S 2.494 Selection of suitable components for the infrastructure of a Lotus Notes/Domino environment

Initiation responsibility: Head of IT, IT Security Officer

Implementation responsibility: Administrator

Particularly the new Notes client based on Eclipse technology (Standard Client, also called Full Client), but also the server components require significantly more system resources when compared to the components of the Lotus Notes/Domino platform before version 8. This must be taken into consideration when upgrading to the versions 8.0 and higher. Therefore, the existing manufacturer's specifications regarding the procurement of hardware for servers and clients Domino and/or Notes components are to be used on must be reviewed with regard to the new requirements and the existing IT equipment may require corresponding adaptation as a consequence.

The decision to continue the use of the proprietary Notes client (Basic Client) for end users may contribute to avoiding performance and security issues (and/or major changes to the client infrastructure). New services of the Domino server such as Presence and Instant Messaging also cause new system requirements with possible effects on the configuration of existing components of the security infrastructure, e.g. firewalls and IDS/IPS, or triggering the procurement of new components for the security infrastructure suitable for protecting these services. Therefore, prior coordination with the operators of the operative security infrastructure and corresponding adaptation of the specifications for the procurement and operation of security components in the Lotus Notes/Domino environment are necessary. The components of the security infrastructure to be taken into consideration in so doing include:

• security gateways,
• network-based systems for attack detection and avoidance (NIDS/NIPS),
• network-based systems for attack detection and avoidance (HIDS/HIPS),
• server-side components for malware protection,
• client-side personal firewalls,
• client-side malware protection components and client-side HIDS (often bundled as client-side Security Suite),
• content security solutions (also appliances),
• solutions for avoiding the outflow of sensitive data (data loss prevention or DLP solutions).

Before any release change of the Lotus Domino environment and before any significant changes regarding the use of the Domino services(e.g. activation of new services), alignment with the components of the security infrastructure relevant for Lotus Notes/Domino should take place.

Review questions:

• Is there a process ensuring that the hardware meets the current requirements of the Lotus Notes/Domino components?
• Is an alignment with the components of the security infrastructure relevant for Lotus Notes/Domino performed before any release change of the Lotus Domino environment and before any significant changes regarding the use of the Domino services (e.g. activation of new services)?