Taking IBM Sametime Mobile


Published on

Presentation on building Sametime 9.0.1 step by step from Domino server through to SSC, Sametime Proxy and SSL configuration. Given at IBM Connect 2014 with Paul Mooney SHOW401

Published in: Technology

Taking IBM Sametime Mobile

  1. 1. ! SHOW401 : Taking IBM Sametime Mobile Paul Mooney, Bluewave Gabriella Davis, The Turtle Partnership © 2014 IBM Corporation
  2. 2. Plan for Today From Domino Server - Instant Messaging on Mobile © 2014 IBM Corporation
  3. 3. But First….Acknowledgements and Disclaimers Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software. All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results. © Copyright IBM Corporation 2014. All rights reserved. ▪ U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp. ▪ IBM, the IBM logo, ibm.com,IBM WebSphere, and iBM Connections, IBM Sametime, IBM Domino, IBM Notes, IBM WebSphere Portal, are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/ copytrade.shtml ! Other company, product, or service names may be trademarks or service marks of others. 9
  4. 4. ! Gab Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com ▪ Administrator / Problem Solver / System Designer / Optimist ▪ Working with ICS products, Domino, Sametime, WebSphere, Connections etc ▪ Also integration with other systems ▪ Co-Author of Sametime 8.5.2 Admin Guide, Connections Enterprise RedWiki & connections101.net !4 ▪ I present a lot globally & blog on turtleblog.info
  5. 5. ! Paul Mooney - Senior Technical Architect Bluewave Technology paul.mooney@bluewavegroup.eu ▪ Administrator, problem solver, enabler, cynic, pessimist ▪ Working on ICS products, Salesforce, Google Apps ▪ Also integration with anything! ▪ Co-Author of connections101.net, blogger, speaker, reviewer ▪ Tries to fit motorbikes around anything to do with his work !5
  6. 6. Step 1: Starting Point Domino Server 9 © 2014 IBM Corporation
  7. 7. Domino 9 Server ▪ Sametime 9 requires Domino 9 and is still a 32bit application installed only on a 32bit Domino server !7
  8. 8. Step 2: Install DB2 10.1 © 2014 IBM Corporation
  9. 9. Before Installing ▪ Create a db2 account to be used for managing your server. ▪ On Windows we use a local system account “db2admin” that is also in the Administrators group ▪ You can use a domain account but this often causes more problems if the account security is changed in any way ▪ Make sure the password you set does not expire !9
  10. 10. !10
  11. 11. DB2 Installer ▪ Sametime 9 requires DB2 10.1 ▪ for this reason doing an upgrade in place isn’t recommended ▪ DB2 10.1 no longer has a Command Center GUI interface ▪ you must install a separate client (we recommend IBM DB2 Data Studio) Windows 64bit DB2 10.1 server installer !11
  12. 12. DB2 Installer Extracted To A Directory !12
  13. 13. Run The Install !13
  14. 14. Installing the DB2 workgroup Edition !14
  15. 15. !15
  16. 16. !16
  17. 17. A custom install lets us filter just the services we want for Sametime and not all standard DB2 server services !17
  18. 18. !18
  19. 19. DB2 Text Search is required by Sametime Advanced so worth installing for the future !19
  20. 20. !20
  21. 21. This is the default installation name, only change if you have to !21
  22. 22. !22
  23. 23. The DB2 account & password we created earlier !23
  24. 24. !24
  25. 25. This can be any mail server that will accept SMTP delivery !25
  26. 26. This If you don’t know who to send to , leave this until !26 person may get sent a lot of mail. Consider using a mail in database instead!
  27. 27. Used by Sametime Advanced so worth installing now !27
  28. 28. The install will add your db2 account to the DB2ADMNS group automatically !28
  29. 29. DB2 Install Summary Screen - Always Read Before Clicking “Install” !29
  30. 30. And we’re off! !30
  31. 31. Verify what port DB2 says it installed on (default is 50000) !31
  32. 32. Verify DB2 Is Listening ▪ From a command prompt ▪ netstat -an |find /i “50000” (or whatever your port is) !32
  33. 33. DB2 Running On The Windows Taskbar !33
  34. 34. Issuing DB2 Commands !34
  35. 35. Verifying The DB2 Server Is Licensed ▪ From the DB2 Command window type ▪ db2licm -l Not enough memory for Sametime + Connections databases (20+). !35
  36. 36. Step 3: Installation Manager © 2014 IBM Corporation
  37. 37. Installation Manager Download ▪ Hard to find on IBM’s usual download site ▪ Can be found on fix central ▪ Search Google for ‘installation manager download” to find a technote with FTP links This is version 1.7.1. Sametime uses 1.6.2 by default but can use later !37
  38. 38. Installation Manager extracted click “Install” to run !38
  39. 39. Installing Installation Manager !39
  40. 40. !40
  41. 41. !41
  42. 42. There can only be one Installation Manager on each server !42
  43. 43. !43
  44. 44. !44
  45. 45. !45
  46. 46. Installation Manager’s menu “Install” to install new software “Update” to patch or hotfix already installed software “Rollback” to remove a hotfix or patch “Modify” to add new features (we do this with Connections all the “Uninstall” time) to completely remove installed Software !46
  47. 47. Installation Manager - Things To Know ▪ Installation Manager keeps a track of all software it installs ▪ You can’t uninstall software that was installed via Installation Manager without going through the Installation Manager menu ▪ Everything other than Domino and DB2 installs via Installation Manager ▪ Installation Manager must be on every machine where you want to install a WebSphere component ▪ You can’t uninstall Installation Manager whilst programs it installed still exist ▪ You can’t install multiple Installation Manager’s on the same server ▪ Get the right version ▪ Get it installed in the right place ▪ Leave it alone :-) !47
  48. 48. Step 4: WebSphere © 2014 IBM Corporation
  49. 49. WebSphere Installers The WAS installers come in multiple parts which must all be extracted to the same directory !49
  50. 50. Extract Each WAS Part File To The Same Directory !50
  51. 51. WAS Installers Extracted Part 1 Part 2 Part 3 From Part 1 !51
  52. 52. Launch Installation Manager !52
  53. 53. We Need To Add A New Installation Repository ▪ An installation repository tells Installation Manager where to look for install files ▪ Choose “File - Preferences” from the Installation Manager home screen !53
  54. 54. Since This this is our first install there checkbox means that are no repositories yet, we need to Installation Manager will ask you add them for IBM credentials and will search online for patches and fixes for any installed software !54
  55. 55. Browse to the directory where you have extracted all your WebSphere installers !55
  56. 56. Confirm The We select a repository (in this case our WebSphere installers) by selecting the repository.config file in our extracted WAS directory !56
  57. 57. The repository is successfully added which tells Installation Manager “search here for new software” !57
  58. 58. Installing WebSphere ▪ Once the repository is created we click “Install” on the Installation Manager home page !58
  59. 59. Selecting Packages ▪ Installation Manager finds a product to install in the repository it knows about, in this case WebSphere 8.5.5 !59
  60. 60. Select What To Install !60
  61. 61. Installation Running !61
  62. 62. Installation Manager Shared Directory ▪ This is the first time we have installed anything via Installation Manager so it wants to know where you want it to store the information it knows about the software it installed ▪ This location cannot be changed or deleted later and should be accessible to any account running Installation Manager for installs or updates !62
  63. 63. WebSphere Install Location Case sensitive on Linux and with command scripts Try to keep the path length short and never allow spaces !63
  64. 64. Features To Install !64
  65. 65. Summary Screen Verify disk capacity. By default logs and other software will be installed on this same path !65
  66. 66. Installer Running ▪ This can take some time.. from 10 mins to 40 mins depending on disk speed !66
  67. 67. Install Complete Usually we create a profile but for Sametime we don’t as the SSC install creates two of its own !67
  68. 68. Step 5: Create System Console DB © 2014 IBM Corporation
  69. 69. The Sametime System Console Database ▪ To store the configuration settings for all the Sametime servers the SSC must have a DB2 database to write to ▪ Databases are used by several Sametime components ▪ System Console ▪ Meetings ▪ Proxy ▪ Advanced ▪ Bandwidth Manager ▪ Before we can install any of the above components we first need to create their databases, starting with the Sametime System Console !69
  70. 70. Scripts to auto create the databases and apply the schema are in the DatabaseScripts directory of the extracted SSC install files !70
  71. 71. Running the Create Script For The SSC Database ▪ Go to the directory where the script is located (move it somewhere more convenient if you want but move the entire directory not just the batch file) ▪ The command syntax is ▪ scriptfile nameofdatabase nameofdb2administrator
 e.g. createSCDB STSC db2admin 
 will create a database called STSC with db2admin as its administrator !71
  72. 72. You May Get A Blank Screen For A Few Minutes Don’t Panic! !72
  73. 73. Eventually the createSCDB script will start writing to screen and complete !73
  74. 74. Step 6: Install Sametime System Console © 2014 IBM Corporation
  75. 75. To install new software we must use Installation Manager !75
  76. 76. As we did with WebSphere, we have to set up a repository to tell Installation Manager where to look for install files !76
  77. 77. Locate Where You Extracted The System Console Files To There should be a repository.config file in the root folder !77
  78. 78. We Still Have The WebSphere Repository Defined Leave that in place !78
  79. 79. Now We Add The Sametime System Console Repository !79
  80. 80. Now We Have Two Repositories That Installation Manager Knows About Leaving both checkboxes selected tells Installation Manager to search both directories for new software !80
  81. 81. Now Our Repository Is Added We Select “Install” !81
  82. 82. Installation Manager finds Sametime System Console To Install !82
  83. 83. !83
  84. 84. Package Groups Since this is the first of the Sametime products Installation Manager has installed, it wants to create a new package group and location to store all of its information about the Sametime product !84
  85. 85. Confirmation Screen - Note There Are No Optional Features !85
  86. 86. The SSC installs using WebSphere so we need to tell the installer where WebSphere is Selecting validate tells Installation Manager to verify the directory and WebSphere are where you said they were !86
  87. 87. Once validated you can move to the next screen !87
  88. 88. Here we define our SSC WebSphere settings including Node name and Cell name. These are non changeable once created This will be the administrative credential for all your Sametime servers eventually Avoid any special password characters including ! @ { } $ etc !88
  89. 89. Our final configuration page is to tell the install where to find the DB2 database we just created and how to login to it Don’t forget to validate !89
  90. 90. Validated means the installer was able to connect to your DB2 server and access the database you specified using the credentials given !90
  91. 91. Summary Page Check disk capacity before continuing !91
  92. 92. Install Running ▪ This can take up to an hour !92
  93. 93. Sametime System Console Install Complete !93
  94. 94. Verify The Two New Profiles Exist ▪ STSCDMgrProfile is the deployment manager which manages all servers in the cell ▪ STSCAppProfile is the application server hosting the Sametime System Console application !94
  95. 95. Sametime 9 On Windows Creates Services For All Components ▪ STConsoleServer_DM - the deployment manager ▪ STConsoleServer_NA - the node agent ▪ STConsoleServer - the application server ▪ Services should be started in the order listed above ▪ The application server won’t start until the node agent is started !95
  96. 96. Starting Servers Manually ▪ To start servers manually go to the “bin” directory under each profile and type ▪ startServer [servername]
 the server name and (on linux) the command itself are case sensitive ▪ The deployment manager can be started using “startManager” instead of startServer dmgr ▪ The node agent can be started using “startNode” instead of startServer nodeagent !96
  97. 97. Log Into The Sametime System Console URL https://<hostname>:8701/ibm/console The SSC has a certificate creates by the installer which your browser won’t recognise !97
  98. 98. Use The Credentials Created During Install To Login !98
  99. 99. Logged in we can verify the SSC is installed !99
  100. 100. Backup Before Making Changes ▪ Since we’re about to change WebSphere security, let’s backup first ▪ from bin directory under the STSCDMgrProfile type backupconfig <nameofzipfile> -nostop !100
  101. 101. The STConsoleServer Is Installed And Running !101
  102. 102. Post Install Step 1: Set The Max JVM Heap Size For The Deployment Manager !102
  103. 103. Set the Max Heap Size to 2048 (default is 512) !103
  104. 104. Whenever You Change A Server Configuration - Restart The Server !104
  105. 105. Let’s Verify The DB2 Connection Is In Place !105
  106. 106. You would only ever edit the connection if the db2 server hostname or credentials change !106
  107. 107. Step 7: Configuring LDAP © 2014 IBM Corporation
  108. 108. We Need An LDAP Connection To Allow Users To Authenticate ▪ Select “Connect to LDAP Server” under Sametime Prerequisites !108
  109. 109. Defining LDAP connections. If you use SSL then you must import the SSL certificate here !109
  110. 110. LDAP Base Entry ▪ The level within the LDAP hierarchy that should be searched to find and authenticate users ▪ for Domino this is usually empty so non hierarchical entries like groups can be found !110
  111. 111. Advanced LDAP Settings - Optional (1st part) ▪ If you don’t modify Advanced settings the default values will be used which will be fine in many standard installs Using Advanced settings you can specify the attribute to be used for display name as well as that which contains the home sametime server !111
  112. 112. Advanced LDAP Settings - Optional (2nd part) The attributes users can use to login and those used when searching for new contacts !112
  113. 113. Advanced LDAP Settings - Optional (3rd part) How to find groups and group members !113
  114. 114. LDAP Configuration Complete !114
  115. 115. Another Server Change Requires Another Server Restart !115
  116. 116. Once the server is restarted you should test by searching for users who are in LDAP !116
  117. 117. Step 8: Windows Networking © 2014 IBM Corporation
  118. 118. Windows 2008 & Later Networking Issues - Sametime Community Server ▪ Before installing the Community Server there are default networking settings that conflict with Sametime we need to check for incorrect settings using “netsh in tcp show global” ▪ Chimney Offload should be disabled ▪ Receive-Side Scaling should be disabled ▪ Receive Window Auto-Tuning should be disabled ▪ Add-On Congestion Control Provider Should Be None !118
  119. 119. First Back Up The Registry (To Be On The Safe Side) ▪ Load regedit.exe from the Windows menu ▪ Choose File - Export and save a backup of the registry !119
  120. 120. !120
  121. 121. Now Issue The Commands To Disable The Unwanted Networking Settings !121
  122. 122. Step 9: Install Community Server © 2014 IBM Corporation
  123. 123. Every Sametime Server Install Starts With Creating A Deployment Plan !123
  124. 124. Name The Deployment Plan Something Meaningful For You Users Won’t See This Name Ever !124
  125. 125. Choose Which Version Of Community Server To Install ▪ You Can Still Install 8.5.2 In A v9 SSC but would have to use a Domino 8.5.2 server !125
  126. 126. Configuring Domino Server To Use For Community Server ▪ Domino server must be installed and running HTTP Credentials should already exist in Domino Directory !126
  127. 127. Select LDAP Configuration To Use ▪ Your options will only be those you have created under “LDAP Configuation” in the previous step !127
  128. 128. HTTP Tunneling ▪ Enables client connections on port 80 as well as port 1533 !128
  129. 129. Summary Of Deployment Plan !129
  130. 130. Whilst the status is “Ready to Install” the plan can be modified !130
  131. 131. Sametime Community Server Install Files !131
  132. 132. To Start The Install Run setupwin32.exe ▪ Sametime Community Server remains a 32bit application and can’t install on a 64bit Domino server !132
  133. 133. Choose Language Version !133
  134. 134. !134
  135. 135. !135
  136. 136. !136
  137. 137. Since we have a deployment plan we use the System Console to install !137
  138. 138. We tell the installer how to find the System Console by hostname and port These are credentials to login to the System Console The hostname used here must match the one in the plan we just created !138
  139. 139. The hostname matches a plan found in the System Console and the plan name is returned !139
  140. 140. !140
  141. 141. Community Server Install Completed !141
  142. 142. Restart The Server Once Community Server Is Installed !142
  143. 143. Status Once Community Server Is Installed ▪ Deployment Plan will be marked “Installed / Registered” !143
  144. 144. Status Once Community Server Is Installed ▪ A Community Server will be visible in the System Console !144
  145. 145. Step 10: Post Community Server Configuration Steps © 2014 IBM Corporation
  146. 146. ▪ Any server that will need to connect to the Community Server must be listed in the Trusted IPs for that server. List the ips for any other Sametime component for instance ▪ Choose the server we just installed which is listed under “Sametime Community Servers” ▪ Policies need to be reviewed ▪ Global Community Server properties need to be set !146
  147. 147. Editing Community Server Connection Properties ▪ The account and password used for the System Console to access the Community Server are stored under “Edit” on Connection Properties !147
  148. 148. Setting Community Server Properties ▪ Changes here will require a restart of the Community Server so let’s do them all now On servers with multiple ips make sure to bind to a specific hostname only !148
  149. 149. !149
  150. 150. Adding Trusted IPs !150
  151. 151. List of Trusted IPs ▪ Will overwrite the field in stconfig.nsf on restart ▪ Can not apply on the fly, Community Server must be restarted !151
  152. 152. !152
  153. 153. Enable offline messages here. The setting will apply to all Community servers !153
  154. 154. Working With Policies ▪ Two default policies are created, one covering all authenticated users and one for anonymous users. Review these before going any further ▪ As of Sametime 9 policies no longer exist in the Domino web based Sametime administration and neither does stpolicy.nsf ▪ You must now have a System Console if you want to use policies with Sametime !154
  155. 155. Instant Messaging Policy If you are upgrading communities side by side consider This is a client side setting, transcripts are not saved on the server automatically Contact list size significantly effects LDAP performance !155
  156. 156. Mobile Specific Section Under Instant Messaging Policy !156
  157. 157. Security Section Under Instant Messaging Policy !157
  158. 158. Setting “Ignore” For Case Sensitivity During Lookups ▪ Required by iNotes and WebSphere based applications such as IBM Connections !158
  159. 159. Step 11: Install Sametime Proxy Server © 2014 IBM Corporation
  160. 160. Sametime Proxy Server ▪ The Sametime Proxy Server acts as a web proxy to your Community Server ▪ It can connect to any server in your Community ▪ Mobile clients connect to the Sametime Proxy Server and from there to the Community Server ▪ Building a new Sametime Proxy Server requires us to create a database and then a deployment plan before installing !160
  161. 161. Creating The Sametime Proxy Server Database ▪ The create database script is found in the DatabaseScripts folder in the extracted Sametime Proxy Server install directory !161
  162. 162. Creating The Sametime Proxy Server Database ▪ Run from a command prompt ▪ createProxyDb [databasenametocreate] [db administrative account] ▪ e.g createProxyDb STPROXY db2admin !162
  163. 163. Database Script Running It can take a few minutes to run but when complete you should see this !163
  164. 164. Adding Our Newly Created DB To The System Console !164
  165. 165. db2 server hostname & port Newly created db name !165
  166. 166. Database Added To The System Console The STPROXY database details were validated before it was added including DB2 server , port and access !166
  167. 167. !167
  168. 168. Create A Deployment Plan !168
  169. 169. Deployment Plan Name Only visible to administrators not users !169
  170. 170. Community Server Version You can install earlier Community Server versions into a v9 SSC but Domino can’t be v9 unless the Community Server is !170
  171. 171. Primary and Secondary Nodes ▪ The first server of a type added to the System Console is the Primary Node ▪ additional servers considered cluster mates are secondary nodes ▪ If you install a server in its own cell it will not be managed by the System Console ▪ There can only be one Primary Node of each server type (Meeting, Proxy , Advanced etc) in each cell !171
  172. 172. Add the new node to the existing Cell (the System Console) !172
  173. 173. These are the WebSphere configuration settings for the new Sametime Proxy Install If using Primary or Secondary node,the server will be federated into the cell and its user id and password overwritten with that of the SSC !173
  174. 174. Select Which Community Server To Connect To ▪ The Sametime Proxy will connect to any server in the Community (the Domino domain) ▪ You can modify its XML file later to bind it to a cluster or a specific server !174
  175. 175. Select The Database To Use ▪ If you try selecting STSC it will not accept that as a valid database because the schema will be wrong, this is why we create a specific database for the Sametime Proxy !175
  176. 176. Deployment Summary !176
  177. 177. Deployment Plan Complete & Ready For Install !177
  178. 178. Locate The Repository.Config ▪ We will need to add the install repository for the Sametime Proxy to the Installation Manager to do the install ▪ The repository.config should be in the root directory of the extracted install files !178
  179. 179. Launch Installation Manager To Add A New Repository !179
  180. 180. Browse to the repository.config file in the install directory !180
  181. 181. We now have three repositories that Installation Manager is told to look in WebSphere SSC Sametime Proxy !181
  182. 182. Since Installation Manager is told to look in three repositories it finds three software products to install. We select Sametime Proxy Server only !182
  183. 183. Since we have already installed the SSC we have a package group If this was a dedicated server for Sametime Proxy there would be no existing package group and Installation Manager would create one !183
  184. 184. We have a deployment plan so we use the System Console to find that and install !184
  185. 185. We Since Sametime Proxy Server installs using WebSphere we must tell the installer where WebSphere is !185 can’t proceed until we validate WebSphere is in place
  186. 186. Once validated we can move to the next step !186
  187. 187. Hostname & port of the System Console Credentials used to login to the SSC Hostname for the Sametime Proxy server (must match the deployment plan hostname) !187
  188. 188. The settings must be validated before you can continue, this ensures the SSC can be found and connected to !188
  189. 189. Name of Primary deployment plan in the SSC Node Install matching this install type (Sametime Proxy) and hostname !189
  190. 190. Deployment plan settings. Select “validate” to test before install can complete !190
  191. 191. Once deployment plan and install settings are validated the install can continue !191
  192. 192. Check available disk Select “Install” !192
  193. 193. Sametime Proxy Install Complete ▪ !193
  194. 194. Sametime Proxy Server Started ▪ nodeagent ▪ STProxyServer !194
  195. 195. Deployment Plan Shows Complete !195
  196. 196. Check The Ports Assigned To The Server Select the STProxyServer !196
  197. 197. Choose “ports” under “Communications” !197
  198. 198. Go to http://proxyhostname:wc_defaulhost/stwebclient/index.jsp !198
  199. 199. Verify the web client can log you in (make sure popups aren't disabled) !199
  200. 200. Logged into the web client. If login fails make sure the trusted ip is listed correctly and the Community Server has been restarted !200
  201. 201. Step 12: Virtual Hosts and Tuning © 2014 IBM Corporation
  202. 202. Creating A Dedicated Virtual Host ▪ Each Sametime component uses a dedicated virtual host to isolate its traffic from any other server in the cell on the same port ▪ Without this step you may see redirections failing ▪ Make sure you BACKUP deployment manager before making these changes !202
  203. 203. Precreated virtual hosts Select “New” to create a dedicated virtual host !203 admin_host used by the SSC proxy_host is nothing to do with the Sametime Proxy
  204. 204. Call the new host anything not already in use, in our case we’ve used Now click on Host Aliases to add our new ports !204
  205. 205. Click “New” to add specific ports for the Sametime Proxy Server hostname !205
  206. 206. Add each port for any hostnames you want to access the Sametime Proxy Server on !206
  207. 207. You should end up with entries for each hostname for the server ports wc_defaulthost wc_defaulthost_secure plus: 80 & 443 !207
  208. 208. We need to modify the default_host aliases to remove the wildcard entries for ports we have explicitly mapped !208
  209. 209. Since we mapped ports 9081, 9444, 80 and 443 in the stproxy_host we we need to delete these as they now conflict !209
  210. 210. Remaining default_host Ports !210
  211. 211. Mapping The Application To The New Host ▪ Go to Applications - All applications !211
  212. 212. Now we need to map our new stproxy_host to the Sametime Proxy Application !212
  213. 213. Select “Virtual hosts” To Modify The Mapping !213
  214. 214. Everything is mapped to default_host. We need to select all and map to the new virtual host stproxy_host !214
  215. 215. Now the modules are mapped correctly and we can save this and restart the Sametime Proxy Server !215
  216. 216. Modify The Sametime Proxy Configuration !216
  217. 217. Connectivity What Community Server or cluster this Sametime Proxy connects to !217
  218. 218. Managing Performance Number of concurrent user connections. “0” disables all user connections Disable this if you want to prevent the Sametime Proxy Server authenticating against the user’s home server instead of the server connected to this proxy !218
  219. 219. Mobile Settings APNS ports for iOS notifications that must be open outbound from the Sametime Proxy Server Disable PUSH for iOS forcing logout when client goes into the background !219
  220. 220. Creating A WAS Proxy For Our Sametime Proxy ▪ The Sametime Proxy Server when installed runs on the wc_defaulthost and wc_defaulthost_secure ports for http and https respectively ▪ Those are not the ports 80 & 443 ▪ To avoid having to place the port number in the URL to access the Sametime Proxy Server we create a WAS Proxy that runs on ports 80 & 443 and provides a proxy service to the application server ▪ We do the same for Meeting Servers !220
  221. 221. !221
  222. 222. Select the node the application server is on This will be the server name of the WAS Proxy !222
  223. 223. Make sure to disable “SIP” which isn’t used for Sametime Proxy !223
  224. 224. !224
  225. 225. WAS Proxy Summary !225
  226. 226. New WAS Proxy Created !226
  227. 227. Once Started You Should Be Able To See Ports 80 & 443 Listening on the Host Name Being Used ▪ You don’t have to install the WAS Proxy on the same server as the Sametime Proxy Server ▪ You can install multiple WAS Proxies behind a load balancer for additional failover !227
  228. 228. Step 13: Configure SSL © 2014 IBM Corporation
  229. 229. Configuring SSL ▪ To use SSL we are going to want to install a certificate from a known certificate authority and not use the internal IBM one that the installer created on the fly as that isn’t recognised by any browser or mobile device ▪ To do this we need to import the trusted certificates from whatever CA we choose and then generate a Certificate Signer Request and import the certificate we are given ▪ All of the SSL work is done under SSL Certificate and Key Management !229
  230. 230. Step 1: Install The Trusted Roots ▪ I used GeoTrust for my CA but you could use any provider ▪ Trusted roots are installed into the CellDefaultTrustStore under Signer Certificates !230
  231. 231. The only trusted root that exists is the one IBM created on the fly during install !231
  232. 232. Adding A New Trusted Root Certificate Take the trust certificates from your authority’s site (in my case GeoTrust) and add them here. Alias can be anything meaningful to you !232
  233. 233. Certificate will be added and show a confirmation screen. !233
  234. 234. Both GeoTrust Root Certificates Added !234
  235. 235. Only The Default Personal Certificate Created By The Installer Exists !235
  236. 236. Create A Personal Certificate Request (CSR) ▪ This will create a file you can upload to any CA site such as GeoTrust, Verisign, GoDaddy, Thawte to complete your request for a SSL certificate ▪ Go to CellDefaultKeyStore (not trust store) and choose “Personal Certificate Requests” !236
  237. 237. Completing a CSR (Personal Certificate Request) The details you complete here must match those submitted on the CA site. The Organization name must match the owner of the domain you are requesting a CSR for !237
  238. 238. Importing A Completed Certificate ▪ Once your CA returns the certificate to you, it needs to be imported. ▪ If it arrives as an email just copy/paste the contents of the certificate into a text file ▪ Choose “Receive certificate from CA” ▪ You can only receive a certificate you have an outstanding request for !238
  239. 239. Certificate Successfully Imported !239
  240. 240. Mapping The New Certificate To The Server Instances ▪ Now we have our new certificate we have to tell our application servers to use it instead of the certificate they were installed with ▪ Wildcard certificates can be used here and with Sametime 9 it’s a requirement that the Sametime Advanced and Sametime Proxy servers do use the same exact certificates ▪ To map a new certificate go to “Manage EndPoint Security Configurations” !240
  241. 241. Select the server to map. Here we have already mapped the STProxyServer but also need to map the WAS Proxy stproxy_fwd Select server name to map !241
  242. 242. SSL Mapping Make sure to override inherited values Select the new alias from the drop down list !242
  243. 243. Both inbound and outbound mappings must be completed for all servers on the node (but not the nodeagent) !243
  244. 244. Restart Both The Application Server And WAS Proxy ▪ Go to https://<stproxyhostname> ▪ redirection will happen automatically ▪ no port required ▪ the new SSL certificate should be in place and no warnings received !244
  245. 245. To Enable Google Android Push Updates We Need To Import Google’s Certificates Use EXACTLY these settings and select “Retrieve signer information” !245
  246. 246. Android’s SSL Certificates !246
  247. 247. Step 14: Test © 2014 IBM Corporation
  248. 248. Install The Sametime Mobile Client ▪ Available from both Apple and Android Stores !248
  249. 249. Configure The Sametime Mobile Client To Connect Hostname (must work both internally and publicly) Secure SSL Port !249
  250. 250. Login !250
  251. 251. ▪ Access Connect Online to complete your session surveys using any: – Web or mobile browser – Connect Online kiosk onsite 8