SECURITY


Physically securing the Domino server
Physically securing servers and databases is just as important as preventing unauthorized user and server access. Therefore, locate all IBM® Lotus® Domino™ servers in a ventilated, secure area, such as a locked room. If servers are not secure, unauthorized users might circumvent security features -- for example, ACL settings -- access applications on the server, use the operating system to copy or delete files, and physically damage the server hardware itself.

To ensure maximum physical security for servers, do one or more of the following:


Securing the server console with a Smartcard

IBM® Lotus® Notes® users can use a Smartcard with their User ID to log in to Notes. Smartcard use requires the installation of a Smartcard reader on the user's computer, along with the Smartcard software and drivers. The advantage of using a Smartcard with Notes is that the Smartcard locks User ID. Logging into Notes with a Smartcard requires the Smartcard, the User ID, and the user's Smartcard PIN.

For more information about how Notes users set up Smartcards, see the topic Enabling Smartcards for Notes login.

Administrators can take advantage of Smartcard security to physically secure the Domino server console. In this case the administrator would be locking the Server ID with the Smartcard.

To secure the server console with a Smartcard

Caution Ensure that the SERVER.ID is recoverable via the ID File Recovery before proceeding. Also, verify that the encrypted backup copy of the SERVER.ID exists in the ID file repository.

Before you begin:

Caution If you do not modify the server's NOTES.INI file to include the PKCS11_Library variable, when you try to launch the Domino server, it will shut down and return a "Login aborted by user" error.

1. On the Domino server workstation, install a Smartcard reader and Smartcard driver files.

2. On a Notes client workstation, install a Smartcard reader and the same Smartcard driver files as you installed on the Domino server. This workstation will be used to configure the Smartcard for the server.

3. Copy the SERVER.ID from the Domino server onto a diskette. Insert the diskette into the Notes workstation.

4. Launch the Notes client with a User ID from the domain for which the server has a certificate.

5. Place the Smartcard designated for the server into the card reader of the Notes client. If required, enter the Smartcard PIN.

6. Click File - Security - Switch ID to switch to the copy of the server.id file.

7. Do the following to enable the server.id file for the associated Smartcard

8. Copy the Smartcard-enabled SERVER.ID file back to the server's Domino\data directory.

9. Place the Smartcard in the Domino server card reader, and launch Domino.

10. At the server command console, enter the Smartcard PIN when prompted and Domino will launch.

See also