Presentation on building Sametime 9.0.1 step by step from Domino server through to SSC, Sametime Proxy and SSL configuration. Given at IBM Connect 2014 with Paul Mooney SHOW401

1. !
SHOW401 : Taking IBM
Sametime Mobile
Paul Mooney, Bluewave
Gabriella Davis, The Turtle Partnership
© 2014 IBM Corporation

2. Plan for Today
From Domino Server - Instant
Messaging on Mobile
© 2014 IBM Corporation

3. But First….Acknowledgements and Disclaimers
Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither
intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information
contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related
to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its
suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and
performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will
result in any specific sales, revenue growth or other results.
© Copyright IBM Corporation 2014. All rights reserved.
▪ U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
▪ IBM, the IBM logo, ibm.com,IBM WebSphere, and iBM Connections, IBM Sametime, IBM Domino, IBM Notes, IBM WebSphere Portal, are trademarks or registered trademarks of
International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information
with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also
be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/
copytrade.shtml
!
Other company, product, or service names may be trademarks or service marks of others.
9

4. !
Gab Davis - Technical Director
The Turtle Partnership
gabriella@turtlepartnership.com
▪ Administrator / Problem Solver /
System Designer / Optimist
▪ Working with ICS products,
Domino, Sametime, WebSphere,
Connections etc
▪ Also integration with other
systems
▪ Co-Author of Sametime 8.5.2
Admin Guide, Connections
Enterprise RedWiki &
connections101.net
!4
▪ I present a lot globally & blog on
turtleblog.info

5. !
Paul Mooney - Senior Technical
Architect
Bluewave Technology
paul.mooney@bluewavegroup.eu
▪ Administrator, problem solver,
enabler, cynic, pessimist
▪ Working on ICS products,
Salesforce, Google Apps
▪ Also integration with anything!
▪ Co-Author of connections101.net,
blogger, speaker, reviewer
▪ Tries to fit motorbikes around
anything to do with his work
!5

6. Step 1: Starting Point
Domino Server 9
© 2014 IBM Corporation

7. Domino 9 Server
▪ Sametime 9 requires
Domino 9 and is still a
32bit application
installed only on a 32bit
Domino server
!7

8. Step 2: Install DB2 10.1
© 2014 IBM Corporation

9. Before Installing
▪ Create a db2 account to be used for managing
your server.
▪ On Windows we use a local system account
“db2admin” that is also in the Administrators
group
▪ You can use a domain account but this
often causes more problems if the account
security is changed in any way
▪ Make sure the password you set does not
expire
!9

10. !10

11. DB2 Installer
▪ Sametime 9 requires DB2 10.1
▪ for this reason doing an upgrade in place isn’t recommended
▪ DB2 10.1 no longer has a Command Center GUI interface
▪ you must install a separate client (we recommend IBM DB2 Data Studio)
Windows 64bit DB2 10.1 server installer
!11

12. DB2 Installer Extracted To A Directory
!12

13. Run The Install
!13

14. Installing
the DB2 workgroup
Edition
!14

15. !15

16. !16

17. A
custom install lets us filter just the
services we want for Sametime and not
all standard DB2 server services
!17

18. !18

19. DB2
Text Search is required by
Sametime Advanced so worth
installing for the future
!19

20. !20

21. This is
the default installation name,
only change if you have to
!21

22. !22

23. The
DB2 account & password
we created earlier
!23

24. !24

25. This
can be any mail server that
will accept SMTP delivery
!25

26. This
If
you don’t know who to send
to , leave this until
!26
person may get sent a lot
of mail. Consider using a mail in
database instead!

27. Used by
Sametime Advanced so worth
installing now
!27

28. The install
will add your db2 account to the
DB2ADMNS group automatically
!28

29. DB2 Install Summary Screen - Always Read Before
Clicking “Install”
!29

30. And we’re off!
!30

31. Verify
what port DB2 says it installed
on (default is 50000)
!31

32. Verify DB2 Is Listening
▪ From a command prompt
▪ netstat -an |find /i “50000” (or whatever your port is)
!32

33. DB2 Running On The Windows Taskbar
!33

34. Issuing DB2 Commands
!34

35. Verifying The DB2 Server Is Licensed
▪ From the DB2 Command window type
▪ db2licm -l
Not
enough memory for
Sametime + Connections
databases (20+).
!35

36. Step 3: Installation Manager
© 2014 IBM Corporation

37. Installation Manager Download
▪ Hard to find on IBM’s usual download site
▪ Can be found on fix central
▪ Search Google for ‘installation manager download” to find a technote with FTP links
This is
version 1.7.1. Sametime uses 1.6.2
by default but can use later
!37

38. Installation
Manager extracted click
“Install” to run
!38

39. Installing Installation Manager
!39

40. !40

41. !41

42. There
can only be one Installation
Manager on each server
!42

43. !43

44. !44

45. !45

46. Installation
Manager’s menu “Install” to
install new software
“Update”
to patch or hotfix already
installed software
“Rollback”
to remove a hotfix or patch
“Modify”
to add new features (we do
this with Connections all the
“Uninstall”
time)
to completely remove installed
Software
!46

47. Installation Manager - Things To Know
▪ Installation Manager keeps a track of all software it installs
▪ You can’t uninstall software that was installed via Installation Manager without going
through the Installation Manager menu
▪ Everything other than Domino and DB2 installs via Installation Manager
▪ Installation Manager must be on every machine where you want to install a WebSphere
component
▪ You can’t uninstall Installation Manager whilst programs it installed still exist
▪ You can’t install multiple Installation Manager’s on the same server
▪ Get the right version
▪ Get it installed in the right place
▪ Leave it alone :-)
!47

48. Step 4: WebSphere
© 2014 IBM Corporation

49. WebSphere Installers
The
WAS installers come in multiple
parts which must all be extracted to the
same directory
!49

50. Extract Each WAS Part File To The Same Directory
!50

51. WAS Installers Extracted
Part 1
Part 2
Part 3
From Part 1
!51

52. Launch Installation Manager
!52

53. We Need To Add A New Installation Repository
▪ An installation repository tells Installation
Manager where to look for install files
▪ Choose “File - Preferences” from the
Installation Manager home screen
!53

54. Since
This
this is our first install there
checkbox means that
are no repositories yet, we need to
Installation Manager will ask you
add them
for IBM credentials and will search
online for patches and fixes for
any installed software
!54

55. Browse
to the directory where you
have extracted all your WebSphere
installers
!55

56. Confirm The
We
select a repository (in this
case our WebSphere installers) by
selecting the repository.config file in
our extracted WAS directory
!56

57. The
repository is successfully added
which tells Installation Manager “search
here for new software”
!57

58. Installing WebSphere
▪ Once the repository is created we click “Install” on the Installation Manager home page
!58

59. Selecting Packages
▪ Installation Manager finds a product to install in the repository it knows about, in this case
WebSphere 8.5.5
!59

60. Select What To Install
!60

61. Installation Running
!61

62. Installation Manager Shared Directory
▪ This is the first time we have installed anything via Installation Manager so it wants to know
where you want it to store the information it knows about the software it installed
▪ This location cannot be changed or deleted later and should be accessible to any account
running Installation Manager for installs or updates
!62

63. WebSphere Install Location
Case
sensitive on Linux and
with command scripts
Try to
keep the path length short
and never allow spaces
!63

64. Features To Install
!64

65. Summary Screen
Verify disk capacity. By default
logs and other software will be
installed on this same path
!65

66. Installer Running
▪ This can take some time.. from 10 mins to 40 mins depending on disk speed
!66

67. Install Complete
Usually
we create a profile but for
Sametime we don’t as the SSC
install creates two of its own
!67

68. Step 5: Create System Console DB
© 2014 IBM Corporation

69. The Sametime System Console Database
▪ To store the configuration settings for all the Sametime servers the SSC must have a DB2
database to write to
▪ Databases are used by several Sametime components
▪ System Console
▪ Meetings
▪ Proxy
▪ Advanced
▪ Bandwidth Manager
▪ Before we can install any of the above components we first need to create their databases,
starting with the Sametime System Console
!69

70. Scripts to
auto create the databases and apply the
schema are in the DatabaseScripts directory of
the extracted SSC install files
!70

71. Running the Create Script For The SSC Database
▪ Go to the directory where the script is located (move it somewhere more convenient if you
want but move the entire directory not just the batch file)
▪ The command syntax is
▪ scriptfile nameofdatabase nameofdb2administrator
e.g. createSCDB STSC db2admin
will create a database called STSC with db2admin as its administrator
!71

72. You May Get A Blank Screen For A Few Minutes
Don’t Panic!
!72

73. Eventually
the createSCDB script
will start writing to screen
and complete
!73

74. Step 6: Install Sametime System
Console
© 2014 IBM Corporation

75. To
install new software we must
use Installation Manager
!75

76. As
we did with WebSphere, we have to set
up a repository to tell Installation Manager
where to look for install files
!76

77. Locate Where You Extracted The System Console Files To
There
should be a repository.config
file in the root folder
!77

78. We Still Have The WebSphere Repository Defined
Leave that in place
!78

79. Now We Add The Sametime System Console Repository
!79

80. Now We Have Two Repositories That Installation Manager
Knows About
Leaving
both checkboxes selected tells
Installation Manager to search both
directories for new software
!80

81. Now Our Repository Is Added We Select “Install”
!81

82. Installation
Manager finds Sametime
System Console To Install
!82

83. !83

84. Package Groups
Since this
is the first of the Sametime products
Installation Manager has installed, it wants to create
a new package group and location to store all of its
information about the Sametime product
!84

85. Confirmation Screen
- Note There Are No Optional Features
!85

86. The
SSC installs using WebSphere
so we need to tell the installer where
WebSphere is
Selecting
validate tells Installation Manager
to verify the directory and WebSphere
are where you said they were
!86

87. Once
validated you can move to
the next screen
!87

88. Here
we define our SSC WebSphere
settings including Node name and Cell
name. These are non changeable
once created
This
will be the administrative
credential for all your
Sametime servers
eventually
Avoid
any special password
characters including
! @ { } $ etc
!88

89. Our
final configuration page is
to tell the install where to find the
DB2 database we just created and
how to login to it
Don’t
forget to validate
!89

90. Validated
means the installer was able
to connect to your DB2 server and
access the database you specified
using the credentials given
!90

91. Summary Page
Check
disk capacity before
continuing
!91

92. Install Running
▪ This can take up to an hour
!92

93. Sametime System Console Install Complete
!93

94. Verify The Two New Profiles Exist
▪ STSCDMgrProfile is the deployment manager which manages all servers in the cell
▪ STSCAppProfile is the application server hosting the Sametime System Console application
!94

95. Sametime 9 On Windows Creates Services For All
Components
▪ STConsoleServer_DM - the deployment manager
▪ STConsoleServer_NA - the node agent
▪ STConsoleServer - the application server
▪ Services should be started in the order listed above
▪ The application server won’t start until the node agent is started
!95

96. Starting Servers Manually
▪ To start servers manually go to the “bin” directory under each profile and type
▪ startServer [servername]
the server name and (on linux) the command itself are case sensitive
▪ The deployment manager can be started using “startManager” instead of startServer dmgr
▪ The node agent can be started using “startNode” instead of startServer nodeagent
!96

97. Log Into The Sametime System Console
URL
https://<hostname>:8701/ibm/console
The
SSC has a certificate
creates by the installer which your
browser won’t recognise
!97

98. Use The Credentials Created During Install To Login
!98

99. Logged
in we can verify the
SSC is installed
!99

100. Backup Before Making Changes
▪ Since we’re about to change WebSphere security, let’s backup first
▪ from bin directory under the STSCDMgrProfile type backupconfig <nameofzipfile> -nostop
!100

101. The STConsoleServer Is Installed And Running
!101

102. Post Install Step 1: Set The Max JVM Heap Size For The
Deployment Manager
!102

103. Set
the Max Heap Size to
2048 (default is 512)
!103

104. Whenever You Change A Server Configuration
- Restart The Server
!104

105. Let’s Verify The DB2 Connection Is In Place
!105

106. You
would only ever edit the
connection if the db2 server hostname
or credentials change
!106

107. Step 7: Configuring LDAP
© 2014 IBM Corporation

108. We Need An LDAP Connection To Allow Users To
Authenticate
▪ Select “Connect to LDAP Server” under Sametime Prerequisites
!108

109. Defining
LDAP connections. If you
use SSL then you must import
the SSL certificate here
!109

110. LDAP Base Entry
▪ The level within the LDAP hierarchy that should be searched to find and authenticate users
▪ for Domino this is usually empty so non hierarchical entries like groups can be found
!110

111. Advanced LDAP Settings - Optional (1st part)
▪ If you don’t modify Advanced
settings the default values will be
used which will be fine in many
standard installs
Using
Advanced settings you can specify the
attribute to be used for display name as well as
that which contains the home sametime
server
!111

112. Advanced LDAP Settings - Optional (2nd part)
The
attributes users can use to login
and those used when searching for
new contacts
!112

113. Advanced LDAP Settings - Optional (3rd part)
How
to find groups and
group members
!113

114. LDAP Configuration Complete
!114

115. Another Server Change Requires Another Server Restart
!115

116. Once
the server is restarted you
should test by searching for users
who are in LDAP
!116

117. Step 8: Windows Networking
© 2014 IBM Corporation

118. Windows 2008 & Later Networking Issues
- Sametime Community Server
▪ Before installing the Community Server there are default networking settings that conflict with
Sametime we need to check for incorrect settings using “netsh in tcp show global”
▪ Chimney Offload should be disabled
▪ Receive-Side Scaling should be disabled
▪ Receive Window Auto-Tuning should be disabled
▪ Add-On Congestion Control Provider Should Be None
!118

119. First Back Up The Registry (To Be On The Safe Side)
▪ Load regedit.exe from the Windows menu
▪ Choose File - Export and save a backup of the registry
!119

120. !120

121. Now Issue The Commands To Disable The Unwanted
Networking Settings
!121

122. Step 9: Install Community Server
© 2014 IBM Corporation

123. Every Sametime Server Install Starts With Creating A
Deployment Plan
!123

124. Name The Deployment Plan Something Meaningful For You
Users Won’t See This Name Ever
!124

125. Choose Which Version Of Community Server To Install
▪ You Can Still Install 8.5.2 In A v9 SSC but would have to use a Domino 8.5.2 server
!125

126. Configuring Domino Server To Use For Community Server
▪ Domino server must be installed and running HTTP
Credentials
should already exist in
Domino Directory
!126

127. Select LDAP Configuration To Use
▪ Your options will only be those you have created under “LDAP Configuation” in the previous
step
!127

128. HTTP Tunneling
▪ Enables client connections on port 80 as well as port 1533
!128

129. Summary Of Deployment Plan
!129

130. Whilst
the status is “Ready to Install”
the plan can be modified
!130

131. Sametime Community Server Install Files
!131

132. To Start The Install Run setupwin32.exe
▪ Sametime Community Server remains a
32bit application and can’t install on a
64bit Domino server
!132

133. Choose Language Version
!133

134. !134

135. !135

136. !136

137. Since
we have a deployment plan
we use the System Console to
install
!137

138. We tell
the installer how to find the
System Console by hostname and
port
These
are credentials to
login to the System
Console
The
hostname used here must
match the one in the plan we
just created
!138

139. The
hostname matches a plan found in
the System Console and the plan name
is returned
!139

140. !140

141. Community Server Install Completed
!141

142. Restart The Server Once Community Server Is Installed
!142

143. Status Once Community Server Is Installed
▪ Deployment Plan will be marked “Installed / Registered”
!143

144. Status Once Community Server Is Installed
▪ A Community Server will be visible in the System Console
!144

145. Step 10: Post Community
Server Configuration Steps
© 2014 IBM Corporation

146. ▪ Any server that will need to connect to the Community Server must be listed in the Trusted
IPs for that server. List the ips for any other Sametime component for instance
▪ Choose the server we just installed which is listed under “Sametime Community Servers”
▪ Policies need to be reviewed
▪ Global Community Server properties need to be set
!146

147. Editing Community Server Connection Properties
▪ The account and password used for the System Console to access the Community Server
are stored under “Edit” on Connection Properties
!147

148. Setting Community Server Properties
▪ Changes here will require a restart of the Community Server so let’s do them all now
On
servers with multiple ips make
sure to bind to a specific
hostname only
!148

149. !149

150. Adding Trusted IPs
!150

151. List of Trusted IPs
▪ Will overwrite the field in stconfig.nsf on restart
▪ Can not apply on the fly, Community Server must be restarted
!151

152. !152

153. Enable
offline messages here. The setting will
apply to all Community servers
!153

154. Working With Policies
▪ Two default policies are created, one covering all authenticated users and one for anonymous
users. Review these before going any further
▪ As of Sametime 9 policies no longer exist in the Domino web based Sametime administration
and neither does stpolicy.nsf
▪ You must now have a System Console if you want to use policies with Sametime
!154

155. Instant Messaging Policy
If
you are upgrading communities
side by side consider
This is
a client side setting,
transcripts are not saved on the
server automatically
Contact
list size significantly effects
LDAP performance
!155

156. Mobile Specific Section Under Instant Messaging Policy
!156

157. Security Section Under Instant Messaging Policy
!157

158. Setting “Ignore” For Case Sensitivity During Lookups
▪ Required by iNotes and WebSphere based applications such as IBM Connections
!158

159. Step 11: Install Sametime Proxy Server
© 2014 IBM Corporation

160. Sametime Proxy Server
▪ The Sametime Proxy Server acts as a web proxy to your Community Server
▪ It can connect to any server in your Community
▪ Mobile clients connect to the Sametime Proxy Server and from there to the Community
Server
▪ Building a new Sametime Proxy Server requires us to create a database and then a
deployment plan before installing
!160

161. Creating The Sametime Proxy Server Database
▪ The create database script is found in the DatabaseScripts folder
in the extracted Sametime Proxy Server install directory
!161

162. Creating The Sametime Proxy Server Database
▪ Run from a command prompt
▪ createProxyDb [databasenametocreate] [db administrative account]
▪ e.g createProxyDb STPROXY db2admin
!162

163. Database Script Running
It
can take a few minutes to run
but when complete you should
see this
!163

164. Adding Our Newly Created DB To The System Console
!164

165. db2
server hostname & port
Newly
created db name
!165

166. Database Added To The System Console
The
STPROXY database details were
validated before it was added including
DB2 server , port and access
!166

167. !167

168. Create A Deployment Plan
!168

169. Deployment Plan Name
Only
visible to administrators
not users
!169

170. Community Server Version
You can
install earlier Community Server versions
into a v9 SSC but Domino can’t be v9 unless the
Community Server is
!170

171. Primary and Secondary Nodes
▪ The first server of a type added to the System Console is the Primary Node
▪ additional servers considered cluster mates are secondary nodes
▪ If you install a server in its own cell it will not be managed by the System Console
▪ There can only be one Primary Node of each server type (Meeting, Proxy , Advanced etc) in
each cell
!171

172. Add
the new node to the existing
Cell (the System Console)
!172

173. These
are the WebSphere
configuration settings for the
new Sametime Proxy
Install
If
using Primary or Secondary
node,the server will be federated into the
cell and its user id and password
overwritten with that of the SSC
!173

174. Select Which Community Server To Connect To
▪ The Sametime Proxy will connect to any server in the Community (the Domino domain)
▪ You can modify its XML file later to bind it to a cluster or a specific server
!174

175. Select The Database To Use
▪ If you try selecting STSC it will not accept that as a valid database because the schema will
be wrong, this is why we create a specific database for the Sametime Proxy
!175

176. Deployment Summary
!176

177. Deployment Plan Complete & Ready For Install
!177

178. Locate The Repository.Config
▪ We will need to add the install repository for the Sametime Proxy to the Installation Manager
to do the install
▪ The repository.config should be in the root directory of the extracted install files
!178

179. Launch Installation Manager To Add A New Repository
!179

180. Browse
to the repository.config file
in the install directory
!180

181. We
now have three repositories that
Installation Manager is told to look in
WebSphere
SSC
Sametime Proxy
!181

182. Since
Installation Manager is told to look
in three repositories it finds three software
products to install. We select Sametime
Proxy Server only
!182

183. Since we
have already installed the SSC we
have a package group
If
this was a dedicated server for
Sametime Proxy there would be no existing
package group and Installation Manager
would create one
!183

184. We
have a deployment plan so
we use the System Console to
find that and install
!184

185. We
Since
Sametime Proxy Server
installs using WebSphere we
must tell the installer where
WebSphere is
!185
can’t proceed until
we validate WebSphere
is in place

186. Once
validated we can move
to the next step
!186

187. Hostname
& port of the System
Console
Credentials
used to login to the SSC
Hostname
for the Sametime Proxy server
(must match the deployment plan
hostname)
!187

188. The
settings must be validated
before you can continue, this
ensures the SSC can be found
and connected to
!188

189. Name of
Primary
deployment plan in the SSC
Node Install
matching this install type (Sametime
Proxy) and hostname
!189

190. Deployment
plan settings. Select
“validate” to test before install
can complete
!190

191. Once
deployment plan and install
settings are validated the install
can continue
!191

192. Check
available disk
Select
“Install”
!192

193. Sametime Proxy Install Complete
▪
!193

194. Sametime Proxy Server Started
▪ nodeagent
▪ STProxyServer
!194

195. Deployment Plan Shows Complete
!195

196. Check The Ports Assigned To The Server
Select
the STProxyServer
!196

197. Choose
“ports” under
“Communications”
!197

198. Go to
http://proxyhostname:wc_defaulhost/stwebclient/index.jsp
!198

199. Verify
the web client can log you in
(make sure popups aren't
disabled)
!199

200. Logged
into the web client. If login fails
make sure the trusted ip is listed
correctly and the Community Server
has been restarted
!200

201. Step 12: Virtual Hosts and
Tuning
© 2014 IBM Corporation

202. Creating A Dedicated Virtual Host
▪ Each Sametime component uses a dedicated virtual host to isolate its traffic from any other
server in the cell on the same port
▪ Without this step you may see redirections failing
▪ Make sure you BACKUP deployment manager before making these changes
!202

203. Precreated virtual hosts
Select
“New” to create a
dedicated virtual host
!203
admin_host used by the SSC
proxy_host is nothing to do with
the Sametime Proxy

204. Call the
new host anything not already in use,
in our case we’ve used
Now
click on Host Aliases to
add our new ports
!204

205. Click
“New” to add specific ports for
the Sametime Proxy Server
hostname
!205

206. Add each
port for any hostnames you want to
access the Sametime Proxy Server on
!206

207. You
should end up with entries
for each hostname for the server
ports
wc_defaulthost
wc_defaulthost_secure
plus: 80 & 443
!207

208. We
need to modify the default_host
aliases to remove the wildcard entries
for ports we have explicitly mapped
!208

209. Since
we mapped ports 9081, 9444,
80 and 443 in the stproxy_host we we
need to delete these as they now
conflict
!209

210. Remaining default_host Ports
!210

211. Mapping The Application To The New Host
▪ Go to Applications - All applications
!211

212. Now
we need to map our new
stproxy_host to the Sametime Proxy
Application
!212

213. Select “Virtual hosts” To Modify The Mapping
!213

214. Everything
is mapped to default_host.
We need to select all and map to
the new virtual host stproxy_host
!214

215. Now
the modules are mapped
correctly and we can save this and
restart the Sametime Proxy
Server
!215

216. Modify The Sametime Proxy Configuration
!216

217. Connectivity
What
Community Server or
cluster this Sametime Proxy
connects to
!217

218. Managing Performance
Number
of concurrent user connections.
“0” disables all user connections
Disable
this if you want to prevent the
Sametime Proxy Server authenticating
against the user’s home server instead of the
server connected to this proxy
!218

219. Mobile Settings
APNS
ports for iOS notifications
that must be open outbound
from the Sametime Proxy
Server
Disable
PUSH for iOS forcing logout when
client goes into the background
!219

220. Creating A WAS Proxy For Our Sametime Proxy
▪ The Sametime Proxy Server when installed runs on the wc_defaulthost and
wc_defaulthost_secure ports for http and https respectively
▪ Those are not the ports 80 & 443
▪ To avoid having to place the port number in the URL to access the Sametime Proxy Server
we create a WAS Proxy that runs on ports 80 & 443 and provides a proxy service to the
application server
▪ We do the same for Meeting Servers
!220

221. !221

222. Select
the node the application
server is on
This
will be the server name
of the WAS Proxy
!222

223. Make
sure to disable “SIP” which
isn’t used for Sametime Proxy
!223

224. !224

225. WAS Proxy Summary
!225

226. New WAS Proxy Created
!226

227. Once Started You Should Be Able To See Ports 80 & 443
Listening on the Host Name Being Used
▪ You don’t have to install the WAS Proxy on the same server as the Sametime Proxy Server
▪ You can install multiple WAS Proxies behind a load balancer for additional failover
!227

228. Step 13: Configure SSL
© 2014 IBM Corporation

229. Configuring SSL
▪ To use SSL we are going to want to install a certificate from a known certificate authority and
not use the internal IBM one that the installer created on the fly as that isn’t recognised by
any browser or mobile device
▪ To do this we need to import the trusted certificates from whatever CA we choose and then
generate a Certificate Signer Request and import the certificate we are given
▪ All of the SSL work is done under SSL Certificate and Key Management
!229

230. Step 1: Install The Trusted Roots
▪ I used GeoTrust for my CA but you could use any provider
▪ Trusted roots are installed into the CellDefaultTrustStore under Signer Certificates
!230

231. The
only trusted root that exists is
the one IBM created on the fly
during install
!231

232. Adding A New Trusted Root Certificate
Take
the trust certificates from your
authority’s site (in my case GeoTrust)
and add them here. Alias can be
anything meaningful to you
!232

233. Certificate
will be added and show a
confirmation screen.
!233

234. Both GeoTrust Root Certificates Added
!234

235. Only The Default Personal Certificate Created By The
Installer Exists
!235

236. Create A Personal Certificate Request (CSR)
▪ This will create a file you can upload to any CA site such as GeoTrust, Verisign, GoDaddy,
Thawte to complete your request for a SSL certificate
▪ Go to CellDefaultKeyStore (not trust store) and choose “Personal Certificate Requests”
!236

237. Completing a CSR (Personal Certificate Request)
The
details you complete
here must match those
submitted on the CA site. The
Organization name must match
the owner of the domain you
are requesting a CSR for
!237

238. Importing A Completed Certificate
▪ Once your CA returns the certificate to you, it needs to be imported.
▪ If it arrives as an email just copy/paste the contents of the certificate into a text file
▪ Choose “Receive certificate from CA”
▪ You can only receive a certificate you have an outstanding request for
!238

239. Certificate Successfully Imported
!239

240. Mapping The New Certificate To The Server Instances
▪ Now we have our new certificate we have to tell our application servers to use it instead of
the certificate they were installed with
▪ Wildcard certificates can be used here and with Sametime 9 it’s a requirement that the
Sametime Advanced and Sametime Proxy servers do use the same exact certificates
▪ To map a new certificate go to “Manage EndPoint Security Configurations”
!240

241. Select
the server to map. Here we have
already mapped the STProxyServer but
also need to map the WAS Proxy
stproxy_fwd
Select
server name to map
!241

242. SSL Mapping
Make sure
to override inherited values
Select the
new alias from the drop down list
!242

243. Both
inbound and outbound
mappings must be completed for
all servers on the node (but not
the nodeagent)
!243

244. Restart Both The Application Server And WAS Proxy
▪ Go to https://<stproxyhostname>
▪ redirection will happen automatically
▪ no port required
▪ the new SSL certificate should be in place
and no warnings received
!244

245. To Enable Google Android Push Updates We Need To
Import Google’s Certificates
Use
EXACTLY these
settings and select “Retrieve
signer information”
!245

246. Android’s SSL Certificates
!246

247. Step 14: Test
© 2014 IBM Corporation

248. Install The Sametime Mobile Client
▪ Available from both Apple and Android Stores
!248

249. Configure The Sametime Mobile Client To Connect
Hostname
(must work both internally
and publicly)
Secure
SSL Port
!249

250. Login
!250

251. ▪ Access Connect Online to complete your session surveys using any:
– Web or mobile browser
– Connect Online kiosk onsite
8