IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

IBM Collaboration Solutions

IBM Sametime 8.5.2 IFR1
Installation
”From Zero to Mobile”
Make your boss happy

Frank Altenburg | SME for Sametime
IBM Collaboration Solutions
Mail to:frank.altenburg@de.ibm.com

Social Business

Feb. 16. 2012
© 2009 IBM Corporation

Agenda

● Introduction

● Requirements for a IBM Sametime 8.5.2 IFR1 Proxy (Mobile
Access) Server

● Architecture of a IBM Sametime 8.5.2 IFR1 Proxy (Mobile
Access) Server deployment

● The 10 steps to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile

Social Business 2 © 2010 IBM Corporation

Introduction
● This document describes how to implement, in a very fast way, the infrastructure to
access your IBM Sametime Community environment from mobile iOS and Android
devices.

● It is designed for a Proof of Concept, Proof of Technology or a small test pilot
deployment only.

● It does not contain information how to implement a high available infrastructure.

● You can start with this document just to "make your bosses happy". But to make the
system available for a larger number of users, it is recommended to invite IBM Services
to plan and implement a clustered Sametime Proxy infrastructure in your organization
that is fully supported.

● If you already have a Sametime 8.5.x environment with the Sametime System Console
in place, then it is recommended to use this SSC to implement your Sametime Proxy
Server environment in your DMZ.

● The Author has tested this scenario with all Sametime releases down to version 7.5.1.
But officially supported is IBM Sametime version 8.0.2 and newer only.

● You need Sametime Standard licenses for all mobile clients who want to access the
system.


New Sametime Mobile Instant Messaging
● Instant Messaging Client for Android
● Released with Sametime 8.5.2
● Runs on Android 2.0 and greater
● Available on the Google Market and downloadable from ST
server

● Instant Messaging client for iOS
● Released with 8.5.2 IFR
● Runs on iOS 4.3 and greater on iPhone® and iPad®
● Available on the Apple App Store
sm


Sametime Mobile Features

● Contact List ● Send photos
● QuickFind ● Text to speech notification
and chats*
● Search corporate directory
● GPS-based location*
● Favorites
● Click to call using carrier
● Presence
number or SUT
● Chat history ● Background message
● 1 to 1 and group chat notification
● Announcements
● Emoticons
● Business card
● Sametime Unified Telephony

*currently Android only


Native presence and IM on Android phones


Native presence and IM on the iPhone


Native presence and IM on the iPad


Support for Apple® Push Notification


Getting Sametime Mobile iOS clients
● iOS client is distributed through the
Apple App Store and uses the
standard iOS update mechanisms to
maintain currency
● Client must be configured to point to
the Sametime Proxy server

─ You can play with it on Greenhouse
– Server:
st85meetingsp.lotus.com
– Port: 9444
– Secure Connection: On
– Connection Type: Direct
Connection


Getting Sametime Mobile Android Client

● The Android client can be loaded from the Android Market, or from the Sametime proxy
server
● If loaded from Market, the standard Market update mechanism is used
● To get from the Sametime proxy server, the loads it from the following web address from
their device: <proxy server addr>:<proxy port>/stmobile/Sametime.html
● The automatic update feature from the proxy server (Lotus Mobile Installer, LMI)

- Enter the ST proxy server address:port
- Enter credentials
- Select Next and it logs you into Sametime
- As new Sametime client become available, you are
notified via an Android notification. You can select it to
install


Agenda

● Introduction

Access) Server




IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server
Prerequisites
● IBM Sametime Community Server lowest release that works is
7.5.1. But supported is only 8.0.2 and newer releases.
● You need Hardware or a VM in the DMZ for the server
● You need Network and DNS configuration
● NAT between your DMZ and the internet works fine
● You need Port openings to/from Internet
● You need Port openings to/from Intranet
● You need to download the required installation files from
Passport Advantage
● You need 2 special administrative user accounts
● (optional) You need a trusted certificate
● Native client on iOS or Android device


IBM Sametime Community Server

This deployment is tested by the author of this document with all IBM Sametime
Community Servers releases starting Version 7.5.1.
A Sametime Community Server 7.0 or below does not work and cant be used for this
IBM Sametime Mobile Access Server deployment.

Officially supported is only IBM Sametime release 8.0.2 or newer. All older Sametime
releases are already out of support.

It works if the IBM Sametime Community Server uses Domino Directory authentication
or LDAP authentication connected to one of the supported LDAP Servers. No other
requirements to the LDAP server is required.

If you have several IBM Sametime Community Servers or IBM Sametime Community
Clusters running in a Sametime community configuration, then this IBM Sametime
Mobile Access Server needs to connect to all servers in your community.


Hardware required for this Pilot Example Deployment
● 1 Server for the IBM DB2 Server, IBM Sametime 8.5.2 IFR1 Proxy Server
Quad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS
1 GBit Network Interface with 1 IP addresses an DNS Alias entry.
● Supported OS are:
- Windows Server 2003 or 2008
- Linux Enterprise Server RHEL or SLES
- AIX
- Solaris
- iSeries

This document describes how to install the components on a Windows 2008
platform.

With such a configuration you can host up to
● 3000 concurrent mobile devices *
● 3000 concurrent web client users *

* Ask you IBM representative for more detailed sizing information in a defined
environment


OS and Network requirements
● Make sure that all servers you want to use can be resolved in DNS.

● If DNS is not available then list all full qualified server names and IP addresses
from all servers in the hosts file and publish this file to all servers.

● If you use Windows 2008 as Operating System, then you need to start all
installations and configurations in „Administrative mode“.

● You need a Alias entry in your Intranet DNS server pointing to the IP address of
your Sametime Proxy (Mobile Access) Server. This should be the same host
name as in the internet.

● You need a Alias entry in the public Internet DNS pointing to the external IP
address of your Sametime Proxy (Mobile Access) Server. This should be the
same host name if possible as in the intranet.

● If on your external firewall NAT is in place (IP address translation) this works fine.
But your Firewall team needs to forward incoming traffic on ports 80 and 443 to
your DMZ Sametime Proxy (Mobile Access) Server address.


Ports to be opened in the firewalls
● From your IBM Sametime Proxy (Mobile Access) Server in the DMZ
to all your IBM Sametime Community Servers in the intranet
you need to open the IBM Sametime Community Server VP port 1516.

● From all clients in the intranet
to the IBM Sametime Proxy (Mobile Access) Server
you need to open the HTTP and HTTPS ports 80 and 443.

● From all clients in the internet
to the public IP address of your IBM Sametime Proxy (Mobile Access) Server
you need to open the HTTP and HTTPS ports 80 and 443.

● From your IBM Sametime Proxy (Mobile Access) Server
to the apple notification services in the internet
you need to open the ports 2195 and 2196 .
This service is available on the DNS addresses “gateway.push.apple.com” and
“feedback.push.apple.com”. Both addresses have an IP address pool. If you
cant open to the DNS alias name then you need to find out what IP addresses
are behind this load balanced pool.


Required files for a deployment on Windows
For a Windows installation you need to download these files from Passport Advantage:

CZYG1ML.zip IBM DB2 9.7 32Bit Limited Use for Sametime
CZYE6ML.zip IBM Sametime 8.5.2 Proxy Server
CI3YCML.zip IBM Sametime 8.5.2 IFR1 Proxy Server

Create a directory, for example “C:Install”, on the servers where you want to install.
Then unpack the downloaded files into this directory. Just unpack the files required for
your deployment architecture on the particular server.

If you want to connect your Sametime Proxy Server to a Community using Domino
Directory authentication and you have Web only users, then you need to install a small
Proxy Server update. For a small pilot or POC / POT environment you can download the
updated application from the IBM page here:
Link to the EAR File
If the link does not work use this:
https://www-304.ibm.com/files/form/anonymous/api/library/e0a58c07-3700-4d59-a4e4-
c2ba50b5535a/document/014a464b-a345-453e-a0af-
e1421d01be2f/media/SametimeProxy WebSphere Application 8.5.2 IFR1 with Hotfix.ear

If you want to use this server in a production environment and need this update, then it is
required to open a PMR in IBM Support to request the latest cumulative hotfix for the IBM
Sametime 8.5.2 IFR1 Proxy Server.


Required technical users for IBM Sametime 8.5.2
IBM Sametime requires some technical users for components to
communicate in an authenticated mode. All of this users should be
configured so that the password never expires and never needs to be
changed.

db2admin
This user is created during installation of the DB2 server in the
Operating System. Do not create this user in advance.
It is the user for all IBM Sametime related components using DB2 to
access their databases. Be sure to match the password policy
requirements of the OS.

wasadmin
This is the user to access the IBM WebSphere components and to
administer the system. This user must not exist in your LDAP directory.
It is created during WebSphere installation in a local file repository. You
can use the same user name and password for all components (makes
it easier) or different names and passwords. But again, it does not work
when this user exists in the LDAP.


Native client on iOS or Android device
● Getting the mobile Clients
● iOS on App Store
● Android now in Android Market®, also as part of server installation for download


Agenda

● Introduction

Access) Server




Different ways to a IBM Sametime 8.5.2 IFR1 Proxy (Mobile
It is possible to place all the new components into the Intranet and use a Reverse
Proxy in the DMZ to access the system from the mobile devices through the Internet.

This requires less ports to be opened in the firewalls. But 2 connections from the
server in the Intranet through your DMZ to the APNS system in the Internet. This is
mostly a security issue and not allowed.

The Database to cache the chat messages sent to iOS devices can be implemented in
the Intranet. But then a box (Hardware or virtual machine) is required for this server
and the small database who only caches text messages. And the DB2 port needs to be
opened from the IBM Sametime Proxy server in the DMZ to this DB2 Server in the
Intranet.

Because the use of the DB2 database is small and it does not store any really
important information, this database can be implemented easily on the same machine
as the IBM Sametime Proxy Server.

A Backup of the system is required only once when the server is installed and all
features are working fine. There is no changing data that needs to be backed up
regularly. Only if you do any modification in the configuration a new full backup is
recommended.


IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server
our pilot deployment architecture recommendation
Apple Notification Server
Intranet DMZ (APNS)
gateway.push.apple.com
feedback.push.apple.com

Inbound
Ports
80 443
Outbound
Port Sametime Ports
1516 Proxy Server 2195 2196

Sametime
Community
Server Internet

DB2 9.5
Server


For the APNS to work there are some requirements:

● The IBM Sametime Proxy Server must be able to connect to the APNS Servers
“gateway.push.apple.com” on port 2195, and “feedback.push.apple.com” on Port
2196.

● You should open this ports in your firewalls and test with telnet that you can reach the
servers.

● The device must be able to reach the IBM Sametime Proxy Server with http or https
protocol. You can use a reverse proxy in your DMZ. NAT is no problem.

● The APNS service must be able to send a notification to your device.

● If your device is connected to your intranet using Wireless LAN, it mostly can not be
notified from the apple systems. Talk to your firewall Admins to open the notification
service for your Wifi LAN.


Agenda

● Introduction

Access) Server




The 10 steps to a Sametime 8.5.2 IFR1 Proxy environment

1.Prepare your machine and the network
2.Configure the community server(s) to trust the Mobile Access Server
3.Install the Sametime Proxy Server 8.5.2 without SSC as a Cell profile
4.Update the Sametime Proxy Server to IFR1
5.Post Install Tasks
6.Install the DB2 database server
7.Create the Proxy Server DB2 Database
8.Configure the Proxy Server to use the DB2 Database
9.Configure the Apple Notification System
10.Configure SSL in the Proxy Server and deploy the certificate


STEP ONE: Prepare your machine and the network

Summary

Before you can install your IBM Sametime Proxy (Mobile Access) Server environment,
some things needs to be checked and prepared.


The machine on that you run the IBM Sametime 8.5.2 IFR1 Proxy (Mobile Access) Server
and the DB2 Database Server can be a virtual machine or a hardware box. Both works.

It is possible to use Linux as OS, but this document describes how to install on Windows.

If you use Linux you can use most parts of this document and the most installation
instructions and screen shots are identically. Mostly the paths are different.
In Linux it is recommended to have the graphical system installed for this installation and
then use a x-server on our client.

This instruction works with Windows Server 2008, and Windows Server 2003. You can use
the 32Bit or 64Bit version. And you can use the R2 Version of any of the supported OS.

Be sure that your Firewall Admin has opened all ports in the firewalls. Test all connections
using the telnet command in a CMD line window.

Be sure your used host names or DNS alias is listed in the DNS and can be used and
resolved in the internet and in your intranet.


More information can be found in the official IBM Sametime
Documentation at this URL:

http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp?
lookupName=Product Documentation

The IBM Sametime 8.5.2 Installation – From Zero To Hero
documentations can be found here:

https://www-304.ibm.com/connections/blogs/sametimeguru/?
lang=en_us


STEP TWO: Configure the IBM Sametime
Community server(s) to trust the IBM Sametime
Proxy (Mobile Access) Server

Summary

This step adds the IP address of your IBM Sametime Mobile Access Server to
the “Trusted IPS” list in your Sametime Community Server.


There are several ways to configure your Sametime Community Servers to trust other
servers.

The most used way in a Sametime 8.5 environment is to use the Sametime System
Console – Sametime Servers – Sametime Community Servers. There in the configuration
page of your Community Servers on the bottom you can add the trusted IP addresses and
save the changes.

An other way is to edit the Sametime Configuration file “SAMETIME.INI” located in the
Domino Program directory. There in the [Configuration] section just add the parameter
“VPS_TRUSTED_IPS=ww.xx.yy.zz” where ww.xx.yy.zz is your IP address of the
Sametime Proxy Server box.

The next way is to use the Lotus Notes client and access the Community Connectivity
document in your Sametime Configuration database and add the IP address what the
server must trust, there. This method is explained in the next slides.


Start your Lotus Notes client with that you can access and administer your
Sametime Community servers. Then open the “Sametime Configuration”
database “STConfig.nsf” on the Sametime Community Server.


Open the “CommunityConnectivity” document.


Add the IP address of your new IBM Sametime Proxy (Mobile Access) Server in
the “Community Trusted IPS” field. Then save and close the document and the
database.


Now restart the Sametime Community Server by entering the command „restart server“
in the Domino Console window. Never use this command in a production Sametime
server because it can happen that not all Sametime tasks are stopped before the
domino server restarts. This can cause massive problems for starting the Sametime
Services. Stop your Domino Server using the “Quit” command or by stopping the
“Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager.
Then restart the Domino Server again.

It takes up to 5 Minutes until the Sametime Community Server is completely
restarted and all 41 Sametime tasks are again active.


STEP THREE: Install the Sametime Proxy Server
8.5.2 without SSC as a Cell profile
Summary

This step installs the IBM Sametime Proxy Server 8.5.2.


Navigate to the Installation Directory and start the launchpad installer. We use a
Windows CMD command window and enter the commands: „cd
InstallSametimeProxyServer“ and just „launchpad“


The Sametime Proxy Launchpad Installer is loading. Click the link „Install IBM Lotus
Sametime Proxy Server“


Now click the link „Launch IBM Lotus Sametime proxy Server 8.5.2 Installation“


The Installation Manager is starting up


Click the “Next” button to continue.


Accept the terms in the license agreement and click the “Next” button to continue


Remove “Program Files” and click the “Next” button to continue

We recommend to use path names without spaces (as some scripts may require this) and also
shorten the path name so that the typical limits of some operating systems and applications
for path + file name length are avoided.


Click the “Install” button to install the Installation Manager.


The installation Manager is now installing


If you are using Windows 2003 R2 or Windows 2008 R2, it can be possible that
you run into a JAVA heap memory overflow during the next installation step. To prevent
this issue change a parameter in The “IBMIM.INI” configuration file of the Sametime
Install Manager. See the next 2 slides how to do this.


Open your File Explorer and navigate to your Install Manager's eclipse directory
“C:IBMInstall Managereclipse”. Then open the configuration file “IBMIM.ini” in
notepad.


Add he parameter “-Xmx1024m” at the end. Then save and close the file.
This parameter is case sensitive.
Click “File” and “Save” to save the changes. Then click “File” and “Exit” to close the
editor.


Now you can click the „Restart Installation Manager“ button to continue.


The IBM Installation Manager is loading.


To Install the Sametime Proxy Server click the „Install“ icon.


Check the „IBM Sametime Proxy server“ and „Version 8.5.2“ entries. They are
unchecked by default. Then click the „Next“ button.


Accept the terms in the license agreement and click the „Next“ button.


Remove “Program Files” and click the “Next” button to continue.

shorten the path name so that the typical limits of some operating systems and applications for
path + file name length are avoided.


Enter the correct path (remove „Program Files“ and click the „Next“ button to continue.

The Package group is the installation destination for the IBM Lotus WebSphere base files. The
first installation requires the creation of a new package group. If you install more WebSphere
based applications on the same hardware (like the Sametime Proxy Server and the Sametime
Meeting Server) they can use the existing package group. Then you cannot change the
installation path.


We do not want to use a predefined Deployment Plan from the Sametime System
console. Uncheck the “Use Lotus Sametime System Console to Install” option and
click the „Next“ button to continue.


With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing
WebSphere 7.0.0.15 Server. We don't want to do this in this pilot deployment.
Just click “Next” to continue.


Leave the default setting “Standalone (Deployment Manager and Primary Node)”. Fill the
full qualified Host Name and add a password for your wasadmin user twice. Then click the
“Next” button.


Enter the host name of your IBM Sametime Community Server. Then click the “Validate”
button.


When the connection was successfully tested the text in the button changes to “Validated”.
Then click the “Next” button to continue.,


Check your settings again and then click the „Next“ button to continue.


Start the installation by clicking the „Install“ button.


The Sametime Proxy Server is now installing. This step takes approximately 30 to 45
minutes because you are installing the first WebSphere instance on a Server.


Important to know...
The Sametime Proxy Server:
● does not need a LDAP connection
● is just a Web Interface for browser access to the Sametime Community Services

● is a Web based Sametime Connect Client

● supplies the new Web API for Web based application integration

● can be implemented with or without the SSC

● can be connected to existing older Sametime Servers

● can be connected to a community cluster

You can have one or more Proxies in your organization
You can implement one or more Proxies and cluster them
● using the WebSphere Cluster Method (Network Deployment)
● individual Proxies with a Load Balancer or RRDNS in front of them

By default the Sametime Proxy Server installs to use Port 9080 and 9443 (SSL).
If you want to use Port 80 and 443 you need to enter the Sametime Proxy ISC on
Port 8600 and change the port settings in the Application Server. Detailed instructions
can be found later in this documentation.


When the Sametime Proxy Server has installed successfully just click the „Finish“
button. Then exit the Installation Manager and the Launchpad.


STEP FOUR: Update the Sametime Proxy Server to
IFR1

Summary

Use this procedure to apply the Interim Feature Release to the IBM
Sametime 8.5.2 Proxy Server.


The installation in the previous step started all the components of the IBM Sametime
Proxy server. For the upgrade to IFR1 it is required to stop all of this tasks first. But
because they are started before the Services are created, the services do not reflect the
running tasks.


Open a CMD line Window and navigate to the directory:
“cd IBMWebSphereAppServerprofilesSTPAppProfilebin”.
Then enter the command:
“stopServer STProxyServer -username wasadmin -password passw0rd”.


When the Sametime Proxy Server has stopped stop the nodeagent next with the command
“stopServer nodeagent”.


Now change to the DMGR profile with the command “cd ....STPDMgrProfilebin”. Then
enter the command “stopServer dmgr -username wasadmin -password passw0rd”.


Open a new CMD Line window in Admin mode. Then enter the command “cd
InstallIBM Sametime Proxy Server” and press the “Enter” key. If you have
unpacked the zip file to a different directory, then navigate to your directory
where you can find the update.bat file.


Enter the command “update.bat” and press the “Enter” key.


The IBM Installation Manager is starting up.


Now click the “Update” button to continue.


Select the Product you want to upgrade. Here we select “IBM Sametime Server
Platform”. Then click the “Next” button to continue


Click the “Next” button to continue


We are sure that all WebSphere Servers are shut down. Just click the “Next” button
to continue.


Click the “Update” button to install the IBM Sametime Proxy Server IFR1.


The IBM Sametime Proxy Server IFR1 Update is now installing. This step takes
approximately 20 to 25 minutes.


A new main feature in Sametime 8.5.2 IFR1 Proxy Server is the Apple iOS integration
using an App that can be installed for free from the Apple App store.

This app then connects to your Sametime proxy Server through the Internet. That this
can work, your Sametime Proxy Server must be accessible from the Internet.
This means you need to set it up in your DMZ or configure a reverse proxy in your
DMZ and forward the traffic to your Sametime Proxy in the intranet. But the
recommended way is to implement your Sametime Proxy Server in your DMZ.

Another recommendation is that your Sametime proxy Server can communicate with
the Apple notification service. For this to work you need to open 2 ports in your firewall
to this servers in the internet. These ports are 2195 to the Apple notification server and
port 2196 to the Apple feedback server.


When the installation has finished successfully, click the „Finish“ button to close the
Installer.


Click “File” and then “Exit” to quit the Installation Manager.


STEP FIVE: Post Install Tasks for the IBM Sametime
Proxy Server

Summary

This procedure is only required if you run into the Warning message after
the installation as described in the step before.


Open your preferred browser and enter the URL
“http://webchat.renovations.com:8600/admin”.

Login to the WebSphere Integrated Solutions Console of
your Sametime Proxy Server using the wasadmin
username and its password.


Click on “Servers” - “Server Types” and then on “WebSphere application servers”.


Click your “STProxyServer” now.


Click the “Ports” link.


Click the “WC_defaulthost” link.


Change the port to “80” and click the “OK” button.


Now click the “WC_defaulthost_secure” link


Change the port to “443” and click the “OK” button.


Click the “Save” link to save your last changes.


You have now successfully changed the your Sametime Proxy Server to listen on Ports
80 and 443.


The next configuration step is only required if your Sametime Community servers use
Domino Directory authentication and if you have created WEB users with flat user names
in the FullName field.
If you have this kind of user records then the update of the SametimeProxy application is
required. See page 19 how to get this update.

In a small Pilot, POC or POT environment you can update the SametimeProxy
application using the steps described in the next slides.

If you use this Sametime Proxy Server in your production environment and have
requested the latest hotfix from IBM Support, then you need to update the complete
server in the same way as described in the “STEP FOUR: Update the Sametime Proxy
Server to IFR1” on page 65 in this document.


Now click on “Applications” - “Application Types” - “WebSphere enterprise applications”.


Select your “SametimeProxy” application and click the “Update” button.


If you have copied the SametimeProxy.ear file (downloaded from the Web Site) to your
Proxy Server, then click “Remote file system” and then the “Browse” button.


Navigate to the directory to where you have copied the file and select it. Then click the
“OK” button.


Click the “Finish” button to continue.


To check that your application is updated, click the “SametimeProxy” application.


Click on “Application binaries” now.


You can see the application version 8.5.2.1 from 31. Jan. 2012, 13:50


STEP SIX: Install the DB2 database server

Summary

This step installs the IBM DB2 9.7 Server.

We like to use a CMD command line window to enter some of the commands
and start the installers. For that we have created a short cut in our fast start
section.
You can use the Windows Explorer as well to navigate to the destination
directory and double click the installation file (launchpad.exe)


Enter the command “cd InstallSametimeDB2” and press the “Enter” key.

Enter the command “Launchpad” and press the “Enter” key.

Do not copy and paste any commands from this document into your CMD line. This does not
work because this would copy some special characters.


Just click the “Install IBM DB2” link.


And again click the “Install IBM DB2” link.


The Installation Manager is starting up


Now click the „Install“ icon to continue.


Select „DB2 – Version 9.7.0.0“ and click the „Next“ button to continue.


Accept the terms in the license agreement and click the “Next” button to continue.


Again remove “Program Files” and click the “Next” button to continue.

shorten the path name so that the typical limits of some operating systems and applications for
path + file name length are avoided.


Enter the DB2 Administrator Username (we use the default “db2admin”) and enter
the DB2 Administrator Password twice. Then click the “Next” button to continue

If you use Windows 2008, be sure to enter a password that meets the password policy. The
DB2 Admin User password should not be longer then 8 characters. Change the local security
policy to allow passwords with 8 characters length. This db2admin user will be created as a
local user or as a Active Directory User. This can not be done if the user already exists. Same
with the 2 groups that the DB2 Installer adds.


Click the “Install” button to install the DB2 Server


The Installation Manager installs the IBM DB2 Server now. This step takes
approximately 10 to 15 minutes.



Your DB2 Database Server is a sensitive component in your Sametime
Environment.
It stores all the predefined configuration data and holds the information how to
communicate with your servers for administration and maintenance.

We highly recommend to make regularly a backup of your DB2 database using a
DB2 aware backup software, or export data and backup the exported data.

It is possible to implement your DB2 Server for high availability and load balancing
using DB2 methods.

For more information check into the DB2 InfoCenter, or download and read the
RedBook „High Availability and Disaster Recovery Options for DB2 on
Linux, UNIX, and Windows“

The steps to create a DB2 database need the database name as a
command line parameter. We would recommend using a CMD command
line window to enter this commands.


When the installation has finished successfully, click the „Finish“ button and then close
the Installation Manager and the Launchpad.


Before we can continue with the next step, you need to restart the CMD-Line window
under Windows 2003.

Under Windows 2008 it is required to log out and re login with your db2admin user.


STEP SEVEN: Create the DB2 Database for the
Sametime Proxy Server

Summary

This step is to create and configure the DB2 Database for the Sametime Proxy
Server. This database is required to cache the Sametime messages sent to iOS
mobile devices.


Next is to create the database in the DB2 Server. If your DB2 Server is on a separate
machine or on another machine, then you need to copy the database creation script
files to this server first. Copy the files “createProxyDb.bat” and “proxyServer.ddl” to a
directory on your DB2 Server.
Open a CMD window and navigate to this directory. In this Zero to Hero example we
use just “C:InstallIBM Sametime Proxy ServerDatabaseScripts”.


Run the database creation script with the command: “createProxyDb.bat STPR
db2admin”. The term “STPR” is the name of the database and “db2admin” is the DB2
Database Server Administrator.


Be sure that you see the “...command completed successfully” message after all
commands.


STEP EIGHT: Configure the Proxy Server to use the
DB2 Database

Summary

In this step you manualy register the Sametime Meeting Server upgrade with the
Sametime System Console if you are running into the warning message during
the installation. Then you need to fix the virtual_hosts configuration.


Open a File explorer and navigate to “C:InstallIBM Sametime Proxy
ServerDatabaseScripts”. If you have unpacked the install zip file to a different
directory then use this one.


Open a second explorer window and navigate to the directory
“C:IBMWebSphereSTPServerCell”. Then copy the file “proxyDBSetup.py” from the
install directory to this directory.


Next is to navigate to the directory
“C:IBMWebSphereSTPServerCellSametimeProxyServerOfferingSametimeServe
rSTProxyproxy”. In this directory open the file “proxy.properties” with Notepad or
Wordpad or with your favorite text editor.


Edit the following values:
* proxy.DbAppUser (db2admin)
* proxy.DbAppUserPassword (db2admin password)
* proxy.DataBaseServerName (host name of the DB2 server)
* proxy.DataBaseServerPort (default port for DB2)
* proxy.DbName (database name created earlier)

Then save and close the file.

Now it is required to configure the DB2 Database who caches messages to the iOS
devices in the Sametime Proxy Server. For this a long command in a CMD line window is
required. Several paths are required. To get and paste this path into a CMD-Line window it
is easy to use the Windows Explorer. First navigate to the directory
“C:IBMWebSphereAppServerprofilesSTPAppProfilebin”. But do not mark the full
path. Mark only the part starting from “AppServer...”. Then press the Ctrl-C to copy this
path to the dashboard.


Open a CMD-Line window and navigate to the directory
“C:IBMWebSphereSTPServerCell”.


Now start entering the command. Begin just with “..”. Next is to paste the part from the
dashboard.


Continue with “wsadmin.bat -lang jython -user wasadmin -password passw0rd -f “”
Don't forget the “ at the end because the next part is a path that needs to be in
doublequotes.


Now we need the path to the file proxyDBSetup.py including the filename.


Copy and paste the path from the explorer window, add the backslash and then copy and
paste the filename from the explorer window. Add a doublequote sign at the end.


Now we need the path and filename of the “proxy.properties” file that we have edited
just before.


Start with blank and double quotes then paste the path. Then add the backslash and then
paste the filename. Add a double quote at the end.
Now the command is completed and you can confirm with the “ENTER” key.


The script is now running.


The script has finished.

After the database configuration the IBM Sametime Proxy Server needs to be
restarted for the configuration changes are in effect.


Open your browser and navigate to your SSC – ISC. Login with your wasadmin user
and then navigate to “Resources” - “JDBC” - “JDBC providers”. Here you should see
the newly created JDBC Provider configuration for your Proxy Server.


Now click on “Resources” - “JDBC” - “Data sources”. Here you should see your newly
created Data Source configuration.


Check mark the “STProxyDataSource” and click the “Test connection” button.


Be sure that the result says “successful”. The warning message can be ignored.


STEP NINE: Apple Notification to iOS devices

Summary

Use this procedure to apply the Interim Feature Release to IBM Sametime®
Proxy Server, Sametime Media Manager, Sametime Meeting Server, and
Sametime Advanced. Procedures for Sametime System Console, Sametime
Community Server, and Sametime Gateway are explained in other topics.


Sametime for iOS Message / Notification Flow

Internet DMZ Intranet
TLS/SSL
(push notifications only, no sensitive data)
TCP port 2195 for notification connection
Apple TCP port 2196 for error reporting connection (feedback service)
PNS

Push
Nofications

VPN /
HTTPS HTTPS Sametime
Reverse Community
Proxy
Proxy Server

iOS Device



TLS/SSL
PNS

Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device
Sametime registers with APNS, gets
assigned a device token



TLS/SSL
PNS

Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device Sametime logs in, sending device token



TLS/SSL
PNS

Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device Sametime sends 'pause' command before
going to background



TLS/SSL
PNS Another user sends
message to mobile user
Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device



TLS/SSL
PNS

Push
Nofications Proxy sees mobile user is
Paused. Stores in database.
VPN /
Reverse Community
Proxy
Proxy Server

iOS Device



TLS/SSL
PNS Proxy sends device token to APNS,
Requests a push notification be
Push
sent to device
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device



TLS/SSL
PNS

APNS sends
Push
push Nofications
notification
to device
VPN /
Reverse Community
Proxy
Proxy Server

iOS Device



TLS/SSL
PNS

Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device When user selects view: Sametime
reconnects to server and sends command
to retrieve messages.



TLS/SSL
PNS

Push
Nofications

VPN /
Reverse Community
Proxy
Proxy Server

iOS Device Sametime proxy sends queued
message(s) to device from database


The IBM Sametime 8.5.2 IFR1 Proxy update installer copies a certificate to the server
that is required to communicate with the Apple Notification Servers with SSL encryption.
This certificate has to be copied to the WebSphere Application Server directories now.

Find the certificate file “apns-prod.pkcs12” in the directory
“C:IBMWebSphereAppServerprofilesSTPSNAppProfileconfigcellsnodeswebch
atProxyNode”.


Copy this certificate file “apns-prod.pkcs12” to the directory
“C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell”
.


Copy this certificate file “apns-prod.pkcs12” to the directory
“C:IBMWebSphereAppServerprofilesSTPDMgrProfileconfigcellswebchatProxyCell
nodeswebchatproxyNode”.


To synchronize the last changes, go into your WebSphere Integrated Solutions (Admin)
Console and click on “System administration” - “Nodes”.


Select your “webchatProxyNode” server and click the “Full Resynchronize” button.


The new APNS certificate files are now synchronized to your application server.


STEP TEN:

Configure SSL in the Proxy Server and deploy the
certificate

Summary

For iOS devices to connect to the Sametime Proxy Server without any
additional security settings, a trusted SSL certificate needs to be installed.


In your WebSphere Integrated Solutions Console click on “Security” - “SSL certificate
and key management”.


Click on “Key stores and certificates”.


Now click on “CellDefaultKeyStore”.


And now click on “Personal certificate requests”.


Now click the “New” button to create a new certificate request.


Fill the form with your data:

File for certificate request:
“c:tempcert_req.cer”

Key label:
“SSL_Cert”

Common name:
(your server host name alias)
“webchat.renovations.com”

Organization:
Your organization or company

Locality:
Your city or locality

State or province:
Your province

Zip Code:
Your ZIP code.

Country or region:
Select your country

Then click the “OK” button.


Click on “Save” to save your last changes.


Now copy the certificate request file that you have created into your local workstation.
Then request a trusted server certificate from your favorite trust center by sending the
content of the file (or the complete file).


You will receive the certificate from your trust center by e-mail or as a file attachment.

Copy the certificate text starting with “-----BEGIN CERTIFICATE-----” and ending with “-----
END CERTIFICATE-----” without any trailing or ending characters into a file.
Copy this file to your Sametime Proxy Server to the “C:temp” directory.

Download the Root and intermediate certificates from your trust center web site and copy this
files as well to your “C:temp” directory


Now click on “Personal certificates”.


Click the button “Receive from a certificate authority...”.


In the field “Certificate file name” enter the path and filename to your received server
certificate “c:tempserver_cert.cer”. Then click the “OK” button.


Your new server certificate is now imported successfully.


Next is to import the root and intermediate certificates. Click the “Key stores and
certificates” link.


Click on “CellDefaultTrustStore”.


Click “Signer certificates”.


Click the “Add” button.


Enter an Alias for the root certificate “verisign_root” and enter the path and file name to the
root certificate file. Then click the “OK” button.


Click “Save” to save your last changes.


Now you have successfully added the root certificate. Do the same steps with the Intermediate
certificate.


Click the “Add” button.


Enter an Alias for the root certificate “verisign_intermediate” and enter the path and file
name to the intermediate certificate file. Then click the “OK” button.


Click “Save” to save your last changes.


Now you have successfully added the intermediate certificate.


Click on “Security” - “SSL certificates and key management” and then on “Manage
endpoint security configuration”.


In the “Inbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” -
“Servers”. Then click on “STProxyServer”.


Check the checkbox “Override inherited values” and then click the “Update certificate
alias list” button.


In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.


In the “Outbound” tree open the “webchatProxyNode(nodeDefaultSSLSettings)” -
“Servers”. Then click on “STProxyServer”.


Check the checkbox “Override inherited values” and then click the “Update certificate
alias list” button.
In the “Certificate alias in key store” select your “ssl_cert”. Then click the “OK” button.


Save the last changes by clicking the “Save” link.


Now it is recommended to set the services of your Sametime Proxy Server
“STProxyServer”, “STProxyServer_DM” and “STProxyServer_NA” to automatic. Then
restart your operating system.

When the OS is restarted then you are ready to test all features.
Check that your server communicates with the Sametime Community Server on port
1516 and with the Apple Notification Server.


Additional Steps after the installation:
Some additional Tuning steps can be done after all components are installed. You
should consult the Sametime Product Documentation in the Internet about this steps
here:
http://www-10.lotus.com/ldd/stwiki.nsf/dx/Tuning_st852


Legal Disclaimer

© IBM Corporation 2012. All Rights Reserved.
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is
provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall
not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of,
creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this
presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way.
Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending
upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no
assurance can be given that an individual user will achieve results similar to those stated here.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance
characteristics may vary by customer.

IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United
States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.

Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.
Other company, product, or service names may be trademarks or service marks of others.


IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

Recommandé

Recommandé

Contenu connexe

Tendances

Tendances (14)

Similaire à IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy

Similaire à IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy (20)

Dernier

Dernier (20)

IBM Sametime 8.5.2 IFR1 implementation - From Zero to Mobile - Make your boss happy