Chat now with support
Chat with Support

Integration for Notes 20.13 - User Guide - BTCal

Section 1: Introduction Section 2: Features and Advantages Section 3: Scope Section 4: Recommended Installer Prerequisites Section 5: Pre-installation Requirements Section 6: Configure the Domino Environment Section 7: Configure Integration for Notes BTCal in Exchange or Office 365 Section 8: Licenses Section 9: Installing Integration for Notes Section 10: Create and Configure Domino Databases Section 11: Modify the Notes.ini File Section 12: Re-start BTCal Domino server to bring it online Section 13: Verification Section 14: On-going Administration Appendix A: ZApp Appendix B: Configure GRIP Appendix C: On the Fly Encryption and Decryption Appendix D: Disable Encrypted Message Routing Appendix E: High Availability/Redundancy Mail and Calendar Routing for Foreign Domains Appendix F: Notes.ini Parameter Descriptions Appendix G: Notes.ini Parameter Values Appendix H: Considerations for Domino SMTP Domain Exposure Appendix I: Processing Repeating Meetings Appendix J: Deployment Quick Reference Appendix K: Customizable Non Delivery Report (NDR) Reason Codes Appendix L: Cross Platform Delegation Appendix M: BT Stats Database

Prerequisites & Settings

Decryption Option 1 (Recommended)

Create the BTIDCache Database in the Integration for Notes Domino Data Directory using the installed template:

  1. Configure the database; see the Configuration of the Domino Database section below for more information; use the IBM IDVault database as the preferred configuration

  2. Configure the following Notes.ini values on all Domino Coexistence servers:

INI Variable Name

Description

Value

BTEncryptDecrypt

0 - disabled (default)

1 - encrypt and decrypt

2 - decrypt only

3 - encrypt only

Example value: 1

BTIDVault

0 - disabled (default)

1 – Enabled

1

BTIDFileLocation

BTIDFileLocation= BTIDVaultDB

BTIDVaultDB (default) – Uses the BTIDVault database which will store the users ID and password

FileSystem – Uses a central file share repository that holds all backup copy of the user’s ID files. The password will be stored in the BTIDVaultDB

PersonDoc – Backup copy of the ID files will be stored in the person docs with in the Domino Directory; password for the ID files will be stored in the BTIDVaultDB

DominoIDV – Backup copy of the ID Files will be stored in the IBM IDVault Database, with the corresponding passwords in the BTIDVaultDB

DominoIDV2 – The users ID in the Domino IDVault Database, and the corresponding password will be provided Automatically by the Domino API; for this configuration option, the “Check Password setting in the senders person doc must be set to “don’t check password”

PerUser – This option allows the configuration to be done at the user level individually selecting the first five options

<BTIDVaultDB>

BTIDVaultDB

This variable sets the file name for the BTIDVault Notes Database

 

BTIDsDir

This variable sets the path information of the Senders notes ID when the BTIDFileLocation=FileSystem

 

 

If using any options other than DominoIDV2 in the INI setting BTIDFileLocation, user information will need to be gathered for each user. The following section explains how this will be accomplished with the database defined in the BTIDVaultDB INI setting.

Decryption Option 2

The mail file template for all Domino users must be modified so that any time a message is marked for encryption, the Domino user account used for On the Fly Decryption and Encryption is added to the BCC field. This account should be an administrative account with a valid ID, password and certificate.

The Domino user account used for On the Fly Decryption and Encryption must have a valid Notes Certificate in their Person Document in the Domino Directory, but it does not need a mail file associated with it.

The Domino user account ID file used for On the Fly Decryption and Encryption must be on all Domino Coexistence servers. The password for this ID may be stored in the Notes.ini or in a text file the Domino Coexistence server(s).

All Exchange Recipients must also have a valid Notes Certificate in their Person Document in the Domino Directory.

The following Notes.ini values must be configured on all Domino Coexistence servers:

INI Variable Name

Description

Value

BTEncryptDecrypt

0 - disabled (default)

1 - encrypt and decrypt

2 - decrypt only

3 - encrypt only

 

Note: the last two values do not have a use at present and are broken out in case they are needed for future use cases

Example value: 1

BTDecryptID

This is the ID file that is associated with the user account that is added to the BCC field of encrypted messages (from Domino to Exchange)

<ID file name, full pathname if not in the Data folder>

BTDecryptEmail

This is the Notes name of the account used for on-the-fly encryption/decryption

 

BTDecryptPasswordFile

Use this INI parameter if you will be storing the password for the BTDecrypt ID in a text file; this must be a plain text file that contains nothing but the password for the BTDecrypt ID file. OS security can be enabled on this file, as long as done with windows server account used by the Domino server.

<full path and file name>

BTDecryptPassword

Use this option is you will be storing the password for the BTDecrypt ID in the Notes.ini file

<password for the account used for on-the-fly encryption/decryption>

Encryption Options

INI Variable Name

Description

Value

BTEncryptDecrypt

0 - disabled (default)

1 - encrypt and decrypt

2 - decrypt only

3 - encrypt only

 

Note: the last two values do not have a use at present and are broken out in case they are needed for future use cases

 

This setting must be set even if the BTIDVaultDB is being used

Example value: 1

BTDominoEncryptDomains

This is a multi-value, comma separated parameter that should contain a list of Domino domains to be included in processing On the Fly Decryption and Encryption

 

BTCalTargetAddressPrefix

This is the value that is prepended to the SMTP address when creating the TargetAddress. The above value is a typical example (domino.); note the value ends with a period, since that too is prefixed to the base smtp address for Domino users - as happens when the AD SMTP address of "Jane.Smith@contoso.com" is stored in the AD targetAddress as a value of "Jane.Smith@domino.contoso.com")

Domino

BTLeaveKeepPrivate

  • When set to 0, Integration for Notes will delete the $KeepPrivate item, which allows the Notes user to reply with history or forward to the encrypted memo, as well as respond to calendar items. (Recommended)

  • When this is set to 1, $KeepPrivate will remain in place, which will result in not being able to reply with history, forward or respond to calendar items

  • This setting will override SMTP_NO_MAP_PERSONAL, SMTP_NO_MAP_PRIVATE and SMTP_NO_MAP_COMPCONF; these are Domino-specific INI settings that control mail behavior when set to Personal, Private or Confidential. For more information, refer to IBM’s documentation and knowledgebase; if this is set to 1, the chairperson will receive an NDR from any Domino rooms or resources in the invitation

Examples: 0/1 (default=0)

BTScanSubjectForEncryptFlag

  • If set to 1, Integration for Notes will encrypt any item that has the value of BTScanSubjectFlag in the subject of the message; this allows Exchange users to encrypt items from mobile devices

  • If set to 0, Integration for Notes will not encrypt any items based on the subject content

1

BTScanSubjectFlag

This value is used to allow Exchange mobile users to put a keyword in the subject of an email to have that message encrypted; this should be unique text that will not be used accidentally; this value is case insensitive

<text>

    

 

 

INI Variable Name

Description

Value

BTEXPANDCALGROUPS

  • The three existing INI parameters defined when mail group membership is expanded during the routing process

  • If these are set to N (no), On the Fly Decryption and Encryption requires that groups be synched or represented as member-populated groups in the target directories; if groups are represented as Contacts (Exchange), or as Person documents (Domino), sending encrypted message to the group will result in an DNR (see NDR49)

  • If these are set to Y (yes), groups will be expanded prior to the decryption/encryption process, so they will be decrypted or encrypted as expected

N

BTEXPANDMAILGROUPS

N

BTEXPANDGROUPS

N

It is strongly recommended to investigate how these setting will impact the messaging environment before making any changes.

Customizable NDRs

Customizable NDRs

As with other Integration for Notes NDR messages, there is a single customizable message, and 4 customizable encrypt NDR’s reasons. The default text is listed below. These are customized in the same manner as any BTNDR text:

INI Variable Name

Description

Value

BTENCRYPTFAILTEXT

This is a multi-line value that supplies the generic NDR email text.

Example:

  • BTENCRYPTFAILTEXT1=There was a problem delivering your message to a Notes user, group, or mailbox.\n\n

  • BTENCRYPTFAILTEXT2=%REASON%\n\n

  • BTENCRYPTFAILTEXT3=Thank you for giving this matter your prompt attention.\n

    If not supplied in Notes.ini, it defaults to the values used in the first 2 lines above

Examples:

Thank you for giving this matter your prompt attention.\n

BTNDR49

"An encrypted copy of the message could not be delivered to the following Domino Group(s): %GROUPLIST%.\r\nPlease re - send the message using individual recipients."

BTNDR50

"An encrypted copy of the message could not be created for the following Notes recipient(s): %RECIPIENTS%.\r\nPlease contact the HelpDesk."

BTNDR51

"An encrypted copy of the message could not be delivered to the following Notes recipient(s) : %RECIPIENTS%.\r\nPlease contact the HelpDesk."

BTNDR52

"This meeting contains more text than BTCal can process for Domino users.\r\nPlease recreate it using less than 25K of text."

 

Configuration of the Domino Database

With the recommended option 1 of not using a customized mail template, the configuration will require the corresponding BTIDVaultDB to be deployed to all Integration for Notes servers in a replicated model with the exception that the customer is using IBM Domino IDVault Database and it has been configured to allow applications to have access to the ID files. The following will cover how to deploy the database for all other scenarios:

Installing the BTIDVaultDB is a simple process of adding the template and creating a new BTIDVaultDB.nsf in the Domino Data directory.

Creating the ID Vault Database

  1. After the installation of Integration for Notes, the BTIDCache.ntf template will appear in the Domino Data Directory

  2. If the template is not displaying in the data directory, reinstall Integration for Notes

  3. The Coexistence server may need a restart to use the new databases created from the copied template files

  4. Create the BTIDVault.nsf from this template and note the file name as it will need to be added in the INI parameter BTIDVaultDB, then proceed with the configuration

Setting up Security for the BTIDVaultDB Database

Integration for Notes uses a mail-in storage database to store all mail-enabled application messages in a single store repository that provides document level security and allows Exchange/Outlook users to access any applications during the coexistence period.

  1. From the Coexistence server, open Domino Administration Client

  2. From the Domino Administrator, open the server, and then navigate to the Files tab as shown below, select Databases only from the Show Me: drop-down box:

  3. Right-click BTIDVault.nsf

  4. Select Access Control > Manage to set up the ACL as shown below:

  5. Because the database is new and not signed or secured, if you receive a prompt to cross-certify the signature as seen below, select Yes:

  6. The ACL displays. Add the Domino Administrators for the domain or LocalDomainAdmin as shown below and click Add; from the Add User dialog box, select LocalDomainAdmin, and then click OK:

  7. Change the user types to Person group for LocalDomainAdmins as shown below. Additionally, grant your LocalDomainAdmins [Admin] role to view additional configuration options in the BTStore database:

  8. Demote the Default group by giving it only Author without delete access; this database has document security and its own set of purging options to prevent users from deleting documents even by mistake

Configuring the Settings in the BTIDVault Database

Confirm the INI setting defined in the section Prerequisites & Settings/Decryption Option 1 (Recommended) and proceed with this database for all options in the INI parameter BTIDFileLocation except “DominoIDV2”.

Once in the database is opened expand in the left navigator the section Configuration and select Settings. Configure the database as follows:

On the General Setting tab set the following values:

  1. Coex Server Name – This is the Domino server that the users will be populated from

  2. Domino Directory File Name – Domino Directory that the user record will be created from

  3. Server Mailbox – Populate this with the Router mailbox tnat will be used to send messages from

  4. Domino INI Setting Option - This should be set to the option set on the Domino COEXT server for the INI value BTIDFileLocation

 


The options on the rest of the configuration and how the database will interact with the user is depended on this setting.

  1. Default Network Path - Enter the network path where the backup copy of the ID files are stored; this can only be a single value entry is used if the INI settting is set to “File System”

  2. Default Password - Value set to Domino ID file on creation

  3. Delete Process Messages - Since the database has the ability to send request for users to collect ID and Password this option allow the cleanup of the responses if environment policy do not dictate that all electronic communication be saved

  4. Web Host Name - The database has the ability to collect user information via email or a website; the website can also be used to maintain the account information for the users; this is the URL for the database

 


HTTP services will need to be configure on the Domino COEX server, and a DNS name registered in the customer’s environment if not using the Domino server name in the URL.

  1. Success Message - Message that will display when the user Successful perform an action via the website

Mail-enabling BTIDVault Database

A Mail-in Database Document is required for mail to be delivered to the newly created BTIDVault database. The procedure copies the database to the server and creates a Mail-In database document for the Notes Migrator database.

  1. Create a mail-in database for BTIDVault database; click on the Server Db Copy and Mail-In Db Doc button to create a copy of the BTIDVault database on the Domino server and configure the Mail in Database document:

  2. The Does BT IDVault already exist? dialog box opens; click Yes (and skip to step 5):

  3. If working with a local copy of the BTIDVault database, then click No. The Create a db copy? dialog box opens

  4. Click Yes to create a copy of the local BTIDVault database on the server

  5. If Yes was clicked in the Does IDVaultDB already exist? dialog box, the Choose Application dialog box opens. Locate the Notes Migrator database in the CMT folder on the server, and then click Open

  6. The Fullname for the mail-in db doc dialog box confirms that the mail-in database for the selected server-based BTIDVault database does not exist and prompts to specify a name for the mail-in database; after specifying the name, click OK

  7. In the Open the new mail-in doc? dialog box, click Yes to open the mail-in database

    1. The mail-in database document for BTIDVaultDB opens

  8. To verify the creation of the mail-in database, launch Domino Administrator, open the Domino server, and access the Mail-In Databases and Resources folder under the People & Groups tab

  9. Double-click the document to open and review

  10. Once the mail-in database is successfully created, the Open Mail-In Db Doc button replaces the Server Db Copy and Mail-In Db Doc button; clicking it opens the database document for a review; clicking the button with the X sign on it will remove all pointers to the location of the mail-in database

  11. It is recommended that after copying the database to the server, you delete the database from the local client folder; to remove it, right-click on BTIDVaultDB on Local; select Database, and then Delete; the Notes client prompts that the database and related documents will be permanently deleted; click Yes to delete the local database

Modifying the Inbound Processing Agent

Once the database has been mail-enabled, modify the Inbound Processing agent to view the updates. Perform the following steps to run the agent.

  1. With Domino Designer open the BTIDVault database in Domino Designer

  2. Expand Shared Code and select Agents

  3. Select the InboundProcessing agent as shown below

  4. Double-click InboundProcessing to open the InboundProcessing Agent Properties

  5. Click the Security tab

  6. The Administrator should be listed in the Run on behalf of section

  7. In the Set Runtime security level: field, select Allow Restricted Operations with full administration rights

  8. Once you've edited the agent, close the Properties box

  9. Close the Inbound Processing – Agent tab

  10. Save the changes

  11. Click Sign

Message Templates

Message Templates can be used for communication with the end users via Notes mail messages. These messages can be used for informational purposes only or they may contain action buttons with associated code designed to perform specific tasks. These messages are created using the Message Templates.

  1. Click Message Templates in the Navigation Pane; the Data Pane displays a list of predefined message templates

 


Each predefined Message template has a specific purpose. To create a custom template based on a predefined template, select the predefined template before clicking the New Template button.

  1. Select a predefined template and click the New Template button in the Data Pane

  2. A new tab opens and displays a form where the details of the new Message Template can be specified; notice that the tab clearly specifies that the new template is based on the predefined template; when saving this template with a new name, however, the tab will reflect its new name

  3. Customize the new template; refer to the table below for details on settings

  4. Once all the details have been specified, click Spell Check to ensure there are no spelling errors in the message

  5. A message box appears to confirm that no misspellings were found; click OK to close the message box

  6. Next, save the new template; click Save & Close

    The following table describes the values for each setting:

Settings

Description

Template Name

Specify a name for the template that best describes the purpose of the new message template

Template Type

Specify the type of the new message template, such as Email Only or ID Retrieval

Return Notification

Specify whether you want a return notice from the end user when the message is received and the required action is performed

From

Specify the name of the entity sending this migration message to end users (for example, Migration Coordinator)

Subject

Specify a brief description of the purpose of the new template

User Action Required

Check this box if migration for this user cannot proceed until the user performs the embedded action within the message

This check box also indicates that the user will remain in the Pending Reponses view until they perform the end user action in a particular message template

Message Body

Specify a customized message

The new template is saved and it appears in the list of existing templates

Types of Predefined Message Templates

The database comes with predefined Message Templates which are designed to perform specific migration tasks. The information contained within these predefined templates can be modified to tailor them to a client’s needs. Predefined Message Templates can be of the following types depending on the actions they perform:

  • Gather ID and Password Info

  • Notification Only Email

Gather ID and Password Info

This message is used to gather User ID and password information

Notification Email Only

As the name implies, Notification Email Only is designed for informational purposes only and does not include any action buttons. Notification Email Only templates can be used to keep the end users informed.

Importing Users

Users from the Domino Directory must be imported into the database.


Ongoing maintenance of users as they are added, deleted, or renamed must be maintained in this database. Also, if Password Policies exist in the environment, management of this must be considered for this database.

With the database open, expand in the left navigator the section Configuration and select Import Users. Import users as follows:

  1. Click on the Import Users button and select either All Users or Select Users to Import (to select specific users)

  2. If Select Users to Import is selected, choose users to import in the People view in the Address Book and click OK

  3. On the confirmation screen, click OK

Sending User Notifications

Notification will be sent to the end users. These may be for relaying information, delivering end user driven action buttons for actions such as gathering ID and password information or both.

Send End User Notifications

To send a notification:

  1. Expand User Notifications and click Send in the Navigation Pane

  2. Select all the user documents in the Data Pane to whom the notification will be sent

  3. Click the Send Notifications button in the Data Pane

  4. In the Message Templates dialog box, a list of available predefined templates is displayed; if custom templates have been created, these will also be listed; select the desired template to send and click OK

  5. The progression message box displays; after a few seconds of processing, another message box displays confirming that notifications have been sent to selected users; click OK

  6. After sending the first notification to the users, the users remain in the Notify step under the Pending Responses view so that all desired notifications can be sent to the user

Pending Responses

Notifications where users are required to click an embedded button in the email are processed differently. If users don’t click the buttons, their response is considered pending and is listed in the Pending Responses view. To check if there are any pending responses from the sent notifications, click Pending Responses.

For example, if John Smith has not performed the required action. The Data Pane will show that two notifications have been sent, one requires user action, and no response has been received. In a situation like this, another notification can be sent prompting users to respond to migration notifications.

Responses Received

Responses can also be seen in the Responses view; click Responses Received in the Navigation Pane

Errors

If needed, check to see if there were any errors during the sending of the notifications; click Errors

Incoming Email Responses

The Incoming Email Responses view shows user responses sent in via email

How it Works

How it Works

Encrypting from Exchange to Domino

  • Exchange-generated email sent to Domino users that is marked private or has the property ICCategory=4 will be encrypted; before submitting an item for encryption, Integration for Notes will validate that all users in the recipient list have a Public Key in the Domino Directory; if any recipients do not have a Public Key, an NDR will be sent to the originator

  • These items will be marked as Private in the recipients’ inbox

  • If BTScanSubjectForEncryptFlag=1 and the subject contains the text value in BTScanSubjectFlag the messages sent from Exchange to Domino users will be encrypted; this is to allow mobile users to encrypt messages sent from smart phone

  • For Domino users to reply with history and respond to calendar items, “Prevent Copy” (Notes feature) is NOT set on encrypted items from Exchange

  • When Calendar invitations are encrypted, they will appear as a memo with a meeting.ics attachment in the Domino user’s inbox; when the item is opened it will be converted to a typical invitation

Notes:

  • Exchange generated email with external recipients should not be routed through the Domino Integration for Notes servers, therefore not encrypted

  • Encrypted calendar invitations from Exchange to Domino will initially arrive as an email with a meeting.ics attached, not an invitation:

Once the email is opened, it is properly displayed as an invitation:

  • There will also be an additional email version of the item in the inbox; if the Notes preferences are set to not to remove items from the inbox after processing them, two items will show for each invitation:

Related Documents

The document was helpful.

Select Rating

I easily found the information I needed.

Select Rating