Beruflich Dokumente
Kultur Dokumente
Distributing Notes
Clients Automatically
Creating customized Notes installation
packages
Tommi Tulisalo
Ted Dziekanowski
Ben Morris
Kurt Nielsen
Carol Sumner
ibm.com/redbooks Redpaper
International Technical Support Organization
July 2003
Note: Before using this information and the product it supports, read the information in
Notices on page v.
Notices . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . v
Trademarks . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . vi
This information was developed for products and services offered in the U.S.A.
IBM may not offer the products, services, or features discussed in this document in other countries. Consult
your local IBM representative for information on the products and services currently available in your area.
Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM
product, program, or service may be used. Any functionally equivalent product, program, or service that
does not infringe any IBM intellectual property right may be used instead. However, it is the user's
responsibility to evaluate and verify the operation of any non-IBM product, program, or service.
IBM may have patents or pending patent applications covering subject matter described in this document.
The furnishing of this document does not give you any license to these patents. You can send license
inquiries, in writing, to:
IBM Director of Licensing, IBM Corporation, North Castle Drive Armonk, NY 10504-1785 U.S.A.
The following paragraph does not apply to the United Kingdom or any other country where such provisions
are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES
THIS PUBLICATION "AS IS" WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED,
INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT,
MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer
of express or implied warranties in certain transactions, therefore, this statement may not apply to you.
This information could include technical inaccuracies or typographical errors. Changes are periodically made
to the information herein; these changes will be incorporated in new editions of the publication. IBM may
make improvements and/or changes in the product(s) and/or the program(s) described in this publication at
any time without notice.
Any references in this information to non-IBM Web sites are provided for convenience only and do not in any
manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the
materials for this IBM product and use of those Web sites is at your own risk.
IBM may use or distribute any of the information you supply in any way it believes appropriate without
incurring any obligation to you.
Information concerning non-IBM products was obtained from the suppliers of those products, their published
announcements or other publicly available sources. IBM has not tested those products and cannot confirm
the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on
the capabilities of non-IBM products should be addressed to the suppliers of those products.
This information contains examples of data and reports used in daily business operations. To illustrate them
as completely as possible, the examples include the names of individuals, companies, brands, and products.
All of these names are fictitious and any similarity to the names and addresses used by an actual business
enterprise is entirely coincidental.
COPYRIGHT LICENSE:
This information contains sample application programs in source language, which illustrates programming
techniques on various operating platforms. You may copy, modify, and distribute these sample programs in
any form without payment to IBM, for the purposes of developing, using, marketing or distributing application
programs conforming to the application programming interface for the operating platform for which the
sample programs are written. These examples have not been thoroughly tested under all conditions. IBM,
therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. You may copy,
modify, and distribute these sample programs in any form without payment to IBM for the purposes of
developing, using, marketing, or distributing application programs conforming to IBM's application
programming interfaces.
Intel, Intel Inside (logos), MMX, and Pentium are trademarks of Intel Corporation in the United States, other
countries, or both.
Microsoft, Windows, Windows NT, and the Windows logo are trademarks of Microsoft Corporation in the
United States, other countries, or both.
Java and all Java-based trademarks and logos are trademarks or registered trademarks of Sun
Microsystems, Inc. in the United States, other countries, or both.
UNIX is a registered trademark of The Open Group in the United States and other countries.
SET, SET Secure Electronic Transaction, and the SET Logo are trademarks owned by SET Secure
Electronic Transaction LLC.
Other company, product, and service names may be trademarks or service marks of others.
This IBM Redpaper describes how to distribute Notes clients automatically. The
paper is not a complete guide on Notes client deployment, rather it is a collection
of information about some of the different technologies that can be used for
deploying Notes clients automatically. The basic idea behind automated software
distribution is to make installing multiple clients more efficient.
The final chapter describes how to use Active Directory for deploying Notes
clients.
Another option, not covered in this Redpaper, is to use one of the software
products is are architected for distributing any software to the workstation. Some
of the most used tools include IBM Tivoli Configuration Manager, Microsoft
SMS, and ZenWorks.
Carol Sumner is an Advisory IT Specialist working for IBM Software Services for
Lotus. She has 11 years of IT experience, including six years of specialization in
messaging systems implementation, administration, and migrations. She
received a BA from the University of Iowa, and holds a Master of Divinity degree
from Texas Christian University.
Your efforts will help increase product acceptance and customer satisfaction. As
a bonus, you'll develop a network of contacts in IBM development labs, and
increase your productivity and marketability.
Find out more about the residency program, browse the residency index, and
apply online at:
ibm.com/redbooks/residencies.html
Comments welcome
Your comments are important to us!
Preface ix
x Distributing Notes Clients Automatically
1
The InstallShield Tuner for Lotus Notes provides administrators with a graphical
and easy-to-use method of modifying the default install options of the new
installer in Notes 6. This allows administrators much more flexibility in their
options and enhances control over what an end user can and cannot do or see
when installing the program.
Initial setup
To set up the install:
1. Begin by installing the InstallShield Tuner for Lotus Notes from your Lotus
Notes CD. After the install is complete, start the Tuner from your Lotus
Applications program directory. You will immediately be prompted for a Tuner
Configuration (.ITW) file. Select the lotusnotes.itw file from the x:\apps
directory (where x is the location of your Notes install files) and click Open.
2. The first screen you are presented with is the InstallShield Today welcome
screen. Select Create a new transform file in the second pane.
3. In the Base Windows Installer Package section of the third pane, click the
Browse button and navigate to the x:\allclient directory on the Notes CD.
Select the Lotus Notes 6.msi file, and click Open.
4. Create the transform file.
In the Windows Installer Transforms section, specify the location and name of
the install modification (.MST) file. This is the file that stores all of the
modifications, and must be included in the install package that will be
distributed to the users when they run the install.
a. Browse to the directory to which you wish to save the .MST file, type a
name, and click Save.
b. Registry
Any registry changes you wish to make can be made in a similar way
through the Registry tab in step 3. However, since Notes adds very little to
the registry, this step can be skipped in most cases.
c. Shortcuts/Folders
The Shortcuts/Folders tab is used to control which shortcuts you wish to
have installed on the users OS desktop and Start menu. To remove a
particular shortcut, highlight it and press Delete.
d. Notes.ini file changes
If there are any preferences stored in the notes.ini that you would like to
specify for all users, do so by clicking the IniFiles tab.
e. The NT Services and ODBC Resources tabs should be skipped in most
cases.
Other options
If you would like to modify the options available to the users from the
Add/Remove programs list in the Windows control panel (such as
disabling their ability to uninstall the software), select Add/Remove
Programs Setting, and select Yes for Disable Modify Button, Disable
iv. The SMS tab is for companies that have deployed Microsoft Systems
Management within their organization. To create the necessary files to
use SMS with Notes 6, select the appropriate options (depending on
the version of SMS), and the necessary .pdf and .mif files will be
created.
3. Click Save on the toolbar one more time and close Tuner.
The package is now ready to be distributed to your users. They will run the install
with the setup.exe included with the package. If you ever need to make changes
to the package, simply start Tuner and choose Open an existing transform file
from the menu. Note: Once you have made changes to a transform file you must
save the .mst and then repackage the install by selecting Package from the
project menu.
One of the major obstacles in deploying new clients is actually not installing the
clients, but managing the process. Wolcott Systems Group seems to have taken
this approach on their deployment tool and wrapped it in management tools. The
ADT provides functionality for maintaining a complete Notes deployment process
from a centralized location, and automating other key processes during the
deployment, upgrade, or migration porcess.
The tool is built in a way that makes management easy. Services not required, or
not needed at the moment, can simply be turned off or have their order changes
by the administrator. If required, it is actually possibly to add further steps to the
framework using the workflow framework provided.
The design
The ADT is designed as a open and customizable framework. In this way,
flexibility is added and specific tailoring is easier to do. Many of the
customizations can be made without programming. The design of the database
is open and allows easy integration of customer-specific processes.
Additional features:
Notes Mover component: Allows administrators to automatically relocate
Notes to a standard location on the users workstation prior to launching the
Lotus Notes client installation.
Setting up of the workstation via LotusScript code that is executed at the
conclusion of the client installation, allowing administrators to add database
icons, create local replicas and update replicator page entries, modify location
documents, and many other client configuration tasks.
Deployment of custom names.nsf and notes.ini.
Integrated data migration components providing integration with standard tool
providers like Lotus and BinaryTree.
Automating upgrade of users mailfile using a standard or customized
template.
Server consolidation component.
2.2 Installation
Be sure that your environment meets the requirements, which for the Notes 6,
Domino 6, and ADT V2.1, include the following.
Note: ADT includes an application for testing the SMTP connection, SMTP
Tester; refer to the SMTP Tester documentation for additional information.
Since ADT uses several 32-bit Windows applications during processing, the
server running ADT must be running on a 32-bit Windows server (Windows NT,
2000, or XP).
It is possible to use a standard desktop system for running ADT. What you have
to do is install Windows and Domino on the server and it is ready for the ADT
installation.
Note: A version of the ADT server that supports the Sun Solaris operating
system is available; please contact Wolcott Systems Group to obtain further
information.
Several of the ADT process steps require messages to be delivered back to the
ADT database so agents can update the users status. As part of the product
installation, you will have to create a mail-in database document in the Domino
Directory. Before the installation begins, administrators should review corporate
naming standards to determine the mail-in database name that will be used for
ADT. We recommended using the name ADT for the process, but local Notes
administration standards may dictate a different naming convention.
Once the mail-in database document has been created, you should test mailing
documents into the database from Lotus Notes mail and Internet (SMTP) mail.
ADT Administrators Used to define the list of users who will have manager rights to
the ADT database and the processes within. This group is
usually assigned to the [Admin] role in the ADT database.
ADT Editors Defines the list of users who will have the ability to modify
documents in the ADT database. This includes the ability to
update the status of user documents in the ADT database.
Remember that after adding new groups, the Domino Server needs a restart (this
is not the case when users are added). Go to the server console and type
Restart Sever to make your changes take effect.
Note: If you do not have an easy mechanism for setting the HTTP password
for users in your Domino Directory, ADT includes an agent that will perform
this function for you. Refer to the ADT Operations Guide for additional
information on this.
In the Lotus Domino Server data folder on your ADT server (\lotus\domino\data\
by default), create a folder called ADT. Copy the installation CDs Bin folder to
the ADT folder you just created. Be sure to remove the Read-Only attribute on all
of the files you copied.
The ADT will support multiple address book configurations. A setting on the User
Option document in ADT contains a setting that allows you to specify the file
name for the personal address book template you wish to be used for all users
assigned to the User Option.
ADT will support only one Lotus Notes client configuration file (notes.ini) for all
users processed by this instance of ADT.
Note: If you did not remove the Read-Only attributes on the templates after
you copied them to the ADT server, you will receive errors when you try to
access the templates from the Administrator client.
Now add the ADT Administrators group and insert the persons or groups who
are supposed to be using this tool. After adding new groups, the Domino Server
needs a restart for the group changes to take effect. When convenient, go to the
server console and type Restart Server. When the server is ready, you are
ready to make the final changes to the ADT templates.
Open the ADT Database Template on the ADT server from the Lotus Domino
Designer client. Open the Agents section of the database design, and for each
scheduled agent there will be a comment listed below the agents name. Open
the agent and change the schedule option as indicated in the table below. Be
carefull, there are many angents to handle.
As part of the agent execution strategy, you may want to adjust the times at
which the agents run, to support your specific requirements.
Create the ADT Agent Log database from the standard Agent Log template.
Again make sure you turn on the Show advanced templates option. Put the
ADT Log database in the ADT folder.
Update the ADT and ADT Log database ACLs with the appropriate settings for
your organization.
Enable the [Admin] role for any users or groups who will require access to the
Configuration Profile or the ability to run agents in the ADT database. The
[Admin] role controls access to the Admin action and the Execute Tasks option
on the ADT navigator.
Note: If you did not create the standard ADT groups in your Domino Directory,
you may need to modify the ACL in the templates so you can access them
from your workstation.
To set up the mail-in database configuration, you will need to add a Mail-in
Database document in your organizations Domino Directory.
When you are sure your changes have replicated, send a test message into the
ADT database from a Lotus Notes mail client. The message will appear in the
Process Inbox under the Monitoring option on the ADT database, as shown
below. Test the mail routing to the ADT database and delete the test message
from the process inbox.
Note: Later in the process, when you are configuring ADT, you will populate
the SMTP settings for ADT and will use the SMTP Tester program to test
inbound message routing to ADT from an SMTP mail client.
Note: This is only required if you are performing a Lotus Notes client
deployment or migration and have turned on the User ID Generation option
within ADT.
Note: Be sure to remove the Read-Only attributes on these files once you
have copied them. This will eliminate any problems encountered when you
attempt to update these files later.
2.3 Configuration
The ADT tool has been designed in a way so that you should not have to modify
the design of ADT in order to make ADT work in your environment. Most of the
configuration options are maintained in documents in a Domino database rather
than being hard-coded.
The two major components of the ADT configuration are: Lotus Notes client
installation configuration and ADT database configuration. The remaining
This topic has been described very thoroughly in the actual ADT Configuration
Guide, please consult this for further information.
Capturing the Replica ID of a database for cut and paste is unfortunately not as
simple as it seems, as it cannot be selected within the normally accessed
screens.
One way to get the Replica ID is by opening the Notes client, selecting the
database on the workspace, and choosing File -> Database -> Design
Synopsis. On the screen that appears select Choose DB Info, chekc the box
Replication, and click OK. This will give you a page similar to the one you see
below.
With the new policies feature of Domino you can configure different desktops for
different groups of users as well. Creating a complete desktop with no one
touching the machine represents a real reduction the total cost of ownership.
To make this work for everyone, clients will need Windows 2000 or higher on
their desktops, and Active Directory needs to be deployed as well. Your
administrators will need to understand Group Policies thoroughly. Do not
underestimate the complexity of this project. It can take a company many months
to get it right. However, in these days of tight IT budgets, savings on support calls
and desktop reconfiguration represent a real savings. So if you are migrating to
Active Directory anyway, take the time and leverage Dominos new desktop
management features. You will not regret it.
The following is a table that compares some Active Directory features and tools
to their Domino counterparts.
First some assumptions: All of the machines at the branch office are Windows
2000 or better and have sufficient space for the Notes client. We have a file
server and have placed a version of the Notes client software distribution files,
configured the way we want, on a share point that all clients can get to. This
share has at least read as a permission for authenticated users. Our
administrators have rights to create Group Policies in Active Directory and child
objects as well.
Because we want the Notes client on every machine (note in our scenario there
are no servers in this OU), we will create a policy at the branch office OU object.
You could create additional policies further down in the hierarchy if you want to.
The only penalties will be in additional logon time and complexity in resolving any
client issues.
2. The branch office object has a Group Policy tab that we will add a new Group
Policy to. When giving it a name be very careful to give it one that is unique to
the location and purpose. We are calling our Group Policy Branch Office.
Figure 3-5 The physical location of the group policies on a domain controller
3. Examining the properties page will show you some of the capabilities of
software deployment on a collection of computer objects in an OU. Selecting
categories allows you to organize what people will see when they go into the
control panel in Windows and use Add and Remove Software -> add New
Software.
Notice the ability to remove software deployed by a policy. Group policies have
immense power as far as controlling application deployment. We will next create
a software package for Notes.
1. When we create a package there are two ways of deploying it. We can install
it on every machine (Figure 3-10 on page 42) before the users log on or we
can install it after a user logs into a machine that does not have an application
and invokes a download by clicking an icon or file extension of an application
(Figure 3-11 on page 42).
2. The next step is to point to an MSI file for a software package. You should put
all of the software that will be downloaded by users in an OU on a server that
is close to them. For creating customized MSI files for Notes see Chapter 1,
Customizing client installations with transform files on page 1.
3. Open the properties for the package. The General tab contains the name and
and other general information for the package.
4. Notice all of the information stored in the package. The property page also
gives you the ability to uninstall the application if you wish (Figure 3-14), and
add install shield msi files to the package as well (Figure 3-15 on page 44).
6. After you have deployed an application, you can return to the package and
either remove it or redeploy it, if you made significant changes to it.
Figure 3-17 You have the ability to change versions and remove applications
You can use the same exact steps to publish or assign an application for users. If
you publish an application end users will see the Notes client offered as a
software application available for install (Figure 3-22 on page 49). If the
3.2.1 Summary
With the new support for MSI files in the Notes 6 client, it is not only easy to
customize the installation package, but it is possible to use Active Directory to
deploy the software. Remember software deployment with Group Polices does
not deal with getting hardware or software inventories from clients. To get those
features you would need a fully featured software distribution program. The
technique of software distribution might be an ideal solution to those companies
that have Active Directory and want to use Domino and Notes but do not require
the full feature set of Tivoli or SMS. This technique can help bring down the cost
of deployment, a benefit worth working toward.
After you create the file, you would put it into the folder where the application
resides. Once in place you can create a software package for users that you can
publish. Figure 3-18 shows selecting a zap file located on the distribution
sharepoint.
Figure 3-18 Make sure under file type you select zap as the file type
You have the option of publishing or advance publishing. See the Microsoft
documentation for a further explanation of these options.
Since there might be several hundred packages to choose from, you might elect
to give your package a unique category. This is done under the machine
software installation (Figure 3-20).
Assuming a user has the rights to read about the software package, Figure 3-22
shows what he would see if the user had a Windows 2000 or higher client. Notice
some the information we placed into the ZAP file appears here.
Figure Figure 3-23 shows the different categories and software available to this
user.
Tip: For further information about creating ZAP files see Microsoft Knowledge
Base article 231747.
3.4 Summary
If you have Active Directory, Domino and Notes can take full advantage of it.
Software can be deployed and used in conjunction with Domino policies to fully
deploy your new Notes clients.
Creating customized This IBM Redpaper describes how to distribute Notes clients
Notes installation automatically. The paper is not a complete guide on Notes
INTERNATIONAL
packages client deployment, rather it is a collection of information about TECHNICAL
some of the different technologies that can be used for SUPPORT
Automated deploying Notes clients automatically. The basic idea behind ORGANIZATION
automated software distribution is to make installing multiple
Deployment Toolkit
clients more efficient.
described
We begin by explaining how to use InstallShield Tuner for BUILDING TECHNICAL
Using Active Lotus Notes to create customized Notes installation packages. INFORMATION BASED ON
Directory for client PRACTICAL EXPERIENCE
We guide the reader through the process of customizing an
distribution installation of Lotus Notes using that technology.
IBM Redbooks are developed by
We then describe how to use Automated Deployment Toolkit the IBM International Technical
(ADT), which is an automated, managed system for deploying, Support Organization. Experts
from IBM, Customers and
upgrading, or migrating an existing messaging system to
Partners from around the world
Notes R5 and Notes 6. create timely technical
information based on realistic
The final chapter describes how to use Active Directory for scenarios. Specific
deploying Notes clients. recommendations are provided
to help you implement IT
solutions more effectively in
your environment.