WIXLIB

Firewall rules are an important part of the correct functioning of the SCNimplementation. Follow the rules to ensure firewall configurations allow for propertraffic flow while minimizing risk of network attacks.Create the company account for Connections Cloud. The customer needs to provide thename of their organization and contact information for the initial administrator account.Select Hybrid Environment. The first choice an administrator makes is whether or notthey want to set up the SCN account as “hybrid”. For an existing Domino customer, toset up in hybrid mode, they check the box and confirm their choice.Initially, the account setup page will display a set of 5 steps marked in red with a warningtriangle. It simply means that the information required for each of those configurationitems has not yet been provided.Run the pre-configuration test tool to see that the existing environment is in good shapeto proceed.Enter server details and click Run Test to test configuration. Fill out the relevantinformation based on what servers are being used in what roles, which directories are tobe synchronized, etc.The output of the test can be viewed immediately on the screen. This output is alsowritten to a file called liveserverconfig.log in the Notes client data directory on theworkstation where the tool is run. Inspect the output and look for any reported problems.Create Server OU Certifier for Connections Cloud Virtual Server Name Registration.Configure a Directory Sync Server. Provide at least one domino server and directory filename. Do not check the box that says “Do not use this Domino Directory forprovisioning” or you will not be able to select users in the directory for provisioning later.This should only be selected if the directory being configured is an extended directorycatalog.After saving the configuration, the sync status will show “Error”. This is not a problem atthis time as we have not yet told Connections Cloud or the on-premises Dominoenvironment how to connect with each other.Configure the Mail Routing Hub. Provide at least one domino server and domain name.Configure virtual mail server common name. Provide a base common name to be usedfor virtual server name creation. The mail server base name is used to generate all of thecommon names for the virtual mail servers in Connection Cloud for the account.13

Configure the Passthru server. The Passthru server must use an IP Address that isroutable from the internet. Enter at least one domino Passthru sever, hostname andassociated domino domain name.*Note - We recommend using a host name rather than IP address in the middle fieldso that any changes in IP address can be done in DNS rather than having toremember to edit this configuration.Upload Certifier ID that will be used to create virtual server identities. You must notupload a certifier that is already used in the on-premises environment.Confirm all information entered and click "Enable My Account" to prepare for directorysynchronization and activation.Prepare for account activation. Click "Download Configuration Tool" to download thetool. The account setup page will indicate 2 new outstanding steps with the red warningtriangle. This indicates the steps have not been done yet, not that there are any problems.When downloading the NSF, save it to the workstation file system before opening it inthe Notes client.Note: Administrator and remote console access are required to run this tool. If youmake any configuration changes, you must download and re-run the tool again.The domain configuration tool has 3 modes of operation.1. Begin pre-configuration test (reports back on the state of the on-premises)2. Begin configuration report (perform a dry run.no actual changes are made)3. Configure servers (update the on-premises server configurations)Domain Configuration Tool Results - Log fileClicking the View log file button in the configuration tool will display contents of the logfile.liveServerConfig.log file is stored in the data directory of the client used to run thedatabase.It is useful to keep copies of the log files when the configuration tool is run as historicaldocumentation of what was configured and when. It also a great source of informationfor troubleshooting purposes.Confirm SCN server are connecting to the Passthru server. Look for sessions containingvirtual server names from the service and of type PASSTHRU.Confirm SCN servers are connecting to Mail Routing/Directory server(s). Sessions forSCN virtual servers representing the directory sync service means that SCN issuccessfully accessing the server via Passthru.Directory Sync Status. If the SCN service is connected to the directory server and canaccess the directory, the status should be reported as OK.14

If not there will be an error status and clicking on the directory server name will displaymore details about the problem.After running the Domain Configuration Tool the service should be able to connect toperform the initial directory synchronization process. The SCN account setup page willindicate that step is complete and that the Internet domain verification is still not done.Click on Internet Domain Verification to confirm that your Internet domain is ready tobe validated. The service performs domain name verification to prevent abuse ofSmartCloud Notes accounts and requires you to create a CNAME record to proveownership of a domain.15

Part 3 - Hybrid Activation and TestingAccount Activation– Go to the Account Setup page– Click the Activate My Account button to complete initial hybrid setupLooking at your account setup now, you should see both directory sync and domainownership steps are complete, as signified with the green check.You should also now see that an “Activate My Account” button has appeared if both ofthose steps are complete. You can click that button once, and you should then see theCongratulations! response indicating that the account activation is complete.Figure 9 - Account ActivationLooking at your account setup now, you should see both directory sync and domainownership steps are complete, as signified with the green check.You should also now see that an “Activate My Account” button has appeared if both ofthose steps are complete. You can click that button once, and you should then see theCongratulations! response indicating that the account activation is complete.ID Vault– IBM creates the ID vault when the customer account is created.– In order for a user's ID file to be uploaded to the ID vault, you must issue a VaultTrust Certificate from a parent certifier of the user ID file to the ID vault certifier.– After the Vault Trust Certificate is issued, only IDs of users with SmartCloudNotes accounts are uploaded to the ID vault.– Issue the certificate after the on-premises directory has been synchronized withthe SmartCloud Notes directory.16

Note: If you try to manage the vault and see a “error not found in view index” then thedirectory indexes might not yet have refreshed and you can use updall -r to do that fromthe hub server console.1. Select Add or remove organization. and click Next2. Click the Add or Remove button3. Select the organization and click Add4. Click OK5. Click Next6. Click Configure7. “Choose a Certifier ID File” dialog2. Select the certifier ID file and click Open3. Enter that password and click OK4. Click DoneYou are done when you see the message that you have successfully managed the ID vaultand that the certifier was successfully added.Confirm SCN Servers are Connecting to the Passthru Server– Look for sessions containing virtual server names from the service and of typePASSTHRU– The virtual server names contain the OU certifier that was uploaded during hybridconfigurationConfirm SCN Servers are Connecting to Mail Routing / Directory Server(s)– Similar sessions from the SCN service containing virtual server names should bevisible on the console of the mail routing / directory replication serversAdditional Outbound Connection Testing / Validation– After Directory Synchronization reports it is complete Ensure that a Domino console trace from the customer mail routing hubserver to any of the SmartCloud Notes servers that can be seen connectingto Passthru serverA group contains allocated servers for the customer, but not all will be running; failing toconnect to one of them is to be expected.You will see an error about not being authorized to connect initially; this is expectedbecause the trace command tries an anonymous connection first.Configuration Test– Web-based tool to allow you to test what the service can see– If you run this before directory synchronization has completed, there will be a lotof errors because synchronization has not yet completed17

Go to the Configuration Test link in the UI and click the Run Tests button to start thetest execution.These tests should be run any time you make changes to the hybrid setup or wheneveryou are troubleshooting problems between SCN and the on-premises environment.SmartCloud Notes Web Administration (User Accounts & System Settings)– If you are not still logged in, log in as the administrator again– Navigate to the IBM SmartCloud Notes optionFigure 10 - SmartCloud Notes Web AdminWith completion of the account activation, a wider set of SCN specific configuration andadministrative options become available.From the IBM SmartCloud Notes navigation link on the left, the SCN specificadministration section now provides additional access into these other areas.18

System Settings - SmartCloud Notes Account SetupThere are many new options listed below the Configuration Test item that were not therebefore account activation was completed.Figure 11 - SmartCloud Notes Account SetupSmartCloud Notes Account Setup - Instant MessagingThe options under Instant Messaging control how the SCN web UI or Notes embeddedSametime client are integrated with community services, not whether chat and awarenessare available to the user via general web chat or rich client.When disabled (the default), there is no presence awareness in the SCN web UI, but anend user can still manually configure a Sametime client to independently connect toSmartCloud IM.SmartCloud Notes Account Setup – Default Time ZoneThis time zone option is used only for newly provisioned mail databases where a defaultset of free-time should be published, even if the user has not yet set their preferred timezone or work schedule. Typically this should just match the location of the majority ofthe users in the company.19

SmartCloud Notes Account Setup - Email NotificationsThis option allows an administrator to specify the email addresses to which notificationsof problems with the service can be sent. Currently, this is limited to alerts aboutproblems with directory synchronization.SmartCloud Notes Account Setup - Email & Calendar OptionsThe Calendar Details option enables the collection of summary data for display whenusing the group calendar function, to show a limited amount of data about appointments.SmartCloud Notes Account Setup - Email ManagementThere are a number of controls on this page related to email management. The absolutemaximum message size allowed in SCN is 100MB. Limiting the message size allows acustomer to reject messages that are over some size lower than this maximum.Mail retention governs how long the soft delete period should be. By default it is 14 daysbut can be up to 90 days long.SCN also provides a method to purge mail data over a certain age. When enabled, thecustomer decides for how long data can live in the mail database.SmartCloud Notes Account Setup - Inbound Mail RoutingThe Inbound Internet Mail Routing page shows who is responsible for handling incomingSMTP mail for each verified domain owned by the customer.SmartCloud Notes Account Setup - Email Filters (Spam)Email filters provide some level of customization for how the Protector SMTP hygienefilters process inbound SMTP mail.The system filter is default for all customers and cannot be removed. It is the fundamentalspam filter and applies to all mail.SmartCloud Notes Account Setup - Email Filters (White/Black Listing)In addition to the spam filter, an administrator can define white and blacklists that containeither individual email addresses or domains. For each rule, they choose deliver toInbox, deliver to Junk or block.SmartCloud Notes Account Setup - Email Filters (Newsletter)The keyword filter rule currently has one category of content defined and that isNewsletters. Adding this rule will allow Protector to use its newsletter detectionalgorithms to filter this kind of email based on the configured action.SmartCloud Notes Account Setup - IMAP Email AccessSCN supports the use of IMAP clients and administrators can control whether or notusers are allowed to use IMAP clients. By default, IMAP support is turned off.20

SmartCloud Notes Account Setup - Password ManagementThe expiry of passwords in Notes IDs can be enabled and set to an expiration duration.SmartCloud Notes Account Setup - Name FinderThe Name Finder option controls how type-ahead and searching works for addressingusers in SCN web. By default using the basic option, when a user begins typing on theTo / CC / BCC fields a simple type-ahead text list of user names is shown from which tochoose.SmartCloud Notes Account Setup - Journaling OptionsAlthough this option is called “journaling” it is not the same as Domino messagejournaling. It relates to the logging of mail delivery and client access events into logfiles, stored in a default format, that a customer can download and import into a datawarehouse and then run reports.System Settings - SecuritySecurity Settings for Connections Cloud overall are set outside of the SCN specificadministration, using the Security link under Systems Settings.A customer can control password expiry interval, what info to display to a user whoclicks the Forgot Password link on the login page and the use of application passwords.Application passwords are for mobile device usage, are system generated but managed bythe user, and can bypass IP address range restrictions (since you never know where amobile device might be connected).The IP address range restriction allows the administrator to specify from which set ofnetworks their users should be allowed to connect.System Settings - ThemeAn administrator can make some limited cosmetic changes. Changing the theme givesaccess to 9 preset color combinations, while the 10th option (the rainbow) allows theadministrator to set explicit RGB color combinations for the main UI components.In addition, an administrator can upload a logo image which they can choose to display inthe top left-hand corner of the top navigation bar which runs persistently across the entirepage, no matter what service is being used.21

Part 4 - User/Data Transition and ProvisioningThere are 4 main phases associated with user and data transitioning and provisioning.1) Assessment2) Planning3) Preparation and Validation4) User/Data Provisioning ProcessFigure 12 - Assessment, Planning and PreparationThe first three phases focus efforts towards the ultimate goal of moving users and theirhistorical data.With this method, customer assistance is increased as customer and IBM risk isdecreased.The Domino Configuration Tuner (which is shipped for free with Domino) can be used togather detailed information about servers.The SCN pre-config tool can be used to assess the readiness of the current Dominoenvironment for hybrid configuration.22

Assessment is where a thorough understanding of the current environment and businessrequirements is done. It is important to understand in detail the current environment, to beable to make good informed decisions about what changes need to occur for a successfulmove to SCN.Planning (or sometimes Design) is the creation of the desired state, thinking through whatwill be required and defining the appropriate sequence of events to realize it. Theinformation gathered during assessment is vital to being successful in planning the pathto cloud.OPT (Onboarding Planning Tool) is provided to certified practitioners. OPT helpsunderstand user, mail database and client usage and also helps to segment the userpopulation into manageable groups for transition planning.Prep / Validation (or sometimes Build) is the execution of the plans.OTT (Onboarding Transition Tool) is provided to certified practitioners and assistswith the execution of the user move. It leads the practitioner through a set of automatedor semi-automated steps for each logical group of users being processed.MOM (Mail Onboarding Manager) is available to be downloaded by any administratorof a Connections Cloud organization that has SmartCloud Notes or Connections CloudS1 subscriptions.OPT, OTT and MOM will be discussed in greater details later in a separate topic.A pre-sale Technical and Delivery Assessment (TDA) is a technical inspection of acompleted solution design. Technical Subject Matter Experts (SMEs) who were notinvolved in the solution design participate to determine:a. Will it work?b. Is the implementation sound?c. Will it meet customer requirements and expectationsThe TDA also helps to ensure that important areas of prerequisites, capabilities anddependencies are discussed and understood early to reduce the possibility of road blocksor surprises during implementation.Typical Customer Responsibilities:– Assessing Domino applications and impact of client upgrades to 8.5.1 FP5 – Fixing application problems– Assessment and planning of end state directory architecture, mail routing andreplication– Assessment, planning and changes to existing security policies / procedures– Assessment and planning of end state architecture for customization / integrationwith other systems– Network capacity planning and any associated network routing changes23

––––Fixing existing problems or issues in the on-premises Domino environmentCreation and staging of client installation packagesPlanning and execution of client upgrades or new installationsEstablishing and testing hybrid environment setup; implementation of passthruserver(s), directory replication and mail routing between on-premises andSmartCloud Notes environments– Transformation management including end user communication plans,communication content, delivery of enablement, etc.– Post-transition decommissioning of mail files and mail serversAssessment Phase:The diagram below indicates phases and a collection of activity areas, but no idea ofoverall sequence.Figure 13 - AssessmentThe diagram in Figure 13 indicates phases and a collection of activity areas, but no ideaof overall sequence.Design and Planning Phase: Determine the mixture of services required to satisfy collaboration / userneeds and what data transition is required Plan for connectivity between on-premises and SmartCloud Notes datace

Hybrid refers to a specific configuration of the SmartCloud Notes customer account within the service that allows existing IBM Domino customers to integrate the on-premises environment and is a core strength and value proposition. The customer Admin can choose if the mail users mail account exists on-premises or in the SmartCloud Notes service.