Home
Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
SafeLinx as the Nomad server
An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
Configuring the Nomad server
Nomad security best practices
Following these security best practices is recommended.

Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
- System architecture
  This topic describes the system architecture for HCL Nomad for web browsers, iOS, and Android.
- Nomad server on Domino
  The Nomad server on Domino services Nomad clients directly from your Domino server. It has been designed to simplify Nomad deployment.
- SafeLinx as the Nomad server
  An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
  - Getting started with Nomad server wizard
  - Completing the prerequisites
    Before you begin configuring the HCL Nomad server, complete the following prerequisites:
  - Collecting required information
  - Installing and setting up SafeLinx
  - Configuring the Nomad server
    - Configuring the Nomad server when you configure SafeLinx
      Complete the following steps to configure the Nomad server while configuring SafeLinx.
    - Configuring the Nomad server when SafeLinx is already set up
      Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
    - Adjusting firewall rules for Nomad
      If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.
    - Nomad security best practices
      Following these security best practices is recommended.
  - Logging in to verify the configuration
  - Configuring SafeLinx to accept LTPA cookies from other servers
    If there are other servers in the Nomad server network configured for single sign-on, you can configure SafeLinx to accept LTPA cookies from those servers.
- HCL Nomad and panagenda MarvelClient
  The HCL Nomad management solution MarvelClient from panagenda is now provided with all installations of HCL Nomad on iOS, Android, and HCL Nomad for web browsers. panagenda MarvelClient allows administrators to manage HCL Nomad clients by defining their own settings.
- Managing HCL Nomad via an MDM provider (mobile)
  Starting with version 1.0.4 for HCL Nomad for iOS, and version 1.0.13 for HCL Nomad for Android, managed configuration via most common Mobile Device Management (MDM) providers is supported. All MDM providers are slightly different in how they implement managed configurations for applications.
- Configuring Nomad federated login
  When you configure Nomad federated login, HCL Nomad users are not prompted for their HCL Notes ID passwords when they set up Nomad. Instead, they are prompted only for credentials from a SAML identity provider (IdP).
- Setting notes.ini values
  This topic describes how to configure notes.ini settings.
- Configuring notes.ini customizations
  This topic describes notes.ini settings used to customize startup and runtime behavior.
- Configuring application switcher (Nomad for web browsers)
  Application (app) switcher is an optional, configurable dropdown menu displayed on the left of HCL Nomad for web browsers' navigation bar. Each app switcher menu entry shows an application icon followed by the application’s name. Clicking on an app switcher menu entry navigates to the corresponding application address in a new browser tab.
- Shared usage (Nomad for web browsers)
  Nomad for web browsers administrators can force local user data to clear on shutdown. This option is only recommended when the usage pattern will be a new user each time Nomad is loaded or reloaded.
- Troubleshooting (Nomad for web browsers)
  This topic describles troubleshooting for administrators.

Nomad security best practices

Following these security best practices is recommended.

Nomad users should download, install, and initially configure the Nomad client from a trusted network.
Administrators should enable DNS Security Extensions (DNSSEC).
Administrators should enable DNS over TLS (DoT) or DNS over HTTPS (DoH).