Aventail Corporation Technical Integration Guide

Introduction:This supplement describes how to integrate Lotus Domino Groupware with Aventail’s SSL VPN appliance and how to configure Aventail ASAP Management Console (AMC) in order to provide users secure remote access to their respective Lotus databases.

There are two modes of accessing Lotus Domino database,a) Domino Web Access : Using a Web browserb) Lotus Notes : Using a thick client

Aventail supports both Domino Web Access (DWA) and Lotus Notes client. Support and Configuration steps have been discussed in this document to ease the process of integration.

Audience:

Administrator:The administrator is assumed to be aware of Lotus Domino Server and Client installation. For information on installation and configuration of Lotus Domino server and client, refer to the installation guide of Lotus Domino Groupware.

An administrator can use this document to:a) Configure AMC to integrate with Lotus Domino Groupwareb) Troubleshoot and resolve end-user-related access problems

Help Desk Technician:Help desk technicians should understand Access Control rules set by the administrator, and can use this document to troubleshoot and resolve end user related access problems.

End User:An end user can use this document to learn how:

a) To get DWA access by logging into Workplace portalb) To use Lotus Notes client to connect to his Lotus database

Lotus Domino Groupware Integration – Supplement

Version 1.0 June, 2006

Domino Web Access

Compatibility and System Requirements to use Domino Web Access

Support for various Lotus Domino groupware versions

Client System Specifications: For Domino Web Access

Operating system Web browser

Windows XP Professional with Service Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4

Microsoft Internet Explorer v6.0 with Service Pack 1, or Mozilla Firefox 1.5

Linux (Suse, Fedora2, Fedora4) Mozilla Firefox 1.5 with Java enabled

Macintosh OS X Macintosh Safari 1.2 or Mozilla Firefox 1.5 with Java enabled

Support on various Aventail ASAP AppliancesAventail EX-750, EX-1500, EX-1600, and EX-2500 appliances provide interoperability support for Lotus Domino Groupware. Support is given on Standalone, on Dual-node cluster, and Multi-node cluster with configuration being either of a single home or a dual home.

AMC Configuration for DWA:AMC enable users to have secure remote Web access to a Lotus database in just a few easy configuration steps.

Prerequisites:

a) Confirm the Hostname or IP address of your Lotus Domino Serverb) Configure network and SSL settings, and import license file in AMC c) Ensure that you can resolve and ping your Lotus Domino Server from the appliance

For more information on network settings, refer to chapter 4 of the Aventail EX-1500 Installation and Administration Guide for details on configuring network details.

The following sections describe the configuration steps.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

Aventail Image versions Lotus Domino Groupware Versions

ASAP 7.2 and prior Version 5.0

ASAP 8.0 and later versions Version 6.0 and Version 6.5

2

Configuring the appliance to provide Domino Web access to a groupStep1) Add a resource, using the Resources tab on left-hand side of the AMC.

a) Fill in the Resource name (e.g., Domino Web Access) and Descriptionb) Type in the URL of your Domino Server (http://domino.yourcompany.com) in your

companyc) Check “Create Shortcut on Aventail Workplace” (the resource created will be seen as

a link when users log in to the WorkPlace portal)d) Select Web application profile as “Domino Web Access 6.x”e) Click Save

Advanced Configuration:

Alias:

If you want to obscure the internal host name for a URL resource, supply an alias name (e.g., Domino alias) in this box. This is a public alias that will represent the private URL (e.g., User would access http://yourworkplace/dominoalias instead of http://domino.yourcompany.com).

Synonyms:

If your Domino Server has more than one host name (or “synonym”), type those host names (or IP addresses) in this box. Separate multiple synonyms with semicolons.

Step2) Configuring Aventail WorkPlace shortcut

a) Click Aventail WorkPlace on the left tab in the AMC to create a “Domino Web access” shortcut

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

3

b) Click the shortcut to configure Advanced options

c) Choose All or Standard PC (PDA and Mobile Phone are not supported for Domino)d) The Start page will be your Domino Server’s redirection database file (e.g., DWA.nsf,

a Notes Storage Facility). The redirection database file will prompt users for authentication when they access the resource and map them to their databases accordingly.

e) Click Save

Step3) Create an access rule for created resource.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

4

Access to a particular resource is given through the Access Control List (ACL), a list of rules. In the above example, group of users authenticating using LDAP realm have been given the access.

Click the Edit tabs to choose required User Group and Resource. To create “User Groups” and “Resources” refer to chapters 5 & 6 of the Aventail EX-1500 Installation and Administration Guide. Zones, realms, and authentication methods provide granular control on defining ACL.

Accessing resource from a remote site is discussed at: Client Access of Domino Web access

For more information on accessing WorkPlace portal, refer to chapter 9 of the Aventail Installation and Administration Guide.

Configuring Single Sign-On (SSO) for DWA:

SSO is supported only on username and password authentication.

Step1) Create a Web profile:a) Click Services Configure Web Proxy Serviceb) Create a new Web profile as illustrated below,

Step2) Modify the Domino Web Access resource to use Domino-SSO profile.

a) Click Resourcesb) Chose Domino Web Access resourcec) Choose Web application profile as Domino-SSO.

For users who are authenticated with username/password, same credentials will be used to authenticate against Domino Server.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

5

Client end Access:

To get Domino Web Access:Users who wish to have Domino Web access need to:

a) Log in to WorkPlace portal using a browser and using a realm on which access control rule has been given.

b) Click the Domino Web Access resource link seen on your WorkPlace portal.

“Domino Web access” resource will be visible as a WorkPlace link.

In our example, users coming in a realm using LDAP authentication were given the access.

c) Click “Domino Web Access”.d) Type in credentials when prompted for username and password.

On being authenticated, users will be directed to their respective mail boxes

Client-Server Access to Domino- Lotus Notes client

Compatibility and System Requirements

Support for various Lotus Domino groupware versions

Lotus Notes Client: Lotus Notes client is supported only on Windows XP Professional with Service Pack 2, Windows XP Home Edition with Service Pack 2, or Windows 2000 with Service Pack 4

Support on various Aventail ASAP Appliances

Aventail EX-750, EX-1500, EX-1600, and EX-2500 appliances have interoperability support with Lotus Domino Groupware. Support is given on Standalone, on Dual-node cluster and Multi-node cluster with configuration being either of a single home or a dual home.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

Aventail Image versions Lotus Domino Groupware Versions

ASAP 7.2 and prior Version 5.0

ASAP 8.0 and later versions Version 6.0 and Version 6.5

6

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

7

AMC Configuration:Few easy configurations on AMC would enable users to have secure remote access to Lotus database.

Prerequisites:

a) Confirm the Hostname or IP address of your Lotus Domino Server.b) Configure network and SSL settings, and to import the license file in AMC c) Ensure that you can resolve and ping your Lotus Domino Server from the appliance.

For more information on network settings, refer to chapter 4 of the Aventail EX-1500 Installation and Administration Guide, for details on configuring network details.

The following describes the configuration steps.

Step1) Create a resource for Lotus Notes

a) Create a Host Name and IP Address Resource (as illustrated above)b) Choose Default Web application profile

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

8

Step 2) Create Access control rule to provide access

In the above example, Users using local authentication are given access to use Domino Lotus Notes to connect to their databases. As illustrated above, choose local users in “From” section and “Domino Notes.” Refer to chapter 4 & 5 of the Aventail Installation and Administration Guide to create “User Groups” and “Resources.”

Step3: Creating realms and Provisioning Agents

a) Click the Realms tab on the left-hand side of your AMC screenb) Create a new realm

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

9

c) Enter the Name and Description of the realmd) Choose an authentication server on which Domino users will be

authenticated (in the example above, Local authentication is used) e) Click Communities to create a community of users

f) Click Edit to choose a member group and these users belong to this community

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

10

g) Click Access Methods to choose the agents that will be provisioned on logging in to Aventail Workplace portal

Refer to chapter 10 (User Access Components and Services) of the Aventail Installation and Administration Guide to understand different access methods.

Client-end Access:

To run Lotus Notes:Prerequisites:

a) To have Lotus Notes installed on your machine.b) To have one of Aventail’s User access Components and Services installed

Or

To log into WorkPlace portal.

For information on Aventail Connect , Connect Tunnel, On Demand(OD) proxy and OD tunnel refer to chapter 10 (User access Components and Services) of the Aventail Installation and Administration Guide.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

11

Steps to start Lotus Notes:

a) Launch Connect tunnel or Aventail Connect and authenticate or log in to the WorkPlace portal.

b) Launch the Lotus Notes applicationc) On first startup, provide the Domino Server’s hostname or IP address (e.g.,

domino.yourlabdomain.com or 10.0.0.50; contact your administrator for details)d) You will be prompted for user ID file (ask your administrator for the ID file)e) Authenticate with credentials to gain access to your mailbox

Internationalization Support: Aventail supports internationalization (i18n) versions 8.5.2 and 8.6.1. Support is tested in both Japanese and South Korean languages.

a) Domino Web Access: browser supporting local languages can be usedb) Lotus Notes: localized thick client versions of Lotus Notes can be used

Upgrades:a) If your appliance is integrated with Domino Lotus Groupware, and if you are planning

to upgrade or rollback, then no changes are required in AMC.b) Upgrading Lotus Domino Server or Client is completely transparent to Aventail

appliances and requires no changes in AMC (versions supported are only 6.0 and 6.5)

Troubleshooting: a) Check Access Control Rules to be sure you have access permissions to required users

The AMC logging facility can help you deduce any problem (example below).

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

12

Authorization denials will be listed in logs. Use “IP or server name” or URL as search strings to view required logs.

b) Check if the Lotus Domino server is routable from appliance c) Check if traffic is reaching the appliance; verify if Firewall is blocking it d) Check logs on the Lotus Domino server

For more information on trouble shooting, refer “Appendix A” of the Aventail Installation and Administration Guide.

Non-Supported Features:a) Single Sign-On feature (for DWA) is generally successful, except in certain rare Web

translation-related cases. b) Lotus Notes on PDA and Mobile Phones is not supported.c) The Lotus Notes client is only supported on Windows, but Domino Web access is

supported on Windows, Linux, and Macintosh.d) Firefox support for DWA is only on Extraweb translated mode.e) DWA on Macintosh has limited features compared to DWA on Linux or Windows

because of limited feature support provided by IBM.

©2006 Aventail Corporation. All rights reserved. Aventail, Aventail ASAP, Aventail Connect, Aventail EX-750, Aventail EX-1500, Aventail EX-1600, Aventail EX-2500 and Aventail OnDemand, and their respective logos are trademarks, registered trademarks, or service marks of Aventail Corporation. Other product and company names mentioned are the trademarks of their respective owners.

Lotus Domino Groupware Integration – SupplementVersion 1.0 – June, 2006

13

Aventail Europe LtdTel +44 (0) 870.240.4499emea@aventail.com

Aventail Asia-PacificTel +65 6832.5947asiapac@aventail.com

CorporateHeadquarters808 Howell StreetSeattle, WA 98101Tel 206.215.1111Fax 206.215.1120americas@aventail.com