Mapped directory links and Domino® data security

To ensure data security, do not create a mapped directory link to a file server or shared Network Attached Storage (NAS) server for a Domino® server. These links can cause both database corruption and security problems.

Database corruption

If the network connection fails while the Domino® server is writing to a database on the file server or shared NAS server, the database can become corrupted. In addition, the interdependence of the file sharing protocols -- Server Message Block (SMB), Common Internet File System (CIFS), and Network File System (NFS) -- and the remote file system can affect the Domino® server's performance. Domino® sometimes needs to open large numbers of remote files, and low latency for read/write operations to these files is desirable.

To avoid these problems on Domino® servers, consider doing one or more of the following:

  • Create an isolated network and use cut-through (non-buffering) layer-2 switches to interconnect the Domino® server to the NAS system.
  • Limit access to the NAS system to the Domino® server.
  • Reduce the number of hops and the distance between hops in the connection pathways between the Domino® server and the storage system.
  • Use a block protocol instead of a file protocol.
  • Use a private storage area network (SAN) instead of a shared NAS system.
  • Avoid creating any file-access contention between Domino® and other applications.

To avoid problems with Notes® workstations, consider doing the following:

  • Locate Notes® workstations so that they are not accessing a remote file server or NAS system over a WAN.
  • To minimize the risk of database corruption because of server failure when a Notes® client's Domino® data directory is on a file server or NAS server, evaluate the reliability of the entire network pathway as well as the remote system's ability to maintain uninterrupted sessions to the Notes® client over the file sharing protocols it is using (SMB, CIFS, NFS, Core Protocol, or AppleShare).
  • If a Notes® client's Domino® data directory is on a file server or NAS server, remember that only one user (user session) can have the user data directory files open a time. Notes® does not support concurrent access to the same "local" database by two clients.

Security problems

When Encrypt network data is enabled, all Domino® server and Notes® workstation traffic is encrypted. However, the file I/O between the Domino® server and the file server or shared NAS server is not encrypted, leaving it vulnerable to access by unauthorized users.