The document discusses ensuring high availability for IBM Sametime deployments. It describes how to cluster various Sametime services like instant messaging, meetings, and media services behind a load balancer. It provides tips for clustering the Sametime system console, database server, and Domino directories to maintain availability. The document emphasizes designing systems to scale for future growth and ensuring consistency across clustered servers.
If you're Sametime environment is going to include Audio and Video you will probably want to be able to talk to people outside your own company, or at least to your own users on their mobile devices who aren't connected via VPN. In this recorded online session as part of IBM's New Way To Work initiative we reviewed the infrastructure behind the Audio and Video elements of Sametime and how best to extend those features beyond your firewall.
In this recorded online session we looked at all the options to upgrade your existing Sametime environment to Sametime 9.0.1. Whether you have only a single Community server on an early Sametime version or an entire infrastructure including audio and video on 9.0 we outlined how to plan for an upgrade and the pros and cons of doing the work side by side vs in place.
In this session we looked at the architecture behind the Sametime mobile applications for chat and meetings. What do you need to deploy to support mobile users and what features are available to them on the different mobile platforms. We also looked at potential bottlenecks, security and troubleshooting for the mobile clients.
Traveler management, security and performanceGabriella Davis
Traveler is a core component of most companies’ mail infrastructure, but its maintenance and security goes far beyond Domino server management. In this session we’ll look at a Traveler environment from daily tasks to enforcing TLS and starting with understanding how Traveler behaves. We’ll review both standalone and high availability configurations and discuss common problems, as well how best to plan and design a secure and stable infrastructure.
Presentation on building Sametime 9.0.1 step by step from Domino server through to SSC, Sametime Proxy and SSL configuration. Given at IBM Connect 2014 with Paul Mooney SHOW401
IBM Traveler Management, Security and PerformanceGabriella Davis
Traveler is a core component of most companies’ mail infrastructure but its maintenance and security goes far beyond Domino server management. In this session we’ll look at a Traveler environment from daily tasks to enforcing TLS and starting with understanding how Traveler behaves. We’ll review both standalone and high availability configurations and discuss common problems, as well how best to plan and design a secure and stable infrastructure.
Having a full set of Sametime features available on mobile devices has been a priority for IBM so if you are deploying, whether it’s the complete feature set including meetings audio and video or just instant messaging you can extend the functionality using IBM Connections Chat and IBM Connections Meetings applications which are available for most mobile platforms. In this session we will review both the backend server configuration and the features available via the mobile applications and discuss usability, bandwidth and security implications
If you're Sametime environment is going to include Audio and Video you will probably want to be able to talk to people outside your own company, or at least to your own users on their mobile devices who aren't connected via VPN. In this recorded online session as part of IBM's New Way To Work initiative we reviewed the infrastructure behind the Audio and Video elements of Sametime and how best to extend those features beyond your firewall.
In this recorded online session we looked at all the options to upgrade your existing Sametime environment to Sametime 9.0.1. Whether you have only a single Community server on an early Sametime version or an entire infrastructure including audio and video on 9.0 we outlined how to plan for an upgrade and the pros and cons of doing the work side by side vs in place.
In this session we looked at the architecture behind the Sametime mobile applications for chat and meetings. What do you need to deploy to support mobile users and what features are available to them on the different mobile platforms. We also looked at potential bottlenecks, security and troubleshooting for the mobile clients.
Traveler management, security and performanceGabriella Davis
Traveler is a core component of most companies’ mail infrastructure, but its maintenance and security goes far beyond Domino server management. In this session we’ll look at a Traveler environment from daily tasks to enforcing TLS and starting with understanding how Traveler behaves. We’ll review both standalone and high availability configurations and discuss common problems, as well how best to plan and design a secure and stable infrastructure.
Presentation on building Sametime 9.0.1 step by step from Domino server through to SSC, Sametime Proxy and SSL configuration. Given at IBM Connect 2014 with Paul Mooney SHOW401
IBM Traveler Management, Security and PerformanceGabriella Davis
Traveler is a core component of most companies’ mail infrastructure but its maintenance and security goes far beyond Domino server management. In this session we’ll look at a Traveler environment from daily tasks to enforcing TLS and starting with understanding how Traveler behaves. We’ll review both standalone and high availability configurations and discuss common problems, as well how best to plan and design a secure and stable infrastructure.
Having a full set of Sametime features available on mobile devices has been a priority for IBM so if you are deploying, whether it’s the complete feature set including meetings audio and video or just instant messaging you can extend the functionality using IBM Connections Chat and IBM Connections Meetings applications which are available for most mobile platforms. In this session we will review both the backend server configuration and the features available via the mobile applications and discuss usability, bandwidth and security implications
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
Are you looking at Cloud options and wondering how and if you can get there from where you are? If you have Domino on premises and are considering Cloud then a good option is a hybrid architecture which maintains all your on premises configuration managed by your own administrators but adds Cloud client access managed by IBM. We will look at how simple it is to create this hybrid solution using Domino passthru servers and review how things like user and directory maintenance, client access and mail routing will then work. From Domino Admin to Domino Hybrid Admin in a few simple steps.
Planning and Completing an IBM Connections UpgradeGabriella Davis
So you have IBM Connections installed, but now you need to decide what and when to update. It could be a WebSphere fix or a DB2 fixpack, a new application, a database schema or an entirely new version. Some updates are for security, some for performance and some for new features. In this session we'll discuss how you can decide when and what to upgrade, how to plan for and perform a safe upgrade regardless of its size, and test when it’s complete. We’ll also discuss what things can trip you up along the way.
How to configure IWA / SPNEGO for IBM Domino enabling Windows authenticated users to access Domino web applications without being prompted for further authentication
In this session from MWLUG 2017 I introduce the concepts of containerisation and discuss Docker architecture, design, deployment considerations and risks.
The SSL Problem and How to Deploy SHA2 CertificatesGabriella Davis
Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it, then just remember to renew it every couple of years. Then, suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again, then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them with confidence this session will show you how!
1084: Planning and Completing an IBM Connections UpgradeGabriella Davis
So we have IBM Connections installed, but now it’s time to consider what and when to update. It could be a WebSphere fix or a DB2 fixpack, a new application, or database scheme. Some updates are for security, some for performance and some for new features. In this session we'll discuss how you can decide when and what to upgrade, how to plan for and perform a safe upgrade, test when it’s complete and what things can trip you up along the way. All of this is based on lessons learned over hundreds of deployments.
Domino Security - not knowing is not an option - MWLUG 2015Darren Duke
There have been a ton of changes to Domino security over the past few months. See what they are, why you need them and how to implement them, including but not limited to: SSL/TLS Notes port encryption reverse proxies SHA2 certificates SAML/NFL Perfect Forward Secrecy Learn. Implement. Sleep well.
What We Wish We Had Known: Becoming an IBM Connections AdministratorGabriella Davis
Presentation on IBM Connections given by Gab Davis and Paul Mooney at IBM Connect 2014. In this session we shared our experiences of Connections as administrators and what we feel is useful information for every admin to know.
Planning & Completing An IBM Connections UpgradeGabriella Davis
Presentation from ICON UK in London Sept 2015 on approaches to upgrading IBM Connections whether it's a WebSphere iFix, TDI, DB2 or the Connections applications themselves
IAmLUG presentation: Domino Admin Best Practices - Hunting the GremlinsDavid Hablewitz
Notes / Domino administrator best practices for finding the gremlins in your environment and avoiding them. This session was presented at IamLUG by David Hablewitz and Kim Greene.
Do you want your administration day even easier? Are you aware of the free code snippets, tools and products you could be using in your arsenal? This session will fly through as many of them as we can in sixty minutes. Screenshots, demos and a nice bundled list of where to get them all. Just in case we can't fit them all in!
Examples are Domino server console shortcuts, Sametime buddylist management, LDAP verification, improved search tools within your Notes client and even more. I don't want to give all the hints away here.
Slides from IBM Connect 2014 BP502 session: Is Your IBM Sametime Deployment Stuck in First Gear? Learn From the UC Mechanics. Presented by Peter Lurie and David Price
Setting Up a Hybrid Domino Environment to Ease your Way to the CloudGabriella Davis
Are you looking at Cloud options and wondering how and if you can get there from where you are? If you have Domino on premises and are considering Cloud then a good option is a hybrid architecture which maintains all your on premises configuration managed by your own administrators but adds Cloud client access managed by IBM. We will look at how simple it is to create this hybrid solution using Domino passthru servers and review how things like user and directory maintenance, client access and mail routing will then work. From Domino Admin to Domino Hybrid Admin in a few simple steps.
Planning and Completing an IBM Connections UpgradeGabriella Davis
So you have IBM Connections installed, but now you need to decide what and when to update. It could be a WebSphere fix or a DB2 fixpack, a new application, a database schema or an entirely new version. Some updates are for security, some for performance and some for new features. In this session we'll discuss how you can decide when and what to upgrade, how to plan for and perform a safe upgrade regardless of its size, and test when it’s complete. We’ll also discuss what things can trip you up along the way.
How to configure IWA / SPNEGO for IBM Domino enabling Windows authenticated users to access Domino web applications without being prompted for further authentication
In this session from MWLUG 2017 I introduce the concepts of containerisation and discuss Docker architecture, design, deployment considerations and risks.
The SSL Problem and How to Deploy SHA2 CertificatesGabriella Davis
Two years ago enabling your site with SSL was a simple affair, buy a certificate or create your own, install it, then just remember to renew it every couple of years. Then, suddenly security holes are being found in SSL virtually every month , popular browsers stop connecting to your site to protect themselves, and you’re continually being told your users data is at risk. In this session we will discuss how it all went wrong and can go wrong again, then go through each step of requesting, generating and deploying a 4096 SHA-2 certificate to use in a keyfile by Domino, IBM Connections, IBM Sametime and other WebSphere products. If you work with these IBM products and need to secure them with confidence this session will show you how!
1084: Planning and Completing an IBM Connections UpgradeGabriella Davis
So we have IBM Connections installed, but now it’s time to consider what and when to update. It could be a WebSphere fix or a DB2 fixpack, a new application, or database scheme. Some updates are for security, some for performance and some for new features. In this session we'll discuss how you can decide when and what to upgrade, how to plan for and perform a safe upgrade, test when it’s complete and what things can trip you up along the way. All of this is based on lessons learned over hundreds of deployments.
Domino Security - not knowing is not an option - MWLUG 2015Darren Duke
There have been a ton of changes to Domino security over the past few months. See what they are, why you need them and how to implement them, including but not limited to: SSL/TLS Notes port encryption reverse proxies SHA2 certificates SAML/NFL Perfect Forward Secrecy Learn. Implement. Sleep well.
What We Wish We Had Known: Becoming an IBM Connections AdministratorGabriella Davis
Presentation on IBM Connections given by Gab Davis and Paul Mooney at IBM Connect 2014. In this session we shared our experiences of Connections as administrators and what we feel is useful information for every admin to know.
Planning & Completing An IBM Connections UpgradeGabriella Davis
Presentation from ICON UK in London Sept 2015 on approaches to upgrading IBM Connections whether it's a WebSphere iFix, TDI, DB2 or the Connections applications themselves
IAmLUG presentation: Domino Admin Best Practices - Hunting the GremlinsDavid Hablewitz
Notes / Domino administrator best practices for finding the gremlins in your environment and avoiding them. This session was presented at IamLUG by David Hablewitz and Kim Greene.
Do you want your administration day even easier? Are you aware of the free code snippets, tools and products you could be using in your arsenal? This session will fly through as many of them as we can in sixty minutes. Screenshots, demos and a nice bundled list of where to get them all. Just in case we can't fit them all in!
Examples are Domino server console shortcuts, Sametime buddylist management, LDAP verification, improved search tools within your Notes client and even more. I don't want to give all the hints away here.
Slides from IBM Connect 2014 BP502 session: Is Your IBM Sametime Deployment Stuck in First Gear? Learn From the UC Mechanics. Presented by Peter Lurie and David Price
IBM Connect BP302 Social Communications: A Roadmap for Connecting Sametime with Everything
Social Business, Mobile or Social Communications: what path should you take? Does Connections need Sametime or does it stand alone?
What are the most critical decisions an organizations makes to unify existing audio conferencing, video conferencing, and phone systems? In this session we will offer a roadmap to Unified Communications that marks the critical “forks in the road” on the journey to UC and illustrate experiences from actual implementations. We’ll cover UC platforms (Sametime, Lync, Jabber), video (Cisco, Polycom, Avaya), telephony (Cisco, Avaya, ShoreTel or legacy), firewalls, mobility, and call control/dial plans. The session will wrap-up with a live demo featuring full integration of Sametime, Connections, and Polycom video.
BP501 - Building and deploying custom IBM sametime connect client installatio...Carl Tyler
IBM Sametime Connect is a powerful unified communications client, offering real-time communications capabilities. In this session, we'll cover how to build custom IBM Sametime installation packages, how to include interim fixes in the installation. We'll also cover how to customize various aspects of the client install with the installer, and how to ensure the install and uninstall is configured correctly. We'll also explain how you can manage IBM Sametime settings from the server post installation.
Presented by Carl Tyler of Epilio at IBM Connection 2014
AD109 - Using the IBM Sametime Proxy SDK: WebSphere Portal, IBM Connections -...Carl Tyler
From simple lightweight usage to full real world integration and development, the Sametime Proxy offers an exceptional range of social capabilities. This session will showcase our integration with Portal and Connections, and then move on to illustrate how the openness of the programming model makes it suitable for any environment, by extending SDK objects, managing events and overriding Sametime Proxy widget prototypes. This session will show you real world examples of how customers transformed regular web and mobile applications into those with a rich social experience using the Sametime Proxy
IBM Connect 2016 - Logging Wars: A Cross Product Tech Clash Between Experts -...Chris Miller
Things WILL get VERY technical when two experts face-off in a unique session that explores polar perceptions regarding various types of logs, verbosity levels, data extraction, responses for alerts, and more. Be it Domino, Sametime, or Traveler operating on-prem. or in Hybrid and Cloud environments, it is vital to have an understanding of log data structure, what is (or isn't) logged and why, and how to search logs effectively. But aren't there ways to find your information without having to pipe everything into the log? Where does one's best practice end and another's begin? From this collision of opposing viewpoints and real-world stories, you'll take away knowledge and tools ready to deploy to various scenarios, products, and log types.
How long does it really take to install and configure IBM Connections - 99% of your time is taken up by waiting for things to install.
In this 45 minute presentation everything you need to know about installing and configuring your first connections install
Slides include general management, troubleshooting, compliance, policies, email archiving and the use of PowerShell. We will review how to monitor Exchange with the Event viewer and System Center, and we will discuss the Exchange best practice analyzer.
You can learn more about the latest version of FREE Veeam Explorer for Exchange: http://go.veeam.com/veeam-explorer-for-microsoft-exchange
VIDEO for this webinar: http://www.veeam.com/videos/managing-your-exchange-architecture-4813.html
Soccnx10: Best and worst practices deploying IBM Connectionspanagenda
Depending on deployment size, operating system and security considerations you have different options to configure IBM Connections. This session will show good and bad examples on how to do it from multiple customer deployments. We will describe things we found and how you can optimize your systems. Main topics include simple (documented) tasks that should be applied, missing documentation, automated user synchronization, TDI solutions and user synchronization, performance tuning, security optimizing and planning Single Sign On for mail, IBM Sametime and SPNEGO. This is valuable information that will help you to be successful in your next IBM Connections deployment project.
A presentation by Christoph Stoettner & Nico Meisenzahl
TechTalks is BlazeClan Technologies' platform provided to all engineers and technology enthusiasts where they can learn and explore new technologies,connect with peers, network with industry experts and discover new opportunities to grow.
The Agenda for this TechTalks is as below:
Overview of Basics & some Debugging Techniques
Peer Communication in Salt
Events, Orchestration & Reactors
Mine
Beacons
Multi-master & Syndic
Basic Salt Cloud
SHOW102 XPages: Still No Experience Necessary IBM Connect 2014Kathy Brown
IBM Connect 2014
XPages: Still No Experience Necessary
Step by Step see how to create an XPages application. Create a help desk ticket app, including CRUD (Create, Read, Update, Delete)
1049: Best and Worst Practices for Deploying IBM Connections - IBM Connect 2016panagenda
Depending on deployment size, operating system and security considerations you have different options to configure IBM Connections. This session show good and bad examples on how to do it from multiple customer deployments. Christoph Stoettner describes things he found and how you can optimize your systems. Main topics include simple (documented) tasks that should be applied, missing documentation, automated user synchronization, TDI solutions and user synchronization, performance tuning, security optimizing and planning Single Sign On for mail, IBM Sametime and SPNEGO. This is valuable information that will help you to be successful in your next IBM Connections deployment project.
A presentation from Christoph Stoettner (panagenda).
If you are a Domino Administrator in any size company you already have a range of skills that make you an expert administrator across many platforms and technologies.
In this session Gab explains how to apply those skills and that knowledge to take your career wherever you want to go.
Presentation from Engage 2022 in Bruges
From day to day administration to advanced configuration from automated maintenance to running the best multi client mail server on the market, from advanced security to data access.
. Design Decisions: Developing for Mobile - The Template Experience ProjectGabriella Davis
HCL Nomad allows us to access our Notes applications on tablet and mobile. Currently available for iOS the team behind Template Experience have been working with HCL development and UI design to redesign the standard discussions template for Notes and produce a whitepaper based on that work to assist you with your own mobile development. The beta of that template and whitepaper have now been published and this presentation accompanies that work
Domino Server Health - Monitoring and ManagingGabriella Davis
If you're a Domino administrator how do you decide what to monitor on your servers and how to manage them ? What are the key things to monitor? How do good practice management tools such as statistics reporting, DDM, cluster symmetry, database repair and policy settings make your work lighter and faster. Finally we’ll talk about some of the “must dos” in the day, week and month of a Domino admin.
Presented at Engage.ug in Brussels May 2019
How do Exchange on premises and the various Outlook clients line up against Domino on premises and its clients? In this session we'll look at the configuration options and management interfaces for each server as well as the client options and client behaviours. We'll also discuss the general ecosystems, considerations for migrating or co-existing and lessons learned. A great session for Domino admins who want to know more about the other side.
Presented at Engage.ug in Brussels May 2019
Admin Tips In 60 Minutes
In this high speed session I take you through the best admin tips for Domino, Notes, Sametime, Traveler and more. From notes.ini values, to server configuration settings and valuable customisations.
Some tips will be new to v10 and some have been around but rarely used for years.
Whatever your experience there will be something new for you to take away and enjoy.
Presented at Engage.ug in Brussels May 2019
Adminlicious - A Guide To TCO Features In Domino v10Gabriella Davis
With v10 of EVERYTHING due out in Q4 and the public beta now available it’s time to talk about what we know is coming and how to plan for upgrades. In this session I show the features I'm most inspired by (NDAs allowing!) talk about how I'm getting ready and why this is a really exciting time to be an admin!
An Introduction to Configuring Domino for DockerGabriella Davis
You may know that docker is a container solution but what does that mean and how could it affect your Domino infrstructure? In this session I will explain what Docker may offer, highlight the decisions to consider when designing container architecture , how to construct a container, how to install and run Domino inside one and discuss options for clustering. Is Docker for you?
Presented at CollabSphere 2018 in Ann Arbor, MI
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
Presented at Collabsphere 2018 in Ann Arbor, MI
× The Road To A #Perfect10 - How To Get Ready For Domino, Sametime, VOP and T...Gabriella Davis
Later this year HCL will be releasing the first major updates for Domino, Sametime, Traveler and Verse on Premises for several years. We've already heard about developments on the way such as a Notes client for tablet and phone as well as structural changes like the removal of the 64GB file limit. The more up to date and well designed your infrastructure is, the easier these upgrades are going to be so In this session Gab will explain how to audit, evaluate and fix your environment as well as what changes you can (and should) do in preparation so you can be fast to move when the products arrive..
Presented At CollabSphere 2018 in Ann Arbor, MI
An introduction to configuring Domino for DockerGabriella Davis
9.0.1 FP10 brings support for Domino on a docker platform. You may know that docker is a container solution but what does that mean and how could it affect your Domino infrstructure? In this session we'll review how to install and run Domino in a docker container, whether it can support external clustering and the decisions to consider when designing container architecture.
In this session, presented as a workshop outline, we will walk you through your GDPR responsibilities and how to assess your risk. We’ll give some recommendations on high priority but easy to fix issues and how to discover, secure and take ownership of existing data. At the end of the session we will share the workshop outline to help with your own planning.
Prepared for Social Connections 13 in Philadelphia April 2018
An Introduction To The DMARC SMTP Validation RequirementsGabriella Davis
Presented at Social Connections 13 in Philadelphia April 2018.
DMARC is a SMTP security standard being increasingly requested by customers to protect against email spoofing. It uses a combination of SPF (Sender Policy Framework) records and DKIM (DomainKeys Identified Mail). Using DMARC you would publicly specify how your outbound mail is sent and the receiving server would verify that the mail it receives matches your requirements. In this session we’ll discuss DMARC deployments and what to do if your mail server (like IBM Domino or SmartCloud) does not yet support DKIM?
In this session presented during Community Day at IBM Think, Gabriella Davis discusses the importance of a personal brand, why you have one, how to create one and how to move your brand to a new space.
A Guide To Single Sign-On for IBM Collaboration SolutionsGabriella Davis
Single sign-on, single identity and even password synchronization—in this session, we will take you through all the options available to minimize or eradicate logins across IBM's Collaboration Solutions (ICS); whether it is a Domino web server, IHS, Notes client, Traveler, Sametime, Connections or Verse, on-premises or cloud. The discussion will cover security certificates, password synchronization, IWA, SPNEGO and SAML Federation. We will explain what you can (and can't) do, and how to do it. Presented at Think 2018
In this group discussion Gabriella Davis with Tony Holder from Panagenda, Maria Nordin from Infoware Solutions and Jon Schultz from Prominic discuss their personal battles with the Imposter Syndrome.
In this session we introduce administrators to the concepts of Docker and discuss architectural decisions that will come into play when deploying containers. Although this session was originally presented as part of IBM's New Way To Learn initiative it does not discuss any specific aspects of IBM technology
Presentation from IBM InterConnect in Las Vegas March 2017.
Enabling Internet of Things (IoT) so your employees and your customers can have a simplified experience with new services and products sounds exciting. In this session, we will dig into the top ten risks that come with the IoT experience. Due to the rapidly evolving nature of IoT and associated threats, there are risks in allowing access to your enterprise resources. Custom firmware, embedded operating systems and wi-fi connectivity of IoT devices offer many possible areas for exploits and misuse. Come explore current security offerings and get a first look at best practices. Walk away with an immediate checklist to benefit your enterprise as it deploys and offers IoT access.
2. Gabriella Davis
§ Proud Nerd Girl
–Mathmo / Problem Solver / System Designer / Optimist
§ ccMail & Agenda then Lotus & WAS
–I’m much older than I look
§ Co-Author of Sametime 8.5.2 Admin Guide
–Available at all good bookshops but mostly Amazon
–Domino & Exchange, Sametime & Lync Server, Sharepoint
§ Co-Author Connections101.net (being updated for Connections 4)
§ I present a lot globally & blog in fits and starts
§ The Turtle Partnership
–High Level Support of IBM Lotus products
• 20% support, 40% system design and implementation, 40% development
• 50% of our customers are in Europe and 50% in the US (nothing against Australasia mind
you)
2
3. There’s Nothing Sexy About High Availability
§ Believe me I tried to get as many jokes in as I could
§ There’s high availability and there’s disaster recovery and there’s load balancing and a
slew of options in between
§ Your Sametime install could be 3 servers or it could be 50 servers.
–I’ve done both ends of the scale
§ Build for now but design for the future
–Adding new servers or services later on can be a simple process if you’ve designed correctly
from the start
3
4. How This Presentation Works
§ There’s no single right way to do this, it depends on what services are critical to you and
what demand you expect for each service
§ My goal is to take you through each Sametime service and explain how you would
design each for clustering, load balancing and failover
–I use lots of pictures so we can all visualise what I’m talking about
–also hand puppets
§ I also want to talk about the cool things that you may not know happen under the hood
and some things you need to be careful of
§ There’s a lot of information here and I’m going to have to go fast so grab the
presentation and feel free to ask questions afterwards !
4
5. Sametime Servers and Services
§ Instant Messaging
§ Web clients, mobile clients, web based awareness
§ Meetings
§ Audio and Video services
§ Audio / Video reflector services (for A/V across networks)
§ Audio / Video traffic management
5
6. Sametime System Console
§ The SSC is the management and administration environment for all Sametime servers
and services
–You can build without a SSC but I don’t recommend it unless you love messing about with
XML files
§ The SSC is a WebSphere based application and cannot be clustered
§ Servers within the same SSC are aware of each other
–The Meeting servers know about the Media servers etc
§ There can only be one cluster of each type in a SSC
–One meeting cluster
–One sametime proxy cluster
–One proxy registrar cluster etc
–THIS IS GOING TO BE CRITICAL LATER ON WHEN WE TALK ABOUT PLANNING
§ You can’t cluster the SSC (it was worth repeating)
6
7. Database Server
§ Several of the Sametime servers use a DB2 database for management
–Meetings
–Gateway
–System Console
–Bandwidth Manager
–Advanced
–even the Proxy server has a DB2 database it uses for iPhone traffic
§ DB2 has several high availability models but the DB2 9.7 license supplied with your
Sametime licensing entitles you to use DB2 in a HADR configuration with a single active
and another passive server
–The switchover from active to passive is manual
–The passive DB2 server cannot be used or accessed but will take updates from the active
server and can itself be made the active server at any time
§ Without HADR you could lose your DB2 server
–Instant Messaging, Audio and Video as well as Web / Mobile clients
will continue to work
7
8. Edge Load Balancer
§ Licensed for use with Sametime
§ Very easy to deploy and configure on a wide range of platforms with a GUI interface for
management
§ Always use the new ULB IPV4/IPV6 load balancer and not the older IPV4 one which is
being deprecated
§ To set up a server for load balancing you need to
–Assign a virtual ip address that can be used by each cluster of servers and that points to the
ULB machine
• So if you’re load balancing Meetings, Sametime Proxy, Conference Manager, Proxy
Registrar, Packet Switcher and TURN server you need 6 separate unique virtual ips all
pointing to the load balancer
–Create a Loopback adapter on your backend servers (ie your Meeting, Media etc servers)
configured to use the virtual ip address
–Create routing rules in the ULB (Edge Load Balancer) wizard to forward traffic to the backend
servers
8
9. Load Balancer - Tips
§ You can use any load balancer to manage traffic to the Meeting, Sametime Proxy,
Gateway, Advanced and Community Servers but the Audio / Video components must be
configured to use MAC forwarding
§ For many load balancer appliances that’s a network wide configuration setting that
administrators don’t like to do (I have been told this many times :-))
–In those cases you could deploy the Edge LB to handle the A/V traffic
§ To configure a loopback adapter on Windows 2008 you need to go to Device Manager
and right mouse click on the server name then choose “Add Legacy Hardware” - you can
then go ahead and add a loopback network adapter by choosing Microsoft as the
provider
–There are specific network configuration settings that need to be run on a Windows 2008
server to set up the loopback adapter correctly
• http://www-01.ibm.com/support/docview.wss?uid=swg21304795
9
10. Domino Clustering
§ What does Domino clustering give us in a Sametime world?
–vpuserinfo (contact list and privacy information) replicated between servers in seconds
–directory information replicated between servers, if you set it up correctly
• Beware of using a replica of Directory Assistance on multiple servers without proper
configuration
–don’t cluster stconfig.nsf, its information is server specific
§ It can’t replicate Sametime specific information such as policies (which are held in
stconfig.nsf and business card configuration which is held in the file userinfoconfig.xml)
10
11. Domino Clustering for Sametime - Tips
§ If you’re running the Sametime System Console, it controls Sametime configuration
settings in stconfig.nsf including policies, trusted ips and LDAP configuration
§ Changing the LDAP deployment in the SSC will cause it to overwrite the LDAP settings
in stconfig.nsf when Domino next restarts
–but only once, if you then edit it the LDAP document in stconfig.nsf via Notes, it won’t be
overwritten
–Make sure you edit the LDAP and Policies documents always in the same place - the SSC,
don’t be tempted to quickly edit a Notes document in stconfig.nsf as the settings may not hold
11
12. Domino Clustering for Sametime - Weirdness
§ If you have multiple LDAP configurations in stconfig.nsf the priority is NOT the “Search
Order” as defined on the LDAP document but is the order in which the LDAP documents
appear in the view (by modified date).
–This priority determines which directory is searched first when finding contacts
§ To ensure this doesn’t happen you’ll need to change the design of the “All - by form and
date” view in stconfig.nsf to sort LDAP documents by Search Order field
The search order says that we want this
directory searched 2nd
but because it was modified most recently, it
will be searched first
13. Sametime Clustering
§ What does Sametime Clustering give us?
–The Community Server is central to everything Sametime does.
–None of the other components function without a Community server to talk to
–This makes clustering and availability of Community servers the most important component in
your design
–Users can log on to any Community server in the cluster and expect the same experience
• Assuming you have your Domino clustering and Sametime customisation set up correctly
✦vpuserinfo.nsf replicating
✦sametime.ini with same settings
✦userinfoconfig.xml the same
✦LDAP configuration in stconfig.nsf the same
–Other Sametime components such as the Sametime Proxy or Meeting servers will be able to
recognise a cluster mate as a failover alternative
13
14. Sametime Clustering - Tips
§ Verify Sametime.ini settings such as security level and allowable clients match on all
cluster-mates
– VPS_ALLOWED_LOGIN_TYPES
– VP_ONLY_SINGLE_LOGIN_ALLOWED
– VP_SECURITY_LEVEL
§ Don’t have one cluster server running a different version of Sametime than its other
cluster-mates
§ Users with no Sametime Server defined in their person document have no home
Sametime server and can log into any server in the Community (ie in the Domino
Directory)
–Users with a cluster name in the Sametime Server field in the person document can log into
another server in the cluster
–Use an LDAP attribute to store the home Sametime server name or cluster name for a user so
it’s accessible to other products such as Connections
• The sametime server name should be in hierarchical format eg cn=st1,o=turtlehost or as a
cluster name cn=stcluster
14
15. Sametime Clustering - Weirdness
§ Trusted ips in the stconfig.nsf determine what servers can connect to this Sametime
server
–These might be other Sametime servers or Domino servers using iNotes or Sametime Proxy
servers or Meeting or Media servers
• The list can get pretty long
§ The list of ips is updated in the Sametime System Console if you have one and this
overwrites the configuration document in stconfig.nsf
–Don’t edit the list in stconfig.nsf if you are running a SSC as your edits will be overwritten
§ One bug I continually see is when the trusted ips list in the SSC gets very long, it writes
out to the Community Trusted IPs field in the Community Connectivity document as a
long string instead of a list
–This breaks all trusted ip connections
–You can open and save the Notes document to fix it, saving recalculates the field correctly as
a list
–It will break again next time you update the SSC
15
16. Community Multiplexors - Multiple Multiplexors!
§ The Community Multiplexor (MUX) is a service running as part of your Sametime
Community Server
–It’s responsible for authenticating users and connecting them to the back end Sametime
services
–In a standard install the MUX runs as a service on the Community Server
–You can install a Community MUX separately from the Community server to offload the
authentication and client network connections to another machine
• The MUX maintains a single network connection to the Sametime Community Server
increasing the capacity of the server to 100k concurrent users
§ A MUX can be used to front-end multiple servers in a cluster, the assumption being that
users can connect to any and all of the listed servers
§ The sametime.ini file in a MUX contains a list of servers it can connect to
[Config]
VPMX_CAPACITY=80000
[Connectivity]
VPS_HOST=stchat1.turtlehost.net,stchat2.turtlehost.net, stchat3.turtlehost.net
16
17. Community Multiplexors - Tips
§ You don’t have to have a separate multiplexor and if you’re going to only have one it
itself becomes a single point of failure
§ It used to be that that MUX’s were ‘dumb’ in that they would round robin connections to
their known servers, trying each one in turn, even if that server is down
–That’s no longer the case and the MUX’s are now service aware and will not route traffic to
unavailable servers
–They have become load balancers for Sametime Community Server traffic
§ Everything in Sametime world pivots around DNS and fully qualified hostnames, the
hostname your Sametime clients ask for must eventually resolve to a Multiplexor
somewhere
–If you have multiple multiplexors you will therefore need to use a load balancer to make sure
traffic isn’t sent to a non responding multiplexor
17
19. Instant Messaging (Sametime Clients) Clustering
§ Sametime servers clustered, users can access either server but the FQHN defined in
their client connections will determine here they end up
§ There is no failover in the Sametime client
Domino Cluster
Domino Server A Domino Server B
Sametime Cluster
Sametime Server Sametime Server
stchat1.connect13.com stchat2.connect13.com
19
20. Instant Messaging (Sametime Clients) Failover
§ Load Balancer in front of Clustered Domino servers
§ Users are directed to either server and get the same experience
Load Balancer
stchat.connect13.com
Domino Cluster
Domino Server A Domino Server B
Sametime Cluster
Sametime Server Sametime Server
stchat1.connect13.com stchat2.connect13.com
20
21. Instant Messaging (Sametime Clients) Failover
§ Use a Multiplexor instead of a Load Balancer in front of your Sametime cluster and take
advantage of the failover logic built into it
§ Define multiple servers in the sametime.ini file in the Multiplexor
Sametime Multiplexor
stchat.connect13.com
Domino Cluster
Domino Server A Domino Server B
Sametime Cluster
Sametime Server Sametime Server
stchat1.connect13.com stchat2.connect13.com
21
22. Instant Messaging (Sametime Clients) Failover
§ If you don’t want your multiplexor to be a single point of failure then put multiple
multiplexors behind a load balancer. The client configuration FQHN points to the load
balancer and the multiplexors connect to either Community server
Load Balancer
stchat.connect13.com
Sametime Multiplexor Sametime Multiplexor
stmux1.connect13.com stmux2.connect13.com
Domino Cluster
Domino Server A Domino Server B
Sametime Cluster
Sametime Server Sametime Server
stchat1.connect13.com stchat2.connect13.com
22
23. Instant Messaging (Web and Mobile) Clustering
§ Multiple Community Servers
§ Single Sametime Proxy Server
§ Sametime Proxy Server can be directed to a single Community Server but can and will
utilise any Community server it is trusted for in your Domino Directory
Sametime Proxy Server
IBM WAS HTTP Proxy
stproxy.connect13.com (80/443)
Sametime Community Servers
Not Necessarily Clustered
stchat1.connect13.com
stchat2.connect13.com
stchat3.connect13.com
stchat4.connect13.com
23
24. Instant Messaging (Web and Mobile) Clustering
§ Clustered Community Servers
§ Single Sametime Proxy Servers
Sametime Proxy Server
IBM WAS HTTP Proxy
stweb.connect13.com (80/443)
Sametime Community Servers
CLUSTERED
stchat1.connect13.com
stchat2.connect13.com
stchat3.connect13.com
24
25. Instant Messaging (Web and Mobile) Failover
§ Clustered Community Servers
§ Multiple Sametime Proxy Servers (not clustered)
§ Load Balancer
Load Balancer
Sametime Proxy Server Sametime Proxy Server
IBM WAS HTTP Proxy IBM WAS HTTP Proxy
stweb1.connect13.com (80/443) stweb2.connect13.com (80/443)
Sametime Community Servers
CLUSTERED
stchat1.connect13.com
stchat2.connect13.com
stchat3.connect13.com
25
26. WebSphere Clustering
§ Each Sametime server (other than the Community Server) is installed on a WebSphere
node.
§ Each node must have a single primary instance but can have multiple secondary
instances installed as part of a cluster in either
–Horizontal (servers installed on different machines)
–Vertical (servers installed on the same machine but uses their own dedicated resources)
§ WebSphere has built in logic to share resources across Sametime servers in a cluster
–You don’t have to configure it to do that
§ BUT, the Sametime System Console can only manage 1 cluster of each server type
26
27. WebSphere - Tips
§ Attempting to deploy multiple applications on a single server is a very bad idea
§ Each application (Meetings, Media etc) must have its own FQHN and dedicated ip
address
§ To ensure WebSphere binds the correct ip address to the correct application (and avoids
port conflicts with other applications already installed) you have to explicitly edit the
underlying XML files to creating the hostname bindings
§ Even then WebSphere’s will bind the bootstrap port to the first ip address on the box
§ We’ve also discovered that all traffic sent from any of the servers has a source ip of the
first ip on the box (Windows 2008 R2)
§ In general it’s to be avoided. It can be done but Virtual Machines is a far cleaner, easier
and more reliable way to go
27
28. WAS Proxy Clustering
§ The WebSphere WAS Proxy server can act as both a HTTP or SIP proxy to sit in front of
your Sametime servers
§ Each Sametime server installs on its own application port (default is 9081 / 9043 secure
but that will increment by one for every other server installed on the same machine that
conflicts)
§ We don’t want to construct URLs that have port numbers in them so for HTTP services
we use a WAS HTTP Proxy server in front of the Sametime application to manage the
traffic on port 80 /443 secure
§ They are cluster aware, able to identify when an application server is unavailable and
redirect the traffic to that server’s cluster mate which provides built in failover
§ The WAS Proxy is often installed on the same node and server as the application server
it is managing but that doesn’t have to be the case, it can install standalone
28
29. WAS HTTP Proxy - Tip
§ The WAS HTTP Proxy is much more than a reverse proxy
–It is part of the Sametime System Console and will authenticate users before directing the
traffic onto a single destination - the application server it is supporting
–A reverse proxy doesn’t have the same intelligence to validate that traffic should be allowed
through and should only be allowed through to a specific destination
§ We primarily use WAS HTTP Proxies with Meeting and Sametime Proxy servers
§ You can have multiple WAS HTTP Proxies providing service to the same application
server
–You can cluster WAS HTTP Proxies and then they will also monitor each other
§ Don’t create WAS HTTP Proxies with the SIP checkbox enabled, we use SIP for Audio /
Video traffic and it can cause conflicts in the environment with other servers if you leave
it enabled
29
30. Meeting Server Clustering
§ Meeting Servers can be clustered in Sametime by installing a single server as a primary
node and then a series of secondary nodes either on the same machine (vertical
clustering) or, more usually, on multiple machines (horizontal clustering)
§ All Meeting servers in a cluster share the same DB2 database
§ In a Meeting server cluster WebSphere treats all the servers as equal
§ When a user creates a meeting WebSphere will decide which of the Meeting servers will
host that meeting
–This is very important as all users attending the meeting will be directed to the same host
meeting server
–it is outside of your control to determine which server will be selected
30
31. Meeting Server Clustering - Tips
§ If you build a Meeting Server cluster with servers in France, Singapore and Chicago - a
meeting of users in Chicago could just as easily be directed to France
–WebSphere will choose which cluster-mate hosts each meeting when the meeting is first
created
§ The WAS HTTP Proxy will be able to detect if the host meeting server is down and
redirect all user requests to an alternate server by rewriting the URL
§ Don’t create a meeting server cluster with one server inside a firewall and one outside
unless you are prepared to open ports to allow public access to your internal servers
§ Consider your network architecture when designing your meeting servers, if you want
multiple clusters you will need to have multiple System Consoles
§ The Community Server a user logs in to determines their environment from SSC to
Meeting, and Media Servers
–but users can log into different environments depending on where they are
31
32. Meetings Multiple Servers
§ Three Meeting Servers, all independent, none clustered, each with their own DB2
database (and different DB2 servers if you want)
§ Meetings will be created on a specific server as determined by the user creating the
meeting “where do you want to create this meeting”
§ The WAS HTTP Proxies are to ensure servers are accessible on 80 /443
Sametime Meeting Servers
stmeet1.connect13.com DB2
Active Server
IBM WAS HTTP Proxy STMeet Database(s)
stmeet2.connect13.com
IBM WAS HTTP Proxy
DB2
Passive Server
STMeet Database(s)
stmeet3.connect13.com
IBM WAS HTTP Proxy
32
33. Meetings Clustering
§ Three Meeting Servers, this time in a cluster
§ Meetings are created on any of the three servers, determined by WebSphere and
outside of user control
§ The WAS HTTP Proxies can proxy traffic for only one server each
§ It’s your decision if you want to separate servers and proxies onto their own machines,
you don’t have to
Sametime Clustered Meeting Servers
stmeet1.connect13.com DB2
Active Server
STMeet Database(s)
stmeet2.connect13.com
stmeet3.connect13.com
DB2
Passive Server
STMeet Database(s)
IBM WAS HTTP Proxy
stmeet.connect13.com
IBM WAS HTTP Proxy
stmeet.connect13.com
IBM WAS HTTP Proxy
33 stmeet.connect13.com
34. Meetings Failover
§ With the WAS HTTP Proxies themselves clustered together, each one can provide
service for any of the Meeting servers that are clustered
Clustered Meeting Servers
stmeet1.connect13.com DB2
Active Server
STMeet Database(s)
stmeet2.connect13.com
stmeet3.connect13.com
DB2
Passive Server
STMeet Database(s)
Cluster WAS Proxy Servers
IBM WAS HTTP Proxy
stmeet.connect13.com
IBM WAS HTTP Proxy
stmeet.connect13.com
Load Balancer
34
35. Media Manager
§ Media Manager - contains all media components (other than Bandwidth Manager)
–Conference Manager
–Proxy Registrar
–Packet Switcher
§ Up to two Media Managers can be clustered, but only two and only one cluster in a SSC
Sametime Media Servers
CLUSTERED
stmedia1.connect13.com stmedia2.connect13.com
35
36. WAS SIP Proxy
§ When deploying a Proxy Registrar or Conference Manager as standalone components,
each needs to have a dedicated WAS SIP Proxy server to handle traffic between the
servers themselves and to / from the clients
§ WAS SIP Proxies aren’t clustered and are deployed usually in a 1 - 1 relationship with
the application server
–However any of the servers can provide Audio / Video service to users so it doesn’t matter
which server a request is directed to
§ The Packet Switcher component cannot be clustered and does not require a WAS SIP
Proxy
§ When creating a new WAS Proxy server for Audio / Video components you deselect
HTTP and select SIP to tell the newly created server it will be handling SIP traffic only
§ WAS SIP Proxies deploy on the standard ports of 5062 (SIP) and 5063 (SIPS).
–These may be incremented by 1 if there is conflicting port activity on the same server
36
37. Audio Video Components - Clustered
§ Some Individual components can be clustered
–Proxy Registrar
–Conference Manager
§ Packet Switchers can’t be clustered but there can be multiple PS instances
§ SIP Proxies must be installed in front of the Proxy Registrar and Conference Managers
Sametime Media Components
CLUSTERED
Conference Manager Cluster
stcm1.connect13.com IBM WAS SIP Proxy
stcm.connect13.com Multiple Packet Switchers
(NON CLUSTERED)
stcm2.connect13.com stps1.connect13.com
stps1.connect13.com
stps1.connect13.com
Proxy Registrar Cluster
IBM WAS SIP Proxy
stpr1.connect13.com stpr.connect13.com
stpr2.connect13.com
37
38. Audio Video Components - Failover
§ In this design I have clustered the SIP Proxies so they provide failover for each other via
a Load Balancer
§ This isn’t strictly necessary if you have a Load Balancer in front as it should be able to
detect an unavailable SIP Proxy and redirect the user requests accordingly
Sametime Media Components
CLUSTERED
Conference Manager Cluster SIP Cluster
IBM WAS SIP Proxy
stcm1.connect13.com stcmsip1.connect13.com
Multiple Packet Switchers
IBM WAS SIP Proxy (NON CLUSTERED)
stcmsip1.connect13.com
stcm2.connect13.com stps1.connect13.com
stps1.connect13.com
SIP Cluster stps1.connect13.com
Proxy Registrar Cluster
IBM WAS SIP Proxy
stpr1.connect13.com stprsip1.connect13.com
IBM WAS SIP Proxy
stpr2.connect13.com stprsip1.connect13.com
38 Load Balancer
39. Audio Video Failover - With Bandwidth Manager
§ Bandwidth Manager should be deployed in any environment where there is a significant
requirement for Audio / Video or where the user network is not consistent
§ The Bandwidth Manager cannot be installed in the same cell as the Media components
because of conflicts with their SIP configuration
Sametime Media Components Bandwidth Manager
CLUSTERED Cluster
SIP Cluster Separate Cell
Conference Manager Cluster
IBM WAS SIP Proxy
stcm1.connect13.com stcmsip1.connect13.com
Multiple Packet Switchers BWM Cluster
IBM WAS SIP Proxy (NON CLUSTERED)
stcmsip1.connect13.com stbwm1……
stcm2.connect13.com stps1.connect13.com
stps1.connect13.com stbwm2……
SIP Cluster stps1.connect13.com
Proxy Registrar Cluster
IBM WAS SIP Proxy
stpr1.connect13.com stprsip1.connect13.com SIP Cluster
WAS SIP Proxy
IBM WAS SIP Proxy stbwmsip1
stpr2.connect13.com stprsip1.connect13.com
WAS SIP Proxy
stbwmsip2
Load Balancer
39
40. Sametime Advanced
§ Sametime Advanced can also be deployed as a cluster of multiple servers
§ Each cluster-mate will use the same DB2 database
§ We don’t deploy a WAS HTTP Proxy with Sametime Advanced because although many
of the applications are on HTTP ports (9080 / 9443), the Broadcast Tools are on ports
that cannot be proxied (1883, 8883)
§ Since we can’t use a proxy in front of Sametime Advanced servers, if you want to access
them from a public network, they must be located in a DMZ or somewhere you are
confident exposing to a public interface
Public DMZ Internal
Clustered Advanced Servers
stadv1.connect13.com DB2
Active Server
STMeet Database(s)
stadv2.connect13.com
Load Balancer
40
41. TURN Servers
§ TURN Server handle audio and video traffic being redirected between clients on different
networks
–Similar to the old reflector service on pre 8.5 Sametime
§ The TURN Server is defined by its hostname in the configuration of the Media
Components in the SSC
–A user is assigned media components based on which Community server and therefore SSC
environment they log into
–Meetings don’t use the TURN server
§ You can have as many TURN servers as you want fronted by a Load Balancer
–users involved in a conference don’t need to be on the same TURN server
41
42. TURN Server - Tip
§ If you deploy TURN configuration on your Media servers then the FQHN you use for the
TURN server has to be resolvable for all clients, both internal and external
§ Multiple TURN servers on different networks can cause Audio and Video latency issues if
the users involved in a conference are directed to different TURN servers such as one
internal and one in a DMZ
§ All users must be able to access the TURN server on port 3478 either UDP or TCP
(whichever you’ve configured)
–UDP is more efficient than TCP for routing this type of traffic
42
43. Public Access, Firewalls and DMZ
§ The biggest issue you may find with deploying high availability Sametime is in deciding
how access will work
§ If you’re prepared to deploy a VPN to all users then you are basically building an internal
only environment
§ If you want to deploy publicly then there are a few things to consider
–In the DMZ we deploy the WAS proxy elements only ie the WAS HTTP Proxy that then
accesses the Meeting servers on the internal network
–WebSphere has about 20 ports that need to be bi-drectionally open between the SSC and all
other server components, even those in the DMZ
–In addition each server has to be able to connect to each other on discovery ports, there are
about 10 of those that need to be open and accessible between every server in the
environment
–For public access both the Sametime Gateway and Sametime Advanced applications must be
in the DMZ as their traffic can’t be proxied
§ Think about how iPad, Android, Smartphone access will work - will have need to have
WAS HTTP Proxies to the Sametime Proxy servers in the DMZ to support them?
–For notifications to iOS devices you’ll also need to open access to the apple gateway
43
44. Thank You !
§ Gabriella Davis
–gabriella@turtlepartnership.com
–blog.turtleweb.com
–www.twitter.com/gabturtle
–bleedyellow.com (IM) lotuslive.com (IM) greenhouse.com (IM)
–gabrielladavis (skype)
–www.turtlepartnership.com
44