We are planning to migrate MS Exchange 5.5 Mail Server to Domino R5 at the DMZ in our organization. In our internal network, we are running Domino R5.
My questions are below:
1. What are the complications if we go for multiple Domino domains?
2. If we use a single domain, can users receive both internal and external mail in the same location? Is it secure?
3. If somebody hacked or guessed the password and was able to get access to the Domino NAB in our DMZ single domain model, then there is a risk. Does this mean that they can access even our internal mail server and applications?
4. What are the services to be open for Domino to communicate with the Enterprise mail server?
5. Which model is best and what advice does Lotus give in this situation.
My answers to your questions are below.
1) Multiple domains do provide some greater security, if you expose only one domain's NAB in the DMZ. The drawback is that more than one domain means more administration complexity and overhead.
2) Yes, you can configure mail routing so that users receive both internal and external mail with a single domain. This is the standard model. Yes, you can set this up so that it is quite secure (of course nothing is perfect).
3) Yes, a single domain model does have the disadvantage that your whole domain NAB is exposed including application information. The ability of people to guess passwords largely depends on your password management practices though. If you do this well, it is very hard for someone to guess a password.
4 and 5) Here are some IBM Redbooks that talk specifically about Domino and Exchange.
Dig Deeper on Lotus Notes Domino Administration Tools
Related Q&A from Chuck Connell
Is it possible to encrypt a user's name before sending an email? SearchDomino.com expert Chuck Connell weighs in. Continue Reading
Learn how to change authentication timeout interval for Domino Web Access logins. Continue Reading
SearchDomino.com expert Chuck Connell provides a resource for a Lotus Notes administrator who wants to filter out email containing the word "spam," ... Continue Reading