Mais conteúdo relacionado Semelhante a Show100: Making IBM Notes Traveler Highly Available (20) Show100: Making IBM Notes Traveler Highly Available1. SHOW 100:
Making Traveler Highly Available – Part 1: Traveler
Design
Mitch Cohen | Manager of Messaging & Collaboration, Colgate-Palmolive Company
Chris Whisonant | Lead Consultant, Best Methods
© 2013 IBM Corporation
2. About us....
Chris Whisonant
Lead Consultant at Best Methods
IBM Lotus Software Administrator since 2002
Blog at http://www.bleedyellow.com/blogs/lotusnut
Twitter: @cwhisonant
He’s a Slow Talker
2 © 2013 IBM Corporation
3. About us....
Mitch Cohen
Manager Messaging & Collaboration @ Colgate-Palmolive
2013 IBM Champion for Collaboration Solutions
IBM Lotus Software Administrator since 1996
Blog at http://www.curiousmitch.com
Twitter: @curiousmitch
Mets & Giants fan
He’s a Fast Talker
3 © 2013 IBM Corporation
4. Legalese
This session will include information about the following IBM® products:
IBM Lotus®
IBM Lotus Notes®
IBM Lotus Notes Traveler®
IBM Lotus Domino®
IBM DB2®
IBM Websphere® Edge Components®
IBM HTTP Server®
4 © 2013 IBM Corporation
5. IBM Software Part Numbers
(well, at least some of them...)
IBM Lotus Notes Traveler V8.5.3 Upgrade Pack 2 for Windows Multilingual (CIB9RML)
IBM Lotus Notes Traveler V8.5.3 Upgrade Pack 2 Linux for xSeries Multilingual (CIB9SML)
IBM DB2 10.1 - Limited Use for Linux on 32-bit AMD and Intel systems (x86) Multilingual (CI6TPML)
IBM DB2 10.1 - Limited Use for Linux on AMD64 and Intel EM64T systems (x64) Multilingual (CI6TQML)
IBM DB2 10.1 - Limited Use for Windows on 32-bit AMD and Intel systems (x86) Multilingual (CI6TXML)
IBM DB2 10.1 - Limited Use for Windows on AMD64 and Intel EM64T systems (x64) Multilingual (CI6TYML)
IBM Lotus Domino V8.5.3 32 bit for Windows English (CI1L8EN)
IBM Lotus Domino V8.5.3 64 bit for Windows English (CI1L9EN)
IBM Lotus Domino V8.5.3 32 bit Linux for xSeries English (CI1LBEN)
IBM Lotus Notes and Domino V8.5.3 Upgrade Pack 1 English (CI5HUEN)
5 © 2013 IBM Corporation
6. Agenda
The Set Up
Prepare Domino for Traveler Install
Traveler Standalone Installation
DB2 Installation
Creating the Traveler Database
Migrating Standalone Server to HA
Installing Additional Traveler Servers
Migration Scenarios
Traveler HA Administration
Yada Yada Yada (Q&A)
6 © 2013 IBM Corporation
8. HA Traveler Architecture Map
• HTTP Load Balancer listening on single user-facing public DNS address
• Multiple Traveler Servers pointing to relational database server
• Pointing to one or more Domino mail servers
8 © 2013 IBM Corporation
9. Load Balancer General Notes
Moving to an HA HTTP environment may be new to Domino Admins
Many different options are available, ranging from open-source freeware to
licensed software to hardened appliances. Some options are below:
– Big-IP F5
– Apache or IBM HTTP Server
– IBM WebSphere Edge Components
– HAProxy
– Amazon ELB (used in this session)
– See also other options that may be mentioned in the follow-up session to this
one.
Gets even more fun when you need to provide redundancy for the load balancers!
9 © 2013 IBM Corporation
10. Load Balancer General Notes
You should configure your load balancer with Session Persistence
– Once a device is connected it will sync with one server for the duration of the
persistence
– Load Balancer Persistence should be longer than the Heartbeat Algorithm Max
Interval
• Default is 15 minutes you should increase to at least 30
• If Heartbeat Algorithm Max is 30 Load balancer persistence should be 31
10 © 2013 IBM Corporation
11. Load Balancer General Notes
Monitoring
• Your Load Balancer needs to be able to determine if Traveler is available
• Just pinging the box is not enough
• The load balancer needs to understand when traveler is not running to mark
the node down and direct traffic to other nodes in the cluster
11 © 2013 IBM Corporation
12. Standalone Traveler Architecture Map
• Firewall and/or DMZ placement is per corporate policies
• Single Traveler Server with Derby State Database
• Pointing to one or more Domino mail servers
12 © 2013 IBM Corporation
13. Kramer's Standalone Traveler Architecture Map
• Single Traveler Server with Derby State Database
• Pointing to single Festivus Domino mail server
13 © 2013 IBM Corporation
14. HA Traveler Architecture Map
• HTTP Load Balancer listening on single user-facing public DNS address
• Multiple Traveler Servers pointing to relational database server
• Pointing to one or more Domino mail servers
14 © 2013 IBM Corporation
15. Kramer's HA Traveler Architecture Map
• Amazon ELB listening on single user-facing public DNS address
• Multiple Traveler Servers pointing to DB2 server
• Pointing to single Festivus Domino mail server
15 © 2013 IBM Corporation
16. A word about Clusters
• We will be referring to Traveler Clusters
• These are Traveler Servers all connected to the same database to provide High
Availability for Traveler
• These servers are NOT Domino Clusters
• Clustering of Traveler Servers is not supported or needed
16 © 2013 IBM Corporation
18. Prepare Domino for Traveler Install
What You Will Learn
─ Steps to prepare your Domino Server before installing Traveler
─ Why you should use Internet Site Docs
─ Security Recommendations
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ Remember to check for the latest Domino Fixpacks
18 © 2013 IBM Corporation
19. Prepare Domino for Traveler Install
The Traveler server should be installed on a dedicated system
• Don't install on existing mail server or other utility/application server
• Traveler server versions will be updated on different timeframes than other servers
• Traveler version may be higher than mail server's version
• Traveler network placement will likely be different than where you will place other
servers
19 © 2013 IBM Corporation
20. Prepare Domino for Traveler Install
• Mail File Access
• The Traveler Server(s) need to have access to:
• Mail files for Traveler Users
• LocalDomainServers can be added to ACL
• Mail servers for Traveler Users
• Mail Server must be Domino 7.0.2 or higher
• Template must be 6.5 or higher
• Consider other mail file cleanup
• Replicate unread marks between servers
20 © 2013 IBM Corporation
21. Prepare Domino for Traveler Install
• Mail File Access
– User can verify requirements are met by logging into Traveler server from
computer or mobile device
21 © 2013 IBM Corporation
22. Prepare Domino for Traveler Install
• Decide on your server topology
• In our demo the Traveler servers are in their own Domino Domain, in the same Org as
the mail servers
• Kramer is our Traveler domain
• Seinfeld is our Mail domain
22 © 2013 IBM Corporation
23. Prepare Domino for Traveler Install
• By default Internet Site Documents are disabled
• Change to enabled in the server doc
• Traveler will configure your Internet Site Document during installation
23 © 2013 IBM Corporation
24. Prepare Domino for Traveler Install
• Before Installing Traveler make sure Internet Site Documents is enabled
• Look for this in your server console or log
12/20/2012 02:25:36 PM HTTP Server: Warning, Internet Site Configuration
View is enabled but does not contain any Web Sites
12/20/2012 02:25:36 PM HTTP Server: Using Web Configuration View
12/20/2012 02:25:39 PM JVM: Java Virtual Machine initialized.
12/20/2012 02:25:39 PM HTTP Server: Java Virtual Machine loaded
12/20/2012 02:25:44 PM XSP Command Manager initialized
12/20/2012 02:25:48 PM HTTP Server: Started
24 © 2013 IBM Corporation
25. Prepare Domino for Traveler Install
• Security
• Set up your Server Access and Deny Access lists
• Make sure to Enforce Server Access Settings for HTTP
25 © 2013 IBM Corporation
26. Prepare Domino for Traveler Install
• Notes on enforcing server access settings for HTTP
• Forces the HTTP task to use the same Domino Server security settings as
on the Server Document's Security tab
• Use in tandem with Anonymous HTTP access; if anonymous is open, then
this setting is highly recommended
• Without this enabled, HTTP security will be wide open to the extent that
ACL's have been properly restricted.
• Potential caveats with this on servers that could have access incoming that
is external to the Domino Directory (DIIOP, etc...)
• Which is not a problem here because you installed Traveler on a
dedicated server
26 © 2013 IBM Corporation
27. Prepare Domino for Traveler Install
• Check your FQDN on the server basics tab and on the Ports configuration
• Check your DNS
• You are ready to install Traveler
27 © 2013 IBM Corporation
29. Traveler Standalone Installation
What You Will Learn
– Steps necessary to install the IBM Traveler software
What Has Been Completed So Far
• IBM Lotus Domino Server version 8.5.3 has been installed
• Prepare the Domino Server Document per existing corporate standards
• Enabled Internet Site Documents
29 © 2013 IBM Corporation
30. Traveler Standalone Installation
• Traveler Install is the same for standalone and high availability
• All Traveler Servers install using Derby (standalone)
• Connecting to DB2 or MS SQL is a post install step which we will cover later
30 © 2013 IBM Corporation
35. Traveler Standalone Installation
Choose whether or not to set /traveler as the default page for the
Domino Web Server (Select this… trust us)
Click Next
35 © 2013 IBM Corporation
37. Traveler Standalone Installation
Input the Traveler URL
For Production environments SSL is Strongly recommended
We did not configure SSL in our demo
This can be changed later
Click Next
37 © 2013 IBM Corporation
38. Traveler Standalone Installation
Use this option to upgrade Domino to UP1 as well
This is mandatory if UP1 is not already installed
You Must use Domino 8.5.3 UP1 Not the OpenNTF XPages
Extension Library
Click Next
38 © 2013 IBM Corporation
40. Traveler Standalone Installation
Validating Domino 8.5.3 UP1 Installation
•After starting Domino, issue the following command:
tell http xsp diag com.ibm.xsp.extlib
•If everything installed properly, you will get 2 lines echoed back:
– update@../../extlib/eclipse/plugins/com.ibm.xsp.extlib_8.5.3.20111208-0711.jar
– No unresolved constraints
•This will confirm that extlib is installed (as it is installed as part of Domino UP1)
•For this session we are running:
– Domino 8.5.3 FP3 Update Pack 1
– Traveler 8.5.3 Update Pack 2
40 © 2013 IBM Corporation
41. Traveler Standalone Installation
• When you start Domino the Traveler and HTTP Tasks will start up automatically
• Confirm the Internet Site Document and Redirect rules were created
41 © 2013 IBM Corporation
43. Traveler Standalone Installation
Web SSO Configuration
• Give your configuration a unique name
• List all servers that will be running Traveler in the cluster
43 © 2013 IBM Corporation
44. Traveler Standalone Installation
Completed Internet Site
• Created by Traveler Install
• /Microsoft-Server-ActiveSync redirect
• /Servlet/Traveler redirect
• Manually Created for security
• /log.nsf redirect
• /names.nsf redirect
• Manually created to override Form Based Authentication for Traveler
• Override Session Authentication
44 © 2013 IBM Corporation
46. Traveler Standalone Installation
Set your number of active threads to 1.2 times the number of
devices
Default is 100 threads (roughly 84 devices)
Account for the maximum you may need in failover mode (total
devices in cluster)
46 © 2013 IBM Corporation
47. Traveler Standalone Installation
Maximum Memory Size for Traveler Server Task
• Default is 512MB
• Max is 4GB
• This is NOT httpjvmmaxheapsize (that should not be set)
External Server URL (notice this is different than the actual Traveler server)
Access (or Not Access) Server field is where you can specify a group who can
access Traveler
47 © 2013 IBM Corporation
48. Traveler Standalone Install
Auto Sync Settings
• Defaults are pictured here
• If all Traveler Clients are 8.5.2 or later set “Port for TCP Connections” to 0
• Must be Set to 0 for HA
• For Traveler Standalone these are fine
• We will touch more on these later for High Availability
48 © 2013 IBM Corporation
50. DB2 Installation
What You Will Learn
─ Steps necessary to install the IBM DB2 software
─ Do not name the DB2 server “DB2”
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ IBM Lotus Traveler version 8.5.3 UP2 has been installed in standalone mode
50 © 2013 IBM Corporation
51. DB2 Installation
Note on Supported Versions
─ For Traveler 8.5.3 UP2, the supported versions of DB2 are:
• 9.7 FP5
• 10.1
─ The install slides in this presentation were made with 9.7 FP4 during original install of
8.5.3 UP1
─ Upgraded to 9.7 FP5 when upgrading Traveler to UP2
─ The installation routine will be the same for 10.1
─ If you already have DB2 (or MS SQL) administrators (be nice to them – lunch is good),
work with them to determine if there are already systems running supported versions
51 © 2013 IBM Corporation
52. DB2 Installation
This is the Launchpad where you can view information or install
the software
Go to Install a Product
Choose Install New for this server edition
52 © 2013 IBM Corporation
53. DB2 Installation
Wait for the Installer to go through the preparation process
53 © 2013 IBM Corporation
55. DB2 Installation
Accept the license agreement (to proceed)
Click Next to continue
55 © 2013 IBM Corporation
56. DB2 Installation
Choose the installation type.
Typical will suffice for the purposes of Traveler
Click Next to continue
56 © 2013 IBM Corporation
57. DB2 Installation
Choose whether to install, save a response file, or both
Choose response file location
Click Next to continue
57 © 2013 IBM Corporation
58. DB2 Installation
Choose installation location (perhaps outside of “Program Files”
path)
Click Next to continue
58 © 2013 IBM Corporation
59. DB2 Installation
Specify DB2 administrative user account
– Default username is db2admin
Click Next to continue
59 © 2013 IBM Corporation
60. DB2 Installation
Specify the DB2 instance name
Click Next to continue
60 © 2013 IBM Corporation
61. DB2 Installation
Recommended to prepare the DB2 tools catalog now
– More difficult to add later
– Needed for DB2 backups
Click Next to continue
61 © 2013 IBM Corporation
62. DB2 Installation
Choose whether you wish to set up DB2 system email
notifications
Click Next to continue
62 © 2013 IBM Corporation
63. DB2 Installation
Enable OS security
– The two groups above are created in Windows
– Assigns certain OS-level privileges to the groups
Click Next to continue
63 © 2013 IBM Corporation
64. DB2 Installation
`
Review the installation options
Click Finish to install DB2
64 © 2013 IBM Corporation
66. Traveler Database Creation
What You Will Learn
─ Steps necessary to create the Traveler DB2 Database
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ IBM Lotus Traveler version 8.5.3 UP1 has been installed in standalone mode
─ IBM DB2 version 9.7 Fixpack 5 has been installed
66 © 2013 IBM Corporation
67. Traveler Database Creation
After DB2 has been installed the TOOLSDB will be the only
existing database
67 © 2013 IBM Corporation
68. Traveler Database Creation
• The SQL Files to create the Traveler Database can be found on a Domino
Server with Traveler Installed
• Located in <dominodata>travelercfgdb
• Zip format for Windows
• Compressed Tar format for Linux
68 © 2013 IBM Corporation
70. Traveler Database Creation
Launch DB2 Command window (db2cmd)
• GUI is also available, but real admins will roll with
command line
Navigate to the TravelerSQLDB2 directory
Run: db2cmd -c -w -i db2 -tvf createDb.sql
– This creates the necessary database using the IBM-
supplied createDb SQL command
– tvf: termination character, echo to console, use input file
70 © 2013 IBM Corporation
73. Traveler Database Creation
In a DB2 Command Window, navigate to the TravelerSQLDB2
directory
Run: db2 -tvf appGrants.sql
– This grants permissions to the database, tables, etc...
73 © 2013 IBM Corporation
74. Traveler Database Creation
This is sample output from the executed SQL commands
Once it has completed successfully, you may exit this window.
As you can see, the default DB2 user account is LNTUSER
74 © 2013 IBM Corporation
75. Traveler Database Creation
Going back to the DB2 Control Center, you can see the new
TRAVELER database
75 © 2013 IBM Corporation
76. Traveler Database Creation
Create an OS account for LNTUSER
– The password you set for this user will be needed to
configure Traveler later.
76 © 2013 IBM Corporation
78. Migrating Standalone server to HA
What You Will Learn
─ Steps necessary to migrate a standalone Traveler server to HA
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ IBM Lotus Traveler version 8.5.3 UP2 has been installed in standalone mode
─ IBM DB2 version 9.7 Fixpack 5 has been installed
─ IBM Lotus Traveler database has been created
78 © 2013 IBM Corporation
79. Migrating Standalone server to HA
Checklist for database connectivity
URL jdbc:db2://travdb.curi0.us
Port 50000
Database Name traveler
User Name lntuser
Password
79 © 2013 IBM Corporation
80. Migrating Standalone server to HA
• In Standalone Mode Traveler is administered via the Domino Admin Client
80 © 2013 IBM Corporation
81. Migrating Standalone server to HA
Copy the db2jcc4.jar from IBMSQLLIBjava on the DB2 server to
the DominoTravelerlib folder
Ensure that you copy over this file each time after any Database
server upgrades
81 © 2013 IBM Corporation
82. Migrating Standalone server to HA
Open Windows command prompt and cd to the
Dominodatatravelerutil folder
Run the travelerUtil.cmd to set the jdbc url, port, and db name
using the valid DB2 credentials
This can be run while the Domino Server is up, but will not take
effect until server is restarted
82 © 2013 IBM Corporation
84. Migrating Standalone server to HA
Check the output carefully to verify
– Successful connection
– DB configuration for Traveler has been saved
Restart the Traveler server now
84 © 2013 IBM Corporation
85. Migrating Standalone server to HA
Use the travelerUtil.cmd db show command to show the current
connectivity information.
85 © 2013 IBM Corporation
86. Migrating Standalone server to HA
• After Connecting the Traveler Server to the Database on the next server restart
Traveler will migrate the data from Derby to DB2 (or MS SQL)
• The following data is migrated
• Client Installs
• User Sync Data
• Policies
• If you migrate multiple standalone servers into one DB it will skip
• Duplicate client installs
• Duplicate User Data
• Policies
86 © 2013 IBM Corporation
87. Migrating Standalone server to HA
• On Server restart watch the console for migration messages
• Console will give frequent updates
• Traveler does not start until migration is completed
87 © 2013 IBM Corporation
89. Migrating Standalone server to HA
• Make sure you update the External Server URL to reflect the address of the
Load Balancer in the Server Document
• If clients are pointing to a URL of a specific server they will continue to sync mail, but
not take advantage of HA
• The value set here is what is populated to clients upon installation
89 © 2013 IBM Corporation
90. Migrating Standalone server to HA
• In Traveler Auto Sync Settings, change the TCP Port for Connections to = 0
90 © 2013 IBM Corporation
91. Migrating Standalone server to HA
• Traveler is now administered via the web-based Traveler Admin Console
• If you attempt to administer via the Domino Admin Client you will see this
91 © 2013 IBM Corporation
92. Migrating Standalone server to HA
Disconnecting a Server from a database
• You can remove a database config from a server if needed using the Travel Util
Command
92 © 2013 IBM Corporation
93. Migrating Standalone server to HA
• You will need to confirm the change
• This does not delete any data in the database it only disconnects the specific
Traveler server from the database
93 © 2013 IBM Corporation
94. Migrating Standalone server to HA
• Look for confirmation that the changes were successful
• Can be run with the Domino server up, but does not take effect until next restart
94 © 2013 IBM Corporation
95. Migrating Standalone server to HA
• On restart, Traveler will be in Standalone mode using a derby DB
• If you remove a server make sure you also update your load balancer
95 © 2013 IBM Corporation
97. Installing Additional Traveler Servers
What You Will Learn
─ Steps to add additional Traveler servers to a cluster
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ IBM Lotus Traveler version 8.5.3 UP2 has been installed in standalone mode
─ IBM DB2 version 9.7 Fixpack 5 has been installed
─ Traveler DB2 database has been created
─ Traveler Server has been connected to DB2
97 © 2013 IBM Corporation
98. Installing Additional Traveler Servers
Traveler is running in HA mode you can now add additional servers into the cluster.
•Create your Server ID
• Add the server to the Web Site
• Add the server to the Web SSO Configuration
• Set up Server Access consistent with existing Traveler Server
•Install Domino
•Install Traveler
• For the initial server we first enabled Internet Site Docs to allow the installer to create
the Web Site Document, for additional servers we will enable after install and add the
server to the existing Web Site
•Enable Internet Site Documents in Server Doc
•Connect Traveler Server to Database
98 © 2013 IBM Corporation
99. Installing Additional Traveler Servers
• Once your configuration is complete and tested
• Add the server to the Load Balancer
• Since devices point to the load balancer the Workload Manager will automatically
distribute the load across servers in the cluster
• Monitor your server availability in the Web Admin console or via Tell Traveler HADR
Show
99 © 2013 IBM Corporation
100. Installing Additional Traveler Servers
Remember...
• Enforce Server Access settings for HTTP
• Lotus Traveler Settings in Server Document
• Maximum Memory Size
• External Server URL
• Access Server/Not access server
• Auto Sync Settings
100 © 2013 IBM Corporation
101. Installing Additional Traveler Servers
• These settings will come from the Database and do not have to be manually
configured for additional servers
• Default Device Policy settings
• Client Installs
• Traveler clusters are NOT Domino Clusters
101 © 2013 IBM Corporation
103. Migration Scenarios
What You Will Learn
─ Concepts to help you build a migration plan for your environment
What Has Been Completed So Far
─ Standalone Traveler has been deployed
─ Traveler HA has been built and tested
103 © 2013 IBM Corporation
104. Migration Scenarios
• We will show you 3 common scenarios
• Before you begin, determine your specific requirements. Consider the following:
• How many standalone Traveler servers you have
• How many HA Clusters you want
• How fast you want to migrate
• Can you ask your users to reconfigure their devices
• Any limitations on placement of Load Balancers, Firewall
• Will you upgrade in place or use another machine to migrate
104 © 2013 IBM Corporation
105. Migration Scenarios
I shouldn't have to remind you about this (but I will)
• Before you begin your migration
• Backups
• Backups
• Backups
• Don’t forget to backup the Derby Database!
105 © 2013 IBM Corporation
107. Migration Scenarios
• A word of caution about DNS Changes
• iOS can take up to 24 hours to recognize a DNS change
• This is not documented by Apple but has been experienced when changing the DNS
of a Traveler server
• If you can avoid a DNS Change when migrating you will make your life easier
• If you have to change DNS
• Lower the TTL of the DNS record prior to migrating
• Set your users expectations appropriately
107 © 2013 IBM Corporation
108. Migration Scenarios
• No Migration build a new HA Environment
• New install, or clients willing to manually reconfigure their devices
• Standalone to Cluster Migration
• One standalone server into one HA Cluster
• URL For Traveler will remain the same
• Many to One
• If you have multiple standalone Traveler servers and you want to consolidate to one
HA Cluster
• Multiple URLs will point to one load balancer
108 © 2013 IBM Corporation
109. Migration Scenarios
Scenario 1: No Migration build a new HA Environment
•In this scenario
• No users are Connected to Traveler or
• Users are willing to reconfigure their devices manually
• No data will be migrated from any existing servers
•The URL you have chosen should be
• Pointed at your load balancer
• Configured in your server document on the Traveler tab
• in our example the VIP is http://traveler.curi0.us
109 © 2013 IBM Corporation
110. Migration Scenarios
Scenario 1: No Migration build a new HA Environment
Pros Cons
• No Downtime • Requires User intervention
• Easy to implement • Will need to maintain 2
environments during transition period
110 © 2013 IBM Corporation
112. Migration Scenarios
Scenario 2: Standalone to Cluster Migration
• In this scenario you are migrating an existing traveler server
• You should move the existing hostname to the load balancer
• You will be migrating data from Derby to DB2 (or MS SQL)
• You will need downtime
• The URL you have chosen should be
• Pointed at your load balancer
• Configured in your server document on the Traveler tab for all servers
• In our example the VIP is http://traveler.curi0.us
112 © 2013 IBM Corporation
113. Migration Scenarios
Scenario 2: Standalone to Cluster Migration
• In Place Server Migration
• Backup the Derby Database
• <dominodata>travelerntsdb
• Upgrade Traveler to 8.5.3 UP2
• Connect Traveler Server to Database
• On startup Traveler will automatically migrate into the Database:
• Client Installs
• User Sync Data
• Policies
113 © 2013 IBM Corporation
114. Migration Scenarios
Scenario 3: Many to One
In this scenario you will collapse multiple standalone Traveler Servers into one HA
Cluster
• You should move the existing hostnames to the load balancer
• You will be migrating data from Derby to DB2 (or MS SQL)
• You will need downtime
• Each Server can be done individually at different times
114 © 2013 IBM Corporation
115. Migration Scenarios
Scenario 3: Many to One
Pros Cons
• One HA Environment • Downtime required for each server
migration
• Best use of HW resources
• Supporting multiple URLs
• Maximize redundancy
• Complex Migration
• No Device reconfiguration
115 © 2013 IBM Corporation
117. Migration Scenarios
Scenario 3: Many to One
Following are some sample steps one would use in a scenario such as this:
• Make sure that server access is consistent for all Traveler servers
• If you are running SSL on Domino
• Will have to move SSL certificate to load balancer
• Work with SSL provider to re-provision certificate for load balancer
• Move IP address to load balancer
• If at all possible, move the IP address to not change DNS
• Verify that users and devices are showing in the HA Admin Console
• Activate the servers on the load balancer to enable user access
• There may be some resource utilization spikes when devices connect
• Test and monitor
117 © 2013 IBM Corporation
118. Migration Scenarios
Notes.ini Parameters
• NTS_AUTOSTART_HTTP
• Automatically starts HTTP when Traveler starts even if it is not in the server tasks line
• This defaults to True
• During Upgrades or Migrations set this to false to allow Traveler to start but prevent
client access
118 © 2013 IBM Corporation
119. Traveler HA
Administration
119 © 2013 IBM Corporation
120. Traveler HA Administration
What You Will Learn
─ How to Administer Traveler HA
─ Policy Administration
─ Client Configurations
─ User, Device and Security Administration
What Has Been Completed So Far
─ IBM Lotus Domino Server version 8.5.3 has been installed
─ IBM Lotus Traveler version 8.5.3 UP1 has been installed in standalone mode
─ IBM DB2 version 9.7 Fixpack 5 has been installed
─ IBM DB2 Traveler Database has been created
─ Traveler has been Connected to DB2 and Configured for HA
─ Additional Traveler Server has been installed
120 © 2013 IBM Corporation
121. Traveler HA Administration
• In Standalone Mode, Traveler administration is performed through the Domino
Administrator Client
• User State Data stored in Derby (NTSDB)
• Clients (Android, Nokia, Windows) Stored in
<dominodata>dominohtmltravelerclients
• Policies and Security Settings stored in LotusTraveler.nsf
• Administration tasks are performed via the Notes Administrator Client
• When migrating a Standalone server all the above settings are imported
121 © 2013 IBM Corporation
124. Traveler HA Administration
• In Traveler HA administration is web based
• User State Data is stored in DB2
• Clients (Android, Nokia, Windows) are stored in DB2 and in
<dominodata>dominohtmltravelerclients
• New clients processed on one server are distributed to all servers for download
• Policies and Security Settings are stored in DB2
• The Admin client is accessed via your Load Balancer
• http://fqdn/lotustraveler.nsf
• In our example http://traveler.curi0.us/lotustraveler.nsf
124 © 2013 IBM Corporation
125. Traveler HA Administration
• In Traveler HA administration is web based
• User State Data is stored in DB2
• Clients (Android, Nokia, Windows) are stored in DB2 and in
<dominodata>dominohtmltravelerclients
• New clients processed on one server are distributed to all servers for download
• Policies and Security Settings are stored in DB2
• The Admin client is accessed via your Load Balancer
• http://fqdn/lotustraveler.nsf
• In our example http://traveler.curi0.us/lotustraveler.nsf
125 © 2013 IBM Corporation
126. Traveler HA Administration
• Access to the Web Admin interface is controlled by the ACL on LotusTraveler.nsf
• Must have Administrator Role to manage settings
• Make sure the ACL is the same on all cluster members
126 © 2013 IBM Corporation
127. Traveler HA Administration
• Device Security
• Deny Access
• Wipe Device
• Clear Deny/Wipe Access
• Device Approvals
127 © 2013 IBM Corporation
128. Traveler HA Administration
• Device Settings
• Sync Settings
• Email
• Calendar
• To Do
• Contacts
• Journal
• Peak and Off-peak Sync Times
• Locking values prevents client changes
on user devices
128 © 2013 IBM Corporation
129. Traveler HA Administration
• Filter Settings
• Message size, attachment and date
filters
• Calendar past and future filters
• Journal Date Filter
• To Do Options
• Locking values prevents client
changes
129 © 2013 IBM Corporation
131. Traveler HA Administration
• Security Settings
• Security Policies per device (Windows, Nokia, Apple, Android)
• Varies by device
• Require Password / Password requirements
• Encryption
• Prohibit Camera
• Android Only
• Require Application Password
• Prohibit copy to clipboard
• Prohibit Export of attachments
131 © 2013 IBM Corporation
133. Traveler HA Administration
• Device Access
• You can limit the number of devices a single user can have on the system
• Device approvals are on the Device Security tab
133 © 2013 IBM Corporation
134. Traveler HA Administration
• Devices
• Lists all Devices in the cluster
• Searchable by User, Device, OS, Build Level (Traveler Clients Only)
• iOS Devices do not have a Build Level
134 © 2013 IBM Corporation
135. Traveler HA Administration
• Users
• Lists all Users in the cluster
• If a user has multiple devices all devices will always be connected to the same
server
• Searchable by Name, Mail Server, Mail File
135 © 2013 IBM Corporation
136. Traveler HA Administration
• Servers
• Displays the Status of all servers in the cluster
• Shows the same information as “Tell Traveler HADR show”
• Optionally you can set to Auto Refresh
136 © 2013 IBM Corporation
137. Traveler HA Administration
• Client Software
• Manage Client Versions for Android, Nokia, and Windows
• Set a Default Client Level for each OS
• Individual Client levels can be assigned to specific users for testing
137 © 2013 IBM Corporation
138. Traveler HA Administration
• New client versions are installed either
• Via server upgrade (i.e. UP1 to UP2)
• Manually when interim fixes are available
• To manually install a new client level
• Copy the client file to the appropriate OS directory in
<dominodata>dominohtmltravelerclients
• At the server console run
• set config NTS_CLIENT_UPDATE=
• PATCH will upload client for testing only
• FULL will upload client and set as default
• tell traveler client refresh
• The client will be copied in to DB2 and to all the servers in the cluster
138 © 2013 IBM Corporation
139. Traveler HA Administration
Server Console Commands
• We will cover Tell commands related to HA
• For a comprehensive list of commands visit:
http://curi0.us/travtellcmd
139 © 2013 IBM Corporation
140. Traveler HA Administration
Server Tell Commands
• Tell Traveler HADR Show
• Shows the Servers in the pool in the server console, same information as displayed in
the servers view of the web admin
• Tell Traveler HADR Ping
• Test Connectivity between cluster members
• Tell Traveler HADR Delete
• Delete a cluster member (must be offline before deleting)
140 © 2013 IBM Corporation
141. Traveler HA Administration
Server Tell Commands
• Tell Traveler Bind
• Used to bind or unbind a user to a specific server in the cluster
• Useful for troubleshooting or monitoring
• Tell Traveler Bind Enable <userid>
• Binds a user to the server the command is issued on
• Tell Traveler Bind Disable <userid>
• unbinds a user to the server the command is issued on
• Tell Traveler Bind Show
• Shows users bound to the server the command is run on
• Tell Traveler Bind Showall
• Shows all user/server bindings in the cluster
141 © 2013 IBM Corporation
142. Traveler HA Administration
• Traveler Web Administration is accessible from anywhere Traveler is accessible
• If Traveler is in your DMZ or externally accessible make sure your admins have strong
HTTP passwords
• Admin Console works well on iPad or other tablets
• Admin Console is an Xpages app
142 © 2013 IBM Corporation
143. Traveler HA Administration
Repeated Crash Protection
• Protects the Traveler server from repeat crashes on a document
• Enabled by default in Notes.ini
• NTS_BAN_DOC_LIMIT=2
• Default value of 2 prevents more than 2 crashes on any document
• Will not push the banned document to a mobile device
• NTS_BAN_DOC_SYNCS=3
• Default value of 3 limits number of device syncs per user that run crash protection
• Setting either parameter to 0 will disable crash protection
• See the documentation for Tell commands to show, remove or manually add a
Banned Document
• http://curi0.us/crashprotection
143 © 2013 IBM Corporation
144. Traveler HA Administration
Troubleshooting
• The Traveler server has built-in commands to make collecting and uploading of
diagnostic data to IBM very easy
• Tell Traveler PMR
• Used to collect and send logs to IBM under a specific PMR number
• Tell Traveler –s * pmr <pmr_number> will collect logs from all servers in a cluster
and send to IBM
• To send to IBM your servers must be able to connect out via FTP
• See the documentation for a full list of server troubleshooting commands
• http://curi0.us/troubleshooting
144 © 2013 IBM Corporation
146. General Resources
• Domino and Traveler Documentation
– http://curi0.us/documentation
• IBM Fix Central
– http://curi0.us/fixcentral
– Modern Seinfeld
– https://twitter.com/seinfeldtoday
146 © 2013 IBM Corporation
147. Related Sessions
INV104 : IBM Enterprise Mobile Strategy and Platform
When Tue, 29/Jan 03:00 PM - 04:00 PM
Where Dolphin S. Hem I
ID103 : Where Do We Go from Here? What's New with IBM Lotus Notes Traveler
When Tue, 29/Jan 04:15 PM - 05:15 PM
Where Dolphin S. Hem IV-V
ID108 : Real World Deployment for IBM Lotus Notes Traveler
When Wed, 30/Jan 03:00 PM - 04:00 PM
Where Dolphin S. Hem II
147 © 2013 IBM Corporation
148. Related Sessions
ID505 : BYOD at IBM: IBM Lotus Notes Traveler, IBM Connections Mobile, IBM Endpoint
Manager and More!
When Thu, 31/Jan 08:30 AM - 09:30 AM
Where Dolphin S. Hem I
CUST114 : The Salvation Army - US Western: “People Count” and the Virtual, Mobile,
Social Environment
When Wed, 30/Jan 05:30 PM - 06:30 PM
Where Swan SW 7
148 © 2013 IBM Corporation
149. Don’t Miss Part 2
Making IBM Traveler Highly Available - Part 2: Extending and Securing The
Network
• René Winkelmeyer, midpoints GmbH
• Detlev Pöttgen, midpoints GmbH
• Tuesday January 29th 2:00 PM – 3:45 PM Swan Osprey 1 & 2
If you attended Part 1, you now have IBM Traveler running in a highly available
mode. But what about the other points of failure? In this session, we'll show you
how to place either IBM Mobile Connect or the IBM WebSphere Edge server in
front of your Traveler environment. These two IBM products bring different
approaches to implementing a highly available environment - once you
understand what they do, you'll be able to select the best fit for your business.
This session is intended to introduce you to networking concepts and tools that
will enable you to design a complete, resilient and highly available Traveler
environment for your organization.
149 © 2013 IBM Corporation
150. Contact Us
• Mitch Cohen • Chris Whisonant
• Blog: • Blog:
http://www.curiousmitch.com http://www.bleedyellow.com/blogs/lotusnut
• Twitter: @curiousmitch • Twitter: @cwhisonant
• Email: mitch@curiousmitch.com • Email: chris.whisonant@bestmethods.com
• Skype: curiousmitch • Skype: cwhisonant
150 © 2013 IBM Corporation
151. Legal disclaimer
© IBM Corporation 2013. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided
AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be
responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating
any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this
presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way.
Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.a
controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the
user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics
may vary by customer.
Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.
Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.
UNIX is a registered trademark of The Open Group in the United States and other countries.
Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.
151 © 2013 IBM Corporation
Notas do Editor Intros Chris & Mitch <5 Min Chris Mitch Chris Chris Mention Fix Central for updates and Fix Packs iSeries coming in IBM Traveler 9.0 Mitch < 5 minutes Who has installed Traveler Who has installed Traveler HA Briefly show the topology this slide repeats again so don’t spend a lot of time here Keys to point out Devices Firewall Load Balancer Traveler (Domino Servers) Database (DB2 or MS SQL) Mail Servers (Domino Clusters OK) This is not an exclusive list of load balancers If you have something in your organization that you can leverage do so Must be able to round robin IP on 80/443 (or any custom HTTP Port) since you are behind a load balancer no requirement to run http on 80 on Domino Must be able to monitor (have a slide on this) Explain the Heartbeat Algorithm max interval On the Lotus Traveler server, the Heartbeat Algorithm Maximum Interval can be configured on the Lotus Traveler tab of the current server document. The default value is 15 minutes, which means every mobile client sends the heartbeat check/pulse to the Traveler server every 15 minutes through an HTTP or HTTPS request. Talk about persistence Suggest if possible monitor by dedicating a user that logs in From a task Perspective Traveler and HTTP (s) must be up Watchit Monitoring tool Talk about advantages / disadvantages of having direct access to a Traveler server (not just load balancer) Show the specific demo components Load Balancer – traveler.curi0.us Traveler Server – traveler1.curi0.us Mail Server – festivus.curi0.us Traveler understands Domino Clusters for the purpose of connecting and delivering mail to a mobile device Chris we should be starting this section no later than 10:40 10 Minutes Demo Specs Domino 8.5.3 FP3 UP1 Traveler 8.5.3 UP2 (Slides based on UP1 as they were completed before UP2 shipped) Remember to mention this is after Traveler is installed Is anyone using Domino Servers today Mitch – we should be here at 10:50 DEMO – Traveler Install as we talk through slides 10 Minutes Mention Partitioned Servers here Talk about the checkbox and what it does If you choose Clients Connect to this server directly or Clients connect to this server via a proxy You are prompted for the URL Configure later You are not asked for the Client Connection URL In all cases you can edit the value later in the server document This screen will not appear if you selected ‘Configure later’ on the previous screen Point out that this is Domino 8.5.3 Upgrade Pack 1 Differentiate from Traveler UP1 or UP2 Highlight the OpenNTF piece What is new in Domino 8.5.3 UP1 The main functionality highlights of this upgrade pack include the following: XPages Extension Library – this is why we need it Domino Designer tooling plug-in Domino Data Services Updated TeamRoom and Discussion templates We will show this live Point out not all the rules are here, but this is what is auto-created Later we will show the completed Internet Site Doc Explain what the WebSSO does, also explain why this should probably be its own config not an existing LPTA Config Point out the advantage of Internet Site docs is that when adding servers to the cluster all the rules, and SSO is as easy as dropping the servername in 2 documents Internet Site doc means common config for Server Home URL SSO Config Security & SSL In a > 2 cluster do not have to be able to handle all devices on one server when you set threads Access or Not Access Server Field Can choose to implement this to refine Traveler Access different from Server Access If Server Access Group is same as Traveler Access set this to all This TCP port is used for Auto Sync communications between version 8.5.1 and earlier Lotus Notes Traveler servers and clients. If you are using an 8.5.2 version or later client, this port is not used and can be disabled. If you are using a version earlier than 8.5.2, this port must not be used by other applications on this server. If the Lotus Notes Traveler server is behind a firewall, this port must be open on the firewall or the Lotus Notes Traveler client must use a VPN to tunnel through the external firewalls. To disable the Auto Sync TCP port, set the port value to 0. If this server is configured for High Availability, the Auto Sync TCP port should be disabled as this is not a supported option in this mode. Chris – we should be here at 11:00 No Demo 8 minutes DB2 Is entitled with Traveler so if you don’t own DB2 or MS SQL go with DB2 Chris – we should be here at 11:08 Demo 7 minutes Point out LNTUSER Make sure you set the LNTUSER password to NEVER expire Mitch – we should be here at 11:15 Demo 10 Minutes Explain the various pieces of information DB2 jdbc:db2 MS SQL jdbc:sqlserver Go over the command again show the key pieces This is being Demoed We are demoing this Comment about duplicate users Point out the URL here Explain that this is what is populated in the iOS Profile Android Client Explain that this is simply resetting the server to Derby No data loss in Enterprise DB is key here Chris – We should be here at 11:25 5 Minutes Stress that you need to test and validate your configuration before you add it in to the load balancer Mitch we should be here at 11:30 Demo moving Derby to another server to migrate 15 minutes We can’t give you all the answers This is not a one size fits all Hopefully we are giving you the information you need to make the right decisions fro your organization These are your decision points Use this and other factors to determine the right configuration for your environment Backups Explain what is in the Derby DB and the impact of losing it The Apple stuff is not documented, but has been experienced If you can possibly avoid a DNS change your migration will go that much smoother Setting expectations is all the difference Demo Migrating a Derby DB on a different Server Mention Single Sign on again Mitch We should be here at 11:45 15 minutes Only one policy is available in the Web Admin You can Include or exclude specific users from policy Domino Policies can be used if multiple policies are required In this example there are 3 Android Client Levels 8.5.3.100 is 8.5.3 UP1 8.5.3.200.201211280928 is 8.5.3 UP2 8.5.3.200.20121212030959 is a Interim Fix Android Client for Anroid 4.2 We are covering HA Commands only We are covering HA Commands only We should get here at 12:00 if all goes well