Personal Blog of Thomas Hampel - Creative Mythbusting in Development and Collaboration

Who am I?

Feeds

Previous Document Next Document

Passthru configuration done right

Thomas Hampel
 2 June 2012

I'm wondering why some customers are not using Passthru - a function which exists in Notes/Domino for years.

From an infrastructure point of view, a Domino passthru server is nothing else than a special reverse proxy for Notes/Domino. Compared to normal reverse proxy servers it is providing an higher level of security due to the fact that authentication/authorization is using the NotesID for authentication and not relying on username/password

I've seen customers who create multiple location documents and tell end users to switch between them to force the usage of passthru. Personally I dont think that this is what end users expect, so here is a configuration which will use the passthru server automatically when it can not find a direct connection.


To efficiently use an existing passthru server, Notes Clients should be configured the following way:

1.)
Create a server connection document in the personal address book of the Notes Client pointing to the passthru server name and its IP address(or DNS name)

2.) Create another connection document, of type "passthru" which is used for */Org , where Org is the root certifier of your organization.

Image:Passthru configuration done right

important for this one is to set the usage priority to "Low" as shown in this picture

Image:Passthru configuration done right

Once completed, its time for
testing the connection.

Advanved options:

When using multiple passthru servers, its possible to put an IP sprayer or load balancer in front of them, so all servers are addressable with the same DNS name.
Typically a Notes client will reject connecting to a server that is using a different name than the one requested.
No need to worry, because
Technote 1233210 already provides the solution.
On each of the Domino passthru servers behind the network sprayer you can add NETWORK_SPRAYER_ADDRESS=sprayer to notes.ini. Where "sprayer" is supposed to be a comma separated list of acceptable names or IP addresses of the load balancer.


Result :

If the Notes Client is within the corporate network it will directly connect to the target Domino server, but if the direct connection fails it will try to use the next available passthru server.
Tagged with: Notes
Comments

1.) Untitled

Paolo http:// 16/06/2014 14:01:24

Thanks for this very useful doc.

Please could you update the correct reference to Technote 1233210, because it is not available anymore.

best regards

Paolo

2.) Untitled

Günther Rupitz http:// 23/12/2016 23:11:49

Hello

I set the configuration as you wrote.

If i test the connection with the trace tool everything works fine, i get the connection via the passthru server.

But if i simply try to open a database on the server i get the message that the remote server is not a known TCP/IP Host.

In the statusbar i can see that the client does not try to connect via the passthru server, do it does not use low priority connection documents.

Is there any way to enable this?

Thanks, Guenther

Thomas Hampel, All rights reserved.