IBM Collaboration Solutions                                  IBM Sametime 8.5.2 IFR1                                  Inst...
Agenda            ●     Introduction            ●     Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile            ...
Introduction  ●   This document describes how to implement, in a very fast way, the infrastructure to      access your IBM...
New Sametime Mobile Instant Messaging      ●    Instant Messaging Client for Android          ●  Released with Sametime 8....
Sametime Mobile Features     ●   Contact List                     ●   Send photos     ●   QuickFind                       ...
Native presence and IM on Android phonesSocial Business                 6             © 2010 IBM Corporation
Native presence and IM on the iPhoneSocial Business                 7         © 2010 IBM Corporation
Native presence and IM on the iPadSocial Business                  8      © 2010 IBM Corporation
Support for Apple® Push NotificationSocial Business                   9       © 2010 IBM Corporation
Getting Sametime Mobile iOS clients                                         ●   iOS client is distributed through the     ...
Getting Sametime Mobile Android Client  ●   The Android client can be loaded from the Android Market, or from the Sametime...
Agenda            ●     Introduction            ●     Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile            ...
IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) ServerPrerequisites       ●    IBM Sametime Community Server lowest release ...
IBM Sametime Community Server     This deployment is tested by the author of this document with all IBM Sametime     Commu...
Hardware required for this Pilot Example Deployment     ●    1 Server for the IBM DB2 Server, IBM Sametime 8.5.2 IFR1 Prox...
OS and Network requirements    ●   Make sure that all servers you want to use can be resolved in DNS.    ●   If DNS is not...
Ports to be opened in the firewalls    ●   From your IBM Sametime Proxy (Mobile Access) Server in the DMZ          to all ...
Required files for a deployment on Windows For a Windows installation you need to download these files from Passport Advan...
Required technical users for IBM Sametime 8.5.2  IBM Sametime requires some technical users for components to  communicate...
Native client on iOS or Android device      ●   Getting the mobile Clients          ● iOS on App Store          ● Android ...
Agenda            ●     Introduction            ●     Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile            ...
Different ways to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment     It is possible to place all the ne...
IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Serverour pilot deployment architecture recommendation                      ...
For the APNS to work there are some requirements:      ●   The IBM Sametime Proxy Server must be able to connect to the AP...
Agenda            ●     Introduction            ●     Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile            ...
The 10 steps to a Sametime 8.5.2 IFR1 Proxy environment     1.Prepare your machine and the network     2.Configure the com...
STEP ONE: Prepare your machine and the network    Summary    Before you can install your IBM Sametime Proxy (Mobile Access...
The machine on that you run the IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server and the DB2 Database Server can be a ...
More information can be found in the official IBM Sametime  Documentation at this URL:  http://www-10.lotus.com/ldd/stwiki...
STEP TWO: Configure the IBM Sametime                     Community server(s) to trust the IBM Sametime                    ...
There are several ways to configure your Sametime Community Servers to trust other   servers.   The most used way in a Sam...
Start your Lotus Notes client with that you can access and administer your    Sametime Community servers. Then open the “S...
Open the “CommunityConnectivity” document.Social Business                          33      © 2010 IBM Corporation
Add the IP address of your new IBM Sametime Proxy (Mobile Access) Server in    the “Community Trusted IPS” field. Then sav...
Now restart the Sametime Community Server by entering the command „restart server“   in the Domino Console window. Never u...
STEP THREE: Install the Sametime Proxy Server                     8.5.2 without SSC as a Cell profile    Summary    This s...
Navigate to the Installation Directory and start the launchpad installer. We use a   Windows CMD command window and enter ...
The Sametime Proxy Launchpad Installer is loading. Click the link „Install IBM Lotus    Sametime Proxy Server“Social Busin...
Now click the link „Launch IBM Lotus Sametime proxy Server 8.5.2 Installation“Social Business                            3...
The Installation Manager is starting upSocial Business                               40   © 2010 IBM Corporation
Click the “Next” button to continue.Social Business                            41   © 2010 IBM Corporation
Accept the terms in the license agreement and click the “Next” button to continueSocial Business                          ...
Remove “Program Files” and click the “Next” button to continue  We recommend to use path names without spaces (as some scr...
Click the “Install” button to install the Installation Manager.Social Business                                  44        ...
The installation Manager is now installingSocial Business                                  45   © 2010 IBM Corporation
If you are using Windows 2003 R2 or Windows 2008 R2, it can be possible that   you run into a JAVA heap memory overflow du...
Open your File Explorer and navigate to your Install Managers eclipse directory  “C:IBMInstall Managereclipse”. Then open ...
Add he parameter “-Xmx1024m” at the end. Then save and close the file. This parameter is case sensitive. Click “File” and ...
Now you can click the „Restart Installation Manager“ button to continue.Social Business                               49  ...
The IBM Installation Manager is loading.Social Business                                50   © 2010 IBM Corporation
To Install the Sametime Proxy Server click the „Install“ icon.Social Business                                51           ...
Check the „IBM Sametime Proxy server“ and „Version 8.5.2“ entries. They are    unchecked by default. Then click the „Next“...
Accept the terms in the license agreement and click the „Next“ button.Social Business                              53     ...
Remove “Program Files” and click the “Next” button to continue.   We recommend to use path names without spaces (as some s...
Enter the correct path (remove „Program Files“ and click the „Next“ button to continue.  The Package group is the installa...
We do not want to use a predefined Deployment Plan from the Sametime System    console. Uncheck the “Use Lotus Sametime Sy...
With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing      WebSphere 7.0.0.15 Server. We dont w...
Leave the default setting “Standalone (Deployment Manager and Primary Node)”. Fill the full qualified Host Name and add a ...
Enter the host name of your IBM Sametime Community Server. Then click the “Validate”   button.Social Business             ...
When the connection was successfully tested the text in the button changes to “Validated”. Then click the “Next” button to...
Check your settings again and then click the „Next“ button to continue.Social Business                               61   ...
Start the installation by clicking the „Install“ button.Social Business                                   62           © 2...
The Sametime Proxy Server is now installing. This step takes approximately 30 to 45    minutes because you are installing ...
Important to know...   The Sametime Proxy Server:       ● does not need a LDAP connection       ● is just a Web Interface ...
When the Sametime Proxy Server has installed successfully just click the „Finish“    button. Then exit the Installation Ma...
STEP FOUR: Update the Sametime Proxy Server to                     IFR1    Summary    Use this procedure to apply the Inte...
The installation in the previous step started all the components of the IBM Sametime   Proxy server. For the upgrade to IF...
Open a CMD line Window and navigate to the directory:   “cd IBMWebSphereAppServerprofilesSTPAppProfilebin”.   Then enter t...
When the Sametime Proxy Server has stopped stop the nodeagent next with the command “stopServer nodeagent”.Social Business...
Now change to the DMGR profile with the command “cd ....STPDMgrProfilebin”. Then enter the command “stopServer dmgr -usern...
Open a new CMD Line window in Admin mode. Then enter the command “cd    InstallIBM Sametime Proxy Server” and press the “E...
Enter the command “update.bat” and press the “Enter” key.Social Business                             72                  ©...
The IBM Installation Manager is starting up.Social Business                               73   © 2010 IBM Corporation
Now click the “Update” button to continue.Social Business                              74   © 2010 IBM Corporation
Select the Product you want to upgrade. Here we select “IBM Sametime Server    Platform”. Then click the “Next” button to ...
Click the “Next” button to continueSocial Business                           76   © 2010 IBM Corporation
We are sure that all WebSphere Servers are shut down. Just click the “Next” button    to continue.Social Business         ...
Click the “Update” button to install the IBM Sametime Proxy Server IFR1.Social Business                              78   ...
The IBM Sametime Proxy Server IFR1 Update is now installing. This step takes    approximately 20 to 25 minutes.Social Busi...
Important to know...      A new main feature in Sametime 8.5.2 IFR1 Proxy Server is the Apple iOS integration      using a...
When the installation has finished successfully, click the „Finish“ button to close the    Installer.Social Business      ...
Click “File” and then “Exit” to quit the Installation Manager.Social Business                                  82         ...
STEP FIVE: Post Install Tasks for the IBM Sametime                     Proxy Server    Summary    This procedure is only r...
Open your preferred browser and enter the URL “http://webchat.renovations.com:8600/admin”. Login to the WebSphere Integrat...
Click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business                           ...
Click your “STProxyServer” now.Social Business                    86   © 2010 IBM Corporation
Click the “Ports” link.Social Business              87   © 2010 IBM Corporation
Click the “WC_defaulthost” link.Social Business                       88   © 2010 IBM Corporation
Change the port to “80” and click the “OK” button.Social Business                               89      © 2010 IBM Corpora...
Now click the “WC_defaulthost_secure” linkSocial Business                            90   © 2010 IBM Corporation
Change the port to “443” and click the “OK” button.Social Business                                91          © 2010 IBM C...
Click the “Save” link to save your last changes.Social Business                                92   © 2010 IBM Corporation
You have now successfully changed the your Sametime Proxy Server to listen on Ports     80 and 443.Social Business        ...
The next configuration step is only required if your Sametime Community servers use   Domino Directory authentication and ...
Now click on “Applications” - “Application Types” - “WebSphere enterprise applications”.Social Business                   ...
Select your “SametimeProxy” application and click the “Update” button.Social Business                              96     ...
If you have copied the SametimeProxy.ear file (downloaded from the Web Site) to your Proxy Server, then click “Remote file...
Navigate to the directory to where you have copied the file and select it. Then click the   “OK” button.Social Business   ...
Click the “Next” button to continue.Social Business                           99   © 2010 IBM Corporation
Click the “Next” button to continue.Social Business                           100   © 2010 IBM Corporation
Click the “Next” button to continue.Social Business                           101   © 2010 IBM Corporation
Click the “Next” button to continue.Social Business                           102   © 2010 IBM Corporation
Click the “Finish” button to continue.Social Business                             103   © 2010 IBM Corporation
Click the “Save” link to save your last changes.Social Business                                104   © 2010 IBM Corporation
To check that your application is updated, click the “SametimeProxy” application.Social Business                          ...
Click on “Application binaries” now.Social Business                             106   © 2010 IBM Corporation
You can see the application version 8.5.2.1 from 31. Jan. 2012, 13:50Social Business                               107    ...
STEP SIX: Install the DB2 database server   Summary   This step installs the IBM DB2 9.7 Server.   We like to use a CMD co...
Enter the command “cd InstallSametimeDB2” and press the “Enter” key.     Enter the command “Launchpad” and press the “Ente...
Just click the “Install IBM DB2” link.Social Business                              110   © 2010 IBM Corporation
And again click the “Install IBM DB2” link.Social Business                                   111   © 2010 IBM Corporation
The Installation Manager is starting upSocial Business                               112   © 2010 IBM Corporation
Now click the „Install“ icon to continue.Social Business                                 113   © 2010 IBM Corporation
Select „DB2 – Version 9.7.0.0“ and click the „Next“ button to continue.Social Business                               114  ...
Accept the terms in the license agreement and click the “Next” button to continue.Social Business                         ...
Again remove “Program Files” and click the “Next” button to continue.   We recommend to use path names without spaces (as ...
Click the “Next” button to continue.Social Business                            117   © 2010 IBM Corporation
Enter the DB2 Administrator Username (we use the default “db2admin”) and enter    the DB2 Administrator Password twice. Th...
Click the “Install” button to install the DB2 ServerSocial Business                                 119         © 2010 IBM...
The Installation Manager installs the IBM DB2 Server now. This step takes    approximately 10 to 15 minutes.Social Busines...
Important to know...     Your DB2 Database Server is a sensitive component in your Sametime     Environment.     It stores...
When the installation has finished successfully, click the „Finish“ button and then close    the Installation Manager and ...
Before we can continue with the next step, you need to restart the CMD-Line window   under Windows 2003.   Under Windows 2...
STEP SEVEN: Create the DB2 Database for the                     Sametime Proxy Server   Summary   This step is to create a...
Next is to create the database in the DB2 Server. If your DB2 Server is on a separate   machine or on another machine, the...
Run the database creation script with the command: “createProxyDb.bat STPR   db2admin”. The term “STPR” is the name of the...
Be sure that you see the “...command completed successfully” message after all commands.Social Business                   ...
STEP EIGHT: Configure the Proxy Server to use the                     DB2 Database   Summary   In this step you manualy re...
Open a File explorer and navigate to “C:InstallIBM Sametime Proxy      ServerDatabaseScripts”. If you have unpacked the in...
Open a second explorer window and navigate to the directory      “C:IBMWebSphereSTPServerCell”. Then copy the file “proxyD...
Next is to navigate to the directory   “C:IBMWebSphereSTPServerCellSametimeProxyServerOfferingSametimeServe   rSTProxyprox...
Edit the following values:   * proxy.DbAppUser (db2admin)   * proxy.DbAppUserPassword (db2admin password)   * proxy.DataBa...
Now it is required to configure the DB2 Database who caches messages to the iOS devices in the Sametime Proxy Server. For ...
Open a CMD-Line window and navigate to the directory     “C:IBMWebSphereSTPServerCell”.Social Business                    ...
Now start entering the command. Begin just with “..”. Next is to paste the part from the   dashboard.Social Business      ...
Continue with “wsadmin.bat -lang jython -user wasadmin -password passw0rd -f “”   Dont forget the “ at the end because the...
Now we need the path to the file proxyDBSetup.py including the filename.Social Business                              137  ...
Copy and paste the path from the explorer window, add the backslash and then copy and   paste the filename from the explor...
Now we need the path and filename of the “proxy.properties” file that we have edited   just before.Social Business        ...
Start with blank and double quotes then paste the path. Then add the backslash and then paste the filename. Add a double q...
The script is now running.Social Business                   141   © 2010 IBM Corporation
The script has finished.     After the database configuration the IBM Sametime Proxy Server needs to be     restarted for ...
Open your browser and navigate to your SSC – ISC. Login with your wasadmin user   and then navigate to “Resources” - “JDBC...
Now click on “Resources” - “JDBC” - “Data sources”. Here you should see your newly   created Data Source configuration.Soc...
Check mark the “STProxyDataSource” and click the “Test connection” button.Social Business                            145  ...
Be sure that the result says “successful”. The warning message can be ignored.Social Business                             ...
STEP NINE: Apple Notification to iOS devices    Summary    Use this procedure to apply the Interim Feature Release to IBM ...
Sametime for iOS Message / Notification Flow          Internet               DMZ        Intranet                          ...
Sametime for iOS Message / Notification Flow            Internet               DMZ        Intranet                        ...
Sametime for iOS Message / Notification Flow          Internet                  DMZ           Intranet                    ...
Sametime for iOS Message / Notification Flow          Internet                  DMZ          Intranet                     ...
Sametime for iOS Message / Notification Flow          Internet               DMZ        Intranet                          ...
Sametime for iOS Message / Notification Flow          Internet               DMZ        Intranet                          ...
Sametime for iOS Message / Notification Flow          Internet                  DMZ          Intranet                     ...
Sametime for iOS Message / Notification Flow             Internet               DMZ        Intranet                       ...
Sametime for iOS Message / Notification Flow          Internet                   DMZ           Intranet                   ...
Sametime for iOS Message / Notification Flow          Internet                    DMZ          Intranet                   ...
The IBM Sametime 8.5.2 IFR1 Proxy update installer copies a certificate to the server   that is required to communicate wi...
Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswe...
Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswe...
To synchronize the last changes, go into your WebSphere Integrated Solutions (Admin) Console and click on “System administ...
Select your “webchatProxyNode” server and click the “Full Resynchronize” button.Social Business                           ...
The new APNS certificate files are now synchronized to your application server.Social Business                            ...
STEP TEN:                  Configure SSL in the Proxy Server and deploy the                     certificate    Summary    ...
In your WebSphere Integrated Solutions Console click on “Security” - “SSL certificate   and key management”.Social Busines...
Click on “Key stores and certificates”.Social Business                            166   © 2010 IBM Corporation
Now click on “CellDefaultKeyStore”.Social Business                        167   © 2010 IBM Corporation
And now click on “Personal certificate requests”.Social Business                             168      © 2010 IBM Corporation
Now click the “New” button to create a new certificate request.Social Business                               169          ...
Fill the form with your data: File for certificate request: “c:tempcert_req.cer” Key label: “SSL_Cert” Common name: (your ...
Click on “Save” to save your last changes.Social Business                                 171   © 2010 IBM Corporation
Now copy the certificate request file that you have created into your local workstation.   Then request a trusted server c...
You will receive the certificate from your trust center by e-mail or as a file attachment. Copy the certificate text start...
Now click on “Personal certificates”.Social Business                          174   © 2010 IBM Corporation
Click the button “Receive from a certificate authority...”.Social Business                                175             ...
In the field “Certificate file name” enter the path and filename to your received server certificate “c:tempserver_cert.ce...
Click the “Save” link to save your last changes.Social Business                                177    © 2010 IBM Corporation
Your new server certificate is now imported successfully.Social Business                               178            © 20...
Next is to import the root and intermediate certificates. Click the “Key stores and   certificates” link.Social Business  ...
Click on “CellDefaultTrustStore”.Social Business                        180   © 2010 IBM Corporation
Click “Signer certificates”.Social Business                   181   © 2010 IBM Corporation
Click the “Add” button.Social Business              182   © 2010 IBM Corporation
Enter an Alias for the root certificate “verisign_root” and enter the path and file name to the root certificate file. The...
Click “Save” to save your last changes.Social Business                              184   © 2010 IBM Corporation
Now you have successfully added the root certificate. Do the same steps with the Intermediate certificate.Social Business ...
Click the “Add” button.Social Business            186   © 2010 IBM Corporation
Enter an Alias for the root certificate “verisign_intermediate” and enter the path and file name to the intermediate certi...
Click “Save” to save your last changes.Social Business                              188   © 2010 IBM Corporation
Now you have successfully added the intermediate certificate.Social Business                              189             ...
Click on “Security” - “SSL certificates and key management” and then on “Manage endpoint security configuration”.Social Bu...
In the “Inbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” -   “Servers”. Then click on “STProxyServer”.Soc...
Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button.Social Business  ...
In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.Social Business                ...
In the “Outbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” -   “Servers”. Then click on “STProxyServer”.So...
Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button. In the “Certific...
Save the last changes by clicking the “Save” link.Social Business                                196      © 2010 IBM Corpo...
Now it is recommended to set the services of your Sametime Proxy Server   “STProxyServer”, “STProxyServer_DM” and “STProxy...
Additional Steps after the installation:    Some additional Tuning steps can be done after all components are installed. Y...
Legal Disclaimer      © IBM Corporation 2012. All Rights Reserved.      The information contained in this publication is p...
Upcoming SlideShare
Loading in …5
×

IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

18,496 views

Published on

This document describes how to open your existing Sametime Chat environment for mobile devices like iPad, iPhone or Android smartphones and Tablets.

Published in: Technology, Business

IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

  1. 1. IBM Collaboration Solutions IBM Sametime 8.5.2 IFR1 Installation ”From Zero to Mobile” Make your boss happy Frank Altenburg | SME for Sametime IBM Collaboration Solutions Mail to:frank.altenburg@de.ibm.com Social Business Feb. 16. 2012 © 2009 IBM Corporation
  2. 2. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 2 © 2010 IBM Corporation
  3. 3. Introduction ● This document describes how to implement, in a very fast way, the infrastructure to access your IBM Sametime Community environment from mobile iOS and Android devices. ● It is designed for a Proof of Concept, Proof of Technology or a small test pilot deployment only. ● It does not contain information how to implement a high available infrastructure. ● You can start with this document just to "make your bosses happy". But to make the system available for a larger number of users, it is recommended to invite IBM Services to plan and implement a clustered Sametime Proxy infrastructure in your organization that is fully supported. ● If you already have a Sametime 8.5.x environment with the Sametime System Console in place, then it is recommended to use this SSC to implement your Sametime Proxy Server environment in your DMZ. ● The Author has tested this scenario with all Sametime releases down to version 7.5.1. But officially supported is IBM Sametime version 8.0.2 and newer only. ● You need Sametime Standard licenses for all mobile clients who want to access the system.Social Business 3 © 2010 IBM Corporation
  4. 4. New Sametime Mobile Instant Messaging ● Instant Messaging Client for Android ● Released with Sametime 8.5.2 ● Runs on Android 2.0 and greater ● Available on the Google Market and downloadable from ST server ● Instant Messaging client for iOS ● Released with 8.5.2 IFR ● Runs on iOS 4.3 and greater on iPhone® and iPad® ● Available on the Apple App Store smSocial Business 4 © 2010 IBM Corporation
  5. 5. Sametime Mobile Features ● Contact List ● Send photos ● QuickFind ● Text to speech notification and chats* ● Search corporate directory ● GPS-based location* ● Favorites ● Click to call using carrier ● Presence number or SUT ● Chat history ● Background message ● 1 to 1 and group chat notification ● Announcements ● Emoticons ● Business card ● Sametime Unified Telephony *currently Android onlySocial Business 5 © 2010 IBM Corporation
  6. 6. Native presence and IM on Android phonesSocial Business 6 © 2010 IBM Corporation
  7. 7. Native presence and IM on the iPhoneSocial Business 7 © 2010 IBM Corporation
  8. 8. Native presence and IM on the iPadSocial Business 8 © 2010 IBM Corporation
  9. 9. Support for Apple® Push NotificationSocial Business 9 © 2010 IBM Corporation
  10. 10. Getting Sametime Mobile iOS clients ● iOS client is distributed through the Apple App Store and uses the standard iOS update mechanisms to maintain currency ● Client must be configured to point to the Sametime Proxy server ─ You can play with it on Greenhouse – Server: st85meetingsp.lotus.com – Port: 9444 – Secure Connection: On – Connection Type: Direct ConnectionSocial Business 10 © 2010 IBM Corporation
  11. 11. Getting Sametime Mobile Android Client ● The Android client can be loaded from the Android Market, or from the Sametime proxy server ● If loaded from Market, the standard Market update mechanism is used ● To get from the Sametime proxy server, the loads it from the following web address from their device: <proxy server addr>:<proxy port>/stmobile/Sametime.html ● The automatic update feature from the proxy server (Lotus Mobile Installer, LMI) - Enter the ST proxy server address:port - Enter credentials - Select Next and it logs you into Sametime - As new Sametime client become available, you are notified via an Android notification. You can select it to installSocial Business 11 © 2010 IBM Corporation
  12. 12. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 12 © 2010 IBM Corporation
  13. 13. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) ServerPrerequisites ● IBM Sametime Community Server lowest release that works is 7.5.1. But supported is only 8.0.2 and newer releases. ● You need Hardware or a VM in the DMZ for the server ● You need Network and DNS configuration ● NAT between your DMZ and the internet works fine ● You need Port openings to/from Internet ● You need Port openings to/from Intranet ● You need to download the required installation files from Passport Advantage ● You need 2 special administrative user accounts ● (optional) You need a trusted certificate ● Native client on iOS or Android deviceSocial Business 13 © 2010 IBM Corporation
  14. 14. IBM Sametime Community Server This deployment is tested by the author of this document with all IBM Sametime Community Servers releases starting Version 7.5.1. A Sametime Community Server 7.0 or below does not work and cant be used for this IBM Sametime Mobile Access Server deployment. Officially supported is only IBM Sametime release 8.0.2 or newer. All older Sametime releases are already out of support. It works if the IBM Sametime Community Server uses Domino Directory authentication or LDAP authentication connected to one of the supported LDAP Servers. No other requirements to the LDAP server is required. If you have several IBM Sametime Community Servers or IBM Sametime Community Clusters running in a Sametime community configuration, then this IBM Sametime Mobile Access Server needs to connect to all servers in your community.Social Business 14 © 2010 IBM Corporation
  15. 15. Hardware required for this Pilot Example Deployment ● 1 Server for the IBM DB2 Server, IBM Sametime 8.5.2 IFR1 Proxy Server Quad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS 1 GBit Network Interface with 1 IP addresses an DNS Alias entry. ● Supported OS are: - Windows Server 2003 or 2008 - Linux Enterprise Server RHEL or SLES - AIX - Solaris - iSeries This document describes how to install the components on a Windows 2008 platform. With such a configuration you can host up to ● 3000 concurrent mobile devices * ● 3000 concurrent web client users * * Ask you IBM representative for more detailed sizing information in a defined environmentSocial Business 15 © 2010 IBM Corporation
  16. 16. OS and Network requirements ● Make sure that all servers you want to use can be resolved in DNS. ● If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers. ● If you use Windows 2008 as Operating System, then you need to start all installations and configurations in „Administrative mode“. ● You need a Alias entry in your Intranet DNS server pointing to the IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name as in the internet. ● You need a Alias entry in the public Internet DNS pointing to the external IP address of your Sametime Proxy (Mobile Access) Server. This should be the same host name if possible as in the intranet. ● If on your external firewall NAT is in place (IP address translation) this works fine. But your Firewall team needs to forward incoming traffic on ports 80 and 443 to your DMZ Sametime Proxy (Mobile Access) Server address.Social Business 16 © 2010 IBM Corporation
  17. 17. Ports to be opened in the firewalls ● From your IBM Sametime Proxy (Mobile Access) Server in the DMZ to all your IBM Sametime Community Servers in the intranet you need to open the IBM Sametime Community Server VP port 1516. ● From all clients in the intranet to the IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443. ● From all clients in the internet to the public IP address of your IBM Sametime Proxy (Mobile Access) Server you need to open the HTTP and HTTPS ports 80 and 443. ● From your IBM Sametime Proxy (Mobile Access) Server to the apple notification services in the internet you need to open the ports 2195 and 2196 . This service is available on the DNS addresses “gateway.push.apple.com” and “feedback.push.apple.com”. Both addresses have an IP address pool. If you cant open to the DNS alias name then you need to find out what IP addresses are behind this load balanced pool.Social Business 17 © 2010 IBM Corporation
  18. 18. Required files for a deployment on Windows For a Windows installation you need to download these files from Passport Advantage: CZYG1ML.zip IBM DB2 9.7 32Bit Limited Use for Sametime CZYE6ML.zip IBM Sametime 8.5.2 Proxy Server CI3YCML.zip IBM Sametime 8.5.2 IFR1 Proxy Server Create a directory, for example “C:Install”, on the servers where you want to install. Then unpack the downloaded files into this directory. Just unpack the files required for your deployment architecture on the particular server. If you want to connect your Sametime Proxy Server to a Community using Domino Directory authentication and you have Web only users, then you need to install a small Proxy Server update. For a small pilot or POC / POT environment you can download the updated application from the IBM page here: Link to the EAR File If the link does not work use this: https://www-304.ibm.com/files/form/anonymous/api/library/e0a58c07-3700-4d59-a4e4- c2ba50b5535a/document/014a464b-a345-453e-a0af- e1421d01be2f/media/SametimeProxy WebSphere Application 8.5.2 IFR1 with Hotfix.ear If you want to use this server in a production environment and need this update, then it is required to open a PMR in IBM Support to request the latest cumulative hotfix for the IBM Sametime 8.5.2 IFR1 Proxy Server.Social Business 18 © 2010 IBM Corporation
  19. 19. Required technical users for IBM Sametime 8.5.2 IBM Sametime requires some technical users for components to communicate in an authenticated mode. All of this users should be configured so that the password never expires and never needs to be changed. db2admin This user is created during installation of the DB2 server in the Operating System. Do not create this user in advance. It is the user for all IBM Sametime related components using DB2 to access their databases. Be sure to match the password policy requirements of the OS. wasadmin This is the user to access the IBM WebSphere components and to administer the system. This user must not exist in your LDAP directory. It is created during WebSphere installation in a local file repository. You can use the same user name and password for all components (makes it easier) or different names and passwords. But again, it does not work when this user exists in the LDAP.Social Business 19 © 2010 IBM Corporation
  20. 20. Native client on iOS or Android device ● Getting the mobile Clients ● iOS on App Store ● Android now in Android Market®, also as part of server installation for downloadSocial Business 20 © 2010 IBM Corporation
  21. 21. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 21 © 2010 IBM Corporation
  22. 22. Different ways to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment It is possible to place all the new components into the Intranet and use a Reverse Proxy in the DMZ to access the system from the mobile devices through the Internet. This requires less ports to be opened in the firewalls. But 2 connections from the server in the Intranet through your DMZ to the APNS system in the Internet. This is mostly a security issue and not allowed. The Database to cache the chat messages sent to iOS devices can be implemented in the Intranet. But then a box (Hardware or virtual machine) is required for this server and the small database who only caches text messages. And the DB2 port needs to be opened from the IBM Sametime Proxy server in the DMZ to this DB2 Server in the Intranet. Because the use of the DB2 database is small and it does not store any really important information, this database can be implemented easily on the same machine as the IBM Sametime Proxy Server. A Backup of the system is required only once when the server is installed and all features are working fine. There is no changing data that needs to be backed up regularly. Only if you do any modification in the configuration a new full backup is recommended.Social Business 22 © 2010 IBM Corporation
  23. 23. IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Serverour pilot deployment architecture recommendation Apple Notification Server Intranet DMZ (APNS) gateway.push.apple.com feedback.push.apple.com Inbound Ports 80 443 Outbound Port Sametime Ports 1516 Proxy Server 2195 2196 Sametime Community Server Internet DB2 9.5 ServerSocial Business 23 © 2010 IBM Corporation
  24. 24. For the APNS to work there are some requirements: ● The IBM Sametime Proxy Server must be able to connect to the APNS Servers “gateway.push.apple.com” on port 2195, and “feedback.push.apple.com” on Port 2196. ● You should open this ports in your firewalls and test with telnet that you can reach the servers. ● The device must be able to reach the IBM Sametime Proxy Server with http or https protocol. You can use a reverse proxy in your DMZ. NAT is no problem. ● The APNS service must be able to send a notification to your device. ● If your device is connected to your intranet using Wireless LAN, it mostly can not be notified from the apple systems. Talk to your firewall Admins to open the notification service for your Wifi LAN.Social Business 24 © 2010 IBM Corporation
  25. 25. Agenda ● Introduction ● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server ● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deployment ● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server deploymentSocial Business 25 © 2010 IBM Corporation
  26. 26. The 10 steps to a Sametime 8.5.2 IFR1 Proxy environment 1.Prepare your machine and the network 2.Configure the community server(s) to trust the Mobile Access Server 3.Install the Sametime Proxy Server 8.5.2 without SSC as a Cell profile 4.Update the Sametime Proxy Server to IFR1 5.Post Install Tasks 6.Install the DB2 database server 7.Create the Proxy Server DB2 Database 8.Configure the Proxy Server to use the DB2 Database 9.Configure the Apple Notification System 10.Configure SSL in the Proxy Server and deploy the certificateSocial Business 26 © 2010 IBM Corporation
  27. 27. STEP ONE: Prepare your machine and the network Summary Before you can install your IBM Sametime Proxy (Mobile Access) Server environment, some things needs to be checked and prepared.Social Business 27 © 2010 IBM Corporation
  28. 28. The machine on that you run the IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server and the DB2 Database Server can be a virtual machine or a hardware box. Both works. It is possible to use Linux as OS, but this document describes how to install on Windows. If you use Linux you can use most parts of this document and the most installation instructions and screen shots are identically. Mostly the paths are different. In Linux it is recommended to have the graphical system installed for this installation and then use a x-server on our client. This instruction works with Windows Server 2008, and Windows Server 2003. You can use the 32Bit or 64Bit version. And you can use the R2 Version of any of the supported OS. Be sure that your Firewall Admin has opened all ports in the firewalls. Test all connections using the telnet command in a CMD line window. Be sure your used host names or DNS alias is listed in the DNS and can be used and resolved in the internet and in your intranet.Social Business 28 © 2010 IBM Corporation
  29. 29. More information can be found in the official IBM Sametime Documentation at this URL: http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp? lookupName=Product Documentation The IBM Sametime 8.5.2 Installation – From Zero To Hero documentations can be found here: https://www-304.ibm.com/connections/blogs/sametimeguru/? lang=en_usSocial Business 29 © 2010 IBM Corporation
  30. 30. STEP TWO: Configure the IBM Sametime Community server(s) to trust the IBM Sametime Proxy (Mobile Access) Server Summary This step adds the IP address of your IBM Sametime Mobile Access Server to the “Trusted IPS” list in your Sametime Community Server.Social Business 30 © 2010 IBM Corporation
  31. 31. There are several ways to configure your Sametime Community Servers to trust other servers. The most used way in a Sametime 8.5 environment is to use the Sametime System Console – Sametime Servers – Sametime Community Servers. There in the configuration page of your Community Servers on the bottom you can add the trusted IP addresses and save the changes. An other way is to edit the Sametime Configuration file “SAMETIME.INI” located in the Domino Program directory. There in the [Configuration] section just add the parameter “VPS_TRUSTED_IPS=ww.xx.yy.zz” where ww.xx.yy.zz is your IP address of the Sametime Proxy Server box. The next way is to use the Lotus Notes client and access the Community Connectivity document in your Sametime Configuration database and add the IP address what the server must trust, there. This method is explained in the next slides.Social Business 31 © 2010 IBM Corporation
  32. 32. Start your Lotus Notes client with that you can access and administer your Sametime Community servers. Then open the “Sametime Configuration” database “STConfig.nsf” on the Sametime Community Server.Social Business 32 © 2010 IBM Corporation
  33. 33. Open the “CommunityConnectivity” document.Social Business 33 © 2010 IBM Corporation
  34. 34. Add the IP address of your new IBM Sametime Proxy (Mobile Access) Server in the “Community Trusted IPS” field. Then save and close the document and the database.Social Business 34 © 2010 IBM Corporation
  35. 35. Now restart the Sametime Community Server by entering the command „restart server“ in the Domino Console window. Never use this command in a production Sametime server because it can happen that not all Sametime tasks are stopped before the domino server restarts. This can cause massive problems for starting the Sametime Services. Stop your Domino Server using the “Quit” command or by stopping the “Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager. Then restart the Domino Server again. It takes up to 5 Minutes until the Sametime Community Server is completely restarted and all 41 Sametime tasks are again active.Social Business 35 © 2010 IBM Corporation
  36. 36. STEP THREE: Install the Sametime Proxy Server 8.5.2 without SSC as a Cell profile Summary This step installs the IBM Sametime Proxy Server 8.5.2.Social Business 36 © 2010 IBM Corporation
  37. 37. Navigate to the Installation Directory and start the launchpad installer. We use a Windows CMD command window and enter the commands: „cd InstallSametimeProxyServer“ and just „launchpad“Social Business 37 © 2010 IBM Corporation
  38. 38. The Sametime Proxy Launchpad Installer is loading. Click the link „Install IBM Lotus Sametime Proxy Server“Social Business 38 © 2010 IBM Corporation
  39. 39. Now click the link „Launch IBM Lotus Sametime proxy Server 8.5.2 Installation“Social Business 39 © 2010 IBM Corporation
  40. 40. The Installation Manager is starting upSocial Business 40 © 2010 IBM Corporation
  41. 41. Click the “Next” button to continue.Social Business 41 © 2010 IBM Corporation
  42. 42. Accept the terms in the license agreement and click the “Next” button to continueSocial Business 42 © 2010 IBM Corporation
  43. 43. Remove “Program Files” and click the “Next” button to continue We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 43 © 2010 IBM Corporation
  44. 44. Click the “Install” button to install the Installation Manager.Social Business 44 © 2010 IBM Corporation
  45. 45. The installation Manager is now installingSocial Business 45 © 2010 IBM Corporation
  46. 46. If you are using Windows 2003 R2 or Windows 2008 R2, it can be possible that you run into a JAVA heap memory overflow during the next installation step. To prevent this issue change a parameter in The “IBMIM.INI” configuration file of the Sametime Install Manager. See the next 2 slides how to do this.Social Business 46 © 2010 IBM Corporation
  47. 47. Open your File Explorer and navigate to your Install Managers eclipse directory “C:IBMInstall Managereclipse”. Then open the configuration file “IBMIM.ini” in notepad.Social Business 47 © 2010 IBM Corporation
  48. 48. Add he parameter “-Xmx1024m” at the end. Then save and close the file. This parameter is case sensitive. Click “File” and “Save” to save the changes. Then click “File” and “Exit” to close the editor.Social Business 48 © 2010 IBM Corporation
  49. 49. Now you can click the „Restart Installation Manager“ button to continue.Social Business 49 © 2010 IBM Corporation
  50. 50. The IBM Installation Manager is loading.Social Business 50 © 2010 IBM Corporation
  51. 51. To Install the Sametime Proxy Server click the „Install“ icon.Social Business 51 © 2010 IBM Corporation
  52. 52. Check the „IBM Sametime Proxy server“ and „Version 8.5.2“ entries. They are unchecked by default. Then click the „Next“ button.Social Business 52 © 2010 IBM Corporation
  53. 53. Accept the terms in the license agreement and click the „Next“ button.Social Business 53 © 2010 IBM Corporation
  54. 54. Remove “Program Files” and click the “Next” button to continue. We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 54 © 2010 IBM Corporation
  55. 55. Enter the correct path (remove „Program Files“ and click the „Next“ button to continue. The Package group is the installation destination for the IBM Lotus WebSphere base files. The first installation requires the creation of a new package group. If you install more WebSphere based applications on the same hardware (like the Sametime Proxy Server and the Sametime Meeting Server) they can use the existing package group. Then you cannot change the installation path.Social Business 55 © 2010 IBM Corporation
  56. 56. We do not want to use a predefined Deployment Plan from the Sametime System console. Uncheck the “Use Lotus Sametime System Console to Install” option and click the „Next“ button to continue.Social Business 56 © 2010 IBM Corporation
  57. 57. With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing WebSphere 7.0.0.15 Server. We dont want to do this in this pilot deployment. Just click “Next” to continue.Social Business 57 © 2010 IBM Corporation
  58. 58. Leave the default setting “Standalone (Deployment Manager and Primary Node)”. Fill the full qualified Host Name and add a password for your wasadmin user twice. Then click the “Next” button.Social Business 58 © 2010 IBM Corporation
  59. 59. Enter the host name of your IBM Sametime Community Server. Then click the “Validate” button.Social Business 59 © 2010 IBM Corporation
  60. 60. When the connection was successfully tested the text in the button changes to “Validated”. Then click the “Next” button to continue.,Social Business 60 © 2010 IBM Corporation
  61. 61. Check your settings again and then click the „Next“ button to continue.Social Business 61 © 2010 IBM Corporation
  62. 62. Start the installation by clicking the „Install“ button.Social Business 62 © 2010 IBM Corporation
  63. 63. The Sametime Proxy Server is now installing. This step takes approximately 30 to 45 minutes because you are installing the first WebSphere instance on a Server.Social Business 63 © 2010 IBM Corporation
  64. 64. Important to know... The Sametime Proxy Server: ● does not need a LDAP connection ● is just a Web Interface for browser access to the Sametime Community Services ● is a Web based Sametime Connect Client ● supplies the new Web API for Web based application integration ● can be implemented with or without the SSC ● can be connected to existing older Sametime Servers ● can be connected to a community cluster You can have one or more Proxies in your organization You can implement one or more Proxies and cluster them ● using the WebSphere Cluster Method (Network Deployment) ● individual Proxies with a Load Balancer or RRDNS in front of them By default the Sametime Proxy Server installs to use Port 9080 and 9443 (SSL). If you want to use Port 80 and 443 you need to enter the Sametime Proxy ISC on Port 8600 and change the port settings in the Application Server. Detailed instructions can be found later in this documentation.Social Business 64 © 2010 IBM Corporation
  65. 65. When the Sametime Proxy Server has installed successfully just click the „Finish“ button. Then exit the Installation Manager and the Launchpad.Social Business 65 © 2010 IBM Corporation
  66. 66. STEP FOUR: Update the Sametime Proxy Server to IFR1 Summary Use this procedure to apply the Interim Feature Release to the IBM Sametime 8.5.2 Proxy Server.Social Business 66 © 2010 IBM Corporation
  67. 67. The installation in the previous step started all the components of the IBM Sametime Proxy server. For the upgrade to IFR1 it is required to stop all of this tasks first. But because they are started before the Services are created, the services do not reflect the running tasks.Social Business 67 © 2010 IBM Corporation
  68. 68. Open a CMD line Window and navigate to the directory: “cd IBMWebSphereAppServerprofilesSTPAppProfilebin”. Then enter the command: “stopServer STProxyServer -username wasadmin -password passw0rd”.Social Business 68 © 2010 IBM Corporation
  69. 69. When the Sametime Proxy Server has stopped stop the nodeagent next with the command “stopServer nodeagent”.Social Business 69 © 2010 IBM Corporation
  70. 70. Now change to the DMGR profile with the command “cd ....STPDMgrProfilebin”. Then enter the command “stopServer dmgr -username wasadmin -password passw0rd”.Social Business 70 © 2010 IBM Corporation
  71. 71. Open a new CMD Line window in Admin mode. Then enter the command “cd InstallIBM Sametime Proxy Server” and press the “Enter” key. If you have unpacked the zip file to a different directory, then navigate to your directory where you can find the update.bat file.Social Business 71 © 2010 IBM Corporation
  72. 72. Enter the command “update.bat” and press the “Enter” key.Social Business 72 © 2010 IBM Corporation
  73. 73. The IBM Installation Manager is starting up.Social Business 73 © 2010 IBM Corporation
  74. 74. Now click the “Update” button to continue.Social Business 74 © 2010 IBM Corporation
  75. 75. Select the Product you want to upgrade. Here we select “IBM Sametime Server Platform”. Then click the “Next” button to continueSocial Business 75 © 2010 IBM Corporation
  76. 76. Click the “Next” button to continueSocial Business 76 © 2010 IBM Corporation
  77. 77. We are sure that all WebSphere Servers are shut down. Just click the “Next” button to continue.Social Business 77 © 2010 IBM Corporation
  78. 78. Click the “Update” button to install the IBM Sametime Proxy Server IFR1.Social Business 78 © 2010 IBM Corporation
  79. 79. The IBM Sametime Proxy Server IFR1 Update is now installing. This step takes approximately 20 to 25 minutes.Social Business 79 © 2010 IBM Corporation
  80. 80. Important to know... A new main feature in Sametime 8.5.2 IFR1 Proxy Server is the Apple iOS integration using an App that can be installed for free from the Apple App store. This app then connects to your Sametime proxy Server through the Internet. That this can work, your Sametime Proxy Server must be accessible from the Internet. This means you need to set it up in your DMZ or configure a reverse proxy in your DMZ and forward the traffic to your Sametime Proxy in the intranet. But the recommended way is to implement your Sametime Proxy Server in your DMZ. Another recommendation is that your Sametime proxy Server can communicate with the Apple notification service. For this to work you need to open 2 ports in your firewall to this servers in the internet. These ports are 2195 to the Apple notification server and port 2196 to the Apple feedback server.Social Business 80 © 2010 IBM Corporation
  81. 81. When the installation has finished successfully, click the „Finish“ button to close the Installer.Social Business 81 © 2010 IBM Corporation
  82. 82. Click “File” and then “Exit” to quit the Installation Manager.Social Business 82 © 2010 IBM Corporation
  83. 83. STEP FIVE: Post Install Tasks for the IBM Sametime Proxy Server Summary This procedure is only required if you run into the Warning message after the installation as described in the step before.Social Business 83 © 2010 IBM Corporation
  84. 84. Open your preferred browser and enter the URL “http://webchat.renovations.com:8600/admin”. Login to the WebSphere Integrated Solutions Console of your Sametime Proxy Server using the wasadmin username and its password.Social Business 84 © 2010 IBM Corporation
  85. 85. Click on “Servers” - “Server Types” and then on “WebSphere application servers”.Social Business 85 © 2010 IBM Corporation
  86. 86. Click your “STProxyServer” now.Social Business 86 © 2010 IBM Corporation
  87. 87. Click the “Ports” link.Social Business 87 © 2010 IBM Corporation
  88. 88. Click the “WC_defaulthost” link.Social Business 88 © 2010 IBM Corporation
  89. 89. Change the port to “80” and click the “OK” button.Social Business 89 © 2010 IBM Corporation
  90. 90. Now click the “WC_defaulthost_secure” linkSocial Business 90 © 2010 IBM Corporation
  91. 91. Change the port to “443” and click the “OK” button.Social Business 91 © 2010 IBM Corporation
  92. 92. Click the “Save” link to save your last changes.Social Business 92 © 2010 IBM Corporation
  93. 93. You have now successfully changed the your Sametime Proxy Server to listen on Ports 80 and 443.Social Business 93 © 2010 IBM Corporation
  94. 94. The next configuration step is only required if your Sametime Community servers use Domino Directory authentication and if you have created WEB users with flat user names in the FullName field. If you have this kind of user records then the update of the SametimeProxy application is required. See page 19 how to get this update. In a small Pilot, POC or POT environment you can update the SametimeProxy application using the steps described in the next slides. If you use this Sametime Proxy Server in your production environment and have requested the latest hotfix from IBM Support, then you need to update the complete server in the same way as described in the “STEP FOUR: Update the Sametime Proxy Server to IFR1” on page 65 in this document.Social Business 94 © 2010 IBM Corporation
  95. 95. Now click on “Applications” - “Application Types” - “WebSphere enterprise applications”.Social Business 95 © 2010 IBM Corporation
  96. 96. Select your “SametimeProxy” application and click the “Update” button.Social Business 96 © 2010 IBM Corporation
  97. 97. If you have copied the SametimeProxy.ear file (downloaded from the Web Site) to your Proxy Server, then click “Remote file system” and then the “Browse” button.Social Business 97 © 2010 IBM Corporation
  98. 98. Navigate to the directory to where you have copied the file and select it. Then click the “OK” button.Social Business 98 © 2010 IBM Corporation
  99. 99. Click the “Next” button to continue.Social Business 99 © 2010 IBM Corporation
  100. 100. Click the “Next” button to continue.Social Business 100 © 2010 IBM Corporation
  101. 101. Click the “Next” button to continue.Social Business 101 © 2010 IBM Corporation
  102. 102. Click the “Next” button to continue.Social Business 102 © 2010 IBM Corporation
  103. 103. Click the “Finish” button to continue.Social Business 103 © 2010 IBM Corporation
  104. 104. Click the “Save” link to save your last changes.Social Business 104 © 2010 IBM Corporation
  105. 105. To check that your application is updated, click the “SametimeProxy” application.Social Business 105 © 2010 IBM Corporation
  106. 106. Click on “Application binaries” now.Social Business 106 © 2010 IBM Corporation
  107. 107. You can see the application version 8.5.2.1 from 31. Jan. 2012, 13:50Social Business 107 © 2010 IBM Corporation
  108. 108. STEP SIX: Install the DB2 database server Summary This step installs the IBM DB2 9.7 Server. We like to use a CMD command line window to enter some of the commands and start the installers. For that we have created a short cut in our fast start section. You can use the Windows Explorer as well to navigate to the destination directory and double click the installation file (launchpad.exe)Social Business 108 © 2010 IBM Corporation
  109. 109. Enter the command “cd InstallSametimeDB2” and press the “Enter” key. Enter the command “Launchpad” and press the “Enter” key. Do not copy and paste any commands from this document into your CMD line. This does not work because this would copy some special characters.Social Business 109 © 2010 IBM Corporation
  110. 110. Just click the “Install IBM DB2” link.Social Business 110 © 2010 IBM Corporation
  111. 111. And again click the “Install IBM DB2” link.Social Business 111 © 2010 IBM Corporation
  112. 112. The Installation Manager is starting upSocial Business 112 © 2010 IBM Corporation
  113. 113. Now click the „Install“ icon to continue.Social Business 113 © 2010 IBM Corporation
  114. 114. Select „DB2 – Version 9.7.0.0“ and click the „Next“ button to continue.Social Business 114 © 2010 IBM Corporation
  115. 115. Accept the terms in the license agreement and click the “Next” button to continue.Social Business 115 © 2010 IBM Corporation
  116. 116. Again remove “Program Files” and click the “Next” button to continue. We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.Social Business 116 © 2010 IBM Corporation
  117. 117. Click the “Next” button to continue.Social Business 117 © 2010 IBM Corporation
  118. 118. Enter the DB2 Administrator Username (we use the default “db2admin”) and enter the DB2 Administrator Password twice. Then click the “Next” button to continue If you use Windows 2008, be sure to enter a password that meets the password policy. The DB2 Admin User password should not be longer then 8 characters. Change the local security policy to allow passwords with 8 characters length. This db2admin user will be created as a local user or as a Active Directory User. This can not be done if the user already exists. Same with the 2 groups that the DB2 Installer adds.Social Business 118 © 2010 IBM Corporation
  119. 119. Click the “Install” button to install the DB2 ServerSocial Business 119 © 2010 IBM Corporation
  120. 120. The Installation Manager installs the IBM DB2 Server now. This step takes approximately 10 to 15 minutes.Social Business 120 © 2010 IBM Corporation
  121. 121. Important to know... Your DB2 Database Server is a sensitive component in your Sametime Environment. It stores all the predefined configuration data and holds the information how to communicate with your servers for administration and maintenance. We highly recommend to make regularly a backup of your DB2 database using a DB2 aware backup software, or export data and backup the exported data. It is possible to implement your DB2 Server for high availability and load balancing using DB2 methods. For more information check into the DB2 InfoCenter, or download and read the RedBook „High Availability and Disaster Recovery Options for DB2 on Linux, UNIX, and Windows“ The steps to create a DB2 database need the database name as a command line parameter. We would recommend using a CMD command line window to enter this commands.Social Business 121 © 2010 IBM Corporation
  122. 122. When the installation has finished successfully, click the „Finish“ button and then close the Installation Manager and the Launchpad.Social Business 122 © 2010 IBM Corporation
  123. 123. Before we can continue with the next step, you need to restart the CMD-Line window under Windows 2003. Under Windows 2008 it is required to log out and re login with your db2admin user.Social Business 123 © 2010 IBM Corporation
  124. 124. STEP SEVEN: Create the DB2 Database for the Sametime Proxy Server Summary This step is to create and configure the DB2 Database for the Sametime Proxy Server. This database is required to cache the Sametime messages sent to iOS mobile devices.Social Business 124 © 2010 IBM Corporation
  125. 125. Next is to create the database in the DB2 Server. If your DB2 Server is on a separate machine or on another machine, then you need to copy the database creation script files to this server first. Copy the files “createProxyDb.bat” and “proxyServer.ddl” to a directory on your DB2 Server. Open a CMD window and navigate to this directory. In this Zero to Hero example we use just “C:InstallIBM Sametime Proxy ServerDatabaseScripts”.Social Business 125 © 2010 IBM Corporation
  126. 126. Run the database creation script with the command: “createProxyDb.bat STPR db2admin”. The term “STPR” is the name of the database and “db2admin” is the DB2 Database Server Administrator.Social Business 126 © 2010 IBM Corporation
  127. 127. Be sure that you see the “...command completed successfully” message after all commands.Social Business 127 © 2010 IBM Corporation
  128. 128. STEP EIGHT: Configure the Proxy Server to use the DB2 Database Summary In this step you manualy register the Sametime Meeting Server upgrade with the Sametime System Console if you are running into the warning message during the installation. Then you need to fix the virtual_hosts configuration.Social Business 128 © 2010 IBM Corporation
  129. 129. Open a File explorer and navigate to “C:InstallIBM Sametime Proxy ServerDatabaseScripts”. If you have unpacked the install zip file to a different directory then use this one.Social Business 129 © 2010 IBM Corporation
  130. 130. Open a second explorer window and navigate to the directory “C:IBMWebSphereSTPServerCell”. Then copy the file “proxyDBSetup.py” from the install directory to this directory.Social Business 130 © 2010 IBM Corporation
  131. 131. Next is to navigate to the directory “C:IBMWebSphereSTPServerCellSametimeProxyServerOfferingSametimeServe rSTProxyproxy”. In this directory open the file “proxy.properties” with Notepad or Wordpad or with your favorite text editor.Social Business 131 © 2010 IBM Corporation
  132. 132. Edit the following values: * proxy.DbAppUser (db2admin) * proxy.DbAppUserPassword (db2admin password) * proxy.DataBaseServerName (host name of the DB2 server) * proxy.DataBaseServerPort (default port for DB2) * proxy.DbName (database name created earlier) Then save and close the file.Social Business 132 © 2010 IBM Corporation
  133. 133. Now it is required to configure the DB2 Database who caches messages to the iOS devices in the Sametime Proxy Server. For this a long command in a CMD line window is required. Several paths are required. To get and paste this path into a CMD-Line window it is easy to use the Windows Explorer. First navigate to the directory “C:IBMWebSphereAppServerprofilesSTPAppProfilebin”. But do not mark the full path. Mark only the part starting from “AppServer...”. Then press the Ctrl-C to copy this path to the dashboard.Social Business 133 © 2010 IBM Corporation
  134. 134. Open a CMD-Line window and navigate to the directory “C:IBMWebSphereSTPServerCell”.Social Business 134 © 2010 IBM Corporation
  135. 135. Now start entering the command. Begin just with “..”. Next is to paste the part from the dashboard.Social Business 135 © 2010 IBM Corporation
  136. 136. Continue with “wsadmin.bat -lang jython -user wasadmin -password passw0rd -f “” Dont forget the “ at the end because the next part is a path that needs to be in doublequotes.Social Business 136 © 2010 IBM Corporation
  137. 137. Now we need the path to the file proxyDBSetup.py including the filename.Social Business 137 © 2010 IBM Corporation
  138. 138. Copy and paste the path from the explorer window, add the backslash and then copy and paste the filename from the explorer window. Add a doublequote sign at the end.Social Business 138 © 2010 IBM Corporation
  139. 139. Now we need the path and filename of the “proxy.properties” file that we have edited just before.Social Business 139 © 2010 IBM Corporation
  140. 140. Start with blank and double quotes then paste the path. Then add the backslash and then paste the filename. Add a double quote at the end. Now the command is completed and you can confirm with the “ENTER” key.Social Business 140 © 2010 IBM Corporation
  141. 141. The script is now running.Social Business 141 © 2010 IBM Corporation
  142. 142. The script has finished. After the database configuration the IBM Sametime Proxy Server needs to be restarted for the configuration changes are in effect.Social Business 142 © 2010 IBM Corporation
  143. 143. Open your browser and navigate to your SSC – ISC. Login with your wasadmin user and then navigate to “Resources” - “JDBC” - “JDBC providers”. Here you should see the newly created JDBC Provider configuration for your Proxy Server.Social Business 143 © 2010 IBM Corporation
  144. 144. Now click on “Resources” - “JDBC” - “Data sources”. Here you should see your newly created Data Source configuration.Social Business 144 © 2010 IBM Corporation
  145. 145. Check mark the “STProxyDataSource” and click the “Test connection” button.Social Business 145 © 2010 IBM Corporation
  146. 146. Be sure that the result says “successful”. The warning message can be ignored.Social Business 146 © 2010 IBM Corporation
  147. 147. STEP NINE: Apple Notification to iOS devices Summary Use this procedure to apply the Interim Feature Release to IBM Sametime® Proxy Server, Sametime Media Manager, Sametime Meeting Server, and Sametime Advanced. Procedures for Sametime System Console, Sametime Community Server, and Sametime Gateway are explained in other topics.Social Business 147 © 2010 IBM Corporation
  148. 148. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 148 © 2010 IBM Corporation
  149. 149. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSametime registers with APNS, getsassigned a device token Social Business 149 © 2010 IBM Corporation
  150. 150. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime logs in, sending device tokenSocial Business 150 © 2010 IBM Corporation
  151. 151. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime sends pause command before going to backgroundSocial Business 151 © 2010 IBM Corporation
  152. 152. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Another user sends message to mobile user Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 152 © 2010 IBM Corporation
  153. 153. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications Proxy sees mobile user is Paused. Stores in database. VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 153 © 2010 IBM Corporation
  154. 154. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Proxy sends device token to APNS, Requests a push notification be Push sent to device Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS DeviceSocial Business 154 © 2010 IBM Corporation
  155. 155. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNSAPNS sends Pushpush Noficationsnotificationto device VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Social Business 155 © 2010 IBM Corporation
  156. 156. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device When user selects view: Sametime reconnects to server and sends command to retrieve messages.Social Business 156 © 2010 IBM Corporation
  157. 157. Sametime for iOS Message / Notification Flow Internet DMZ Intranet TLS/SSL (push notifications only, no sensitive data) TCP port 2195 for notification connection Apple TCP port 2196 for error reporting connection (feedback service) PNS Push Nofications VPN / HTTPS HTTPS Sametime Reverse Community Proxy Proxy Server iOS Device Sametime proxy sends queued message(s) to device from databaseSocial Business 157 © 2010 IBM Corporation
  158. 158. The IBM Sametime 8.5.2 IFR1 Proxy update installer copies a certificate to the server that is required to communicate with the Apple Notification Servers with SSL encryption. This certificate has to be copied to the WebSphere Application Server directories now. Find the certificate file “apns-prod.pkcs12” in the directory “C:IBMWebSphereAppServerprofilesSTPSNAppProfileconfigcellsnodeswebch atProxyNode”.Social Business 158 © 2010 IBM Corporation
  159. 159. Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell” .Social Business 159 © 2010 IBM Corporation
  160. 160. Copy this certificate file “apns-prod.pkcs12” to the directory “C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell nodeswebchatproxyNode”.Social Business 160 © 2010 IBM Corporation
  161. 161. To synchronize the last changes, go into your WebSphere Integrated Solutions (Admin) Console and click on “System administration” - “Nodes”.Social Business 161 © 2010 IBM Corporation
  162. 162. Select your “webchatProxyNode” server and click the “Full Resynchronize” button.Social Business 162 © 2010 IBM Corporation
  163. 163. The new APNS certificate files are now synchronized to your application server.Social Business 163 © 2010 IBM Corporation
  164. 164. STEP TEN: Configure SSL in the Proxy Server and deploy the certificate Summary For iOS devices to connect to the Sametime Proxy Server without any additional security settings, a trusted SSL certificate needs to be installed.Social Business 164 © 2010 IBM Corporation
  165. 165. In your WebSphere Integrated Solutions Console click on “Security” - “SSL certificate and key management”.Social Business 165 © 2010 IBM Corporation
  166. 166. Click on “Key stores and certificates”.Social Business 166 © 2010 IBM Corporation
  167. 167. Now click on “CellDefaultKeyStore”.Social Business 167 © 2010 IBM Corporation
  168. 168. And now click on “Personal certificate requests”.Social Business 168 © 2010 IBM Corporation
  169. 169. Now click the “New” button to create a new certificate request.Social Business 169 © 2010 IBM Corporation
  170. 170. Fill the form with your data: File for certificate request: “c:tempcert_req.cer” Key label: “SSL_Cert” Common name: (your server host name alias) “webchat.renovations.com” Organization: Your organization or company Locality: Your city or locality State or province: Your province Zip Code: Your ZIP code. Country or region: Select your country Then click the “OK” button.Social Business 170 © 2010 IBM Corporation
  171. 171. Click on “Save” to save your last changes.Social Business 171 © 2010 IBM Corporation
  172. 172. Now copy the certificate request file that you have created into your local workstation. Then request a trusted server certificate from your favorite trust center by sending the content of the file (or the complete file).Social Business 172 © 2010 IBM Corporation
  173. 173. You will receive the certificate from your trust center by e-mail or as a file attachment. Copy the certificate text starting with “-----BEGIN CERTIFICATE-----” and ending with “----- END CERTIFICATE-----” without any trailing or ending characters into a file. Copy this file to your Sametime Proxy Server to the “C:temp” directory. Download the Root and intermediate certificates from your trust center web site and copy this files as well to your “C:temp” directorySocial Business 173 © 2010 IBM Corporation
  174. 174. Now click on “Personal certificates”.Social Business 174 © 2010 IBM Corporation
  175. 175. Click the button “Receive from a certificate authority...”.Social Business 175 © 2010 IBM Corporation
  176. 176. In the field “Certificate file name” enter the path and filename to your received server certificate “c:tempserver_cert.cer”. Then click the “OK” button.Social Business 176 © 2010 IBM Corporation
  177. 177. Click the “Save” link to save your last changes.Social Business 177 © 2010 IBM Corporation
  178. 178. Your new server certificate is now imported successfully.Social Business 178 © 2010 IBM Corporation
  179. 179. Next is to import the root and intermediate certificates. Click the “Key stores and certificates” link.Social Business 179 © 2010 IBM Corporation
  180. 180. Click on “CellDefaultTrustStore”.Social Business 180 © 2010 IBM Corporation
  181. 181. Click “Signer certificates”.Social Business 181 © 2010 IBM Corporation
  182. 182. Click the “Add” button.Social Business 182 © 2010 IBM Corporation
  183. 183. Enter an Alias for the root certificate “verisign_root” and enter the path and file name to the root certificate file. Then click the “OK” button.Social Business 183 © 2010 IBM Corporation
  184. 184. Click “Save” to save your last changes.Social Business 184 © 2010 IBM Corporation
  185. 185. Now you have successfully added the root certificate. Do the same steps with the Intermediate certificate.Social Business 185 © 2010 IBM Corporation
  186. 186. Click the “Add” button.Social Business 186 © 2010 IBM Corporation
  187. 187. Enter an Alias for the root certificate “verisign_intermediate” and enter the path and file name to the intermediate certificate file. Then click the “OK” button.Social Business 187 © 2010 IBM Corporation
  188. 188. Click “Save” to save your last changes.Social Business 188 © 2010 IBM Corporation
  189. 189. Now you have successfully added the intermediate certificate.Social Business 189 © 2010 IBM Corporation
  190. 190. Click on “Security” - “SSL certificates and key management” and then on “Manage endpoint security configuration”.Social Business 190 © 2010 IBM Corporation
  191. 191. In the “Inbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” - “Servers”. Then click on “STProxyServer”.Social Business 191 © 2010 IBM Corporation
  192. 192. Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button.Social Business 192 © 2010 IBM Corporation
  193. 193. In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.Social Business 193 © 2010 IBM Corporation
  194. 194. In the “Outbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” - “Servers”. Then click on “STProxyServer”.Social Business 194 © 2010 IBM Corporation
  195. 195. Check the checkbox “Override inherited values” and then click the “Update certificate alias list” button. In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.Social Business 195 © 2010 IBM Corporation
  196. 196. Save the last changes by clicking the “Save” link.Social Business 196 © 2010 IBM Corporation
  197. 197. Now it is recommended to set the services of your Sametime Proxy Server “STProxyServer”, “STProxyServer_DM” and “STProxyServer_NA” to automatic. Then restart your operating system. When the OS is restarted then you are ready to test all features. Check that your server communicates with the Sametime Community Server on port 1516 and with the Apple Notification Server.Social Business 197 © 2010 IBM Corporation
  198. 198. Additional Steps after the installation: Some additional Tuning steps can be done after all components are installed. You should consult the Sametime Product Documentation in the Internet about this steps here: http://www-10.lotus.com/ldd/stwiki.nsf/dx/Tuning_st852Social Business 198 © 2010 IBM Corporation
  199. 199. Legal Disclaimer © IBM Corporation 2012. All Rights Reserved. The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the users job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both. Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both. Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both. Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries. UNIX is a registered trademark of The Open Group in the United States and other countries. Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.Social Business 199 © 2010 IBM Corporation

×