Your SlideShare is downloading. ×
IBM Sametime 8.5.2 installation - From Zero To Hero - Edge Components 18.12.2011
Upcoming SlideShare
Loading in...5
×

Thanks for flagging this SlideShare!

Oops! An error has occurred.

×

Saving this for later?

Get the SlideShare app to save on your phone or tablet. Read anywhere, anytime - even offline.

Text the download link to your phone

Standard text messaging rates apply

IBM Sametime 8.5.2 installation - From Zero To Hero - Edge Components 18.12.2011

15,684
views

Published on

Accessing a Sametime environment from the Internet has a lot of security and technical aspects. Learn how to install your Sametime Edge Proxy components in your DMZ and connect it to your internal …

Accessing a Sametime environment from the Internet has a lot of security and technical aspects. Learn how to install your Sametime Edge Proxy components in your DMZ and connect it to your internal Sametime environment.
Install a Sametime Community MUX Server, a SIP Edge Proxy, a Meeting HTTP Edge Proxy, a TURN server and a Sametime Gateway.

Published in: Technology, Business

2 Comments
7 Likes
Statistics
Notes
  • Frank,

    I've installed Sametime 8.5.2 using the two Docs ”From Zero to Hero” Basics and Edge.

    Now trying to upgrade to IFR1 also using this ”From Zero to Hero” doc, but I've a problem with the meeting server upgrade.

    There is no error during the upgrade process. But after restart, meeting server doesn't run and there is some warnings in server log.

    Can you tell me if this doc can be used to upgrade an 8.5.2 installation with edge components (installed using previous ”From Zero to Hero” docs )?

    Thanks.
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
  • Hello Frank,

    Excellent presentation. Very helful and thorough.

    If I have lotus domino passport express, do I need to purchase license for server? Or only licenses for the users?

    Thank you,
    Alkis
       Reply 
    Are you sure you want to  Yes  No
    Your message goes here
No Downloads
Views
Total Views
15,684
On Slideshare
0
From Embeds
0
Number of Embeds
4
Actions
Shares
0
Downloads
1,452
Comments
2
Likes
7
Embeds 0
No embeds

Report content
Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
No notes for slide

Transcript

  • 1. IBM Collaboration Solutions Installation and Setup of IBM Sametime 8.5.2 ”From Zero to Hero” Part 2 – Edge Components Frank Altenburg | SME for Sametime IBM Collaboration Solutions mailto:frank.altenburg@de.ibm.com Social Business New version from 18. 12. 2011 © 2009 IBM Corporation
  • 2. Agenda ● Components of IBM Sametime 8.5.2 ● Requirements for a IBM Sametime 8.5.2 Edge deployment ● Architecture of a IBM Sametime 8.5.2 Edge deployment ● The 25 steps to a IBM Sametime 8.5.2 Edge deploymentSocial Business 2 © 2010 IBM Corporation
  • 3. The IBM Sametime 8.5.2 Components we will cover In Part 1: ● IBM DB2 Database Server ● IBM Sametime System Console ● IBM Sametime Community Server ● IBM Sametime Proxy Server ● IBM Sametime Meeting Server ● IBM Sametime Media Manager ● IBM Sametime Advanced Server (optional) ● IBM Sametime Connect ClientIn this Part 2: ● IBM Sametime Community MUX (optional) ● IBM Sametime SIP Edge Proxy ● IBM Sametime Meeting HTTP Proxy ● IBM Sametime TURN Server ● IBM Sametime Gateway (optional) In Part 3: ● Moving Sametime Servers to separate boxes ● Implementing additional Servers for clustering ● Clustering of Sametime ServersSocial Business 3 © 2010 IBM Corporation
  • 4. IBM Sametime System Level Architecture Sametime Clients HTTP HTTP VPSIP, RTP SIP, RTP Meeting Advanced Server VP Server Community VP Server VP Media Unified Manager Telephony VP VP SIP SIP, TCSPI Partner Enterprise Phone Sametime Sametime System A/V Bridges Proxy Gateway SIP, XMPP HTTPLogical servers shown – may External IMbe combined physically Embedded Applications, Communitiesdepending on user workload including Web Client, Portal, and Mobile Social Business 4 © 2010 IBM Corporation
  • 5. IBM Sametime System Console ● Manage prerequisites. – System console manages all needed info for prerequisite components – No install/reinstall of IBM DB2® (for example) for Sametime Domino each separate offering Presence/IM Sametime System Console Sametime ● Centralize configuration. Classic LDAP – Setup & testing of things like LDAP centralized in Meetings a single location, instead of various wizards in Sametime different installers New Meetings Facilitate deployment planning. WebSphere ● Sametime Media – Mechanism to plan the Sametime server Server deployment Sametime Proxy DB2 – Installation of server nodes is simpler, as the shared configuration already exists. Server Sametime installers are “headless”, and need no input Advanced from user ● Single point of action for administrative tasks – Example: Policies are managed from a single place for all componentsSocial Business 5 © 2010 IBM Corporation
  • 6. Agenda ● Components of IBM Sametime 8.5.2 ● Requirements for a IBM Sametime 8.5.2 Edge deployment ● Architecture of a IBM Sametime 8.5.2 Edge deployment ● The 25 steps to a IBM Sametime 8.5.2 Edge deploymentSocial Business 6 © 2010 IBM Corporation
  • 7. IBM Sametime 8.5.2 Prerequisites ● IBM Sametime 8.5.2 Community MUX Server requires ● IBM Sametime Community Server (Version >= 7.5.1) ● IBM Sametime 8.5.2 SIP Edge Proxy ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM Sametime 8.5.2 Mdia Manager ● IBM Sametime 8.5.2 Meeting HTTP Proxy ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM Sametime 8.5.2 Meeting Server ● IBM Sametime 8.5.2 TURN Server requires ● IBM Sametime 8.5.2 Media Manager ● IBM Sametime 8.5.2 Gateway Server requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM DB2 9.7 or 9.5 FP1 ● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft® Active Directory, IBM Tivoli® Directory Server, SunOne® iPlanet®, Novell® eDirectory®) ● IBM Sametime Community Server (Version >= 8.0.1)Social Business 7 © 2010 IBM Corporation
  • 8. IBM Sametime 8.5.2 Prerequisites (cont.) ● IBM Sametime 8.5.2 System Console Server requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM DB2 9.7 or 9.5 FP1 ● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft® Active Directory, IBM Tivoli® Directory Server, SunOne® iPlanet®, Novell® eDirectory®) ● IBM Sametime 8.5.2 Community Server requires ● IBM Lotus Domino 8.5.1 or 8.5.2 (32 Bit Version only) ● LDAP directory server ● IBM Sametime 8.5.2 Proxy Server requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM Sametime Community Server (Version >= 7.5.1) ● IBM Sametime 8.5.2 Meeting Server requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM DB2 9.5 FP1 (provided automatically via Install) ● LDAP directory server ● IBM Sametime 8.5.2 Media Manager requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM Sametime 8.5.2 Community Server ● LDAP directory serverSocial Business 8 © 2010 IBM Corporation
  • 9. IBM Sametime 8.5.2 Prerequisites (cont.) ● IBM Sametime 8.5.2 Advanced Server requires ● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install) ● IBM DB2 9.7 or 9.5 FP1 ● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft® Active Directory, IBM Tivoli® Directory Server, SunOne® iPlanet®, Novell® eDirectory®) ● IBM Sametime Community Server (Version >= 8.0.1)Social Business 9 © 2010 IBM Corporation
  • 10. IBM Sametime 8.5.2 Prerequisites (continued) ● Software requirements ● Client ● Windows XP (SP2), XP Tablet, Vista and Windows 7 – 32 and 64 bit ● MAC OS X 10.6.2 x86-64 and future OS fix packs ● RHEL 5.0 Update 4 Desktop Edition x86-32 and future OS fix packs ● SLED 10.0 SP3 and 11.0 SP1 32 and 64 bit and future OS fix packs ● Ubuntu 10.04 LTS x85-32 and future OS fix packs ● Server ● Windows Server 2003/2008 - 32 and 64 bit (including R2) ● Linux (RHEL, SLES) - 32 and 64 bit ● AIX 5.3/6.1 ● i5/OS 5.4, 6.1 ● Solaris 10 ● ESX and ESXi 4.0, MS Hyper-V R2 ● Browsers ● Microsoft® Internet Explorer 6.x, 7.x, 8.0 (Windows) ● Firefox 3.5 and 3.6 (Windows, Mac, Linux) ● Safari 5.0 (Mac) ● Other ● Domino 8.5.1/8.5.2 for Community Server / Classic meetings ● WebSphere Application Server 7 for new servers and gateway (included) ● DB2 9.7 for new servers and gateway (included)Social Business 10 © 2010 IBM Corporation
  • 11. IBM Sametime 8.5.2 Prerequisites (continued) ● Software requirements ● For WEB A/V ● Microsoft® Internet Explorer 6.x(!!), 7.x, 8.0 (Windows) ● Firefox 3.5 and 3.6 (Windows, Mac) SPECIAL NOTE: Microsoft Internet Explorer 9, Apple Safari and Google Chrome are not supported with the Sametime Audio/Video Browser Plugin in this actual Sametime Version 8.5.2. We do not support any Linux based OS now for Browser A/V. Microsoft Internet Explorer 6 should work and is officially supported. But it is not recommended to use this version because it can cause issues when several parallel connections needs to be established with the meeting server.Social Business 11 © 2010 IBM Corporation
  • 12. Other requirements ● Make sure that all servers you want to use can be resolved in DNS. ● If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers. ● The Media Manager Server does not work when installing with a DNS alias. You must configure the full qualified machine host name (including domain part) and use this for the installation. This name does not need to be configured anywhere else and the client does not see it. ● If you use Windows 2008 as Operating System, then you need to start all installations and configurations in „Administrative mode“. ● You need a LDAP Server hosting your user base. This can be a Domino LDAP or Microsoft Active Directory or any other supported V3 LDAP. ● The Sametime gateway requires a public, not NATed IP address. NAT does not work with SIP traffic (specially when using TLS encryption) because the SIP packages contain the sending IP address inside. Then the receiver refuses the SIP package coming from another address then the one inside the package.Social Business 12 © 2010 IBM Corporation
  • 13. Required files for a deployment on Windows For a Windows installation of the Edge components you need to download these files from Passport Advantage: CZYD7ML.zip IBM Sametime Community Server Standard CZYE0ML.zip IBM Sametime Meeting Server CZYF0ML.zip IBM Sametime Media Manager Server CZYF9ML.exe IBM Sametime Gateway CZYA0ML.zip IBM Sametime WebSphere Application Server CZYH1ML.zip IBM Sametime WebSphere Application Server iFixes Create a directory, for example “C:Install”, on the servers where you want to install. Then unpack the downloaded files into this directory. Just unpack the files required for your deployment architecture on the particular server. If you run the CZYF9ML.exe, create a subdirectory “C:InstallSametimeGateway” to unpack the file. When unpacked the CZYH1ML.zip file go into the subdirectory “C:InstallSametimeWASiFixesWebSphereUPDI” and unzip the update installer for your used operating system.Social Business 13 © 2010 IBM Corporation
  • 14. Agenda ● Components of IBM Sametime 8.5.2 ● Requirements for a IBM Sametime 8.5.2 Edge deployment ● Architecture of a IBM Sametime 8.5.2 Edge deployment ● The 25 steps to a IBM Sametime 8.5.2 Edge deploymentSocial Business 14 © 2010 IBM Corporation
  • 15. IBM Sametime 8.5.2 - Our pilot recommendation Compared with the last version of this document installing IBM Lotus Sametime 8.5.1 (from Lotusphere 2011), we have changed again our recommendation for a pilot deployment. The reason for the change is the availability of new features in installation methods as well as our increased experience and many successful installations using this method in the last months. The most Edge components described in this part 2 can be installed on one single box in the DMZ because all of them use different ports for communication. Only the Sametime Gateway requires a separate box because it uses the SIP Protocol and requires a non NATed public IP address. The Sametime Gateway is optional and not required for the other Edge components to work properly. It is important to have the full environment described in the Part 1 of this documentation up and running before starting the Edge components installation. The Sametime Advanced part is not required for this installation.Social Business 15 © 2010 IBM Corporation
  • 16. IBM Sametime 8.5.2 Edge – our pilot deployment DNS entries: sametime.renovations.com STMux DB2 9.5 meeting.renovations.com Sametime Server chat.renovations.com System webchat.renovations.com Console edge.renovations.com SIP pointing to 192.168.0.1 Edge Sametime Proxy Media edge.renovations.com Manager 192.168.40.40 192.168.0.1 192.168.30.50 WAS sametime.renovations.com HTTP 192.168.30.10 Port Forwardings: Proxy 80 TCP 1533 TCP 5061 TCP Sametime Sametime TURN Server 5081 TCP Meeting Proxy Server 3478 UDP Server to 192.168.40.40meeting.renovations.com webchat.renovations.com 192.168.30.10 192.168.30.30 Active Sametime Directory Sametime Community gateway.renovations.com gateway.renovations.com LDAP Gateway Server 192.168.30.60 Server 192.168.0.60ldap.renovations.com chat.renovations.com 192.168.30.99 192.168.30.20 Social Business 16 © 2010 IBM Corporation
  • 17. Hardware required for this Pilot Example Deployment ● 1 Server for the IBM Sametime 8.5.2 Community MUX, IBM Sametime 8.5.2 Meeting HTTP Proxy, IBM Sametime 8.5.2 SIP Edge Proxy, IBM Sametime 8.5.2 TURN Server Quad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS 1 GBit Network Interface with 2 IP addresses (internal and external). ● 1 Server for the IBM Sametime 8.5.2 Gateway Server Dual CPU, 4GB RAM or more, 50GB disk space or more, 64 Bit OS 1 GBit Network Interface with 2 IP addresses (internal and external but not NATed). ● Various client endpoints With such a configuration you can host up to ● 300 concurrent Meeting Participants * ● 5.000 concurrent Sametime Clients * ● 150 concurrent Media Streams * ● 1500 concurrent Proxy web client users * * Ask you IBM representative for more detailed sizing information in a defined environmentSocial Business 17 © 2010 IBM Corporation
  • 18. Special IP configuration for the WebSphere based Server For this Edge environment it is required to have the same FQ Host names that you use in the internal network (see Part 1 of this documentation) be configured in the public DNS pointing to the public IP address of the server machine in the DMZ hosting the Edge components. This means splitted DNS configuration is required. Host Name: edge.renovations.com Alias Names: sametime.renovations.com meeting.renovations.com webchat.renovations.com chat.renovations.com Public IP: 192.168.0.1 (NATed to the DMZ IP) DMZ IP: 192.168.40.40 Local address in the Intranet: Host Name: edge.renovations.com IP: 192.168.30.50Social Business 18 © 2010 IBM Corporation
  • 19. Special IP configuration for the WebSphere based Server (cont) For the Sametime Gateway Server a not NATed public IP address is required. Best practice is to have a splited DNS configuration. Public address in the Internet: Host Name: gateway.renovations.com Public IP: 192.168.0.60 (not NATed) Local address in the Intranet: Host Name: gateway.renovations.com IP: 192.168.30.60Social Business 19 © 2010 IBM Corporation
  • 20. Required technical users for IBM Sametime 8.5.2 IBM Sametime requires some technical users for components to communicate in an authenticated mode. All of this users should be configured so that the password never expires and never needs to be changed. db2admin This user is created during installation of the DB2 server in the Operating System. Do not create this user in advance. It is the user for all IBM Sametime related components using DB2 to access their databases. Be sure to match the password policy requirements of the OS. wasadmin This is the user to access the IBM WebSphere components and to administer the system. This user must not exist in your LDAP directory. It is created during WebSphere installation in a local file repository. You can use the same user name and password for all components (makes it easier) or different names and passwords. But again, it does not work when this user exists in the LDAP.Social Business 20 © 2010 IBM Corporation
  • 21. Required technical users for IBM Sametime 8.5.2 (cont) Domino Administrator This user is created during installation of Domino for the IBM Sametime Community Server. It is a best practice to not use a existing administrative account because it is the account with that the IBM Sametime System Console communicates with the Community Server. LDAP Bind User This is a user account in your LDAP directory. This account is used to connect in authenticated mode to the LDAP server to get all required attributes. It is possible to connect anonymously to the LDAP but then it does not work with some LDAP systems or the LDAP server requires special configuration to allow anonymous bind.Social Business 21 © 2010 IBM Corporation
  • 22. Starting and stopping the WebSphere based Server In this pilot deployment we install and configure all WebSphere based Sametime servers using a single Cell. Then it is easy to administer all of them using just one administrative interface. (The Integrated Solutions Console of the Sametime System Console) With Sametime 8.5.1 the services where created automatically for all servers because we used for all of them a separate “Cell Profile” deployment. Now with IBM Sametime 8.5.2 we use the Network deployment method by implementing all servers as a Primary Node federated to the Deployment Manager of the Sametime System Console in just one Cell. Using this method the installer does not create some required components and it does not create some services in the Windows operating system. We need to manually create this components and Services. All the required steps are described in detail later this slide deck.Social Business 22 © 2010 IBM Corporation
  • 23. Audio/Video Plug-In for Browser access to Meeting RoomsThe Meeting Plug-In is shipped with the Media Manager in two formats.1.) Download VersionThis version files needs to be copied onto a Web Server that can beaccessed by the Browser from the client who want to access the Meetingsusing Audio and Video services. This could be the Domino basedSametime Community Server, the Sametime Proxy Server or the SametimeMeeting Server or any other web server in your organization.In this pilot deployment recommendation we use the Sametime Proxyserver for this service.To download and install this Plug-In it is required to have Administrativeaccess rights on Windows 7. With all other OS the user right is enough2.) Deployment VersionThis version can be deployed using your preferred deployment tool. Itcontains a MSI installer file. But be careful in some operating systems asWindows 7, it is required to install this version with administrative rights.Social Business 23 © 2010 IBM Corporation
  • 24. Agenda ● Components of IBM Sametime 8.5.2 ● Requirements for a IBM Sametime 8.5.2 Edge deployment ● Architecture of a IBM Sametime 8.5.2 Edge deployment ● The 25 steps to a IBM Sametime 8.5.2 Edge deploymentSocial Business 24 © 2010 IBM Corporation
  • 25. The 25 steps to deploy a Sametime 8.5.2 EDGE environment 1.Enable Trust for the Community Mux in the Sametime Community Server 2.Install the Sametime Community Mux 3.Configure the Community Mux in the Sametime System Console 4.Install the SIP EDGE Proxy without the Sametime System Console 5.Configure the SIP Edge Proxy 6.Post Install Tasks 7.Create a Deployment Plan for the Sametime Meeting HTTP Proxy 8.Install the Sametime Meeting HTTP Proxy 9.Run the guided activity to add the Sametime Meeting HTTP Proxy to the Meeting Cluster 10.Remove the Sametime Meeting Server on the Edge Server 11.Create the WebSphere Meeting Http Proxy on the Edge Server 12.Post Install tasks 13.Install the TURN Server 14.Configure the TURN Server and enable NAT Traversal 15.Test all the Edge componentsSocial Business 25 © 2010 IBM Corporation
  • 26. The 25 steps to deploy a Sametime 8.5.2 EDGE environment 16.Create the Sametime gateway DB2 Database 17.Configure the DB2 Database Prerequisite in the Sametime System Console 18.Enable Trust for the Gateway in the Sametime Community Server 19.Install the Sametime Gateway without the Sametime System Console 20.Post Install Tasks 21.Register the Gateway to the Sametime System Console 22.Connect to the local Sametime Community 23.Connect to a Partner Sametime Community 24.Enable clients to use the Sametime Gateway 25.Test the GatewaySocial Business 26 © 2010 IBM Corporation
  • 27. STEP ONE: Enable Trust for the Community MUX in the Sametime Community Server Summary A Sametime Community Server only accepts connections from a Community Services multiplexer that is listed in the "CommunityTrustedIps" field of a "CommunityConnectivity" document to prevent an unauthorized machine from connecting to the Sametime community server. This can be configured directly in the “STCONFIG.NSF” Database - “CommunityConnectivity” Document, or – and this is now much easier – in the Sametime System Console. This is the way we want to configure this part.Social Business 27 © 2010 IBM Corporation
  • 28. Enter the URL „http://sametime.renovations.com:8700/admin“. The WebSphere Application Server Administrative interface (the Integrated Solutions Console ISC) is always secured by SSL. Therefore you will be redirected to HTTPS and the port 8701 automatically. You are prompted to accept the default certificate. For different browsers the procedure to accept this IBM signed certificate is different. You can use the direct URL: „https://sametime.renovations.com:8701/ibm/console“.Social Business 28 © 2010 IBM Corporation
  • 29. Enter the WebSphere Application Server Administrative User name and its password. We use „wasadmin“. Then click the „Log in“ button to continue.Social Business 29 © 2010 IBM Corporation
  • 30. You have now reached the IBM Lotus Sametime System Console.Social Business 30 © 2010 IBM Corporation
  • 31. Click on “Sametime System Console”, then on “Sametime Servers” and then on “Sametime Community Servers”.Social Business 31 © 2010 IBM Corporation
  • 32. Click your “Chat Server” now.Social Business 32 © 2010 IBM Corporation
  • 33. Go to the bottom of the page and enter the IP address of your Edge server that hosts your Sametime Community MUX. Then click the “Add” buttonSocial Business 33 © 2010 IBM Corporation
  • 34. The IP address is now added. Click the “OK” button to save the setting into the Sametime Community Server configuration.Social Business 34 © 2010 IBM Corporation
  • 35. Restart your Sametime Community Server to apply the trust settings. Be aware to use this “restart server” console command only in your test environment. On a production server this wont work because the restart is often faster then stopping all 41 Sametime server tasks. The complete restart can take up to 5 minutes. Wait until all 41 ST... tasks appear in your Task Manager.Social Business 35 © 2010 IBM Corporation
  • 36. STEP TWO: Install the Sametime Community MUX Summary This step installs theIBM Sametime 8.5.2 Community MUX. We like to use a CMD command line window to enter some of the commands and start the installers. For that we have created a short cut in our fast start section. You can use the Windows Explorer as well to navigate to the destination directory and double click the installation file (setupwin32.exe)Social Business 36 © 2010 IBM Corporation
  • 37. Enter the command “cd InstallCommunityMux” and press the “Enter” key. Enter the command “setupwin32.exe” and press the “Enter” key.Social Business 37 © 2010 IBM Corporation
  • 38. My Operating System was set to German language. But I want to use the English language (default) for the installation. Just click the “OK” button.Social Business 38 © 2010 IBM Corporation
  • 39. Now click the “Next” button to continue.Social Business 39 © 2010 IBM Corporation
  • 40. Accept the terms in the license agreement and click the “Next” button to continueSocial Business 40 © 2010 IBM Corporation
  • 41. Remove “Program Files” and click the “Next” button to continue We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 41 © 2010 IBM Corporation
  • 42. Enter the full qualified host name of your community Server. We use “chat.renovations.com”. Then click the “Next” button to continue.Social Business 42 © 2010 IBM Corporation
  • 43. Click the “Install” button to install the Community MUX.Social Business 43 © 2010 IBM Corporation
  • 44. The Sametime Community MUX is now installing. This step takes approximately 1 to 2 minutes.Social Business 44 © 2010 IBM Corporation
  • 45. Important to know... Consider the requirements of the community server multiplexer machine before installing it. * community server multiplexer installation files are available for Windows®, AIX®, Linux®, and Solaris. A stand-alone community server multiplexer cannot be installed on IBM® i. However, Sametime® on IBM i supports the use of a stand- alone multiplexer installed on a Windows system. * The minimum system requirements for the community server multiplexer machine are the same as the system requirements for the core Sametime community server. * A machine that meets the minimum system requirements should be able to handle approximately 20,000 simultaneous client connections. * Testing indicates that machines with dual 1133 MHz CPUs and 2 GB of RAM can handle approximately 30,000 simultaneous client connections. * TCP/IP connectivity must be available between the community server multiplexer machine and the Sametime community server. Port 1516 is the default port for the connection from the community server multiplexer machine to the Sametime Community Server.Social Business 45 © 2010 IBM Corporation
  • 46. When the installation has finished successfully, click the „Finish“ button to close the Installer.Social Business 46 © 2010 IBM Corporation
  • 47. Set the preferences of the Community Mux “ST Mux” service to start and stopautomatic with the Operating System. Then start the service.Social Business 47 © 2010 IBM Corporation
  • 48. The Community Mux is now setup to start and stop automatic with the Operating System,and it is started.Social Business 48 © 2010 IBM Corporation
  • 49. Install a Sametime Connect client in the public network and connect to your Sametime Community Mux server. In the public network this should be the same address as in your local network “chat.renovations.com”. The Sametime Community Mux forwards your connection to the internal Sametime Community Server. Login with a user in your directory to see that the Mux works.Social Business 49 © 2010 IBM Corporation
  • 50. Another way to test the functionality and connectivity of your Sametime Community Mux is to enter the command “netstat -an” in a CMD line window. There you should see the ST Mux is listening on ports 1533 and 8082. There are established connections to your Community Server (IP 192.168.30.20) on port 1516 and from your Sametime Client (IP 192.168.0.9) on port 1533.Social Business 50 © 2010 IBM Corporation
  • 51. STEP THREE: Configure the Community MUX in the Sametime System Console Summary Use the IBM® Sametime System Console to connect to a Sametime Community Mux and validate its settings.Social Business 51 © 2010 IBM Corporation
  • 52. Click on “Sametime System Console” then on “Sametime Prerequisites” and then on “Connect to Sametime Community Mux Servers”.Social Business 52 © 2010 IBM Corporation
  • 53. Click the “Add” button Enter the host name of your Sametime Community Mux server (we use “edge.renovations.com”) and click the “Save” button.Social Business 53 © 2010 IBM Corporation
  • 54. The Sametime Community Mux Server is now successfully added to your Sametime System Console.Social Business 54 © 2010 IBM Corporation
  • 55. STEP FOUR: Install the SIP EDGE Proxy without the Sametime System Console Summary The IBM® Lotus® SIP Edge Proxy is a SIP Application installed over a WAS server. Since there is no specific installer for the IBM Lotus SIP Edge Proxy server, you can use the SIP Proxy/Registrar installer and then perform manual steps in order to adjust the environment to the Lotus SIP Edge Proxy.Social Business 55 © 2010 IBM Corporation
  • 56. Navigate to the „InstallSametimeMediaManager“ directory and enter the command „Launchpad“Social Business 56 © 2010 IBM Corporation
  • 57. The Sametime 8.5.2 Launchpad opens. Click the „Install IBM Lotus Sametime Media Manager“ link on the left side.Social Business 57 © 2010 IBM Corporation
  • 58. Now click the link „Launch IBM Lotus Sametime Media Manager 8.5.2 Installation“Social Business 58 © 2010 IBM Corporation
  • 59. The Installation Manager is now loading.Social Business 59 © 2010 IBM Corporation
  • 60. Click the “Next” button to continue.Social Business 60 © 2010 IBM Corporation
  • 61. Accept the terms in the license agreement and click the “Next” button to continueSocial Business 61 © 2010 IBM Corporation
  • 62. Remove “Program Files” and click the “Next” button to continue We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 62 © 2010 IBM Corporation
  • 63. Click the “Install” button to install the Installation Manager.Social Business 63 © 2010 IBM Corporation
  • 64. The installation Manager is now installingSocial Business 64 © 2010 IBM Corporation
  • 65. If you are using Windows 2008 R2 or Windows 2003 R2 then it can be possible that you run into a JAVA heap memory overflow. To prevent this issue change a parameter in The “IBMIM.INI” configuration file of the Sametime Install Manager. See the next 2 slides how to do this. And then click the „Restart Installation Manager“ button to continue.Social Business 65 © 2010 IBM Corporation
  • 66. In the File Explorer navigate to your Install Managers eclipse directory “C:IBMInstall Managereclipse”. Then open the configuration file “IBMIM.ini” in notepad.Social Business 66 © 2010 IBM Corporation
  • 67. Add he parameter “-Xmx1024m” at the end. Then save and close the file. This parameter is case sensitive. Now click the “Restart Installation Manager” button in your Install Manager screen to continue your Installation.Social Business 67 © 2010 IBM Corporation
  • 68. Click the „Install“ icon to start the installation.Social Business 68 © 2010 IBM Corporation
  • 69. Select „IBM Sametime Media Manager“ and „Version 8.5.2“. Then click the „Next“ button to continue.Social Business 69 © 2010 IBM Corporation
  • 70. Accept the terms in the license agreement and click the „Next“ button to continue.Social Business 70 © 2010 IBM Corporation
  • 71. Enter the correct path (remove „Program Files“) and click the „Next“ button to continue.Social Business 71 © 2010 IBM Corporation
  • 72. Enter the correct path (remove „Program Files“) and click the „Next“ button to continue.Social Business 72 © 2010 IBM Corporation
  • 73. Select “IBM Sametime Media Server 8.5.2” but deselect “Use Lotus Sametime System Console to Install”. Then click the „Next“ button to continue.Social Business 73 © 2010 IBM Corporation
  • 74. With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing WebSphere 7.0.0.15 Server. We dont want to do this in this pilot deployment. Just click “Next” to continue.Social Business 74 © 2010 IBM Corporation
  • 75. In this screen you need to select the WebSphere deployment method. We use “Standalone” for this installation. And you need to define the WebSphere Application Server administrative user. You need to authenticate with this user to access the Integrated Solutions Console of your Media Manager Server. It is important that this user does not exist in your LDAP. In this example we use the standard „wasadmin“. Enter the password twice and click the „Next“ button to continue.Social Business 75 © 2010 IBM Corporation
  • 76. The host names for the SIP Proxy/Registrar, Conference Manager, Packet Switcher, and Community Server must be all different. The Proxy/Registrar host name should be the local host, and the others should be different from the Proxy/Registrar host name and also from each other. We use in this example: * Conference Manager host name: “sametime.renovations.com” * Proxy/Registrar host name: “edge.renovations.com” * Packet Switcher host name: “meeting.renovations.com” For the Community Server we use our chat server “chat.renovations.com” Then click the „Validate“ button to continue.Social Business 76 © 2010 IBM Corporation
  • 77. If the connection to the different hosts was successful, then you should see that the text in the button has changed to „Validated“. Now click the „Next“ button to continue.Social Business 77 © 2010 IBM Corporation
  • 78. Select the checkbox “Configure LDAP after the installation” and click the “Next” button.Social Business 78 © 2010 IBM Corporation
  • 79. Click the „Install“ button to install the Sametime Media Manager Server.Social Business 79 © 2010 IBM Corporation
  • 80. The Installation Manager now installs the Sametime Media Manager. This step can take approximately 30 to 45 Minutes.Social Business 80 © 2010 IBM Corporation
  • 81. Important to know... It should be possible to do this installation with every other Sametime component that is WebSphere based to just have the WebSphere binaries and the Cell profile structure on the box. But we need to implement a special application - the Edge Proxy Application. This application is shipped in the Media Manager install package. So it is easier to use this installer for this installation. If you plan to implement all Edge components on one box, like described in this document, then you need to install the SIP Edge Proxy component first – before the Meeting Http Edge Proxy. The reason is the required configuration steps for the Meeting Http Edge Proxy disallow the complete Cell installation of the SIP Edge Proxy.Social Business 81 © 2010 IBM Corporation
  • 82. The Installer first unpacks the WebSphere Application Server install files Then he installs the WebSphere Application Server 7.0.0.3 binaries Then he creates the WebSphere profiles Then he installs the Update Installer Then he installs the Update to WebSphere 7.0.0.15 Then he install the application and configures everythingSocial Business 82 © 2010 IBM Corporation
  • 83. In this directory is the log file where the installer logs its progress. The file increases up to approximately 302 KBytes. Director on Windows 2008: C:UsersAll UsersIBMInstallation Managerlogsant The last step is to configure the services and some post install tasks.Social Business 83 © 2010 IBM Corporation
  • 84. The Sametime Media Manager server has installed successfully. Click the „Finish“ button and close the Installation Manager and the Launchpad.Social Business 84 © 2010 IBM Corporation
  • 85. STEP FIVE: Configure the SIP Edge Proxy Summary The SIP Edge Proxy needs to be configured. Several steps are required to complete this configuration: A)Login to the new Media Manager integrated Solutions Console B)Uninstall all Media manager applications C)Install the new SIP Edge Proxy application D)Configure the SIP Ports E)Modify the SIP Edge Proxy Settings in the edge-proxy.xml file F)Replace the default certificate G)Exchange certificates between the SIP Edge Proxy and the SIP Proxy RegistrarSocial Business 85 © 2010 IBM Corporation
  • 86. A) Login to the new Media Manager integrated Solutions Console Enter the URL „http://edge.renovations.com:8800/admin“. Then click the “Add Exception” button. The WebSphere Application Server Administrative interface (the Integrated Solutions Console ISC) is always secured by SSL. Therefore you will be redirected to HTTPS and the port 8701 automatically. You are prompted to accept the default certificate. For different browsers the procedure to accept this IBM signed certificate is different. You can use the direct URL: „https://sametime.renovations.com:8 801/ibm/console“.Social Business 86 © 2010 IBM Corporation
  • 87. The IBM signed certificate is not trusted by the browser. Click the „Get Certificate“ button to accept the certificate by clicking the “Confirm Security Exception Button”. (this dialog is different using other browsers)Social Business 87 © 2010 IBM Corporation
  • 88. Enter the WebSphere Application Server Administrative User name and its password. We use „wasadmin“. Then click the „Log in“ button to continue.Social Business 88 © 2010 IBM Corporation
  • 89. You have now reached the IBM WebSphere Integrated Solutions Console.Social Business 89 © 2010 IBM Corporation
  • 90. B) Uninstall all Media manager applications Click on “Applications” - “Application Types” and then on “WebSphere enterprise applications”.Social Business 90 © 2010 IBM Corporation
  • 91. Select the installed applications “ConferenceFocus” and “SSCConnect.ear”. If other applications are installed like “SIP Proxy”, “SIP Registrar” or “Packet Switch”, select them as well and then click the “Uninstall” button.Social Business 91 © 2010 IBM Corporation
  • 92. Click the “OK” button to continue.Social Business 92 © 2010 IBM Corporation
  • 93. Yes we want to save the changes and click the “save” link.Social Business 93 © 2010 IBM Corporation
  • 94. C) Install the new SIP Edge Proxy application The applications are now deleted. Next is to install the SIP Edge Proxy application. Click the “Install” button.Social Business 94 © 2010 IBM Corporation
  • 95. If you run your browser on the Edge machine, you can use “Local File System”. If you use your Browser from your workstation, then the install files are “remote”. So use the “Remote file system” and click the “Browse” button.Social Business 95 © 2010 IBM Corporation
  • 96. Select the directory where you have unpacked the Media Manager install files. And from there the subdirectory “SIPEdgeProxy”. Then select the “EdgeProxyAppl.ear” file and click the “OK” button.Social Business 96 © 2010 IBM Corporation
  • 97. Click the “Next” button to continue.Social Business 97 © 2010 IBM Corporation
  • 98. Click the “Next” button to continue.Social Business 98 © 2010 IBM Corporation
  • 99. Click the “Next” button to continue.Social Business 99 © 2010 IBM Corporation
  • 100. Click the “Next” button to continue.Social Business 100 © 2010 IBM Corporation
  • 101. Click the “Next” button to continue.Social Business 101 © 2010 IBM Corporation
  • 102. Click the “Finish” button to continue.Social Business 102 © 2010 IBM Corporation
  • 103. Click the “save” link to continue.Social Business 103 © 2010 IBM Corporation
  • 104. The EdgeProxyAppl is now installed successfully.Social Business 104 © 2010 IBM Corporation
  • 105. D) Configure the SIP Ports To set up ports for the IBM® Lotus® SIP Edge Proxy, an administrator needs to determine the SIP ports used for the SIP Proxy/Registrar and ensure that the Lotus SIP Edge Proxy listens on these same ports. To perform this configuration step we open a new browser window and connect to our Sametime System Console – Integrated Solutions Console. Enter the URL “http://sametime.renovations.com:8700/admin”. If the console is already open in your browser, then switch to this browser window.Social Business 105 © 2010 IBM Corporation
  • 106. Click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business 106 © 2010 IBM Corporation
  • 107. Click on “STMediaServer”.Social Business 107 © 2010 IBM Corporation
  • 108. On the right side under “Communications” click on “Ports”.Social Business 108 © 2010 IBM Corporation
  • 109. Record the ports that are used for the “SIP_ProxyRegHOST” and “SIP_ProxyReg_SECURE”.Here we can find ports “5080” and “5081”.Social Business 109 © 2010 IBM Corporation
  • 110. Go back to the Integrated Solutions Console of your Edge Media Manager installation. Now click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business 110 © 2010 IBM Corporation
  • 111. Click on “STMediaServer”.Social Business 111 © 2010 IBM Corporation
  • 112. On the right side under “Communications” click on “Ports”.Social Business 112 © 2010 IBM Corporation
  • 113. Click on “SIP_ProxyRegHOST”Social Business 113 © 2010 IBM Corporation
  • 114. Enter the Port “5062” and click the “OK” button.Social Business 114 © 2010 IBM Corporation
  • 115. Click on “SIP_ProxyReg_SECURE”Social Business 115 © 2010 IBM Corporation
  • 116. Enter the Port “5063” and click the “OK” buttonSocial Business 116 © 2010 IBM Corporation
  • 117. Click on “SIP_DEFAULTHOST”Social Business 117 © 2010 IBM Corporation
  • 118. Enter the Port “5080” and click the “OK” button.Social Business 118 © 2010 IBM Corporation
  • 119. Click on “SIP_DEFAULTHOST_SECURE”Social Business 119 © 2010 IBM Corporation
  • 120. Enter the Port “5081” and click the “OK” button.Social Business 120 © 2010 IBM Corporation
  • 121. Click the “Save” link to save the last changes.Social Business 121 © 2010 IBM Corporation
  • 122. Next is to add the ports to the virtual hosts table. Click on “Environment” and then on “Virtual hosts”.Social Business 122 © 2010 IBM Corporation
  • 123. Click on “default_host”Social Business 123 © 2010 IBM Corporation
  • 124. Click on “Host Aliases”.Social Business 124 © 2010 IBM Corporation
  • 125. Click the “New” button to add a new entry.Social Business 125 © 2010 IBM Corporation
  • 126. Leave the Host Name as it is and enter the Port “5080” in the Port field. Then click the“OK” button.Social Business 126 © 2010 IBM Corporation
  • 127. To add an other entry click the “New” button again.Social Business 127 © 2010 IBM Corporation
  • 128. Enter the Port “5081” and click the “OK” button.Social Business 128 © 2010 IBM Corporation
  • 129. We have changed the SIP_ProxyRegHOST and SIP_ProxyReg_SECURE ports. So we need to map this changes here as well. Click the “*” near the Port “5060”.Social Business 129 © 2010 IBM Corporation
  • 130. Change the port to “5062” and click the “OK” button.Social Business 130 © 2010 IBM Corporation
  • 131. Now click the “*” near the port “5061”.Social Business 131 © 2010 IBM Corporation
  • 132. Change the port to “5063” and click the “OK” button.Social Business 132 © 2010 IBM Corporation
  • 133. Click the “Save” link to save the last changes.Social Business 133 © 2010 IBM Corporation
  • 134. We have now successfully configured the host aliases for our SIP Edge Proxy server.Social Business 134 © 2010 IBM Corporation
  • 135. Now we need to make sure that the setting “Use available authentication data when an unprotected URI is accessed” is switched off. To check that click on “Security” - “Global Security”.Social Business 135 © 2010 IBM Corporation
  • 136. Under “Web and SIP security” click on “General settings”.Social Business 136 © 2010 IBM Corporation
  • 137. Confirm that the check box near “Use available authentication data when an unprotected URI is accessed” is switched off.Social Business 137 © 2010 IBM Corporation
  • 138. Now we need to confirm 2 more settings in the Server configuration for our SIP Edge Proxy Server. Click on “Servers” - “Server Types” and then on “WebSphere application servers”Social Business 138 © 2010 IBM Corporation
  • 139. Click the “STMediaServer” application server.Social Business 139 © 2010 IBM Corporation
  • 140. Under “SIP Container Settings” click on “SIP container”.Social Business 140 © 2010 IBM Corporation
  • 141. Now click on “Custom properties”Social Business 141 © 2010 IBM Corporation
  • 142. Confirm that the setting “com.ibm.ws.sip.sent.by.host” contains the full qualified host name of your Edge Proxy Server machine. If this is wrong, click on “com.ibm.ws.sip.sent.by.host” and change the host name. Then check that a property “com.ibm.ws.sip.security.trusted.iplist” does not exist. If it exists mark it and click the “Delete” button. Then click the “Save” link in the next screen.Social Business 142 © 2010 IBM Corporation
  • 143. E) Modify the SIP Edge Proxy Settings in the edge-proxy.xml file Next step is to configure the “edge-proxy.xml” file and populte it to the server node. Open a windows File explorer and navigate to the directory: “C:IBMWebSphereAppServerprofilesSTMSDMgrProfileconfigcellsedgeMediaCe llapplicationsEdgeProxyAppl.eardeploymentsEdgeProxyApplEdgeProxyWeb.wa rWEB-INF”. Then open the file “edge-proxy.xml” with notepad or better with wordpad.Social Business 143 © 2010 IBM Corporation
  • 144. The authoritativeProxy section contains the hostname, port, and transport of the SIP Proxy/Registrar: * Specify the SIP port used for TCP. * Specify the SIP port used for TLS. The edgeProxy section contains the hostname, port, and transport of the Lotus SIP Edge Proxy: * Specify the SIP port used for TCP. * Specify the SIP port used for TLS. The authProxySourceAddr section specifies the address of the SIP Proxy/Registrar. When the Lotus SIP Edge Proxy receives stand-alone or initial requests, it determines the remote address from which the request was received. If the remote address does not match the SIP Proxy/Registrar address, the request is sent to the SIP Proxy/Registrar for further processing. Supported values: IP address, regular expression that matches the SIP Proxy/Registrar address (for example, "10.10.102.14 | 10.10.102.16").Social Business 144 © 2010 IBM Corporation
  • 145. We use in our example: authProxyHost=”sametime.renovations,com” authProxyPort=”5081” authProxyTransport=”TLS” authProxySourceAddr=”192.168.30.10” edgeProxyHost=”edge.renovations.com” edgeProxyPort=”5081” edgeProxyTransport=”TLS” Now save the file and close your wordpad editor.Social Business 145 © 2010 IBM Corporation
  • 146. Next is to copy the edited file to the application server configuration in the Deployment Manager. Open a second File explorer and navigate to the directory: “C:IBMWebSphereAppServerprofilesSTMSDMgrProfileconfigcellsedgeMediaCell nodesedgeMediaNodeserversSTMediaServer”.Social Business 146 © 2010 IBM Corporation
  • 147. Now copy the file. (be sure to copy and not move the file)Social Business 147 © 2010 IBM Corporation
  • 148. Next is to synchronize the file to the node. In your Edge Integrated Solutions Console click on “System administration” - “Nodes”.Social Business 148 © 2010 IBM Corporation
  • 149. Select the “edgeMediaNode” and click the “Full Resynchronize” button.Social Business 149 © 2010 IBM Corporation
  • 150. F) Replace the default certificate To avoid the problem of IBM® Sametime® clients rejecting the certificate issued for the IBM Lotus® Edge Proxy server, an administrator needs to replace the default certificate on the Lotus SIP Edge Proxy so that it contains the SIP Proxy/Registrars FQDN. These instructions are for the default certificate, which is meant for internal communications (not meant to act as a CA). Sametime clients verify that the certificate was issued for the SIP Proxy/Registrar. In a Lotus SIP Edge Proxy deployment, the client opens a TLS connection to the Lotus SIP Edge Proxy resulting in the client receiving a certificate issued for the Lotus SIP Edge Proxy server. This certificate will be rejected by the client. Click on “Security” and then on “SSL certificate and key management”.Social Business 150 © 2010 IBM Corporation
  • 151. Now click the “Manage endpoint security configurations” link.Social Business 151 © 2010 IBM Corporation
  • 152. Open the “Inbound” tree and click on “edgeMediaCell” and then “edgeMediaNode”Social Business 152 © 2010 IBM Corporation
  • 153. Click the “Manage certificates” button.Social Business 153 © 2010 IBM Corporation
  • 154. Click the “Create” button and then the “Chained Certificate...” menu entry.Social Business 154 © 2010 IBM Corporation
  • 155. This fields are required to continue: Alias “sip-pr-cn-cert” Common name “sametime.renovations.com” Organization “renovations” Country or region “US” Then click the “OK” button.Social Business 155 © 2010 IBM Corporation
  • 156. To save the last changes just click the “Save” link.Social Business 156 © 2010 IBM Corporation
  • 157. Now click again the “edgeMediaNode” in the “Inbound” tree.Social Business 157 © 2010 IBM Corporation
  • 158. Click the “Manage certificates” button.Social Business 158 © 2010 IBM Corporation
  • 159. Check mark the “default” certificate and then click the “Replace” button.Social Business 159 © 2010 IBM Corporation
  • 160. In the “Replace with” selection box select the newly generated “sip-pr-cn-cert” certificate. Check mark both check boxes “Delete old certificate after replacement” and “Delete old signers”. Then click the “OK” button.Social Business 160 © 2010 IBM Corporation
  • 161. To save the last changes click the “Save” link.Social Business 161 © 2010 IBM Corporation
  • 162. G) Exchange certificates between the SIP Edge Proxyand the SIP Proxy RegistrarClick “Security” and then on “SSL certificate and key management”.Social Business 162 © 2010 IBM Corporation
  • 163. Now click “Key stores and certificates” on the right side.Social Business 163 © 2010 IBM Corporation
  • 164. Click on “CellDefaultTrustStore”.Social Business 164 © 2010 IBM Corporation
  • 165. On the right side click on “Signer certificates”.Social Business 165 © 2010 IBM Corporation
  • 166. Check the check box near the root certificate (the one with the “root” alias). Then click the “Extract” button.Social Business 166 © 2010 IBM Corporation
  • 167. Enter a path to save the certificate. We use “c:tempedgeroot.cer”. Then click the “OK” button.Social Business 167 © 2010 IBM Corporation
  • 168. The certificate was extracted successful. Now you need to copy this certificate file to your Sametime Media Manager box. Best is to copy it there into the “C:temp” directory.Social Business 168 © 2010 IBM Corporation
  • 169. We have exported the root certificate in the SIP Edge Server and need to import that into the Sametime Media Manager. We have copied the file and need to import it next. Go to the Sametime System Console (which is the Integrated Solutions Console for our Sametime Media Manager). The Browser window should still be open from a previous step. But it can be possible that the session is timed out. Then you need to re-authenticate with your “wasadmin” account.Social Business 169 © 2010 IBM Corporation
  • 170. Click on “Security” and then on “SSL certificate and key management”.Social Business 170 © 2010 IBM Corporation
  • 171. On the right side click on “Key stores and certificates”.Social Business 171 © 2010 IBM Corporation
  • 172. Click the “CellDefaultTrustStore”.Social Business 172 © 2010 IBM Corporation
  • 173. On the right side click on “Signer certificates”.Social Business 173 © 2010 IBM Corporation
  • 174. To import the root certificate from the SIP Edge Proxy server click the “Add” button.Social Business 174 © 2010 IBM Corporation
  • 175. Enter a name for the certificate, we just use “edge_root”. In the “File name” field enter the path to where you have copied the certificate file and the filename. We use “c:tempedgeroot.cer”. Then click the “OK” button.Social Business 175 © 2010 IBM Corporation
  • 176. To save the last changes click the “Save” link.Social Business 176 © 2010 IBM Corporation
  • 177. Now we need to do the same thing in the opposite direction. Copying the root certificate of our Media Manager to the SIP Edge Proxy. For that we check the check box near the root certificate (the one with “root” in the Alias) and then click the “Export” button.Social Business 177 © 2010 IBM Corporation
  • 178. Enter a path and file name to where the certificate should be saved. We use “c:tempsiproot.cer”. Then click the “OK” button.Social Business 178 © 2010 IBM Corporation
  • 179. The certificate is now saved. Next is to copy this file from the Media manager to the SIP Edge Proxy box. Best is to copy the file to “c:temp”.Social Business 179 © 2010 IBM Corporation
  • 180. Go back to the Integrated Solutions Console of your SIP Edge Proxy server. There just click the “Add” button.Social Business 180 © 2010 IBM Corporation
  • 181. Enter a name for the Media Managers root certificate. We just use “sip_root”. In the “File name” field enter the path to where you have copied the file and the file name. We just use “c:tempsiproot.cer”. Then click the “OK” button.Social Business 181 © 2010 IBM Corporation
  • 182. To save the last changes just click the “Save” link.Social Business 182 © 2010 IBM Corporation
  • 183. Because we did security changes in bot servers it is required to restart the Deployment Manager and all nodes on both servers. Lets start with the Sametime Media Manager Server first. In the Services window select the Deployment Manager (the Service with the “..._DM” at the end) and click the “Stop service” button. You are asked to stop all services. Click “Yes” to really stop all services.Social Business 183 © 2010 IBM Corporation
  • 184. When all services are stopped you should start all services. Start with the Sametime System Console, then the Media Manager, then the Meeting Server and at last the Proxy Server. This takes a long time and sometimes the services cause into a popup Window saying a service could not be started. You can ignore that and just wait until All services are started. Another option is to reboot the Operating system of the box. Then you need to wait as Well until all services are started. This really can take some time. We can recommend to check this in your “Task Manager”. Wait until you can see 10 Java.exe tasks running and each of them consuming between 170 and 450 MB of RAM. When the CPU usage goes down then the startup of all tasks has finished. For the SIP Edge Proxy Server box we will do the restart after we configured the post install tasks.Social Business 184 © 2010 IBM Corporation
  • 185. STEP SIX: Post Install tasks for the Sametime SIP Edge Proxy Summary This step is to configure automatic stop, startup and dependencies in the Windows Operating System Services.Social Business 185 © 2010 IBM Corporation
  • 186. Configure the properties of all 3 task to start automatic. Then restart the Operating System of your SIP Edge Proxy Server.Social Business 186 © 2010 IBM Corporation
  • 187. When the Operating System has restarted, you should see all 3 services as started.Social Business 187 © 2010 IBM Corporation
  • 188. STEP SEVEN: Run the guided activity to configure the IBM Sametime Meeting Server deployment plan for the Meeting Edge HTTP Proxy Summary This step is to preconfigure the settings for the Sametime Meeting Edge HTTP Proxy Server installation.Social Business 188 © 2010 IBM Corporation
  • 189. Start your browser and enter the URL “http://sametime.renovations.com:8700/admin” to access the Sametime System Console. Log in with your “wasadmin” user.Social Business 189 © 2010 IBM Corporation
  • 190. In your Sametime System Console click on „Sametime System Console“ then „Sametime Guided Activities“ and then on „Install Sametime Meeting Server“.Social Business 190 © 2010 IBM Corporation
  • 191. Use the first entry „Create a New Deployment Plan“ and click the „Next“ button.Social Business 191 © 2010 IBM Corporation
  • 192. Enter a name for your Meeting Server Deployment Plan. In this example we use „Meeting Edge“. Then click the „Next“ button to continue.Social Business 192 © 2010 IBM Corporation
  • 193. We want to install the product version „8.5.2“. Click the „Next“ button to continue.Social Business 193 © 2010 IBM Corporation
  • 194. Change to „Secondary Node“ and click the „Next“ button to continue.Social Business 194 © 2010 IBM Corporation
  • 195. Check the “Systemconsole...” and click “Next” to continue.Social Business 195 © 2010 IBM Corporation
  • 196. Enter the full qualified host name of your Sametime Meeting Server. In this example we use „edge.renovations.com“. Enter a WebSphere administrative user name and its password twice. We just use the standard „wasadmin“ name. Click the „Next“ button to continue.Social Business 196 © 2010 IBM Corporation
  • 197. Check your settings and then click the „Finish“ button to save the new Deployment Plan.Social Business 197 © 2010 IBM Corporation
  • 198. You have now successfully created a Deployment Plan for the Sametime Meeting Edge Server installation. The next step is to install the Sametime Meeting Edge Server.Social Business 198 © 2010 IBM Corporation
  • 199. STEP EIGHT: Install the IBM Sametime Meeting Server Summary In this step you install the Sametime Meeting Server secondary node for the Sametime Meeting Edge HTTP Proxy Server using the preconfigured settings in the deployment plan on the Sametime System Console.Social Business 199 © 2010 IBM Corporation
  • 200. On your Edge Box start a CMD line window and navigate to the Sametime Meeting Server install directory. We do this with the command: „cd InstallSametimeMeetingServer“. Then start the Launchpad installer with the command „launchpad“.Social Business 200 © 2010 IBM Corporation
  • 201. Click the „Install IBM Lotus Sametime Meeting Server“ link.Social Business 201 © 2010 IBM Corporation
  • 202. Click the „Launch IBM Lotus Sametime Meeting Server 8.5.2 Installation“ link.Social Business 202 © 2010 IBM Corporation
  • 203. The Installation Manager is starting loading.Social Business 203 © 2010 IBM Corporation
  • 204. Just click the „Install“ icon to start the Sametime Meeting Server installation.Social Business 204 © 2010 IBM Corporation
  • 205. Check the „IBM Sametime Meetings server“ and „Version 8.5.2“ entries. They are unchecked by default. Then click the „Next“ button.Social Business 205 © 2010 IBM Corporation
  • 206. Accept the terms in the license agreement and click the „Next“ button.Social Business 206 © 2010 IBM Corporation
  • 207. Because we have already installed a WebSphere based Sametime Server on this box, (The Sametime SIP Edge Proxy Server) we can reuse the installed binaries. The installer detects this and checks the „Use the existing package group“. And therefore the path is greyed and can not be changed. Click the „Next“ button to continue.Social Business 207 © 2010 IBM Corporation
  • 208. We want to use the predefined Deployment Plan from the Sametime System Console. Click the „Next“ button to continue.Social Business 208 © 2010 IBM Corporation
  • 209. We dont want to use an other existing WebSphere Application Server installation so we just click the “Next” button.Social Business 209 © 2010 IBM Corporation
  • 210. Enter the Sametime System Console Server information and credentials to authenticate.In our example we use „sametime.renovations.com“ as SSC Server name and„wasadmin“ as the WebSphere Administrative User name. The last field is the hostname where we want to install the Sametime Meeting Server. Here we use„edge.renovations.com“. Then click the „Validate“ button to check the connection tothe System Console Server. Social Business 210 © 2010 IBM Corporation
  • 211. The connection to the Sametime System Console was successful when the button text „Validate“ changes to „Validated“. Click the „Next“ button to continue.Social Business 211 © 2010 IBM Corporation
  • 212. Select your Sametime Meeting Server Deployment plan that you have created in the previous step. We use our „Meeting Edge“. Then click the „Next“ button to continue.Social Business 212 © 2010 IBM Corporation
  • 213. Control the settings you received from the System Console. Then click the „Next“ button.Social Business 213 © 2010 IBM Corporation
  • 214. To start the installation click the „Install“ button.Social Business 214 © 2010 IBM Corporation
  • 215. The Sametime Meeting Server is now installing. This takes approximately 30 to 45 minutes. But because we already have the binaries installed and reuse this data, the installation is much shorter. It then takes only 15 to 20 minutes.Social Business 215 © 2010 IBM Corporation
  • 216. Now the installation is in progress....Social Business 216 © 2010 IBM Corporation
  • 217. Important to know... The Meeting Server can be clustered using the WebSphere Network Deployment. This can be configured and deployed with the Sametime System Console. The new Sametime Meeting Server consists of two components. - the Meeting Server - the Meeting HTTP Proxy Clustering means that a meeting room is running only on one server at a time. The Meeting Proxy servers have the information on witch Meeting Server instance the Meeting Room is running and forward incoming requests to the right server. Meeting data are stored only in the database. In case of a fail over the Meeting Room will be started on another Meeting Server in the cluster immediately. For external access a separate Sametime Meeting Server in your DMZ is recommended for better security.Social Business 217 © 2010 IBM Corporation
  • 218. You have now successfully installed the Sametime Meeting Server. Click the „Finish“ button and exit the Installation Manager and Launchpad.Social Business 218 © 2010 IBM Corporation
  • 219. Click “File” in the menue bar and then “Exit”.Social Business 219 © 2010 IBM Corporation
  • 220. In the Launchpad click again on “Exit”.Social Business 220 © 2010 IBM Corporation
  • 221. Click the “OK” button to close the Launchpad.Social Business 221 © 2010 IBM Corporation
  • 222. Close the CMD line window with the command “exit”.Social Business 222 © 2010 IBM Corporation
  • 223. STEP NINE: Use the Guided Activity in the Sametime System Console to federate the new installed Meeting Server node to the Deployment Manager and cluster it. Summary In this step you create a Meeting cluster, add the new node on your Edge Server to the WebSphere Cell of your Sametime System Console and add it to the cluster.Social Business 223 © 2010 IBM Corporation
  • 224. In your Sametime System Console click on “Sametime System Console” - “Sametime Guided Activities” and then on “Cluster WebSphere Application Servers”.Social Business 224 © 2010 IBM Corporation
  • 225. Click the “Next” button to continue.Social Business 225 © 2010 IBM Corporation
  • 226. We want to cluster our Meeting Server installations. So select “Sametime Meeting Server” and click the “Next” button.Social Business 226 © 2010 IBM Corporation
  • 227. Enter a name for the cluster. We use “Meeting_Cluster”. Then click the “Next” button. The cluster name can not contain blank characters.Social Business 227 © 2010 IBM Corporation
  • 228. We want to use the “System Console” Deployment Manager. Select the entry and click the “Next” button.Social Business 228 © 2010 IBM Corporation
  • 229. Click the “Create cluster” button to create the cluster. This step can take 4 or 5 minutes. If the process takes too long and runs into a timeout, then you get a failure message here. Wait 2 minutes and click the button “Create cluster” again. Then it works mostly.Social Business 229 © 2010 IBM Corporation
  • 230. The cluster is now created successfully. Click the “Next” button to continue.Social Business 230 © 2010 IBM Corporation
  • 231. The secondary node is already federated to the cell. Click the “Next” button to continue.Social Business 231 © 2010 IBM Corporation
  • 232. To add the secondary node to the cluster click the “Add to cluster” button.Social Business 232 © 2010 IBM Corporation
  • 233. The secondary node is now successfully added to the cluster. Click the “Next” button to continue.Social Business 233 © 2010 IBM Corporation
  • 234. Now you have successfully clustered the 2 Sametime Meeting Servers. Click the “Finish” button to continue.Social Business 234 © 2010 IBM Corporation
  • 235. STEP TEN: Remove the newly created application server “Meeting Server”. Summary In this step you remove the installed meeting server. We only need the node installation for the Edge HTTP Proxy but we dont need the Server.Social Business 235 © 2010 IBM Corporation
  • 236. In your Sametime System Console – Integrated Solutions Console – click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business 236 © 2010 IBM Corporation
  • 237. Check the check box near your new meeting Server “STMeetingServer1”. The one who is not running and installed on your edge box. Be sure to select the right one. Then click the “Delete” button.Social Business 237 © 2010 IBM Corporation
  • 238. Crosscheck that you have selected the right one. If yes, then click the “OK” button.Social Business 238 © 2010 IBM Corporation
  • 239. Save the last changes by clicking the “Save” link.Social Business 239 © 2010 IBM Corporation
  • 240. STEP ELEVEN: Create the WebSphere Meeting HTTP Edge Proxy. Summary In this step you create a Meeting HTTP Edge Proxy on your Edge Server to forward incomming HTTP requests from Internet clients to your Sametime Meeting and Sametime Proxy servers in your Intranet. This step has to be done in your Sametime System Consoles Integrated Solutions Console.Social Business 240 © 2010 IBM Corporation
  • 241. Click on “Servers” - “Server Types” and then on “WebSphere proxy servers”.Social Business 241 © 2010 IBM Corporation
  • 242. Click the “New” button to create the new HTTP Proxy server.Social Business 242 © 2010 IBM Corporation
  • 243. Select the node on your edge server “edgeSTMNode1” and enter a name for your Edge HTTP Proxy Server. We just use “STMeetingHttpEdgeProxy”. Then click the “Next” button to continue.Social Business 243 © 2010 IBM Corporation
  • 244. Uncheck the “SIP” property. In this server we only need HTTP. Then click the “Next” button to continue.Social Business 244 © 2010 IBM Corporation
  • 245. Click the “Next” button to continue.Social Business 245 © 2010 IBM Corporation
  • 246. Click the “Next” button to continue.Social Business 246 © 2010 IBM Corporation
  • 247. Save the last changes by clicking the “Save” link.Social Business 247 © 2010 IBM Corporation
  • 248. STEP TWELVE: Post Install tasks for the WebSphere Meeting HTTP Edge Proxy. Summary In this step you configure the ports used by your HTTP Edge Proxy Server and the Services for automatic startup with the Operating System.Social Business 248 © 2010 IBM Corporation
  • 249. Click on “Servers” - “Server Types” and then on “WebSphere proxy servers”.Social Business 249 © 2010 IBM Corporation
  • 250. Click the newly created “STMeetingHttpEdgeProxy” server.Social Business 250 © 2010 IBM Corporation
  • 251. On the right side click on “Ports”.Social Business 251 © 2010 IBM Corporation
  • 252. Click the “PROXY_HTTP_ADDRESS”.Social Business 252 © 2010 IBM Corporation
  • 253. Change the Port to “80” and click the “OK” button.Social Business 253 © 2010 IBM Corporation
  • 254. Now click the “PROXY_HTTPS_ADDRESS”.Social Business 254 © 2010 IBM Corporation
  • 255. Change the port to “443” and click the “OK” button.Social Business 255 © 2010 IBM Corporation
  • 256. To save the last changes click the “Save” link.Social Business 256 © 2010 IBM Corporation
  • 257. The Installer has installed a service for an server that does not exist anymore. We first need to remove that service and then create the services we need.Social Business 257 © 2010 IBM Corporation
  • 258. In a CMD line window navigate to the directory WebSphere binaries directory with the command “cd IBMWebSphereAppServerbin”.Social Business 258 © 2010 IBM Corporation
  • 259. Remove the service with the command: “wasservice -remove STMeetingServer”.Social Business 259 © 2010 IBM Corporation
  • 260. Confirm that the removal was successful.Social Business 260 © 2010 IBM Corporation
  • 261. To create the right services we need the profile path in the command line. In your file explorer navigate to the directory “C:IBMWebSphereAppServerprofilesedgeSTMSNProfile1”. Copy the link into your dashboard with the “Ctrl-C” keycombination.Social Business 261 © 2010 IBM Corporation
  • 262. Now enter the command to create the service: “wasservice -add STMeetingHttpEdgeProxy -serverName STMeetingHttpEdgeProxy -profilePath C:IBMWebSphereAppServerprofilesedgeSTMSNProfile1 -stopArgs “-username wasadmin -password passw0rd” -encodeParams”. Check that the command was processed successfully.Social Business 262 © 2010 IBM Corporation
  • 263. Now enter the command to create the Nodeagent service:“wasservice -add STMeetingHttpEdgeProxy_NA -serverName nodeagent-profilePath C:IBMWebSphereAppServerprofilesedgeSTMSNProfile1-stopArgs “-username wasadmin -password passw0rd” -encodeParams”.Check that the command was processed successfully.Social Business 263 © 2010 IBM Corporation
  • 264. Last step is to configure the dependencies between the 2 services. For that enter the command: “sc config “IBMWAS70Service – STMeetingHttpEdgeProxy” depend= “IBMWAS70Service – STMeetingHttpEdgeProxy_NA””. Confirm that the command was processed successfully.Social Business 264 © 2010 IBM Corporation
  • 265. You have now successfully created the required services. Set both to start automatic. Then restart the OS.Social Business 265 © 2010 IBM Corporation
  • 266. When the OS has been restarted after some minutes you should see that all services are started succesfully.Social Business 266 © 2010 IBM Corporation
  • 267. STEP THIRTEEN: Install the TURN server. Summary In this step you copy the TURN Server files to the Edge server and configure it.Social Business 267 © 2010 IBM Corporation
  • 268. First you need to check that JAVA is installed and in the PATH environment variable. Open a CMD line window and enter the command “java -version”. If you get back the version info, then all is ok. The JAVA Version should be 1.6 at minimum. Because we have installed 2 Websphere parts before, we already have the Java version we need.Social Business 268 © 2010 IBM Corporation
  • 269. If the command “java -version” does not return the JAVA version, then you need to set the System PATH environment variable correctly first. Right Click on your “Computer” and then “Properties”. In the Properties Window click on “Advanced System Settings”Social Business 269 © 2010 IBM Corporation
  • 270. Click the “Environment Variables” Button.Social Business 270 © 2010 IBM Corporation
  • 271. In the “System Variables” part click the “Path” variable and then the “Edit..” button.Social Business 271 © 2010 IBM Corporation
  • 272. At the end of the path add “;C:IBMWebSphereAppServerjavabin”. Dont forget the Semicolon character at the beginning. Then click the “OK” button.Social Business 272 © 2010 IBM Corporation
  • 273. Click “OK” to close the window.Social Business 273 © 2010 IBM Corporation
  • 274. Click “OK” again to close the window. Then close the Control Panel.Social Business 274 © 2010 IBM Corporation
  • 275. In your File Explorer copy the “TURN_Server” directory from your Media Manager Install package to the destination folder you want. We copy the directory to “C:IBM”.Social Business 275 © 2010 IBM Corporation
  • 276. Navigate to this new directory “C:IBMTURN_Server” and open the configuration file “TurnServer.properties” with notepad or wordpad.Social Business 276 © 2010 IBM Corporation
  • 277. Configure the TURN Server configuration file with the IP addresses who are used in your environment. In this example we use: turn.local.hostname.ipv4 “192.168.40.40” turn.allocation.hostname.ipv4 “192.168.30.50” turn.public.hostname.ipv4 “192.168.0.1” And udp.turn.port “3478” Then save and close the file.Social Business 277 © 2010 IBM Corporation
  • 278. To start the TURN server open a CMD line window and navigate to the TURN Server directory with the command “cd IBMTURN_Server”. Then start the turn server with the command “run”.Social Business 278 © 2010 IBM Corporation
  • 279. The TURN server is now started and listens on the required ports.Social Business 279 © 2010 IBM Corporation
  • 280. STEP FOURTEEN: Configure the TURN server. Summary In this step you configure your Sametime Media Manager to support NAT Traversal using the TURN server.Social Business 280 © 2010 IBM Corporation
  • 281. On your Sametime Media Manager Machine open a File Explorer and navigate to the directory: “C:IBMWebSphereAppServerprofilesSTSCDMgrProfileconfigcellssametimeSSC CellnodessametimeSTMSNode1serversSTMediaServer”. Here open the file “stavconfig.xml” using your Wordpad. (we need to edit the file so a browser wont work)Social Business 281 © 2010 IBM Corporation
  • 282. Find the setting “NATTraversalEnabled” and set its value to “true”. Then save and close the file.Social Business 282 © 2010 IBM Corporation
  • 283. To synchronize this change to the Sametime Media Manager go to your Sametime System Console – Integrated Solutions Console and click on “System Administration” and then on “Nodes”.Social Business 283 © 2010 IBM Corporation
  • 284. Check all nodes and click the “Full Resynchronize” button.Social Business 284 © 2010 IBM Corporation
  • 285. Then click on “Sametime System Console” - “Sametime Servers” and then on “Sametime Media Managers”.Social Business 285 © 2010 IBM Corporation
  • 286. Click your “Media Manager”.Social Business 286 © 2010 IBM Corporation
  • 287. Go down to the “NAT Traversal” settings. In the “UDP host name” field enter the edge server host name “edge.renovations.com”. Then click the “OK” button.Social Business 287 © 2010 IBM Corporation
  • 288. To apply the changes just restart the Sametime Media Manager by restarting the “STMediaServer” service.Social Business 288 © 2010 IBM Corporation
  • 289. Next is to implement a Service to start and stop the TURN server automatic during OS startup and to run the TURN server in the background. Stop your running TURN server now by clicking the “Ctrl-C” key combination. Then just hit the “Y” key and then Enter.Social Business 289 © 2010 IBM Corporation
  • 290. For that you need a small tool called “SRVANY.EXE”. This tool is in the Microsoft Windows Resource Kit for the Windows Server 2003. Take a Windows 2003 Server, download the resource kit from Microsoft and install the kit. Then copy this file from the resource kit to your Windows OS into the directory “C:Windowssystem32”. (This can be Windows 2003 or 2008, 32 or 64bit. It works in all versions)Social Business 290 © 2010 IBM Corporation
  • 291. To create the service open a CMD Windows in Administrator mode and enter the command:“sc create “IBM Sametime TURN Server” binPath= “C:WindowsSystem32srvany.exe”Dont forget the space between the “binPath=” and the path.Social Business 291 © 2010 IBM Corporation
  • 292. Now you need to configure the service. This can be done only in the Registry Editor. Openyour regedit and navigate to the key of your new service: “HKEY_LOCAL_MACHINE” -“SYSTEM” - “CurrentControlSet” - “Services” - “IBM Sametime TURN Server”Social Business 292 © 2010 IBM Corporation
  • 293. Create a new key by clicking “Edit” - “New” - “Key”.Social Business 293 © 2010 IBM Corporation
  • 294. Give the new Key a name. Enter just “Parameters”.Social Business 294 © 2010 IBM Corporation
  • 295. Next is to enter the Parameter String. For that a String Value field is required. Click on “Edit” - “New” - “String Value”Social Business 295 © 2010 IBM Corporation
  • 296. Enter the name for your new String Value. Enter “Application” here.Social Business 296 © 2010 IBM Corporation
  • 297. Now double Click into the “Application” String Value to enter the content string.Social Business 297 © 2010 IBM Corporation
  • 298. Enter the string: “java.exe -Djava.util.logging.config.file=c:IBMturn_serverlogging.properties -cp c:IBMturn_serverTurnServer.jar;c:IBMturn_serverICECommon.jar com.ibm.turn.server.TurnServer”Social Business 298 © 2010 IBM Corporation
  • 299. Be sure that you have entered the string correctly.Social Business 299 © 2010 IBM Corporation
  • 300. The Service runs the JAVA command out of the “C:WindowsSystem32” directory. And this requires that the TURN Server Properties file is there as well. So copy your “turnserver.properties” file from your “C:IBMTURN_Server” to your “C:WindowsSystem32” directory.Social Business 300 © 2010 IBM Corporation
  • 301. Your Service is now ready to use. Just configure it to start Automatic and then start it.Social Business 301 © 2010 IBM Corporation
  • 302. Your TURN Server Service is now configured and started.Social Business 302 © 2010 IBM Corporation
  • 303. STEP FIFTEEN: Test all Edge components. Summary In this step you use your Browser and a Sametime Connect client to access your Sametime System from the Internet thrugh a NAT traversal firewall.Social Business 303 © 2010 IBM Corporation
  • 304. Install a Sametime Connect client in the public network and connect it to “chat.renovations.com” for community services. Tthis DNS host name should be routed to your Edge server in your public DNS. Login with a user in your LDAP. You should see that you are online and that you have connectivity to your Media Manager when the Audio and Video icons appear. Configure the Sametime meeting server “meeting.renovations.com” to access your meeting rooms. This host name should point to your Edge server as well in your public DNS.Social Business 304 © 2010 IBM Corporation
  • 305. If you attend a meeting room with someone in your Intranet you should see Audio and Video works.Social Business 305 © 2010 IBM Corporation
  • 306. Next test is to access the URL “http://meeting.renovations.com” in your browser. You should be redirected to the “../stmeetings” page.Social Business 306 © 2010 IBM Corporation
  • 307. Next test is to access the URL “http://webchat.renovations.com” in yourbrowser. You should be redirected to the “../stwebclient/index.jsp” page.Social Business 307 © 2010 IBM Corporation
  • 308. STEP SIXTEEN: Create the DB2 Database for the Sametime Gateway. Summary In this step you create the DB2 Database for the Sametime Gateway.Social Business 308 © 2010 IBM Corporation
  • 309. You need to copy the DB2 Database creation script “createDb.sql” from the Install directory “C:InstallSametimeGatewaydatabasedb2” to your DB2 server machine. We copy it to “D:Install” on this box..Social Business 309 © 2010 IBM Corporation
  • 310. Open a CMD line window, navigate to the “D:Install” directory and enter the command “db2cmd”.Social Business 310 © 2010 IBM Corporation
  • 311. A new CMD line window opens. This window now has the environment to run the DB2 Database installation script. Enter the command “db2 -tvf createDb.sql”.Social Business 311 © 2010 IBM Corporation
  • 312. It takes some time until the database is created and configured. Confirm that you can see all commands completed successfully.Social Business 312 © 2010 IBM Corporation
  • 313. STEP SEVENTEEN: Create the DB2 Prerequisite in the Sametime System Console for the Sametime Gateway database. Summary In this step you create a DB2 Prerequisite for your Sametime Gateway DB2 database to be used in the Sametime System Console.Social Business 313 © 2010 IBM Corporation
  • 314. In the Sametime System Console click on “Sametime System Console” - “Sametime Prerequisites” and then on “Connect to DB2 Databases”.Social Business 314 © 2010 IBM Corporation
  • 315. Click the “Add” button to add your new database.Social Business 315 © 2010 IBM Corporation
  • 316. Enter the data in the form: Host name: “sametime.renovations.com” Database name: “stGW” Application user ID: “db2admin” Application password: password of your db2admin user Then click the “Finish” button.Social Business 316 © 2010 IBM Corporation
  • 317. Your Sametime Gateway DB2 database is now successfully added to the prerequisites in your Sametime System Console.Social Business 317 © 2010 IBM Corporation
  • 318. STEP EIGHTEEN: Enable Trust for the Sametime Gateway in the Sametime Community Server. Summary In this step you enable your Sametime Gateway to connect to your Sametime Community Server.Social Business 318 © 2010 IBM Corporation
  • 319. Open the Sametime System Console, and navigate to the Sametime Community Server by clicking on „Sametime System Console“ then „Sametime Servers“ and then „Sametime Community Servers“.Social Business 319 © 2010 IBM Corporation
  • 320. Click the link to your Community Server. We click on „Chat Server“ because this is our name for the Community Server Deployment Plan.Social Business 320 © 2010 IBM Corporation
  • 321. Enter the IP address of the Server you want to allow connecting to the Sametime Community Server. In this example we use the IP „192.168.30.60“ for the Sametime Gateway Server and then click the “Add” Button.Social Business 321 © 2010 IBM Corporation
  • 322. We have now added the required IP addresses for the Sametime Gateway. Now click the “OK” button to continue.Social Business 322 © 2010 IBM Corporation
  • 323. Now restart the Sametime Community Server by entering the command „restart server“ in the Domino Console window. Never use this command in a production Sametime server because it can happen that not all Sametime tasks are stopped before the domino server restarts. This can cause massive problems for starting the Sametime Services. Stop your Domino Server using the “Quit” command or by stopping the “Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager. Then restart the Domino Server again. It takes up to 5 Minutes until the Sametime Community Server is completely restarted and all 41 Sametime tasks are again active.Social Business 323 © 2010 IBM Corporation
  • 324. STEP NINETEEN: Install the Sametime Gateway. Summary Complete these steps to install Sametime® Gateway as a single server on Windows®, to create an administrative user ID for WebSphere® Application Server, and to connect to an LDAP server. This installation program installs WebSphere Application Server and Sametime Gateway.Social Business 324 © 2010 IBM Corporation
  • 325. Open a CMD line window and navigate to the directory “cd InstallSametimeGateway”. Then enter the command “install.bat”.Social Business 325 © 2010 IBM Corporation
  • 326. The Install Shield Wizard is starting up.Social Business 326 © 2010 IBM Corporation
  • 327. Select your preferred language. We use “English”. Then click the “OK” button.Social Business 327 © 2010 IBM Corporation
  • 328. Click the “Next” button to continue.Social Business 328 © 2010 IBM Corporation
  • 329. Accept the terms in the license agreement and click the “Next” button to continue.Social Business 329 © 2010 IBM Corporation
  • 330. We want to install a “Standalone server”. Then click the “Next” button to continue.Social Business 330 © 2010 IBM Corporation
  • 331. We need to select the WebSphere installation files directory. Click the “Browse” button to continue.Social Business 331 © 2010 IBM Corporation
  • 332. Select the directory “ifpackage” under the directory to where you have unpacked the WebSphere Application Server install package. Click the “Open” button to continue.Social Business 332 © 2010 IBM Corporation
  • 333. Click the “Next” button to continue.Social Business 333 © 2010 IBM Corporation
  • 334. As always in this example installation – remove “Program Files” please. Then click the “Next” button to continue.Social Business 334 © 2010 IBM Corporation
  • 335. Confirm that your host name is listed correctly. Then click the “Next” button to continue.Social Business 335 © 2010 IBM Corporation
  • 336. Enter the user name for your WebSphere Administrator. As for other WebSphere based servers before, this user must not exist in your directory. We use our standard user name “wasadmin”. Enter the password for this user twice. Then click the “Next” button to continue.Social Business 336 © 2010 IBM Corporation
  • 337. As always in this example installation – remove “Program Files” please. Then click the “Next” button to continue.Social Business 337 © 2010 IBM Corporation
  • 338. In this screen we need to configure the DB2 server and database properties. We use: DB2 Host name: “sametime.renovations.com” Database name: “stGW” Application User ID: “db2admin” and its password Schema User ID: “db2admin” and its password Then click the “Next” button to continue.Social Business 338 © 2010 IBM Corporation
  • 339. Yes, we want to configure the LDAP settings now. Then click the “Next” button to continue.Social Business 339 © 2010 IBM Corporation
  • 340. The Host name in our example is “ldap.renovations.com”. And the Port is “3268” because it is an Active Directory Server. Then click the “Next” button to continue.Social Business 340 © 2010 IBM Corporation
  • 341. The Bind distinguished name in our example is “cn=LDAP Bind,cn=users,dc=ad,dc=renovations,dc=com”. Enter the password of this user in the Bind password field. Then click the “Next” button to continue.Social Business 341 © 2010 IBM Corporation
  • 342. Theis are the detected baseDN settings retrieved from our AD LDAP. If using another LDAP like Domino LDAP, then this screen can be different. We use the default “DC=ad,DC=renovations,DC=com”. Then click the “Next” button to continue.Social Business 342 © 2010 IBM Corporation
  • 343. Click the “Install” button to start the installation.Social Business 343 © 2010 IBM Corporation
  • 344. The Sametime Gateway including the base WebSphere Application Server is now installing. This task takes approximately 15 minutes.Social Business 344 © 2010 IBM Corporation
  • 345. The installation has finished successfully. Click the “Finish” button to continue.Social Business 345 © 2010 IBM Corporation
  • 346. STEP TWENTY: Post Install tasks for the Sametime Gateway. Summary In this step you install the WebSPhere Update Installer and install some WebSphere iFixes that are required by the Sametime Gateway. Then you create the service to start the Sametime Gateway automatic with the Operating System.Social Business 346 © 2010 IBM Corporation
  • 347. You need to unzip the installer for the WebSPhere Update installer first. Unzip the zip file for your Operating System. In our example we use Windows. So we unzip the file “7.0.0.15-WS-UPDI-WinIA32.zip”.Social Business 347 © 2010 IBM Corporation
  • 348. Open a CMD line window and navigate to the directory where you have unpacked the UPDI install files. We just use the command “cd InstallSametimeWASiFixesWebSphereUPDIUpdateInstaller”. Then start the installer with the “install.exe” command.Social Business 348 © 2010 IBM Corporation
  • 349. Click the “Next” button to continue.Social Business 349 © 2010 IBM Corporation
  • 350. Accept the terms in the license agreements and click the “Next” button to continue.Social Business 350 © 2010 IBM Corporation
  • 351. Confirm the System Prerequisite Check is passed. Then click the “Next” button to continue.Social Business 351 © 2010 IBM Corporation
  • 352. As always we recommend to remove the “Program Files” part in the Path. Then click the “Next” button to continue.Social Business 352 © 2010 IBM Corporation
  • 353. Click the “Next” button to continue.Social Business 353 © 2010 IBM Corporation
  • 354. The Update Installer is now installing.Social Business 354 © 2010 IBM Corporation
  • 355. Confirm that the installation was successful. Mark the check box to launch the Update installer. Then click the “Finis” button to continue.Social Business 355 © 2010 IBM Corporation
  • 356. Click the “Next” button to continue.Social Business 356 © 2010 IBM Corporation
  • 357. Click the “Next” button to continue.Social Business 357 © 2010 IBM Corporation
  • 358. Click the “Next” button to continue.Social Business 358 © 2010 IBM Corporation
  • 359. We need to change the directory path where the iFixes can be found. Click the “Browse” button.Social Business 359 © 2010 IBM Corporation
  • 360. Change to the directory where you have unpacked the iFixes. We use “C:InstallSametimeWASiFixesWebSphereiFixes”. Then click the “Open” button.Social Business 360 © 2010 IBM Corporation
  • 361. Click the “Next” button to continue.Social Business 361 © 2010 IBM Corporation
  • 362. Click the “Next” button to continue.Social Business 362 © 2010 IBM Corporation
  • 363. Click the “Next” button to continue.Social Business 363 © 2010 IBM Corporation
  • 364. The WebSphere iFixes are now installing.Social Business 364 © 2010 IBM Corporation
  • 365. Confirm that all iFixes where installed successfully. Then click the “Finish” button to continue.Social Business 365 © 2010 IBM Corporation
  • 366. To create the service we need the profile path. Open a file explorer and navigate to this directory “C:IBMWebSphereAppServerprofilesRTCGW_Profile”. Then copy this path into your dashboard using the Ctrl-C key combination.Social Business 366 © 2010 IBM Corporation
  • 367. Now start a CMD line window. There navigate to the WebSphere binaries directory with the command: “cd IBMWebSphereAppServerbin”. Then enter the command to create the service: “wasservice -add RTCGWServer -serverName RTCGWServer -profilePath C:IBMWebSphereAppServerprofilesRTCGW_Profile -stopArgs “-username wasadmin -password passw0rd” -encodeParams” Confirm that the service creation was successful.Social Business 367 © 2010 IBM Corporation
  • 368. The Service was created and can be seen in the services view.Social Business 368 © 2010 IBM Corporation
  • 369. Set the service to “Automatic” in the preferences. Then start the service.Social Business 369 © 2010 IBM Corporation
  • 370. The Sametime Gateway Service has started successfully.Social Business 370 © 2010 IBM Corporation
  • 371. STEP TWENTYONE: Register the Sametime Gateway in the Sametime System Console. Summary After installing an IBM® Sametime® Gateway server on IBM AIX®, Linux™, Sun Solaris, or Microsoft™ Windows™, register it with the Sametime System Console, so you can manage all of the Sametime servers from a central location.Social Business 371 © 2010 IBM Corporation
  • 372. This registration requires to configure two preferences files and then run a registration batch file. Open a file explorer and navigate to the directory “C:IBMWebSphereSTgatewayconsole”. There open the file “console.properties” in a notepad session.Social Business 372 © 2010 IBM Corporation
  • 373. Configure the parameters: SSCHostName “sametime.renovations.com” SSCUserName “wasadmin” and its password. Then save and close the file.Social Business 373 © 2010 IBM Corporation
  • 374. Next is to open the file “productConfig.properties” in your notepad.Social Business 374 © 2010 IBM Corporation
  • 375. In this file you need to enter several variables: DepName “Sametime Gateway” (or whatever you want to name it in your SSC) WASPassword Enter the password of your local wasadmin user in the Gateway.Social Business 375 © 2010 IBM Corporation
  • 376. Enter the passwords of your “db2admin” user and of your “LDAP Bind” user.Social Business 376 © 2010 IBM Corporation
  • 377. Enter the DNS FQ Host name of your Sametime Community Server. We use “chat.renovations.com”. The Port is “1516”. Important is to set the flag “IsFederated” to “true”. Otherwise the registration can fail. Save and close the file.Social Business 377 © 2010 IBM Corporation
  • 378. Open a CMD line window and navigate to the console directory with the command “cd IBMWebSphereSTGatewayconsole”. Then start the registration bat with the command “registerProduct.bat”.Social Business 378 © 2010 IBM Corporation
  • 379. Just hit the ENTER key...Social Business 379 © 2010 IBM Corporation
  • 380. The registration has finished. Confirm that it has completed successfully.Social Business 380 © 2010 IBM Corporation
  • 381. STEP TWENTYTWO: Connect the Sametime Gateway to the local Sametime Community. Summary Connect a local Sametime® Community Server or Sametime community cluster to Sametime Gateway to enable Sametime users to have instant messaging with external users. Important: You can only connect one gateway to a community; otherwise the awareness and chat features may not work properly. Likewise, you can connect only one local Sametime community to Sametime Gateway. You must add the local community to Sametime Gateway before you add external communities.Social Business 381 © 2010 IBM Corporation
  • 382. In your Sametime System Console click on “Sametime System Console” - “Sametime Servers” and then on “Sametime Gateway Servers”.Social Business 382 © 2010 IBM Corporation
  • 383. Click on “Communities”.Social Business 383 © 2010 IBM Corporation
  • 384. Click the “New” button.Social Business 384 © 2010 IBM Corporation
  • 385. Fill the form with your data. For the Name we just use “Renovations”. The Domains should contain your local internet e-mail domains. We use “renovations.com”. The Sametime Community Host is “chat.renovations.com” in our example. Then click the “Apply” button.Social Business 385 © 2010 IBM Corporation
  • 386. The local community has been added.Social Business 386 © 2010 IBM Corporation
  • 387. Restart the Sametime Gateway by restarting the RTCGWServer service.Social Business 387 © 2010 IBM Corporation
  • 388. After the restart you should see in your Sametime System Console that the local community is connected.Social Business 388 © 2010 IBM Corporation
  • 389. STEP TWENTYTHREE: Connect the Sametime Gateway to an other Sametime Community. Summary Add an external Sametime® community to IBM® Sametime Gateway. You connect to a Sametime community by specifying domains in the external community, selecting a translation protocol, and setting the host name, port, and transport protocol for the external community.Social Business 389 © 2010 IBM Corporation
  • 390. To connect to an external Sametime Community click the “New” button in your Sametime System Console.Social Business 390 © 2010 IBM Corporation
  • 391. We have already prepared a partner community with a working Sametime Gateway. We need to fill the connectivity data to this community now. Name “IBM” Type “External” Domains “ibm.com” Protocol “SIP for Sametime Gateway” Host name “gateway.ibm.com” Port “5060” Transport “TCP” then click the “OK” button.Social Business 391 © 2010 IBM Corporation
  • 392. It is again required to restart the gateway server by restarting the “RTCGWServer” service.Social Business 392 © 2010 IBM Corporation
  • 393. The Gateway is restarted and connected to the internal and external Sametime community.Social Business 393 © 2010 IBM Corporation
  • 394. STEP TWENTYFOUR: Enable the clients to use the Sametime Gateway. Summary In this step you allow your Sametime Clients to add external users to their contact lists.Social Business 394 © 2010 IBM Corporation
  • 395. In your Sametime System Console click on “Sametime System Console” - “Manage Policies”.Social Business 395 © 2010 IBM Corporation
  • 396. Edit the default policy by clicking the “Edit” button.Social Business 396 © 2010 IBM Corporation
  • 397. Check the check box “Allow users to add external users using the Sametime gateway communities”.Social Business 397 © 2010 IBM Corporation
  • 398. On the bottom of the form click the “OK” button to save the policy changes.Social Business 398 © 2010 IBM Corporation
  • 399. Restart the Sametime Community Server with the console command “restart server”. You know dont use this command in a production environment.Social Business 399 © 2010 IBM Corporation
  • 400. STEP TWENTYFIVE: Test the Sametime Gateway with the Sametime Client. Summary You are done with installing and configuring all the Edge components. Now you want to know if all works. Here we test the Sametime Gateway functionality.Social Business 400 © 2010 IBM Corporation
  • 401. In your Sametime Connect Client click the “Add Person” button.Social Business 401 © 2010 IBM Corporation
  • 402. Because of the policy change you can add external users now. Check the check box to “Add external users by E-mail address” and enter a valid E-mail address from your partner community. We try it with the name “dan.misawa@ibm.com”. Then click the “Add” button.Social Business 402 © 2010 IBM Corporation
  • 403. The user is now added. Some partner gateways require a permission by the partner. Click the “OK” button.Social Business 403 © 2010 IBM Corporation
  • 404. Close the “New Contact” dialog with the “Close” button.Social Business 404 © 2010 IBM Corporation
  • 405. Wow, it works. You partner user is shown as online and you kan chat with him now.Social Business 405 © 2010 IBM Corporation
  • 406. Additional Steps after the installation: Some additional Tuning steps can be done after all components are installed. You should consult the Sametime Product Documentation in the Internet about this steps here: http://www-10.lotus.com/ldd/stwiki.nsf/dx/Tuning_st852 If you want to implement SSL to access your Sametime Meeting or Sametime Proxy Server, additional configuration steps are required. See the Lotus Sametime InfoCenter for more details or contact the author of this document. Automatic URL redirection to https (SSL) can be configured. To get the install instructions you can contact the author of this document.Social Business 406 © 2010 IBM Corporation
  • 407. If you want to connect your Sametime Gateway to AOL, then a trusted certificate is required. This needs to be bought from a public certificate authority. If you want to connect your Sametime Gateway to Google, then you need some special XMPP records in the public DNS. You can connect your Sametime Gateway to a Microsoft Office Communication Server community or other XMPP based communities (Jabber) See the Sametime documentation for more information. http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp?lookupName=Product %20Documentation The first part (Basic installation) of this documentation can be found here: http://www-10.lotus.com/ldd/stwiki.nsf/dx/IBM_Sametime_8.5.2_Installation- From_Zero_To_Hero-BasicsSocial Business 407 © 2010 IBM Corporation
  • 408. Ports to access the Integrated Solutions Console of the particular Servers This are the standard ports when the servers are installed with the Cell profile method. HTTP HTTPS Sametime Meeting Server 8500 8501 Sametime Proxy Server 8600 8601 Sametime System Console 8700 8701 Sametime Media Manager 8800 8801 In this Pilot we only need the Sametime System Console and Sametime Media Manager ports for all administrative work in WebSphere and Sametime.Social Business 408 © 2010 IBM Corporation
  • 409. Legal Disclaimer © IBM Corporation 2011. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.Social Business 409 © 2010 IBM Corporation