Integrating Exchange Server or IBM Notes Traveler Server 编辑

January 25, 2019 Contributed by:  C K

To keep Secure Mail in sync with your mail servers, integrate Secure Mail with an Exchange Server or IBM Notes Traveler Server that resides in your internal network or is behind Citrix Gateway.

Important:

You cannot sync mail from Secure Mail with IBM Notes Traveler (formerly IBM Lotus Notes Traveler). This Lotus Notes third-party capability is not currently supported. As a result, for example, when you delete a meeting mail from Secure Mail, the mail is not deleted on the IBM Notes Traveler server. [CXM-47936]To learn about known limitations with IBM/Lotus Notes, see this Citrix blog post
.

Syncing is also available for Secure Notes and Secure Tasks. Note, however, that Secure Notes and Secure Tasks reached End of Life (EOL) status on December 31, 2018. For details, see EOL and deprecated apps
.

  • To sync Secure Notes for iOS, integrate it with an Exchange Server.
  • To sync Secure Notes and Secure Tasks for Android, use the Secure Mail for Android account.

When you add Secure Mail, Secure Notes, and Secure Tasks to Citrix Endpoint Management (formerly, XenMobile), configure the MDX policies as mentioned in MDX app policies for the background services configuration
.

Note:

Secure Mail for Android and iOS support the full path specified for a Notes Traveler Server. For example: https://mail.example.com/traveler/Microsoft-Server-ActiveSync.

It is no longer necessary to configure your Domino Directory with web site substitution rules for the Traveler Server.


Configuring IBM Notes Traveler Server for Secure Mail

In IBM Notes environments, you must configure the IBM Notes Traveler server before you deploy Secure Mail. This section shows a deployment illustration of this configuration as well as system requirements.

Important:

If your Notes Traveler Server uses SSL 3.0, be aware that SSL 3.0 contains a vulnerability called the Padding Oracle On Downgraded Legacy Encryption (POODLE) attack, which is a man-in-the-middle attack affecting any app that connects to a server using SSL 3.0. To address the vulnerabilities introduced by the POODLE attack, Secure Mail disables SSL 3.0 connections by default and uses TLS 1.0 to connect to the server. As a result, Secure Mail cannot connect to a Notes Traveler Server that uses SSL 3.0. For details on a recommended workaround, see the Configuring SSL/TLS Security Level section in Integrating Exchange Server or IBM Notes Traveler Server
.

In IBM Notes environments, you must configure the IBM Notes Traveler server before deploying Secure Mail.

The following diagram shows the network placement of IBM Notes Traveler servers and an IBM Domino mail server in a sample deployment.

Image of IBM Notes Traveler servers and IBM Domino mail server deployment with XenMobile


System requirements

Infrastructure server requirements

  • IBM Domino Mail Server 9.0.1
  • IBM Notes Traveler 9.0.1

Authentication protocols

  • Domino Database
  • Lotus Notes Authentication Protocol
  • Lightweight Directory Authentication Protocol

Port requirements

  • Exchange: Default SSL port is 443.
  • IBM Notes: SSL is supported on port 443. Non-SSL is supported, by default, on port 80.


Configuring SSL/TLS security level

Citrix made modifications to Secure Mail to address vulnerabilities introduced by the POODLE attack, as described in the preceding Important note. If your Notes Traveler Server uses SSL 3.0, therefore, to enable connections, the recommended workaround is to use TLS 1.2 on the IBM Notes Traveler Server 9.0.

IBM has a patch to prevent the use of SSL 3.0 in Notes Traveler secure server-to-server communication. The patch, released in November 2014, is included as interim fix updates for the following Notes Traveler server versions: 9.0.1 IF7, 9.0.0.1 IF8 and 8.5.3 Upgrade Pack 2 IF8 (and will be included in all future releases). For details about the patch, see LO82423: DISABLE SSLV3 FOR TRAVELER SERVER TO SERVER COMMUNICATION
.

As an alternative workaround, when you add Secure Mail to Endpoint Management, change the Connection security level policy to SSLv3 and TLS. For the latest information about this issue, see SSLv3 Connections Disabled by Default on Secure Mail 10.0.3
.

The following tables indicate the protocols that Secure Mail supports, by operating system, based on the Connection security level policy value. Your mail server must also be able to negotiate the protocol.

The following table shows supported protocols for Secure Mail when the connection security level is SSLv3 and TLS.

Operating system typeSSLv3TLS
iOS 9 and laterNoYes
Earlier than Android MYesYes
Android M and Android NYesYes
Android ONoYes

The following table shows supported protocols for Secure Mail when the connection security level is TLS.

Operating system typeSSLv3TLS
iOS 9 and laterNoYes
Earlier than Android MNoYes
Android M and Android NNoYes
Android ONoYes


Configuring Notes Traveler Server

The following information corresponds to the configuration pages in the IBM Domino Administrator client.

  • Security: Internet authentication is set to Fewer name variations with higher security. This setting is used to map UID to AD User ID in LDAP authentication protocols.
  • NOTES.INI Settings: Add NTS_AS_ENFORCE_POLICY=false. This allows Secure Mail policies to be managed by Endpoint Management rather than Traveler. This setting may conflict with current customer deployments, but will simplify the management of the device in Endpoint Management deployments.
  • Synchronization protocols: SyncML on IBM Notes and mobile device synchronization are not supported by Secure Mail at this time. Secure Mail synchronizes Mail, Calendar and Contacts items through the Microsoft ActiveSync protocol built into Traveler servers. If SyncML is forced as the primary protocol, Secure Mail cannot connect back through the Traveler infrastructure.
  • Domino Directory Configuration - Web Internet Sites: Override Session Authentication for /traveler to disable form-based authentication.

如果你对这篇内容有疑问,欢迎到本站社区发帖提问 参与讨论,获取更多帮助,或者扫码二维码加入 Web 技术交流群。

扫码二维码加入Web技术交流群

发布评论

需要 登录 才能够评论, 你可以免费 注册 一个本站的账号。
列表为空,暂无数据

词条统计

浏览:60 次

字数:8819

最后编辑:7 年前

编辑次数:0 次

    我们使用 Cookies 和其他技术来定制您的体验包括您的登录状态等。通过阅读我们的 隐私政策 了解更多相关信息。 单击 接受 或继续使用网站,即表示您同意使用 Cookies 和您的相关数据。
    原文