deploying daos and id vault
DESCRIPTION
TRANSCRIPT
![Page 1: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/1.jpg)
MWLUG Conference 2009
IBM CenterChicago, IL August 27-28, 2009
Empowering the Lotus Community
![Page 2: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/2.jpg)
Deploying DAOS and ID Vault
Luis Guirigay
http://lguiriga.blogspot.com
Twitter: lguiriga
Session: IN107
![Page 3: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/3.jpg)
Agenda
• Who am I ?
• Introduction to DAOS
• DAOS Estimator Tool
• Configuring DAOS
• Best Practices
•Introduction to ID Vault
• Configuring ID Vault
![Page 4: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/4.jpg)
Who am I
• Senior IT Specialist at PSC Group, LLC
• Involved in Lotus Technologies since 1998
• Co-Author of multiple IBM Redbooks (Domino 7 for i5/OS, Workplace
Collaboration Services, DB2 for i5/OS and Lotus Workflow)
• IBM Certified Administrator and Developer in 5, 6, 7, 8 and 8.5
• IBM Certified Administrator in Sametime 7.5 and 8
• IBM Certified Administrator in WebSphere Portal 6.0 and 6.1
• IBM Certified Administrator in Lotus Connections 2.0.x
• IBM Certified Developer in Lotus Workflow
• Find me at:
• http://lguiriga.blogspot.com
• Twitter = lguiriga
![Page 5: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/5.jpg)
DAOS
![Page 6: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/6.jpg)
Introduction to DAOS - Domino Attachment and Object Service
• It is not “Shared Mail” (Shared Mail developers are doing something
else)
• Will keep only one instance of each attachment – unless:
• Message is encrypted
• It is a Server feature – Local Replicas will get all attachments
• Cluster is supported but each server handles DAOS independently
• DAOSCatalog.nsf keeps all relationships information
• DAOS is configured per server (Not per Domain)
• DAOS is green: less data = less storage/space needed = more savings
• Attachments are now stored as encrypted .NLO files (by default)
• Transparent to end users and applications
• It requires Transaction Logging (TXN) - (That’s ok, TXN is cool)
• Follow Transaction Logging Best Practices
http://www-01.ibm.com/support/docview.wss?rs=203&uid=swg27009309
![Page 7: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/7.jpg)
Introduction to DAOS - Domino Attachment and Object Service
![Page 8: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/8.jpg)
Introduction to DAOS - Domino Attachment and Object Service
![Page 9: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/9.jpg)
DAOS Benefits
• Disk space savings• Also keep in mind Design and Data compression
• Backup times
• Mail routing optimization when attachments are involved
• Database compact will run faster since file size is reduced
• I/O Transactions are reduced
• Reducing view rebuild times
• DAOS files can be located at:
• Network drive
• SAN/NAS
• Local drive
![Page 10: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/10.jpg)
DAOS Estimator Tool
• Free
• Will tell you how much space you will save before upgrading
• Tested on Domino 6.x and later (but it can run on Domino 5)
• Output:
• Get it here – IBM Technote #4021920
http://www-01.ibm.com/support/docview.wss?rs=463&uid=swg24021920
![Page 11: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/11.jpg)
Configuring DAOS
![Page 12: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/12.jpg)
Configuring DAOS
• DAOS disabled by default
• Remember to apply Fix Pack 1
![Page 13: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/13.jpg)
Enabling DAOS
• Go to Server Document > DAOS
• Change it to Enabled
![Page 14: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/14.jpg)
Enabling DAOS
• Set the minimum size based on the OS bytes per cluster and number
of attachments to be created. Example = 64 KB
• Specify DAOS base Path
• Set Defer Object Deletion (Number of days DAOS will wait to delete
the NLO file after the last message pointing to it has been deleted)
• Save and Close
• Restart server
![Page 15: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/15.jpg)
Configuring DAOS
• Sh Server – TXN and DAOS must be enabled
![Page 16: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/16.jpg)
Upgrade to ODS 51
• DAOS requires ODS 51
• Add CREATE_R85_DATABASES=1 to server’s notes.ini
• Update to ODS 51 using Load compact –c
• ODS 51 will also compress the notes database
- Mail file reduction when upgraded to ODS 51 = 27 MB vs 12 MB
![Page 17: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/17.jpg)
DAOSify Applications and Templates
• Use:
•Load compact <folder/apps> -c –daos on
Or
• Check application property
• load compact <folder/apps> -c
• Enable DAOS at least for Mailxx.ntf
and Mailbox.ntf (So you don't need to enable it
again and again and again....)
![Page 18: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/18.jpg)
Looking at the space savings
• After sending 2 emails – 5 MB and 30 MB
• LZ1 Compression is also used when creating the NLO files
![Page 19: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/19.jpg)
More DAOS Information
• How many attachments were moved to DAOS
• Total size of attachment moved to DAOS
• This is a production Mail file..
![Page 20: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/20.jpg)
Disabling DAOS
• If DAOS is disabled only at the server document
• Old messages will stay in the DAOS folder
• New messages will be stored in the DB
• To Disable DAOS at the application level
load compact <folder/app> -c –daos off
It will restore the attachments to the application, and if the
attachment is not longer used by anyone else, it will be deleted
based on the “Defer Object Deletion for” setting
![Page 21: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/21.jpg)
DAOS – Best Practices
• Backup Mail folder(s) first if backup is performed while server is
running (Very Important !!!!)
• Enabling DAOS on the Mail.box(es) will improve DAOS
processing time
• Enable DAOS on required Templates (Mailbox.ntf, Mailxx.ntf,
etc…)
• Do not enable DAOS to the Mail Journal
• DAOS encryption represents up to 5% cpu utilization. Evaluate
if needs to be disable (don’t worry too much about this)
• Evaluate location of DAOS Folder based on:
• I/O costs
• Storage Capacity
![Page 22: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/22.jpg)
DAOS – Best Practices
• Do not play with the DAOS folder (It’s not a toy)
• Don’t move files
• Don’t delete files
• Let DAOS to handle NLO files
• Notes/Domino Best Practices: Transaction Logging (# 7009309)
• Using the Lotus Domino Attachment and Object Service
Estimator tool (# 7014980 )
• DAOS Backup and Restore (# 1358548)
![Page 23: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/23.jpg)
DAOS – Best Practices
• Minimum size limit based on your system's disk block
fsutil fsinfo ntfsinfo <drive>
• DAOS Estimator tool can help you to define minimum value
![Page 24: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/24.jpg)
![Page 25: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/25.jpg)
ID Vault
• It is an optional feature that automates the most important ID related
operations
• Synchronize passwords across multiple copies
• Upload a copy of the user ID to the ID Vault
• Allows to reset a password from the Admin client
• Use method ResetUserPassword to create self-service applications
• Automates Key rollovers
• Automates user renames
• Allows to restore IDs in case of lost or corruption
• No need to have the ID when installing a new Notes client
• Audit role – allows to download a copy of the ID for auditing
purposes.
SECURE_DISABLE_AUDITOR=1 to disable it
![Page 26: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/26.jpg)
ID Vault Requirements
• Servers hosting the Vaults or involved in the process must be 8.5
• Clients must be 8.5
• New Security view in both server and client’s log.nsf
• Multiple Domino Domains are not supported
• But Multiple Organizations within the same domino domain are
![Page 27: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/27.jpg)
Configuring ID Vault
![Page 28: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/28.jpg)
Configuring ID Vault
• Read carefully and click Next
![Page 29: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/29.jpg)
Configuring ID Vault
• Enter the ID Vault’s name and some descriptive information. Click Next
• Remember.. You can create multiple ID Vaults
• The description will become the DB tittle
• Don’t name the ID vault as the Org, Domain, OU
![Page 30: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/30.jpg)
Configuring ID Vault
• Enter a password and confirm it. Click Next.
• Optional: Set the ID Vault‘s id location (Yes.. You need to worry
about a new ID)
• Do not forget this password !!!
![Page 31: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/31.jpg)
Configuring ID Vault
• Select your primary ID Vault server. Click Next
• You can add replicas of the ID Vault to other servers later
Important !!!! ID Vaults replicas cannot be created using standard
“Create Replica” process – You must use ID Vault > Manage ID Vault
Replicas
![Page 32: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/32.jpg)
Configuring ID Vault
• Select the ID Vault administrators
![Page 33: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/33.jpg)
Configuring ID Vault
• Select the Organizations or OUs that should be part of this ID Vault
![Page 34: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/34.jpg)
Configuring ID Vault
• Add the users authorized to reset passwords
• Users/Servers with the “Password reset agent authority” will be able to
sign agents that can reset passwords.
![Page 35: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/35.jpg)
Configuring ID Vault
• Select “Create a new policy assigned to an organization”
• It will create an organizational policy
• There are multiple options here…. Be my guest !
![Page 36: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/36.jpg)
Configuring ID Vault
• Select the Org to which this policy will be assigned.
![Page 37: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/37.jpg)
Configuring ID Vault
• Enter some information to help the user contacting the right team or
anything that may help.
• This field supports html
![Page 38: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/38.jpg)
ID Vault
• Review all the details and click Create Vault.
• You will be asked for one or more Cert Ids (based on the Org applied to
the ID Vault)
![Page 39: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/39.jpg)
ID Vault
• Cool !!!! We have created our first ID Vault
![Page 40: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/40.jpg)
ID Vault
• Let’s see our new Policy
![Page 41: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/41.jpg)
ID Vault
• and our ID Vault
![Page 42: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/42.jpg)
ID Vault – Best Practices
• Here is our first user’s id uploaded to the Vault.
• It may take some time to upload the ID (the first time)
• ID File is encrypted
![Page 43: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/43.jpg)
Administering ID Vault
![Page 44: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/44.jpg)
ID Vault
•
![Page 45: Deploying DAOS and ID Vault](https://reader031.vdocuments.net/reader031/viewer/2022020101/5480f3a2b4af9fa8068b486d/html5/thumbnails/45.jpg)
Questions ??