Ana səhifə

Technical Integration Guide


Yüklə 466.5 Kb.
tarix25.06.2016
ölçüsü466.5 Kb.


Aventail Corporation


Technical Integration Guide




Introduction:

This supplement describes how to integrate Lotus Domino Groupware with Aventail’s SSL VPN appliance and how to configure Aventail ASAP Management Console (AMC) in order to provide users secure remote access to their respective Lotus databases.


There are two modes of accessing Lotus Domino database,

  1. Domino Web Access : Using a Web browser

  2. Lotus Notes : Using a thick client

Aventail supports both Domino Web Access (DWA) and Lotus Notes client. Support and Configuration steps have been discussed in this document to ease the process of integration.


Audience:

Administrator:


The administrator is assumed to be aware of Lotus Domino Server and Client installation. For information on installation and configuration of Lotus Domino server and client, refer to the installation guide of Lotus Domino Groupware.
An administrator can use this document to:

  1. Configure AMC to integrate with Lotus Domino Groupware

  2. Troubleshoot and resolve end-user-related access problems

Help Desk Technician:


Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems.

End User:


An end user can use this document to learn how:

  1. To get DWA access by logging into Workplace portal

  2. To use Lotus Notes client to connect to his Lotus database


Domino Web Access

Compatibility and System Requirements to use Domino Web Access

Support for various Lotus Domino groupware versions





Aventail Image versions

Lotus Domino Groupware Versions

ASAP 7.2 and prior


Version 5.0



ASAP 8.0 and later versions



Version 6.0 and Version 6.5



Client System Specifications: For Domino Web Access





Operating system

Web browser

Windows XP Professional with Service Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4



Microsoft Internet Explorer v6.0 with Service Pack 1, or Mozilla Firefox 1.5



Linux (Suse, Fedora2, Fedora4)



Mozilla Firefox 1.5 with Java enabled



Macintosh OS X



Macintosh Safari 1.2 or Mozilla Firefox 1.5 with Java enabled






Support on various Aventail ASAP Appliances


Aventail EX-750, EX-1500, EX-1600, and EX-2500 appliances provide interoperability support for Lotus Domino Groupware. Support is given on Standalone, on Dual-node cluster, and Multi-node cluster with configuration being either of a single home or a dual home.

AMC Configuration for DWA:


AMC enable users to have secure remote Web access to a Lotus database in just a few easy configuration steps.
Prerequisites:

a) Confirm the Hostname or IP address of your Lotus Domino Server

b) Configure network and SSL settings, and import license file in AMC

c) Ensure that you can resolve and ping your Lotus Domino Server from the appliance


For more information on network settings, refer to chapter 4 of the Aventail EX-1500 Installation and Administration Guide for details on configuring network details.
The following sections describe the configuration steps.

Configuring the appliance to provide Domino Web access to a group


Step1) Add a resource, using the Resources tab on left-hand side of the AMC.








  1. Fill in the Resource name (e.g., Domino Web Access) and Description

  2. Type in the URL of your Domino Server (http://domino.yourcompany.com) in your company

  3. Check “Create Shortcut on Aventail Workplace” (the resource created will be seen as a link when users log in to the WorkPlace portal)

  4. Select Web application profile as “Domino Web Access 6.x”

  5. Click Save

Advanced Configuration:


Alias:
If you want to obscure the internal host name for a URL resource, supply an alias name (e.g., Domino alias) in this box. This is a public alias that will represent the private URL (e.g., User would access http://yourworkplace/dominoalias instead of http://domino.yourcompany.com).
Synonyms:
If your Domino Server has more than one host name (or “synonym”), type those host names (or IP addresses) in this box. Separate multiple synonyms with semicolons.

Step2) Configuring Aventail WorkPlace shortcut




  1. Click Aventail WorkPlace on the left tab in the AMC to create a “Domino Web access” shortcut

  2. Click the shortcut to configure Advanced options



  1. Choose All or Standard PC (PDA and Mobile Phone are not supported for Domino)

  2. The Start page will be your Domino Server’s redirection database file (e.g., DWA.nsf, a Notes Storage Facility). The redirection database file will prompt users for authentication when they access the resource and map them to their databases accordingly.

  3. Click Save

Step3) Create an access rule for created resource.



Access to a particular resource is given through the Access Control List (ACL), a list of rules. In the above example, group of users authenticating using LDAP realm have been given the access.
Click the Edit tabs to choose required User Group and Resource. To create “User Groups” and “Resources” refer to chapters 5 & 6 of the Aventail EX-1500 Installation and Administration Guide. Zones, realms, and authentication methods provide granular control on defining ACL.
Accessing resource from a remote site is discussed at: Client Access of Domino Web access
For more information on accessing WorkPlace portal, refer to chapter 9 of the Aventail Installation and Administration Guide.

Configuring Single Sign-On (SSO) for DWA:
SSO is supported only on username and password authentication.
Step1) Create a Web profile:

a) Click Services  Configure Web Proxy Service

b) Create a new Web profile as illustrated below,

Step2) Modify the Domino Web Access resource to use Domino-SSO profile.


  1. Click Resources

  2. Chose Domino Web Access resource

  3. Choose Web application profile as Domino-SSO.

For users who are authenticated with username/password, same credentials will be used to authenticate against Domino Server.


Client end Access:

To get Domino Web Access:


Users who wish to have Domino Web access need to:


  1. Log in to WorkPlace portal using a browser and using a realm on which access control rule has been given.

  2. Click the Domino Web Access resource link seen on your WorkPlace portal.



“Domino Web access” resource will be visible as a WorkPlace link.
In our example, users coming in a realm using LDAP authentication were given the access.
c) Click “Domino Web Access”.

d) Type in credentials when prompted for username and password.


On being authenticated, users will be directed to their respective mail boxes


Client-Server Access to Domino- Lotus Notes client

Compatibility and System Requirements

Support for various Lotus Domino groupware versions




Aventail Image versions

Lotus Domino Groupware Versions

ASAP 7.2 and prior


Version 5.0



ASAP 8.0 and later versions



Version 6.0 and Version 6.5


Lotus Notes Client:

Lotus Notes client is supported only on Windows XP Professional with Service Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4

Support on various Aventail ASAP Appliances

Aventail EX-750, EX-1500, EX-1600, and EX-2500 appliances have interoperability support with Lotus Domino Groupware. Support is given on Standalone, on Dual-node cluster and Multi-node cluster with configuration being either of a single home or a dual home.



AMC Configuration:


Few easy configurations on AMC would enable users to have secure remote access to Lotus database.
Prerequisites:

a) Confirm the Hostname or IP address of your Lotus Domino Server.

b) Configure network and SSL settings, and to import the license file in

AMC


c) Ensure that you can resolve and ping your Lotus Domino Server from the appliance.
For more information on network settings, refer to chapter 4 of the Aventail EX-1500 Installation and Administration Guide, for details on configuring network details.
The following describes the configuration steps.
Step1) Create a resource for Lotus Notes



  1. Create a Host Name and IP Address Resource (as illustrated above)

  2. Choose Default Web application profile

Step 2) Create Access control rule to provide access



In the above example, Users using local authentication are given access to use Domino Lotus Notes to connect to their databases. As illustrated above, choose local users in “From” section and “Domino Notes.” Refer to chapter 4 & 5 of the Aventail Installation and Administration Guide to create “User Groups” and “Resources.”


Step3: Creating realms and Provisioning Agents



  1. Click the Realms tab on the left-hand side of your AMC screen

  2. Create a new realm





  1. Enter the Name and Description of the realm

  2. Choose an authentication server on which Domino users will be authenticated (in the example above, Local authentication is used)

  3. Click Communities to create a community of users






  1. Click Edit to choose a member group and these users belong to this community

  2. Click Access Methods to choose the agents that will be provisioned on logging in to Aventail Workplace portal



Refer to chapter 10 (User Access Components and Services) of the Aventail Installation and Administration Guide to understand different access methods.

Client-end Access:

To run Lotus Notes:


Prerequisites:

  1. To have Lotus Notes installed on your machine.

  2. To have one of Aventail’s User access Components and Services installed

Or
To log into WorkPlace portal.


For information on Aventail Connect , Connect Tunnel, On Demand(OD) proxy and OD tunnel refer to chapter 10 (User access Components and Services) of the Aventail Installation and Administration Guide.
Steps to start Lotus Notes:


  1. Launch Connect tunnel or Aventail Connect and authenticate or log in to the WorkPlace portal.

  2. Launch the Lotus Notes application

  3. On first startup, provide the Domino Server’s hostname or IP address (e.g., domino.yourlabdomain.com or 10.0.0.50; contact your administrator for details)

  4. You will be prompted for user ID file (ask your administrator for the ID file)

  5. Authenticate with credentials to gain access to your mailbox

Internationalization Support:


Aventail supports internationalization (i18n) versions 8.5.2 and 8.6.1. Support is tested in both Japanese and South Korean languages.

  1. Domino Web Access: browser supporting local languages can be used

  2. Lotus Notes: localized thick client versions of Lotus Notes can be used


Upgrades:


  1. If your appliance is integrated with Domino Lotus Groupware, and if you are planning to upgrade or rollback, then no changes are required in AMC.

  2. Upgrading Lotus Domino Server or Client is completely transparent to Aventail appliances and requires no changes in AMC (versions supported are only 6.0
    and 6.5)



Troubleshooting:


a) Check Access Control Rules to be sure you have access permissions to required users
The AMC logging facility can help you deduce any problem (example below).


Authorization denials will be listed in logs. Use “IP or server name” or URL as search strings to view required logs.
b) Check if the Lotus Domino server is routable from appliance

c) Check if traffic is reaching the appliance; verify if Firewall is blocking it

d) Check logs on the Lotus Domino server

For more information on trouble shooting, refer “Appendix A” of the Aventail Installation and Administration Guide.


Non-Supported Features:


  1. Single Sign-On feature (for DWA) is generally successful, except in certain rare Web translation-related cases.

  2. Lotus Notes on PDA and Mobile Phones is not supported.

  3. The Lotus Notes client is only supported on Windows, but Domino Web access is supported on Windows, Linux, and Macintosh.

  4. Firefox support for DWA is only on Extraweb translated mode.

  5. DWA on Macintosh has limited features compared to DWA on Linux or Windows because of limited feature support provided by IBM.






Aventail Europe Ltd

Tel +44 (0) 870.240.4499



emea@aventail.com
Aventail Asia-Pacific

Tel +65 6832.5947



asiapac@aventail.com



Corporate

Headquarters

808 Howell Street

Seattle, WA 98101

Tel 206.215.1111

Fax 206.215.1120

americas@aventail.com



www.aventail.com






©2006 Aventail Corporation. All rights reserved. Aventail, Aventail ASAP,
Aventail Connect, Aventail EX-750, Aventail EX-1500, Aventail EX-1600,
Aventail EX-2500 and Aventail OnDemand, and their respective logos are
trademarks, registered trademarks, or service marks of Aventail Corporation.
Other product and company names mentioned are the trademarks of their
respective owners.



Verilənlər bazası müəlliflik hüququ ilə müdafiə olunur ©atelim.com 2016
rəhbərliyinə müraciət