I am an primarily a Notes developer (with 4-1/2 years of development experience) but am now doing some administration.
We have developed an intranet Web-enabled Domino application on Release 5.03. My client now wants to separate the data (Domino server) and the HTTP stack by integrating Domino and IIS and making Domino use the HTTP stack of IIS4.0 This is so that additional security can be introduced by having a firewall implemented between the two servers (Domino and IIS).
Here are my questions. I hope they're not too banal. I am quite a novice when it comes to administration.
1) Is the above possible? Will it indeed provide additional security?
2) If the above is possible for implementing the firewall, will Domino and IIS have to be hosted on separate machines?
3) If a firewall can be introduced when Domino and IIS are on the same machine, how that can be accomplished?
1a) Yes, this is possible. Domino includes built-in features to allow you to use IIS as the Web server.
1b) I doubt this will provide additional security, and it may even be worse. IIS is a favorite target of attackers, while Domino is not. A well-configured Domino system, with a good firewall, is pretty secure.
2) I always recommend that Domino be on a separate machine. So if you are going to do this, I suggest two separate machines. Plus computers are so cheap now, it is not a big expense.
3) I do not recommend this. You would then have 3 complex pieces of software on one computer -- Domino, IIS and firewall code.
This was first published in February 2002