II
Domains
Chapter 8, “Creating a New Domain,” on page 111
Chapter 9, “Managing Domains,” on page 127
Chapter 10, “Managing the Links between Domains and Post Offices,” on page 137
novdocx (en) 11 December 2007
II
Domains
109
novdocx (en) 11 December 2007
110 GroupWise 7 Administration Guide
8
Creating a New Domain
As your GroupWise® system grows, you might need to add new domains.
Section 8.1, “Understanding the Purpose of Domains,” on page 111
Section 8.2, “Planning a New Domain,” on page 112
Section 8.3, “Setting Up the New Domain,” on page 122
Section 8.4, “What’s Next,” on page 124
Section 8.5, “Domain Worksheet,” on page 125
IMPORTANT: If you are creating a new domain in a clustered GroupWise system, see the
GroupWise 7 Interoperability Guide before you create the domain:
8.1 Understanding the Purpose of Domains
novdocx (en) 11 December 2007
8
The domain functions as the main administrative unit for your GroupWise system. Each GroupWise
system has one primary domain, which was created when you first installed GroupWise. All other
domains that you add are secondary domains.
The domain serves as a logical grouping of one or more post offices and is used for addressing and
routing messages. Each GroupWise user has a GroupWise address that consists of a user ID, the
user’s post office name, the GroupWise domain name, and, optionally, an Internet domain name.
The following diagram illustrates the logical organization of a GroupWise system with multiple
domains and post offices. All of the objects under the domain belong to that domain. All of the
objects under a post office belong to that post office.
Figure 8-1 Logical Organization of a GroupWise System with Multiple Domains and Post Offices
GroupWise
System
Post
Office
Agent
Primary
Domain
Post
Office
Post
Office
Message
Transfer
Agent
Office
Agent
Post
Post
Office
Agent
Secondary
Domain
Post
Office
Message
Transfer
Agent
Post
Office
Post
Office
Agent
GroupWise Users
GroupWise Users
Messages are moved from user to user through your GroupWise system by the GroupWise agents.
As illustrated above, each domain must have a Message Transfer Agent (MTA) running for it. The
MTA transfers messages between domains and between post offices in the same domain. Each post
GroupWise Users
GroupWise Users
Creating a New Domain
111
office must have at least one Post Office Agent (POA) running for it. The POA delivers messages to
users’ mailboxes and performs a variety of post office and mailbox maintenance activities.
When you add a new domain to your GroupWise system, links define how messages are routed from
one domain to another. When you add the first secondary domain, the links between the primary and
secondary domains are very simple. As the number of domains grows, the links among them can
become quite complex. Links are discussed in detail in Chapter 10, “Managing the Links between
Domains and Post Offices,” on page 137.
Physically, a domain consists of a set of directories that house all the information stored in the
domain. To view the structure of a domain directory, see “Domain Directory” in GroupWise 7
Troubleshooting 3: Message Flow and Directory Structure. The domain directory does not contain
mailboxes or messages, but it does contain other vital information. For an overview, see
Section 40.3, “Information Stored in the Domain,” on page 606. Domain directories can be located
®
on NetWare
, Linux, and Windows servers.
8.2 Planning a New Domain
After you have your basic GroupWise system up and running, you might need to expand it by
adding one or more domains. The GroupWise architecture lets you create a simple, single domain
system, or a complex system that links dozens of domains across a campus, a city, or around the
world.
novdocx (en) 11 December 2007
This section provides the information you need in order to decide when, where, and how to set up a
new domain. The “Domain Worksheet” on page 125 lists all the information you need. You should
print the worksheet and fill it out as you complete the tasks listed below.
Section 8.2.1, “Determining When to Add a New Domain,” on page 112
Section 8.2.2, “Deciding Who Will Administer the New Domain,” on page 113
Section 8.2.3, “Planning Post Offices in the New Domain,” on page 114
Section 8.2.4, “Determining the Context for the Domain Object,” on page 114
Section 8.2.5, “Choosing the Domain Name,” on page 116
Section 8.2.6, “Deciding Where to Create the Domain Directory,” on page 117
Section 8.2.7, “Deciding Where to Install the Agent Software,” on page 118
Section 8.2.8, “Deciding How to Link the New Domain,” on page 121
Section 8.2.9, “Selecting the Domain Language,” on page 121
Section 8.2.10, “Selecting the Domain Time Zone,” on page 121
After you have completed the tasks and filled out the “Domain Worksheet” on page 125, you are
ready to continue with Section 8.3, “Setting Up the New Domain,” on page 122.
8.2.1 Determining When to Add a New Domain
How do you know when you should add a domain? The answer to this depends on your
administration policies and on physical and logical network organization.
112 GroupWise 7 Administration Guide
Although a single domain can contain as many post offices and users as you want to add, there are
some conditions that indicate the need for a new domain:
Administrative Convenience: To spread out the administrative workload, you can create one
or more new domains with their own administrators. Each new domain can be managed by a
different administrator as long as each administrator has sufficient rights to connect to it and
write to the domain database.
Remote Sites: If communication between servers is slow, or if you have remote sites, you can
add a new domain to minimize mail traffic between the servers. For example, if you have
locations in three separate cities, you might have an organization that represents each location.
You could then create a domain in each organization. You could administer all of the domains
from one location or you could assign a different administrator for each one.
Demand on the MTA: Each domain has its own MTA that routes messages between post
offices within its domain. If your current domain has many post offices that are placing a heavy
workload on the MTA, you might want to create another domain to handle additional post
offices.
Multiple eDirectory Trees: All of the objects that are logically subordinate to a GroupWise
domain must be in the same Novell
®
eDirectoryTM tree as the domain. If you have users in other
eDirectory trees that need GroupWise accounts, you must create secondary domains and post
offices in each tree.
novdocx (en) 11 December 2007
8.2.2 Deciding Who Will Administer the New Domain
Any user who is an Admin equivalent can administer GroupWise. We recommend that whoever
creates the new domain should be an Admin equivalent so that he or she has the necessary rights to
create objects and directories. You can then assign a different user as a domain administrator and
limit rights to other objects if necessary. For more information, see Chapter 75, “GroupWise
Administrator Rights,” on page 1135.
Depending upon the size, complexity, and layout of your eDirectory tree, you might choose a
centralized administration model with one person administering both eDirectory and GroupWise, or
you might choose a distributed administration model with the administration workload shared by
two or more individuals. With a distributed administration model, each administrator obtains rights
to the GroupWise objects and directory structures over which he or she has jurisdiction. If you want
to restrict access to some network operations or to certain domains, you can limit access rights to
domains the user should not administer.
The user assigned as the administrator must be able to create or modify objects in the domain and
will receive an e-mail message whenever an agent encounters a problem. You can designate
yourself, one or more other users, or a distribution list as an administrator.
WORKSHEET
Under Item 10: Domain Administrator, enter the ID of the user or distribution list that will administer this
domain.
The items in the worksheet are listed in the order you will enter them when setting up your domain.
This planning section does not follow the same order as the worksheet, but all worksheet items are
covered.
Creating a New Domain 113
8.2.3 Planning Post Offices in the New Domain
Before adding the new domain, you should plan the post offices that you want to belong to the
domain. You should consider the following issues when planning post offices.
Physical Organization: If your network spans several sites, you might want to create post
offices (if not domains) at each physical location. This reduces the demands on long-distance
network links.
Logical Organization: Grouping users who frequently send messages to each other is faster
and generates less network traffic than if messages travel between different post offices and
domains.
Number of Users: A typical post office can serve from 1000 to 2500 users, depending on its
configuration. Larger post offices are possible, but grouping similar users might be preferable.
Demand on the POA: Each post office has at least one POA that delivers messages to user
mailboxes and performs other post office maintenance tasks. It is possible to run multiple
POAs, located on different servers, for the same post office, or you might prefer to create
multiple post offices.
For more details, see Section 11.2, “Planning a New Post Office,” on page 156.
novdocx (en) 11 December 2007
8.2.4 Determining the Context for the Domain Object
When deciding where to place the new Domain object in the eDirectory tree, you should consider
how you can most easily administer GroupWise and how the domain and its associated post offices
fit into the logical organization of your eDirectory tree.
Domains and their associated objects, including Post Offices, Users, Resources, and Distribution
Lists, must be located in the same eDirectory tree. If you have multiple trees, you must create a
separate domain in each tree. The domains can all belong to the same GroupWise system, even
though they are located in different trees.
You can place the domain in any Organization or Organizational Unit container in any context in an
eDirectory tree. The following sections provide some examples of how domains can be placed in the
eDirectory tree:
“GroupWise Objects Reflect Physical Locations” on page 115
“GroupWise Objects Reflect Company Organization” on page 115
“GroupWise Objects Are Grouped with Servers” on page 115
“GroupWise Objects Are Located in a Separate GroupWise Container” on page 116
WORKSHEET
Under Item 1: Tree Name, specify the name of the eDirectory tree where you plan to create the new
domain.
Under Item 2: eDirectory Container, specify the name of the eDirectory container where you plan to
create the new domain.
114 GroupWise 7 Administration Guide
GroupWise Objects Reflect Physical Locations
The GroupWise system below focuses on the physical layout of the company. Because most mail
traffic is probably generated by users in the same location, the mail traffic across the WAN is
minimized. An organizational unit is created for each site. A domain is created under each
organizational unit, corresponding to the city. The sites can be administered centrally or at each site.
Administrator rights can be assigned at the domain level.
Figure 8-2 A GroupWise System Following the Company’s Physical Organization
GroupWise Objects Reflect Company Organization
The following GroupWise system focuses on departmental organization, as does the eDirectory tree.
GroupWise domains and post offices parallel eDirectory organizational units, placing the domains
and post offices within the organizational units containing the users that belong to them.
novdocx (en) 11 December 2007
Figure 8-3 A GroupWise System Following the Company’s Departmental Organization
GroupWise Objects Are Grouped with Servers
Because domains and post offices have directory structures on network servers, you could also
choose to place the Domain and Post Office objects in the same context as the servers where the
directories reside, as shown in the following example.
Creating a New Domain 115
Figure 8-4 A GroupWise System with the Domains And Post Offices Grouped with the Servers
GroupWise Objects Are Located in a Separate GroupWise Container
Domains and post offices can also be created in their own organizational unit. Administratively, this
approach makes it easier to restrict a GroupWise administrator’s object and property rights to
GroupWise objects only. For information about GroupWise Administrator rights, see Section 8.2.2,
“Deciding Who Will Administer the New Domain,” on page 113.
novdocx (en) 11 December 2007
Figure 8-5 Groupwise Objects Located in Their Own Organizational Unit
8.2.5 Choosing the Domain Name
The domain requires a unique name. The name is used as the Domain object’s name in eDirectory. It
is also used for addressing and routing purposes within GroupWise, and might appear in the
GroupWise Address Book.
The domain name can reflect a location, company name or branch name, or some other element that
makes sense for your organization. For example, you might want the domain name to be the location
(for example, Provo) while the post office name is one of the company’s departments (for example,
Research). Name the new domain carefully. After it is created, the name cannot be changed.
The domain name should consist of a single string. Use underscores (_) rather than spaces as
separators between words to facilitate addressing across the Internet. Do not use any of the
following invalid characters in the domain name:
ASCII characters 0-13 Comma ,
Asterisk * Double quote “
116 GroupWise 7 Administration Guide
At sign @ Extended ASCII characters that are graphical or typographical
symbols; accented characters in the extended range can be used
Braces { } Parentheses ( )
Colon : Period .
WORKSHEET
Under Item 3: Domain Name, specify the domain name.
Under Item 8: Domain Description, provide a description for the new domain.
8.2.6 Deciding Where to Create the Domain Directory
Logically, the Domain object resides in eDirectory and is administered through ConsoleOne®.
Physically, the domain has a directory structure for databases, message queues, and other files. The
domain directory structure can be created on any of the supported platforms listed in “GroupWise
Administration Requirements” in the GroupWise 7 Installation Guide. It can also be located on any
platform that an MTA running on a supported platform can access successfully. The server where
you create the domain directory structure can be in the same tree as the Domain object or in another
tree.
novdocx (en) 11 December 2007
Many different configurations are possible. When deciding where to create the domain directory,
you should consider the following.
Domain Directory Space Requirements: The domain directory requires less than 10 MB of
free disk space. However, this requirement could increase as your system grows.
Network Access by the MTA: If the MTA is not installed on the same server with the domain
directory, the MTA must have direct network access to the domain directory so that it can write
to the domain database (wpdomain.db) and, depending on link configuration, to the post office
directories so that it can write to the POA input queues. This issue is discussed in detail in
Section 8.2.7, “Deciding Where to Install the Agent Software,” on page 118.
Security from User Access: Users never need access to the domain directory so you should
create it in a location you can easily secure; otherwise, you could have files inadvertently
moved or deleted.
Choose an empty directory for the new domain. If you want, the directory can reflect the name of the
domain, for example, res_dev for the Research and Development domain. Use the following
platform-specific conventions:
NetWare: Use a maximum of 8 characters
Linux: Use only lowercase characters
Windows: No limitations.
Choose the name and path carefully. After the domain directory is created, it is difficult to rename it.
If the directory you specify does not exist, it is created when you create the domain. Do not create
the domain directory under another domain or post office directory.
Creating a New Domain 117
WORKSHEET
Under Item 4: Domain Database Location, enter the full path for the domain directory.
Under Item 9: Network Type, enter the type of network in use at that location.
8.2.7 Deciding Where to Install the Agent Software
You must run a new instance of the MTA for each new domain. To review the functions of the MTA
for the domain, see Section 40.4, “Role of the Message Transfer Agent,” on page 608. For complete
installation instructions and system requirements, see “Installing GroupWise Agents” in the
GroupWise 7 Installation Guide.
When planning the installation of the MTA, you need to consider how the new domain links to
existing domains and how the new domain will link to its post offices. For an overview of link
configuration, see Chapter 10, “Managing the Links between Domains and Post Offices,” on
page 137.
The MTA requires direct network access to the domain directory so that it can write to the domain
database (wpdomain.db) and, depending on the link configuration, to each post office directory so
that it can write to the POA input queues. Consider the following alternatives when selecting a
location for the MTA relative to the domain and its post offices:
novdocx (en) 11 December 2007
“MTA Access to the New Domain: Local vs. Remote” on page 118
“MTA Access to New Post Offices: Mapped and UNC Links vs. TCP/IP Links” on page 119
“Cross-Platform Access Issues” on page 120
WORKSHEET
Under Item 11: Agent Location, indicate whether you plan to run the MTA on the same server where the
domain directory is located (recommended), or on a different server.
Under Item 12: Agent Platform, enter the platform of the server where the MTA will run (NetWare, Linux,
or Windows).
MTA Access to the New Domain: Local vs. Remote
Running the MTA locally on the same server where the domain and post offices reside simplifies
network connections (no login is required), reduces network traffic, and protects database integrity.
In the following diagram, the agent software is installed on the same server where the domain and
post office reside.
Figure 8-6 Agent Software on the Same Server with the Domain and Post Office
POA
MTA
Acct-Dom
Acct-PO1
POA
MTA
Dev-Dom
Dev-PO1
118 GroupWise 7 Administration Guide
Running the MTA on a remote server allows you to place the heaviest processing load on your
highest performing server. In the following diagram, the agent software is installed on a different
server from where the domains and post offices reside.
Figure 8-7 Agent Software on a Different Server than the Domain and Post Office
MTA MTA
Acct-Dom
Acct-PO1
POA
POA
Dev-Dom
Dev-PO1
When you run the MTA on a different server from where its directory structures and databases are
located, you need to provide adequate access.
NetWare: If the NetWare MTA needs direct network access to another NetWare server, you must
add the /dn switch or the /user and /password switches to the MTA startup file to provide
authentication information.
Linux: If the Linux MTA needs direct network access to another Linux server, you must mount the
file system where the domain is located before you start the Linux MTA.
novdocx (en) 11 December 2007
Windows: If the Windows MTA needs direct network access to another Windows server, you must
map a drive to the other server before you start the Windows MTA.
MTA Access to New Post Offices: Mapped and UNC Links vs. TCP/IP Links
If the new domain will include multiple post offices, the post offices will probably reside on
different servers from where the domain is located. If you plan to use mapped or UNC links between
the domain and its post offices, the MTA requires the same access to the post office directories as it
requires to the domain directory.
Figure 8-8 MTA Access Using Mapped or UNC Links
NetWare Windows NetWare
MTA MTA
Acct-Dom
Acct-PO1
POA
NetWare: If the NetWare MTA needs access to a post office on another NetWare server, you must
add the /dn switch or the /user and /password switches to the MTA startup file to provide
authentication information.
POA
Dev-Dom
Dev-PO1
Linux: N/A. The Linux MTA requires TCP/IP links to the POA.
Windows: If the Windows MTA needs access to a post office on another Windows server, you must
map a drive to the other server before you start the Windows MTA.
To avoid these direct network access requirements between the MTA and its post offices, you can
use TCP/IP links between the domain and its post offices.
Creating a New Domain 119
Figure 8-9 MTA Access Using TCP/IP Links
MTA MTA
Acct-Dom
Acct-PO1
POA
POA
Dev-Dom
Dev-PO1
When using TCP/IP links, the MTA does not write message files into message queues in the post
office directory structure. Instead, the MTA communicates the information to the POA by way of
TCP/IP and then the POA uses its direct network access to write the information.
Cross-Platform Access Issues
In most cases, it is most efficient if you match the MTA platform with the network operating system
where the domain resides. For example, if you create a new domain on a NetWare server, use the
NetWare MTA.
If you decide not to run the MTA on the same platform as the domain, the MTA must still have
direct network access to the domain directory so that it can write to the domain database
(wpdomain.db). For example, you could set up the new domain on a NetWare server and run the
Windows MTA on a Windows server to service it.
novdocx (en) 11 December 2007
Figure 8-10 A Domain on a NetWare Server and the MTA on a Windows Server
Windows NetWare
MTA
Dev-Dom
Dev-PO1
POA
However, the NetWare MTA could not service a domain located on a Windows server because
Windows does not support the required cross-platform connection.
If you are using mapped or UNC links to post offices, the MTA must also have direct network access
to the post office directories so that it can write messages files into the post office message queues.
You could, for example, run the agents on an Windows server while domains and post offices were
located on NetWare servers.
Figure 8-11 Agents on a Windows Server and Domains and Post Offices on a NetWare Server
MTA MTA
Acct-Dom
Acct-PO1
POA
POA
Dev-Dom
Dev-PO1
Again, the opposite combination of NetWare agents servicing domains and post offices on Windows
servers is not an option because Windows does not support the required cross-platform connection.
To avoid these cross-platform access issues, use TCP/IP links between a domain and its post offices.
120 GroupWise 7 Administration Guide
For more detailed information, see Section 40.7, “Cross-Platform Issues between Domains and Post
Offices,” on page 609.
8.2.8 Deciding How to Link the New Domain
Domain links tell the MTAs how to route messages between domains. Properly configured links
optimize message flow throughout your GroupWise system. For a review of link types, see
Section 10.1.1, “Domain-to-Domain Links,” on page 137.
When you create the new domain, you link it to one existing domain. By default, this link is a direct
link using TCP/IP as the link protocol, which means the new domain’s MTA communicates with the
existing domain’s MTA through TCP/IP. If desired, you can configure the direct link to use a UNC
path as the link protocol, which means the new domain’s MTA transfers information to and from the
existing domain by accessing the existing domain’s directory.
WORKSHEET
Under Item 7: Link to Domain, specify the existing domain that you want to link the new domain to, then
specify the link protocol (TCP/IP or UNC path).
novdocx (en) 11 December 2007
After you create the new domain, you can configure links to additional domains as needed. See
Section 10.2, “Using the Link Configuration Tool,” on page 143.
8.2.9 Selecting the Domain Language
The domain language determines the default sort order for items in the GroupWise Address Book
for users in post offices that belong to the domain. For more information, see Section 11.2.8,
“Selecting the Post Office Language,” on page 165.
WORKSHEET
Under Item 5: Domain Language, specify the domain language.
8.2.10 Selecting the Domain Time Zone
When a message is sent from a user in one time zone to a user in another time zone, GroupWise
adjusts the message’s time so that it is correct for the recipient’s time zone. For example, if a user in
New York (GMT -05:00, Eastern Time) schedules a user in Los Angeles (GMT -08:00, Pacific
Time) for a conference call at 4:00 p.m. Eastern Time, the appointment is scheduled in the Los
Angeles user’s calendar at 1:00 p.m. Pacific Time.
The domain time zone becomes the default time zone for each post office in the domain.
WORKSHEET
Under Item 6: Domain Time Zone, enter the time zone.
Creating a New Domain 121
Loading...