Preparing passthru servers

Install and set up at least one Domino® server to be used as a passthru server through which the service connects to servers in your on-premises hub domain.

About this task

  • To provide failover, install and set up two servers. If the service is unable to connect to one server, it tries the other. After the service is successful in connecting to one server, it continues to use it as long as it remains available. If a server becomes unavailable, the service attempts to connect to the other server, and if successful, then continues to use that server as long as it is available. The service does not use Domino cluster failover.
  • Passthru servers handle the transfer of network packets and do not perform mail routing or replication. As such, they do not require significant disk space or processing speed.
  • For security reasons, do not set up passthru servers in the on-premises hub domain that holds your directory synchronization servers and mail hub servers. Instead, install and set up the servers in a new unique Domino domain. The servers can be in separate unique domains.
  • For optimum security, configure your corporate firewalls so that connections to the passthru servers occur in your corporate demilitarized zone.
  • A passthru server must be certified under the same parent organization certifier as the following servers:
    • Directory synchronization servers in the on-premises hub domain
    • Mail hub servers in the on-premises hub domain
    • Your mail servers in the service
  • For the fastest response time for connections from the service, install Domino 8.5.2 or later servers. To optimize passthru server performance, Domino 8.5.2 provides the notes.ini setting passthru_connect_wait=1. This setting is useful for improving the response time when service users request the free time of on-premises users. The Domain Configuration tool enables this setting on the Domino 8.5.2 passthru servers for you.
  • Public key checking should not be enforced on the passthru servers. Public key checking, which is controlled through the Compare public keys field in the Security tab of the Server document, is disabled on Domino servers by default.

Procedure

  1. Install and set up at least one IBM® Domino server.
    • Set up the server as the first server in the domain.
    • During server setup, select the option I want to use an existing certifier ID file. Then certify the new server under the same organization certifier that is used to certify the directory synchronization servers and the mail hub servers in the on-premises hub domain. A certifier name is independent of a Domino domain name. In this case, the certifier name and the domain name are likely to be different.
    • For more information on installing and setting up servers, see the Domino documentation,
  2. If required, create LAN Connection documents that enable the passthru server to connect to the directory synchronization servers and mail hub servers in the on–premises hub domain. For more information, see the topic on creating LAN Connection documents in the Domino documentation.

What to do next

Test that each passthru server can resolve the host name of each directory synchronization server and mail hub server in the on-premises hub domain. If a passthru server cannot resolve a host name, verify that required Connection documents are in place. Also verify that your firewall rules allow the passthru server to access the servers.

Record the Domino hierarchical name, DNS host name (recommended) or IP address, and Domino domain name of each passthru server. You provide this information later when you configure the service.