IBM Sametime  8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy
Upcoming SlideShare
Loading in...5
×
 

Like this? Share it with your network

Share

IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

on

  • 16,515 views

This document describes how to open your existing Sametime Chat environment for mobile devices like iPad, iPhone or Android smartphones and Tablets.

This document describes how to open your existing Sametime Chat environment for mobile devices like iPad, iPhone or Android smartphones and Tablets.

Statistics

Views

Total Views
16,515
Views on SlideShare
13,753
Embed Views
2,762

Actions

Likes
8
Downloads
1,029
Comments
1

39 Embeds 2,762

http://www-10.lotus.com 2140
http://www.msbiro.net 171
http://benudharsahoo.blogspot.com 171
http://benudharsahoo.blogspot.in 87
http://benudharsahoo.blogspot.de 37
http://haydecker.de 31
http://benudharsahoo.blogspot.fr 15
http://benudharsahoo.blogspot.co.uk 14
http://benudharsahoo.blogspot.ca 13
http://benudharsahoo.blogspot.com.au 11
http://benudharsahoo.blogspot.com.br 8
http://benudharsahoo.blogspot.sg 7
http://benudharsahoo.blogspot.ru 6
http://benudharsahoo.blogspot.ch 6
http://benudharsahoo.blogspot.be 5
http://planetlotus.org 4
http://benudharsahoo.blogspot.dk 3
http://www.pinterest.com 3
http://benudharsahoo.blogspot.co.at 3
http://192.168.33.10 2
http://translate.googleusercontent.com 2
http://benudharsahoo.blogspot.pt 2
http://benudharsahoo.blogspot.se 2
http://feeds.feedburner.com 2
http://webcache.googleusercontent.com 2
http://benudharsahoo.blogspot.nl 2
http://benudharsahoo.blogspot.com.es 1
http://www.docseek.net 1
http://benudharsahoo.blogspot.hk 1
http://benudharsahoo.blogspot.it 1
http://www.google.com 1
http://184.168.84.84 1
http://benudharsahoo.blogspot.ro 1
http://pinterest.com 1
http://benudharsahoo.blogspot.mx 1
http://benudharsahoo.blogspot.tw 1
http://benudharsahoo.blogspot.co.nz 1
http://m.planetsharepoint.org 1
http://benudharsahoo.blogspot.kr 1
More...

Accessibility

Categories

Upload Details

Uploaded via as Adobe PDF

Usage Rights

© All Rights Reserved

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Processing…
Post Comment
Edit your comment

IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy Presentation Transcript

  • 1. IBM Collaboration Solutions IBM Sametime 8.5.2 IFR1 Installation ”From Zero to Mobile” Make your boss happy Frank Altenburg | SME for Sametime IBM Collaboration Solutions Mail to:frank.altenburg@de.ibm.com Social Business Feb. 16. 2012 © 2009 IBM Corporation
  • 2. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 2 © 2010 IBM Corporation
  • 3. Introduction ● This document describes how to implement, in a very fast way, the infrastructure to access your IBM Sametime Community environment from mobile iOS and Android devices. ● It is designed for a Proof of Concept, Proof of Technology or a small test pilot deployment only. ● It does not contain information how to implement a high available infrastructure. ● You can start with this document just to "make your bosses happy". But to make the system available for a larger number of users, it is recommended to invite IBM Services to plan and implement a clustered Sametime Proxy infrastructure in your organization that is fully supported. ● If you already have a Sametime 8.5.x environment with the Sametime System Console in place, then it is recommended to use this SSC to implement your Sametime Proxy Server environment in your DMZ. ● The Author has tested this scenario with all Sametime releases down to version 7.5.1. But officially supported is IBM Sametime version 8.0.2 and newer only. ● You need Sametime Standard licenses for all mobile clients who want to access the system.Social Business 3 © 2010 IBM Corporation
  • 4. New Sametime Mobile Instant Messaging ● Instant Messaging Client for Android ● Released with Sametime 8.5.2 ● Runs on Android 2.0 and greater ● Available on the Google Market and downloadable from ST server ● Instant Messaging client for iOS ● Released with 8.5.2 IFR ● Runs on iOS 4.3 and greater on iPhone® and iPad® ● Available on the Apple App Store smSocial Business 4 © 2010 IBM Corporation
  • 5. Sametime Mobile Features ● Contact List ● Send photos ● QuickFind ● Text to speech notification and chats* ● Search corporate directory ● GPS-based location* ● Favorites ● Click to call using carrier ● Presence number or SUT ● Chat history ● Background message ● 1 to 1 and group chat notification ● Announcements ● Emoticons ● Business card ● Sametime Unified Telephony *currently Android onlySocial Business 5 © 2010 IBM Corporation
  • 6. Native presence and IM on Android phonesSocial Business 6 © 2010 IBM Corporation
  • 7. Native presence and IM on the iPhoneSocial Business 7 © 2010 IBM Corporation
  • 8. Native presence and IM on the iPadSocial Business 8 © 2010 IBM Corporation
  • 9. Support for Apple® Push NotificationSocial Business 9 © 2010 IBM Corporation
  • 10. Getting Sametime Mobile iOS clients ● iOS client is distributed through the Apple App Store and uses the standard iOS update mechanisms to maintain currency ● Client must be configured to point to the Sametime Proxy server ─ You can play with it on Greenhouse – Server: st85meetingsp.lotus.com – Port: 9444 – Secure Connection: On – Connection Type: Direct ConnectionSocial Business 10 © 2010 IBM Corporation
  • 11. Getting Sametime Mobile Android Client ● The Android client can be loaded from the Android Market, or from the Sametime proxy server ● If loaded from Market, the standard Market update mechanism is used ● To get from the Sametime proxy server, the loads it from the following web address from their device: <proxy server addr>:<proxy port>/stmobile/Sametime.html ● The automatic update feature from the proxy server (Lotus Mobile Installer, LMI) - Enter the ST proxy server address:port - Enter credentials - Select Next and it logs you into Sametime - As new Sametime client become available, you are notified via an Android notification. You can select it to installSocial Business 11 © 2010 IBM Corporation
  • 12. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 12 © 2010 IBM Corporation
  • 13. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) ServerPrerequisites ● IBM Sametime Community Server lowest release that works is 7.5.1. But supported is only 8.0.2 and newer releases. ● You need Hardware or a VM in the DMZ for the server ● You need Network and DNS configuration ● NAT between your DMZ and the internet works fine ● You need Port openings to/from Internet ● You need Port openings to/from Intranet ● You need to download the required installation files from Passport Advantage ● You need 2 special administrative user accounts ● (optional) You need a trusted certificate ● Native client on iOS or Android deviceSocial Business 13 © 2010 IBM Corporation
  • 14. IBM Sametime Community Server This deployment is tested by the author of this document with all IBM Sametime Community Servers releases starting Version 7.5.1. A Sametime Community Server 7.0 or below does not work and cant be used for this IBM Sametime Mobile Access Server deployment. Officially supported is only IBM Sametime release 8.0.2 or newer. All older Sametime releases are already out of support. It works if the IBM Sametime Community Server uses Domino Directory authentication or LDAP authentication connected to one of the supported LDAP Servers. No other requirements to the LDAP server is required. If you have several IBM Sametime Community Servers or IBM Sametime Community Clusters running in a Sametime community configuration, then this IBM Sametime Mobile Access Server needs to connect to all servers in your community.Social Business 14 © 2010 IBM Corporation
  • 15. Hardware required for this Pilot Example Deployment ● 1 Server for the IBM DB2 Server, IBM Sametime 8.5.2 IFR1 Proxy Server Quad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS 1 GBit Network Interface with 1 IP addresses an DNS Alias entry. ● Supported OS are: - Windows Server 2003 or 2008 - Linux Enterprise Server RHEL or SLES - AIX - Solaris - iSeries This document describes how to install the components on a Windows 2008 platform. With such a configuration you can host up to ● 3000 concurrent mobile devices * ● 3000 concurrent web client users * * Ask you IBM representative for more detailed sizing information in a defined environmentSocial Business 15 © 2010 IBM Corporation
  • 16. OS and Network requirements ● Make sure that all servers you want to use can be resolved in DNS. ● If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers. ● If you use Windows 2008 as Operating System, then you need to start all installations and configurations in „Administrative mode“. ● You need a Alias entry in your Intranet DNS server pointing to the IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name as in the internet. ● You need a Alias entry in the public Internet DNS pointing to the external IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name if possible as in the intranet. ● If on your external firewall NAT is in place (IP address translation) this works fine. But your Firewall team needs to forward incoming traffic on ports 80 and 443 to your DMZ Sametime Proxy (Mobile Access) Server address.Social Business 16 © 2010 IBM Corporation
  • 17. Ports to be opened in the firewalls ● From your IBM Sametime Proxy (Mobile Access) Server in the DMZ to all your IBM Sametime Community Servers in the intranet you need to open the IBM Sametime Community Server VP port 1516. ● From all clients in the intranet to the IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443. ● From all clients in the internet to the public IP address of your IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443. ● From your IBM Sametime Proxy (Mobile Access) Server to the apple notification services in the internet you need to open the ports 2195 and 2196 . This service is available on the DNS addresses “gateway.push.apple.com” and “feedback.push.apple.com”. Both addresses have an IP address pool. If you cant open to the DNS alias name then you need to find out what IP addresses are behind this load balanced pool.Social Business 17 © 2010 IBM Corporation
  • 18. Required files for a deployment on Windows For a Windows installation you need to download these files from Passport Advantage: CZYG1ML.zip IBM DB2 9.7 32Bit Limited Use for Sametime CZYE6ML.zip IBM Sametime 8.5.2 Proxy Server CI3YCML.zip IBM Sametime 8.5.2 IFR1 Proxy Server Create a directory, for example “C:Install”, on the servers where you want to install. Then unpack the downloaded files into this directory. Just unpack the files required for your deployment architecture on the particular server. If you want to connect your Sametime Proxy Server to a Community using Domino Directory authentication and you have Web only users, then you need to install a small Proxy Server update. For a small pilot or POC / POT environment you can download the updated application from the IBM page here: Link to the EAR File If the link does not work use this: https://www-304.ibm.com/files/form/anonymous/api/library/e0a58c07-3700-4d59-a4e4- c2ba50b5535a/document/014a464b-a345-453e-a0af- e1421d01be2f/media/SametimeProxy WebSphere Application 8.5.2 IFR1 with Hotfix.ear If you want to use this server in a production environment and need this update, then it is required to open a PMR in IBM Support to request the latest cumulative hotfix for the IBM Sametime 8.5.2 IFR1 Proxy Server.Social Business 18 © 2010 IBM Corporation
  • 19. Required technical users for IBM Sametime 8.5.2 IBM Sametime requires some technical users for components to communicate in an authenticated mode. All of this users should be configured so that the password never expires and never needs to be changed. db2admin This user is created during installation of the DB2 server in the Operating System. Do not create this user in advance. It is the user for all IBM Sametime related components using DB2 to access their databases. Be sure to match the password policy requirements of the OS. wasadmin This is the user to access the IBM WebSphere components and to administer the system. This user must not exist in your LDAP directory. It is created during WebSphere installation in a local file repository. You can use the same user name and password for all components (makes it easier) or different names and passwords. But again, it does not work when this user exists in the LDAP.Social Business 19 © 2010 IBM Corporation
  • 20. Native client on iOS or Android device ● Getting the mobile Clients ● iOS on App Store ● Android now in Android Market®, also as part of server installation for downloadSocial Business 20 © 2010 IBM Corporation
  • 21. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 21 © 2010 IBM Corporation
  • 22. Different ways to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment It is possible to place all the new components into the Intranet and use a Reverse Proxy in the DMZ to access the system from the mobile devices through the Internet. This requires less ports to be opened in the firewalls. But 2 connections from the server in the Intranet through your DMZ to the APNS system in the Internet. This is mostly a security issue and not allowed. The Database to cache the chat messages sent to iOS devices can be implemented in the Intranet. But then a box (Hardware or virtual machine) is required for this server and the small database who only caches text messages. And the DB2 port needs to be opened from the IBM Sametime Proxy server in the DMZ to this DB2 Server in the Intranet. Because the use of the DB2 database is small and it does not store any really important information, this database can be implemented easily on the same machine as the IBM Sametime Proxy Server. A Backup of the system is required only once when the server is installed and all features are working fine. There is no changing data that needs to be backed up regularly. Only if you do any modification in the configuration a new full backup is recommended.Social Business 22 © 2010 IBM Corporation
  • 23. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Serverour pilot deployment architecture recommendation Apple Notification Server Intranet DMZ (APNS) gateway.push.apple.com feedback.push.apple.com Inbound Ports 80 443 Outbound Port Sametime Ports 1516 Proxy Server 2195 2196 Sametime Community Server Internet DB2 9.5 ServerSocial Business 23 © 2010 IBM Corporation
  • 24. For the APNS to work there are some requirements: ● The IBM Sametime Proxy Server must be able to connect to the APNS Servers “gateway.push.apple.com” on port 2195, and “feedback.push.apple.com” on Port 2196. ● You should open this ports in your firewalls and test with telnet that you can reach the servers. ● The device must be able to reach the IBM Sametime Proxy Server with http or https protocol. You can use a reverse proxy in your DMZ. NAT is no problem. ● The APNS service must be able to send a notification to your device. ● If your device is connected to your intranet using Wireless LAN, it mostly can not be notified from the apple systems. Talk to your firewall Admins to open the notification service for your Wifi LAN.Social Business 24 © 2010 IBM Corporation
  • 25. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 25 © 2010 IBM Corporation
  • 26. The 10 steps to a Sametime 8.5.2 IFR1 Proxy environment 1.Prepare your machine and the network 2.Configure the community server(s) to trust the Mobile Access Server 3.Install the Sametime Proxy Server 8.5.2 without SSC as a Cell profile 4.Update the Sametime Proxy Server to IFR1 5.Post Install Tasks 6.Install the DB2 database server 7.Create the Proxy Server DB2 Database 8.Configure the Proxy Server to use the DB2 Database 9.Configure the Apple Notification System 10.Configure SSL in the Proxy Server and deploy the certificateSocial Business 26 © 2010 IBM Corporation
  • 27. STEP ONE: Prepare your machine and the network Summary Before you can install your IBM Sametime Proxy (Mobile Access) Server environment, some things needs to be checked and prepared.Social Business 27 © 2010 IBM Corporation
  • 28. The machine on that you run the IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server and the DB2 Database Server can be a virtual machine or a hardware box. Both works. It is possible to use Linux as OS, but this document describes how to install on Windows. If you use Linux you can use most parts of this document and the most installation instructions and screen shots are identically. Mostly the paths are different. In Linux it is recommended to have the graphical system installed for this installation and then use a x-server on our client. This instruction works with Windows Server 2008, and Windows Server 2003. You can use the 32Bit or 64Bit version. And you can use the R2 Version of any of the supported OS. Be sure that your Firewall Admin has opened all ports in the firewalls. Test all connections using the telnet command in a CMD line window. Be sure your used host names or DNS alias is listed in the DNS and can be used and resolved in the internet and in your intranet.Social Business 28 © 2010 IBM Corporation
  • 29. More information can be found in the official IBM Sametime Documentation at this URL: http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp? lookupName=Product Documentation The IBM Sametime 8.5.2 Installation – From Zero To Hero documentations can be found here: https://www-304.ibm.com/connections/blogs/sametimeguru/? lang=en_usSocial Business 29 © 2010 IBM Corporation
  • 30. STEP TWO: Configure the IBM Sametime Community server(s) to trust the IBM Sametime Proxy (Mobile Access) Server Summary This step adds the IP address of your IBM Sametime Mobile Access Server to the “Trusted IPS” list in your Sametime Community Server.Social Business 30 © 2010 IBM Corporation
  • 31. There are several ways to configure your Sametime Community Servers to trust other servers. The most used way in a Sametime 8.5 environment is to use the Sametime System Console – Sametime Servers – Sametime Community Servers. There in the configuration page of your Community Servers on the bottom you can add the trusted IP addresses and save the changes. An other way is to edit the Sametime Configuration file “SAMETIME.INI” located in the Domino Program directory. There in the [Configuration] section just add the parameter “VPS_TRUSTED_IPS=ww.xx.yy.zz” where ww.xx.yy.zz is your IP address of the Sametime Proxy Server box. The next way is to use the Lotus Notes client and access the Community Connectivity document in your Sametime Configuration database and add the IP address what the server must trust, there. This method is explained in the next slides.Social Business 31 © 2010 IBM Corporation
  • 32. Start your Lotus Notes client with that you can access and administer your Sametime Community servers. Then open the “Sametime Configuration” database “STConfig.nsf” on the Sametime Community Server.Social Business 32 © 2010 IBM Corporation
  • 33. Open the “CommunityConnectivity” document.Social Business 33 © 2010 IBM Corporation
  • 34. Add the IP address of your new IBM Sametime Proxy (Mobile Access) Server in the “Community Trusted IPS” field. Then save and close the document and the database.Social Business 34 © 2010 IBM Corporation
  • 35. Now restart the Sametime Community Server by entering the command „restart server“ in the Domino Console window. Never use this command in a production Sametime server because it can happen that not all Sametime tasks are stopped before the domino server restarts. This can cause massive problems for starting the Sametime Services. Stop your Domino Server using the “Quit” command or by stopping the “Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager. Then restart the Domino Server again. It takes up to 5 Minutes until the Sametime Community Server is completely restarted and all 41 Sametime tasks are again active.Social Business 35 © 2010 IBM Corporation
  • 36. STEP THREE: Install the Sametime Proxy Server 8.5.2 without SSC as a Cell profile Summary This step installs the IBM Sametime Proxy Server 8.5.2.Social Business 36 © 2010 IBM Corporation
  • 37. Navigate to the Installation Directory and start the launchpad installer. We use a Windows CMD command window and enter the commands: „cd InstallSametimeProxyServer“ and just „launchpad“Social Business 37 © 2010 IBM Corporation
  • 38. The Sametime Proxy Launchpad Installer is loading. Click the link „Install IBM Lotus Sametime Proxy Server“Social Business 38 © 2010 IBM Corporation
  • 39. Now click the link „Launch IBM Lotus Sametime proxy Server 8.5.2 Installation“Social Business 39 © 2010 IBM Corporation
  • 40. The Installation Manager is starting upSocial Business 40 © 2010 IBM Corporation
  • 41. Click the “Next” button to continue.Social Business 41 © 2010 IBM Corporation
  • 42. Accept the terms in the license agreement and click the “Next” button to continueSocial Business 42 © 2010 IBM Corporation
  • 43. Remove “Program Files” and click the “Next” button to continue We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 43 © 2010 IBM Corporation
  • 44. Click the “Install” button to install the Installation Manager.Social Business 44 © 2010 IBM Corporation
  • 45. The installation Manager is now installingSocial Business 45 © 2010 IBM Corporation
  • 46. If you are using Windows 2003 R2 or Windows 2008 R2, it can be possible that you run into a JAVA heap memory overflow during the next installation step. To prevent this issue change a parameter in The “IBMIM.INI” configuration file of the Sametime Install Manager. See the next 2 slides how to do this.Social Business 46 © 2010 IBM Corporation
  • 47. Open your File Explorer and navigate to your Install Managers eclipse directory “C:IBMInstall Managereclipse”. Then open the configuration file “IBMIM.ini” in notepad.Social Business 47 © 2010 IBM Corporation
  • 48. Add he parameter “-Xmx1024m” at the end. Then save and close the file. This parameter is case sensitive. Click “File” and “Save” to save the changes. Then click “File” and “Exit” to close the editor.Social Business 48 © 2010 IBM Corporation
  • 49. Now you can click the „Restart Installation Manager“ button to continue.Social Business 49 © 2010 IBM Corporation
  • 50. The IBM Installation Manager is loading.Social Business 50 © 2010 IBM Corporation
  • 51. To Install the Sametime Proxy Server click the „Install“ icon.Social Business 51 © 2010 IBM Corporation
  • 52. Check the „IBM Sametime Proxy server“ and „Version 8.5.2“ entries. They are unchecked by default. Then click the „Next“ button.Social Business 52 © 2010 IBM Corporation
  • 53. Accept the terms in the license agreement and click the „Next“ button.Social Business 53 © 2010 IBM Corporation
  • 54. Remove “Program Files” and click the “Next” button to continue. We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 54 © 2010 IBM Corporation
  • 55. Enter the correct path (remove „Program Files“ and click the „Next“ button to continue. The Package group is the installation destination for the IBM Lotus WebSphere base files. The first installation requires the creation of a new package group. If you install more WebSphere based applications on the same hardware (like the Sametime Proxy Server and the Sametime Meeting Server) they can use the existing package group. Then you cannot change the installation path.Social Business 55 © 2010 IBM Corporation
  • 56. We do not want to use a predefined Deployment Plan from the Sametime System console. Uncheck the “Use Lotus Sametime System Console to Install” option and click the „Next“ button to continue.Social Business 56 © 2010 IBM Corporation
  • 57. With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing WebSphere 7.0.0.15 Server. We dont want to do this in this pilot deployment. Just click “Next” to continue.Social Business 57 © 2010 IBM Corporation
  • 58. Leave the default setting “Standalone (Deployment Manager and Primary Node)”. Fill the full qualified Host Name and add a password for your wasadmin user twice. Then click the “Next” button.Social Business 58 © 2010 IBM Corporation
  • 59. Enter the host name of your IBM Sametime Community Server. Then click the “Validate” button.Social Business 59 © 2010 IBM Corporation
  • 60. When the connection was successfully tested the text in the button changes to “Validated”. Then click the “Next” button to continue.,Social Business 60 © 2010 IBM Corporation
  • 61. Check your settings again and then click the „Next“ button to continue.Social Business 61 © 2010 IBM Corporation
  • 62. Start the installation by clicking the „Install“ button.Social Business 62 © 2010 IBM Corporation
  • 63. The Sametime Proxy Server is now installing. This step takes approximately 30 to 45 minutes because you are installing the first WebSphere instance on a Server.Social Business 63 © 2010 IBM Corporation
  • 64. Important to know... The Sametime Proxy Server: ● does not need a LDAP connection ● is just a Web Interface for browser access to the Sametime Community Services ● is a Web based Sametime Connect Client ● supplies the new Web API for Web based application integration ● can be implemented with or without the SSC ● can be connected to existing older Sametime Servers ● can be connected to a community cluster You can have one or more Proxies in your organization You can implement one or more Proxies and cluster them ● using the WebSphere Cluster Method (Network Deployment) ● individual Proxies with a Load Balancer or RRDNS in front of them By default the Sametime Proxy Server installs to use Port 9080 and 9443 (SSL). If you want to use Port 80 and 443 you need to enter the Sametime Proxy ISC on Port 8600 and change the port settings in the Application Server. Detailed instructions can be found later in this documentation.Social Business 64 © 2010 IBM Corporation
  • 65. When the Sametime Proxy Server has installed successfully just click the „Finish“ button. Then exit the Installation Manager and the Launchpad.Social Business 65 © 2010 IBM Corporation
  • 66. STEP FOUR: Update the Sametime Proxy Server to IFR1 Summary Use this procedure to apply the Interim Feature Release to the IBM Sametime 8.5.2 Proxy Server.Social Business 66 © 2010 IBM Corporation
  • 67. The installation in the previous step started all the components of the IBM Sametime Proxy server. For the upgrade to IFR1 it is required to stop all of this tasks first. But because they are started before the Services are created, the services do not reflect the running tasks.Social Business 67 © 2010 IBM Corporation
  • 68. Open a CMD line Window and navigate to the directory: “cd IBMWebSphereAppServerprofilesSTPAppProfilebin”. Then enter the command: “stopServer STProxyServer -username wasadmin -password passw0rd”.Social Business 68 © 2010 IBM Corporation
  • 69. When the Sametime Proxy Server has stopped stop the nodeagent next with the command “stopServer nodeagent”.Social Business 69 © 2010 IBM Corporation
  • 70. Now change to the DMGR profile with the command “cd ....STPDMgrProfilebin”. Then enter the command “stopServer dmgr -username wasadmin -password passw0rd”.Social Business 70 © 2010 IBM Corporation
  • 71. Open a new CMD Line window in Admin mode. Then enter the command “cd InstallIBM Sametime Proxy Server” and press the “Enter” key. If you have unpacked the zip file to a different directory, then navigate to your directory where you can find the update.bat file.Social Business 71 © 2010 IBM Corporation
  • 72. Enter the command “update.bat” and press the “Enter” key.Social Business 72 © 2010 IBM Corporation
  • 73. The IBM Installation Manager is starting up.Social Business 73 © 2010 IBM Corporation
  • 74. Now click the “Update” button to continue.Social Business 74 © 2010 IBM Corporation
  • 75. Select the Product you want to upgrade. Here we select “IBM Sametime Server Platform”. Then click the “Next” button to continueSocial Business 75 © 2010 IBM Corporation
  • 76. Click the “Next” button to continueSocial Business 76 © 2010 IBM Corporation
  • 77. We are sure that all WebSphere Servers are shut down. Just click the “Next” button to continue.Social Business 77 © 2010 IBM Corporation
  • 78. Click the “Update” button to install the IBM Sametime Proxy Server IFR1.Social Business 78 © 2010 IBM Corporation
  • 79. The IBM Sametime Proxy Server IFR1 Update is now installing. This step takes approximately 20 to 25 minutes.Social Business 79 © 2010 IBM Corporation
  • 80. Important to know... A new main feature in Sametime 8.5.2 IFR1 Proxy Server is the Apple iOS integration using an App that can be installed for free from the Apple App store. This app then connects to your Sametime proxy Server through the Internet. That this can work, your Sametime Proxy Server must be accessible from the Internet. This means you need to set it up in your DMZ or configure a reverse proxy in your DMZ and forward the traffic to your Sametime Proxy in the intranet. But the recommended way is to implement your Sametime Proxy Server in your DMZ. Another recommendation is that your Sametime proxy Server can communicate with the Apple notification service. For this to work you need to open 2 ports in your firewall to this servers in the internet. These ports are 2195 to the Apple notification server and port 2196 to the Apple feedback server.Social Business 80 © 2010 IBM Corporation
  • 81. When the installation has finished successfully, click the „Finish“ button to close the Installer.Social Business 81 © 2010 IBM Corporation
  • 82. Click “File” and then “Exit” to quit the Installation Manager.Social Business 82 © 2010 IBM Corporation
  • 83. STEP FIVE: Post Install Tasks for the IBM Sametime Proxy Server Summary This procedure is only required if you run into the Warning message after the installation as described in the step before.Social Business 83 © 2010 IBM Corporation
  • 84. Open your preferred browser and enter the URL “http://webchat.renovations.com:8600/admin”. Login to the WebSphere Integrated Solutions Console of your Sametime Proxy Server using the wasadmin username and its password.Social Business 84 © 2010 IBM Corporation
  • 85. Click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business 85 © 2010 IBM Corporation
  • 86. Click your “STProxyServer” now.Social Business 86 © 2010 IBM Corporation
  • 87. Click the “Ports” link.Social Business 87 © 2010 IBM Corporation
  • 88. Click the “WC_defaulthost” link.Social Business 88 © 2010 IBM Corporation
  • 89. Change the port to “80” and click the “OK” button.Social Business 89 © 2010 IBM Corporation
  • 90. Now click the “WC_defaulthost_secure” linkSocial Business 90 © 2010 IBM Corporation
  • 91. Change the port to “443” and click the “OK” button.Social Business 91 © 2010 IBM Corporation
  • 92. Click the “Save” link to save your last changes.Social Business 92 © 2010 IBM Corporation
  • 93. You have now successfully changed the your Sametime Proxy Server to listen on Ports 80 and 443.Social Business 93 © 2010 IBM Corporation
  • 94. The next configuration step is only required if your Sametime Community servers use Domino Directory authentication and if you have created WEB users with flat user names in the FullName field. If you have this kind of user records then the update of the SametimeProxy application is required. See page 19 how to get this update. In a small Pilot, POC or POT environment you can update the SametimeProxy application using the steps described in the next slides. If you use this Sametime Proxy Server in your production environment and have requested the latest hotfix from IBM Support, then you need to update the complete server in the same way as described in the “STEP FOUR: Update the Sametime Proxy Server to IFR1” on page 65 in this document.Social Business 94 © 2010 IBM Corporation
  • 95. Now click on “Applications” - “Application Types” - “WebSphere enterprise applications”.Social Business 95 © 2010 IBM Corporation
  • 96. Select your “SametimeProxy” application and click the “Update” button.Social Business 96 © 2010 IBM Corporation
  • 97. If you have copied the SametimeProxy.ear file (downloaded from the Web Site) to your Proxy Server, then click “Remote file system” and then the “Browse” button.Social Business 97 © 2010 IBM Corporation
  • 98. Navigate to the directory to where you have copied the file and select it. Then click the “OK” button.Social Business 98 © 2010 IBM Corporation
  • 99. Click the “Next” button to continue.Social Business 99 © 2010 IBM Corporation
  • 100. Click the “Next” button to continue.Social Business 100 © 2010 IBM Corporation
  • 101. Click the “Next” button to continue.Social Business 101 © 2010 IBM Corporation
  • 102. Click the “Next” button to continue.Social Business 102 © 2010 IBM Corporation
  • 103. Click the “Finish” button to continue.Social Business 103 © 2010 IBM Corporation
  • 104. Click the “Save” link to save your last changes.Social Business 104 © 2010 IBM Corporation
  • 105. To check that your application is updated, click the “SametimeProxy” application.Social Business 105 © 2010 IBM Corporation
  • 106. Click on “Application binaries” now.Social Business 106 © 2010 IBM Corporation
  • 107. You can see the application version 8.5.2.1 from 31. Jan. 2012, 13:50Social Business 107 © 2010 IBM Corporation
  • 108. STEP SIX: Install the DB2 database server Summary This step installs the IBM DB2 9.7 Server. We like to use a CMD command line window to enter some of the commands and start the installers. For that we have created a short cut in our fast start section. You can use the Windows Explorer as well to navigate to the destination directory and double click the installation file (launchpad.exe)Social Business 108 © 2010 IBM Corporation
  • 109. Enter the command “cd InstallSametimeDB2” and press the “Enter” key. Enter the command “Launchpad” and press the “Enter” key. Do not copy and paste any commands from this document into your CMD line. This does not work because this would copy some special characters.Social Business 109 © 2010 IBM Corporation
  • 110. Just click the “Install IBM DB2” link.Social Business 110 © 2010 IBM Corporation
  • 111. And again click the “Install IBM DB2” link.Social Business 111 © 2010 IBM Corporation
  • 112. The Installation Manager is starting upSocial Business 112 © 2010 IBM Corporation
  • 113. Now click the „Install“ icon to continue.Social Business 113 © 2010 IBM Corporation
  • 114. Select „DB2 – Version 9.7.0.0“ and click the „Next“ button to continue.Social Business 114 © 2010 IBM Corporation
  • 115. Accept the terms in the license agreement and click the “Next” button to continue.Social Business 115 © 2010 IBM Corporation
  • 116. Again remove “Program Files” and click the “Next” button to continue. We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 116 © 2010 IBM Corporation
  • 117. Click the “Next” button to continue.Social Business 117 © 2010 IBM Corporation
  • 118. Enter the DB2 Administrator Username (we use the default “db2admin”) and enter the DB2 Administrator Password twice. Then click the “Next” button to continue If you use Windows 2008, be sure to enter a password that meets the password policy. The DB2 Admin User password should not be longer then 8 characters. Change the local security policy to allow passwords with 8 characters length. This db2admin user will be created as a local user or as a Active Directory User. This can not be done if the user already exists. Same with the 2 groups that the DB2 Installer adds.Social Business 118 © 2010 IBM Corporation
  • 119. Click the “Install” button to install the DB2 ServerSocial Business 119 © 2010 IBM Corporation
  • 120. The Installation Manager installs the IBM DB2 Server now. This step takes approximately 10 to 15 minutes.Social Business 120 © 2010 IBM Corporation
  • 121. Important to know... Your DB2 Database Server is a sensitive component in your Sametime Environment. It stores all the predefined configuration data and holds the information how to communicate with your servers for administration and maintenance. We highly recommend to make regularly a backup of your DB2 database using a DB2 aware backup software, or export data and backup the exported data. It is possible to implement your DB2 Server for high availability and load balancing using DB2 methods. For more information check into the DB2 InfoCenter, or download and read the RedBook „High Availability and Disaster Recovery Options for DB2 on Linux, UNIX, and Windows“ The steps to create a DB2 database need the database name as a command line parameter. We would recommend using a CMD command line window to enter this commands.Social Business 121 © 2010 IBM Corporation
  • 122. When the installation has finished successfully, click the „Finish“ button and then close the Installation Manager and the Launchpad.Social Business 122 © 2010 IBM Corporation
  • 123. Before we can continue with the next step, you need to restart the CMD-Line window under Windows 2003. Under Windows 2008 it is required to log out and re login with your db2admin user.Social Business 123 © 2010 IBM Corporation
  • 124. STEP SEVEN: Create the DB2 Database for the Sametime Proxy Server Summary This step is to create and configure the DB2 Database for the Sametime Proxy Server. This database is required to cache the Sametime messages sent to iOS mobile devices.Social Business 124 © 2010 IBM Corporation
  • 125. Next is to create the database in the DB2 Server. If your DB2 Server is on a separate machine or on another machine, then you need to copy the database creation script files to this server first. Copy the files “createProxyDb.bat” and “proxyServer.ddl” to a directory on your DB2 Server. Open a CMD window and navigate to this directory. In this Zero to Hero example we use just “C:InstallIBM Sametime Proxy ServerDatabaseScripts”.Social Business 125 © 2010 IBM Corporation
  • 126. Run the database creation script with the command: “createProxyDb.bat STPR db2admin”. The term “STPR” is the name of the database and “db2admin” is the DB2 Database Server Administrator.Social Business 126 © 2010 IBM Corporation
  • 127. Be sure that you see the “...command completed successfully” message after all commands.Social Business 127 © 2010 IBM Corporation
  • 128. STEP EIGHT: Configure the Proxy Server to use the DB2 Database Summary In this step you manualy register the Sametime Meeting Server upgrade with the Sametime System Console if you are running into the warning message during the installation. Then you need to fix the virtual_hosts configuration.Social Business 128 © 2010 IBM Corporation
  • 129. Open a File explorer and navigate to “C:InstallIBM Sametime Proxy ServerDatabaseScripts”. If you have unpacked the install zip file to a different directory then use this one.Social Business 129 © 2010 IBM Corporation
  • 130. Open a second explorer window and navigate to the directory “C:IBMWebSphereSTPServerCell”. Then copy the file “proxyDBSetup.py” from the install directory to this directory.Social Business 130 © 2010 IBM Corporation
  • 131. Next is to navigate to the directory “C:IBMWebSphereSTPServerCellSametimeProxyServerOfferingSametimeServe rSTProxyproxy”. In this directory open the file “proxy.properties” with Notepad or Wordpad or with your favorite text editor.Social Business 131 © 2010 IBM Corporation
  • 132. Edit the following values: * proxy.DbAppUser (db2admin) * proxy.DbAppUserPassword (db2admin password) * proxy.DataBaseServerName (host name of the DB2 server) * proxy.DataBaseServerPort (default port for DB2) * proxy.DbName (database name created earlier) Then save and close the file.Social Business 132 © 2010 IBM Corporation
  • 133. Now it is required to configure the DB2 Database who caches messages to the iOS devices in the Sametime Proxy Server. For this a long command in a CMD line window is required. Several paths are required. To get and paste this path into a CMD-Line window it is easy to use the Windows Explorer. First navigate to the directory “C:IBMWebSphereAppServerprofilesSTPAppProfilebin”. But do not mark the full path. Mark only the part starting from “AppServer...”. Then press the Ctrl-C to copy this path to the dashboard.Social Business 133 © 2010 IBM Corporation
  • 134. Open a CMD-Line window and navigate to the directory “C:IBMWebSphereSTPServerCell”.Social Business 134 © 2010 IBM Corporation
  • 135. Now start entering the command. Begin just with “..”. Next is to paste the part from the dashboard.Social Business 135 © 2010 IBM Corporation
  • 136. Continue with “wsadmin.bat -lang jython -user wasadmin -password passw0rd -f “” Dont forget the “ at the end because the next part is a path that needs to be in doublequotes.Social Business 136 © 2010 IBM Corporation
  • 137. Now we need the path to the file proxyDBSetup.py including the filename.Social Business 137 © 2010 IBM Corporation
  • 138. Copy and paste the path from the explorer window, add the backslash and then copy and paste the filename from the explorer window. Add a doublequote sign at the end.Social Business 138 © 2010 IBM Corporation
  • 139. Now we need the path and filename of the “proxy.properties” file that we have edited just before.Social Business 139 © 2010 IBM Corporation
  • 140. Start with blank and double quotes then paste the path. Then add the backslash and then paste the filename. Add a double quote at the end. Now the command is completed and you can confirm with the “ENTER” key.Social Business 140 © 2010 IBM Corporation
  • 141. The script is now running.Social Business 141 © 2010 IBM Corporation
  • 142. The script has finished. After the database configuration the IBM Sametime Proxy Server needs to be restarted for the configuration changes are in effect.Social Business 142 © 2010 IBM Corporation
  • 143. Open your browser and navigate to your SSC – ISC. Login with your wasadmin user and then navigate to “Resources” - “JDBC” - “JDBC providers”. Here you should see the newly created JDBC Provider configuration for your Proxy Server.Social Business 143 © 2010 IBM Corporation
  • 144. Now click on “Resources” - “JDBC” - “Data sources”. Here you should see your newly created Data Source configuration.Social Business 144 © 2010 IBM Corporation
  • 145. Check mark the “STProxyDataSource” and click the “Test connection” button.Social Business 145 © 2010 IBM Corporation
  • 146. Be sure that the result says “successful”. The warning message can be ignored.Social Business 146 © 2010 IBM Corporation
  • 147. STEP NINE: Apple Notification to iOS devices Summary Use this procedure to apply the Interim Feature Release to IBM Sametime® Proxy Server, Sametime Media Manager, Sametime Meeting Server, and Sametime Advanced. Procedures for Sametime System Console, Sametime Community Server, and Sametime Gateway are explained in other topics.Social Business 147 © 2010 IBM Corporation
  • 148. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 148 © 2010 IBM Corporation
  • 149. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSametime registers with APNS, getsassigned a device token Social Business 149 © 2010 IBM Corporation
  • 150. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime logs in, sending device tokenSocial Business 150 © 2010 IBM Corporation
  • 151. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime sends pause command before going to backgroundSocial Business 151 © 2010 IBM Corporation
  • 152. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Another user sends message to mobile user Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 152 © 2010 IBM Corporation
  • 153. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications Proxy sees mobile user is Paused. Stores in database. VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 153 © 2010 IBM Corporation
  • 154. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Proxy sends device token to APNS, Requests a push notification be Push sent to device Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 154 © 2010 IBM Corporation
  • 155. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNSAPNS sends Pushpush Noficationsnotificationto device VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Social Business 155 © 2010 IBM Corporation
  • 156. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device When user selects view: Sametime reconnects to server and sends command to retrieve messages.Social Business 156 © 2010 IBM Corporation
  • 157. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime proxy sends queued message(s) to device from databaseSocial Business 157 © 2010 IBM Corporation
  • 158. The IBM Sametime 8.5.2 IFR1 Proxy update installer copies a certificate to the server that is required to communicate with the Apple Notification Servers with SSL encryption. This certificate has to be copied to the WebSphere Application Server directories now. Find the certificate file “apns-prod.pkcs12” in the directory “C:IBMWebSphereAppServerprofilesSTPSNAppProfileconfigcellsnodeswebch atProxyNode”.Social Business 158 © 2010 IBM Corporation
  • 159. Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell” .Social Business 159 © 2010 IBM Corporation
  • 160. Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell nodeswebchatproxyNode”.Social Business 160 © 2010 IBM Corporation
  • 161. To synchronize the last changes, go into your WebSphere Integrated Solutions (Admin) Console and click on “System administration” - “Nodes”.Social Business 161 © 2010 IBM Corporation
  • 162. Select your “webchatProxyNode” server and click the “Full Resynchronize” button.Social Business 162 © 2010 IBM Corporation
  • 163. The new APNS certificate files are now synchronized to your application server.Social Business 163 © 2010 IBM Corporation
  • 164. STEP TEN: Configure SSL in the Proxy Server and deploy the certificate Summary For iOS devices to connect to the Sametime Proxy Server without any additional security settings, a trusted SSL certificate needs to be installed.Social Business 164 © 2010 IBM Corporation
  • 165. In your WebSphere Integrated Solutions Console click on “Security” - “SSL certificate and key management”.Social Business 165 © 2010 IBM Corporation
  • 166. Click on “Key stores and certificates”.Social Business 166 © 2010 IBM Corporation
  • 167. Now click on “CellDefaultKeyStore”.Social Business 167 © 2010 IBM Corporation
  • 168. And now click on “Personal certificate requests”.Social Business 168 © 2010 IBM Corporation
  • 169. Now click the “New” button to create a new certificate request.Social Business 169 © 2010 IBM Corporation
  • 170. Fill the form with your data: File for certificate request: “c:tempcert_req.cer” Key label: “SSL_Cert” Common name: (your server host name alias) “webchat.renovations.com” Organization: Your organization or company Locality: Your city or locality State or province: Your province Zip Code: Your ZIP code. Country or region: Select your country Then click the “OK” button.Social Business 170 © 2010 IBM Corporation
  • 171. Click on “Save” to save your last changes.Social Business 171 © 2010 IBM Corporation
  • 172. Now copy the certificate request file that you have created into your local workstation. Then request a trusted server certificate from your favorite trust center by sending the content of the file (or the complete file).Social Business 172 © 2010 IBM Corporation
  • 173. You will receive the certificate from your trust center by e-mail or as a file attachment. Copy the certificate text starting with “-----BEGIN CERTIFICATE-----” and ending with “----- END CERTIFICATE-----” without any trailing or ending characters into a file. Copy this file to your Sametime Proxy Server to the “C:temp” directory. Download the Root and intermediate certificates from your trust center web site and copy this files as well to your “C:temp” directorySocial Business 173 © 2010 IBM Corporation
  • 174. Now click on “Personal certificates”.Social Business 174 © 2010 IBM Corporation
  • 175. Click the button “Receive from a certificate authority...”.Social Business 175 © 2010 IBM Corporation
  • 176. In the field “Certificate file name” enter the path and filename to your received server certificate “c:tempserver_cert.cer”. Then click the “OK” button.Social Business 176 © 2010 IBM Corporation
  • 177. Click the “Save” link to save your last changes.Social Business 177 © 2010 IBM Corporation
  • 178. Your new server certificate is now imported successfully.Social Business 178 © 2010 IBM Corporation
  • 179. Next is to import the root and intermediate certificates. Click the “Key stores and certificates” link.Social Business 179 © 2010 IBM Corporation
  • 180. Click on “CellDefaultTrustStore”.Social Business 180 © 2010 IBM Corporation
  • 181. Click “Signer certificates”.Social Business 181 © 2010 IBM Corporation
  • 182. Click the “Add” button.Social Business 182 © 2010 IBM Corporation
  • 183. Enter an Alias for the root certificate “verisign_root” and enter the path and file name to the root certificate file. Then click the “OK” button.Social Business 183 © 2010 IBM Corporation
  • 184. Click “Save” to save your last changes.Social Business 184 © 2010 IBM Corporation
  • 185. Now you have successfully added the root certificate. Do the same steps with the Intermediate certificate.Social Business 185 © 2010 IBM Corporation
  • 186. Click the “Add” button.Social Business 186 © 2010 IBM Corporation
  • 187. Enter an Alias for the root certificate “verisign_intermediate” and enter the path and file name to the intermediate certificate file. Then click the “OK” button.Social Business 187 © 2010 IBM Corporation
  • 188. Click “Save” to save your last changes.Social Business 188 © 2010 IBM Corporation
  • 189. Now you have successfully added the intermediate certificate.Social Business 189 © 2010 IBM Corporation
  • 190. Click on “Security” - “SSL certificates and key management” and then on “Manage endpoint security configuration”.Social Business 190 © 2010 IBM Corporation
  • 191. In the “Inbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” - “Servers”. Then click on “STProxyServer”.Social Business 191 © 2010 IBM Corporation
  • 192. Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button.Social Business 192 © 2010 IBM Corporation
  • 193. In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.Social Business 193 © 2010 IBM Corporation
  • 194. In the “Outbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” - “Servers”. Then click on “STProxyServer”.Social Business 194 © 2010 IBM Corporation
  • 195. Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button. In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.Social Business 195 © 2010 IBM Corporation
  • 196. Save the last changes by clicking the “Save” link.Social Business 196 © 2010 IBM Corporation
  • 197. Now it is recommended to set the services of your Sametime Proxy Server “STProxyServer”, “STProxyServer_DM” and “STProxyServer_NA” to automatic. Then restart your operating system. When the OS is restarted then you are ready to test all features. Check that your server communicates with the Sametime Community Server on port 1516 and with the Apple Notification Server.Social Business 197 © 2010 IBM Corporation
  • 198. Additional Steps after the installation: Some additional Tuning steps can be done after all components are installed. You should consult the Sametime Product Documentation in the Internet about this steps here: http://www-10.lotus.com/ldd/stwiki.nsf/dx/Tuning_st852Social Business 198 © 2010 IBM Corporation
  • 199. Legal Disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.Social Business 199 © 2010 IBM Corporation