Home
Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
SafeLinx as the Nomad server
An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
Configuring the Nomad server
Adjusting firewall rules for Nomad
If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.

Administering HCL Nomad
The following topics provide instructions on how to install, configure, and manage HCL Nomad.
- System architecture
  This topic describes the system architecture for HCL Nomad for web browsers, iOS, and Android.
- Nomad server on Domino
  The Nomad server on Domino services Nomad clients directly from your Domino server. It has been designed to simplify Nomad deployment.
- SafeLinx as the Nomad server
  An HCL SafeLinx 1.2 or later server configured as a HCL Nomad server is required to handle communications with Nomad clients.
  - Getting started with Nomad server wizard
  - Completing the prerequisites
    Before you begin configuring the HCL Nomad server, complete the following prerequisites:
  - Collecting required information
  - Installing and setting up SafeLinx
  - Configuring the Nomad server
    - Configuring the Nomad server when you configure SafeLinx
      Complete the following steps to configure the Nomad server while configuring SafeLinx.
    - Configuring the Nomad server when SafeLinx is already set up
      Complete the steps in the following topics to configure a Nomad server when SafeLinx is already set up.
    - Adjusting firewall rules for Nomad
      If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.
    - Nomad security best practices
      Following these security best practices is recommended.
  - Logging in to verify the configuration
  - Configuring SafeLinx to accept LTPA cookies from other servers
    If there are other servers in the Nomad server network configured for single sign-on, you can configure SafeLinx to accept LTPA cookies from those servers.
- HCL Nomad and panagenda MarvelClient
  The HCL Nomad management solution MarvelClient from panagenda is now provided with all installations of HCL Nomad on iOS, Android, and HCL Nomad for web browsers. panagenda MarvelClient allows administrators to manage HCL Nomad clients by defining their own settings.
- Managing HCL Nomad via an MDM provider (mobile)
  Starting with version 1.0.4 for HCL Nomad for iOS, and version 1.0.13 for HCL Nomad for Android, managed configuration via most common Mobile Device Management (MDM) providers is supported. All MDM providers are slightly different in how they implement managed configurations for applications.
- Configuring Nomad federated login
  When you configure Nomad federated login, HCL Nomad users are not prompted for their HCL Notes ID passwords when they set up Nomad. Instead, they are prompted only for credentials from a SAML identity provider (IdP).
- Setting notes.ini values
  This topic describes how to configure notes.ini settings.
- Configuring notes.ini customizations
  This topic describes notes.ini settings used to customize startup and runtime behavior.
- Configuring application switcher (Nomad for web browsers)
  Application (app) switcher is an optional, configurable dropdown menu displayed on the left of HCL Nomad for web browsers' navigation bar. Each app switcher menu entry shows an application icon followed by the application’s name. Clicking on an app switcher menu entry navigates to the corresponding application address in a new browser tab.
- Shared usage (Nomad for web browsers)
  Nomad for web browsers administrators can force local user data to clear on shutdown. This option is only recommended when the usage pattern will be a new user each time Nomad is loaded or reloaded.
- Troubleshooting (Nomad for web browsers)
  This topic describles troubleshooting for administrators.

Adjusting firewall rules for Nomad

If you deploy SafeLinx in a DMZ as is typical, you may need to modify internal and external firewall rules.

Procedure

Ensure your firewall configuration accounts for the following characteristics of the SafeLinx service:

The service defaults to using TLS 1.3 over the default port 443 (configurable). Mobile devices must be able to open TCP connections to this port.
Note: TLS 1.2 is also enabled.
The service talks to Domino servers on the back end using TCP port 1352
Authentication services communicate with the Domino LDAP service on port 389 or 636 (secure).
Remote database server connectivity requires RDBMS.