migration to ibm smartcloud notes
TRANSCRIPT
-
1
Migration to IBM SmartCloud Notes Guidance on Migration Strategies and Tooling from On-Premises Mail Solution to SmartCloud Notes
December 2015
-
2
Table of Contents
PART 1 - INTRODUCTION 4
INTENDED AUDIENCE 4
PART 2 - HYBRID IMPLEMENTATION & CONFIGURATION 5
SMARTCLOUD NOTES HYBRID REFERENCE ARCHITECTURE 5 KEY VALUE PROPOSITIONS OF HYBRID CONFIGURATION 6 COMMON SMARTCLOUD NOTES HYBRID CONFIGURATION 7 SETTING UP THE HYBRID CONFIGURATION 12
PART 3 - HYBRID ACTIVATION & TESTING 16
SMARTCLOUD NOTES HYBRID ACCOUNT ACTIVATION 16 SMARTCLOUD NOTES HYBRID VALIDATION & TESTING 17 SMARTCLOUD NOTES ADMINISTRATION USER ACCOUNTS AND SYSTEM SETTINGS 18 PART 4 - USER/DATA TRANSITION & PROVISIONING OVERVIEW 22 ASSESSMENT, PLANNING & PREPARATION 22 PREPARING FOR USER/DATA TRANSITION 26 USER/DATA TRANSITION PROCESS 27
PART 5 - STAGING SERVER & FILEZILLA SETUP 34 ABOUT THE STAGING SERVER & TOOLS 34 CREATING & CONFIGURING OPT STEPS 35
PART 6 - CONFIGURING OTT DATABASE/SHELL SCRIPTS 36 CREATING & CONFIGURING OTT STEPS 36
PART 7 - REVIEWING OTT CONFIGURATION DOCUMENTS 37 STEP CONFIGURATION DOCUMENTS 37 TASK CONFIGURATION DOCUMENTS 39 MEMO CONFIGURATION DOCUMENTS 40
PART 8 - SCANNING, USER GROUPING & DATA CAPTURE 41 SCANNING THE EXISTING ENVIRONMENT 41 CREATING GROUPS & BATCHES OF USERS 42 CREATING THE IMPORT REQUEST 44 CAPTURING THE MAIL DATABASE REPLICAS 45
PART 9 - ENCRYPT, UPLOAD, IMPORT & PROVISION USERS 47 ENCRYPTING THE DATA FOR TRANSFER 47 UPLOADING THE ENCRYPTED DATA TO SMARTCLOUD NOTES 48 PREPARING UPLOADED DATA & PROVISIONING ACCOUNTS 49 PROVISIONING NEW USER ACCOUNTS 52
-
3
PART 10 - MAIL ONBOARDING MANAGER (MOM) 53 WHAT IS MOM? 53 MOM ARCHITECTURE 53 MOM CONSIDERATIONS 54 INSTALLATION & SETUP 54 DOWNLOAD MOM 62 LINK TO MOM DEMO 62
PART 11 - SMARTCLOUD UPGRADE FACTORY (SCUF) 63 WHY USE SCUF? 63 PRICING & HOW IT WORKS 64 CUSTOMER ROLES & RESPONSIBILTIES 65 PREREQUISITES 66
PART 12 - COMPARING MIGRATION OPTION & PROCESSES 67 WHEN TO USE SMARTCLOUD NOTES SERVICE-ONLY 67 WHEN TO USE SMARTCLOUD NOTES HYBRID 68 WHY USE OPT/OTT? 68 WHY USE MOM? 69 WHEN TO USE WHAT MIGRATION TOOL 69 MIGRATION PROCESS 71
-
4
Part 1 - Introduction With the emergence of Connections Cloud, companies are having renewed interest in evaluation of their messaging and social platforms. The ability to provide onboarding capabilities for companies to migrate to SmartCloud Notes is critical for technology adoption. This document will explore strategies for migration to SmartCloud Notes from an on premises mail solution exploring several options. It will provide guidance on the type of migration strategies customers should consider, how to assess, plan and prepare to before migrating, and specific capabilities required before and during migration. Topics such as implementing, configuring, activating, testing, transitioning, provisioning, staging, reviewing, scanning, grouping, encrypting, uploading, importing and comparing will be discussed.
Intended Audience We understand that information already exists but not in a single source document. It is designed to assist technical practitioners with the migration of mail from an on premises mail solution to SmartCloud Notes. The various methods and options can be evaluated and utilized by practitioners to create the best scenario for a customer. Each section of the document highlights important topics for migration. A solid understanding of the existing Domino cloud migrations and a fundamental Domino administration is key. The following highlights the intended audience:
Certified Practitioners - Technical practitioners who are certified to use the OPT/OTT, MOM and migration tooling for SmartCloud Notes should review this document. This can include Business Partners and Technical Services professionals.
Technical Sales Technical sales professionals who require a deep understanding of the steps to migrate customers wishing to move to SmartCloud Notes.
IBM Business Partners wishing to better understand the opportunity and process for migration of on premises mail to SmartCloud Notes.
Customers wishing to gain knowledge about all the available options in order to choose the best method for their situation.
-
5
Part 2 - Hybrid Implementation & Configuration
Below is a logical diagram that illustrates the main components of the SmartCloud Notes
service and their placement relative to various network zones.
Figure 1 - SmartCloud Notes "Hybrid" Reference Architecture
The diagram in Figure 1 is called the SmartCloud Notes Hybrid Reference
Architecture. It is a logical diagram that illustrates the main components of the
SmartCloud Notes service and their placement relative to various network zones.
The red zone at the top contains all clients, mobile devices, and servers (including
customer networks) that might want to connect to SCN. These are all items that SCN
service does not manage and exist outside of our external firewall.
The yellow zone is the traditional DMZ, through which only authenticated users and
clients can pass, so it includes the authentication services.
The green zone contains the servers that make up the SCN service. This includes SMTP
and NRPC routing servers, BES and Traveler servers for mobile device support. Users
are hosted on 5-node Domino clusters, with each user having a replica on 2 nodes in a
cluster. Clusters are horizontally scalable to increase capacity as necessary.
-
6
Directory services are provided by Tivoli Directory Server and a synchronization service
is provided to ensure that TDS and customer directory replicas remain consistent.
Import servers are used as a temporary storage for existing mail databases being migrated
into the service where they can be scanned for virus and prepared for provisioning.
Hybrid refers to a specific configuration of the SmartCloud Notes customer account
within the service that allows existing IBM Domino customers to integrate the on-
premises environment and is a core strength and value proposition.
The customer Admin can choose if the mail users mail account exists on-premises or in
the SmartCloud Notes service.
Customers select the Hybrid Environment option when performing initial setup.
Key Value Propositions
Customers can keep current environment Supports IBM Notes, browser, IMAP and mobile clients Users don't need to care who is Hosted or On-Premises Maintains the existing certificate hierarchy and domain structure Supports native NRPC mail routing No change required to continue accessing existing applications Existing mail databases can be transitioned in their entirety or with a selected
subset of data
Version requirements for on-premise Domino servers:
Figure 2 - Domino version requirements
-
7
"Hybrid" Basic Architecture
Most suitable for implementations where HA is not a requirement (e.g. pilot or smaller
customer implementations)
Figure 3 - Hybrid Basic Architecture
This simplest implementation above has a single on-premises domain, containing at least
one existing Domino server and uses a single passthru server for inbound connectivity.
The passthru server may even already exist for some customers so it is just a case of
validating server versions and doing the configuration.
-
8
"Hybrid" - High Availability Implementation
Figure 4 - Hybrid High Availability Implementation
The diagram in Figure 4 shows that the SCN configuration supports having up to 2 server
for each of the passthru, mail routing and directory replication servers. This provides a
more highly available integration.
Each pair of servers are designated as a primary and secondary in an active / passive
model. If the primary is not available the secondary is used; there is no load balancing of
connections or requests across the servers.
-
9
"Hybrid" - Multiple Domain Architecture
Figure 5 - Hybrid Multiple Domain Architecture
Multiple Domino domains One domain designated as primary through which hybrid connectivity from
SmartCloud Notes is achieved
Other domains become subordinates in the context of mail routing, free-time lookup and directory replication
Directory updates from downstream domains are replicated via the directory replication hubs in primary domain
Each domain is responsible to independently route mail directly to the SmartCloud Notes service.
Note: Once the account is configured for the primary domain the customer creates group / connection documents for each additional domain in their environment.
-
10
"Hybrid" - Multiple Data Center Implementation
Suitable for large customers who have infrastructure in more than one data center.
Figure 6 - Multiple Data Center Implementation
Single Domino domain Pair of customer data centers Pair of passthru servers (primary in one data center and secondary in the other
data center)
Separate mail routing and directory replication hub servers in each data center Provides for both a level of local (within data center) resilience and DR
protection in the event of data center failure
Should the primary data center or the servers in it be unreachable for any reason, the SCN
service will connect via the secondary data center instead.
This assumes that in the back end on-premises environment, directories replicate and
mail routes appropriately between the data centers.
-
11
"Hybrid" - 'SHIM' Domain between SCN & Existing Domains
Figure 7 - SHIM Domain between SmartCloud Notes & Existing Domains
Hybrid shim domain inserted between SCN and multiple other existing domains
Existing domains are all subordinate (route mail and replicate directory through) the shim domain
Single passthru server (a second could be added for failover) Separate mail routing and directory replication hub servers
For customers who have many on-premises domains, especially if they are chains of non-
adjacent domains, that means directory replication and mail routing has to propagate
through those domains.
To be able to flatten the directory replication and mail routing topology to make each
domain logically closer to SCN, a domain can be inserted to host the directory and mail
routing servers.
Since it is inserted between SCN and the existing domains we call it a shim domain. It
can then be configured to replicate and route mail with each other domain effectively
only one hop away.
-
12
"Hybrid" - Leveraging Infrastructure-as-a-Service (IAAS) for Domino Applications
Figure 8 - Hybrid Leveraging Infrastructure-as-a-Service (IAAS) for Domino Apps
Single Domino domain Single passthru server Single combined Domino mail routing and directory replication server Domino application and hybrid integration servers (like passthru) hosted on
IBM SoftLayer or other IaaS providers
No Domino servers on customer network Note: Customer DMZ and optional SoftLayer firewalls not shown
Setting Up Hybrid Configuration
Many customers want to remove all infrastructure from their networks, but hybrid is
designed to connect to existing environment where application servers might remain.
A customer can make use of services such as IBM SoftLayer IaaS or more traditional
partner hosting models to support those non-SCN servers.
Provided there is connectivity between SCN and where the servers reside, and between
the network and the servers for client access, the hybrid solution will function fine.
-
13
Firewall rules are an important part of the correct functioning of the SCN
implementation. Follow the rules to ensure firewall configurations allow for proper
traffic flow while minimizing risk of network attacks.
Create the company account for Connections Cloud. The customer needs to provide the
name of their organization and contact information for the initial administrator account.
Select Hybrid Environment. The first choice an administrator makes is whether or not
they want to set up the SCN account as hybrid. For an existing Domino customer, to
set up in hybrid mode, they check the box and confirm their choice.
Initially, the account setup page will display a set of 5 steps marked in red with a warning
triangle. It simply means that the information required for each of those configuration
items has not yet been provided.
Run the pre-configuration test tool to see that the existing environment is in good shape
to proceed.
Enter server details and click Run Test to test configuration. Fill out the relevant
information based on what servers are being used in what roles, which directories are to
be synchronized, etc.
The output of the test can be viewed immediately on the screen. This output is also
written to a file called liveserverconfig.log in the Notes client data directory on the
workstation where the tool is run. Inspect the output and look for any reported problems.
Create Server OU Certifier for Connections Cloud Virtual Server Name Registration.
Configure a Directory Sync Server. Provide at least one domino server and directory file
name. Do not check the box that says Do not use this Domino Directory for
provisioning or you will not be able to select users in the directory for provisioning later.
This should only be selected if the directory being configured is an extended directory
catalog.
After saving the configuration, the sync status will show Error. This is not a problem at
this time as we have not yet told Connections Cloud or the on-premises Domino
environment how to connect with each other.
Configure the Mail Routing Hub. Provide at least one domino server and domain name.
Configure virtual mail server common name. Provide a base common name to be used
for virtual server name creation. The mail server base name is used to generate all of the
common names for the virtual mail servers in Connection Cloud for the account.
-
14
Configure the Passthru server. The Passthru server must use an IP Address that is
routable from the internet. Enter at least one domino Passthru sever, hostname and
associated domino domain name.
*Note - We recommend using a host name rather than IP address in the middle field so that any changes in IP address can be done in DNS rather than having to
remember to edit this configuration.
Upload Certifier ID that will be used to create virtual server identities. You must not
upload a certifier that is already used in the on-premises environment.
Confirm all information entered and click "Enable My Account" to prepare for directory
synchronization and activation.
Prepare for account activation. Click "Download Configuration Tool" to download the
tool. The account setup page will indicate 2 new outstanding steps with the red warning
triangle. This indicates the steps have not been done yet, not that there are any problems.
When downloading the NSF, save it to the workstation file system before opening it in
the Notes client.
Note: Administrator and remote console access are required to run this tool. If you
make any configuration changes, you must download and re-run the tool again.
The domain configuration tool has 3 modes of operation.
1. Begin pre-configuration test (reports back on the state of the on-premises)
2. Begin configuration report (perform a dry run...no actual changes are made)
3. Configure servers (update the on-premises server configurations)
Domain Configuration Tool Results - Log file
Clicking the View log file button in the configuration tool will display contents of the log
file.
liveServerConfig.log file is stored in the data directory of the client used to run the
database.
It is useful to keep copies of the log files when the configuration tool is run as historical
documentation of what was configured and when. It also a great source of information
for troubleshooting purposes.
Confirm SCN server are connecting to the Passthru server. Look for sessions containing
virtual server names from the service and of type PASSTHRU.
Confirm SCN servers are connecting to Mail Routing/Directory server(s). Sessions for
SCN virtual servers representing the directory sync service means that SCN is
successfully accessing the server via Passthru.
Directory Sync Status. If the SCN service is connected to the directory server and can
access the directory, the status should be reported as OK.
-
15
If not there will be an error status and clicking on the directory server name will display
more details about the problem.
After running the Domain Configuration Tool the service should be able to connect to
perform the initial directory synchronization process. The SCN account setup page will
indicate that step is complete and that the Internet domain verification is still not done.
Click on Internet Domain Verification to confirm that your Internet domain is ready to
be validated. The service performs domain name verification to prevent abuse of
SmartCloud Notes accounts and requires you to create a CNAME record to prove
ownership of a domain.
-
16
Part 3 - Hybrid Activation and Testing
Account Activation
Go to the Account Setup page Click the Activate My Account button to complete initial hybrid setup
Looking at your account setup now, you should see both directory sync and domain
ownership steps are complete, as signified with the green check.
You should also now see that an Activate My Account button has appeared if both of
those steps are complete. You can click that button once, and you should then see the
Congratulations! response indicating that the account activation is complete.
Figure 9 - Account Activation
Looking at your account setup now, you should see both directory sync and domain
ownership steps are complete, as signified with the green check.
You should also now see that an Activate My Account button has appeared if both of
those steps are complete. You can click that button once, and you should then see the
Congratulations! response indicating that the account activation is complete.
ID Vault
IBM creates the ID vault when the customer account is created. In order for a user's ID file to be uploaded to the ID vault, you must issue a Vault
Trust Certificate from a parent certifier of the user ID file to the ID vault certifier.
After the Vault Trust Certificate is issued, only IDs of users with SmartCloud Notes accounts are uploaded to the ID vault.
Issue the certificate after the on-premises directory has been synchronized with the SmartCloud Notes directory.
-
17
Note: If you try to manage the vault and see a error not found in view index then the
directory indexes might not yet have refreshed and you can use updall -r to do that from
the hub server console.
1. Select Add or remove organization... and click Next
2. Click the Add or Remove button
3. Select the organization and click Add
4. Click OK
5. Click Next
6. Click Configure
7. Choose a Certifier ID File dialog
2. Select the certifier ID file and click Open
3. Enter that password and click OK
4. Click Done
You are done when you see the message that you have successfully managed the ID vault
and that the certifier was successfully added.
Confirm SCN Servers are Connecting to the Passthru Server
Look for sessions containing virtual server names from the service and of type PASSTHRU
The virtual server names contain the OU certifier that was uploaded during hybrid configuration
Confirm SCN Servers are Connecting to Mail Routing / Directory Server(s)
Similar sessions from the SCN service containing virtual server names should be visible on the console of the mail routing / directory replication servers
Additional Outbound Connection Testing / Validation
After Directory Synchronization reports it is complete Ensure that a Domino console trace from the customer mail routing hub
server to any of the SmartCloud Notes servers that can be seen connecting
to Passthru server
A group contains allocated servers for the customer, but not all will be running; failing to
connect to one of them is to be expected.
You will see an error about not being authorized to connect initially; this is expected
because the trace command tries an anonymous connection first.
Configuration Test
Web-based tool to allow you to test what the service can see If you run this before directory synchronization has completed, there will be a lot
of errors because synchronization has not yet completed
-
18
Go to the Configuration Test link in the UI and click the Run Tests button to start the
test execution.
These tests should be run any time you make changes to the hybrid setup or whenever
you are troubleshooting problems between SCN and the on-premises environment.
SmartCloud Notes Web Administration (User Accounts & System Settings)
If you are not still logged in, log in as the administrator again Navigate to the IBM SmartCloud Notes option
Figure 10 - SmartCloud Notes Web Admin
With completion of the account activation, a wider set of SCN specific configuration and
administrative options become available.
From the IBM SmartCloud Notes navigation link on the left, the SCN specific
administration section now provides additional access into these other areas.
-
19
System Settings - SmartCloud Notes Account Setup
There are many new options listed below the Configuration Test item that were not there
before account activation was completed.
Figure 11 - SmartCloud Notes Account Setup
SmartCloud Notes Account Setup - Instant Messaging
The options under Instant Messaging control how the SCN web UI or Notes embedded
Sametime client are integrated with community services, not whether chat and awareness
are available to the user via general web chat or rich client.
When disabled (the default), there is no presence awareness in the SCN web UI, but an
end user can still manually configure a Sametime client to independently connect to
SmartCloud IM.
SmartCloud Notes Account Setup Default Time Zone
This time zone option is used only for newly provisioned mail databases where a default
set of free-time should be published, even if the user has not yet set their preferred time
zone or work schedule. Typically this should just match the location of the majority of
the users in the company.
-
20
SmartCloud Notes Account Setup - Email Notifications
This option allows an administrator to specify the email addresses to which notifications
of problems with the service can be sent. Currently, this is limited to alerts about
problems with directory synchronization.
SmartCloud Notes Account Setup - Email & Calendar Options
The Calendar Details option enables the collection of summary data for display when
using the group calendar function, to show a limited amount of data about appointments.
SmartCloud Notes Account Setup - Email Management
There are a number of controls on this page related to email management. The absolute
maximum message size allowed in SCN is 100MB. Limiting the message size allows a
customer to reject messages that are over some size lower than this maximum.
Mail retention governs how long the soft delete period should be. By default it is 14 days
but can be up to 90 days long.
SCN also provides a method to purge mail data over a certain age. When enabled, the
customer decides for how long data can live in the mail database.
SmartCloud Notes Account Setup - Inbound Mail Routing
The Inbound Internet Mail Routing page shows who is responsible for handling incoming
SMTP mail for each verified domain owned by the customer.
SmartCloud Notes Account Setup - Email Filters (Spam)
Email filters provide some level of customization for how the Protector SMTP hygiene
filters process inbound SMTP mail.
The system filter is default for all customers and cannot be removed. It is the fundamental
spam filter and applies to all mail.
SmartCloud Notes Account Setup - Email Filters (White/Black Listing)
In addition to the spam filter, an administrator can define white and blacklists that contain
either individual email addresses or domains. For each rule, they choose deliver to
Inbox, deliver to Junk or block.
SmartCloud Notes Account Setup - Email Filters (Newsletter)
The keyword filter rule currently has one category of content defined and that is
Newsletters. Adding this rule will allow Protector to use its newsletter detection
algorithms to filter this kind of email based on the configured action.
SmartCloud Notes Account Setup - IMAP Email Access
SCN supports the use of IMAP clients and administrators can control whether or not
users are allowed to use IMAP clients. By default, IMAP support is turned off.
-
21
SmartCloud Notes Account Setup - Password Management
The expiry of passwords in Notes IDs can be enabled and set to an expiration duration.
SmartCloud Notes Account Setup - Name Finder
The Name Finder option controls how type-ahead and searching works for addressing
users in SCN web. By default using the basic option, when a user begins typing on the
To / CC / BCC fields a simple type-ahead text list of user names is shown from which to
choose.
SmartCloud Notes Account Setup - Journaling Options
Although this option is called journaling it is not the same as Domino message
journaling. It relates to the logging of mail delivery and client access events into log
files, stored in a default format, that a customer can download and import into a data
warehouse and then run reports.
System Settings - Security
Security Settings for Connections Cloud overall are set outside of the SCN specific
administration, using the Security link under Systems Settings.
A customer can control password expiry interval, what info to display to a user who
clicks the Forgot Password link on the login page and the use of application passwords.
Application passwords are for mobile device usage, are system generated but managed by
the user, and can bypass IP address range restrictions (since you never know where a
mobile device might be connected).
The IP address range restriction allows the administrator to specify from which set of
networks their users should be allowed to connect.
System Settings - Theme An administrator can make some limited cosmetic changes. Changing the theme gives
access to 9 preset color combinations, while the 10th
option (the rainbow) allows the
administrator to set explicit RGB color combinations for the main UI components.
In addition, an administrator can upload a logo image which they can choose to display in
the top left-hand corner of the top navigation bar which runs persistently across the entire
page, no matter what service is being used.
-
22
Part 4 - User/Data Transition and Provisioning
There are 4 main phases associated with user and data transitioning and provisioning.
1) Assessment
2) Planning
3) Preparation and Validation
4) User/Data Provisioning Process
Figure 12 - Assessment, Planning and Preparation
The first three phases focus efforts towards the ultimate goal of moving users and their
historical data.
With this method, customer assistance is increased as customer and IBM risk is
decreased.
The Domino Configuration Tuner (which is shipped for free with Domino) can be used to
gather detailed information about servers.
The SCN pre-config tool can be used to assess the readiness of the current Domino
environment for hybrid configuration.
-
23
Assessment is where a thorough understanding of the current environment and business
requirements is done. It is important to understand in detail the current environment, to be
able to make good informed decisions about what changes need to occur for a successful
move to SCN.
Planning (or sometimes Design) is the creation of the desired state, thinking through what
will be required and defining the appropriate sequence of events to realize it. The
information gathered during assessment is vital to being successful in planning the path
to cloud.
OPT (Onboarding Planning Tool) is provided to certified practitioners. OPT helps
understand user, mail database and client usage and also helps to segment the user
population into manageable groups for transition planning.
Prep / Validation (or sometimes Build) is the execution of the plans.
OTT (Onboarding Transition Tool) is provided to certified practitioners and assists
with the execution of the user move. It leads the practitioner through a set of automated
or semi-automated steps for each logical group of users being processed.
MOM (Mail Onboarding Manager) is available to be downloaded by any administrator
of a Connections Cloud organization that has SmartCloud Notes or Connections Cloud
S1 subscriptions.
OPT, OTT and MOM will be discussed in greater details later in a separate topic.
A pre-sale Technical and Delivery Assessment (TDA) is a technical inspection of a
completed solution design. Technical Subject Matter Experts (SMEs) who were not
involved in the solution design participate to determine:
a. Will it work?
b. Is the implementation sound?
c. Will it meet customer requirements and expectations
The TDA also helps to ensure that important areas of prerequisites, capabilities and
dependencies are discussed and understood early to reduce the possibility of road blocks
or surprises during implementation.
Typical Customer Responsibilities:
Assessing Domino applications and impact of client upgrades to 8.5.1 FP5+ Fixing application problems Assessment and planning of end state directory architecture, mail routing and
replication
Assessment, planning and changes to existing security policies / procedures Assessment and planning of end state architecture for customization / integration
with other systems
Network capacity planning and any associated network routing changes
-
24
Fixing existing problems or issues in the on-premises Domino environment Creation and staging of client installation packages Planning and execution of client upgrades or new installations Establishing and testing hybrid environment setup; implementation of passthru
server(s), directory replication and mail routing between on-premises and
SmartCloud Notes environments
Transformation management including end user communication plans, communication content, delivery of enablement, etc.
Post-transition decommissioning of mail files and mail servers
Assessment Phase:
The diagram below indicates phases and a collection of activity areas, but no idea of
overall sequence.
Figure 13 - Assessment
The diagram in Figure 13 indicates phases and a collection of activity areas, but no idea
of overall sequence.
Design and Planning Phase:
Determine the mixture of services required to satisfy collaboration / user needs and what data transition is required
Plan for connectivity between on-premises and SmartCloud Notes data center
Determine a high level schedule for overall implementation Determine the sequence of deployment for user segments / business units /
locations and the associated Connections Cloud services
Define the coexistence that will be required to support the transition (hybrid)
Determine how the business is going to be prepared for the transition
Figure 14 - Design and Planning
The network is a critical component in a SaaS and is often overlooked; customers think
their existing Internet connection(s) will be enough but that is not always true.
The overall sequence / schedule needs to be mapped out. The rate of transition is
important i.e. how many users per day or week are moved to SCN.
-
25
Preparation Phase:
A large part of the preparation activity is the set up of the SCN hybrid configuration and
associated infrastructure such as network connectivity or SAML identity provider.
There is also the corresponding testing of the various components that are configured to
ensure that the SCN hybrid, etc. are working properly.
Provisioning of new user accounts should be tested end to end.
If Notes client installation or upgrades are needed, then the deployment tools and install
kits need to be set up and tested.
Figure 15 - Preparation
Pilot Transition:
It is important to run a pilot of the transition process early in the deployment phase. The
process as implemented by the OPT and OTT tools is fairly strict. It has been proven to
work and deliver a known outcome that is a very transparent transition for the end user.
The pilot is used to test the process / solution on real users: A set of users should be invited to participate Communication and enablement material is validated with the pilot user
set
For existing IBM Notes users, the following occurs for pilot users: IBM Notes clients may be upgraded The mail files are replicated to an on-premises staging server and
encrypted
The encrypted replicas are uploaded to the SCN data center via FTP The databases are prepared and once ready, the associated users are
provisioned in the SmartCloud Notes service
The Domino Directory entries are updated to point mail server entries to new SmartCloud Notes mail server(s)
IBM Notes client configurations are updated to reflect new SmartCloud Notes mail server(s) and final replication occurs with on-premises replica
Production Transition:
Production deployment is similar to the pilot process flow, except that it is repeated as
many times as necessary to process the user population in logical batches (or groups).
The remaining users are scheduled in batches Depends on user demographics, volumes of data, organizational change
requirements, etc.
Processes are repeated iteratively until all users moved For existing IBM Notes users, the following occurs for each batch of users:
IBM Notes clients may be upgraded The mail files are replicated to an on-premises staging server and
encrypted
-
26
The encrypted replicas are uploaded to the SCN data center via FTP The databases are prepared and once ready the associated users are
provisioned in the SmartCloud Notes service
The Domino Directory entries are updated to point mail server entries to new SmartCloud Notes mail server(s)
IBM Notes client configurations are updated to reflect new SmartCloud Notes mail server(s) and final replication occurs with on-premises replica
Preparing for Transition:
In order to be able to execute the user transition process, a number of prerequisites need
to be in place before you start.
SmartCloud Notes hybrid integration is already implemented, tested and functioning properly
Staging server and tools are implemented and connected to customer network Staging server has access to all mail servers and mail databases in scope Partner has appropriate accounts/roles within customer company account Secure FTP (over SSL/TLS) access to SmartCloud Notes data center is available End user IBM Notes clients meet minimum software version requirements End user mail databases are configured appropriately
Staging Server Setup:
Figure 16 - Staging Server
The staging server is a temporary Domino server on which to run IBM tools that help to
manage the transition process. Once users are transitioned it can be removed.
-
27
It must be a Windows server running Domino 8.5.3 (or higher) 32-bit application. It
does not require a lot of hardware resources, its primary role is to run a single Domino
server that the admin might access, so the workload is very light.
1. On-premises data preparation (FTP)
Figure 17 - On-premise Data Preparation (FTP)
To capture the data, the staging server pulls full or selective replicas of the existing mail
databases from the existing mail servers across the customer network, to its local storage.
To reduce the time taken to replicate, it is desirable to place the staging server as close to
the source mail servers as possible from a network point of view.
The staging server generates a file of metadata about each user and database within a
dataset. We call this the manifest, and it is an XML file that is used to describe the dataset
to SCN once it has been uploaded.
No data ever leaves the customer network without being encrypted.
Note: An alternative to FTP is to put the data onto USB-connected removable storage.
This provides a way to move a very much larger volume of data in a relatively short (few
days) amount of time by shipping the device to the SoftLayer data center.
-
28
1. On-premise Data Preparations (Removable Storage)
Figure 18 - On-premise Data Preparation (Removable Storage)
An alternative to FTP is to put the data onto USB-connected removable storage. This
provides a way to move a very much larger volume of data in a relatively short (few
days) amount of time by shipping the device to the SoftLayer data center.
-
29
2. Upload Mail Content to SCN Data Center
Figure 19 - Upload
The encrypted data is uploaded to the SCN FTP service across the Internet.
Using secure FTP protects the communication during upload, and because the data is
already encrypted, it is protected at rest when it lands on the FTP service.
-
30
3. SCN Data Ingestion (FTP)
Figure 20 - Data Ingestion
Once the data upload is complete, the SCN database import service can read the
encrypted files from the FTP service, decrypt them, read the manifest and prepare the
databases it describes for provisioning. The same applies for removable storage.
3. SCN Data Ingestion (Removable Storage)
Figure 21 - Data Ingestion (Removable Storage)
-
31
4. SCN Provisioning
Figure 22 - Provisioning
At provisioning time, for each user being provisioned, the SCN service will decide on
which pair of servers in a cluster a user will be hosted; a primary (home) server and its
cluster partner.
Each of those servers know on which database import server to find the replica of the
mail database for that user. Instead of creating a new empty mail database, each server
streams a replica copy from the import server to its own storage.
The server decision also determines the corresponding cluster and pair of servers in the
DR data center to which the user should belong, and a second set of replicas are created
on the DR cluster server pair in the background.
-
32
5. Directory Synchronization
Figure 23 - Directory Synchronization
Once the database replicas are in place on the primary server and cluster partner in the
primary data center, it is safe to update the directory entry for the user.
This change updates the references to the mail server and mail file path entry to point at
the databases now running on the SCN servers, instead of the on-premises servers.
Through the directory sync process, this change propagates back to the on-premises
Domino environment as well. Once the change reaches those servers, all new mail for the
users who were provisioned, will be routed to the SCN servers instead.
The transition tools create a message in each user's Inbox, effectively a welcome to SCN
message, with instructions about what they should do next to access the SCN service.
-
33
6. Desktop Update Process
Figure 24 - Download, Setup and Catch-up Process
Users can log in with a web browser right away and be productive.
Users who use a Notes client must download a small NSF database which contains code
to reconfigure their Notes client to point at SCN instead of their on-premises mail server.
This database cannot be shared between users and will not work for any other user.
This tool also causes the client to perform a catch-up replication cycle between the on-
premises and SCN replicas to ensure any changes since the database upload are captured.
Lastly the tool shuts down the Notes client so that the location switch can take effect.
7. On-Premises Clean Up
Once the user have switched over, the on-premises mail file replicas can be
decommissioned and finally so can the on-premises mail servers.
-
34
Part 5 - Staging Server & FileZilla Setup
Staging server basics
Designed to run stand-alone (separate domain) but connected into existing environment to be minimally invasive
Domino 8.5.3 (or later, including Domino 9) server with some additional tools: Runs in isolated domain but using a server ID that belongs to the customer
certificate hierarchy to remove need for cross-certification
Requires access to mail servers which users to be transitioned are homed Requires mail servers trust the staging server ID for remote agent access Requires ACL access to all mail files belonging to users being
transitioned preferably manager
Requires access to the server through which the Domino directory replicates with SmartCloud Notes
Remote access if managing from outside of customer network
Staging server requirements
Hardware Requirements Dual Core Intel / AMD CPU 2 GB RAM Gigabit Ethernet network port Sufficient disk to support 2x in flight data volume
Software Requirements Microsoft Windows Server IBM Domino Server 8.5.3 (32-bit) or later Remote access
Additional Domino Server utilities deployed as part of the OTT database implementation:
encryptdb.exe unrdsync.exe
Additional scripts deployed as part of the OTT database implementation: setenv.bat unread-sync.bat
Additional tool to be downloaded from SourceForge: tee.exe
FileZilla is not required, but is a good implementation that supports the following
required capabilities:
Implicit FTP over SSL/TLS SSL session reuse Resumable transfers
Install the latest FileZilla client for Windows 32-bit on the BP#HUB Domino server
Download from: http://filezilla-project.org/download.php?type=client
http://filezilla-project.org/download.php?type=clienthttp://filezilla-project.org/download.php?type=client
-
35
Onboarding Planning Tool (OPT)
This tool assists in planning and preparing for the transition of users and their data Assists the user to analyze the current user, client and mail database environment
Can be run from Administrator workstation with zero server impact or Can be run in a scheduled fashion from an existing Domino server
Assists in defining the sequence and grouping of the user population into manageable chunks for further processing
User Batch Planning Sequencing and grouping of users / databases into logical deployment
groups
Filters the overall user population into those who are ready to move and those who are not
Assists with identifying important relationships between users that must be considered
during scheduling
Note: Running OPT as early as possible can be preventive maintenance because it can
uncover activities that the customer needs to perform.
Creating and Configuring OPT Steps
1. Server-Based Install
2. Signing the Database
3. Setting the ACL
4. External Agent Log
5. Log Database: Show in "Open Application" Dialog
6. Agent Log - Setting the ACL
7. Setup Wizard - Welcome
8. Setup Wizard Current and Future Client Types
9. Setup Wizard Minimum Client Version
10. Setup Wizard Initial Scan Document
11. Setup Wizard Directory Server
12. Other Scan Types
13. Setup Wizard Additional Server Selection
14. Setup Wizard Scan Summary
15. Setup Wizard Execution Option
16. Setup Wizard Running Scan
17. Basic Setup Complete
18. Initial Scan Results
19. User Profile Warnings and Errors
20. Domino Directory (names.nsf) Usage
-
36
Part 6 - Configuring OTT Database/Shell Scripts
Onboarding Transition Tool (OTT)
This tool assists in executing the transition of users and their data Provides automation for most tasks within the transition process
Must be run from a Domino server Is responsible for the following key activities during the transition:
Tracking the status of users as they move through the transition stages of the overall process
Pulling user batch definitions from the OPT tool Creating replica stubs of the databases associated with the users in a batch Checking the status of replicas and measuring their completeness for
transfer
e.g. document count, unread count, replication history entries Generating the manifest XML metadata that describes the user and
database replicas, and starting encryption
Checking that encryption completed successfully Monitoring the directory for indications that users have been provisioned
and activated
Depositing end user communications in the on-premises Inbox of users once activated
Creating and Configuring OTT Steps
1. Onboarding Transition Tool (OTT) - Install
2. Signing the Database
3. Setting the ACL
4. Agent Log
5. Agent Log Setting the ACL
6. Initial Configuration
7. Configuration Updates from OPT
8. Configuration Profile Basic Configuration
9. Configuration Profile Full Transfer Configuration
10, Initializing the Database
11. Initializing the Database Enable Process New Mail Agent
12. Initializing the Database Sign the OTT / OPT Database
13. Initializing the Database Deploy Shell Scripts / Executables
14. Initializing the Database Initialization Complete
15. Configuring the SETENV.BAT Script Customer ID
16. Configuring the SETENV.BAT Script Paths
17. Mail-In Database Definition
18. Mail Server to Staging Server Replication
19. Trusted Servers
20. Restart the mail server
21. Data Transfer Manager Account Setup
22. Data Transfer Manager Account Capabilities
-
37
Part 7 - Reviewing OTT Configuration Documents
OTT Step Configuration Overview
Step documents describe and control the sequence in which the processes are executed on the users
The process selects users according to current and next steps and current status
OTT Step pulldirectory
pulldirectory pulls user information from OPT into the OTT user profiles and populates information about the mail files into each OTT user profile
e.g. Mail server Mail path Template Replica ID Size Document Count
OTT Step replicastub
replicastub creates a replica stub on the Staging Server for each source mail database
OTT Step checkreplica
checkreplica periodically checks the status of the Staging Server replicas against source replicas
It rechecks the user status in OPT
OTT Step writemanifest
writemanifest generates an XML file called the manifest for the batch of users Contains metadata about each user and mail file to be uploaded:
SMTP email address First name Last name Home server Mail file path Staging replica path Replica ID Client access method Description
Special device indicates Selective Transfer Also starts encryption
This also does a check of OPT status (its the final check before sending users to
SmartCloud Notes).
-
38
OTT Step Validate Encryption
Validate Encryption makes sure encryption finished, and was successful If all .END files exist and are correct size, Validate Manifest runs validation
process on server
That process ensures manifest is correctly formed, and checks for 1:1 match between manifest and .END files
If batch is good, Validate Manifest encrypts the manifest
OTT Step checkmailserver
checkmailserver periodically checks for the change of the mail server to a SmartCloud Notes server:
Checks the directory replica on the synchronization hub Checks the directory replica on the home mail servers
For each Full Transfer user where the change has occurred in both places, creates the Welcome Message
In the migration process this is where the practitioner sends the mail files to the service
and provisions the users. OTT cant see any of that all it can do is wait for the Person
document to change.
OTT Step Selective Transfer Replication
Selective Transfer Replication does catch up replication for Selective users Sends new mail to Staging Server Changes replica ID of Staging Server replica to match cloud server Sends new mail to cloud
When complete, it sends the Welcome Message Automatically restarts process to deal with errors within the sequence (e.g.
network errors)
OTT Welcome Messages
OTT generates a Welcome message for each user who has been activated i.e. mail servers have been updated
The message is written directly into their on-premises Inbox Its not delivered mail but it looks like it Messages are generated from a pre-defined template document that can
be tokenized for personalization
OTT Welcome Message Defining the Memo to Use
Supplied Step document for Full Transfer computes memo based on DetectedClientType user profile item
Can be replaced with any formula Select by Country (e.g. from OU in Notes Name or mail template version)
Ensure there is a Memo document matching all possible formula results Can manually select and assign a single memo from a list of those available Corresponding document supplied for Selective just uses a simple selection, but
you can use a formula if required
-
39
OTT Step processnewmail (Full Transfer only)
processnewmail processes incoming messages received from users to indicate either:
Notes client reconfiguration has been successful or failed. Browser users have responded to a request to reply to their welcome
email.
Moves user onto next step of process and updates their status Ignores emails which dont match what it expects
OTT Step disablereplication (Full Transfer only)
disablereplication disables replication in on-premises mail files Home server Any cluster replicas
Note: This requires that the staging server have manager access to mail files
OTT Step delreplica (Full Transfer only)
delreplica will create an Administration Process request to delete the on-premises replica for each user who reaches the Create Replica Delete Request Step:
Creates an individual request per home server and cluster partner Does not submit a delete all replicas request
Customer administrator must approve the deletions like any other database delete request
OTT Step detectdeletion (Full Transfer Only)
detectdeletion monitors the administration process requests to verify when deletions have been executed.
At this point the user has been transitioned and cleanup has completed.
OTT Task Configuration Overview
Task documents describe and control the processes which happen in parallel to the Step agents
OTT Task Monitor In-Flight Users
Currently implements Folder Monitoring Users who modify folder names during transition might get unexpected results
e.g. folder names revert to previous name after replication
Folder Monitoring: What To Do?
There is no good way to prevent folder issues without making the end users experience worse
If you try to prevent them from creating folders, they end up with private desktop folders, which dont appear at all after transition to service
Notes users Client Configuration Tool
-
40
As part of Catch-up replication, this tool detects problem folders and fixes them
Spots renames and re-renames them, and copies folder design from Inbox
Doesnt help web-only users Client Configuration Tool is a Notes database run on the client
OTT Folder Monitoring Communication (outside OPT/OTT) to tell user about the problem Scheduled agent to monitor mail files in flight
Starts after encryption of the databases (status Encryption Complete); finishes after provisioning (status User Provisioned)
Folder Monitoring - Initial Notification
User receives email telling them they should stop modifying folders until they are provisioned
OTT Task Direct Replication (Full Transfer only)
Direct Replication is the process to replicate the home servers mail file to the SmartCloud Notes server
Does not use the replica on the Staging Server This will replicate any content which has changed in the on-premises replica to
the SmartCloud Notes replica
Intended for web-only users (Notes client users will run the Client Config tool)
OTT Memo Configurations
Memo Configurations are used to generate messages sent to users Listed under Memo Configuration part of Administration outline Used for Welcome message and Folder Monitoring message contents
OTT Memo Configuration Structure
Message template allows you to customize the appearance of the messages
OTT Full Transfer Both User Notification
Complete from / to addressing and subject as appropriate
OTT Memo Configuration Notes User Notification
Very similar information is typically presented in each memo Slight variations in the links and instructions depending on whether the user will
use only Notes, browser or both clients
-
41
Part 8 - Scanning, User Grouping and Data Capture
OPT Navigation
Navigation pane gives a rough suggestion of a sequence of work, starting with Setup, then Collecting Information, and so on
OPT Scan Control Document
Open the Collect Information | Scan Mail view and open the scan control document
OPT Scheduled Scans
OPT will warn you if the scheduled agent is not enabled If you enable it here, you should re-sign the database
OPT Server Documents
Servers view shows the types of servers being scanned
OPT Global Settings
When you open OPT for the first time, the Startup Wizard collects enough information to get you started
Configuration information is stored in a profile document within OPT
OPT Global Settings Agent Logging
If you created an Agent Log database for OPT, make sure this configuration is pointing to it.
Select the Agent Log Database option, click the Choose Agent Log Database button and pick the OPT agent log database from the picker.
OPT Global Settings Configuration Options
You can override the default maximum number of days for Selective Transfer But do so with care, as the default has been chosen to give good
performance
OPT Running Scans
Select the Scan Mail view Click the Run Selected Scan(s) action to initiate the scan
OPT Scan Summary
Scan results summary indicates number of users processed
OPT Scan Logs
Scan results summary indicates numbers of users processed, errors, warnings, etc.
OPT User Profile Warnings and Errors
Warnings can be acknowledged to indicate they have been read and understood.
-
42
Select the check box next to warning(s) and click the Acknowledge Selected Warnings button to proceed.
OPT User Profile Acknowledged Warning
Click the Restore Selected Warnings button to undo an incorrect acknowledgment
OPT Scan Acknowledgment
At the view level, column icon also changed to show acknowledged warning for this user.
OPT Rescanning Users
After resolving issues: Select those users and click the Rescan Mail Statistics action button to
refresh user status for just the selected users
A full rescan can be done by going back to Scan Mail view
OPT Client Usage View
Switch to the Resolve Issues | Client Usage view Select some users to update and click Set Client Types:
Set all users to have future browser. Set some users to both Notes and browser.
OPT Client Usage Set from Mail Statistics Document
A single user entry can be updated from the Messaging Info tab: Edit Settings button changes types being used Set button allows specific version information to be selected
OPT Users By Errors/Warnings
Switch to the Resolve Issues | Users By Errors/Warnings view
OPT Defining Custom Grouping Criteria
You can define up to 5 custom grouping views / criteria
OPT Assigning Users to Groups
To assign users to a location, go to the Assign Users to Batches | Locations view
OPT Setting up Provisioning Profiles
Navigate to the Provisioning Profiles view OPT comes with a selection of profiles
OPT Creating User Batch
Navigate to the Batch Definitions view Click the Create Batch action button
-
43
OPT Assigning Full Transfer Users to Batch
To assign users to a batch, select the user entries and click the Assign to Batch action.
OPT Assigning Selective Transfer Users to Batch
Assign a different set of users to a second batch using a Selective provisioning profile
Switch to the Manage Batches | Batches by Transition State to see your two batches
OPT Assigning Recommended Users to Batch
To assign users who fail keep together rules to the batch: Select the user entries in the right hand view and click the Assign To This
Batch action
OPT Acknowledging Keep Together Warnings Instead
To acknowledge the warning for users who fail keep together rules: Select the user entries and click the Acknowledge action Red exclamation changes to yellow circle column icons
OPT Finalizing the Batch Membership
You can either resolve issues and rescan users or remove them from the batch
OPT and OTT Dealing with Errors
Although fixing errors in OPT before transferring to OTT is desirable, it is not required
OTT is the final gatekeeper: it will prevent you from encrypting a batch if there are errors in OPT
OPT will prompt you to confirm that you want to proceed
Data Transfer Manager Account Setup
To access the SmartCloud Notes administration interface to manage the data import and provisioning requires an account with Data Transfer Manager role:
Step 1: Customer admin can create an account without any subscriptions Step 2: Connections Cloud Client Services Group (CSG) must assign the
DTM role to that account
SCN Admin UI Log in with Data Transfer Manager Account
From a web browser log into Connections Cloud with the account that has the Data
Transfer Manager role.
Data Transfer Manager Account Capabilities
Accounts with Data Transfer Manager role have a limited set of capabilities Read-only access to most of the SmartCloud Notes administration settings Access to User Provisioning with Mail File Transfer controls to manage
-
44
SCN Admin UI Create First Migration Control Document
Click the New Control Document button. Insert your name and email address. Insert company name in the description - full or selective batch description. After completing the form click the Submit button
SCN Admin UI FTP Space Usage
The SCN FTP service allows a certain amount of reusable space per customer Available + Used on control document = customer maximum
Tip: Allocate more space than you think youll need; if it's not needed it is returned for other use immediately after the upload is validated.
SCN Admin UI Open Migration Control Document
At the control document list, click on the request number link to open it Cancel Request button stops any further processing of this batch and deletes all
associated data
Reset FTP Password button used to enter a new password for this request
SCN Admin UI Download the Encryption Key File
Click the Download Key button to save a copy of the key to the staging server Domino data directory
Key file name generated from customer ID_control number.mky
Repeat These Steps to Create a Second Control Document
Need one control document for each of the Full and Selective transfer batches Use the Description field to distinguish the two control documents
OTT Import User Batch from OPT
Click Import Batch button to import a user batch from OPT: Select the correct OPT batch name from the list
Set the date of transfer to match your control document estimated date Click OK to import the user information from OPT Repeat for both of the batches you marked ready for transfer in OPT
OTT Imported User Profile Information
Open an individual user profile document to see the information inside This ensures that OTT is able to access both sources for future tasks
OTT Completing the Batch Documents
You should provide OTT the same batch information: Go to the Batches | by Name view Edit the batch document corresponding to the OPT batch
Batch Document Optional Features
Replication Hub Defaults to values in the Configuration Profile
-
45
Can be set differently for each batch Initial User password
Allows you to record the password you plan to use for users in the batch Assumes you want to use the same password for all users in the batch
OTT Batch Document Saving the Document
Saving the batch document updates all user profiles belonging to that batch with the new Control Number, and password if present.
OTT Manually Executing Agents
From the dashboard: Click link next to the current step of the process to move users to next step Only processes the batch being displayed in the dashboard
From the Actions menu: Click Actions | Run Agent on Server and then either As Console
Command or With Summary, then choose agent from list
OTT Create Replica Stubs
Go to the User | by Status view: Click Actions | Run Agent on Server | With Summary Choose the Create Replica Stubs agent
OTT Checking Replica Stub Creation
Go to the Domino Administration client and select the staging (hub) server: Switch to the Files tab Navigate to the customer ID / control number and lower directories to see
the replica stubs
OTT Initializing and Replicating the Databases
Go to the server console of the staging (hub) server: Enter a pull replication command to initialize and replicate the source
mail databases to the staging server
Do not use 2-way replication
OTT Checking the Replicas
Go to the Domino Administration client and select the staging (hub) server: Switch to the Files tab Navigate to the customer ID / control number and lower directories to see
the replicated databases
OTT Checking Replication
A replication history entry is written into a replica when a successful replication cycle is completed
We use the date and time stamp information later in the process Click Actions | Run Scheduled Agent | With Summary Choose Check Replication
-
46
Inspecting the Replication History Entries Source Mail Server
For a pull only replication, initiated by the staging server to the source mail server
Inspecting the Replication History Entries Staging Server
For a pull only replication, initiated by the staging server to the source mail server
OTT Users On Hold
If a problem is detected or you want to halt processing for a user, they can be put into a Hold status:
Open the user document to see the reason(s) on the Quality Check tab At view level, select users and choose Tools | Remove Error Hold(s) to
progress user once problem(s) are resolved
OTT Running / Overriding Data Quality Checks
Quality Checks can be re-run independently of checking replication history with two selection models:
On the individually selected users / staging server replica All users / staging server replicas belonging to a batch
Override Quality Checks action runs on selected users: Used when there is a known legitimate reason for a quality check failure
Unread Marks Synchronizing Source and Staged Replicas
If quality checks are failing because of unread mark differences, you can run this unread mark synchronization tool
On the staging server, start a command prompt as administrator: Change to the c:\migrate directory Run the unread-sync.bat script with control number and source mail
server as parameters; repeat for both batches
-
47
Part 9 - Encrypt, Upload, Import and Provision Users
Encrypting Data Process Readiness Checkpoint
At this point the following should be true for each batch: The OTT Batch document must be complete (a document created
automatically on import will not be complete until its been saved)
There is an encryption key on the staging server or attached to the OTT Batch document (if attached, it is detached to file system when the
manifest XML file is created)
There is a set of fully replicated mail databases on the staging server assigned to the batch
The mail databases have all passed quality checks (or have been overridden for legitimate reasons)
Unread marks have been synchronized between source and staged replicas (if necessary)
OTT Creating the Manifest File and Starting Encryption
On the dashboard, click the Start Encryption link Confirm execution and review results dialog Note the path for the manifest file (ending .man) Repeat for both batches of users Check log file for each batch in c:\migrate\logs to see encryption output
Can also use the Write Manifest XML action button in a batch view
What is the Manifest XML (.man) File ?
The manifest XML contains meta-data to describe the data set being sent to SmartCloud Notes for processing:
Contains a schema description against which content can be validated Contains information about the customer, batch and staging server Contains one row per user / database that is included in the batch:
User name, email address, mail server, mail path, replica ID, staging path and client access type, description
OTT Encryption Process
During encryption, each database is: Taken offline Used to generate the encrypted version of the database with a .END
(Encrypted Notes Database) extension
Encryption tool writes actions to log file in c:\migrate\logs directory with a file name structure of customerID_controlNumber.log
You can also see the encryption tool screen output in the Staging Server console
OTT Encryption Result Output
Batch log file in c:\migrate\logs lists all the databases processed by encryption tool
-
48
OTT Validating the Manifest File
From the dashboard, click the Check Encryption link Can also be run using the Validate Encryption agent
Users moved to Encryption Complete state and manifest is encrypted
Validation Process
The validation process Checks that the expected .END files exist Checks that the .END file matches the size of the corresponding NSF to
within the configured tolerance
If both the above are true, it runs encryptdb.exes validation process Checks the manifest is syntactically correct Check that all database files listed in the manifest are present as
.END files
If all of the above are correct, it encrypts the manifest
OTT Re-running Encryption or Validation
The encryption and validation processes are carried out by the encryptdb tool, and could fail for any number of reasons
If they fail, reset the users back to the relevant stage and re-process them
FTP Updating the SmartCloud FTP Site Definition
Click the Site Manager icon to bring up list of site connections: Insert the user ID for the batch into the User field Click Connect to make connection to SmartCloud Notes FTP service
FTP Validating the Connection
Enter the password when prompted Details about the processing and status are shown in the messages window pane
FTP Testing Throughput
After establishing a connection to the FTP service, research expected throughput Set FileZilla to use the maximum number of parallel connections to ensure it is
pushing as much data over the connection as it can
Click Edit | Settings...| Transfers and then set Maximum simultaneous
transfers = 10
FTP Uploading the Encrypted Data to SmartCloud Notes
Once connected to the FTP service: Navigate to the output directory c:\end-files\ where the
encrypted data for the batch is stored
Select both the manifest file and the directory of mail databases Drag to the landing zone root directory / Validate that all data is transferred successfully Files can be deleted and replaced if necessary
-
49
SCN Validating the Uploaded Data
From a web browser log into Connections Cloud with the account that has the Data Transfer Manager role:
Open the control document for the batch being processed Click the FTP Upload Complete button The manifest and database set will be validated
SCN Failed Validation of Upload
Figure 25 - Failed Validation
Figure 25 shows the output when the FTP validation fails. The page provides details of
the failure but also specifically states what caused the failure. You can now correct the
problem and click the FTP Upload Complete button again to perform another validation.
SCN Post Upload Validation
Once the SmartCloud Notes service has validated the uploaded data set: The FTP login account for that request becomes read only The data for that batch can no longer be changed on the FTP server via the
FTP client
The import server will generate a list of users belonging to that request from the content of the manifest XML file
Those users can then be selected in the UI for further processing
SCN Admin UI Log in with Data Transfer Manager Account
If not still logged in, from a web browser log into Connections Cloud with the account
that has the Data Transfer Manager role.
SCN Admin UI List of Control Numbers
Control Documents page lists all available control documents / batches of users
SCN Admin UI Open Migration Control Document
At the control document list, click on the request number link to open it
-
50
SCN Admin UI Select Users to Import
At the user list, check / uncheck the boxes to choose user databases to be imported
SCN Admin UI Checking User Status by Level
The submitted users no longer appear in the list because their status changed Change the status filter to Ready to Import Only the users that were selected should now be shown in the list The Ready to Import status tells the import server to prepare these databases
Clicking the Import Selected Users button changes the status of the user from Created to
Ready to Import and they disappear from the original list.
SCN Admin UI Checking All User Status Across Request
Click the Status tab to see summary counts of users in each status The import server will then see that it has work to do and will import,
decrypt, virus scan, etc. for selected users
SCN Admin UI Users Ready for Provisioning
After importing the rest and filtering on status Ready to Provision, you can see all users ready for provisioning
SCN Admin UI Import Errors
Filter the user list by the Error status Look at error text in view and click user name to open user document to read
processing history details:
If the error condition is transient, correct it and click the Restart Selected Users button
If the error is terminal, cancel the user and re-process them in another request if necessary
SCN Admin UI Log in with Administrator Account
From a web browser log into Connections Cloud with the account that has the
Administrator role.
SCN Admin UI Provisioning Estimates
At the control document list, click on the request number link to open it Click on the Users tab:
Change the status filter to Ready to Provision Select one or two users in the list Click the Provisioning Estimate button
SCN Admin UI Selecting Users for Provisioning
On the Users tab: The same users should have remained selected in the list If not, select one or two users again Click the Provision Selected button
-
51
SCN Admin UI Selecting Messaging Subscription(s)
On the resulting Provisioning Options page choose the subscription(s) to apply to all selected users:
Click the Next > button
SCN Admin UI Selecting Subscription and Mail Template
On the resulting Provisioning Options page, choose the template to apply to all selected users:
Page through list to locate the desired template and click Select next to it Click the Next > button
SCN Admin UI Setting Initial Temporary Password
On the resulting Provisioning Options page, choose the temporary password to apply to all selected users:
Enter a one time use temporary password Click the Next > button
SCN Admin UI Confirming Provisioning Options
On the next Provisioning Options page, review the selections and user list: If changes are required, click the < Back button To submit provisioning requests, click the Confirm > button Return to the request Status tab to check progress
SCN Admin UI Provisioning Progress
Click the Request Provisioning button: The status will show progress of submission of provisioning requests to
the provisioning queue
Once all are submitted click the Return to Control Document button Check the Status tab for completion of requests
SCN Admin UI Successful Provisioning
Look at user document to read full processing history details Top entries relate to Import part of process starting with Created.... Lower entries relate to Provisioning part of process starting with User
selected for provisioning...
SCN Admin UI Provisioning Complete
What does the provisioning complete status mean: The SCN messaging subscription was associated with the user's
Connections Cloud account
The service decided on which primary and DR cluster nodes to place the user mail file replicas
The directory entry for the user was updated with the new server and mail file name information
The directory information will be synchronized and replicated with the on-premises directory replica
-
52
The user can now log in via a browser and can set up their Notes client New mail will flow to the SmartCloud Notes mail server for the user
and will stop being delivered to the on-premises mail server
SmartCloud Notes Provisioning New Users
In hybrid implementations, new users must be registered in the on-premises Domino directory
SCN has no access to the other certifier ID files used for user registration Once the new directory entry has synchronized into SCN, the user can be selected
and provisioned
SCN Admin UI Log in with Administrator Account
From a web browser log into Connections Cloud with the account that has the
Administrator role.
SCN Admin UI Search For User(s) To Be Provisioned
Enter part of the user name or email address in the search box and click magnifying glass button
Select the desired user(s) from the list and click Provision Selected
SCN Admin UI Selecting Messaging Subscription(s)
On the resulting Provisioning Options page choose the subscription(s) to apply to all selected users
SCN Admin UI Selecting Subscription and Mail Template
On the resulting Provisioning Options page, choose the template to apply to all selected users
SCN Admin UI Setting Initial Temporary Password
On the resulting Provisioning Options page, choose the temporary password to apply to all selected users
SCN Admin UI Confirming Provisioning Options
On the next Provisioning Options page, review the selections and user list and then confirm
SCN Admin UI Provisioning Progress
Click the Request Provisioning button: The status will show progress of submission of provisioning requests to
the provisioning queue
Once all are submitted you click Return to Provisioning button You will see a summary display with a status bar showing progress of the
submission of provisioning requests into the provisioning queue.
-
53
Part 10 - MOM (Mail Onboarding Manager)
What is MOM?
Enables customer's SmartCloud Notes Administrator to migrate Notes mail files themselves
It is a single executable that can be installed on a Window server, and communicates with the SCN service via https using REST APIs.
The administrators configures the tool to access on-premises Domino directory and mail servers / mail databases using a server ID that has relevant access.
Other methods are too complex for customers to do themselves OPT/OTT tools were developed as an IBM service asset and not end users tooling Migrators can select users, configure settings and provision users form within the
Onboarding tool
Migrating is "point and click" experience Minimal client configuration Tool is downloaded from the web and has automatic updates so that services
updates are automatically supported
Mom Architecture
Figure 26 - Mail Onboarding Architecture (MOM)
-
54
MOM Considerations
How well prepared is my company for migrations? How complex is my on-premises environment? What type of migration is best for my network topology? Does my Domino Admin have the time to manage the transfer? What kinds of command and control do I need to manage migration?
Login
Browse to the URL of the MOM server http://:8080 Login the same way you login to the cloud using an account that has the
Administrator role
Installation and Setup
Enter login credentials (usually email/password) Enter Domino Directory Enter Domino credentials Summary of information submitted
Figure 27 - Install and Setup
Create Groups
List is created from on-premises users who are eligible for migration to the Cloud. Select 'Create New Transfer Group' Add Name of Group Select users you want in group and drag over to group
-
55
Figure 28 - Create Group
Create Settings
For every group of users, you need settings for each. Select from a variety of settings and give it a name
Figure 29 - Create Settings
-
56
Create Settings
Select Subscriptions
Figure 30 - Select Subscriptions
-
57
Create Settings
Transfer Options
Figure 31 - Transfer Options
-
58
Create Settings
Mail template/Extension Form
Figure 32 - Mail Template/Extension Form
-
59
Create Settings
Use pre-transfer instructions (optional)
Figure 33 - Pre-transfer Instructions
-
60
Create Settings
Post-provision instructions (mandatory) Last message user will receive in old inbox Give instructions on how to connect to new mail file
Figure 34 - Post-Provision Instructions
-
61
Create Settings
Review button for summary of settings Click Continue to name settings group
Staging - Upload and Provision (The View)
Set of users along with settings that are ready to migrate Option to start immediately or schedule transfer
Figure 35 - The View
Staging - Upload and Provision (List View)
More detailed status of each file
Figure 36 - The List View
-
62
Mail Onboarding Manager Facts
REST API interface to onboarding User Interface designed by IBM Design Team Major UX initiative for IBM Connections Cloud Continuous Delivery Model User and customer feedback, issues are treated as priorities
Download the Mail Onboarding Manager
Accessible by administrators of any organization with SmartCloud Notes or Connections Cloud S1 subscriptions
Figure 37 - Download MOM
YouTube Link to MOM demonstration:
https://www.youtube.com/watch?v=hek4q4LEqbI
https://www.youtube.com/watch?v=hek4q4LEqbI
-
63
Part 11 - SmartCloud Upgrade Factory (SCUF)
Why Use SCUF?
SCUF compliments existing services offerings for Messaging Data Migration. Best
method when customer wants to move fast at minimum cost.
Figure 38 - Migration Options
Why SmartCloud Upgrade Factory
* Allows customers to move to SmartCloud Notes from Exchange or Domino rapidly at a
low cost. Pricing is based on per user basis.
* Available to ALL customer who have purchased IBM Verse.
* Automated review of your current mail boxes with recommended remediation
* Full Fidelity Mail migration, including email, calendar and to-dos.
* Provides an easy to use pricing tool available to the field for pricing and estimates
upgrade duration.
* Includes Level 2 Help Desk during the migration.
* Personalized assistance with onboarding and provisioning
* Integration with existing on-premise Exchange or Domino environment to ensure users
can communicate.
-
64
Sample Pricing Scenarios
Figure 39 - Pricing Scenarios
SCUF simple Migration Path (How It Works)
Figure 40 - How SCUF Works
-
65
What does a customer need to do?
Make available the current mail administration team Provide IBM access to the Exchange or Domino environment Ensure environment meets the minimum requirements for SmartCloud mail
Provision and configure the SmartCloud account https://ibm.biz/BdFfLs Continue to manage and administer current environment until upgrade is complete Put into place a temporary coexistence solution Schedule and prepare 1,500 (MS) or 2500 (Domino) mailboxes per week Provide first level support to users during the transition Own communications, training and enablement for users during the project
Project Roles and Responsibilities
Figure 41 - IBM/Customer Roles & Responsibilities
To meet SCUF Requirements
Assumes the customer meets the technical requirements of Connections Cloud If they do not, contact a Solution Architect or other local ISSC representative for
a customer estimate
Customer must be compliant with the SCUF readiness checklist
https://ibm.biz/BdE26B
https://ibm.biz/BdFfLshttps://ibm.biz/BdE26B
-
66
Customer Prerequisites
Customer is responsible for remediation of non-compliant mailboxes or environmental components prior to and during the project
Customer provides the required hardware/systems needed to create a hybrid environment and upgrade users. Customer may elect to procure a SoftLayer
environment to house the hybrid environment.
For Exchange: IBM will move 300 mail files per day, 5 days per week For Domino: IBM will move 500 mail files per day, 5 days per week Average mailbox size is 500Mb IBM will require remote access to the customer environment to manage the
transition
Customers need to ensure adequate help desk support to accommodate 1500/2500 users provisioned per week
Only one Active Directory Domain is supported Public Folders and PSTs will not be migrated Resource Reservations is out of scope
Migration Flow (Who Does What Activities?)
Figure 42 - Activity Chart
-
67
Part 12 - Comparing Migration Options & Processes
Media Transfer
Best used when moving high data volumes in short period of time Requires Industry Cloud Solutions (ICS) Engagement
FTP Upload
Same tool and onboarding preparation as media transfer Transfer method is difference (Electronic vs Physical) Requires Certified Business Partner or ICS Engagement
When to use SmartCloud Notes Service-Only
Figure 43 - SmartCloud Notes Service-Only
The diagram in Figure 42 displays the criteria and requirements for choosing SmartCloud
Notes Service-Only option.
-
68
When to use SmartCloud Notes Hybrid
Figure 44 - SmartCloud Notes Hybrid
The diagram in Figure 43 displays the criteria and requirements for choosing SmartCloud
Notes Hybrid option.
Why Use OPT/OTT
Best suited for large scale migrations Supports the ability to migrate users on USB which can be much more efficient
than using FTP or MOM for a large number of big mail files
A single 8TB drive can possibly hold all of your mail files for migration OPT has more configuration options than MOM, therefore, can be adapted to non-
standard environment/requirement
OPT has the ability to work with multiple Domino domains, MOM can only migrate users from a single domain
Business Partners/ICS have created tooling in conjunc