Query results for : November 2015
Checklist for Smartcloud Notes Hybrid Configuration- 12 November 2015 - (0) Comments
Thomas Hampel
12 November 2015Your first step towards the cloud is to build a hybrid environment e.g. to support a proof of concept in your environment.
In most cases customers would like to move a few users to the cloud to experience the onboarding process, confirm seamless coexistence of on-premises and cloud environments, and explore new features of the cloud such as IBM Verse.
Although IBM provides a full training course for setting up a hybrid environment, I still would like to (with friendly support of Hagen Bauer) provide a checklist for customers to support this process and getting started as quickly as possible.
Warning:
This checklist may not be perfect, you should still read the documentation and talk to your certified IBM expert of choice.
It is supposed to be a checklist for customers, not for certified onboarding specialists that will move your IBM Notes mail to IBM Cloud.
Suggestions and ideas for further improvement are always welcome.
Overview
This is a graphical overview of a hybrid environment. On top are your (On-Premises) servers, at the bottom are cloud servers and in between (red) the internet.
Steps
- Check your inventory! Are current servers available? Are they accessible? Are they placed in the network zone they are expected to be?
See graphic above and verify positioning of:
#1 = Domino Administrator Client
#2 = On-Premises Mail Server
#3 = On-Premises Directory Mail Server
#4 = Passthru Server in DMZ - Complete this table with data from your environment. Make its correct and complete.
- Configure your Firewall for inbound and outbound traffic.
Check twice, and verify Firewall settings once again before claiming to be done. A mistake at this point will cause headaches later on. - Make sure your passthru server is using the same root certificate as your HUB and MAIL server?
Can the Admin client (see #1 in the graphic above) access the passthru server? - Create a new OrgUnit based on your current Domino certificate. This certificate will be used later on for all your Domino servers in the cloud.
Example: "/SCN/Company" or "/Cloud/SRV/Company" - In your current environment, does your Global Domain Document meet those requirements?
- Make sure you still have the SmartCloud activation email available. The one that contains the SmartCloud activation link.
Oh, and make sure the link has not expired. - In the SmartCloud Notes account initial setup, did you choose "Hybrid Account" ?
If not you need to request a full reset of your account by contacting support@collabserv.com - Define a name prefix for your cloud mail servers. Choose a short but remarkable prefix and dont pick something too fancy.
Example: **Cloud-**/SCN/Company - Are you prepared to create new and modify existing DNS records for your company domain?
Make sure you have control over your DNS records.
Conclusion
All of the above steps are part of the documentation, but not in a single place. I hope you can make use of this reference in your SmartCloud onboarding project.
Feedback is very welcome, so drop me a mail or send a tweet
References:
Domino Security - Disable HTTPEnableConnectorHeaders NOW- 9 November 2015 - (1) Comments
Thomas Hampel
9 November 2015There is a seucrity issue with Domino which allows anybody to gain access without authentication.
Jesper Kiaer wrote about this problem before in his blog post ( Part1 and Part2 ) and also created a video showing the problem.
If the Notes.ini variable HTTPEnableConnectorHeaders is set to 1, an attacker just needs to pass the user name he wants to be within a request header to get unauthorized access to Domino servers.
This notes.ini variable is referenced in the product documentation as well as in this technote for configuring Domino servers behind an IIS reverse proxy.
So there is a good chance that some people have enable this variable in production.
None of the Domino servers I have checked was affected, however I was able to reproduce the findings and can confirm it is working as described even with Domino 9.0.1 with latest fixes installed.
Steps to reproduce
- Add the Notes.ini variable "HTTPEnableConnectorHeaders=1" to the Notes.ini of the Domino server
Remark: This will make the server insecure. - Restart the HTTP task
- Use Firefox and install this plugin => https://addons.mozilla.org/en-US/firefox/addon/modify-headers/
- Restart Firefox for the plugin to be initialized
- In Firefox, open the configuration of the new plugin
- Add a new header called $WSRU with the desired username / shortname as available in the target environment
Save + Enable the configuration - Start the Plugin
- Navigate to an existing Domino server resource, e.g. https://your-domino-server.your-domain.com/mail/username.nsf
Just imagine what can be done when using the name of an administrator...
How to fix it?
Well, as simple as removing the Notes.ini variable in question, using the following two commands at the Domino server console:
set config HTTPEnableConnectorHeaders=0
tell http restart
tell http restart
Of course you would use a configuration document in production to keep your Notes.ini under control.
References:
- Nevermind.dk - http://nevermind.dk/
- Sean Cull - Apache Proxy for Domino and HTTPEnableConnectorHeaders
- Darren Duke - If you get page errors after disabling HTTPEnableConnectorHeaders in Domino, try this
- Jesse Gallagher - Domino's Server-Side User Security
IBM Stammtisch in Dresden - Thema Business Tools - 6.Nov.2015- 5 November 2015 - (0) Comments
Thomas Hampel
5 November 2015Hallo IBM Community!
wir, d.h. Anett Hammerschmidt und ich, laden euch wieder herzlich zum IBM Stammtisch in Dresden ein.
Thema des Abends ist "Business Tools" insbes. im Bereich der IBM Messaging & Collaboration Produkte,
Natürlich steht auch diesmal das Kennenlernen und Pflegen neuer und alter Kontakte im Mittelpunkt. Jeder Teilnehmer ist herzlich willkommen!
Wann?
Datum: 06. November 2015
Zeit: 18 Uhr bis 24 Uhr
Einladung im iCAL format
Wo?
Augustiner an der Frauenkirche
An der Frauenkirche 16/17
01067 Dresden
Webgeschreibung siehe Google Maps, parken ggf. bei QPark Frauenkirche / Neumarkt
Anmeldung:
Bitte tragt euch in diese Liste ein, so können wir die Plätze im Lokal besser planen und ggf. mehr Tische reservieren.
Ablauf:
18:00 Uhr - Welcome Reception
19:00 Uhr - Sessions
Session | Sprecher |
Virtualisierung mit Docker | Veit Weber |
DIM - Tool Kit Domino Administration | Markus Petzold |
Making the Command Line Your Best Friend, SCM (Git), alles wofür man eine Command Line braucht, Node.js, Bower etc. | Oliver Busse |
Ytria Tool Kit Domino Administration and Development Overview) | Kjeld Gosselke |
Was ist Neu in Domino Navigator 1.9 | Erik Schmalz |
Professionale Grafiken schnell und effektiv | Anett Hammerschmidt |
Domino Administrations Tools Troubleshooting, Standardization, Visualization and more | Thomas Hampel |
Kurzentschlossene können auch ohne Anmeldung einfach vorbeikommen, bitte direkt bei Anett ( +49-176-10315855 ) anrufen
Wir freuen uns auf Euch!
Anett Hammerschmidt und Thomas Hampel