You can add static routes to NIC cards on the iSeries to bind IP addresses 
to any give NIC. 
You can then Bind Domino HTTP to that IP address. 

As far as security, you need to make sure your Domino HTTP is locked down 
properly.



Sean

http://www.bedbathandbeyond.com



domino400-request@xxxxxxxxxxxx 
Sent by: domino400-bounces+seanmurphy=bedbath.com@xxxxxxxxxxxx
05/18/2005 01:00 PM
Please respond to
domino400@xxxxxxxxxxxx


To
domino400@xxxxxxxxxxxx
cc

Subject
Domino400 Digest, Vol 3, Issue 112






Send Domino400 mailing list submissions to
                 domino400@xxxxxxxxxxxx

To subscribe or unsubscribe via the World Wide Web, visit
                 http://lists.midrange.com/mailman/listinfo/domino400
or, via email, send a message with subject or body 'help' to
                 domino400-request@xxxxxxxxxxxx

You can reach the person managing the list at
                 domino400-owner@xxxxxxxxxxxx

When replying, please edit your Subject line so it is more specific
than "Re: Contents of Domino400 digest..."


Today's Topics:

   1. iSeries in the DMZ? (gregg.eldred@xxxxxxxxxxx)
   2. Re: iSeries in the DMZ? (Robert Laing)
   3. Re: iSeries in the DMZ? (gregg.eldred@xxxxxxxxxxx)
   4. Re: iSeries in the DMZ? (rob@xxxxxxxxx)
   5. Re: iSeries in the DMZ? (Patrick Trapp)
   6. Re: iSeries in the DMZ? (Eric J Waters)


----------------------------------------------------------------------

message: 1
date: Wed, 18 May 2005 11:08:17 -0400
from: gregg.eldred@xxxxxxxxxxx
subject: iSeries in the DMZ?

Interesting topic came up today. Back in the day, a client ran Domino on 
the 400, but then "things changed" and we moved it to several Windows 
servers. Now, we are looking at moving our iNotes users to an iSeries and 
kill off the remote, Windows-based iNotes server. However, since these 
users will be strictly iNotes, and they are coming in from the internet, 
do you have some suggestions as to how I can architect this so that, 
maybe, one partition is in the DMZ and the others are inside the firewall? 

Is this possible? I worry less that OS/400 will get hacked, but I want to 
minimize this as well. You know that it would help if I am doing something 

that has already been done. The iSeries that we are looking at is one in 
the 520/550 line. I am thinking that all I really need is a high level 
view at this point, a "proof of concept," if you will.

Thanks.

Gregg


------------------------------

message: 2
date: Wed, 18 May 2005 11:33:35 -0400
from: Robert Laing <rlaing@xxxxxxxxx>
subject: Re: iSeries in the DMZ?

   Would using multiple NIC's in the iSeries provide the necessary sec 
urity ?  For example one NIC visable to the outside world, the ot   only 
visible to the inside world ?

   Bob

   Interesting topic came up today. Back in the day, a client ran D   the 
400, but then "things changed" and we moved it to    servers. Now, we are 
looking at moving our iNot   and
   kill off the remote, Windows-based i   users will be strictly iNote do 
you have some s   maybe, one p   firewall?
      to<B   something
   that has already been done. The iSeries that we are    the 520/550 
line. I am thinking that all I   view at this point, a "proof of co
   Thanks.

   Gregg
      ________________________<BR   >This is the Lotus Domino on the 
iSeries / AS400 (Domino400) maili   list
   To post a message email: Domino400@xxxxxxxxxxxx
   </TT   visit:    or email: Domino   Before posting, please take a 
moment t   at http://archive.midrange.com/domino400.

 

------------------------------

message: 3
date: Wed, 18 May 2005 11:37:54 -0400
from: gregg.eldred@xxxxxxxxxxx
subject: Re: iSeries in the DMZ?

domino400-bounces+gregg.eldred=ns-tech.com@xxxxxxxxxxxx wrote on 
05/18/2005 11:33:35 AM:

>    Would using multiple NIC's in the iSeries provide the necessary 
> security ?  For example one NIC visable to the outside world, the
> other NIC only visible to the inside world ?
> 
>    Bob
> 
Bob:

Excellent idea! I was thinking only of the Domino portion and didn't see 
the forest for the trees. That sounds really good.

Thanks.

Gregg


------------------------------

message: 4
date: Wed, 18 May 2005 10:54:08 -0500
from: rob@xxxxxxxxx
subject: Re: iSeries in the DMZ?

1 - Not sure if the NIC solution would work.  Don't you have to ADDTCPIFC 
the new nic anyway, and if so, wouldn't that open it up to the 400?
2 - We have a 570.  It has multiple lpars.  One of these is in the DMZ and 

supports our domino based http://www.dekko.com.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





gregg.eldred@xxxxxxxxxxx 
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
05/18/2005 10:37 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>


To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc

Subject
Re: iSeries in the DMZ?






domino400-bounces+gregg.eldred=ns-tech.com@xxxxxxxxxxxx wrote on 
05/18/2005 11:33:35 AM:

>    Would using multiple NIC's in the iSeries provide the necessary 
> security ?  For example one NIC visable to the outside world, the
> other NIC only visible to the inside world ?
> 
>    Bob
> 
Bob:

Excellent idea! I was thinking only of the Domino portion and didn't see 
the forest for the trees. That sounds really good.

Thanks.

Gregg
_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.




------------------------------

message: 5
date: Wed, 18 May 2005 11:01:54 -0500
from: "Patrick Trapp" <ptrapp@xxxxxxxxxxxx>
subject: Re: iSeries in the DMZ?

I'm thinking that the LPAR route is what you would have to do to keep the 
servers distinct.  You can have the server available inside the DMZ and 
inside the firewall with the multiple NICs, but I'm not sure how secure 
you can make it if you are just putting multiple NICs on the same server 
instance.

There used to be a redbook out there that discussed this type of stuff, 
but it's been years since I needed to see it, so I'm sure it's way out of 
date.  Might still be of use to you...

Patrick




rob@xxxxxxxxx 
Sent by: domino400-bounces+ptrapp=nex-tech.com@xxxxxxxxxxxx
05/18/2005 10:54 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>


To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc

Subject
Re: iSeries in the DMZ?






1 - Not sure if the NIC solution would work.  Don't you have to ADDTCPIFC 
the new nic anyway, and if so, wouldn't that open it up to the 400?
2 - We have a 570.  It has multiple lpars.  One of these is in the DMZ and 


supports our domino based http://www.dekko.com.

Rob Berendt
-- 
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





gregg.eldred@xxxxxxxxxxx 
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
05/18/2005 10:37 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>


To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc

Subject
Re: iSeries in the DMZ?






domino400-bounces+gregg.eldred=ns-tech.com@xxxxxxxxxxxx wrote on 
05/18/2005 11:33:35 AM:

>    Would using multiple NIC's in the iSeries provide the necessary 
> security ?  For example one NIC visable to the outside world, the
> other NIC only visible to the inside world ?
> 
>    Bob
> 
Bob:

Excellent idea! I was thinking only of the Domino portion and didn't see 
the forest for the trees. That sounds really good.

Thanks.

Gregg
_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.


_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.




------------------------------

message: 6
date: Wed, 18 May 2005 12:46:04 -0400
from: Eric J Waters <ewaters2@xxxxxxx>
subject: Re: iSeries in the DMZ?





I agree with this option and move to a configuration NAB so that your
address book in the DMZ does not have any person docs or groups in it.
Domino will still authenticate and use the groups for mailings when you
setup the central directory structure for this server(s).

Regards,
Eric Waters


--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------

This is a PRIVATE message. If you are not the intended recipient, please
delete without copying and kindly advise us by e-mail of the mistake in
delivery. NOTE: Regardless of content, this e-mail shall not operate to
bind CSC to any order or other contract unless pursuant to explicit 
written
agreement or government initiative expressly permitting the use of e-mail
for such purpose.
--------------------------------------------------------------------------------------------------------------------------------------------------------------------------------




 
             rob@xxxxxxxxx 
             Sent by: 
             domino400-bounces                                          To 

             +ewaters2=csc.com         Lotus Domino on the iSeries / AS400 

             @midrange.com             <domino400@xxxxxxxxxxxx> 
                                                                        cc 

 
             05/18/2005 11:54                                      Subject 

             AM                        Re: iSeries in the DMZ? 
 
 
             Please respond to 
              Lotus Domino on 
               the iSeries / 
                   AS400 
             <domino400@midran 
                  ge.com> 
 
 




1 - Not sure if the NIC solution would work.  Don't you have to ADDTCPIFC
the new nic anyway, and if so, wouldn't that open it up to the 400?
2 - We have a 570.  It has multiple lpars.  One of these is in the DMZ and
supports our domino based http://www.dekko.com.

Rob Berendt
--
Group Dekko Services, LLC
Dept 01.073
PO Box 2000
Dock 108
6928N 400E
Kendallville, IN 46755
http://www.dekko.com





gregg.eldred@xxxxxxxxxxx
Sent by: domino400-bounces+rob=dekko.com@xxxxxxxxxxxx
05/18/2005 10:37 AM
Please respond to
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>


To
Lotus Domino on the iSeries / AS400 <domino400@xxxxxxxxxxxx>
cc

Subject
Re: iSeries in the DMZ?






domino400-bounces+gregg.eldred=ns-tech.com@xxxxxxxxxxxx wrote on
05/18/2005 11:33:35 AM:

>    Would using multiple NIC's in the iSeries provide the necessary
> security ?  For example one NIC visable to the outside world, the
> other NIC only visible to the inside world ?
>
>    Bob
>
Bob:

Excellent idea! I was thinking only of the Domino portion and didn't see
the forest for the trees. That sounds really good.

Thanks.

Gregg
_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.


_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) mailing list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.





------------------------------

_______________________________________________
This is the Lotus Domino on the iSeries / AS400 (Domino400) digest list
To post a message email: Domino400@xxxxxxxxxxxx
To subscribe, unsubscribe, or change list options,
visit: http://lists.midrange.com/mailman/listinfo/domino400
or email: Domino400-request@xxxxxxxxxxxx
Before posting, please take a moment to review the archives
at http://archive.midrange.com/domino400.



End of Domino400 Digest, Vol 3, Issue 112
*****************************************


As an Amazon Associate we earn from qualifying purchases.

This thread ...

Follow-Ups:

Follow On AppleNews
Return to Archive home page | Return to MIDRANGE.COM home page

This mailing list archive is Copyright 1997-2024 by midrange.com and David Gibbs as a compilation work. Use of the archive is restricted to research of a business or technical nature. Any other uses are prohibited. Full details are available on our policy page. If you have questions about this, please contact [javascript protected email address].

Operating expenses for this site are earned using the Amazon Associate program and Google Adsense.