notes Smart Upgrade first checks for the Lotus Notes Smart Upgrade database link in the configuration settings document of the home server specified in the Notes client Location document. If that configuration settings document does not contain a Lotus Notes Smart Upgrade database link, Smart Upgrade next checks the * [All Servers] configuration settings document for the database link. 5. On the Smart Upgrade tab of the document, paste the database link in the "Smart Upgrade Database link" field, as shown in Figure 5-14 on page 183. 6. (Optional) In the Limit Concurrent Smart Upgrade field, enable the Smart Upgrade Governor. When the Smart Upgrade Governor is enabled, you can limit the number of times that Smart Upgrade attempts are made by specifying a value in the Maximum Concurrent Downloads field. 182
Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Note: Smart Upgrade Governor requires Notes client and Domino server Release 6.0.5/6.5.4 or later. Use this feature to prevent an excessive load on the server if Smart Upgrade is invoked numerous times on the same server. 7. In the Maximum Concurrent Downloads field, enter a value for the maximum concurrent number of Smart Upgrade attempts that can be made while the Smart Upgrade Governor is enabled. Figure 5-14 Configuration Settings document 8. Save and close the configuration settings document. Creating a Smart Upgrade kit
The Smart Upgrade database can consist of several kits. For example, there can be a kit for just the single Notes client, the all clients kit, a Macintosh platform, or to apply a client cumulative fix. Perform the following steps to create a Notes client only kit to upgrade any R6 client to the Lotus Notes 7 client. For testing purposes, we only allowed the administrators to use Smart Upgrade before deploying it to all users. 1. In the Domino Administrator client, open the Lotus Notes Smart Upgrade database that you created. 2. Click New Kit to create a Kit document. Figure 5-15 on page 184 shows a sample kit illustrating how to upgrade any Notes client version on Windows to Release 7. 3. On the Basics tab, complete the fields shown in Table 5-6 on page 184. Chapter 5. Client upgrade considerations and best practices 183 Figure 5-15 Table 5-6 Field Kit description Sample Smart Upgrade Kit: Basis tab Smart Upgrade kit field descriptions Description Enter a brief description of the kit. After completing this document, this kit description is used to identify the Smart Upgrade Kit document. Select the Enabled check box to make the kit available to authorized users. Enter your current Notes client release, or you can enter a series of Notes clients releases. Value from Figure 5-15 6.x 7.0 (example) Lotus Notes 7 - Client only Kit Enabled * (An astrick allows any client 6.0 or later to upgrade to Release 7.0 using this kit.) Windows/32 English Yes In this scenario, all clients being upgraded were 6.5.4 or earlier. N/A The Install type field only appears if this option is not selected. Enable this kit for use Source versions Operating system Localization Release 6.5.4/6.0.5 or previous Enter or select the operating system for which the kit is intended. Enter or select the language of the Notes client. This field displays only if you are using Microsoft Windows (Win32). If you are using Notes Domino release 6.5.4, 6.0.5, or earlier, select this option. Smart Upgrade does not recognize whether the all client install or Notes client install applies for these releases. Choose one: Notes client only: Smart Upgrade installs only the Notes client kit. All client (Notes, Administrator, Designer):Smart Upgrade installs the all client kit. Install type 184 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Field Destination version Description Enter the release number of the update kit. The value of this field must match the value in the Deploy Versions field of the desktop policy settings document. Choose one of the following options to specify the location of the upgrade kit: Attached to this note: If you are using Domino 6.5.5 or later, you can attach either a Notes client only kit or an all clients kit. On a shared network drive: Choose this option and then in the "Full path to update kit" field, enter the file path to the SETUP.EXE file. When you use the shared network drive option, decompress the file and copy all files in the installation kit to the directory specified. Follow this convention:
\\networkfileservername\shareddirectoryname\setup.exe Value from Figure 5-15 6.x 7.0 (example) Release 7.0 Location Shared network drive & attached kit The "Shared network drive and attached kit with failover" option provides both fields of information to users. The Smart Upgrade process checks whether a "Full Path Kit" is available. If the Full Path Kit is available, it is used; if it is not available, the attachment kit is used. Shared network drive & attached kit with failover: Choose this option and then select the file to attach that contains the Smart Upgrade kit and enter the full file path name to the SETUP.EXE file. Optional arguments for shared network drive kit Enter optional arguments if you are specifying a shared network kit. For information regarding optional arguments, see the "Using optional arguments when running Smart Upgrade" topic in Lotus Domino 7 Administrator Help. /d /px /a /s /v"/qb+" This is a common option to not prompt where to save the temp files, delete them when the installation finishes, and install silently. Message text Optional arguments for attached kit Enter the message that will appear when Smart Upgrade prompts users to upgrade their Notes clients. Enter optional arguments if you are using an attached kit. /d /px /a /s /v"/qb+" Tip: Optional arguments are most commonly used to for Smart Upgrade to be a silent installation. The option listed in the example is one of the most common: /d /px /a /s /v /qn+ /qb+ Removes extracted files after the installation is complete. Hides the Location To Save Files and Remove Installation Files end user dialog boxes. Administrative installation. Silent mode. Pass arguments to MSIexec. No UI except for a modal dialog box displayed at the end. Basic UI with a modal dialog box displayed at the end. The modal box is not displayed if the user cancels the installation. Use qb+! or qb!+ to hide the Cancel button. Note: If users are using multiuser installations, make sure that you use the Notes client only kit for these users.
Chapter 5. Client upgrade considerations and best practices 185 4. Complete the fields shown in Table 5-7 on the Administration tab. Figure 5-16 shows the Administration tab.
Table 5-7 Field Allowed Users & Servers Smart Upgrade Kit Administration tab field descriptions Description Enter or select the users or servers allowed to upgrade their Notes clients. To include all users in your organization, enter a value using the following format: */OrgUnit/Organization/CountryCode Note: When you enter a value in this field, also add LocalDomainServers to this field because this is a "Readers" field. If LocalDomainServers is not included in the entries in this field, the kit will not replicate to other Domino servers in the domain. Enter or select the persons who own this document. Enter or select the persons who administer the document. (Optional) Enter comments such as the update history for this document. Value from Figure 5-16 6.x 7.0 This was configured for testing so that only the users listed in the LocalDomainAdministrators group was allowed to upgrade. If you do not leave this field blank, everyone is allowed to upgrade. Make sure that you include LocalDomainServers. (Optional) (Optional) (Optional) Owners Administrators Comments Tip: Before rolling out Smart Upgrade, perform a pilot for a few users to make sure that everything goes smoothly. On the Administration tab, include your LocalDomainServers and pilot users. After they upgrade successfully, you can clear this field to allow everyone to upgrade or add additional users and groups. Figure 5-16 Smart Upgrade Kit: Administration tab 5. Click Save and Close. Using a policy with Lotus Smart Upgrade
Using a desktop policy when deploying Smart Upgrade is optional and not required for Smart Upgrade. It does, however, offer several additional features, including an upgrade deadline, a "Remind me every hour after "upgrade deadline" has passed" field, and the ability to use Smart Upgrade tracking. We recommend using a desktop policy to take advantage of these additional features. 186 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Creating a policy
Perform the following steps: 1. From the Domino Administrator, select the People & Groups tab, select the Policies view, and click Add Policy, as shown in Figure 5-17. If you already have a policy created, click Edit Policy. Figure 5-17 Creating a policy from the Domino Administrator 2. Fill in the Policy name, Policy type, and Description, as shown in Table 5-8.
Table 5-8 Field Policy name Description of policy fields Action Enter one: A unique name for an explicit policy. The name of the organization or organizational unit, such as Acme or Sales/Acme. Choose one: Explicit: To create a policy to assign to specific users and groups. Organizational: To create a policy that is automatically assigned to all users in the part of the organization specified in the Policy name field. Enter a description of the policy. Example/comments We recommend an explicit policy first for piloting. After your pilot is successful, you can change the explicit policy to an organizational policy. An explicit policy can be named whatever you want. An organizational policy must take on the name of the */O or */OU/IBM, for example: */IBM Policy type Description (Optional). Chapter 5. Client upgrade considerations and best practices 187 3. Under the Settings Type section, click New next to the Desktop field, as shown in Figure 5-18. Figure 5-18 Sample explicit policy 4. You should now see the desktop settings document. For this example, we focus only on the Smart Upgrade sections. 5. On the Basics tab of the Desktop Settings document, fill in the Name field and the Description field. These fields can contain any name or description you want. See Figure 5-19. Figure 5-19 Desktop Settings document 6. Select the Smart Upgrade tab. 7. Fill in the fields shown in Table 5-9. Figure 5-20 on page 189 shows the Smart Upgrade tab.
Table 5-9 Field Deploy version Smart Upgrade settings from the desktop settings policy Description If you use Smart Upgrade, enter the Notes version to which you want users to upgrade. Value from Figure 5-20 6.x 7.0 Release 7.0 This field should match the Destination version field in the Smart Upgrade Kit. 188 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Field Upgrade deadline Description If you use Smart Upgrade, use the mm/dd/yyyy format to enter the date by which users must upgrade. If users do not upgrade by this date, the upgrade happens automatically. Select this option if you want to send an hourly reminder to users who have not updated their clients by the deadline set in the "Upgrade deadline" field. Enable Smart Upgrade tracking for the user by selecting the mail-in database name. Choose one: Yes: Automatically deletes the Smart Upgrade tracking files when the specified time period for maintaining files is exceeded and the Notes client is restarted. Enter the number of days in this field. No: Maintains the Smart Upgrade tracking files after the specified time for maintaining the files is exceeded. The files are not deleted. Enter the number of days to keep the Smart Upgrade tracking files before they are deleted. Default is 365 days. Note: This field appears only if you choose Yes in the "Remove Smart Upgrade Tracking files after a specified number of days" field. Value from Figure 5-20 6.x 7.0 Use this with conjuction with the Remind me every hour after "upgrade deadline" has passed field. Select Remind me every hour. Users will have time to save their work and upgrade at the most convenient time of the day. Select the Smart Upgrade Tracking reports mail-in database (the next section discusses this in detail). Remind me every hour after "upgrade deadline" has passed Mail-in Database for Smart Upgrade Tracking reports Remove Smart Upgrade Tracking files after a specified number of days Number of days to keep Smart Upgrade Tacking Report files Figure 5-20 Desktop Settings document for Smart Upgrade 8. Click Save & Close. Chapter 5. Client upgrade considerations and best practices 189 9. The master policy document should still be open. Make sure to assign the desktop settings document you just created to your policy document by selecting your desktop settings document from the drop-down list, as shown in Figure 5-21. Figure 5-21 Assign your Desktop Settings document to the Policy document 10.Click Save & Close. Assigning your policy to users
If you created an organizational policy, it will automatically be applied to the users in that organization or organizational unit. If you created an explicit policy, you have two options to assign this policy: Assign the policy directly in the user's Person document (Figure 5-22 on page 191): a. Open or edit a user's Person document. b. Select the Administration tab. c. In the Policy Management section, select explicit policy you created from the Assigned policy drop-down list. Click OK. d. In the Person document, click Save & Close. 190 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 5-22 Assign the policy directly in the Person document Use the Assign Policy tool. This tool enables you to assign a policy to more than one user or group at a time. Perform the following steps (see Figure 5-23): a. From the Domino Administrator client, select the users or groups. b. On the right side, select the People or Groups and click Assign Policy. c. In the Assign Policy Options dialog box, select the explicit policy you want to assign and click OK. Figure 5-23 The Assign Policy tool Smart Upgrade Tracking Reports
Smart Upgrade Tracking Reports are an excellent mechanism for tracking your client upgrades. As shown in Figure 5-24 on page 192, this database houses upgrade reports for successful, failed, and cancelled upgrades. Chapter 5. Client upgrade considerations and best practices 191 Figure 5-24 Smart Upgrade Tracking Reports database Each document in the database contains a report detailing Smart Upgrade data and an attachment (smartupgrade.log), and if the upgrade is successful, it also contains an install.log file (Figure 5-25 on page 193). Note: Smart Upgrade Tracking is new to Lotus Notes 6.5.3. Clients previous to this version will not send upgrade reports to the Smart Upgrade tracking database. In Domino 7, the first server setup will automatically have a Smart Upgrade Tracking Reports database created. If you have upgraded your server, you need to create this mail-in database manually. 192 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 5-25 Smart Upgrade Report Creating a Smart Upgrade Tracking Reports database
From the Lotus Notes client or Domino Administrator client, perform the following steps (Figure 5-26 on page 194): 1. Select File Database New. 2. Select the server. 3. Give the database a title, for example, Smart Upgrade Tracking Reports. 4. Give the database a file name. 5. Specify the server from which to get the template. 6. Select Show advanced templates. 7. Select the Lotus Notes/Domino Smart Upgrade Tracking Reports template (lndsutr.ntf). 8. Click OK. Chapter 5. Client upgrade considerations and best practices 193 Figure 5-26 Creating a Smart Upgrade Tracking Reports database 9. Close the database. Next, we need to create a mail-in database document for the Smart Upgrade Tracking Reports. Creating a mail-in database document for Smart Upgrade Tracking Reports
From the Domino Administrator client, People & Groups tab, perform the following steps: 1. Select the Mail-In Databases and Resources view. 2. Click the Add Mail-In Database button. 3. Complete the fields shown in Table 5-10 on the Basics tab. Figure 5-27 on page 195 shows the Basics tab.
Table 5-10 Field Mail-in name Internet message storage Mail-in database: Basics tab field descriptions Description The entry for this database in the Domino Directory. Users and applications use this name to send documents to the database. The message storage preference: No Preference (default) Prefers MIME Prefers Notes Rich Text SMTP address in the format [email protected] Complete this field if you want Internet users to be able to send messages to the database. Yes or No, according to your preference. Mail sent to the mail-in database is encrypted with the Notes certified public key entered in the next field. Domino domain of the server where the database resides. The fully-distinguished hierarchical name of the server where the database resides, for example, Server1/Sales/Acme. The path and file name of the database relative to the Domino Directory. For example, if the database named SUTRACKING.NSF is in the MAIL directory of the DATA directory, enter MAIL\SUTRACKING.NSF. Internet Address Encrypt incoming mail Domain Server File name 194 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 5-27 Smart Upgrade Tracking in the Mail-In Database document 4. Select the Administrator tab, review the fields on the this tab, and change any if appropriate. 5. Click Save and Close. Initiating or triggering Lotus Smart Upgrade
After a Smart Upgrade database is created, allowed users can potentially start getting automatic prompts to upgrade their client when they re-authenticate with their home mail server. Usually, this occurs the following day when they log in. An end user can trigger Smart Upgrade to run manually at anytime by selecting File Tools Notes Smart Upgrade. 5.2.4 Seamless mail upgrade
Seamless mail upgrade is a method of upgrading client templates when upgrading the Lotus Notes client. It is configured in a desktop settings document and is assigned to a master policy document. It only works at the time of the client upgrade. From the end user's perspective, after the Notes setup is complete, the user can be asked (or forced) to upgrade their mail file to the new template design. Figure 5-28 shows the user prompt. Figure 5-28 User prompt to upgrade their template Tip: Use seamless mail upgrade in conjunction with Smart Upgrade. This upgrades the template immediately following the upgrade of the client to avoid potential incompatibility issues. Configuring seamless mail upgrade
Perform the following steps: 1. From the Domino Administrator, select the People & Groups tab, and select the Settings view. Chapter 5. Client upgrade considerations and best practices 195 2. If there is already a desktop policy setting document, you can edit the current one, or create a new desktop settings document by clicking Add Settings Desktop. 3. If the desktop settings document is new, fill in a name on the Basics tab. 4. Scroll down to the Mail Template Information section and complete the fields shown in Table 5-11. Figure 5-29 on page 197 shows the Mail Template Information section.
Table 5-11 Field Prompt user before upgrading mail file Seamless mail upgrade fields Action Do one: Select Yes to inform users before upgrading their mail files. This enables users to defer the upgrade. Clear the Yes option (default) to upgrade without notification. The default asterisk (*) uses any mail template. (Optional) Enter the name of the current template you are using. Enter the build version of the Notes client in the format Release Vnn Month dd, yyyy (for example, Release 7.0.1 January 21, 2006). To upgrade all versions, use an asterisk (*). Tip: To find the build version, select Help About Domino Administrator. Enter the new mail template file name. By default, the number of folders created during conversion is limited to 200 folders. Do one of the following actions: Select Yes to override that limit and create as many folders as necessary (default). Clear the Yes option to enforce the limit. Do one: Select Yes if mail file will be used by an IMAP mail client. Clear the Yes option if IMAP will not be used (default). The conversion does not upgrade private folders automatically. Do one: Select Yes to include custom folders in the design upgrade (default). Clear the Yes option to exclude custom folders in the design upgrade. Do one: Select Yes to inform users before upgrading their mail folder design. This enables users to defer the upgrade. Clear the Yes option (default) to upgrade folder design without notifying users. If you chose to notify users before updating mail template or folders, enter the names of administrators who should receive status information. Old design template name for your mail files If Running This Version of Notes Use This Mail Template Ignore 200 category limit Mail file to be used by IMAP mail clients Upgrade the design of custom folders Prompt before upgrading folder design Notify these administrators of mail upgrade status 196 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 5. Click Save & Close. 6. Include the desktop settings document in the master policy. 7. Assign to users if it is an explicit policy. Figure 5-29 Desktop settings document section to configure seamless mail upgrade 5.2.5 Upgrade by mail
Upgrade by mail is a feature that sends an e-mail to users and gives them the option to upgrade their Notes client and the design of their template. This is a good alternative to Smart Upgrade if users are upgrading from Release 5.x to Release 7. (Smart Upgrade is only available on 6.x and 7.x clients). For detailed instructions about setting up upgrade by mail, refer to the IBM Redbook Upgrading to Lotus Notes and Domino 6, SG24-6889:
http://www.redbooks.ibm.com/abstracts/sg246889.html 5.2.6 Domino Web Access
The upgrade process for Lotus Domino Web Access continues to be enhanced in efficiency, features, and user interface design in Release 7.x. The clients are as simple to upgrade as upgrading the design of templates and ensuring your users meet the minimum hardware and software requirements. Note that these requirements will often be updated with additional support for future versions of browsers and operating systems. Refer to the Release Notes for the most up-to-date information. The client requirements include: Recommended for better performance: Pentium IV 1 GHz with 512 MB of memory (Microsoft Windows and Linux clients) Minimum: Pentium III 400 MHz with 128 MB of memory (Windows client); Pentium III 500 MHz with 192 MB of memory (Linux client) Client operating systems: Windows 2000 Professional Windows XP
Use one of the following options to upgrade the Domino Web Access Web-only users templates: Mail Conversion Utility (issue load convert from the Domino Console). Select File Database Replace Design (from the Notes, Administrator, or Designer client). To upgrade Domino Web Access users using the load convert utility, use the following syntax:
load convert [-r] [-u] filepath\filename OldDesignName NewTemplateName [-r] recursively converts through subdirectories of the math you specify. [-u] upgrades the design of the folders to the same design as $inbox. Consider the following examples: The following command converts all users in the mail subdirectory from their current template to the Domino Web Access 7 template:
load convert mail/*.nsf * dwa7.ntf To convert only Domino Web access users, use the following command:
load convert mail/*.nsf inotes6 dwa7.ntf This command skips databases not based on the INOTES6.NTF (Domino Web Access 6) template. To convert all mail files to the Standard Mail Domino 7 template and convert the design of folders, use the following command:
load convert -u mail/*.nsf * mail7.ntf To create a list of mail files by reading people's mail files from the Domino Directory, use the following command:
load convert -l <filename> After this list is created, you can edit the list to include only the people you want to upgrade to a particular template. To read the list of databases from the text file and convert only those listed, use the following command:
load convert -f <filename> 198 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Important: Use extreme caution when using a wildcard character (*). A simple mistake such as forgetting to specify the mail directory will replace all your databases with the Domino Web Access template. For additional options for converting mail files and loading convert switches, see the "Upgrading mail files using the mail conversion utility" topic in Lotus Domino 7 Administrator Help. Tip: To easily view switches, descriptions, and some examples for the load convert utility, type load convert ? from the Domino Console. 5.3 Templates
This section describes the templates available with Lotus Notes and Notes, Designer, and Administrator package. If you have any customized templates on your current Notes client, back up these files before upgrading if they have the same file name. The following tables list what templates you get in each package. We recommend making them all available to your end users.
Table 5-12 Notes client templates Database Agent Log: Keeps a record of actions and errors from LotusScript programs. Archive log: Creates archive logging DB. Autosave. Bookmarks (7): Creates the bookmarks. Local free time information. Local document cache. Database library. Discussion: Notes and Web. Microsoft Office Library. Lotus Smart Suite Library. Doc library: Notes and Web. Domino Web Access (7). Subscriptions (6). Mail (IMAP). Domino Web Access (6). Personal Journal (7). Notes log. Notes/Domino 6 template ALOG.NTF Required template Template file name ALOG4.NTF ARCHLG50.NTF AUTOSAVE.NTF BOOKMARK.NTF BUSYTIME.NTF CACHE.NTF DLIB4.NTF DISCSW7.NTF DOCLBM7.NTF DOCLBS7.NTF DOCLBW7.NTF DWA7.NTF HEADLINE.NTF IMAPCL5.NTF INOTES6.NTF JOURNAL6.NTF LOG.NTF ARCHLG50.NTF N/A BOOKMARK.NTF BUSYTIME.NTF CACHE.NTF DIB4.NTF DISCSW6.NTF DOCLBM6.NTF DOCLBS6.NTF LOCLBW6.NTF N/A HEADLINE.NTF IMAPCL5.NTF INOTES JOURNAL6.NTF LOG.NTF Needed for archive log Required for autosave feature Required for startup Required for startup Required for startup Required for startup Required for startup Chapter 5. Client upgrade considerations and best practices 199 Template file name MAIL7.NTF MAIL7EX.NTF MAIL.BOX.NTF NNTPCL6.NTF PERNAMES.NTF PERWEB50.NTF Database Mail (7). Extended Mail. Mail Router Mailbox. News Articles (7). Personal Address Book. Personal Web Navigator (6): Access the Internet directly from Notes. Phonebook (7): Keeps phone numbers used to connect to a server. Notes/Domino 6 template MAIL6.NTF MAIL6EX.NTF MAIL.BOX NNTPCL6.NTF PERNAMES.NTF PERWEB50.NTF Required template Required for island mode Required for startup PHONEBOOK7.NTF PHONEBOOK.NTF Table 5-13 list the templates that included in addition to the ones listed in Table 5-12 on page 199 when you install the Lotus Domino Administrator client and Lotus Notes/Domino Designer clients. Although all most of the templates also exist on the Domino server, there are several that must be kept locally.
Table 5-13 Additional templates with the Administrator and Designer Database Certificate Requests Template function Front-end database to request Internet certificates over the Web and create server key rings. Contains result document from cluster analysis tests. Configures SSL and view requests sent to the certificate authority. Holds the results from running the Database Analysis tool. Holds the results from running a decommission server report. Required for the Domino Administrator client. It contains functionality required to run the client. Generated by enabling server health monitoring. Required to run a database synopsis. It holds the results. Used for the Monitoring Configuration database, and includes a configuring interface for DDM. Used for Web-based Internet certificate requests and creating a server key ring. Required for using the Log Analysis tool. Required if you register users from Windows NT user manager for domains. Template file name CERTREQ.NTF CLUSTA4.NTF CSRV50.NTF DBA4.NSF DECOMSRV.NTF DOMADMIN.NTF DOMMON.NTF DSGNSYN.NTF EVENTS4.NTF ICL.NTF LOGA4.NTF NTSYNC.NTF Cluster Analysis Server Certificate Admin Database Analysis Decommission Server Report Domino Administrator Health Monitoring Design Synopsis Monitoring Configuration Issued Certificates list Notes Log Analysis NT/Migrating Users' Passwords 200 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Template file name POLICYSYN.NTF STATREP5.NTF USERREG.NTF Database Policy Synopsis Monitoring Results User Registration Queue Template function Required to create a policy synopsis. Creates the Statistics reporting database. Required for user registration. 5.4 Client features
There many new features for the Notes client with Release 7. This section briefly discusses a few of them. For a more comprehensive overview of the new features available in Release 7, see the IBM Lotus Notes and Domino 7 Reviewers Guide. Note: For a comprehensive review of all features in Notes and Domino 7, refer to the IBM Lotus Notes and Domino 7 Reviewers Guide at:
ftp://ftp.lotus.com/pub/lotusweb/product/domino/ND7_Reviewers_Guide.pdf 5.4.1 Roaming users
The roaming user feature was first introduced in Lotus Notes/Domino 6.0.1. It provides users with a mechanism to roam from one workstation to the next and use Lotus Notes. Users can work from multiple workstation because key databases and user preferences, such as bookmarks, their address book, ID file, and journal, are replicated from their initial client to a designated roaming server. When users log in to another Notes client, the data is replicated down. Cleanup options are also available to determine what happens to the roaming databases and preferences after the users log out. Considerations for implementing or upgrading roaming users
When implementing roaming, understand and test the following items: How much server disk space is required to hold the average user's replicated data? This includes their mail file, personal address book, bookmarks, and journal. How long does it take to replicate data to a new workstation on a local network? Consider this when you upgrade the design of users' mail files because the new design elements will replicate as well. How long does it take to replicate data to a new workstation to a remote location? What kind of network impact does additional data replication have? What is the security of personal data on local workstations? Other personal databases do not roam unless replicas are created manually into the user's roaming directory. Upgrading a user to roaming user
There are two ways to make a user a roaming user. If the user is not registered, you can enable roaming at the time of registration or upgrade the user to roaming through the AdminP process at anytime. Chapter 5. Client upgrade considerations and best practices 201 Enabling roaming at the time of registration
For complete instructions about how to register a user, refer to the "Registering users" topic in the Lotus Domino 7 Administrator Help. Perform the following steps: 1. To enable roaming at the time of registration, in addition to the normal steps you take to register a user, select the Enable roaming for this person option (Figure 5-30) and then select the Roaming tab. Figure 5-30 Enabling roaming at the time of registration 2. From the Roaming tab, configure the user's roaming preferences. Figure 5-31 shows the Roaming tab. Figure 5-31 Roaming preferences when registering a new user 202 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Table 5-14 describes the roaming user settings.
Table 5-14 Roaming user settings Description Select to store roaming files on the mail server (default). Select to store roaming files on a different server than the users home mail server. The subdirectory where roaming directories will be located. The method used to name the user's roaming directory. (Optional) Select this option to let the AdminP process create the roaming files. This is faster if you have to register many users at once. What to do with the roaming files after the user is done: Do not clean-up (default). Roaming user data will never be deleted from the Notes client workstation to which the user roamed. Clean-up periodically. Enables the "Clean up every N days" field in which you specify the number of days that should pass before roaming user data is deleted from the Notes client workstation. Clean-up at Notes shutdown. Roaming user data will be deleted from the Notes client workstation immediately upon Notes shutdown. Prompt user. The user is prompted on exiting the client as to whether they want to clean up their personal files. If the user chooses Yes, the data directory on that client workstation is deleted. If the user chooses No, the user is prompted as to whether they want to be asked again on that client. If the user chooses No, the user is not prompted again. If the user chooses Yes, the user is prompted again the next time the user exits the client on that workstation. Roaming Replicas Select this option to designate which other servers in the cluster a user's roaming files should replicate. Roaming user setting Put roaming user files on mail server Roaming Server Personal roaming folder Sub-folder format Create roaming files in background Clean-up option Tip: On the ID Info tab of the Register Person - New Entry dialog box, choose to store the users ID files in Domino Directory if you want users to access their Notes IDs from their personal address book. If you do not choose this option, users will need to access their IDs from a file server or physically carry their IDs on some sort of storage media wherever they roam. If you change your mind on where to store the ID files, you need to downgrade and reupgrade the user to roaming to change this option. Upgrading an existing user to a roaming user
If a user is previously registered, you can upgrade them at any through the AdminP process. Perform the following steps: 1. From the Domino Administrator, People & Groups tab, select the user. 2. On the right side, under Tools, click Roaming. 3. Select the roaming user options you want and click OK. Refer to Table 5-14.
Chapter 5. Client upgrade considerations and best practices 203 Note: Client upgrade User should be prompted option is an enhancement to Release 7. Administrators can force users to upgrade to happen and not give the end user an option of saying no. See Figure 5-32. Figure 5-32 Upgrading a non-roaming user to a roaming user 4. The following five AdminP requests will follow. If users regularly use the Notes client, they are usually upgraded to roaming users within 24 hours. - Update client information in the Person record: Triggered by: From the Domino Administrator, initiating the action to upgrade a user from non-roaming status to roaming status. Carried out on: The administration server for the Domino Directory. Carried out: Immediately. Result: Updates the User Can Roam field to "In Process" on the Roaming tab of the user's Person document in the Domino Directory. - Create roaming user's replica stubs: Triggered by: The selected user logging in to Notes after the administrator has initiated the action to update the user's status to Roaming and the "User can roam" field on the Roaming tab of the user's Person document has been changed from "No" to "In Process." Carried out on: The server that will house the roaming files. Carried out: Immediately. Result: Creates replica stubs of the roaming files on the user's roaming server. - Update roaming user information in Person record: Triggered by: The selected user logging in to Notes after the administrator has initiated the action to update the user's status to Roaming and the "User can roam" field on the Roaming tab of the user's Person document has been changed from "No" to "In Process." Carried out on: The administration server for the Domino Directory. Carried out: Immediately. 204 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Result: Updates the Personal Address Book field, Bookmarks filename, and Journal filename fields on the user's Person document in the Domino Directory. Generates the "Monitor roaming users replica stubs" request. - Monitor roaming users replica stubs: Triggered by: Successful completion of the "Update roaming user information in Person record" request. Carried out on: The user's roaming server. Carried out: Immediately. Result: Recognizes when replication occurs, and then generates the "Update roaming user state in Person document" request. - Update roaming user state in Person document: Triggered by: Successful completion of the "Monitor roaming users replica stubs" request. Successful replication of the roaming files to the roaming server. Carried out on: On the administration server of the Domino Directory. Carried out: Immediately. Result: The "User can roam" field on the Roaming tab of the user's Person document is updated from "In Progress" to "Yes." When the AdminP process is complete, you will see a globe next to the user's name in the Domino Directory. Additional roaming user databases
Again, roaming users replicate three databases by default, NAMES.NSF, BOOKSMARK.NSF, and JOURNAL.NSF. These databases must have these default names and must be located on the \data directory. If a user wants to replicate an additional database, it is possible under the following circumstances: The administrator needs to provide the user with the ability to create replicas on the server through the Server document for the roaming user server. The user manually creates a new replica of any local database to that user's respective roaming user subfolder on the roaming server. The user pulls a new replica to each additional roaming client to ensure that all of these databases exist on the replicator page of each roaming client. Tip: For additional information about roaming user databases, replicating, and roaming users, see the technote "How to set up local databases to replicate for Roaming users," 1106896, at:
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21106896 Roaming: The user experience
This section describes what a roaming user will experience when roaming to a multiuser, installed Notes client: 1. The users logs on to Windows with their name and password and launches Notes. When the user upgrades, a notification that they are roaming users opens, as shown in Figure 5-33 on page 206. Chapter 5. Client upgrade considerations and best practices 205 Figure 5-33 Roaming user notification 2. When users update their roaming replicas, as shown in Figure 5-34, they will be able to roam to any machine. Figure 5-34 Prompt to replicate after upgrading files 3. The next time a user roams to a roaming machine (assuming that the user has cleanup enabled), the user will be prompted to configure their Notes client settings. After authenticating with the server, the roaming databases will replicate to the local workstation. 4. After users finish using the Notes client and shut down, they are prompted again to replicate their roaming databases back to the server. See Figure 5-35. Figure 5-35 Replication tab of a roaming user 5.4.2 Confirming to close Notes
Release 7 automatically provides a confirmation to close by default in all three Notes, Designer, and Administrator clients. Now, when you click x to close the client and you need to save your work, you get another chance. If the user does not want to receive the warning, the user can select the In the future, exit without prompting option, as shown in Figure 5-36 on page 207. 206 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 5-36 Confirm to close Notes Tip: When a user selects to not be prompted again in the future, ExitNotesPrompt=1 is added to the user's NOTES.INI file. If the user wants to be prompted again, the user needs to change this variable to 0 or remove it from the NOTES.INI file. 5.4.3 Save state on exit
Throughout the day, users open multiple windows. Normally, if they want their windows to open when Notes launches, they drag and drop the individual windows to the startup folder. In Release 7, we now offer the users the option to save the last state of their windows on exit. The next time they log in, the client will be the same state in which they left it. Perform the following steps to set the client to open in the state in which you left it: 1. Select File Preferences User Preferences. 2. Under Startup Options, select Save window state on exit, as shown in Figure 5-37. Figure 5-37 Save window state on exit When this option is set, SaveStateOnExit=1 is added to the user's NOTES.INI file to save the preference. You might also notice that a folder is added to More Bookmarks that contains links to the last state items similar to Startup, as shown Figure 5-38 on page 208. Chapter 5. Client upgrade considerations and best practices 207 Figure 5-38 Save state on exit 5.4.4 Autosave
The autosave feature saves a Notes document on a timer event, set by the user, to a local database. If the Notes client crashes or the Notes client machine loses power, when you restart your client, you will be able to recover your work. Enabling autosave
There are two ways to enable autosave on the Notes client: User Preferences (see Figure 5-39): a. Select File Preferences User Preferences. b. Under Startup Options, select Autosave every x minutes where x is the number of minutes you can specify to save your work. Click OK. Users can also trigger autosave by selecting File Autosave Autosave now. Figure 5-39 Autosave option in User Preferences 208 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Policies: There is an option to enable autosave in both the setup and desktop policy documents. These settings can also be locked down. See Figure 5-40. Figure 5-40 Enabling autosave in a desktop policy document Recovering work
After Notes shuts down unexpectedly from a crash or power outage, when a user logs in to Notes, the prompt shown in Figure 5-41 opens. Figure 5-41 Prompt to recover autosave documents After clicking Yes, the user can recover the files with which he or she was working, as shown in Figure 5-42. Figure 5-42 View and recover autosaved documents To recover work at a later time, users can also select File Autosave Recover Auto saved Documents. Chapter 5. Client upgrade considerations and best practices 209 5.4.5 Mail features
In this section, we describe mail features. Show mail threads
The Release 7 mail templates enable you show the mail threads from a sequence of e-mails, as shown in Figure 5-43. Figure 5-43 Mail threads Message marking
Message marking can help illustrate if a memo has a single recipient or multiple recipients, and if your name is included in the To field or the CC field. This is an excellent mechanism to help determine an important e-mail from one of lesser importance for a busy inbox. The following figures illustrate message marking. Figure 5-44 Message marking for recipients 210 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 5-45 Message marking example from the inbox view Discovering folders
Have you put a document in a personal folder, but forgot where? In Release 7, there is a new function to find where a document exists in your mail file. Simply go to the All Documents view, right-click, and select Folder Discover Folders. Alternatively, select Actions Folder Discover Folders, as shown in Figure 5-46. A dialog box opens telling you in which folder the document resides. Figure 5-46 Discover Folders Warn on blank subject
When users are in a hurry to type memos, they often forget to fill in a subject line. With the enhancement of the ability to sort by subject, Lotus also adds a confirmation warning to notify end users that they forgot to include a subject line in their memo, as shown in Figure 5-47 on page 212. Chapter 5. Client upgrade considerations and best practices 211 Figure 5-47 Prompt that you have not included a subject in your memo You can disable this warning in the user preferences. From the Notes client, from any view, such as the Inbox view, perform the following steps: 1. Select Tools Preferences. 2. Go to the Basics tab of the Mail tab. Select Do not warn for blank subject before sending memo, as shown in Figure 5-48. Figure 5-48 User preferences to disable the warning 5.4.6 Calendar and scheduling features
We discuss calendar and scheduling features in this section. 212 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Calendar cleanup
Lotus Notes 7.0 calendar and scheduling features include a new calendar cleanup functionality that assists you in easily maintaining your calendar. To access this feature, select Tools Cleanup Calendar, as shown in Figure 5-49. Figure 5-49 Calendar Cleanup As you can see in Figure 5-50, a user will have the option to remove old entries from their calendar or to do entries based on the date or how long ago they occurred. The users will also receive a confirmation to make sure that they want to remove these entries. Figure 5-50 Calendar Cleanup options Calendar filtering
Lotus Notes 7.0 calendar and scheduling also includes a new calendar filtering action that assists you in easily locating documents on your calendar. To access this feature, click the Filter button and choose one of the filtering options. To remove this filter from your calendar, simply click the Unfilter button. (The Filter button toggles to Unfilter after its selected.) Figure 5-51 on page 214 shows calendar filtering by status. Chapter 5. Client upgrade considerations and best practices 213 Figure 5-51 Calendar filtering Sametime awareness
Lotus Notes has enhanced Lotus Sametime integration even further in Notes 7 by adding several new features. If your company has a Lotus Sametime server, new features and enhancements in Notes let you: Have additional awareness. You can see who is online and initiate chats from your mail file, calendar, Personal Address Book, To Dos, Teamrooms, Discussion databases, and Room and Resource Reservations. Set preferences for what displays in the Instant Messaging Contact List and for how you are alerted when an instant message or meeting invitation arrives. See Figure 5-52. Figure 5-52 Sametime User Preferences for Notes Include Notes document links, view links, and database links in chats. You cannot paste these into chats and click them similar to hotspots or hyperlinks. Save chat transcripts to mail or to a file. There is a new view included in the Release 7 mail templates to include chat transcripts. 214 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Tip: Ever have a chat that you wished you had saved? Select Prompt to save transcripts or Always save transcripts in the user preferences of your Notes client (Figure 5-52). Use the Notes Instant Messaging Contact List to chat even when Notes is busy. Additional threading has been added to allow additional multitasking in Notes and messaging. Figure 5-53 shows instant messaging options. Figure 5-53 Instant Messaging options If your Lotus Sametime server has Web conferencing capability, you can: - Use screen sharing, whiteboard, audio, and video during Notes instant meetings. When scheduling an online meeting, specify the meeting password and restrict attendance to the meeting invitees from within calendar. Chapter 5. Client upgrade considerations and best practices 215 216 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 6 Chapter 6. Domino administration enhancements
In this chapter, we discuss several new administrative features introduced in Lotus Domino 7 that enable you to more easily and effectively administer your Domino infrastructure. These components include: Automatic diagnostic data collection Fault Analyzer Server Health Monitoring Note: Although automatic diagnostic data collection and Server Health Monitoring are not necessarily new to the Domino 7 code stream, we believe that providing a brief overview of these tools can help you adopt them in monitoring your Domino 7 environment. Copyright IBM Corp. 2006. All rights reserved. 217 6.1 Automatic diagnostic data collection
In this section, we describe automatic diagnostic data collection. 6.1.1 What is the automatic diagnostic data collection tool?
The automatic diagnostic data collection tool, introduced in Domino 7, collects diagnostic data after server and client crashes and sends the collected data to a mail-in Fault Reports database when the server or client restarts. Each crash generates a Fault Recovery document stored in a single mail-in database residing in each Domino domain, allowing Domino administrators to view all crash information for the clients and servers within that domain. See Figure 6-1 on page 219. Tip: Fault Recovery was available prior to Domino 6 for the UNIX platform, but it became cross-platform available in Domino 6 and it is configured from the Server document. Fault Recovery collects crash information, cleans up resident processes, and restarts the Domino server automatically. In addition, Fault Recovery can send a notification to users in the Domino environment. For more information about Fault Recovery, refer to Upgrading to Lotus Notes and Domino 6, SG24-6889. Before the implementation of automatic diagnostic data collection, Domino administrators had to search the Domino servers and Notes client users' workstations to find relevant information when a crash occurred. With the advent of Domino 7, all information related to failures or crashes is stored in the IBM_TECHNICAL_SUPPORT folder in the Domino data directory. Prior to Domino 7, the list of files collected in the IBM_TECHNICAL_SUPPORT folder was relatively limited, but now includes the following files: Notes System Diagnostic output (also known as NSD) NSD-Sysinfo output file NSD -kill output file Console log Semaphore Debug text file, if enabled Notes_Child_pid output for UNIX Address mapping for Notes/Domino process HTTP session and log threads, only if HTTP session and thread logging enabled In addition to this extensive list, you can also specify other files that you want to collect using the automatic diagnostic data collection tool, generated by third-party tools or other IBM products. For example, automatic diagnostic data collection support enables you to collect information files for Lotus Sametime and QuickPlace when those products run against a Domino 7 server. 218 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-1 DDM integration with server restart notification after a failure Tip: For a complete description of Domino domain monitoring, refer to Lotus Domino Domain Monitoring, REDP-4089:
http://www.redbooks.ibm.com/abstracts/redp4089.html 6.1.2 Configuring automatic diagnostic data collection
Automatic diagnostic data collection can run on both the server and client side and be defined for a subset of servers, defined only for client users, or for both clients and servers. Automatic diagnostic data collection for servers
In order to run automatic diagnostic data collection in your environment, you must define one mail-in database for your domain using the LNDFT.NTF template. The Automatic Data Collection database lists all Fault Reports, as well as response documents for any duplicate occurrences of the same crash, and indicates whether the duplicate occurrence is an exact match or a partial match of the original crash. The duplicate occurrences response documents are the Exact Match Fault Report and the Partial Match Fault Report documents. The Partial Match Fault Report document also includes a "percentage match" that indicates the percentage of the report that matches the original Fault Report for the crash. Figure 6-2 shoes the mail-in database for the Fault Reports. Figure 6-2 Mail-In Database configuration for Lotus Notes/Domino Fault Reports database Tip: Do do not forget to upgrade the design of this database, because the design has been greatly enhanced to support Fault Analyzer. The new design is also compatible with Domino 6 servers. In order to run automatic diagnostic data collection, it is not mandatory to have Fault Recovery enabled on your servers. If you do not use Fault Recovery, you should still configure Notes System Diagnostics (NSD) output to collect debug information. However, Fault Recovery can be very useful, especially if you want to minimize your server downtime, and contains several settings to enable safe server restarts. Fault Analyzer relies on NSD output, so always configure this setting when using Fault Recovery.
Chapter 6. Domino administration enhancements 219 To configure automatic diagnostic data collection to run on your server, you need to specify a configuration document for each server that will be sending fault information to a dedicated mail-in database. Select the Diagnostics tab in the Configuration Settings section of the Administrator client to display the diagnostic collection options information (see Figure 6-3 on page 221): Mail-in Database for diagnostic reports The name of the database to receive Fault Reports. From the drop-down list, select an existing mail-in database available in the Domino domain you are configuring for diagnostic collection. Maximum size of diagnostic message including attachments The maximum size limit of Fault Report messages sent to the mail-in database should not be larger than the maximum mail size that you have defined in your SMTP/Router settings for the mail-in database. This parameter is useful for limiting the size of mail sent over your network. Because this parameter is defined at the server level, you can use different settings depending on your network topology to limit the use of the network bandwidth. For example, you might want to limit network traffic for some servers to which connections are only available through a modem or ISDN. Tip: If you still want to allow large messages to be sent, you can define a low priority setting for all the messages that exceed a certain size and elect to have them routed during night hours only (by default, between midnight and 6:00 a.m.). Alternatively, with the use of server mail rules, you can force the mail sent to automatic diagnostic data collection to route immediately regardless of its size. Maximum size of NSD output to attach The default size is 2 MB, and we do not recommend that you increase the maximum size of the NSD file. If your server generates a NSD file that is larger than this size, you will be notified in a note generated by automatic diagnostic data collection where you can retrieve the complete file. Maximum amount of console output file to attach Automatic diagnostic data collection will process lines from the server console log output from the last line until it reach the size limit you indicate. As general rule, the total of console output plus NSD should not exceed the overall mail size limit. Diagnostic file patterns Use this setting to specify files you want to collect in addition to the standard files collected by automatic diagnostic data collection. If these files are available in the IBM_TECHNICAL_SUPPORT folder, you can specify a file name, with the support of a wildcard (for example, tivoli_debug*). If the files are not located in this directory, specify the entire path of the files to collect (for example, d:\crash\information\*.txt). Remove diagnostic files after a specified number of days - No. (Default) Select No to accept the default of never automatically deleting the diagnostic files created on the server. All of the files will remain until you delete them manually. - Yes. Select Yes to enter the number of days after which the diagnostic files on the server will be deleted. This displays the field "Number of days to keep diagnostic files." 220 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Number of days to keep diagnostics files This field appears only if you select Yes for the "Remove diagnostic files after a specified number of days" setting. This is the number of days after which all diagnostic files will be deleted, with a default of 365 days. Figure 6-3 Configuration of automatic diagnostic data collection tool for server crash information Tip: Automatic diagnostic data collection builds its message in this order: 1. NSD output (until reaching configured limit). 2. Console output (until reaching configured limit). 3. The diagindex.nbf file stored in the data directory, containing a list of all diagnostic files created since the last server restart. Older diagindex.nbf files are time stamped and moved into the IBM_TECHNICAL_SUPPORT folder. 4. All other files you have configured automatic diagnostic data collection to collect. The overall maximum size takes precedence, so if the maximum configured size of the NSD files and console log files are already larger than this limit, you will not get any additional attached files, but instead a pointer to their location. Automatic diagnostic data collection configuration for users
The process of configuring automatic diagnostic data collection for the Notes client is essentially the same as configuring automatic diagnostic data collection for a Domino server, with a few exceptions. Instead of specifying a Server Configuration document, you need to apply a desktop policy for the Notes client users, either by organization or for specific users. In the desktop policy form, the Diagnostics tab enables you to configure automatic diagnostic data collection for Notes client users. You will find the same fields and settings as the server configuration form, plus two additional settings for Notes client users, as shown in Figure 6-4 on page 222: Prompt user to send diagnostic report When setting up automatic diagnostic data collection for users, you can designate whether this feature is invisible to users or whether users should be prompted to send a diagnostic report to the mail-in database. Chapter 6. Domino administration enhancements 221 Choose one of the following options: - Yes. (Default) Select Yes to have the user prompted to send a diagnostic report to the mail-in database after a client crash. - No. Select No to make this feature transparent to the user. The diagnostic report is automatically sent to the mail-in database by a background process after users restart the client and enter their password. Prompt user for comments This setting enables a user to describe the events that lead to a crash in order to assist the Domino administrator in diagnosing the cause of the failure. Select one of these options: - Yes. Select Yes to display a message box in which users can enter information about what they were doing when the client crashed. Choose Yes only if you chose Yes in the "Prompt user to send diagnostic report" field. - No. Select No to prevent users from entering any comments. Figure 6-4 Desktop policy to configure user crash automatic diagnostic data collection tool 6.1.3 How the automatic diagnostic data collection tool works
Figure 6-5 on page 223 illustrates the automatic diagnostic data collection tool's process for collecting failure information from a Domino server, following these steps: 1. At server startup, the NOTES.INI file determines the server configuration and automatic diagnostic data collection settings and specifies whether automatic diagnostic data collection needs to run on this specific server. 2. If automatic diagnostic data collection has been configured, the server reads the file fault_recovery.hst located in the server data directory and locates the last number at the last line. If this number is equal to 0, the server invokes the senddiag task, which is responsible for automatic diagnostic data collection processing. If the status is equal to 1, the server starts normally without invoking automatic diagnostic data collection processing. 3. The send diagnostics task reads the information from the diagindex.nbf file, which contains the location of all the files to be attached to the Fault Report. If any files need to be truncated or cannot be attached to the Fault Report, a message is sent to the Domino administrator indicating where to obtain the missing information. 222 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 4. After the data from diagindex.nbf is processed, the file is moved to the IBM_TECHNICAL_SUPPORT folder and time stamped, while a new diagindex.nbf file is created containing the new fault recovery file information. 5. If file retention is enabled by the NOTES.INI file, the file retention task is called to remove all files older than the number of days specified in the configuration settings. 6. The fault_recovery.hst file is updated and the last line status changed back to 1. 7. Server startup continues normally. Figure 6-5 High-level presentation for automatic diagnostic data collection and all involved components 6.1.4 Console logging and NSD file generation for diagnostic data collection
Console logging and NSD file generation are powerful elements to enable the automatic diagnostic data collection tool's failure analysis and should be configured when implementing automatic diagnostic data collection. Console logging
While a wealth of information is available in the NSD files, the log files are useful to narrow down the cause of the failure. Therefore, automatic diagnostic data collection has been enhanced to ensure that you can obtain a console log output in any case. Chapter 6. Domino administration enhancements 223 To obtain a console log file, automatic diagnostic data collection will look in the following locations and in this order: 1. Determine if the server runs under Domino Controller. In this case, console output will be taken from Domino Controller logs (which also contain severity codes for each message). 2. If the server has not been started with Domino Controller, automatic diagnostic data collection will look to the console logging file (located in the IBM_TECHNICAL_INFORMATION folder in your Domino data directory), and if you use the NOTES.INI parameter debug_outfile=<file_location>, also in the location specified within this parameter. Tip: In Domino 6, a new function was introduced to save all the messages displayed at the server console in a text file located in the diagnostic directory IBM_TECHNICAL_SUPPORT in the Domino data directory. A new text file is created at each server restart while the previous one is time stamped. To enable console logging, add the following log to the server's NOTES.INI file:
Console_Log_Enabled=1 This setting creates a console.log file at the next server restart:
Server Controller: Diagnostic Directory: Console Logging: Not Enabled F:\ND70_installation\data\IBM_TECHNICAL_SUPPORT Enabled If you want to start console logging immediately, type the following command at the console:
start consolelog 12/12/2005 10:27:29 AM Console Logging is ENABLED If you do not add the Console_Log_Enabled=1 parameter to the server NOTES.INI file, at the next server restart the console logging will be turned off. We recommend that you use the new console logging parameter in place of the older debug_outfile=<consolefile> setting. However, automatic diagnostic data collection will observe this setting and generate console logging output:
Fault Recovery: Server Controller: Diagnostic Directory: Console Logging: Console Log File: Enabled Not Enabled F:\ND70_installation\data\IBM_TECHNICAL_SUPPORT Enabled f:\nd70_installation\data\debug_outfile.txt 3. If none of these previous files is available, automatic diagnostic data collection will extract the last line of the server LOG.NSF file and write it to a text file in the Miscellaneous Events view. Using the NSD file for failure analysis
Detailed information about a server failure is contained in the NSD file generated by the server crash. To generate NSD files on your Domino server after a failure, select the Run NSD To Collect Diagnostic Information option on the Basics tab of the Domino server's configuration document, as shown in Figure 6-6 on page 225. You can also specify additional settings such as defining a maximum execution time for NSD output and defining a server shutdown timeout where the Process Monitor introduced in Domino 7 will ensure that each server task is terminated. 224 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-6 Minimal NSD configuration from your Server document If you disabled NSD file generation, you will be warned when the Fault Report is generated that NSD is not configured, as shown in Figure 6-7. Disabling NSD file generation will impair the functionality of the automatic diagnostic data collection tool and Fault Analyzer. Because NSD information is missing, any real crash information cannot be extracted and finally prevents the automatic diagnostic data collection tool (and Fault Analyzer) from working well. Figure 6-7 Importance of NSD information when you use automatic diagnostic data collection Chapter 6. Domino administration enhancements 225 Tip: When using Fault Recovery in conjunction with administrator notification, you can attach the NSD file generated by the server crash to the server restart notification. To accomplish this, you need to add the following setting to the Domino server's NOTES.INI file:
FR_Attach_NSD=1 Keep in mind that in this case the entire NSD file will be attached to the server restart notification, without any limitation on its size, while the same information will be also available into the Fault Report database. If you want to limit the size of the attachment, you can specify a value in KB for the FR_Attach_NSD=100 parameter; in this case, only the first 100 KB will be sent. In Domino 7, the server restart notification contains additional information to that available in Domino 6, such as the name of the server, the Domino server version, the operating system, faulty process, and call stack. However, you can revert to the Domino 6 restart notification format by adding the following setting to the server's NOTES.INI file:
ADC_USE_OLD_EMAIL_FORMAT=1 This parameter needs to be set for each server on which you want to use the older format. Enhanced design for the Fault Report database (LNDFR.NTF)
The design of the Lotus Notes/Domino Fault Reports database has been enhanced to offer additional options and support the use of Fault Analyzer. Enhancements include a threaded view, parent/children documents for crashes that occur with the same call stack, and an improved frameset for navigation. Figure 6-8 on page 227 shows a side-by-side design comparison for the Lotus/Domino Fault Reports database. 226 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-8 Quick side-by-side design comparison for Lotus/Domino Fault Reports database Important: Remember to upgrade the design of your database, especially if you have disabled the design task or removed any template inheritance. By default, the template file name is LNDFR.NTF and the template name is Lotus Notes/Domino Fault Reports. 6.2 Introduction to Fault Analyzer
Fault Analyzer, introduced in Domino 7, is a server task that runs against your Domino Fault Reports database to analyze the available reports and determine whether a relationship exists between the reported crashes. The Fault Analyzer defines a percentage of convergence between all the failures stored in the Fault Reports mail-database, a key factor in identifying the source of related crashes and determining whether crashes occurring at different layers in the Domino processing have the same cause. 6.2.1 Getting started with Fault Analyzer
Fault Analyzer is an extension of automatic diagnostics collection and Fault Analyzer needs to be enabled in the Domino Server Configuration document. Follow these steps to configure Fault Analyzer on your Domino server: 1. From the Domino Administrator, select the Configuration tab. 2. Click Server Configurations. 3. Select the Server Configuration document you want to edit and click Edit Configuration. Chapter 6. Domino administration enhancements 227 4. Click the Diagnostics tab and then complete these fields, as illustrated in Figure 6-9: Run FaultAnalyzer on FaultDBs on this server Select Yes to run Fault Analyzer on this server, or No to disable Fault Analyzer on this server. If you select Yes, additional fields will display for further configuration. Run FaultAnalyzer on Choose one of these options: All mail-in databases on this server. Fault Analyzer runs on all mail-in databases on this server. Fault Report documents can be posted to any mail-in database on the server. Specific mail-in databases. Specify the mail-in database on which you want Fault Analyzer to run. Fault Reports documents will be posted to this database. Database to run fault analyzer against Specify the databases against which you want Fault Analyzer to run. The Fault Analyzer task searches this database for Fault Report documents and determines whether the stack matches a crash that has already been reported. Remove attachment from duplicate faults If Fault Analyzer locates duplicate Fault Reports, the new crash is reported as a response to the original crash and attachments are either removed from the response document to save space in the database or re saved with the response document. Chose one of these options: Yes. Attachments are removed from the response document to save space in the database. No. Attachments are saved with the response document. 5. Click Save and Close. Figure 6-9 Configuration of Fault Analyzer from the Server Configuration document 6.2.2 How Fault Analyzer works
Figure 6-10 on page 229 and the following steps describe at a high-level how Fault Analyzer works and its strong relationship with automatic diagnostic data collection: 1. When a failure occurs on one of your Domino servers, crash information is collected and sent to the mail-in Fault Reports database after the Domino server has been restarted. 2. On the server hosting the mail-in Fault Reports database, when a new document is received by the Fault Reports database, the Fault Analyzer task is invoked and starts to analyze the content of the new document. 228 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices 3. Fault Analyzer determines if this is a new crash, and if it is, creates a parent document. If this is a recurrence of an existing and unresolved crash, Fault Analyzer adds this document as a child of the parent document created by the initial crash. Fault Analyzer also determines a percentage match between the child occurrence of the crash and the original failure and defines a unique ID for the crash. This unique ID enables you to determine if the same failure occurs on several clients or servers, or if it is isolated to one server or client. Fault Analyzer: High-level vision 1. Crash notification is sent to a mail-in DB holding all crash information through the automatic diagnostic data collection tool. 2. Fault Analyzer is triggered when it receives a new crash notification. 3. Generation of fault-analyzed report to match an occurrence and define an offending stack.
Figure 6-10 High-level description of Fault Analyzer implementation in Domino 7 6.2.3 The Fault Analyzer failure report
If you activate the automatic load of Fault Analyzer, it scans your Fault Reports database every 10 seconds to check if a new document needs to be analyzed. The following example illustrates the Fault Analyzer output:
Agent Manager Calendar Connector Replicator Admin Process Router Directory Indexer Indexer Fault Analyzer Event Monitor Idle Idle Idle Idle Idle Idle Idle Idle Idle Chapter 6. Domino administration enhancements 229 If you do not enable the automatic load of Fault Analyzer, you can invoke it directly from a server console command with or without arguments to specify the location of your Fault Reports database. Type the following command at the server console to load Fault Analyzer:
load faultanalyzer After loading Fault Analyzer, you receive the following output at the server console:
12/13/2005 10:59:27 AM Fault Analyzer started Getting non-data modified time of 'names.nsf' Found 1 fault DBs on this server: faultreport.nsf 12/13/2005 10:59:29 AM Processing faults in faultreport.nsf Note: If you manually load Fault Analyzer with a server console command, it will be terminated after it analyzes and processes data from the mail-in Fault Reports database. If you receive another server failure notification, you need to reload Fault Analyzer using a console command. Figure 6-11 illustrates an example of a failure report sent to the mail-in Fault Reports database when a crash occurs. The first section displays all occurrences of the same crash, while the second section in this figure offers detailed information about the crash. The third section displays information about the number of occurrences of this crash, the clients or servers affected, and other useful failure information. Finally, the failure report displays files attached to the failure report, which can be used to debug the crash. ADC = Automatic diagnostic data collection tool Figure 6-11 Inside view of a parent document in the Fault Reports database 230 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Important: If you used automatic diagnostic data collection with Domino 6, and you plan to use Fault Analyzer, be aware that Fault Analyzer will also analyze your existing Fault Report documents available in your mail-in database. This analysis can be time-consuming. However, Fault Analyzer works well against Domino 6 server Failure Reports, so as soon you have one server upgraded to Domino 7, you can take immediate advantage of Fault Analyzer. Example 6-1 shows the actions taken by Fault Analyzer when a new report is received in the Fault Reports database and analyzed. By default, you do not see these lines.
Example 6-1 Actions taken by Fault Analyzer when receiving a new report Extracted 'CN=Lotus Notes/O=Domino Fault Reports' from server config document Found 1 fault DBs on this server: faultreport.nsf Processing NoteID 0x92A Exact match of NoteID 0x92A to NoteID 0x90A Updated occurrence count for 'Cambridge-Domino7/Infrastructure/JNKWPS' to 8 in NoteID 0x90A Processing NoteID 0x932 Processing NoteID 0x936 Processing NoteID 0x93A 12/06/2005 03:31:50 PM Processing faults in faultreport.nsf Best match of NoteID 0x93A: 54 (noteID 0x936) Updated occurrence count for 'Cambridge-Domino7/Infrastructure/JNKWPS' to 2 in NoteID 0x936 Processing NoteID 0x93E Processing NoteID 0x942 Exact match of NoteID 0x942 to NoteID 0x93E Updated occurrence count for 'Cambridge-Domino7/Infrastructure/JNKWPS' to 2 in NoteID 0x93E 6.2.4 How Fault Analyzer determines a percentage match
Fault Analyzer uses a computational algorithm to determine a correlation between a newly reported crash and any previous crashes reported to the mail-in Fault Reports database. Fault Analyzer performs a stack-by-stack comparison to determine the percentage of a match between the call stack of the original failure and the call stack of the newly reported crash. A 100% match occurs when two identical crashes are reported to the Fault Reports database. The match percentage is extremely useful in determining a correlation between failures, particularly when different crashes invoke different function calls and tasks but have a common cause. With the help of automatic diagnostic data collection, call stacks sent from different operating systems in different formats are made readable by Fault Analyzer, which translates this disparate information into a common language. Chapter 6. Domino administration enhancements 231 Fault Analyzer uses the formula shown in Figure 6-12 to determine the percentage match between reported crashes. Figure 6-12 Explanation of the matching formula used by Fault Analyzer In the example illustrated in Figure 6-13, Fault Analyzer compares call stacks from two crashes reported to the Fault Reports database to determine the percentage match. Detailed information about the respective crashes is analyzed, including that the processes leading to each crash. (*) The result of [(Sa+Sb)/2] is rounded to the closest non-decimal number, in this case 13.
Figure 6-13 Fault Analyzer, matching process formula in action 232 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Fault Analyzer determines that the second reported failure in this example is an additional occurrence of the first reported error, despite the fact that the process for each respective failure was different. The Fault Reports database, as shown in Figure 6-14, displays both crashes in correlation. Figure 6-14 View into the Fault Reports database Note: To determine a percentage match, Fault Analyzer performs a stack comparison between all parent failure documents, including documents marked as resolved, until it finds the higher percentage. Because the process can be take quite long if the Fault Reports database contains a large number of documents, we recommend that you do not run the Fault Reports database and Fault Analyzer on mail or application servers. In order to determine a partial match between reported crashes, a minimum acceptable percentage has been defined from the average number of functions available in the call stacks analyzed. Table 6-1 illustrates how the minimum percentage for a partial match is determined.
Table 6-1 Defining parameters Minimum percentage to have a partial match rather a new parent crash 100% No partial match is possible, the call stack must be identical. 75% At least the first 3 calls must be identical. 60% 40% Average number of functions available in the two call stacks Less than 4 (so 1, 2, or 3) 4 Between 5 and 7 (5, 6, or 7) 8 and more In the example provided in Figure 6-13 on page 232, the average call stack length is 13 and the matching percentage is 54%. Therefore, the percentage match is higher than the minimal requirement in this case (40%) and can be declared as a partial match. Note: You can override this behavior and determine on your own the minimum percentage needed to declare a partial match. However, this setting will be applied regardless the average number of functions available. In the testing performed by the Redbooks team, we did not encounter a situation where we had to override the default setting in the server's NOTES.INI file which runs FaultAnalyzer:
Fault_Analyzer_Match_Percentage= <value between 1 and 99> 6.2.5 Managing resolved issues
Fault Analyzer and automatic diagnostic data collection can provide a powerful way to efficiently and centrally manage all the incidents encountered in your servers and clients. For each parent document in the mail-in Fault Reports database, you can specify the SPR or PMR ID associated with a crash reported to the IBM support team, add your comments, and
Chapter 6. Domino administration enhancements 233 mark the a crash as resolved after a solution has been applied to all the failing servers and clients. Figure 6-15 illustrates how a failure can be designated as resolved in the Fault Reports database. Figure 6-15 Marking a crash as resolved within the context of a specific Domino release If you mark a crash in the Fault Reports database as resolved for a Domino release equal to or later than 6.0.3, Fault Analyzer knows that applies to Domino 6.5 and later versions as well. However, if you mark a crash as resolved and indicate the Domino release in which it is fixed, if the Fault Reports database receives a failure notification from a client or server running an earlier release, Fault Analyzer adds this crash the database as an additional occurrence. If you mark a crash as resolved and select the All clients/servers have fix applied option, any new and identical failure reports will be handled as a new parent document regardless of the Notes or Domino client. However, a notification will be added to the database indicating that the crash has been fixed, with a link to the parent document marked as resolved. See Figure 6-16. Figure 6-16 Potential same error occurring even if the failure appears to be fixed If you erroneously mark a crash as resolved and need to change the resolution status, you need to create two formula agents to run against the marked resolved document to modify it. The following example illustrates how to write the formula to change the Fault Report's resolution status:
FIELD Resolved := @DeleteField; FIELD RslvdAll:[email protected]; FIELD RslvdSetting:[email protected]; FIELD RslvdVersions:[email protected]; SELECT @All Running the following agent the against new a Failure Report will designate it as an additional failure occurrence distinct from the resolved Failure Report:
FIELD Processed := @DeleteField; SELECT @All 234 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices When Fault Analyzer runs against these documents, it analyzes the second document as a new document and will not recognize the previous resolved document as a reference. Restriction: The method illustrated here to change the resolution status of a Failure Report is not supported by IBM, but it has been provided here as a potential workaround, and you should take care when you changing the resolution status of a Failure Report. To check whether crashes you encounter have already been tracked by IBM support, visit the IBM Support Web site:
http://www.ibm.com/software/lotus/support/help-esr.html Use this as your primary source for finding a potential solution to failures in your server or client environment. 6.3 Monitoring your infrastructure at a glance
Domino Administrator 7 includes a set of embedded functions that enable a Domino administrator to efficiently and proactively monitor the server infrastructure. These include the following functions: Server Health Monitoring Performance statistics charts Activity Trends Resource balancing In the following section, we highlight the quick steps to get Server Health Monitoring working in your environment and provide a broad overview of the first set of these tools (Server Health Monitoring and performance statistics charting), including a visual illustration of how they work with your Domino Administrator 7 client, as shown in Figure 6-17 on page 236. Although we do not document Domino domain monitoring, introduced in Domino 7, you can learn more by reading the related Redpaper, Lotus Domino Domain Monitoring, REDP-4089, available at:
http://www.redbooks.ibm.com/abstracts/redp4089.html Chapter 6. Domino administration enhancements 235 Getting the most out of your Domino Administrator 7 client Check out the result SHM = Server Health Monitoring Figure 6-17 Domino Administrator 7 client: Global tools positioning 6.4 Server Health Monitoring
Before configuring Server Health Monitoring and performance charting, note these deployment considerations: Because all the polling will be done from a Domino Administrator 7 client, you might want to create an administrative ID on behalf of which all the data will be gathered. You might want to dedicate a workstation that will run on a 24x7 basis to collect and display information and statistics from the Server Health Monitoring and performance tool. Verify that the users who will perform the Server Health Monitoring task have administrative rights for the server being monitored and are allowed to use server monitors, as designated in the Security tab for each Server document. Important: By default, the Allowed to use Monitors field is enabled for everyone and it is also used by client mail rules. If you decide to restrict this field, it might affect the restricted users' mail rules. For performance charting, ensure that platform statistics is not disabled. Since Domino 6, platform statistics are enabled by default. You might also want to configure quality of service probes (QoS). Additional information to configure the probes is available in the Domino 7 Release Notes. 236 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Configuring your Domino Administrator 7 client
Follow these steps to configure Server Health Monitoring for your Domino server: 1. From the Domino Administrator, select File Preferences Administration Preferences. 2. Click the Monitoring tab, and then select Generate server health statistics and reports. Figure 6-18 on page 238 shows the Monitoring tab. Table 6-2 describes the Global settings for Monitoring options. 3. For the Poll servers every n minutes field, enter a value from 1 to 60 minutes. The higher the number of servers to monitor, the larger the polling interval to enter. For timely monitoring, enter a value between 1 and 10. 4. (Optional) To start the server monitor automatically, select Automatically monitor servers at startup.
Table 6-2 Field Do not keep more than <n> MB of monitoring data in memory (4-99 MB) Not responding status displayed after <n> minutes of inactivity Generate server health statistics and reports Global settings option Action Enter the maximum amount of virtual memory, in MB, used to store monitoring data. Default is 4. Enter the amount of time after which the "not responding" status displays. The default is 10 minutes. Select this option to include health statistics in charts and reports. You must enable this option to use the Server Health Monitor. 5. Click the Statistics tab, and then select Generate statistic reports while monitoring or charting statistics. 6. For the Generate reports every n minutes field, enter a value greater than or equal to the server polling interval specified in step 3. 7. In the Location section, complete the fields as outlined in Table 6-3.
Table 6-3 Field When using this location Monitor servers Startup profile option Action Choose the Location document. Select one: Select "From this computer" to monitor servers from the local Domino administration client. Select "From server" and then click Collection Server. Select the Domino server running the Collector task for the servers being monitored by the location you selected. Poll server every <n> minutes (1-60 mins) Enter the server's polling interval, in minutes. If "From this computer" is selected, the default is 1 minute. If "From server" is selected, the default is 5 minutes. Automatically monitor servers at startup Select this option to start the Domino Server Health Monitor when you start Domino Administrator. Chapter 6. Domino administration enhancements 237 Note: When we refer to trends in this chapter, there is not any relation to Activity Trends, where the data is gathered and collected from another source. DOMMON.NSF is a unique local database only available on the local Administrator workstation storing only configuration and results for Server Health Monitoring. Size of local DOMMON.NSF, which will contain all the results. Timeout after which a server is marked as not responding. Select this option to Server Health Monitoring activated. Define from where this polling will be done. Define the time interval between different polling sessions. Figure 6-18 Domino Administration Preferences settings for Server Health Monitoring 8. After you define your configuration options, go to the Server tab and select the Monitoring subtab to display a list of servers to watch, as shown in Figure 6-19. Figure 6-19 Monitoring view However, the first time that you initiate this view, a default group of servers will be loaded which relates to your default Domain connection. You might need to create your own profile to match which servers you want to monitor and record this setting by using the Monitoring profiles option available on the right-top panel, as shown in Figure 6-20 on page 239. 238 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-20 Selection of servers to monitor Tip: When you use Monitoring profiles, all server groups available within your domain will be displayed. Of course, you can pick one as a baseline and eventually add or remove any servers for which you want more specific information and then record this new profile with a specific name. The next time you restart the Domino Administrator client, the last used profile will be recalled. In addition, Server Health Monitoring can monitor all your Domino servers in your environment regardless of the Domino release you use (even though Domino R5 is no longer supported). It is backward compatible with Domino 5 and 6. Indeed, Server Health Monitoring uses a polling mechanism to get Domino key statistics in order to visually give you an assessment of the situation. However, as Domino statistics have improved over the time, you will not get the same level of information with each Domino release. In summary, using Server Health Monitoring does not require any code installation at the server level. This is not an intrusive method, but instead relies only on core Domino statistics. Figure 6-21 on page 240 shows three types of indicators on the left. The signals used should be universally recognized: Green: Everything is good, and your server performance is healthy. Yellow: Your attention might be required because one of your server components is running into a warning situation. Red: Your server is running into a critical situation, and you might need to take corrective or appropriate action as soon as possible. However, solving a server issue, especially for performance bottlenecks, is not an easy task, Server Health Monitoring provides you with a first indication of where you to look for in order to quickly return to a steady state and thus helps you to define potential bottlenecks. Chapter 6. Domino administration enhancements 239 Figure 6-21 Indicators If you see a server with a yellow or red indicator, right-click and select Switch to Health Reports, as shown in Figure 6-22. Figure 6-22 Switching to Health Reports database (DOMMON.NSF) This provides the current status of the all the servers monitored in your list; however, note that by default you are just opening a the view named "Current Reports" in the DOMMON.NSF (Health Monitoring) database and you will have to reselect the faulty server. For each server, you have a master line that represents the overall health situation for that server, and you can expand this line to display as children documents all the components monitored for this server for their current situation (still using the red indicator). See Figure 6-23 on page 241. 240 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-23 Historical statistics for a given server from DOMMON.NSF By selecting the main server entry line, you will get an overall health report for the server, where the potential issue is outlined and where probable short-term and long-term actions are explained. Figure 6-24 Drilling-down to a specific problem reported by Server Health Monitoring Note: Defining and solving a performance issue is not an easy task. Consider Server Health Monitoring as an indicator rather than the absolute answer to all your questions. Server Health Monitoring can assist you to quickly narrow down misconfigured components and it presents the administrator with a few choices to identify and hopefully resolve the problem. Nevertheless, it is advisable to continue to dig down and consider alternate choices. The Health Reports database (DOMMON.NSF) also contains historical reports to help to visualize if you are experiencing a one-time problem, if there are some additional occurrences for the same machine, or this is a phenomenon spread over your environment. To access these reports, switch to Historical Reports. Getting a warning or critical server report from time-to-time might not impact the overall performance of your infrastructure, but it can give Chapter 6. Domino administration enhancements 241 you an early signal about a specific action that you will need to take if nothing is done, or if you are on the same trend. Looking at historical reports, however, can give you a better long-term picture when you can easily (and visually) determine what kind of actions you need to take to maintain and achieve your service level agreement (SLA) inside your organization. As with any good performance system, Server Health Monitoring provides a large set of possible customizations to fit to your environment. Figure 6-25 and Figure 6-26 illustrate an overview of the configuration settings for server components and the index thresholds that can be set and modified based on the type of server operating system. Figure 6-25 Self-configuration settings for all server components Figure 6-26 Defining Index Thresholds for each type of server operating system 242 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure 6-27 illustrates the modified index thresholds for a specific server. Figure 6-27 Modified index thresholds for a specific server Chapter 6. Domino administration enhancements 243 244 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices A Appendix A. Policy basics and troubleshooting policies
The subject of policies has been a difficult subject to grasp for many Notes administrators and even more difficult to implement correctly. While you can use policies as very effective tool, Notes administrators must have a thorough understanding of how to create and apply them to their organization. The IBM Redbook Lotus Security Handbook, SG24-7017, (http://www.redbooks.ibm.com/abstracts/sg247017.html) explains policies and policy settings at length. For this paper, however, we want to make an additional effort to further explain them. We build on the established knowledge with new information to further help Notes administrators gain a firm grasp of the concept of policies and policy settings. Finally, this appendix describes ways to troubleshoot problems that can occur with policies, especially if policies are applied incorrectly within the organization. In this appendix, we review policy basics and discuss how the policies works client-side, where the policy information is written, and what can be done to correct incorrect configurations. We start by discussing the tool responsible for retrieving from the server the policy settings that are part of established policies and applying them client-side. Copyright IBM Corp. 2006. All rights reserved. 245 A.1 Policies and policy settings
Because the main topic of this appendix is policies, let us take a moment to summarize what policies are, so as to better cover the new functionality introduced in Release 7. Do not confuse Domino policies with corporate security policies. These are two completely different things. A corporate security policy is a set of guidelines and standards used in an organization to establish and enforce secure information practices. Domino policies, in contrast, permit administrators to control key aspects of the Lotus Notes and Domino infrastructure, specifically, how users work with Notes. A.1.1 Policy basics
A policy is a document that identifies a collection of individual policy settings documents. As shown in Figure A-1, the policy settings documents cover six administrative areas: registration settings, setup settings, desktop settings, mail settings, mail archiving settings, and security settings. Figure A-1 Policies and policy settings documents These areas are best described as follows: Registration: If a policy including registration policy settings is in place before the administrator registers Notes users, these settings set default user registration values including the user password, Internet address format, roaming user designation, and mail. Setup: If a policy including setup policy settings is in place before the administrator sets up a new Notes client, these settings are used during the initial Notes client setup to populate the user's Location document. Setup settings include Internet browser and proxy settings, applet security settings, and desktop and user preferences. 246 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Desktop: Administrators can use desktop policy settings to update the user's desktop environment or to reinforce setup policy settings. For example, if a change is made to any of the policy settings, the next time users authenticate with their home server, the desktop policy settings restore the default settings or distribute new settings specified in the desktop policy settings document. Mail: Administrators can use mail policy settings to set and enforce client settings and preferences for mail and for calendar and scheduling. Mail archiving: Administrators can use archive policy settings to control mail archiving. Archive settings control where archiving is performed and specify archive criteria. Security: Administrators can use security settings to set up administration execution control lists (ECLs) and define password-management options, including the synchronization of Internet and Notes passwords. Each of these policy settings documents defines a set of defaults that apply to the users and groups to which the policy is assigned. After a policy is in place, it is possible for administrators to easily change a setting, and it will automatically apply to those users to whom the policy is assigned. A.1.2 Organizational and explicit policies
There are two types of policies: organizational and explicit. It is important to understand the differences between the types; otherwise, it might lead to an improper implementation of these policies. In addition, there are exceptions that you can apply to these policies. Organizational policies
An organizational policy automatically applies to all users registered in a particular organizational unit. For example, if an administrator wants to see default settings distributed to all users at the fictional ITSO Acme company registered in Sales/Acme, the administrator simply creates an organizational policy named */Sales/Acme. Then, when that same administrator uses the Sales/Acme certifier ID to register a user, that user automatically receives the settings in the corresponding organizational policy. If a user is moved within the hierarchical structure (for example, because the user transfers from the sales department to the marketing department), the organizational policy for the corresponding certifier ID is automatically assigned to the user. For example, if the administrator moves the user from Sales/Acme to Marketing/Acme, all settings defined in the desktop, archiving, and security policy settings documents associated with the */Marketing/Acme organizational policy are assigned to the user. The new policy settings become effective the first time users authenticate with their home server. Explicit policies
An explicit policy assigns default settings to individual users or groups. For example, to set a six-month certification period for contract workers in all departments, the administrator simply creates an explicit policy and then assigns it to each contract employee or to the group that includes all contract employees. There are three ways to assign an explicit policy: during user registration, by editing the user's Person document, or by using the Assign Policy tool. Using exceptions
It is possible for administrators to assign an exception attribute to either an organizational or explicit policy. Appendix A. Policy basics and troubleshooting policies 247 An administrator uses exceptions to allow the user to override a policy setting that is otherwise enforced throughout an organization. When an exception policy is created, the administrator can specify only the settings that will not be enforced. Then, when the administrator assigns the exception policy, it exempts users from enforcement of those settings only. Exception policies are a way to give someone in an organization special treatment, possibly because of their position or job requirements. For example, the */Acme policy includes a Registration policy setting that enforces a mail database quota of 60 MB. However, a small group of employees in Acme need to exceed this quota. The solution is to create an "exception" policy that includes only a Registration policy settings document that does not set a quota limitation on the mail database. When this exception policy is assigned to users, they can override the database quota setting. Because exception policies defeat the enforcement of policy settings, use them sparingly. Order of application
Figure A-2 shows the order of application of organizational policies, explicit policies, and exceptions, where exceptions have the highest priority and organizational policies have the lowest priority. Figure A-2 Order of application of organizational policies, explicit policies, and exceptions 248 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices A.1.3 Policy hierarchy
The effective policy for a user is a set of derived policy settings that are dynamically calculated at the time of execution. The field values in an effective policy can originate from many different policy settings documents. Each hierarchical level can have an associated policy, so users can have a combination of policy settings that include the values set at their OU level and those inherited from a parent policy. The resolution of those settings, stepping up through the organizational hierarchy, determines the effective policy for each user. In addition to organizational policies, users can also have explicit policies assigned to them. In that case, the order of resolution is that all organization policy settings are resolved first, and then any explicit policy settings are resolved. For example, if an administrator wants all users to use the same Internet mail name format, the administrator would set that value in the Registration policy settings document for the top-level policy. After the administrator has set this value, it does not need to be changed or reentered in subsequent child policies. This value is simply "inherited" from the parent by having the inherit option selected. However, if there is a select group of international users for whom this setting is a problem, it is then possible for the administrator to create an explicit policy that applies to the select group only. The combination of the explicit and organizational policies together provides the control and the flexibility required. Figure A-3 on page 250 shows a flow chart that explains how this all works. In addition, there are two tools that help you determine the effective policy governing each user. The Policy Viewer shows the policy hierarchy and associated settings documents, and a Policy Synopsis report shows the policy from which each of the effective settings was derived. Appendix A. Policy basics and troubleshooting policies 249 Figure A-3 Flowchart explaining how the policies work and are interpreted Inheritance and the child policy relationship
Inheritance plays an important role in determining a user's policy settings in both organizational and explicit policies. Through the parent-child relationship, it is possible for the administrator to create a hierarchy of policies to set the desired administrative practices across the enterprise. 250 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices In a policy hierarchy, policy documents build the relationship, and policy settings documents determine the value of the fields based on their position in the hierarchy. Using field inheritance and enforcement, the administrator controls the default settings. In organizational policies, the hierarchy of policies is determined automatically based on the organization's hierarchy. The policy */Sales/Acme is the child policy of */Acme. Because explicit policies do not follow the organizational structure, when the administrator creates explicit policies, the administrator builds in the hierarchy, based on the naming structure. For example, the administrator creates an explicit policy named /Contractors that includes several settings that apply only to contract employees who might be employed for six month to a year. However the administrator wants short-term temporary employees, employed for only one or two weeks, to inherit only some of those settings. The administrator then creates a child explicit policy called Short term/Contractors. Now, we are now ready to discuss how to troubleshoot policies. A.2 The Dynamic Client Configuration tool
The Dynamic Client Configuration (DCC) tool is a Notes client process that synchronizes certain information between Notes clients and Domino servers. The DCC executable, ndyncfg.exe, is in the Notes client program directory. The DCC does a lot of work. To begin with, DCC populates the Client Information section on the Administration tab of Person documents. The DCC is also required for the proper operation of certain domains processes such as "Move Mailfile" and new Notes/Domino 6.x features including policies and roaming users. Therefore, if you encounter issues with any of these processes/features, first troubleshoot the DCC. The DCC runs when the user authenticates with their home server, and either their Person document has been modified, or their assigned desktop policy has been modified since the last authentication. Specifically, during the user's first authentication to the server, the server dynamic profile is compared with the client dyninfo object, which is stored in the Personal Address Book preferences. If there are differences between the dynamic profile and the dyninfo object, DCC runs. Otherwise, the DCC will not run. Technically, ndyncfg.exe can be forced to run by typing ndyncfg at a DOS command prompt, but this is not the recommended method of running DCC manually. We discuss this more later in the appendix. The DCC is designed as a push mechanism only from the server to the client. The DCC updates settings on the user's workstation based on the current settings in the user's Person document and any desktop policies that are in place. For example, if changes are made to a user's Person document, the DCC will detect the changes when the user connects to the server and then push the appropriate changes down to the client. By default, the DCC is installed with every client and runs daily at the first user authentication with the server. When the DCC executes, it adds the following lines to an entry in the Miscellaneous Events view of the local LOG.NSF:
11/06/2005 07:40:00 AM Dynamic Client Configuration started 11/06/2005 07:40:02 AM Initializing Dynamic Client Configuration 11/06/2005 07:40:03 AM Dynamic Client Configuration updating policy information 11/06/2005 07:40:03 AM Configuration updating location information 11/06/2005 07:40:03 AM Dynamic Client Configuration shutdown Dynamic Client If this information cannot be found, this is an indication that there is a problem with the DCC. If no errors are reported in the log, this indicates that the DCC ran on the client. However, do note that the log entry only ensures that DCC ran; it does not ensure that the DCC
Appendix A. Policy basics and troubleshooting policies 251 successfully changed any values on the client. For example, the previous log entry that reads Dynamic Client Configuration updating location information does not necessarily mean that the location information was successfully updated. There are also other ways to determine if the DCC is not working. Another place to look in the Domino Directory (that is, NAMES.NSF). There should be client information on the Administration tab of each Person document. If that information is missing, or the information is there but not up to date, there might be a problem with the DCC. In addition, if the policies in place, specifically the desktop policies, seem to skip certain people, that might indicate a problem with the DCC. This also applies to roaming users and mail file moves through AdminP. If problems are identified with the DCC, you need to determine what prevents the DCC from working properly. One common cause for the DCC not working as expected is that it might have been deliberately or inadvertently disabled. Even though the DCC was originally introduced in Release 5 of Notes/Domino, it was not required for many features. Therefore, users and administrators might have disabled it. If you determine as part of a comprehensive troubleshooting process that the DCC is not running, perform the following steps to make it work properly: 1. Check the NOTES.INI configuration file on the user's workstation, and if the parameter DisableDynConfigClient=1 is present, remove it. 2. Access the properties of the user's current Location document (click the Location section on the status bar, select the Edit Current pull-up menu on the Status bar, and then select File Document Properties). On the Fields tab, look for the "AcceptUpdates" field. If this value of this field is set to "0" (zero), enable the DCC by performing the following steps: a. Open the current Location document. b. Select Actions Advanced Set Update Flag. c. When the prompt "Allow administrators to keep this location's settings up to date with those settings on your mail server" opens, click Yes. d. Save and close the Location document. If after performing the previous steps, the DCC still does not work, remove the address book preferences in the user's Personal Address Book (that is, the client copy of NAMES.NSF) using the following steps: a. Open the user's personal Name and Address book. b. Select Actions Remove Address Book Preferences. You might wonder what the address book preferences have to do with the DCC. When you select the Remove Address Book Preferences option, this removes the directory profile document (directoryprofile), which contains something called $DynInfoCache. With this document deleted, the cache is completely rebuilt when users re-authenticate with their home server. In addition, this basically de-synchronizes the client dyninfo object with the server dynamic profile, forcing the DCC to run on the client's next authentication with its home server. Note that after removing address book preferences, the users need to reset certain items if they have customized the preferences of their personal Name and Address Book, such a defining the group sort order, the format of contacts, and the address format. 252 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices A.3 Policy profiles and documents in the $Policies view
The first item written is a policy profile, the second is a collection of one or more documents (based on the number of policy settings the applied policy contains) in the $Policies view. For policy profiles, these are documents that serve as data and time stamps to specify at what time a specific policy was applied. This serves as a means for the DCC tool to know whether there has been an update in the specific policy and whether the contents of the policy (and related policy settings) need to be re-applied to the Notes client. Because, by definition, profile documents do not appear in any view (and thus, make it difficult to access them other than through programmatical means), the best tool to aid in accessing policy profiles is NotesPeek. For a free copy of the tool, visit the Lotus Sandbox at the following Web page:
http://www.lotus.com/ldd/sandbox.nsf/0/2791869f4e1d3fa385256f2c00432973?OpenDocument Using NotesPeek, the user's local Name and Address Book (that is, the local NAMES.NSF database) can be opened and all profiles document can be accessed. These are conveniently grouped under the Profiles category, as shown in Figure A-4, which shows not only policy profiles (identified as $policyprofile) but other profile documents as well. Figure A-4 Example of the collection of accumulated policy profiles To clear these policy profiles, use the code in Example A-1 in a button, action button, or agent.
Example: A-1 Sub Initialize '--- Declare Class Variables Dim s As New NotesSession Dim db As NotesDatabase Dim doc As NotesDocument '--- Initialize Class Variables Set db = s.currentdatabase Set col = db.GetProfileDocCollection("$policyprofile") Clear policy profiles code Appendix A. Policy basics and troubleshooting policies 253 '--- Remove all the Policy Profiles Call col.Removeall(True) End Sub The code, in effect, removes all policy profiles (but not the other profiles, which is why it is best to use this code) in the user's local Name and Address Book. Figure A-5 shows the result of using this code. Figure A-5 Example of the policy profiles collection after cleanup Thereafter, when the user connects again to a server that contains a policy (either an organizational policy for the hierarchy in which the user finds himself in or an explicit policy which has been assigned to the end user), the DCC brings down the policy settings to the Notes client and records the operation in a policy profile, as shown in Figure A-6. Figure A-6 Example of the collection after the application of a policy A.4 Policy documents
The other place that the DCC records information is in the $Policies view of the user's local Name and Address Book. This is a hidden view, so you need to use a special trick to access the view. Go to the Notes workspace (the page with all the database placeholders). Press the Ctrl+Shift (and keep them pressed), right-click the local Name and Address book database placeholder, and select Database Go To. This opens a list of views in the database, including the hidden views. Select the $Policies view. This opens the view, similar to the one shown in Figure A-7 on page 255. 254 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Figure A-7 The ($Policies) view with a collection of documents This is another place where there might be problems and, as for the policy profiles, it is best to use the code in Example A-2 for a button, action button, or agent. This code removes all documents in the $Policies view in the user's local Name and Address Book. After the user reconnects, the effective policy defined for this user (where it is organizational or explicit) will be brought down and entries written in the user's local Name and Address Book. Figure A-8 on page 256 shows the result of using this code and writing the new policy information.
Example: A-2 Sub Initialize '--- Declare Class Variables Dim s As New NotesSession Dim db As NotesDatabase Dim view As NotesView Dim doc As NotesDocument Dim collection As NotesViewEntryCollection Dim entry As NotesViewEntry '--- Initialize Class Variables Set db = s.GetDatabase("", "names") Set view = db.GetView( "($Policies)" ) Set collection = view.AllEntries Set entry = collection.GetFirstEntry() Appendix A. Policy basics and troubleshooting policies Remove all documents in $Policies view code 255 '--- Process all documents in the ($Policies) view While Not(entry Is Nothing) Set doc = entry.Document doc.Remove(True) Set entry = Wend End Sub collection.GetNextEntry(entry) Figure A-8 The $Policies view cleaned up and with the application of a policy In Figure A-8, there was an explicit policy defined for the user, which contained a desktop settings document. When bringing down the settings for the policy, a total of four documents were written, one for the policy itself and three documents related to the desktop policy settings. A.5 The cleanup procedure
We explained the Dynamic Client Configuration (DCC) tool, the policy profiles, and the documents in the $Policies document. We also explained the method by which to clean the policy profiles and the documents in the $Policies view.Now, we describe the actual cleanup procedure if a problem exists with one user. Assuming that the DCC works as expected (there is rarely, if ever, a problem with the DCC), the way to correct policy application problems for the user is to clean up both the policy 256 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices profiles and the documents in the $Policies view, which are all in the user's local Name and Address Book. It is best to clean up both of these, because the problem can persist if only one is cleaned up. To save time and effort (and to reduce the possibility of an error), use the code written for the purpose of cleaning up both the policy profiles and the $Policies view, as shown in Example A-3.
Example: A-3 Sub Initialize '--- Declare Class Variables Dim s As New NotesSession Dim db As NotesDatabase Dim view As NotesView Dim doc As NotesDocument Dim collection As NotesViewEntryCollection Dim entry As NotesViewEntry '--- Initialize Class Variables Set db = s.GetDatabase("", "names") Set view = db.GetView( "($Policies)" ) Set collection = view.AllEntries Set entry = collection.GetFirstEntry() Set col = db.GetProfileDocCollection("$policyprofile") '--- Process all documents in the ($Policies) view While Not(entry Is Nothing) Set doc = entry.Document doc.Remove(True) Set entry = Wend Clean up policy profiles and $Policies view code collection.GetNextEntry(entry) '--- Remove all the Policy Profiles Call col.Removeall(True) End Sub This code removes all policy profiles and all documents in the $Policies view in the user's local Name and Address Book. When the user reconnects, the effective policy defined for this user (where it is organizational or explicit) is brought down and entries written in the user's local Name and Address Book. At that time, policies should work properly for this user and the problem should be resolved. Appendix A. Policy basics and troubleshooting policies 257 258 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices B Appendix B. Considerations when upgrading from Domino 5 directly to Domino 7
In this appendix, we discuss important considerations to be aware of if your organization is upgrading directly from Lotus Notes and Domino 5 to Notes and Domino 7. Note: This appendix is not intended as a comprehensive list of all the steps that you need to follow for upgrading directly from Notes and Domino R5 to Notes and Domino R7. Instead, it is intended to provide an overview of the key considerations and technical checkpoints to perform when making the upgrade. If you are upgrading directly from R5, we strongly recommend that you review the IBM Redbook, Upgrading to Lotus Notes and Domino 6, SG24-6889:
http://www.redbooks.ibm.com/abstracts/SG246889.html Copyright IBM Corp. 2006. All rights reserved. 259 B.1 Primary differences between the Domino 5 and Domino 7 installations
Although you should follow the same practices outlined in Upgrading to Lotus Notes and Domino 6, SG24-6889, for planning and executing a server upgrade when upgrading directly from Domino 5 to Domino 7, there are a number of fundamental architectural differences of which you must be aware. These include changes in the on-disk structure (ODS), considerations about the public key, personal agents variances, and incompatibilities with the Resource Reservations database. B.1.1 On-disk structure implications
One of the key structural differences between Domino 5 and Domino 6 or Domino 7 is the on-disk structure (ODS) level. Domino 5 uses ODS 41, and Domino 6 and Domino 7 both use ODS 43. Therefore, upgrading directly from Domino 5 to Domino 7 involves a potential change in the on-disk structure. The ODS level is completely unrelated to the database design, and you are not required to change your ODS level when upgrading from Domino 5 to Domino 7, but there are several factors to consider when deciding whether to upgrade your ODS: Domino 5 and Domino 7 use different index engines. A Domino 5 database based on ODS 41 will keep the Domino 5 indexes plus build Domino 7 indexes. Implications of retaining ODS 41 after the server upgrade
If you do not upgrade the ODS level when upgrading from Domino 5 to Domino 7, there are several performance implications: Each database will have twice as many view indexes. Database size will increase. There will be a significant CPU impact after the server upgrade to create the next indexes. If the ODS is converted later, you must run compact must be run with the D option, in addition to c and c. For example, run the following command at the server console:
Load compact -D -c -i Where: - The D option discards both sets of indexes. - The c option builds all of the indexes, so the performance impact and database size increase is significant. - There will be another significant CPU impact to rebuild the Domino 7 Indexes. Strategies for upgrading to the new ODS level
There are several options from which to choose to upgrade your Domino databases to ODS 43: Compact all databases on the server during your upgrade process from Domino 5. Compact only your system databases during the upgrade process from Domino 5, and then run an offline compact command later for the remaining databases. Schedule a program document that will trigger a compact during off hours. 260 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Run the compact task online by using the new indirect (IND) file in which you can specify several databases that need to be compacted. You can create an IND file using a text editor, such as Notepad, and list the databases, including any subdirectory, or simply list the subdirectory to include all databases within it. Save the file with the extension .IND. To use the IND file, save the file in the Domino data directory containing the Domino databases to be compacted. For example, the WEEKLY.IND file might contain the following files:
REVENUEDATA\SALES.NSF PRODUCTS.NSF PRICING.NSF CUSTOMERS.NSF When you run the following command at the server console against the WEEKLY.IND file, the compacted databases specified in the IND file will be stored in the Domino data directory:
Load compact WEEKLY.IND How to retain ODS 41 after upgrading to Domino 7
If you want to retain the ODS level of 41 after upgrading to Domino 7, using the Domino Administrator client, specify the .NS5 extension for all existing Domino 5 databases, for example, DatabaseName.NS5. Upgrading the ODS after upgrading to Domino 7
If you decide to upgrade the ODS to 43 after upgrading your Domino server, there will be a significant performance impact when the View indexes rebuild and when the inbox folder rebuilds in each mail file. The inbox will rebuild on the first morning after the ODS upgrade, and each time the inbox is opened. To alleviate the CPU impact from the View index rebuilding, run the Updall task at the console command line with the server down, as in the following example:
Load Updall -R B.1.2 Differences in the public key used
If you create a new Domino 7 server, the server ID will be 1024-bits wide. This is only the case when creating a new server, such as in a lab environment, and is not an issue when upgrading an existing server to Domino 7. Because of the 1024-bit public key, any Notes 5 clients will be unable to use the server and will receive an error message when attempting to connect. To immediately rollover the server key to 630 bits if Notes 5 users need to access the server, add the Setup_First_Server_Public_Key_Width parameter to the server NOTES.INI file:
Setup_First_Server_Public_Key_Width=630 B.1.3 Personal agents implementation
If you disabled personal agents in your Domino 5 Server document, these agents will not automatically be disabled on the Domino 7 server. Notes 7 users with LotusScript rights are automatically granted personal agent rights, so you need to add the Enforce_Personal_Agents parameter to your server NOTES.INI file to ensure that personal agents do not automatically run on the Domino 7 server. If this variable is enabled, users who have LotusScript rights are not granted personal agent rights unless they are explicitly listed in the Server record or if the Personal agents field is blank. Appendix B. Considerations when upgrading from Domino 5 directly to Domino 7 261 The possible settings for the Enforce_Personal_Agents parameter are as follows: 0: Do not enforce personal agents. 1: Enforce personal agents. Set the value of Enforce_Personal_Agents to 1 to disable personal agents from running on the Domino 7 server, as in the following example:
Enforce_Personal_Agents = 1 Domino 7 is designed for users to have editor access and use the Domino 7 mail template in order to run personal agents. When these requirements have been met, you can remove the Enforce_Personal_Agents parameter from the server NOTES.INI file. B.1.4 Resource Reservations database considerations
Domino 5 and Domino 6 Resource Reservations databases are not supported on a Domino 7 server. If you only use the older Resource Reservations database for direct booking, it will appear to work, but rooms and resource notifications and busytime functionality will not work at all. To enable your Domino 5 and Domino 6 Resource Reservations databases on the Domino 7 server, you must upgrade the Resource Reservations database design when you upgrade the server on which it resides. For more information about this issue, see 4.5.2, "Resource Reservations database" on page 156. B.2 Notes client considerations
There are a number of differences in behavior between the Notes 5 and Notes 7 client, including changes in the soft deletions functionality, the upgrade folder design option, and unread marks. For comprehensive documentation of interoperability considerations in Notes 7, refer to the Release Notes and the Lotus Technotes. B.2.1 Soft deletions functionality
In the Notes mail file database, deleting a document moves it into a Trash folder and stores it in a state of "soft deletion." From this folder, users can restore deleted documents by dragging them from the Trash folder into another folder or by selecting Restore. By default, soft deletions are enabled for mail databases created from the Domino 7 mail template (MAIL7.NTF). You can turn soft deletions on or off for any database and specify how long to retain soft deletions before removing them from the database. Deleted documents are not permanently removed until a specified expiration time or until the user empties the Trash folder, and the default expiration time is 48 hours. The mail documents move immediately to the Trash and are not marked with a Trash icon before being moved. This is new behavior for Notes 5 users, so you must communicate the Notes 7 soft deletions behavior to all existing Notes 5 users. B.2.2 Upgrade folder design
As the Domino administrator, you can enforce settings to upgrade your Notes 7 users' mail file design to include the latest design for Notes folders, such as Inbox and Trash, but not for folders that the users have created. Notes 7 client users can use Automatic Upgrade to upgrade all of their folders to the latest version of the design used to create them, or use Manual Upgrade to manually select the folders to upgrade and the designs to use. However, with Automatic Upgrade, folders created in Notes Release 5 or earlier are upgraded to the 262 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices default folder design, which is Inbox. We recommend Manual Upgrade if users have customized folders or folders created in Notes Release 5 or earlier. There are some limitations to the Manual Upgrade functionality in the Notes 7 client. For an explanation of the Automatic Upgrade and Manual Upgrade behavior in Notes 7 and suggestions for working around any limitations, refer to the technote 1084954, "How does the mail template's new agent upgrade folder designs." B.2.3 Unread marks behavior
Notes 7 users who access their local mail file with both the Notes 7 and the Notes 5 client might observe unexpected behavior with unread marks. For example, if a Notes 7 user accesses and reads mail in the mail file from a Notes 7 client and then views the same mail file from a Notes client, the user might notice that the read marks have now disappeared and the contents of the Inbox appears unread. However, Notes is functioning as designed. The unread marks behavior is a consequence of upgrading the internal named object hash table when opening a database with Notes 7. Appendix B. Considerations when upgrading from Domino 5 directly to Domino 7 263 264 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Related publications
The publications listed in this section are considered particularly suitable for a more detailed discussion of the topics covered in this Redpaper. IBM Redbooks
For information about ordering these publications, see "How to get IBM Redbooks" on page 267. Note that some of the documents referenced here may be available in softcopy only. Upgrading to Lotus Notes and Domino 6, SG24-6889 Lotus Domino 6 for Linux, SG24-6835 Lotus Security Handbook, SG24-7017 Security Considerations in Notes and Domino 7: Making Great Security Easier to Implement, SG24-7256 Lotus Domino Domain Monitoring, REDP-4089 Lotus Domino 7 Application Development, REDP-4102 Online resources
These Web sites and URLs are also relevant as further information sources: Lotus Developer Domain
http://www.lotus.com/ldd Lotus Documentation
http://www.lotus.com/ldd/doc IBM Workplace Collaboration Services documentation
http://www.ibm.com/developerworks/workplace/documentation/collaborationservices/ Notes, Domino, and Domino Designer 7 Release Notes
http://www.lotus.com/ldd/notesua.nsf/e18d5eb0b8be97d9852567e50052ad16/ec099861d91381fc85 2570360051903c IBM Lotus Notes and Domino 7 Reviewers Guide
ftp://ftp.lotus.com/pub/lotusweb/product/domino/ND7_Reviewers_Guide.pdf IBM developerWorks: Lotus Notes and Domino
http://www.ibm.com/developerworks/lotus/products/notesdomino/ Lotus Domino and DB2 feature
http://www.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/nsfdb2 Lotus Domino Express
http://www.ibm.com/software/sw-lotus/products/product4.nsf/wdocs/dominoexpress Lotus Knowledge Base
https://www-927.ibm.com/search/SupportSearchWeb/SupportSearch?pageCode=SBS&brand=lotus Copyright IBM Corp. 2006. All rights reserved. 265 Notes/Domino 6 and 7 discussion forum
http://www.lotus.com/ldd/nd6forum.nsf Lotus Sandbox: NotesPeek 1.53 tool
http://www.lotus.com/ldd/sandbox.nsf/0/2791869f4e1d3fa385256f2c00432973?OpenDocument IBM Tivoli Enterprise Console
http://www.ibm.com/software/tivoli/products/enterprise-console/ Lotus Domino Designer 7 Help, "Programing" topic
http://www.lotus.com/ldd/doc/domino_notes/7.0/help7_designer.nsf/b3266a3c17f9bb7085256b8 70069c0a9/9f553d9eb0e5968f8525704a003f1e01 Lotus Education On Demand: Lotus Domino/Notes 6 Smart Upgrade Tutorial
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27006422 New Features and TCO Benefits of IBM Lotus Notes/Domino 7 - Interim Assessment, a white paper by Ferris Research
http://www.ibm.com/software/swnews/swnews.nsf/n/nhan6fyn7f?OpenDocument&Site=default Lotus Domino 7 server performance, Part 1: Lotus Notes client workloads
http://www.ibm.com/developerworks/lotus/library/nd7-perform/index.html Lotus Domino 7 server performance, Part 2: Domino 7 performance for Domino Web Access users
http://www.ibm.com/developerworks/lotus/library/domino7-internet-performance/index.html Lotus Domino 7 server performance, Part 3: Enterprise mail performance
http://www.ibm.com/developerworks/lotus/library/domino7-enterprise-performance/ Lotus Domino 7 performance in production at IBM on pSeries servers
http://www.ibm.com/developerworks/lotus/library/domino7-pseries-performance/index.html Assessing the impacts of new transaction logging features
http://www.ibm.com/developerworks/lotus/library/ls-D6translog/ More on Domino 6 transaction logging
http://www.ibm.com/developerworks/lotus/library/ls-More_D6_Trans_Logging/ C API programming for Lotus Notes/Domino
http://www.ibm.com/developerworks/lotus/library/capi-nd/index.html "Supported Configurations and Support Policy for Citrix MetaFrame" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21098489 "Corruption in a Single Copy Template can affect databases based on that template" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21208475 "Load Convert Causes Frameset Corruption of Domino 6.x Database" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21155787 "Is Domino supported on Windows Server Clustering Technology?" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21165986 "Can clustering function properly across a WAN?" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21085536 266 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices "Making modifications to Notes System Templates" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27003134 "What Is the $DesignerVersion Flag Meant For?" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21094045 "Should DEBUG_OUTFILE Be Used on a Domino 6.x Server?" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21181562 "How To Interpret Debug_ThreadID Output in Correlation with a NOTES.RIP Generated in a Server Crash" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21086042 "What Are the Components of a Note ID?" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27002668 "How to set up local databases to replicate for Roaming users" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg21106896 "Supported Configurations of Notes and Domino 7.0" technote
http://www.ibm.com/support/docview.wss?rs=899&uid=swg27006547 "How does the mail template's new agent upgrade folder designs" technote
http://www.ibm.com/support/docview.wss?rs=0&uid=swg21084954 The Turtle Partnership Replica Change Database
http://www.turtleweb.com/turtleweb.nsf/otherpageslookup/toolsandtoys?opendocument InstallShield product Web site
http://www.macrovision.com/products/flexnet_installshield/index.shtml How to get IBM Redbooks
You can search for, view, or download Redbooks, Redpapers, Hints and Tips, draft publications and Additional materials, as well as order hardcopy Redbooks or CD-ROMs, at this Web site: ibm.com /redbooks Help from IBM
IBM Support and downloads ibm.com /support IBM Global Services ibm.com /services Related publications 267 268 Lotus Notes and Domino 7 Enterprise Upgrade Best Practices Back cover Lotus Notes and Domino 7 Enterprise Upgrade Best Practices
New features of Notes and Domino 7 described How to effectively plan and execute the upgrade Taking advantage of new administrative features
With the introduction of IBM Lotus Notes and Domino 7, IBM Lotus continues to set the standard for innovation in the messaging and collaboration market that Lotus defined two decades ago. With Lotus Notes and Domino 7, IBM has enhanced the scalability, security features, administration, interoperability, productivity, and performance, enabling companies to achieve the most from their infrastructure. Upgrading to the latest version of Lotus Notes and Domino can help your organization to realize high return on investment, potentially lower your cost of ownership, and help improve user productivity and business responsiveness. This IBM Redpaper provides best practices for enterprise customers about how to approach the planning and deployment of their upgrade to Lotus Notes and Domino 7. It serves as a guide to planning and deploying a successful upgrade for administrators and IT architects and includes hints and tips to ensure a successful upgrade. In addition to discussing the approach to upgrading, we highlight specific features within Notes and Domino 7 on which administrators will want to focus in order to most effectively exploit the benefits of an upgraded environment. Redpaper
INTERNATIONAL TECHNICAL SUPPORT ORGANIZATION BUILDING TECHNICAL INFORMATION BASED ON PRACTICAL EXPERIENCE
IBM Redbooks are developed by the IBM International Technical Support Organization. Experts from IBM, Customers and Partners from around the world create timely technical information based on realistic scenarios. Specific recommendations are provided to help you implement IT solutions more effectively in your environment. For more information: ibm.com/redbooks ...
View Full Document
This note was uploaded on 11/23/2010 for the course IT 1 taught by Professor Amir during the Spring '10 term at Baton Rouge CC.
- Spring '10