The daily work of the Domino system administrator is to maintain the normal operation of the Domino system. Some of the works that the administrator must do will be simply explained. For system administrators, especially new system administrators, these recommendations can help them complete basic maintenance.
text
Based on many experienced Domino administrators and consultants, we have proposed some recommendations to Domino system administrators to help them maintain the normal operation of the Domino system. These recommendations are for Domino R5, and only involve the most basic maintenance work, each system administrator also needs further maintenance according to the special requirements of your own system. Before this suggestion, it is necessary to emphasize a little: "Domino 5 Administrator Help" should be the starting point of all maintenance tasks, and the administrator must check the corresponding topics in the administrator before performing maintenance to ensure the correct steps. 1. Save the verifier ID file and its password authenticator identifier file (CERT.ID and all organization ID files) are the most important files in the Domino system. Especially CERT.ID, all other ID files are created by it. If this file is lost or forgotten, it will not be able to create a new server and user. Therefore, pay attention to the preservation of the validator ID file and its password starting from the system. Be sure to save it in a safe place and make it back up, do not put it on a shared network drive; record your password, but don't tell the person. Be careful not to set your password to "password" or other eased words. 2. Run the Compact, FixUp, and Updall task compact, fixup, and updall tasks for regular, and Updall tasks are the maintenance tasks of the server itself. Compact is used to release unused space in the database; fixup detect invalid documents and corrupted databases, and try to fix them; Updall rebuild view indexes and full-text indexes. These three tasks run at least once a week. You can set their runtime as follows. 1). Open the server 2 you want to manage in the Domino administrator client). Under the Configuration tab, expand "Server" - "Programs", click "Add Program" 3). Under the Basic tab, " Enter the name of the task in the program name, which is the key name 4 of the server running this task in "Running Server" in Compact, Fixup, or Updall "Command Line". In "Schedule" Under the label, set the schedule to "Enable" and set the time to set the task. If you get to the runtime scheduled by Compact, Updall, and Fixup, the system is performing other tasks, these three tasks may not be executed. Therefore, when setting the time schedule, it should be avoided to avoid coincidence with other tasks and timing agents. You can enter a command "show schedule" on the server's console to see the schedule of other programs, enter the "Tell amgr Schedule" to view the schedule of the timing agent. Each task has its own command line options. For example, "Updall -R" will rebuild existing indexes, but only when the "-r" option is only updated, the existing index is updated. You must choose the appropriate option to complete the task you need. The list of options for each task can be found in the Domino 5 Administrator Help database. 3. Creating a Deny Access Group is forbidden to access the server from some user access servers. When the user leaves the company, you need to make sure they cannot use the original Notes ID file to access the server. Administrators can join the hierarchy of these users to refuse to access groups to ensure this. The steps to create a denial access group are as follows: 1). Open the server 2 you want to manage in the Domino administrator client). Under the Personal and Group tab, click "Deny Access Group", click "Add Group "Buttons 3). Enter a name in the Group Name, such as DenyGroup; select" Group Type "only to access list" 4). Enter or select users who want to disable access in "Members" Name 5). Save and exit this document 6). Open the server documentation to reject users accessed under Configuration tabs 7). Enter the rejection of the rejection created above in "Deny Access Server" under the Security tab Group name, in this case is DenyGroup.
Tip: After creating a denial of accessing the group, the administrator can automatically add the user name to this group when the administrator deletes the user, so that you can guarantee that each deleted user can no longer access the server without manual operation. 4. Understand the application on the server to determine the type of database supported by the server. The server is mainly used for one or two large databases or is it used for multiple small application databases? What is the application design on the server? Whether to use a big effect on performance, if you use a date / time query in the view? If the design of the application database is unreasonable, the adjustment that the administrator can do is impossible to play too much. Administrators also need to pay attention to the server's log (log.nsf). The information in the server log is the key to understand the server and user activity. In particular, "Other Event" views in the log, most of which need to be observed is included therein. You should browse Log.nsf every day, find out the error message and exception information, and determine if the server is operating normally. 5. Remove Unnecessary Server Tasks By default, the Domino server automatically launches a set of server tasks, some of which may not be used. Remove these unnecessary tasks to save system resources, facilitate operation of other tasks and applications. A list of task lists on the server is in the server's Notes.ini file. Use any text editor to open the Notes.ini file in the Domino program directory, find the "Servertasks =" line, delete the task names that are not required, then start the server next time, these tasks will not start. For example, if you don't use the calendar and schedule of Notes, you can remove the "Calconn" and "SCHED" tasks. The server task running in the specified time can also take into account. In the NOTES.INI file of the server, find the "servertasksaty =" line, where Y is the number of time representative (1 means at 1 in the morning, 5:00 in the early morning, in this class), delete the unwanted task name. For example, if you do not use a shared message, "Object Collect Mailobj.nsf" in the "Servert Collect Mailobj.nsf" line can be removed. After the next restart server, these removed tasks will not be run again. With regard to the name and use of each server task, refer to the "Domino Server Task" topic in Domino 5 Administrator Help. 6. Monitoring Access Control List (ACL) Administrators must ensure that each user has access to each database. Access Control List (ACL) is the core of server security. If the user can access information he should contact, it will threaten the security and information of the server. To easily view each user's permissions for each database, you can open a "Directory (R5)" database on the server to view the Access Control List - "Press Level" view. The file name of the directory (R5) database is Catalog.nsf, which is automatically created and updated by the server. If catalog.nsf is found on the server, you can enter the command "load catalog" on the server console to create it. it. Some key databases ACL must be strictly monitored, including the "Names.nsf), catalog.nsf, server log (log.nsf), and all databases that contain important information. Further, administrators need to see which users have managers (Manager) permissions. Since managers can change the ACLs and other settings of the database, users who need to manage these settings should be given. It is recommended to use a group to set managers permissions. For example, you can create a group named DomainManager, add the name of the system administrator, and then set DomainManagers as a manager in the database's ACL.
In this way, even if the system administrator has changed, it is only necessary to modify the definition of the group. When installing a new database on the server, you need to pay attention to the default settings of its ACL, especially the permissions of default and anonymous. For important databases, it is best not to let DEFAULT and Anonymous permissions above "unable accessers". When the server can access from the web, Anonymous or Default's permissions will be more dangerous than "unable accessers". 7. Operating system and Domino pushing procedures various operating systems will release some patch procedures for patches the mistakes and vulnerabilities found. Administrators should pay attention to these patch procedures and will be installed on the server in time required. For Windows NT 4.0, the latest pushpiece program is the Service Pack 6a. Note that there is a serious problem when running Domino on Service Pack 6, so you must use 6A instead of 6. When you install Domino on a UNIX operating system, such as AIX, Solaris, HP-UX, you must install some of the patch procedures. The specific requirements of the nail programs can be referred to "Release Notes: Domino / Notes 5.0.x". Domino itself will continue to post new maintenance versions, you can review each version improvement to www.notes.net to decide whether to upgrade the current version. 8. Check that the backup operation administrator must set a fixed backup process. In general, there is a need to back up all data files on the Domino server, including databases, template files, notes.ini files, and ID files. Fixed, reliable backup is important for the Domino server. When backed up, the backup software used must support the backup of the open file. This is because the database (Names.nsf) and server log (log.nsf) is always open at the server runtime, and if the backup software does not have this feature, then these critical databases will not be backed up. In addition to regular (generally daily) backup, it is necessary to periodically check the media (such as tape) used in the backup. This avoids unnecessary losses caused by media damage. 9. Monitoring Server On the Domino server, there is a database for monitoring server status: Statistics & Events Database (Events4.nsf). When the status of the server reaches or exceeds the alert value set by the administrator, it can automatically remind the administrator. Administrators should establish a monitor to monitor some of the basic status of the server, such as: 1). ACL Change Monitor for Names.nsf, Log.NSG, Catalog.nsf, etc. important databases, such as: 1). Important databases Establish an ACL Change Monitor. When the ACL of the specified database changes, the warning message is sent to the administrator's mailbox. 2). STATISTIC MONITOR in the disk space creates a Statistic Monitor for each logical disk on the server. When the remaining space on the disk is less than 25%, the warning message is sent to the administrator's mailbox. The server will be killed by the server due to the exhaustive disk space. 10. Forced users to change the password users generally do not change the password of the ID file, in order to improve security, it should be enforced to regularly modify the password. The settings are as follows: 1). Edit the server document you want to set.). In the Security tab, set the "Verify Notes Identifier Distance" to "Enable" 3). Select the "Personal" view Forced to modify the password user, select "Operation", "Set the password" 4). Select "Check Password", enter the appropriate number of days in "Multi-Change Time Interval" and "Groad Date" to pay attention to server documents and personal documents Need configuration. If one of them is set, the function of the check password will not work. In addition, the other main function of the check password is to allow only ID file access servers including the latest password. Administrators should remind users to reserve their ID files after each modifying the password. Because the original backup ID file has been invalid.
The Domino server remembers the password used by the user, and the user does not allow the user to use the previously used password again when modifying the password. Therefore, if the frequency of forced modification password is too high, the user needs to remember the new password. In order to reduce the trouble of users, the "Mandarous Change Time Interval" is recommended for 90 to 180 days. 11. Copy the Database Template Domino CD with many templates. When different users are installed from the disc installation, the same template's replica ID (Replica ID) is the same. Therefore, when two servers are replicated, they can see the corresponding templates are also replicated. If you don't want to copy these templates, you can create a copy of these templates. New Copy does not mean the operating system-level file copy or rename, but refers to a template with different replica IDs. To ensure that the new template has a new replica ID, you can open the original template at the Notes client, create the "File" - "Database" - "New Copy". Further, administrators can consider remove those unwanted templates to save the server's disk space, and reduce the workload required for maintenance templates. 12. Remove disk mapping and sharing From security perspective, the administrator certainly cannot allow other people to directly access files on the server from the operating system level. Because this will bypass the security mechanism within Domino. To ensure that all access to the server is under the security mechanism control of Domino, you should try not to use disk sharing and disk mapping, especially for Domino's program directory, data directory, and operating system. related articles:
How to prevent users from creating a full text index of a mail database on a server
How to configure Domino R5 SMTP when there is only one Domino server
How to use the POP3 client to access the mailbox on the Notes server
How to match the public key in the ID file with the public communication record?
How to form an "sender (from)" Internet address in R5
How to use the tool provided by Domino Administrator in R5 to construct the Internet address
