Hosting multiple Lotus Domino servers at one IP address without a VPN

If you work at a small business and have only one static IP address assigned by your Internet Service Provider (ISP), the static IP is typically attached to your router, which then issues internal IPs to the machines in your local network. But, suppose you want to make some of your internal Domino servers visible to the outside world. The servers might be for your own use when you're out of the office, or for customers to access a Lotus Notes application hosted at your office.

This situation also applies to organizations that own more than one IP address, but have used up all their IP numbers for existing machines. How do you host more externally visible servers than the number of IPs you have?

The standard answer is to set up a virtual private network (VPN), and many routers have this capability built in. The problem with VPNs, however, is that they require more work for the person logging in. Some VPNs require special client-side software; and all require you to issue username/password pairs to each person who connects.

In some cases, the security gains from the VPN are worth this effort. (And, indeed, are the reasons for the effort.) In many cases, though, you want people to connect to your Lotus Domino servers without any special setup on the client side -- other than possessing a valid Notes ID file.

This tip describes how to host more than one Domino server at a single IP address without using a VPN.

A couple points to keep in mind:

Perform the following on each server that you want to expose to outside Lotus Notes

Digg This!     StumbleUpon     Del.icio.us

RELATED CONTENT Domino How to turn off the message recall feature in Lotus Notes 8 What is Notes 8.5's DAOS (Domino Attachment and Object Storage) feature? SaaS and collaboration set the stage at Lotusphere Top 10 Lotus Notes/Domino administration tips of 2008 How to upgrade to Lotus Notes 8 and retain Lotus Notes 7 Five Domino domain default server settings you should change and why How DirLint verifies data in Lotus Notes Domino 8 directories An introduction to Lotus Notes password options and essentials Tivoli Directory Integrator synchronizes Notes Domino 8 directories Setting up RSS feeds in Lotus Notes Domino 8 Web Top 10 Lotus Notes/Domino administration tips of 2008 How to create a dynamic SVG graph using a Lotus Notes agent Upgrading and patching Firefox: Security considerations for administrators Admin2005 Learning Guides Making old, new flavors of Domino SSO work A fun site, with serious code Creating corporate welcome pages with Lotus Notes Domino Web traffic analyzers LotusScript error detection on the Web One URL for all Webmail Lotus Notes Domino Administration Top 10 Lotus Notes/Domino administration tips of 2008 How to convert Lotus Notes documents to .PDF files A Domino Domain Monitoring primer Getting up to speed on Notes/Domino administration Daylight Saving Time 2007 -- seven helpful tips for Lotus Notes administrators Our experts' favorite freeware tools for Lotus Notes and Domino Separating a Lotus Notes network into two Notes Named Networks IBM will add social networking tools for business Lotusphere 2007 refocuses on users Top 10 Notes/Domino administration tips of 2006

RELATED RESOURCES 2020software.com, trial software downloads for accounting software, ERP software, CRM software and business software systems Search Bitpipe.com for the latest white papers and business webcasts Whatis.com, the online computer dictionary

connections:

Some readers are probably screaming right now about how insecure this configuration is, since anyone in the world can see the Domino server and attempt to connect to it.

My response is twofold:

If the data on the Domino server is extremely sensitive, you might want to consider a layered approach, such as VPN or smart cards to gain access to the network. But a properly set up Domino server and Lotus Notes application is very secure in itself. To break in, an attacker needs a valid Notes ID file, issued by the same organization that signed the server's ID. This is tough to fake. I trust a well-designed Notes/Domino server on the public Internet much more than I trust most bank computers on the Internet.

Some additional notes that may be helpful:

For more information see Domino Administration Help -> Index -> Ports -> TCP, and your router's documentation.

About the author: Chuck Connell is president of CHC-3 Consulting, which helps organizations with all aspects of Lotus Notes and Domino..

MEMBER FEEDBACK TO THIS TIP

This tip is very good! I've been searching for this answer for a long time. I should only add that for HTTP servers, you can also host multiple Domino servers, (serving HTTP files) using only one static IP address.
—Fredy K.

Do you have comments on this tip? Let us know.

Please let others know how useful this tip is via the rating scale below. Do you have a useful Lotus Notes, Domino, Workplace or WebSphere tip or code snippet to share? Submit it to our tip contest and you could win a prize.

Rate this Tip To rate tips, you must be a member of SearchDomino.com. Register now to start rating these tips. Log in if you are already a member. DISCLAIMER: Our Tips Exchange is a forum for you to share technical advice and expertise with your peers and to learn from other enterprise IT professionals. TechTarget provides the infrastructure to facilitate this sharing of information. However, we cannot guarantee the accuracy or validity of the material submitted. You agree that your use of the Ask The Expert services and your reliance on any questions, answers, information or other materials received through this Web site is at your own risk.