15
0
Several people have asked me about the Traveler deployment that I've done with a 10 server Traveler HA pool.
This is a large global customer, but we are only rolling Traveler out to the US users (about 40K devices).
The plan is to start with a roll out of about 10K users - one Traveler pool.
We will be using Lotus Mobile Connect 6.1.4 initially as sort of a pass through. When LMC 6.1.5 becomes available, we'll be upgrading over the top and activating the Single URL feature. This is a new feature of LMC that makes LMC "Traveler aware" and will do user assignment and routing from a single URL.
In the past versions of Traveler, users have to know their Traveler URL. The HA version, there is a single hostname (such as a load balancer or Virtual IP) that sits in front of each Traveler pool. The users would need to know their URL for that pool. If you only have up to 10K devices, that is not a problem, but in the case of this customer, we have 40K devices and thus 4 Traveler pools of 10 Traveler servers. That means 4 possible Traveler URLs and the users have to know which one. Now this is where LMC comes into the picture. The new version (eta is October 1ish) will handle routing. LMC learns where the existing users belong and will route them accordingly. As new users come to the LMC that are not yet assigned, LMC will route them to a pool that has capacity.
The beta for LMC 6.1.5 should be available this week, however it is only on Linux and with an Oracle back-end database. The Windows version will be available by the end of July and should support MSSQL. We'll be deploying that as a proof of concept when it becomes available.
My customer is using a MDM provider that will be in front of the LMC. The MDM provider will handle the authentication of the user against a Sun One Enterprise Directory. We have authentication configured to pass the tokens from the MDM provider to LMC and then SSO between LMC and Traveler. You export the LTPA tokens from the LMC and into Domino to get that working.
OK so that's a glimpse of the project so far. Here is a list of some of the things that I have learned:
Requirements: http://www-01.ibm.com/support/docview.wss?uid=swg27027499&myns=swglotus&mynp=OCSSYRPW&mync=R
Infocenter for Admins: http://www-10.lotus.com/ldd/dominowiki.nsf/xpViewCategories.xsp?lookupName=Administering%20Lotus%20Notes%20Traveler%208.5.3%20Upgrade%20Pack%201
Infocenter for users: http://www-10.lotus.com/ldd/dominowiki.nsf/xpViewCategories.xsp?lookupName=Using%20Lotus%20Notes%20Traveler%208.5.3%20Upgrade%20Pack%201
Known Issues: http://www-01.ibm.com/support/search.wss?lang=en&loc=en_US&r=10&cs=utf-8&rankfile=0&cc=&spc=&stc=&apar=include&atrn1=SWVersion&atrv1=8.5.2&sort=rk&tc=SSYRPW&go.x=13&go.y=13&dc=DB520%20D800%20D900%20DA900%20DA800%20D600%20DB530%20DA600%20D700%20DB500%20DB400%20D100%20DB540%20DB510%20DB55&dtm
Use Domino Enterprise server. We don't support the other types (messaging, utility, etc)
The main thing is sizing. We are planning on about 1000 users per
traveler server. 10 Traveler servers per pool. Each Traveler HA pool
can only support about 10,000 devices. If you have more than 10K
devices, you should start a new pool.
We went 8CPU, 16GB RAM with 64bit OS for each Traveler server to support this many users. You do not want to use a 32bit OS.
Your Traveler servers should be co-located with the Mail servers for
performance sake. We highly recommend that the database server (db2 or
sql) has physical hardware with a RAID 0/1 array. The bottleneck will
be in the disk i/o.
For best performance on the database server, you should separate the
transactional logs from the data and system drives. We also dedicated a
logical disk to temporary files. Example
c:\ - system files
d:\ - data files
e:\ - temporary files
f:\ - transaction logs
g:\ - backup files
The Database server on the back end (DB2 or SQL) should have redundancy otherwise you have a single point of failure. If the database becomes unavailable for any reason, users will not have any service.
Also the database gets created with a full text index by default. They
should maintain the database as they would any other SQL or DB2
database.
We no longer use the /servlet/traveler path to get to the servlet. It
is now moved to /traveler. Also we don't use the Domino Web Engine for a
servlet engine, its some kind of osgi servlet engine outside of Domino.
If you are going to use a MDM provider or LMC for clientless authentication, be sure to use Verisign 3rd party SSL certificates. Otherwise the mobile devices won't have the certificates on them.
Apple devices when used with a VPN will not receive notifications when they get new mail/calendar items. This is a limitation of the Apple protocols that we use. A clientless solution like LMC or MDM (such as Mobile Iron) will workaround this limitation.
Encrypted emails cannot be read from Traveler. You will need to use the Traveler Companion app for that. Users will get a message saying that their message is encrypted and they have to read it from Notes, iNotes or the Traveler Companion app.
You should tune the servers like you would in the Traveler Performance cookbook. http://www-10.lotus.com/ldd/dominowiki.nsf/dx/Tuning_performance_of_the_server_LNT853The High Availability version of Traveler uses a shared relational database on the backend. Previous versions of Traveler had their own Derby database on each individual server. You can still run standalone Traveler servers in that fashion, but they aren't considered high availability.
When you set up a Traveler HA server, one of the steps is to create the database manually - basically a blank shell. Then you run a script that sets the schema and adds a FTI, etc..
Once that step is done, you then just connect each Traveler pool member to the same database backend.
If you are using SQL server as the backend, you need to apply an important update http://www-01.ibm.com/support/docview.wss?uid=swg24019529 which is available on Fix Central.
just added some more resources:
Release Listing: http://www.lotus.com/ldd/dominowiki.nsf/dx/Lotus_Notes_Traveler_APAR_listingCaution with HTC devices and Complex Passwords: http://www.ibm.com/support/docview.wss?uid=swg21597728
Skills Transfer Slides and Recorded Session: https://w3-connections.ibm.com/communities/service/html/communityview?communityUuid=6cdeca04-36b9-441b-a27a-a82c1eb05a4a
