Mapped directory links and Domino data security

To ensure data security, do not create a mapped directory link to a file server or shared Network Attached Storage (NAS) server for a Domino® server. These links can cause both database corruption and security problems.

Database corruption

If the network connection fails while the Domino server is writing to a database on the file server or shared NAS server, the database can become corrupted. In addition, the interdependence of the file sharing protocols -- Server Message Block (SMB), Common Internet File System (CIFS), and Network File System (NFS) -- and the remote file system can affect the Domino server's performance. Domino sometimes needs to open large numbers of remote files, and low latency for read/write operations to these files is desirable.

To avoid these problems on Domino servers, consider doing one or more of the following:

  • Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino server to the NAS system.
  • Limit access to the NAS system to the Domino server.
  • Reduce the number of hops and the distance between hops in the connection pathways between the Domino server and the storage system.
  • Use a block protocol instead of a file protocol.
  • Use a private storage area network (SAN) instead of a shared NAS system.
  • Avoid creating any file-access contention between Domino and other applications.

To avoid problems with Notes® workstations, consider doing the following:

  • Locate Notes workstations so that they are not accessing a remote file server or NAS system over a WAN.
  • To minimize the risk of database corruption because of server failure when a Notes client's Domino data directory is on a file server or NAS server, evaluate the reliability of the entire network pathway as well as the remote system's ability to maintain uninterrupted sessions to the Notes client over the file sharing protocols it is using (SMB, CIFS, NFS, NetWare Core Protocol, or AppleShare).
  • If a Notes client's Domino data directory is on a file server or NAS server, remember that only one user (user session) can have the user data directory files open a time. Notes does not support concurrent access to the same "local" database by two clients.

Security problems

When Encrypt network data is enabled, all Domino server and Notes workstation traffic is encrypted. However, the file I/O between the Domino server and the file server or shared NAS server is not encrypted, leaving it vulnerable to access by unauthorized users.