SECURING
Physically securing servers and databases is just as important as preventing unauthorized user and server access. Therefore, locate all Domino® servers in a ventilated, secure area, such as a locked room. If servers are not secure, unauthorized users might circumvent security features -- for example, ACL settings -- access applications on the server, use the operating system to copy or delete files, and physically damage the server hardware itself.
About this task
To ensure maximum physical security for servers, do one or more of the following:
Securing the server console with a Smartcard
Notes users can use a Smartcard with their User ID to log in to Notes. Smartcard use requires the installation of a Smartcard reader on the user's computer, along with the Smartcard software and drivers. The advantage of using a Smartcard with Notes is that the Smartcard locks User ID. Logging into Notes with a Smartcard requires the Smartcard, the User ID, and the user's Smartcard PIN.
Administrators can take advantage of Smartcard security to physically secure the Domino server console. In this case the administrator would be locking the Server ID with the Smartcard. Before you begin complete the following tasks:
PKCS11_Library=C:\Program Files\Schlumberger\Smart Cards and Terminals\Common Files\slbck.dll
CAUTION: If you do not modify the server's NOTES.INI file to include the PKCS11_Library variable, when you try to launch the Domino server, it will shut down and return a Login aborted by user error.
Procedure
1. On the Domino server workstation, install a Smartcard reader and Smartcard driver files.
2. On a Notes client workstation, install a Smartcard reader and the same Smartcard driver files as you installed on the Domino server. This workstation will be used to configure the Smartcard for the server.
3. Copy the SERVER.ID from the Domino server onto a memory device. Insert the device into the Notes workstation.
4. Launch the Notes client with a User ID from the domain for which the server has a certificate.
5. Place the Smartcard designated for the server into the card reader of the Notes client. If required, enter the Smartcard PIN.
6. Click File -> Security -> Switch ID to switch to the copy of the SERVER.ID file.
7. Do the following to enable the SERVER.ID file for the associated Smartcard
b. Click Smartcard Options.
c. Click Enable Smartcard Login.
d. Enter password (if needed) and the Smartcard PIN. After approximately 10 to 15 seconds, the Smartcard will be configured for the SERVER.ID file.
9. Place the Smartcard in the Domino server card reader, and launch Domino.
10. At the server command console, enter the Smartcard PIN when prompted and Domino will launch.
Related reference Set Secure