 | [back to "Putting Connection documents to work"]
Setting up a passthru server (sidebar)
Passthru, which was added in Release 4.0, gives a Domino administrator a powerful tool to help with configuring the relationships of an enterprise's Domino servers, and the access Notes clients can have to those servers. It isn't hard to implement passthru -- a few simple settings in the Server document are all it takes. The hard part of passthru is understanding what it adds to Notes, and how to make it work most effectively. The steps involved in setting up passthru servers, destination servers and workstations are covered in detail in the Administration Help. What follows here is an overview with an emphasis on explaining the process, rather than itemizing the details. The administrator's job breaks down into four major steps:
1. Define a passthru server topology -- a little work with a pencil and paper will help clarify how passthru will work in your system.
2. Set up one or more servers for passthru -- the settings in the Server document specify who can use each server for passthru, and which destination servers they can reach.
3. Set up the destination servers -- final control of which users and servers can access each server using passthru rests with the administrator of the server.
4. Set up workstations to use passthru -- it may be as simple as adding the name of a default passthru server, or it may require additional Server Connection documents.
Define a passthru server topology
It helps to begin with a clear understanding of what you want passthru to accomplish for your users. Do you want passthru to allow users access to servers that their home server doesn't know the network addresses of? Do you want passthru to provide users on the LAN access to servers that are running a different protocol or are connected to a different network? Or do you want passthru to give dial-up users access to multiple servers? You can do all these things at once, but your goals will affect the topology you create.
The second important question you must address is whether you want to dedicate a server or servers to passthru. The issue is primarily one of performance -- dedicated passthru servers don't host applications or mail files. There are three main possibilities:
If you are implementing passthru for significant numbers of dial-up users, you'll probably want to dedicate a server for passthru. It is easier to concentrate the modem connections on one server. If dial-up load begins to impact the server's performance, you can add another passthru server and move some of the modems over (or split the load by implementing a server hunt group -- see the note below).
If you're implementing passthru to extend users' access to servers in another Notes Network or domain -- servers the users' home server won't be able to provide a network address for -- you may find it simplest to set up the users' local home server (or one of the home servers, if there is more than one) as a passthru server that can reach those destination servers, and make this the default passthru server in each workstation's Location document.
If you're implementing passthru to extend users' access to servers that are running different protocols or are connected to a different network, it may be most efficient to set up a single passthru server that runs the required protocols or is connected to both networks.
Double-check the protocols. Passthru servers must run the same protocol as the passthru client, and the servers must also share a protocol with the destination server. This may mean reconfiguring the protocols running on the server.
Now you can draw a diagram that identifies all the destination servers and all the groups of users, and provides the right kind of passthru server for each connection path.
Set up one or more passthru servers
To set up a server for passthru, you must edit its Server document. Open the document (you can find it by choosing Files - Tools - Server Administration, selecting Servers and choosing the Servers View) and expand the Restrictions section:
The last three fields on the right-hand side of this section hold the information that controls the server functions related to passthru. In each case it's a list of names. It can be an explicit list -- the names of individual users, servers, and groups that are found in the server's Public Address Book -- or it can be an implied list, a wildcard or in some cases a blank field:
Route through -- the first field lists the names of users and servers that are permitted to route through this server to other servers (which can be either passthru or destination servers). A blank field in this case means no one can route through, so therefore, this is not a passthru server. An asterisk as a wildcard entry would allow anyone, even users not named in the Public Address Book, to pass through. An asterisk followed by a slash and the name of a hierarchical certifier would allow all users with IDs certified by a particular certifier to use the server -- the "*/Acme" example in the screen shot, for example, would allow access to all the Acme Company's users, for example.
Cause calling -- Any name entered in this field would be authorized to route through this server to other servers that require telephone connections. The default value, a blank, allows no one to force the server to make a phone call. If you want to control long-distance charges by allowing only servers to use this passthru server to make calls for replication, you enter the server names in this field. If your goal is to give users in a field office dial-up access to servers at company headquarters, a wildcard in this field will permit any user to initiate a phone call.
Destinations allowed -- If this field is blank, the server will route to any server it can find a Server document for in its Public Address Book. If you want to limit access through this server to just a subset of the available servers, you can enter the names of those servers. You can use this control to hide destination servers from users who pass through this server -- dial-up users, for example -- as a way to implement security or load-balancing schemes. But remember that this is not the same thing as limiting all possible access to a particular destination server -- that is controlled in the destination server's Server document.
These three fields are duplicated by settings in the server's NOTES.INI file -- Allow_Passthru_Callers, Allow_Passthru_Clients, and Allow_Passthru_Targets. It's better to configure passthru using the Server document, rather than the NOTES.INI file. If you use both, the settings in the Server document take precedence.
Set up the destination servers
Users of passthru servers don't have automatic access to the servers defined as destination servers for that passthru server. That must be granted by the administrator of the destination server. In the destination server's Server document, the "Access this server" field in the Passthru Use section specifies the names of the users, servers and groups who can access this destination server using passthru. The default, a blank field, will prohibit all access via passthru. A wildcard (an asterisk) will permit any passthru access. Or, you may choose to permit any level of access in between. You may allow passthru access to this server by only selected users for security reasons, or only from selected passthru servers -- entering only server names in this field would allow this destination server to replicate databases with those servers via passthru connections, for example, but it would prohibit access by Notes clients.
The function of the "Access this server" field in the Server document is duplicated in the NOTES.INI setting for Allow_Passthru_Access. As with the settings for passthru servers, the Server document takes precedence, so it is better to use the Server document.
Set up workstations to use passthru
If your server configuration is simple and improved access is your primary goal, then very little setup is required for workstations. If you are adding passthru to a server used to host dial-up access to Notes, for example, the remote workstations require no setup at all. This is because when a Notes client makes a dial-up connection to a server, if it cannot connect to a destination server any other way, the client will try to use its dial-up host as a passthru server. If the dial-up server is configured for passthru and knows how to get to the destination server, it will make the connection. If your company has three servers that share a single Public Address Book and you add a fourth as a dedicated passthru server for dial-up users, your users will be able to access databases on all four servers without any changes to their client setup.
If the users are connected via a local area network, they just need to specify the passthru server in the Servers section of their Location document. If this server knows how to get to all the possible destination servers the users might try to connect to (or even just the servers the users' home server doesn't know about or share a protocol with), that is all Notes needs. When it can't find a Server Connection document for a destination server, and the home server can't provide a network address, the Notes client will send a connection request to the default passthru server.
Users may need help creating Passthru Server Connection documents if their needs for passthru become complex -- for example, if they must connect to multiple passthru servers, or to passthru servers outside their own domain. These Passthru Server Connection documents specify two servers -- the destination server, and the passthru server Notes should use to connect to it -- rather than just the usual one. Notes checks for Server Connection documents before it uses the default passthru server, so if a particular destination server requires a passthru connection different from the default passthru server, it will be found. But remember that a passthru Server Connection document says, in effect, "to access this destination server, use this passthru server." It doesn't say how to access the passthru server. For that, you may need to create another Server Connection document of a type appropriate to the connection -- LAN or dial-up or whatever.
Passthru and hunt groups
One of the minor mysteries about passthru is why the Server Connection document for a passthru server equates it with a hunt group:
At first glance, this is an apples-and-oranges comparison. A hunt group is a set of telephone lines that can be accessed by using a single external telephone number. Each time a call to that number comes in, it is connected to the first free line in the group. Companies with many dial-up Notes users have adopted the hunt group technology to improve the efficiency of dial-up connections to corporate servers. It's more convenient for the users -- they have only one phone number to remember -- and administrators can use it to distribute a heavy load of incoming users across multiple dial-up hosts.
But hunt groups, which might connect a user to one of several servers, introduces a complexity, because Notes requires the name of a server before it creates a connection to it. And, a hunt group may have more than one passthru server in it. So, Passthru Connection documents might not work correctly, because you never know which passthru server you may connect to in the hunt group. The solution -- and the start of the confusion with passthru -- was the creation of another type of Server Connection document, the Hunt Group type, which replaces the destination server name with a placeholder name for the hunt group. This allows the Notes client to make a dial-up connection to a server without specifying its name in advance.
And, in many cases, that server will be a passthru server -- especially if access to the destination server requires a dial-up connection, which might be to a hunt group rather than to an individual server configured for passthru. Hence, the terminology in the Passthru Server document.
|