JMP205 From Zero To Mobile Hero - IBM Sametime 8.5.2 Mobile Access Server Installation

9,509 views
9,401 views

Published on

IBM Sametime Server setup can be fast, smooth and easy when you know what you are doing. 120 minutes is all it takes and we will show you how.
The new IBM Sametime Apps for 8.5.2 IFR1 requires just one of the new Sametime Components - the IBM Sametime Proxy Server.
In this session we want to prove that it is possible to create a "Proof-Of-Concept" setup for mobile access very quickly.
We will install the new IBM Sametime 8.5.2 IFR1 Proxy Server, the DB2 Server, the required Database and required certificates for security.
At the end you can access the newly built IBM Sametime server with your iOS or Android device.

Published in: Technology
1 Comment
2 Likes
Statistics
Notes
No Downloads
Views
Total views
9,509
On SlideShare
0
From Embeds
0
Number of Embeds
1,358
Actions
Shares
0
Downloads
438
Comments
1
Likes
2
Embeds 0
No embeds

No notes for slide

JMP205 From Zero To Mobile Hero - IBM Sametime 8.5.2 Mobile Access Server Installation

  1. 1. JMP205 From Zero to Mobile Hero: IBM Sametime 8.5.2 Mobile Access Server install Frank Altenburg, SME for IBM Sametime, IBM Germany Volker Juergensen, Senior IT Specialist, IBM Germany© 2013 IBM Corporation
  2. 2. Agenda  Introduction  Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server  Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment  The 17 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment2 © 2013 IBM Corporation
  3. 3. Introduction  This document describes how to implement, in a very fast way, the infrastructure to access your IBM Sametime Community environment from mobile iOS and Android devices.  It is designed for a Proof of Concept, Proof of Technology or a small test deployment only.  It does not contain information how to implement a high available infrastructure.  You can start with this document just to "make your bosses happy". But to make the system available for a larger number of users, it is recommended to invite IBM Services for planing and implementing a clustered Sametime Proxy infrastructure in your organization.  If you already have a Sametime 8.5.x environment with the Sametime System Console in place, then it is recommended to use this existing SSC to implement your Sametime Proxy Server environment in your DMZ.  The Author has tested this scenario with all Sametime releases down to version 7.5.1. But officially supported is IBM Sametime version 8.0.2 and newer only.  You need Sametime Standard licenses for all mobile clients who want to access the system.We do not recommend using this document to install your production environment.3 © 2013 IBM Corporation
  4. 4. New Sametime Mobile Instant Messaging  Instant Messaging Client for Android ─ Released with Sametime 8.5.2 ─ Runs on Android® 2.0 and greater ─ Available on the Google® Play Store® and downloadable from Sametime Community server  Instant Messaging client for iOS ─ Released with 8.5.2 IFR ─ Runs on iOS 4.3 and greater on iPhone® and iPad® ─ Available on the Apple App Store sm4 © 2013 IBM Corporation
  5. 5. Sametime Mobile Features  Contact List  Send photos  QuickFind  Text to speech notification and chats*  Search corporate directory  GPS-based location*  Favorites  Click to call using carrier number  Presence or SUT  Chat history  Background message notification  1 to 1 and group chat  Announcements  Emoticons  Business card  Sametime Unified Telephony*currently Android only5 © 2013 IBM Corporation
  6. 6. Native presence and IM on Android phones6 © 2013 IBM Corporation
  7. 7. Native presence and IM on the iPhone7 © 2013 IBM Corporation
  8. 8. Native presence and IM on the iPad8 © 2013 IBM Corporation
  9. 9. Support for Apple® Push Notification9 © 2013 IBM Corporation
  10. 10. Getting Sametime Mobile iOS clients ● iOS client is distributed through the Apple App Store and uses the standard iOS update mechanisms to maintain currency ● Client must be configured to point to the Sametime Proxy server ─ You can play with it on Greenhouse – Server: st85meetingsp.lotus.com – Port: 9444 – Secure Connection: On – Connection Type: Direct Connection10 © 2013 IBM Corporation
  11. 11. Getting Sametime Mobile Android Client ● The Android client can be loaded from the Android Market, or from the Sametime proxy server ● If loaded from Market, the standard Market update mechanism is used ● To get from the Sametime proxy server, the loads it from the following web address from their device: <proxy server addr>:<proxy port>/stmobile/Sametime.html  The automatic update feature from the proxy server (Lotus Mobile Installer, LMI) - Enter the ST proxy server address:port - Enter credentials - Select Next and it logs you into Sametime - As new Sametime client become available, you are notified via an Android notification. You can select it to install11 © 2013 IBM Corporation
  12. 12. Agenda  Introduction  Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server  Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment  The 17 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment12 © 2013 IBM Corporation
  13. 13. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) ServerPrerequisites ● IBM Sametime Community Server lowest release that is supported is only 8.0.2 and newer releases. ● You need Hardware or a VM in the DMZ for the server ● You need Network and DNS configuration ● NAT between your DMZ and the internet works fine ● You need Port openings to/from Internet ● You need Port openings to/from Intranet ● You need to download the required installation files from Passport Advantage and Fix Central ● You need 3 special administrative user accounts ● You need a trusted certificate (optional) ● Native client on iOS or Android devices © 2013 IBM Corporation
  14. 14. IBM Sametime Community Server This deployment is tested by the author of this document with all IBM Sametime Community Servers releases starting Version 7.5.1. A Sametime Community Server 7.0 or below does not work and can not be used for this IBM Sametime Mobile Access Server deployment. Officially supported is only IBM Sametime release 8.0.2 or newer. All older Sametime releases are already out of support. It works if the IBM Sametime Community Server uses Domino Directory authentication or LDAP authentication connected to one of the supported LDAP Servers. No other requirements to the LDAP server is required. If you have several IBM Sametime Community Servers or IBM Sametime Community Clusters running in a Sametime community configuration, then this IBM Sametime Mobile Access Server is connecting automatically to all servers in your community. If your Sametime Community servers use Domino Directory authentication we recommend you to invite IBM Services and migrate your servers to LDAP, install a Sametime System Console and assign the Servers to this System Console. See this link for more information about the Domino Directory to LDAP migration. © 2013 IBM Corporation
  15. 15. Hardware required for this Pilot Example Deployment ● 1 Server for ● IBM DB2 Server ● IBM Sametime 8.5.2 IFR1 System Console ● IBM Sametime 8.5.2 IFR1 Proxy Server ● Supported OS are: - Windows Server 2003 or 2008 (32 and 64 Bit) - Linux Enterprise Server RHEL or SLES - AIX - Solaris - iSeries This document describes how to install the components on a Windows 2008 platform. This deployment can host only a small number of Browser and mobile Apps clients. Ask you IBM representative for more detailed sizing information in a defined environment. © 2013 IBM Corporation
  16. 16. OS and Network requirements ● Make sure that all servers you want to use can be resolved in DNS. ● If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers. ● If you use Windows 2008 as Operating System, then you need to start all installations and configurations in „Administrative mode“. ● You need an alias entry in your Intranet DNS server pointing to the IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name as in the internet. ● You need an alias entry in the public Internet DNS pointing to the external IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name if possible as in the intranet. ● If on your external firewall NAT is in place (IP address translation) this works fine. But your firewall team needs to forward incoming traffic on ports 80 and 443 to your DMZ Sametime Proxy (Mobile Access) Server address. © 2013 IBM Corporation
  17. 17. Ports to be opened in the firewalls ● From your IBM Sametime Proxy (Mobile Access) Server in the DMZ to all your IBM Sametime Community Servers in the intranet you need to open the IBM Sametime Community Server VP port 1516 TCP. ● From all clients in the intranet to the IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443 TCP. ● From all clients in the internet to the public IP address of your IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443 TCP. ● From your IBM Sametime Proxy (Mobile Access) Server to the Apple Push Notification Services in the internet you need to open the ports 2195 and 2196 TCP. This service is available on the DNS addresses “gateway.push.apple.com” and “feedback.push.apple.com”. Both addresses have an IP address pool. If you can not open to the DNS alias name then you need to find out what IP addresses are behind this load balanced pool. ● From your administrative clients to the Sametime System Console Server the Ports 8700 and 8701 for administration. © 2013 IBM Corporation
  18. 18. Required files for a deployment on WindowsFor a Windows installation you need to download these files from Passport Advantage:CZYG1ML.zip IBM DB2 9.7 32Bit Limited Use for SametimeCZYF2ML.zip IBM Sametime 8.5.2 System Console for WindowsCI3Y8ML.zip IBM Sametime System Console V8.5.2 IFR 1CZYE6ML.zip IBM Sametime 8.5.2 Proxy Server for WindowsFrom Fix Central download the file:8521-ST-Proxy-IF-OOSN-8WGM37Filename: STProxyHotfix.zipThis Hotfix file contains the full IBM Sametime Proxy Server 8.5.2 IFR1update and thelatest cumulative hotfix. It is not required to download and install the Sametime Proxy8.5.2 IFR1 package first.Create a directory, for example “C:Install”, on the servers where you want to install.Then unpack the downloaded files into this directory. Just unpack the files required foryour deployment architecture on the particular server. © 2013 IBM Corporation
  19. 19. The directory “C:Install” for this example installation contains all installation files inunpacked format: © 2013 IBM Corporation
  20. 20. Required technical users for IBM Sametime 8.5.2IBM Sametime requires some technical users for components to communicate in anauthenticated mode. All of this users should be configured so that the password neverexpires and never needs to be changed.db2adminThis user is created during installation of the DB2 server in the Operating System. Donot create this user in advance.It is the user for all IBM Sametime related components using DB2 to access theirdatabases. Be sure to match the password policy requirements of the OS.wasadminThis is the user to access the IBM WebSphere components and to administer thesystem. This user must not exist in your LDAP directory. It is created duringWebSphere installation in a local file repository. Do not assign special characters forthe wasadmin password. Specially do not use the “$” character. The installer does notwarn, but the installation will fail. © 2013 IBM Corporation
  21. 21. Required technical users for IBM Sametime 8.5.2 (cont)Domino AdministratorThis user is created during installation of the Domino server hosting the IBM SametimeCommunity Server. It is a best practice to not use a existing administrative accountbecause it is the account with that the IBM Sametime System Console communicateswith the Community Server.LDAP Bind UserThis is a user account in your LDAP directory. This account is used to connect inauthenticated mode to the LDAP server to get all required attributes. It is possible toconnect anonymously to the LDAP but then it does not work with some LDAP systemsor the LDAP server requires special configuration to allow anonymous bind. © 2013 IBM Corporation
  22. 22. Native client on iOS or Android device  Getting the mobile Clients ─ iOS on App Store ─ Android now in Android Play Store, also as part of server installation for download22 © 2013 IBM Corporation
  23. 23. Agenda  Introduction  Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server  Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment  The 17 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment23 © 2013 IBM Corporation
  24. 24. Different ways to a IBM Sametime 8.5.2 IFR1 Proxy (MobileAccess) Server deployment It is possible to place all the new components into the Intranet and use a Reverse Proxy in the DMZ to access the system from the mobile devices through the Internet. This requires less ports to be opened in the firewalls. But 2 connections from the server in the Intranet through your DMZ to the APNS system in the Internet. This is mostly a security issue and not allowed. The Database to cache the chat messages sent to iOS devices can be implemented in the Intranet. But then a box (Hardware or virtual machine) is required for this server and the small database who only caches text messages. And the DB2 port needs to be opened from the IBM Sametime Proxy server in the DMZ to this DB2 Server in the Intranet. Because the use of the DB2 database might be small, DB2 is (or can be) resource intensive - if youre going to put it on the same machine - make sure the machine has enough RAM and CPU to handle it. A Backup of the system is required only once when the server is installed and all features are working fine. There is no changing data that needs to be backed up regularly. Only if you do any modification in the configuration a new full backup is recommended. © 2013 IBM Corporation
  25. 25. Use case for this implementation ● You have installed and in production Lotus Domino based Sametime Community Server(s) running Sametime Standard or Sametime Entry ● Your Sametime Community Server is authenticating against a Domino Directory or a LDAP server ● You want to test the mobile Apps ● You dont want to touch your existing production Sametime Community Servers ● If you have Standard licenses - they can be used ● If you only have Sametime Entry licenses - you can request Sametime Standard licenses for a 60 days test period for free. Contact your IBM Sales contact person© 2013 IBM Corporation
  26. 26. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Serverour pilot deployment architecture recommendation Intranet DMZ Internet Apple Notification Server Admin Client (APNS) gateway.push.apple.com Inbound feedback.push.apple.com Ports Inbound 1516 Sametime Ports 389 System 80 443 Outbound Console Outbound Ports Ports 8700 2195 2196 8701 Sametime Sametime Community Proxy Server Server DB2 9.5 Server LDAP Server © 2013 IBM Corporation
  27. 27. For the APNS to work there are some requirements: ● The IBM Sametime Proxy Server must be able to connect to the APNS Servers “gateway.push.apple.com” on port 2195, and “feedback.push.apple.com” on Port 2196. ● These connections to APNS Servers are SSL connections. To get the latest certs see the article http://www-01.ibm.com/support/docview.wss?uid=swg21605219. The Hotfix OOSN-8WGM37 already contains the latest certs. ● You should open this ports in your firewalls and test with telnet that you can reach the servers. ● The device must be able to reach the IBM Sametime Proxy Server with http or https protocol. You can use a reverse proxy in your DMZ. NAT is no problem. ● The APNS service must be able to send a notification to your device. ● If your device is connected to your intranet using Wireless LAN, it mostly can not be notified from the apple systems. Talk to your firewall Admins to open the notification service for your Wifi LAN.© 2013 IBM Corporation
  28. 28. Agenda  Introduction  Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server  Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment  The 17 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment28 © 2013 IBM Corporation
  29. 29. The 17 steps to a Sametime 8.5.2 IFR1 Proxy environment1.Prepare your machine and the network2.Configure the community server(s) to trust the Mobile Access Server3.Install the DB2 database server4.Create the DB2 database for the Sametime System Console5.Install the Sametime System Console6.Upgrade the Sametime System Console to IFR17.Log in to the Sametime System Console8.Create a LDAP Prerequisite configuration9.Create a Deployment Plan for a Community Server10.Create a Deployment Plan for the Sametime Proxy Server11.Install the Sametime Proxy Server 8.5.2 as a Primary Node profile12.Update the Sametime Proxy Server to IFR1 using the latest hotfix13.Post Install Tasks14.Create the Proxy Server DB2 Database15.Configure the Proxy Server to use the DB2 Database16.Configure the Apple Push Notification System17.Configure SSL in the Proxy Server and deploy the certificate © 2013 IBM Corporation
  30. 30. STEP ONE: Prepare your machine and the networkSummaryBefore you can install your IBM Sametime Proxy (Mobile Access) Server environment,some things needs to be checked and prepared.© 2013 IBM Corporation
  31. 31. The machine on that you run the IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Serverand the DB2 Database Server can be a virtual machine or a hardware box. Both works.It is possible to use Linux as OS, but this document describes how to install on Windows.If you use Linux you can use most parts of this document and the most installationinstructions and screen shots are identically. Mostly the paths are different.In Linux it is recommended to have the graphical system installed for this installation andthen use a x-server on our client.This instruction works with Windows Server 2008, and Windows Server 2003. You can usethe 32Bit or 64Bit version. And you can use the R2 Version of any of the supported OS.Be sure that your Firewall Admin has opened all ports in the firewalls. Test all connectionsusing the telnet command in a CMD line window.Be sure your used host names or DNS alias is listed in the DNS and can be used andresolved in the internet and in your intranet. © 2013 IBM Corporation
  32. 32. More information can be found in the official IBM SametimeDocumentation at this URL:http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp?lookupName=Product DocumentationThe IBM Sametime 8.5.2 Installation – From Zero To Herodocumentations can be found here:https://www-304.ibm.com/connections/blogs/sametimeguru/?lang=en_us© 2013 IBM Corporation
  33. 33. STEP TWO: Configure the IBM Sametime Community server(s) to trust the IBM Sametime Proxy (Mobile Access) ServerSummaryThis step adds the IP address of your IBM Sametime Mobile Access Server tothe “Trusted IPS” list in your Sametime Community Server.© 2013 IBM Corporation
  34. 34. There are several ways to configure your Sametime Community Servers to trust otherservers.The most used way in a Sametime 8.5 environment is to use the Sametime SystemConsole – Sametime Servers – Sametime Community Servers. There, in the configurationpage of your Sametime Community Servers on the bottom, you can add the trusted IPaddresses. Then save the changes.This is the recommended way and works if the Sametime Community Server was installedwith the Sametime System console or registered with the Sametime System Console afterinstallation.The other way is to use the Lotus Notes client and access the Community Connectivitydocument in your Sametime Configuration database. There add the IP address of theserver to trust.This method is explained in the next slides.© 2013 IBM Corporation
  35. 35. Start your Lotus Notes client with that you can access and administer yourSametime Community servers. Then open the “Sametime Configuration”database “STConfig.nsf” on the Sametime Community Server.© 2013 IBM Corporation
  36. 36. Open the “CommunityConnectivity” document.© 2013 IBM Corporation
  37. 37. Add the IP address of your new IBM Sametime Proxy (Mobile Access) Server in the “Community Trusted IPS” field. Then save and close the document and the database.© 2013 IBM Corporation
  38. 38. Now restart the Sametime Community Server by entering the command „restart server“in the Domino Console window. Never use this command in a production Sametimeserver because it can happen that not all Sametime tasks are stopped before thedomino server restarts. This can cause massive problems for starting the SametimeServices. Stop your Domino Server using the “Quit” command or by stopping the“Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager.Then restart the Domino Server again. It takes up to 5 Minutes until the Sametime Community Server is completely restarted and all 41 Sametime tasks are again active.© 2013 IBM Corporation
  39. 39. STEP THREE: Install the DB2 database serverSummaryThis step installs the IBM DB2 9.7 Server.We like to use a CMD command line window to enter some of the commandsand start the installers. For that we have created a short cut in our fast startsection. Right click the icon and select “Run as Administrator” in the menu.You can use the Windows Explorer as well to navigate to the destinationdirectory and double click the installation file (launchpad.exe)© 2013 IBM Corporation
  40. 40. Enter the command “cd InstallSametimeDB2” and press the “Enter” key. Enter the command “Launchpad” and press the “Enter” key.Do not copy and paste any commands from this document into your CMD line. This does notwork because this would copy some special characters. © 2013 IBM Corporation
  41. 41. Just click the “Install IBM DB2” link.© 2013 IBM Corporation
  42. 42. And again click the “Install IBM DB2” link.© 2013 IBM Corporation
  43. 43. The Installation Manager is starting up© 2013 IBM Corporation
  44. 44. Click the “Next” button to continue.© 2013 IBM Corporation
  45. 45. Accept the terms in the license agreement and click the “Next” button to continue© 2013 IBM Corporation
  46. 46. Remove “Program Files” and click the “Next” button to continueWe recommend to use path names without spaces (as some scripts may require this) and alsoshorten the path name so that the typical limits of some operating systems and applicationsfor path + file name length are avoided. © 2013 IBM Corporation
  47. 47. Click the “Install” button to install the Installation Manager.© 2013 IBM Corporation
  48. 48. The Installation Manager is now installing© 2013 IBM Corporation
  49. 49. If you are using Windows 2003 R2 or Windows 2008 R2, it can be possible thatyou run into a JAVA heap memory overflow during the next installation step. To preventthis issue change a parameter in The “IBMIM.INI” configuration file of the SametimeInstall Manager. See the next 2 slides how to do this.© 2013 IBM Corporation
  50. 50. Open your File Explorer and navigate to your Install Managers eclipse directory“C:IBMInstall Managereclipse”. Then open the configuration file “IBMIM.ini” innotepad. © 2013 IBM Corporation
  51. 51. Add he parameter “-Xmx1024m” at the end. Then save and close the file.This parameter is case sensitive.Click “File” and “Save” to save the changes. Then click “File” and “Exit” to close theeditor. © 2013 IBM Corporation
  52. 52. Now you can click the „Restart Installation Manager“ button to continue.© 2013 IBM Corporation
  53. 53. The Installation Manager is starting up© 2013 IBM Corporation
  54. 54. Now click the „Install“ icon to continue.© 2013 IBM Corporation
  55. 55. Select „DB2 – Version 9.7.0.0“ and click the „Next“ button to continue.© 2013 IBM Corporation
  56. 56. Accept the terms in the license agreement and click the “Next” button to continue.© 2013 IBM Corporation
  57. 57. Again remove “Program Files” and click the “Next” button to continue.We recommend to use path names without spaces (as some scripts may require this) and alsoshorten the path name so that the typical limits of some operating systems and applications forpath + file name length are avoided.© 2013 IBM Corporation
  58. 58. Click the “Next” button to continue.© 2013 IBM Corporation
  59. 59. Enter the DB2 Administrator Username (we use the default “db2admin”) and enterthe DB2 Administrator Password twice. Then click the “Next” button to continue If you use Windows 2008, be sure to enter a password that meets the password policy. The DB2 Admin User password should not be longer then 8 characters. Change the local security policy to allow passwords with 8 characters length. This db2admin user will be created as a local user or as a Active Directory User. This can not be done if the user already exists. Same with the 2 groups that the DB2 Installer adds.© 2013 IBM Corporation
  60. 60. Click the “Install” button to install the DB2 Server© 2013 IBM Corporation
  61. 61. The Installation Manager installs the IBM DB2 Server now. This step takesapproximately 10 to 15 minutes.© 2013 IBM Corporation
  62. 62. Important to know... Your DB2 Database Server is a sensitive component in your Sametime Environment. It stores all the predefined configuration data and holds the information how to communicate with your servers for administration and maintenance. We highly recommend to make regularly a backup of your DB2 database using a DB2 aware backup software, or export data and backup the exported data. It is possible to implement your DB2 Server for high availability and load balancing using DB2 methods. For more information check into the DB2 InfoCenter, or download and read the RedBook „High Availability and Disaster Recovery Options for DB2 on Linux, UNIX, and Windows“ The steps to create a DB2 database need the database name as a command line parameter. We would recommend using a CMD command line window to enter this commands.© 2013 IBM Corporation
  63. 63. When the installation has finished successfully, click the „Finish“ button and then closethe Installation Manager and the Launchpad.© 2013 IBM Corporation
  64. 64. STEP FOUR: Create a DB2 Database for the Sametime System ConsoleSummaryThis step creates the Sametime System Console Database on the DB2Server.If you want to use a dedicated DB2 server or if you already have a DB29.7 Server environment available, you can find the Database creationscripts in the DB2 installation package or in the particular installerdirectory of the Sametime System Console and the Sametime MeetingServer.© 2013 IBM Corporation
  65. 65. Before we can continue with the next step, you need to restart the CMD-Line windowunder Windows 2003.Under Windows 2008 it is required to start a DB2 CMD Line with Administrative Access..© 2013 IBM Corporation
  66. 66. Enter the command “cd installSametimeDB2DatabaseScriptsSystemConsole”.Do not copy and paste any commands from this document into your CMD line. This does notwork because this would copy some special characters.© 2013 IBM Corporation
  67. 67. Enter the command “createSCDb.bat STSC db2admin”. The name of the database should not be the name of the Sametime System Console Server. If your SSC is named „stsc.renovations.com“ then you can not name the database STSC. Then you need to use another name for example „STSCDB“. In this example we use „webchat.renovations.com“. So we dont have any issue with the Database Name „STSC“.© 2013 IBM Corporation
  68. 68. The DB2 database is now created and confgured. Be sure that you see „TheSQL command completed successfully.“ response after every command.If you dont see this responses or get an error message, be sure that your DB2server is up and running (listening on Port 50.000 or 50.001) and you areauthenticated with the correct user and password.© 2013 IBM Corporation
  69. 69. STEP FIVE: Install the IBM Sametime System Console ServerSummaryThis step installs the Sametime System Console Server.© 2013 IBM Corporation
  70. 70. Navigate to the „InstallSametimeSystemConsole“ directory and enter thecommand „Launchpad“© 2013 IBM Corporation
  71. 71. The Sametime 8.5.2 Launchpad opens. Click the „Install IBM LotusSametime System Console“ link on the left side.© 2013 IBM Corporation
  72. 72. Now click the link „Launch IBM Lotus Sametime System Console 8.5.2Installation“© 2013 IBM Corporation
  73. 73. The Installation Manager is now loading.© 2013 IBM Corporation
  74. 74. Click the „Install“ icon to start the installation.© 2013 IBM Corporation
  75. 75. Select „IBM Sametime System Console server“ and „Version 8.5.2“. Then click the„Next“ button to continue.© 2013 IBM Corporation
  76. 76. Accept the terms in the license agreement and click the „Next“ button to continue.© 2013 IBM Corporation
  77. 77. Enter the correct path (remove „Program Files“ and click the „Next“ button to continue.The Package group is the installation destination for the IBM Lotus WebSphere base files. Thefirst installation requires the creation of a new package group. If you install more WebSpherebased applications on the same hardware (like the Sametime Proxy Server and the SametimeMeeting Server) they can use the existing package group. Then you cannot change theinstallation path.© 2013 IBM Corporation
  78. 78. Click the „Next“ button to continue.© 2013 IBM Corporation
  79. 79. With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing Websphere 7.0.0.15 Server. We dont want to do this in this pilot deployment. Just click “Next” to continue.© 2013 IBM Corporation
  80. 80. In this screen you define the WebSphere Application Server administrative user. Youneed to authenticate with this user to access the Sametime System Console. It isimportant that this user does not exist in your LDAP. In this example we use thestandard „wasadmin“. Enter the password twice and click the „Next“ button to continue.© 2013 IBM Corporation
  81. 81. Enter the host name of your DB2 server and the DB2 Administrator password. In thisexample we have installed the DB2 server on the „webchat.renovations.com“ server.Then click the „Validate“ button to continue.© 2013 IBM Corporation
  82. 82. If the DB2 connection was successful, then you should see that the text in the buttonhas changed to „Validated“.Now click the „Next“ button to continue.© 2013 IBM Corporation
  83. 83. Click the „Install“ button to install the Sametime System Console Server.© 2013 IBM Corporation
  84. 84. The Installation Manager now installs the Sametime System Console. Thisstep can take approximately 30 to 45 Minutes.© 2013 IBM Corporation
  85. 85. Important to know...If you plan to use the IBM Lotus Sametime System Console, you should install this partfirst. But it is possible to add an already installed Sametime Server to the SystemConsole for managing and administration. This can be done with every new Sametimecomponent.By the way, if for some reason, something happens to the system console, it may bepossible to recover without having to rebuild everything - contact support forassistance.Be sure to make a backup of all related data and files (DB2 and WebSphere) becauseit is much faster to restore a backup if a failure occurs.You will see that it is worth to learn about the Sametime System Console and use itvery soon!© 2013 IBM Corporation
  86. 86. The Installer first unpacks the WebSphere Application Server install filesThen he installs the WebSphere Application Server 7.0.0.3 binariesThen he creates the WebSphere profilesThen he installs the Update InstallerThen he installs the Update to WebSphere 7.0.0.15 Then he install the application and configures everything © 2013 IBM Corporation
  87. 87. In this directory is the log file where the installer logs its progress. The file increases up to approximately 302 KBytes. Director on Windows 2008: C:UsersAll UsersIBMInstallation Managerlogsant The last step is to configure the services and some post install tasks.© 2013 IBM Corporation
  88. 88. The Sametime System Console server has installed successfully. Click the „Finish“button and close the Installation Manager and the Launchpad.© 2013 IBM Corporation
  89. 89. STEP SIX: Update the IBM Sametime System Console ServerSummaryThis step updates the IBM Sametime 8.5.2 System Console Server to theIFR1 release.We like to use a CMD command line window to enter some of the commandsand start the installers. For that we have created a short cut in our fast startsection. Right click the icon and select “Run as Administrator” in the menu.You can use the Windows Explorer as well to navigate to the destinationdirectory and double click the installation file (setupwin32.exe)© 2013 IBM Corporation
  90. 90. Before you can upgrade the Sametime System Console you need to stop all server taskswho where started during the installation.In your existing CMD line window navigate to the Application Server binaries directory withthe command: “cd IBMWebShereAppServerprofilesSTSCAppProfilebin”.Then enter the command “stopserver STConsoleServer -username wasadmin-password passw0rd”. © 2013 IBM Corporation
  91. 91. Stop the nodeagent with the command “stopnode -username wasadmin -passwordpassw0rd”. Then change to the dmgr bin directory wqith the command “cd....STSCDmgrProfilebin”. And stop the dmgr with the command “stopmanager-username wasadmin -password passw0rd”. © 2013 IBM Corporation
  92. 92. Enter the command “cd InstallSametimeSystemConsole V8.5.2 IFR1” andpress the “Enter” key. If you have unpacked the zip file to a different directory,then navigate to your directory where you can find the update.bat file.© 2013 IBM Corporation
  93. 93. Enter the command “update.bat” and press the “Enter” key.© 2013 IBM Corporation
  94. 94. The IBM Installation Manager is starting up.© 2013 IBM Corporation
  95. 95. Now click the “Update” button to continue.© 2013 IBM Corporation
  96. 96. Select the Product you want to upgrade. Here we select “IBM Sametime ServerPlatform”. Then click the “Next” button to continue© 2013 IBM Corporation
  97. 97. Click the “Next” button to continue© 2013 IBM Corporation
  98. 98. Be sure that all WebSphere Servers are shut down on this box and that all federatedWebSphere Servers on other boxes are shut down as well before continuing with theSSC update. Then click the “Next” button to continue.© 2013 IBM Corporation
  99. 99. Click the “Update” button to install the Sametime System Console IFR1.© 2013 IBM Corporation
  100. 100. The Sametime System Console IFR1 Update is now installing. This step takesapproximately 30 to 45 minutes.© 2013 IBM Corporation
  101. 101. When the installation has finished successfully, click the „Finish“ button to close theInstaller.© 2013 IBM Corporation
  102. 102. Click “File” and then “Exit” to quit the Installation Manager. © 2013 IBM Corporation
  103. 103. STEP FSEVEN: Log in to the IBM Sametime System Console ServerSummaryStart your preferred Browser, enter the System Console URL and log in.In this example we use the Mozilla Firefox.© 2013 IBM Corporation
  104. 104. Enter the URL „http://webchat.renovations.com:8700/admin“.Then click the “Add Exception” button. The WebSphere Application Server Administrative interface (the Integrated Solutions Console ISC) is always secured by SSL. Therefore you will be redirected to HTTPS and the port 8701 automatically. You are prompted to accept the default certificate. For different browsers the procedure to accept this IBM signed certificate is different. You can use the direct URL: „https://webchat.renovations.c om:8701/ibm/console“. © 2013 IBM Corporation
  105. 105. The IBM signed certificate is not trusted by the browser. Click the „Get Certificate“button to accept the certificate by clicking the “Confirm Security Exception Button”.(this dialog is different using other browsers)© 2013 IBM Corporation
  106. 106. Enter the WebSphere Application Server Administrative User name and its password.We use „wasadmin“. Then click the „Log in“ button to continue.© 2013 IBM Corporation
  107. 107. You have now reached the IBM Lotus Sametime System Console.Next step is to configure the LDAP connectivity.© 2013 IBM Corporation
  108. 108. STEP EIGHT: Configure the „Connect to LDAP Server“ Prerequisite.SummaryIn this step you configure the LDAP connectivity in the Sametime SystemConsole. This is used for the Sametime Community Server installation aswell as in the Sametime Meeting Server and Media Manager installation.You can change this LDAP connectivity later. But this will not apply to anyDeployment Plan or to any already installed server. Any changes needs tobe done in the servers configuration directly. (Community, Meeting, Media) This is only for the first installation of the servers before creating theDeployment Plan.© 2013 IBM Corporation
  109. 109. Click the „S a m e t im e S y s te m C o n s o le “ link. Now click the „Sametime Prerequisites“ link. Next click the „Connect to LDAP Servers“ link. © 2013 IBM Corporation
  110. 110. On any Sametime System Console Screen you can find additional information on the middle part of the page. There are Links to the official Sametime InfoCenter for the particular step you want to do next.© 2013 IBM Corporation
  111. 111. To connect to an LDAP server click the „Add“ button to continue.© 2013 IBM Corporation
  112. 112. Configure the LDAP connectivityinformation on this screen.- The Deployment Name can be anythingdescribing this LDAP connection.- The Host name should be the FullQualified Host name. The Port dependson the LDAP.- An MS AD LDAP Server normally usesthe Port 3268. Other LDAP Systems usethe Port 389.- Do not use the secure connectionunless you have imported the certificatefrom the LDAP server.- The Bind Distinguished Name shouldbe the full qualified Distinguished Name(DN) of the Bind user.Click the „Next“ button to continue. © 2013 IBM Corporation
  113. 113. The system now connects to the LDAP server, authenticates and requests the LDAP parameters. It detects the possible Base DNs and the Directory type. Select the right Base DN on this screen. For Domino LDAP this feeld must be empty. Check the „Configure advanced LDAP settings“ checkbox to see more LDAP parameters. Click the „Next“ button to continue.© 2013 IBM Corporation
  114. 114. Click the „Next“ button to continue.© 2013 IBM Corporation
  115. 115. Click the „Next“ button to continue.© 2013 IBM Corporation
  116. 116. Click the „Finish“ button to save the settings and configure theLDAP connection in the Symetime System Console Server.© 2013 IBM Corporation
  117. 117. The LDAP connection is now successfully created and the Sametime SystemConsole server configured. This is a major security configuration change thatrequires a WebSphere server restart.© 2013 IBM Corporation
  118. 118. The Sametime System Console is now configured to use LDAP. The server needs to berestarted. The Services have not changed, but they seem not to be started. © 2013 IBM Corporation
  119. 119. But in the Task Manager you see that there are several java.exe processes running.The Installation Manager starts the services in the background but not using the OSService start mechanism. The Service does not recognize that it is started and cantshow this status in the Services view.© 2013 IBM Corporation
  120. 120. In your existing CMD line window navigate to the Application Server binaries directory withthe command: “cd IBMWebShereAppServerprofilesSTSCAppProfilebin”.Then enter the command “stopserver STConsoleServer -username wasadmin-password passw0rd”. © 2013 IBM Corporation
  121. 121. Stop the nodeagent with the command “stopnode -username wasadmin -passwordpassw0rd”. Then change to the dmgr bin directory wqith the command “cd....STSCDmgrProfilebin”. And stop the dmgr with the command “stopmanager-username wasadmin -password passw0rd”. © 2013 IBM Corporation
  122. 122. Then set all of the 3 WebSphere services to automatic. Double click the service. In the “General” tab, near “Startup type” select “Automatic”. Then click the “Apply” button.© 2013 IBM Corporation
  123. 123. When this is done for all 3 services, then you can easily restart the Sametime System Console by restarting the operating system.Note: During the Sametime 8.5.2 installation, the required server processes are startingautomatically. The services are added at the end of the installation. This means just after theinstallation the IBM WebSphere services are shown as not started, but the tasks are running.If you now try to start the services in the services view, this will fail. You need to restart theoperating system once, and then you can start / stop the services in the services dialog.© 2013 IBM Corporation
  124. 124. Now reboot the Operating System. Then all services who are set to start automatic, arestarting using the service startup method. © 2013 IBM Corporation
  125. 125. In the Task Manager you can now see the 3 java.exe processes of the Sametime SystemConsole.© 2013 IBM Corporation
  126. 126. STEP NINE: Run the Guided Activity to configure the IBM Sametime Community Server deployment planSummaryThis guided activity takes you through the steps of creating a deployment plan, whichcollects information that pre-populates installation screens.We need this Sametime Community Server deployment plan to create the SametimeProxy Server deployment plan. In this Sametime Proxy Server deployment plan youhave to configure a Sametime Community Server to where the Sametime ProxyServer needs to connect first.Without a Sametime Community Server deployment plan you can not create aSametime Proxy Server deployment plan.© 2013 IBM Corporation
  127. 127. If you already have a Sametime System Console Server in place and yourSametime Community Server(s) are registered with this console, then you can useone of these Deployment plans and do not create this plan.But if you ● do not want to touch your existing Sametime Community environment ● do not want to migrate them to LDAP now ● do not want to upgrade them to Sametime release 8.5.2 nowthen you need to create this deployment plan in the Sametime System Console andwill not install the Community Server using this plan now. This is only a dummy topoint the Sametime Proxy Server deployment to connect to the right SametimeCommunity Server.With this dummy Sametime Community Server deployment plan you can notmanage the Sametime Community Server policies in the Sametime System consoleand you can not administer your Sametime Community Server from the SametimeSystem Console unless you migrate to LDAP and register it with the SametimeSystem Console. © 2013 IBM Corporation
  128. 128. Be sure that your Domino Server is up and running and the HTTP Task is started.© 2013 IBM Corporation
  129. 129. Start your Browser now and connect to the Sametime System Console. Then login asdescribed in Step 5.Now click on „Sametime System Console“ and then „Guided Activities“. Then click the „S a m e tim e S y s te m C o n s o le “ link.© 2013 IBM Corporation
  130. 130. Confirm that „Create a New Deployment Plan“ is checked and click the „Next“ button.© 2013 IBM Corporation
  131. 131. Enter a name for your Community Server Deployment Plan. In this example we justname it „Chat Server“. Then click the „Next“ button to continue.© 2013 IBM Corporation
  132. 132. We want to install the Product Version 8.5.2. Leave it as it is and just click the „Next“ button.© 2013 IBM Corporation
  133. 133. Enter the Host name of your running Domino Server. The port should only be changedif your Domino HTTP task listens on another port. Enter the Domino AdministratorsUser ID and the password. In this example we use „Domino Admin“. Click the „Next“button to continue.© 2013 IBM Corporation
  134. 134. On Windows it is standard to use the local Sametime Server for Slide Conversion. Butit is possible that you have a stand alone Slide Conversion server running. Then youcan fill this settings. In this example we just click the „Next“ button to continue.© 2013 IBM Corporation
  135. 135. Select the LDAP you want to use for the Sametime Community Server. In thisexample we use the „Renovations AD LDAP“. (it is the only one we have).Then click the „Next“ button to continue.© 2013 IBM Corporation
  136. 136. HTTP Tunneling is required if your Sametime Clients need to connect to yourSametime Server through a Web Proxy or Reverse Proxy Server. But thenperformance can be slower. Only enable HTTP tunneling when urgently required.Then click the „Next“ button to continue.© 2013 IBM Corporation
  137. 137. Confirm all settings and then click the „Finish“ button.© 2013 IBM Corporation
  138. 138. You have now successfully created a deployment plan for your Sametime CommunityServer. The next step is to install the Sametime Community Server - but we jump to STProxy planning and its installation next.© 2013 IBM Corporation
  139. 139. STEP TEN: Run the guided activity to configure the IBM Sametime Proxy Server deployment planSummaryUse the Lotus Sametime System Console to prepare to install a Lotus SametimeProxy Server by pre-populating values required for installation.© 2013 IBM Corporation
  140. 140. In the Sametime System Console click on „Sametime System Console“, then on„Sametime Guided Activities“ and then click „Install Sametime Proxy Server“. © 2013 IBM Corporation
  141. 141. Confirm that „Create a New Deployment Plan“ is checked and click the „Next“button.© 2013 IBM Corporation
  142. 142. Enter a name for your Proxy Server Deployment Plan. In this example we justname it „Proxy Server“. Then click the „Next“ button to continue.© 2013 IBM Corporation
  143. 143. We want to install the actual version 8.5.2. just click the „Next“ button to continue.© 2013 IBM Corporation
  144. 144. The default setting is „Primary Node“ that we use this example. If you plan toimplement the Sametime Proxy Server in a standalone environment, then select„Cell“. Note that it is not possible to implement a Cell Profile and a NetworkDeployment on the same box.Click „Next“ to continue.© 2013 IBM Corporation
  145. 145. A “Primary Node” can be federated to an existing Deployment Manager. Wewant to federate our environment to the Deployment Manager of our SametimeSystem Console. Select the “Systemconsole...”.Click „Next“ to continue. © 2013 IBM Corporation
  146. 146. Enter the full qualified host name of your proxy server. In this example we use„webchat.renovations.com“. Enter a WebSphere administrative user name and itspassword twice. We just use the standard „wasadmin“ name.Click the „Next“ button to continue.© 2013 IBM Corporation
  147. 147. Select the Community Server you want your Proxy Server to connect to. You need toconnect only to one Community Server. The Proxy Server gets information aboutother Servers in the community and connects to this servers automatic. (Dont forgetto enable trust on the other servers as well) In this example we just select the „ChatServer“. Then click „Next“ to continue.© 2013 IBM Corporation
  148. 148. Control your settings and if all is correct click the „Finish“ button to save the newdeployment plan.© 2013 IBM Corporation
  149. 149. We have now successfully created our Sametime Proxy Server deployment plan.© 2013 IBM Corporation
  150. 150. STEP ELEVEN: Install the Sametime Proxy Server 8.5.2 as a Primary Node profileSummaryThis step installs the IBM Sametime Proxy Server 8.5.2.© 2013 IBM Corporation
  151. 151. Navigate to the Installation Directory and start the launchpad installer. We use aWindows CMD command window and enter the commands: „cdInstallSametimeProxyServer“ and just „launchpad“© 2013 IBM Corporation
  152. 152. The Sametime Proxy Launchpad Installer is loading. Click the link „Install IBM LotusSametime Proxy Server“© 2013 IBM Corporation
  153. 153. Now click the link „Launch IBM Lotus Sametime proxy Server 8.5.2 Installation“© 2013 IBM Corporation
  154. 154. The IBM Installation Manager is loading.© 2013 IBM Corporation
  155. 155. To Install the Sametime Proxy Server click the „Install“ icon.© 2013 IBM Corporation
  156. 156. Check the „IBM Sametime Proxy server“ and „Version 8.5.2“ entries. They areunchecked by default. Then click the „Next“ button.© 2013 IBM Corporation
  157. 157. Accept the terms in the license agreement and click the „Next“ button.© 2013 IBM Corporation
  158. 158. Click the “Next” button to continue.© 2013 IBM Corporation
  159. 159. We want to use a predefined Deployment Plan from the Sametime System console.Leave the “Use Lotus Sametime System Console to Install” option checked andclick the „Next“ button to continue.© 2013 IBM Corporation
  160. 160. With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing Websphere 7.0.0.15 Server. We dont want to do this in this pilot deployment. Just click “Next” to continue.© 2013 IBM Corporation
  161. 161. Enter the host name of the Sametime System Console. We use“webchat.renovations.com”. Enter the WebSphere Administrator user name and password.In the last field enter the host name of the computer where you want to install the Sametimeproxy Server to. We use “webchat.renovations.com” as well. Then click the “Validate”button. © 2013 IBM Corporation
  162. 162. The settings are validated. Click the “Next” button to continue.© 2013 IBM Corporation
  163. 163. Select the deployment plan for your Sametime Proxy Server. Then click the “Next” button tocontinue., © 2013 IBM Corporation
  164. 164. Check your settings again and then click the „Next“ button to continue.© 2013 IBM Corporation
  165. 165. Start the installation by clicking the „Install“ button.© 2013 IBM Corporation
  166. 166. The Sametime Proxy Server is now installing. This step takes approximately 20 to 30minutes because you are installing the second WebSphere instance on a Server.© 2013 IBM Corporation
  167. 167. Important to know...The Sametime Proxy Server... ● while the STProxy application itself does not "need" an LDAP server, as soon as it is part of a CELL that has LDAP (and security) configured - it will need access to the LDAP host as well ● it provides a web application that provides browser access ● is like a Web based Sametime Connect Client ● supplies the new Web API for Web based application integration ● can be implemented with or without the Sametime System Console ● can be connected to existing older Sametime Servers ● can be connected to a community clusterYou can have one or more Proxies in your organizationYou can implement one or more Proxies and cluster them ● using the WebSphere Cluster Method (Network Deployment) ● individual Proxies with a Load Balancer in front of themBy default the Sametime Proxy Server installs to use Port 9080 and 9443 (SSL).If you want to use Port 80 and 443 you need to enter the Sametime Sametime SystemConsole and change the port settings in the Application Server. Detailed instructions canbe found later in this documentation.© 2013 IBM Corporation
  168. 168. When the Sametime Proxy Server has installed successfully just click the „Finish“button. Then exit the Installation Manager and the Launchpad.© 2013 IBM Corporation
  169. 169. STEP TWELVE: Update the Sametime Proxy Server to IFR1 with the latest cumulative HotfixSummaryUse this procedure to apply the Interim Feature Release to the IBMSametime 8.5.2 Proxy Server.© 2013 IBM Corporation
  170. 170. The installation in the previous step started all the components of the IBM SametimeProxy server. For the upgrade to IFR1 it is required to stop the Sametime Proxy Servertasks first. But because they are started before the services are created, the services donot reflect the running tasks.© 2013 IBM Corporation
  171. 171. Open a CMD line Window and navigate to the directory:“cd IBMWebSphereAppServerprofileswebchatSTPPNProfile1bin”.Then enter the command:“stopServer STProxyServer -username wasadmin -password passw0rd”.Do not copy and paste any commands from this document into your CMD line. This does notwork because this would copy some special characters. © 2013 IBM Corporation
  172. 172. When the Sametime Proxy Server has stopped stop the nodeagent next with the command“stopNode -username wasadmin -password passw0rd”. © 2013 IBM Corporation
  173. 173. Change to the Proxy Hotfix Installation directory with the command “cdInstallSTProxyHotfix” and press the “Enter” key. If you have unpacked thezip file to a different directory, then navigate to your directory where you canfind the update.bat file.© 2013 IBM Corporation
  174. 174. Enter the command “update.bat” and press the “Enter” key.© 2013 IBM Corporation
  175. 175. The IBM Installation Manager is starting up.© 2013 IBM Corporation
  176. 176. Now click the “Update” button to continue.© 2013 IBM Corporation
  177. 177. Select the Product you want to upgrade. Here we select “IBM Sametime ServerPlatform”. Then click the “Next” button to continue© 2013 IBM Corporation
  178. 178. Click the “Next” button to continue© 2013 IBM Corporation
  179. 179. We are sure that all WebSphere Servers are shut down. Just click the “Next” buttonto continue.© 2013 IBM Corporation
  180. 180. Click the “Update” button to install the IBM Sametime Proxy Server IFR1.© 2013 IBM Corporation
  181. 181. The IBM Sametime Proxy Server IFR1 Update is now installing. This step takesapproximately 20 to 25 minutes.© 2013 IBM Corporation
  182. 182. Important to know... A new main feature in Sametime 8.5.2 IFR1 Proxy Server is the Apple iOS integration using an App that can be installed for free from the Apple App store. This app then connects to your Sametime proxy Server through the Internet. For this can work, your Sametime Proxy Server must be accessible from the Internet. This means you need to set it up in your DMZ or configure a reverse proxy in your DMZ and forward the traffic to your Sametime Proxy in the intranet. But the recommended way is to implement your Sametime Proxy Server in your DMZ. Another recommendation is that your Sametime Proxy Server can communicate with the Apple notification service. For this can work you need to open 2 ports in your firewall to this servers in the internet. These ports are 2195 to the Apple notification server and port 2196 to the Apple feedback server.© 2013 IBM Corporation
  183. 183. When the installation has finished successfully, click the „Finish“ button to close theInstaller.© 2013 IBM Corporation
  184. 184. Click “File” and then “Exit” to quit the Installation Manager. © 2013 IBM Corporation
  185. 185. STEP THIRTEEN: Post Install Tasks for the IBM Sametime Proxy ServerSummaryThis procedure configures the Sametime Proxy Server to listen on ports80 and 443. The default after a standard installation is to listen on ports9080 or 9081 and 9443 or 9444.Be sure no other application listens on this ports (IIS, other web server,anti virus software or management software)© 2013 IBM Corporation
  186. 186. Open your preferred browser and enter the URL“http://webchat.renovations.com:8700/admin”.Login to the WebSphere Integrated Solutions Console ofyour Sametime Proxy Server using the wasadminusername and its password. © 2013 IBM Corporation
  187. 187. Click on “Servers” - “Server Types” and then on “WebSphere application servers”. © 2013 IBM Corporation
  188. 188. Click your “STProxyServer” now. © 2013 IBM Corporation
  189. 189. Click the “Ports” link.© 2013 IBM Corporation
  190. 190. Click the “WC_defaulthost” link.© 2013 IBM Corporation
  191. 191. Change the port to “80” and click the “OK” button. © 2013 IBM Corporation
  192. 192. Now click the “WC_defaulthost_secure” link© 2013 IBM Corporation
  193. 193. Change the port to “443” and click the “OK” buton.© 2013 IBM Corporation
  194. 194. Click the “Save” link to save your last changes. © 2013 IBM Corporation
  195. 195. You have now successfully changed the your Sametime Proxy Server to listen on Ports 80 and 443.© 2013 IBM Corporation
  196. 196. You need to configure SSO/LTPA-Token stuff nowreasons ● security is enabled ● After successful login to community - an LTPA-Token will be generated and placed in the users session ● since the LTPA token is in the session, since security is enabled, WebSphere will go ahead and attempt to validate that token. ● Weve seen cases where the inability to validate that token causes issues - at the min, "lots of prints" in systemout that lead to confusion - at the max, failure to successfully use the Sametime Proxy web application(s) for example in iNotes or Connections.With this configuration you also have them ready to install the other components laterwhen you choose to do it, and meeting web client awareness will already be ready towork.© 2013 IBM Corporation
  197. 197. In the ISC go to “Security” - “Global Security”Social Business 197 © 2010 IBM Corporation
  198. 198. Then go to “Web and SIP security” - “Single sign-on (SSO)”Social Business 198 © 2010 IBM Corporation
  199. 199. Enter your Domain – we use “renovations.com” and check the “Interoperability Mode” checkbox. Then click the “Apply” button.Social Business 199 © 2010 IBM Corporation
  200. 200. To save the changes, just click the “Save” link.Social Business 200 © 2010 IBM Corporation
  201. 201. In “Security” - “Global Security” click the “LTPA” link on the right side.Social Business 201 © 2010 IBM Corporation
  202. 202. Change the LTPA timeout to “600” minutes. And click the “Apply” button.Social Business 202 © 2010 IBM Corporation
  203. 203. To save the changes, just click the “Save” link.Social Business 203 © 2010 IBM Corporation
  204. 204. In “Security” - “Global Security” click again the “LTPA” link on the right side.Social Business 204 © 2010 IBM Corporation
  205. 205. Enter a password for your LTPA Token Key twice, the path where to store the key file – we use “c:tempLTPA_token.key” - and then click the “Export Keys” button.Social Business 205 © 2010 IBM Corporation
  206. 206. The Key file is now stored on the local hard disk of the System Console Server.Social Business 206 © 2010 IBM Corporation
  207. 207. In the Global Security Screen click the “Apply” buttonSocial Business 207 © 2010 IBM Corporation
  208. 208. Click “Save” to save the last security changes to the master configuration repository.Social Business 208 © 2010 IBM Corporation
  209. 209. Now we need to import the Key file to the Domino based Sametime Community Server. Start your Domino Administrator and open the Domino Directory on the Sametime Community Server. Then click into “Servers” - “Web Configurations” and open the Document “Web SSO Configuration for LtpaToken”Social Business 209 © 2010 IBM Corporation
  210. 210. Click the “Edit SSO Configuration” button. If you get a warning saying you can not access parts of the document, then you need to open the document directly on the Sametime Server using the Server ID file. (start nlnotes.exe)Social Business 210 © 2010 IBM Corporation
  211. 211. Click the “Keys” button and then the “Import WebSphere LTPA Keys” entry.Social Business 211 © 2010 IBM Corporation
  212. 212. Yes we want to overwrite the existing Key. Click the “OK” button.Copy the Keyfile that you have exportet in the previous step to the Sametime CommunityServer machine and ehter the path to this key here. If you have copied the key just use“c:tempLTPA_token.key” or just “sametime.renovations.comc$tempLTPA_token.key”Then click the “OK” button. Enter the password for the key and click the “OK” button.Social Business 212 © 2010 IBM Corporation
  213. 213. You should get this message now if the path to the file and the password was correct.Social Business 213 © 2010 IBM Corporation
  214. 214. Change the Token Format...Social Business 214 © 2010 IBM Corporation
  215. 215. Select “LtpaToken and LtpaToken2...” and click the “OK” button.Social Business 215 © 2010 IBM Corporation
  216. 216. Set the “Expiration (minutes)” to “600” and then click the “Save & Close” button.Social Business 216 © 2010 IBM Corporation
  217. 217. Last step is to restart the domino server for the changes take effect. Enter the command “restart server”. (but dont do this in a production Sametime Server. You know...See Page 142...)Social Business 217 © 2010 IBM Corporation
  218. 218. STEP FOURTEEN: Create the DB2 Database for the Sametime Proxy ServerSummaryThis step is to create and configure the DB2 Database for the Sametime ProxyServer. This database is required to cache the Sametime messages sent to iOSmobile devices.© 2013 IBM Corporation
  219. 219. Next is to create the database in the DB2 Server. If your DB2 Server is on a separatemachine or on another machine, then you need to copy the database creation scriptfiles to this server first. Copy the files “createProxyDb.bat” and “proxyServer.ddl” to adirectory on your DB2 Server.Open a Administrative DB2 CMD window using “Start” - “All Programms” - “IBM DB2”- “DB2COPY1 (Default)” - “Command Line Tools” - “Command Window” -Administrator”.© 2013 IBM Corporation
  220. 220. Navigate to the directory containing the database creation script. In this Zero to Heroexample we use just “cd C:InstallSTProxyHotfixDatabaseScripts”. © 2013 IBM Corporation
  221. 221. Run the database creation script with the command: “createProxyDb.bat STPRdb2admin”. The term “STPR” is the name of the database and “db2admin” is the DB2Database Server Administrator.© 2013 IBM Corporation
  222. 222. Be sure that you see the “...command completed successfully” message after allcommands. © 2013 IBM Corporation
  223. 223. STEP FIFTEEN: Configure the Proxy Server to use the DB2 DatabaseSummaryIn this step you configure the DB2 Database in the Sametime Proxy server.© 2013 IBM Corporation
  224. 224. Open a File explorer and navigate to “C:InstallSTProxyHotfixDatabaseScripts”. If you have unpacked the install zip file to a different directory then use this one.© 2013 IBM Corporation
  225. 225. Open a second explorer window and navigate to the directory “C:IBMWebSphereSTPServerPN”. Then copy the file “proxyDBSetup.py” from the install directory to this directory.© 2013 IBM Corporation
  226. 226. Next is to navigate to the directory“C:IBMWebSphereSTPServerPNSametimeProxyServerOfferingSametimeServerSTProxyproxy”. In this directory open the file “proxy.properties” with Notepad orWordpad or with your favorite text editor.© 2013 IBM Corporation
  227. 227. Edit the following values: * proxy.DbAppUser (db2admin) * proxy.DbAppUserPassword (db2admin password) * proxy.DataBaseServerName (host name of the DB2 server) * proxy.DataBaseServerPort (default port for DB2) * proxy.DbName (database name created earlier)Then save and close the file. © 2013 IBM Corporation
  228. 228. Now it is required to configure the DB2 Database who caches messages to the iOSdevices in the Sametime Proxy Server. For this a long command in a CMD line window isrequired. Several paths are required. To get and paste this path into a CMD-Line window itis easy to use the Windows Explorer. First navigate to the directory“C:IBMWebSphereAppServerprofileswebchatSTPPNProfile1bin”. But do not markthe full path. Mark only the part starting from “AppServer...”. Then press the Ctrl-C to copythis path to the dashboard. © 2013 IBM Corporation
  229. 229. Open a CMD-Line window and navigate to the directory “C:IBMWebSphereSTPServerPN”.© 2013 IBM Corporation
  230. 230. Now start entering the command. Begin just with “..”. Next is to paste the part from thedashboard.© 2013 IBM Corporation
  231. 231. Continue with “wsadmin.bat -lang jython -user wasadmin -password passw0rd -f “”Dont forget the “ at the end because the next part is a path that needs to be indoublequotes.© 2013 IBM Corporation
  232. 232. Now we need the path to the file “proxyDBSetup.py” including the filename. © 2013 IBM Corporation
  233. 233. Copy and paste the path from the explorer window, add the backslash and then copy andpaste the filename from the explorer window. Add a doublequote sign at the end.© 2013 IBM Corporation
  234. 234. Now we need the path and filename of the “proxy.properties” file that we have editedjust before.© 2013 IBM Corporation
  235. 235. Start with blank and double quotes then paste the path. Then add the backslash and thenpaste the filename. Add a double quote at the end.Now the command is completed and you can confirm with the “ENTER” key. © 2013 IBM Corporation
  236. 236. The script is now running.© 2013 IBM Corporation
  237. 237. The script has finished.© 2013 IBM Corporation
  238. 238. After the database configuration the IBM Sametime Proxy Server needs to be restartedfor the configuration changes are in effect.Change to the Sametime Proxy profiles binary directory with the command “cdIBMWebSphereAppServerprofileswebchatSTPPNProfile1bin”.Stop the Proxy Server with the command: “stopserver STProxyServer -usernamewasadmin -password passw0rd”. Stop the Nodeagent with the command “stopnode-username wasadmin -password passw0rd”. © 2013 IBM Corporation
  239. 239. Now it is required to create the service for the Sametime Proxy Servers nodeagent. Changeto the WebSphere binaries directory with the command “cdIBMWebSphereAppServerbin”. Now create the service with the command “wasservice-add STProxyServer_NA -serverName nodeagent -profilePathC:IBMWebSphereAppServerprofileswebchatSTPPNProfile1bin -stopArgs “-username wasadmin -password passw0rd” -encodeParams”. Now configure thedependency with the command “sc config “IBMWAS70Service – STProxyServer”depend= “IBMWAS70Service - STProxyServer_NA””. © 2013 IBM Corporation
  240. 240. In the Services window start the STProxyServer service now.© 2013 IBM Corporation
  241. 241. Set both Sametime Proxy Services to start automatic.© 2013 IBM Corporation
  242. 242. Open your browser and navigate to your Proxy – ISC. Log in with your wasadmin userand then navigate to “Resources” - “JDBC” - “JDBC providers”. Here you should seethe newly created JDBC Provider configuration for your Proxy Server.© 2013 IBM Corporation
  243. 243. Now click on “Resources” - “JDBC” - “Data sources”. Here you should see your newlycreated Data Source configuration.© 2013 IBM Corporation
  244. 244. Check mark the “STProxyDataSource” and click the “Test connection” button. Thistest will only work if the Sametime Proxy Server is up and running after the restart.© 2013 IBM Corporation
  245. 245. Be sure that the result says “successful”. The warning message can be ignored. © 2013 IBM Corporation
  246. 246. STEP SIXTEEN: Apple Notification to iOS devicesSummaryThis section describes how the Apple Push Notification (APNS) works andhow it needs to be configured in your Sametime Proxy Server.© 2013 IBM Corporation
  247. 247. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device247 © 2013 IBM Corporation
  248. 248. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSametime registers with APNS, getsassigned a device token248 © 2013 IBM Corporation
  249. 249. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime logs in, sending device token249 © 2013 IBM Corporation
  250. 250. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime sends pause command before going to background250 © 2013 IBM Corporation
  251. 251. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Another user sends message to mobile user Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device251 © 2013 IBM Corporation
  252. 252. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications Proxy sees mobile user is Paused. Stores in database. VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device252 © 2013 IBM Corporation
  253. 253. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Proxy sends device token to APNS, Requests a push notification be Push sent to device Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device253 © 2013 IBM Corporation
  254. 254. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNSAPNS sends Pushpush Noficationsnotificationto device VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device 254 © 2013 IBM Corporation
  255. 255. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device When user selects view: Sametime reconnects to server and sends command to retrieve messages.255 © 2013 IBM Corporation
  256. 256. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime proxy sends queued message(s) to device from database256 © 2013 IBM Corporation
  257. 257. The IBM Sametime 8.5.2 IFR1 Proxy update installer copies a certificate to the serverthat is required to communicate with the Apple Notification Servers with SSL encryption.This certificate has to be copied to the WebSphere Application Server directories now.Find the certificate file “apns-prod.pkcs12” in the directory“C:IBMWebSphereAppServerprofilesSTPSNAppProfileconfigcellswebchatSTPCell1nodeswebchatSTPNode1”.© 2013 IBM Corporation
  258. 258. Copy this certificate file “apns-prod.pkcs12” to the directory“C:IBMWebSphereAppServerprofilesSTSCDMgrProfileconfigcellswebchatSSCCell”. © 2013 IBM Corporation
  259. 259. Copy this certificate file “apns-prod.pkcs12” to the directory“C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCellnodeswebchatproxyNode”. © 2013 IBM Corporation
  260. 260. To synchronize the last changes, go into your WebSphere Integrated Solutions (Admin)Console and click on “System administration” - “Nodes”. © 2013 IBM Corporation
  261. 261. Select your “webchatProxyNode” server and click the “Full Resynchronize” button.© 2013 IBM Corporation
  262. 262. The new APNS certificate files are now synchronized to your application server.© 2013 IBM Corporation
  263. 263. STEP SEVENTEEN: Configure SSL in the Proxy Server and deploy the certificateSummaryFor iOS devices to connect to the Sametime Proxy Server without anyadditional security settings, a trusted SSL certificate needs to be installed.© 2013 IBM Corporation
  264. 264. Installation and configuration of the SSL certificates requires this steps: 1) Create the certificate request and send it to the Certificate Authority 2) Receive the certificate and import it into your WebSphere server 3) Add the root and intermediate certificates 4) Configure the specific SSL configuration for endpoint in the inbound and outbound tree 5) Save the configuration and syncronize 6) Restart the server © 2013 IBM Corporation
  265. 265. In your WebSphere Integrated Solutions Console click on “Security” - “SSL certificateand key management”.© 2013 IBM Corporation
  266. 266. Click on “Key stores and certificates”. © 2013 IBM Corporation
  267. 267. Now click on “CellDefaultKeyStore”. © 2013 IBM Corporation
  268. 268. And now click on “Personal certificate requests”. © 2013 IBM Corporation
  269. 269. Now click the “New” button to create a new certificate request. © 2013 IBM Corporation
  270. 270. Fill the form with your data:File for certificate request:“c:tempcert_req.cer”Key label:“SSL_Cert”Common name:(your server host name alias)“webchat.renovations.com”Organization:Your organization or companyLocality:Your city or localityState or province:Your provinceZip Code:Your ZIP code.Country or region:Select your countryThen click the “OK” button. © 2013 IBM Corporation
  271. 271. Click on “Save” to save your last changes.© 2013 IBM Corporation
  272. 272. Now copy the certificate request file that you have created into your local workstation.Then request a trusted server certificate from your favorite trust center by sending thecontent of the file (or the complete file).© 2013 IBM Corporation
  273. 273. You will receive the certificate from your trust center by e-mail or as a file attachment.Copy the certificate text starting with “-----BEGIN CERTIFICATE-----” and ending with “-----END CERTIFICATE-----” without any trailing or ending characters into a file.Copy this file to your Sametime Proxy Server to the “C:temp” directory.Download the Root and intermediate certificates from your trust center web site and copy thisfiles as well to your “C:temp” directory © 2013 IBM Corporation
  274. 274. Now click on “Personal certificates”. © 2013 IBM Corporation
  275. 275. Click the button “Receive from a certificate authority...”. © 2013 IBM Corporation
  276. 276. In the field “Certificate file name” enter the path and filename to your received servercertificate “c:tempserver_cert.cer”. Then click the “OK” button. © 2013 IBM Corporation
  277. 277. Click the “Save” link to save your last changes.© 2013 IBM Corporation
  278. 278. Your new server certificate is now imported successfully. © 2013 IBM Corporation
  279. 279. Next is to import the root and intermediate certificates. Click the “Key stores andcertificates” link.© 2013 IBM Corporation
  280. 280. Click on “CellDefaultTrustStore”.© 2013 IBM Corporation
  281. 281. Click “Signer certificates”.© 2013 IBM Corporation
  282. 282. Click the “Add” button.© 2013 IBM Corporation

×