Evaluator's Guide

RPR Wyatt2700 N. Central Avenue, Suite 890

Phoenix, Arizona 85004USA

Voice 602-263-7779www.rprwyatt.com

Table of Contents Introduction .................................................................................................................................................3

Database Information ..........................................................................................................................3

ACL Information, Changes, and Enforcement ..........................................................................................3

Reports .....................................................................................................................................................3

Audit Trails ...............................................................................................................................................3

Installation Recommendation...................................................................................................................4

Pre‐Evaluation Preparation ..........................................................................................................................4

Identify potential ACL issues ....................................................................................................................4

Identify potential database issues ...........................................................................................................4

Define Audit Trail Needs ..........................................................................................................................5

Navigation, Dashboards, Actions and Change Forms ...................................................................................5

Navigation views ......................................................................................................................................6

Dashboards ..............................................................................................................................................7

Actions/Menus .........................................................................................................................................7

Change Request Forms ............................................................................................................................8

Evaluation Scenarios ‐ Using Essential Tools ................................................................................................8

Using ET Central: Start with the ET Summary Report ...............................................................................9

Report Example: Administration Server Setting .....................................................................................10

Essential Tools Tip ...................................................................................................................................16

Example Report and ACL Change: ACL – Basic Security ........................................................................ 17

Database Change example: Change Template Inheritance ..................................................................20

Audit Trails .................................................................................................................................................23

Current and Most Recent Audit Trails ....................................................................................................25

Custom Audit Trail and Alerts ................................................................................................................26

Tools from the ET Power Tools Box: Admin Tools for Day‐to‐Day Functions ............................................27

Assistance with your Essential Tools evaluation ........................................................................................28

Introduction Essential Tools (ET) is the original member of The Essential Team for IT. Winner of the prestigious Lotus Beacon Award for Best Administration Utility, ET remains the time tested tool of choice for Domino administrators. ET uses reporting and change request actions to help organizations manage database changes (non‐programming), ACL changes, and user management more efficiently. This evaluation guide will help you explore four of the most used functions of ET: ACL management, database changes, reporting and audit trails.

Database Information Reporting for database information and making database changes is one of the four most used features in ET. This information is crucial to maintaining your internal applications design inheritance control, and knowing what changes have been made to the database settings.

ACL Information, Changes, and Enforcement Users say that the ACL management is the most popular feature in their ET deployment. ET’s ACL Management overview shows granular details about the ACL settings in your databases, finds ACL settings that are not properly set, and adds new ACL settings – all within the secure confines of ET. The ACL changes can even be done as a mass change project. Essential Tools allows you to control and enforce Lotus Notes database ACLs. With ET in place, if someone changes an Access Control List, notifications go to the proper administrators or database owners and advise them of the change and ET can even be set up to reinstate and enforce the original ACL settings.

Reports ET will compile the comprehensive, detailed reports and management summaries for complete database and ACL information all delivered in Excel format. The detailed reports provide ACL settings information and the comprehensive database information. The management summary reports include unreferenced mail accounts, inactive database usage, ACL security audit, design inheritance report, mail template inheritance, mail quotas, template exceptions, ACL administration server settings and ACL change log. A third set of reports are natively available in ET and provide corrective actions that can easily be applied by ET users. These reports are the ACL Effective Rights report and ACL Validation report. When used they will re‐instate established security settings.

Audit Trails Once ET is implemented it will deliver a complete audit trail for all change requests including all database property changes and ACL changes performed by ET and those not performed by ET. The audit trail is one of the most valuable ET features, especially for enterprise organizations needing strict change controls. The audit trails are complemented by alerts to provide timely notifications of authorized and unauthorized changes.

Installation Recommendation For your evaluation, we recommend that you install the ET Central version on a local Domino server that has manager access to your active Domino servers in terms of Notes databases/applications and mail. From the ET Central host server installation you can monitor and manage up to 15 servers.

Note: The ET User Guide has full details of the system requirements and how to install ET Central. Please refer to the ET User Guide for installation.

Pre­Evaluation Preparation During your evaluation, you can experience the true administrative power and corrective actions that ET will provide your organization. In this section we will help you identify several key situations that will enable you to discover and fix all ACL and Database issues that exist in your Domino environment.

Identify potential ACL issues Prior to the start of your ET evaluation, we recommend that you identify potential ACL issues for your databases. For example:

• Generate a list of employees no longer with the company. If someone has recently left the company, you can use ET to find all database ACL instances where this employee are listed and replace those instances with the new employee or simply remove the ACL entries.

• For Group and Role consistency, you can use the ET Group Change and ACL Change requests to establish ACL settings for your databases. Then use the ET Effective Rights query to ensure that the desired access levels are properly set in your databases. Once you have installed ET, you can standardize your ACL change process and then monitor for unauthorized ACL changes made outside of this change process. For example, once configured, ET will help you identify any misuse of manager access level that can lead to breaches of security or ACL changes that are not aligned with your policies. Note: for alerts to ACL changes made outside of the ET solution, you must enable the MS SQL connectivity. Please contact RPR Wyatt for assistance with this feature.

• With ET, you can make mass ACL setting changes. This includes general ACL entries, roles, create, delete, write, read, and run agents settings. This is done using the ET ACL Change Request form.

Identify potential database issues ET can help you discover issues with your databases and their settings. Here are a few of the most common issues that users find and can easily correct using ET:

• Find Obsolete or no longer in use databases using the ET Database Usage Report: ET allows the administrator to specify the usage cut off time, database scope and other criteria to generate a custom database usage report. This report is useful to determine which databases are not in use for the since the cutoff time and who had last used them before that point.

• Database inheritance: ET provides native Notes view reports for database template inheritance as well as executive summary reports to capture the enterprise wide inheritance hierarchy. In addition, you can export the information to Excel to create your own reports to fit your own ever‐changing requirements.

• Mail Quotas: ET not only enables a robust mail database quota setting policy in your Domino environment but also provides reporting on enterprise quota settings status. Use the executive summary report to get a breakdown of quotas and, if needed, generate a comprehensive database settings report to Excel to create your own custom mail quotas report.

• Template Exceptions: ET provides an exception report for the most common template exceptions that might be hampering your Domino applications’ design. These exceptions include missing or duplicate templates and replica‐id conflicts between templates.

Define Audit Trail Needs In many organizations it becomes necessary and prudent to track changes. Despite established change management workflow many things are changed in environments outside of the IT guidelines. If it happens in your environment, who is doing this? ET can help you find and identify such changes and can standardize these tasks through provision of at least 15 different administrative types of tasks. Essential Tools' Audit Trails closes the loop and provides the check for your change management processes.

Organizations find great value in ET audit trails because of a myriad of needs or concerns. Typically ET audit trails can play an important role in addressing concerns emanating from human resource issues like the long term employee who just separated from the organization or the regulatory agency which is seeking information on who had accessed certain data.

The ET audit trail doesn't just address issues arising from legal incidents or regulatory requirements. Often it can be used to sort out environmental / technical issues like why you deployed Notes 8.5.3 and only 80% of the organization has it for some reason.

Navigation, Dashboards, Actions and Change Forms There are two ways to access all the tasks that can be done with ET. The first is through one of the three dashboards (Power tools (the default dashboard), ACL Change Request and Database Change Request). Second, all tasks can be accessed through either the Create menu, Action Menu or Views. After installing Essential Tools, open the database. You will see the main Power Tools dashboard at the top right and navigation for each of the other ET management categories along the left side in the navigation pane. There are two other dashboards: one for Database Requests and one for ACL Requests. To switch to the other dashboards, select the ‘Create Database Request’ or ‘Create ACL Request’ in the left side navigation. Once you select the category of Essential Tools you want to use, the dashboards will appear and provide quick access to each task.

Navigation views The database navigation is one way to quickly access a specific area of Essential Tools to create a change. Once you select a view, you will notice that the view shows a history of all change requests that have been submitted. This is an invaluable tool to find out who changed what and when.

Dashboards The ET Dashboards give you quick access into the most common administrative tasks used by ET Administrators. The tasks are a group of powerful tools and during you evaluation, should only be made

available to your evaluation team. For full deployment, you will want to define who can create change requests by job functions. For example, you may want to allow one group of administrators to make ACL changes while restricting this privilege from other administrators.

Actions/Menus Actions are available in the views and are the same as the dashboard icons. Selecting one of the actions will open an ET change request document. Once you have completed the change document and saved it, ET will perform the action(s) you have requested.

Change Request Forms ET change requests provide controlled and audited changes to actions such as ACL changes, database properties changes, and user life cycle management. Depending on the action you select, ET will present the correct change request form to be completed and submitted. In full deployment mode, you

can limit access to these change requests and also setup auto notifications when a change is about to be made.

Evaluation Scenarios ­ Using Essential Tools Now that you are familiar with some of the main features of ET and how ET is set up, you are ready to begin evaluating the power of ET and the benefits it will bring to your Notes administration efforts.

Using ET Central: Start with the ET Summary Report During the installation of ET Central, you will identify which servers will be monitored and available for ET to manage. Let ET run for a couple of hours once it has been installed and activated. ET will gather database and ACL information for the reports. For your evaluation, we recommend you open the ET Summary Report using the “Excel Reports / Other” report .

This summary report will provide an Excel spreadsheet report with separate reports tabs for the following key administrative areas:

These reports will identify issues that may need your immediate attention such as databases with the default ACL set to Manager, mail databases inheriting its design from the wrong version, or the administrative server not set for databases. Included with each report is an explanation of what the report is and what actions you can use in ET to correct the issue.

Report Example: Administration Server Setting Once the report has been generated, the first tab of the report is the ACL‐ Administration Server report.

Click on the About cell to learn what this report is showing.

Click on the Using cell to learn how to make the proper corrections using ET.

Following the instructions you can use ET to make a single secure change or mass changes to save hours of administration work. For example, if we follow the instruction above you can properly set up a mass change request for up to 1000 database in just a few minutes. Let’s follow this example.

First navigate to the ACL section in the navigation pane and expand that section, and select “By Properties”.

Next. Expand the Administration Server category. Then expand the Not Assigned sub‐category. The list of databases not assigned an Administration Server are now available. Select up to 1000 databases for a mass change or select one to change just one of the databases.

Next click on the ACL Actions\Change button

Scroll down the form to the “Administration Server” label and click the button.

Select the first option – “Select the Administration Server”. Click OK

Choose the appropriate server and click OK

Finally, click Save & Close at the top of the ACL change form to submit the request. ET will make the change the next time the ET Request Manager runs. The default cycle is every 5 minutes.

Essential Tools Tip There are multiple ways to create an ET Change Request:

• Actions from the Dashboard

• Actions from the Create menu

• Actions from buttons on the views and forms

To save some data entry time, locate the database in a view and select it. Then, use the actions in the menus or the button (on the view or forms) to create the request. This method populates the form with the database information so you do not have to select the basic value needed to submit a valid request form such as server name(s) and database name(s).

Example Report and ACL Change: ACL – Basic Security This report identifies any basic ACL risks that exist with any database that resides on the servers being monitored by ET.

For ACL issues, here is a sample of what you may see. The report helps to identify ACL settings that can be considered a risk. You can then use ET to make a change or mass changes to the ACL settings following the instructions provide in the Using cell on the report.

Sample ACL Change Request to remove all Anonymous ACL entries from databases on Server 01 and Server 02.

Database Change example: Change Template Inheritance To make the changes, click on the Create Database Request in the navigation menu to open the Database Request Dashboard. Then click on the Information Icon to open the change request form. Using Database change requests you can do the following changes:

• Delete a database

• Change the quota

• Change the owner

• Change certain database properties

• Create a New database

As with ACL Change Requests you can open a new change request document using the dashboard, create menu, or buttons on the views. (TIP REMINDER: by selecting a document in the view, then creating the request form the menus or buttons will pre‐populate data for the database.)

This example shows how to change the design template inheritance value for a database. If you have selected the document from the view, the server and database name will already be populated.

Scroll down to the “Design” Section.

Then add the path to the correct template.

Select “Yes”.

Click on the Save and Close button to execute the request. (see the graphic on following page)

Audit Trails Audit Trails are ET’s efficient report for the ‘who, what, when, and where’ for all environmental changes related to database settings and ACL changes. The audit logs have two sections of information: current requests and a log that will show all activity. If you have executed change requests using ET Request documents, you will now be able to see the documented audit trail in the ET LOG database. For changes made without ET Change Request documents you will need to setup ET to alert you whenever an unauthorized ACL change occurs. We recommend you contact your RPR Wyatt representative for basic instructions and guidance to activate this feature.

To access the Audit Trail, click on ET Log in the navigation pane.

The ET Log database will open and have four categories of audit trails.

Click on “Requests”.

Next click on “By Request Type”. You can now expand the view to find the change information performed by ET with the complete audit trail.

Now open the document to see who requested the action, what action was performed, the status of the action and the date/time of the action.

Current and Most Recent Audit Trails You can also see current requests that have not been archived to the Log database. Click the “All Requests” on the ET navigation pane. Then select “By Status”. You will see a complete audit trail of current requests and the status of each request.

Custom Audit Trail and Alerts Some Essential Tools users have created custom audit trail reports and functions to fit their defined internal processes. One example is an “Unauthorized ACL Change Alert”. This custom feature monitors any changes to the database’s ACL . Any change not made using Essential Tools is logged and reported. This helps maintain a strict change control process for the particular ET customer. Below is a sample screen capture of the Excel report:

Tools from the ET Power Tools Box: Admin Tools for Day­to­Day Functions Essential Tools offers more administrative tools than this evaluation guide has discussed in this short document. Below, is a brief listing of these features.

Group Members: Provides the ability to add & remove members to groups and create new groups.

ACL Change: Provides the ability to change database ACL access level and flags.

ACL Effective Rights Query Report: Provides a report for the effective ACL access for given ACL names vs. specified databases.

ACL Validation Report: Provides a report of common ACL anomalies such as ACL names not found in Domino Directory, etc.

Monitor ACL Changes: Provides the ability to report on the ACL changes in flexible and detailed reporting format.

ACL Enforcer: Provides the ability to change and maintain the ACL.

Database Information: Provides the ability to set database properties en masse.

Database Delete: Provides the ability to delete Notes databases in flexible way such as by replica id.

New Database: Provides the ability to create new Notes databases and set the ACLs at the same time.

Database Quota: Provides the ability to set the Notes database quotas en masse and in flexible ways such as increase quota be X percent.

Database Owner: Provides the ability to designate database owners for Domino applications.

Auto Registration: Provides the ability to register Notes users en masse and securely store the respective Notes ID files with the password encrypted.

Copy Entry: Provides the ability to copy the ACL and group membership of a given Notes user to a new Notes user. e.g. to facilitate when a new team member is added.

Change Entry: Provides the ability to change the ACL and group membership of a given Notes user. e.g. to facilitate when a team member's name is changed.

Change HTTP Password: Provides the ability to each Notes user to change his/her HTTP/internet password.

Set HTTP Passwords: Provides the ability to set the HTTP/internet passwords en masse.

Termination: Provides the ability terminate notes users in flexible way with backups.

Assistance with your Essential Tools evaluation Need installation, configuration or usage assistance? Call us! ET is a powerful administration tool that can be used as an advanced administration tool or even a project tool. You may be looking for ET to simply manage several specific tasks but not quite sure how to implement it because the examples are not in this evaluators guide. If a modification to ET would make your project a success, it is worth a phone call to RPR Wyatt.

Call support at 602‐263‐8788 and mention “ET Evaluation support”. Or, send an email to support@rprwyatt.com