Domino has several ways of sending data or documents between servers the most common ways are as you all know replication. In another environments you might want to use an webservice.
But in domino there is several more ways to send data between servers, yes you can create a webservice but that isn’t that advanced, yes you can create an Rest service lots of work with the over head. You can send an email with an embedded form in it, how should you secure that.
Then you could actually run code on another server in an agent using Java or Lotusscript. By adding the server in to an trusted server list, nice. With compression and encryption added this is quite interesting. But there is a big but, the servers communicating needs to be in the same nab otherwise the communication fails 🙁
You might say what about cross certification, well this only works for replication not server to server code execution. But wait there is a way and this is how you make this work even if the servers are in different nabs and different certificates and it’s quite simple.
- Cross certify the server you want to communicate with both ways
- Add Server 1 in Server 2:s trusted server list
- Create a Person document on server 1 with server 2:s public certificate
- Create a Person document on Server 2 with server 1:s public certificate
- Add the server to the ACL on server 2
Now communication works in both ways I guess that you can change the server person with a user or perhaps add a user in the same way and run as the user. But the big thing is that you need the server you are callings public cert in the callers nab. If not you will get this on the server console.
server error your public key was not found in the domino directory
This is a poor workaround, key can get outdated and they do not update automatically.
As you should anyway enforce key checking in each server’s security settings, exchanging the server documents accross the two domains is essential. My recommedation is to provide the required server and person documents in form of an extended directory catalog that each party creates and actively pushes the the opposite server. There you add it via directory assistance. That’s the proper way to handle it.
Seams like an good solution that probably would work also, thanks for sharing.