Home
Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
SafeLinx as the Nomad server
An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
Configuring the Nomad server
Configuring the Nomad server when SafeLinx is already set up
Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
Configuring the directory server for Nomad server
Define how SafeLinx communicates with the Domino LDAP service.

Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
- System architecture
  This topic describes the system architecture for HCL Nomad for web browsers, iOS, and Android.
- Nomad server on Domino
  The Nomad server on Domino services Nomad clients directly from your Domino server. It has been designed to simplify Nomad deployment.
- SafeLinx as the Nomad server
  An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
  - Getting started with Nomad server wizard
  - Completing the prerequisites
    Before you begin configuring the HCL Nomad server, complete the following prerequisites:
  - Collecting required information
  - Installing and setting up SafeLinx
  - Configuring the Nomad server
    - Configuring the Nomad server when you configure SafeLinx
      Complete the following steps to configure the Nomad server while configuring SafeLinx.
    - Configuring the Nomad server when SafeLinx is already set up
      Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
      - Configuring the directory server for Nomad server
        Define how SafeLinx communicates with the Domino LDAP service.
      - Creating the authentication profile for Nomad server
        The profile is used to authenticate users and to verify user access to target HCL Domino® servers.
      - Adding a Nomad server resource
        Add a Nomad server resource for HCL Nomad.
    - Adjusting firewall rules for Nomad
      If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.
    - Nomad security best practices
      Following these security best practices is recommended.
  - Logging in to verify the configuration
  - Configuring SafeLinx to accept LTPA cookies from other servers
    If there are other servers in the Nomad server network configured for single sign-on, you can configure SafeLinx to accept LTPA cookies from those servers.
- HCL Nomad and panagenda MarvelClient
  The HCL Nomad management solution MarvelClient from panagenda is now provided with all installations of HCL Nomad on iOS, Android, and HCL Nomad for web browsers. panagenda MarvelClient allows administrators to manage HCL Nomad clients by defining their own settings.
- Managing HCL Nomad via an MDM provider (mobile)
  Starting with version 1.0.4 for HCL Nomad for iOS, and version 1.0.13 for HCL Nomad for Android, managed configuration via most common Mobile Device Management (MDM) providers is supported. All MDM providers are slightly different in how they implement managed configurations for applications.
- Configuring Nomad federated login
  When you configure Nomad federated login, HCL Nomad users are not prompted for their HCL Notes ID passwords when they set up Nomad. Instead, they are prompted only for credentials from a SAML identity provider (IdP).
- Setting notes.ini values
  This topic describes how to configure notes.ini settings.
- Configuring notes.ini customizations
  This topic describes notes.ini settings used to customize startup and runtime behavior.
- Configuring application switcher (Nomad for web browsers)
  Application (app) switcher is an optional, configurable dropdown menu displayed on the left of HCL Nomad for web browsers' navigation bar. Each app switcher menu entry shows an application icon followed by the application’s name. Clicking on an app switcher menu entry navigates to the corresponding application address in a new browser tab.
- Shared usage (Nomad for web browsers)
  Nomad for web browsers administrators can force local user data to clear on shutdown. This option is only recommended when the usage pattern will be a new user each time Nomad is loaded or reloaded.
- Troubleshooting (Nomad for web browsers)
  This topic describles troubleshooting for administrators.

Configuring the directory server for Nomad server

Define how SafeLinx communicates with the Domino LDAP service.

About this task

Complete the following steps if you did not configure the Nomad server when running the initial SafeLinx configuration wizard.

Note: The name of the Nomad web proxy has changed to Nomad server.

Procedure

From the SafeLinx Administrator, in the Tasks tab, select Add Resource > Directory server:
Define server information:
- "Common name" defines the name of the SafeLinx Directory Server configuration that you are creating here. This is a free text field.
- "Host name" should be the FQDN of the Domino LDAP server you are connecting to. In this example, it is "dominoldap.example.com".
- "Base distinguished name (DN)" defines the base within the LDAP tree of the Domino server below which searches start.
Note: Make sure to specify a base DN where LDAP searches can find user AND server entries. For example, if you have users in "OU=USERS/O=DEMO" and servers in "OU=SERVERS/O-DEMO" that you have to specify "O=DEMO" as the base DN.
Configure LDAP bind user:
- Port number of service is 389 for plan ldap. Change if you want to use secure ldap or your LDAP servers listens on another port.
- Administrator's distinguished name (DN) is the DN of a user in the Domino Directory, that has read access to the directory via LDAP (eg. CN=Nomad Binduser,O=EXAMPLE).
- Password for above mentioned user
- Select Use secure connection and configure that section if you want to use ldaps. See Securing communications with an LDAP server in the HCL SafeLinx documentation for more details.
Note: For security reasons, configuring the SafeLinx LDAP service to bind anonymously to search the Domino LDAP directory is not recommended. However, should you need to bind anonymously for some reason, you must allow the LDAP service to access specific attributes.
OU verification: