Physically securing servers and databases is just as important as preventing unauthorized user and server access. Therefore, locate all Domino® servers in a ventilated, secure area, such as a locked room. If servers are not secure, unauthorized users might circumvent security features -- for example, ACL settings -- access applications on the server, use the operating system to copy or delete files, and physically damage the server hardware itself.

About this task

To ensure maximum physical security for servers, do one or more of the following:

• Use the server without a mouse, and keep the keyboard locked.
• Password-protect the server ID. If an ID uses a password, you must manually restart the server rather than restart it automatically. To restart the server, you must know the server password.
• Use the Set Secure command to password-protect the console and restrict what can be done while the server is running.
• Use the Local Security option to encrypt databases on the server with the server ID. Then people at the server can access databases only if they have access to the server ID that was used to encrypt the databases.
• Use operating system features to secure data files and lock keyboard access. For more information, see your operating system documentation.

Securing the server console with a Smartcard

About this task

Notes users can use a Smartcard with their User ID to log in to Notes. Smartcard use requires the installation of a Smartcard reader on the user's computer, along with the Smartcard software and drivers. The advantage of using a Smartcard with Notes is that the Smartcard locks User ID. Logging into Notes with a Smartcard requires the Smartcard, the User ID, and the user's Smartcard PIN.

Administrators can take advantage of Smartcard security to physically secure the Domino server console. In this case the administrator would be locking the Server ID with the Smartcard. Before you begin complete the following tasks:

• Have the Domino server workstation on, but do not launch the Domino server software.
• Modify the Domino server's NOTES.INI file to include a variable, PKCS11_Library=, that points to the Smartcard PKCS#11 file. This file will be loaded during Smartcard installation. For example:

  PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards and Terminals\Common Files\slbck.dll

CAUTION: If you do not modify the server's NOTES.INI file to include the PKCS11_Library variable, when you try to launch the Domino server, it will shut down and return a Login aborted by user error.

Procedure

1. On the Domino server workstation, install a Smartcard reader and Smartcard driver files.

2. On a Notes client workstation, install a Smartcard reader and the same Smartcard driver files as you installed on the Domino server. This workstation will be used to configure the Smartcard for the server.

3. Copy the SERVER.ID from the Domino server onto a memory device. Insert the device into the Notes workstation.

4. Launch the Notes client with a User ID from the domain for which the server has a certificate.

5. Place the Smartcard designated for the server into the card reader of the Notes client. If required, enter the Smartcard PIN.

6. Click File -> Security -> Switch ID to switch to the copy of the SERVER.ID file.

7. Do the following to enable the SERVER.ID file for the associated Smartcard

a. Click File -> Security -> User Security, and enter the password for the SERVER.ID.

b. Click Smartcard Options.

c. Click Enable Smartcard Login.

d. Enter password (if needed) and the Smartcard PIN. After approximately 10 to 15 seconds, the Smartcard will be configured for the SERVER.ID file.

9. Place the Smartcard in the Domino server card reader, and launch Domino.

10. At the server command console, enter the Smartcard PIN when prompted and Domino will launch.

Related reference
Set Secure

Help on Help

All Help Contents

Help on Help