Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Upcomming Trips

Social Networks

Popular Articles

Winmail.dat

Who am I?

Feeds

 Content
 Comments

Recent Entries

Welcome Domino License An
Available now: HCL Notes/
New HCL Domino Marketplac
Welcome Domino License An
HCL Domino Community Meet

Passthru configuration done right

Thomas Hampel
 2 June 2012
I'm wondering why some customers are not using Passthru - a function which exists in Notes/Domino for years.

From an infrastructure point of view, a Domino passthru server is nothing else than a special reverse proxy for Notes/Domino. Compared to normal reverse proxy servers it is providing an higher level of security due to the fact that authentication/authorization is using the NotesID for authentication and not relying on username/password

I've seen customers who create multiple location documents and tell end users to switch between them to force the usage of passthru. Personally I dont think that this is what end users expect, so here is a configuration which will use the passthru server automatically when it can not find a direct connection.

To efficiently use an existing passthru server, Notes Clients should be configured the following way:
1.) Create a server connection document in the personal address book of the Notes Client pointing to the passthru server name and its IP address(or DNS name)

2.) Create another connection document, of type "passthru" which is used for */Org , where Org is the root certifier of your organization.
Image:Passthru configuration done right

important for this one is to set the usage priority to "Low" as shown in this picture
Image:Passthru configuration done right

Once completed, its time for testing the connection.

Advanved options:
When using multiple passthru servers, its possible to put an IP sprayer or load balancer in front of them, so all servers are addressable with the same DNS name.
Typically a Notes client will reject connecting to a server that is using a different name than the one requested.
No need to worry, because Technote 1233210 already provides the solution.
On each of the Domino passthru servers behind the network sprayer you can add NETWORK_SPRAYER_ADDRESS=sprayer to notes.ini. Where "sprayer" is supposed to be a comma separated list of acceptable names or IP addresses of the load balancer.

Result :
If the Notes Client is within the corporate network it will directly connect to the target Domino server, but if the direct connection fails it will try to use the next available passthru server.
Comments [2]
Tagged with: Notes
Go ElsewhereSubscribe to RSSAboutStay ConnectedAnd More
Thomas Hampel, All rights reserved.