IBM®
Skip to main content
    Country/region select      Terms of use
 
 
   
     Home      Products      Services & solutions      Support & downloads      My account     
 
developerWorks
AIX and UNIX
Information Mgmt
Lotus
New to Lotus
Products
How to buy
Downloads
Live demos
Technical library
Training
Support
Forums & community
Events
Rational
Tivoli
WebSphere
Java™ technology
Linux
Open source
SOA and Web services
Web development
XML
My developerWorks
About dW
Submit content
Feedback



developerWorks  >  Lotus  >  Technical Library
developerWorks

Setting up the Administration process in your Notes Domain

by
Barbara
Burch

Iris Today Archives

Level: Beginner
Works with: Domino 4.5
Updated: 03/10/1997

Inside this article:
Setting up your Administration server for the Public Address Book

Setting up your Administration servers for other databases

Setting up the Administration Requests database

Setting up the Certification Log database

Verifying your setup


Related links:
Recipe: Roadmap of Administration Process requests

Administration Process gotchas and hints


Get the PDF:
adminp1.PDF(238Kb)
Get Acrobat Reader
    [Editor's note: This is the first article in a series of three on how to use the Domino Administration process. This first article walks you through the steps for setting up the Administration Process in your domain. You'll learn how to designate administration servers for your databases, including the most important database in your domain -- the Public Address Book. Then, you'll find out how to set up the databases that support the daily activities of the Administration Process, namely the Administration Requests and Certification Log databases. And lastly, you will learn how to set up the access rights for administrators so they can actually initiate requests for the Administration Process to act on. The second article provides a roadmap of common Administration process requests and describes how Domino goes about completing some of its more extensive series of requests. The third article provides tips and guidelines to help you use the Administration process to its full advantage.]

    Overview
    If you're a server administrator, using Domino to "Work the Web" means a lot more than extending Notes application development capabilities to the Internet. It means more than combining Web server technology with the messaging and groupware features of Notes. What it means, is that you get Notes security with Web standards, and a way to maintain that security using proven administration tools, such as the Administration Process.

    Introduced in Notes Release 4, the Administration Process can save you time by automating many administrative tasks. Using the Administration Process, you can automatically update person and server names in Public Address Book documents and in database access control lists throughout your domain. You can also use the Administration Process to re-certify an ID, rename a person or server, and delete a person, group, or server. With Domino Release 4.5, you can use the Administration Process to modify reader and author fields, and to create and delete mail files.

    In the simplest terms, the Administration Process is the adminp server task that runs automatically when you start your R4 server. However, the successful operation of the Administration Process depends on much more than just starting a server! You must set up the Administration Process in your domain so that many interactions can take place. All databases need an administration server for managing administrative changes that apply to the database. You need the adminp server task to interact successfully with the administration server for the Public Address Book as well as the administration servers for all the other databases in your domain. In addition, the adminp task must interact with the Administration Requests and Certification Log databases. And for these interactions to be initiated, you must assign the proper access rights to your administrators.

    Setting up your Administration Server for the Public Address Book
    When you start up any R4 server, the adminp server task automatically starts, and it automatically creates the Administration Requests database. However, this does not mean that the Administration Process is enabled for the domain. To set up the Administration Process in your domain, you begin by designating a server within the domain to be an administration server for the Public Address Book.

    The Administration Process uses administration servers to manage the administrative changes that apply to databases. This applies to all databases in a domain, including the Public Address Book. The administration server for the Public Address Book maintains the Public Address Book's access control list (ACL), performs deletion and name change operations in the Address Book, and replicates these changes to other replicas in the domain. A good analogy is that your administration server is like the company CEO's administrative assistant. Like an administrative assistant, the administration server takes on much of the day-to-day maintenance -- such as renaming and recertifying -- so that you (the CEO) are freed up for other tasks.

    Chart of the Administration Process

    How do I choose an administration server for the Public Address Book?
    Choosing an administration server for the Public Address Book depends largely on the setup of your network and the equipment you have available. Your choice involves planning how you will assign administration servers for other databases in your domain, and also analyzing how your decisions will affect performance. We recommend that you choose a server that is running the most recent Domino release, because you're assured that you can use the most recent features of the Administration Process.

    When choosing administration servers for your domain, your main choices include:
    • Using a hub server as the administration server for both the Public Address Book and your other databases.
    • Using a dedicated registration server as the administration server for the Public Address Book and one or more separate hub servers as administration servers for your other databases
    • Using a multi-function server as the administration server for the Public Address Book, and distributing administration responsibilities for the other databases.

    If you have a relatively small domain, you can probably use the first option of assigning a single administration server for both the Public Address Book and your other databases. Remember that much of the administration server's resources will be used for updating the Public Address Book and replicating often to keep the Public Address Book consistent across the domain. Therefore, you should limit access to just administrators and other servers. This option gives you centralized control of all administration in your domain, but could affect the server's performance as your domain grows and the need for Public Address Book updates and Administration Process tasks increases.

    The second option involves using a dedicated registration server, which is a server functioning only to manage users in your domain, as the administration server for the Public Address Book. You limit the processing of Public Address Book changes to this one server, and then use another server, such as a database hub, for processing ACL changes to the other databases (by specifying the database hub as the administration server for those databases). You can even divide the responsibility for database ACL changes among several administration servers. But you must make sure that when there are multiple replicas of a database in your domain, you assign an administration server for only one replica.

    The final, catch-all option is to use a multi-function server. This means using a server that has public databases as the administration server for the Public Address Book. We don't recommend this option because the Administration Process activities could affect client access for mail or other databases.

    Assigning an administration server for the Public Address Book
    Use the following steps to assign an administration server for the Public Address Book.
    1. Shut down the server that you want to assign as the administration server for the Public Address Book. (This ensures that the fully-initialized Administration Requests database is created on this server.)
    2. From the workstation for the server you want to assign as the administration server, check if a wildcard replica of the Administration Requests (ADMIN4.NSF) database is already on the server. If so, delete the database. (The Administration Requests database is a wildcard replica if it does not appear in the list of databases when you choose File - Database - Open.)
    3. Again, from the workstation for the server you want to assign as the administration server, open the local copy of the Public Address Book.
    4. Choose File - Database - Access Control.
    5. Click Advanced.
    6. In the Administration Server section, click Server and type the full hierarchical name of the administration server.
    7. Don't enable Modify all Reader and Author fields. This way, the Administration Process won't perform unnecessary processing on the Public Address Book.
    8. Click OK.
    9. Start the administration server.
    10. To ensure that you always use the server copy of the Public Address Book, remove the icon for the local copy of the Public Address Book from your workspace. Then, open the server copy. (You must always use the server copy of the Public Address Book for Administration Process tasks.)

    The Access Control List

    Guidelines for selecting Administration Servers
    The following guidelines are useful for both selecting an administration server for your Public Address Book, as well as the other databases in your domain:
    • All administration servers should be hierarchical and at least Release 4 to maintain ACLs on public databases.
    • For replica databases, you should assign an administration server for only one of the replicas. Any administration changes will occur on that one replica, and then the changes will replicate to the other replica databases.
    • To determine the administration server assigned to a database, choose File - Database - Access Control, and click Advanced. Or, you can also look at the Basics panel (File - Database - Access Control, and click Basics) and if a key icon appears next to any of the server icons, that server is the administration server for the database.
    • The TELL ADMINP SHOW DATABASES console command displays the title and file name of all databases that have the current server listed as its administration server.

    Setting up your Administration Servers for Other Databases in your Domain
    Now, you should designate administration servers for all other databases that you want to maintain with the Administration Process. Your planning for choosing an administration server for the Public Address Book should help you decide how to assign the administration servers for your other databases. To make sure only one replica of a database has an administration server, consider assigning a database hub as the administration server. You should again consider the server resources that are available and how the additional administration processing required will affect the other server activities, such as mail. Also, remember that only Release 4.5 administration servers can maintain names in Reader and Author fields, and delete mail files.
    You can assign an administration server for several databases at once, or assign an administration server one database at a time. A user can also use either of these methods to assign himself or herself as an administration server for local databases.

    Assigning an administration server for several databases at once
    Use the following steps to assign an administration server for several databases at one time.
    1. Choose File - Tools - Server Administration.
    2. Click Database Tools.
    3. Select the server containing the databases for which you want to assign an administration server.
    4. Select all of the databases to be administered by this server.
    5. Select Administration Server from the Tool drop-down box.
    6. Type the full hierarchical name of the server to be used as the administration server. (You must type the name, rather than choosing Local.)
    7. Enable (or disable) Modify Readers and Author fields.
    8. Click Update.

    Tools to Manage Notes Databases

    Assigning an administration server to a single database
    Use the following steps to assign an administration server to a single database.
    1. Select the database icon for which you will set the administration server.
    2. Choose File - Database - Access Control.
    3. Click Advanced.
    4. In the Administration Server section, click Server and type the name of the administration server or select the server from the list box.
    5. Enable (or disable) Modify Readers and Author fields.
    6. Click OK.

    Assigning an administration server for local databases
    Assigning a person as the administration server for a local database means that the Administration Process can make name changes in the ACL and Reader and Author fields of that database if the person's name changes. The Administration Process can also update the occurrences of the person's name in his or her Personal Address Book. To assign an administration server for local databases, you can again use the Database Tools option to assign several local databases at once, or the Access Control option for single databases. The only difference is that you select Local in the Server box, and specify the person's name in the Administration Server section.

    Setting up the Administration Requests Database
    After you enable the Administration Process for your domain by assigning administration servers, the adminp server task begins looking for work to do. All requests that you want the Administration Process to handle are stored in the Administration Requests database (as well as responses to the requests). As stated earlier, this database is automatically created when any R4 server first starts up. A fully initialized Administration Requests database (ADMIN4.NSF) is created on the administration server for the Public Address Book. For all other servers, if the Administration Requests database does not exist, a wildcard replica stub is created during server startup. To allow replication to populate the replica stub, those other servers must give Create Replica access to the administration server for the Public Address Book. Every server in the domain stores a replica copy of the Administration Requests database.

    Setting up the Certification Log Database
    To use the Administration Process for certification tasks (such as renaming or re-certification), you must create a Certification Log database (CERTLOG.NSF) on the server containing the Public Address Book you use to initiate these tasks. The Certification Log database stores certificate usage information for users and servers. When you use the Administration Process for renaming or re-certification, new certificate entries appear in this database and also any errors are posted in the Update Status view.
    Note: All certifiers for the domain must be recorded in the Public Address Book. This is important for all Administration Process tasks that require certifiers. Check the Server - Certificates view.

    Creating the Certification Log database
    Use the following steps to create the Certification Log database on the server containing the Public Address Book you use to initiate certification tasks (such as renaming or re-certification).
    1. Choose File - Database - New.
    2. Select the name of the server being used to register users and servers.
    3. Type Certification Log in the Title field.
    4. Type CERTLOG.NSF in the File Name field.
    5. Select Certification Log from the list of templates.
    6. Click OK.

    New Database dialog box

    Setting up your Administrators
    To initiate tasks for the Administration Process, your administrators must have the correct access rights and roles in the Public Address Book, Administration Requests database, and Certification Log database. We recommend setting up a group for administrators in the Public Address Book with Manager access and typed as a Person group. At the very least, administrators should have Editor (with Delete documents) access to the Administration Requests database and Editor access to the Certification Log database. For more information, please refer to the topic "About access requirements for Administration Process tasks" in Chapter 3 of the Administrator's Guide.

    Verifying your Setup
    To verify that you have set up the Administration Process correctly, check the Administration Requests database on the administration server for the Public Address Book. You should see that the first request is to add the server's build number to the Server document of the Public Address Book. By default, this request is carried out 60 minutes after the adminp task starts running. After the 60-minute interval, if you have set up the Administration Process correctly, the request will be followed by a response document stating that the Administration Process has completed the request. Congratulations! Just remember that you should continually monitor the performance of your servers, replication cycles, and execution times to make sure that you're getting the most out of the Administration Process.

    Scheduling the Administration Process in the Public Address Book
    The Administration Process checks settings in the Server document of the Public Address Book to determine when to carry out requests. These settings are in the Administration Process section of the Server document. The Administration Process will run successfully if you use the default settings. You should just remember that each server's interval settings and replication schedule will affect how quickly your administrative settings replicate throughout the domain. If necessary, you can schedule separate replication events from all servers in the domain to push updates and pull updates from the Public Address Book. The Administration Requests database would also be replicated at the same time. Please see Chapter 3 of the Administrator's Guide for information about scheduling the Administration Process and timing requests.

    ABOUT THE AUTHOR
    Barbara Burch has been a technical writer at Lotus since June of 1996. For Release 4.5, she worked on the Install Guides for Notes workstations and Domino servers. She's currently working on the next version of the Administrator's Guide. Before moving to Boston last year, Barbara worked as a technical writer at National Instruments in Austin, Texas.

    Copyright 1997 Iris Associates, Inc. All rights reserved.

What do you think of this article?

    About IBM      Privacy      Contact