IBM Sametime Connect is a powerful unified communications client, offering real-time communications capabilities. In this session, we'll cover how to build custom IBM Sametime installation packages, how to include interim fixes in the installation. We'll also cover how to customize various aspects of the client install with the installer, and how to ensure the install and uninstall is configured correctly. We'll also explain how you can manage IBM Sametime settings from the server post installation.
Presented by Carl Tyler of Epilio at IBM Connection 2014
2. What we’ll cover…
What’s in the IBM Sametime Installer?
Extending a default IBM Sametime Install to include Fix packs or 3rd party applications
How to predefine settings for users during installation
Managing IBM Sametime Connect Client Settings post installation
Questions (if time)
2
3. What’s in the Sametime Installation?
Contained in the IBM Download
– sametimeclient.for.notes
• Notes Client Installer
– sametimeclient.network.install
• Sametime Client installer – packaged for placing on Community Server for
installation via web browser
– sametimeclient.optional.components
• Office Components
• SharePoint Components
• Additional spell Check Languages
– sametimeclient.standalone
• Standalone Sametime Client Installer
– Each contains Linux, Macintosh and Windows
3
4. Drill down into sametimeclient.standalone – Expand ZIP
readme_silentinstall.html
setup.bat
– Can be edited and tweaked based upon whether this is a fresh installation, upgrade etc.
Documented within file.
setup.exe, setup.msi
– If you want to save space, if you’re going to install with the MSI, delete the EXE and viceverse
Deploy folder
– Contains Java Signing keys, plugin_customization.ini, install.xml
updateSite folder
– Contains the features and plugins that make up the Sametime Client
silentinstall.ini
4
5. silentinstall.ini - Customized settings for silent install
Parameter
Description
LAPAGREE=YES
Accept License Agreement, mustbe YES
for silent install
STSERVERNAME=st.acme.com
Hostname of Sametime server
STCOMMUNITYNAME=Name
Community Name
STSERVERPORT=1533
Sametime Server IP port number
See readme_silentinstall.html for other parameters
5
6. Extending a default IBM Sametime Install to include Fix
packs or 3rd party applications
Step 1 – Obtain the Update site for the plug-in
– This should contain
• Site.xml
• Features folder
• Plugins folder
Step 2 – Copy the contents of the features and plugins folders into their equivalent folder
within the expanded Sametime Installer folders
Step 3 – Update the contents of the site.xml within the expanded Sametime updatesite folder
with the contents of the plugins update site site.xml file
Step 4 – Update the contents of the install.xml within the deploy folder with the contents of
the vendor supplied install.xml file.
Step 5 – Sign Jars; if the jar files aren’t digitally signed, they need signing or
plugin_customization.ini needs updating to allow unsigned code.
6
7. Step 3 More Detail – Update Site.xml
Site.xml specifies the location of the features to install, think of it as a to do list of plugins to
add.
To add the plugin update site contents to the site.xml
– Copy the plugin site.xml contents from between the <site> and </site> tags to the
clipboard
– Paste the contents above the line </site> in the installer site.xml
– Example
<feature url="features/Wallpaper_1.0.4.jar" id="Wallpaper" version="1.0.4">
<category name="Epilio Wallpaper for IBM Lotus Sametime"/>
</feature>
<category-def name="Epilio Wallpaper for IBM Lotus Sametime" label="Epilio Wallpaper
for IBM Lotus Sametime"/>
Some plugins may contain more features, the steps are the same.
7
8. Step 4 More Detail – Update install.xml
Install.xml specifies the location of features to install
To add the install.xml update site contents to the deploy install.xml
– Copy the update site install.xml contents from between the <install> and </install> tags
to the clipboard
– Paste the contents above the </install> in deploy install.xml
– Example
<installfeature id="EpilioWallpaper" required="true" mergeaction="add">
<requirements>
<feature id="Wallpaper" version="1.0.4" match="compatible" download-size="700"
size="700" action="install" shared="true" url="“/>
</requirements>
8
9. Step 5 - Signing Jars
If the Jar is already signed by a trusted signer, no need for these steps.
You will need the Java JDK, not just the Java runtime environment
Create a keystore and generate the key pair
– "c:javajdk1.7.0_51binkeytool" -genkey -dname "cn=Carl Tyler, ou=Dev, o=Epilio,
c=US" -alias "Connect2014Cert" -keypass Connect2014Pass -keystore C:Keysmykeystore
-storepass password -keyalg "RSA" -validity 720
Check the newly created self-signed certificate/key pair
– “c:javajdk1.7.0_51binkeytool" -list -v -alias "Connect2014Cert" -keystore
C:Keysmykeystore -storepass password
9
10. Step 5 - Signing Jars Continued…
Sign the updatesite features JAR files (in the features folder) using the self-signed
certificate/key pair
– "c:javajdk1.7.0_51binjarsigner" -verbose -keystore C:Keysmykeystore -storepass
password -keypass Connect2014Pass C:st9winupdateSitefeaturesWallpaper_1.0.4.jar
"Connect2014Cert" -digestalg SHA1 -sigalg SHA1withRSA
Sign the updatesite plugin JAR files (in the plugins folder) using the self-signed
certificate/key pair
– "c:javajdk1.7.0_51binjarsigner" -verbose -keystore C:Keysmykeystore -storepass
password -keypass Connect2014Pass
C:st9winupdateSitepluginscom.epilio.plugins.Wallpaper_1.0.4.jar "Connect2014Cert"
-digestalg SHA1 -sigalg SHA1withRSA
10
11. Step 5 - Signing Jars Continued…
Export a trust certificate that can authenticate your public key.
– "c:javajdk1.7.0_51binkeytool" -export -alias "Connect2014Cert" -file
SelfSignedCertforConnect2014.cer -keystore c:Keysmykeystore -storepass password
Add the exported trust certificate to the Sametime install kit keystore to enable trust for your
public key at install
– "c:javajdk1.7.0_51binkeytool" -import -keystore
"C:st9windeploy.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias
"Connect2014Cert" -file SelfSignedCertforConnect2014.cer -storepass
"changeit"
List the entries in the Sametime Jar File (optional)
– "c:javajdk1.7.0_51binkeytool" -list -v -keystore
"C:st9windeploy.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -storepass
"changeit"
11
12. Step 5 – Alternative, easier, less secure approach…
Modify Sametime to trust unsigned jar files.
Modify plugin_customization.ini located in the installers deploy folder
Add/Modify the lines
– # settings for enabling PKI based provisioning security
com.ibm.rcp.security.update/VERIFICATION_LISTENER=com.ibm.rcp.security.update.DefaultVe
rificationListener
com.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOW
com.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOW
com.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW
If you take this approach, be sure to remove/change these settings after install to protect the
Sametime installation from rogue code
12
13. Alternative method to install fixpacks, 3rd party integration
Sametime is based upon Expeditor, Expeditor has command switches that can be used to
install update sites.
Chain installations together, install client, then install update site, then install 3 rd party etc.
Using the following command to install update site
– “[STInstallDir]rcprcplauncher.exe” -nosplash
-com.ibm.rcp.provisioning#provisioningCommand -provisioningOperation provision
“install.xml" -application com.ibm.rcp.provisioning.application.ProvisioningApplication
-provisioningStatusLog “stInstall.log“
– Notice it points to the update sites install.xml not the site.xml
When performed, the client is not seen.
Remember to update plugin_customization.ini to allow the unsigned jars to install.
Often easier than editing/merging install.xml type documents.
13
14. How to predefine settings for users during installation
To preconfigure default settings for the client, you can use plugin_customization.ini, and also
managed-settings.xml and managed-community-configs.xml
plugin_customization.ini file is used to setup the clients “initial” runtime behavior
– Modify the copy in the “deploy” folder of the installer to define settings
– Settings are read when the user's workspace is created
– Define settings you couldn’t set in silentinstall.ini, example multiple communities.
The managed- settings allow items to be locked down, so the user cannot change them in
the client, similar to policies, but allows them to be set before the client has connected to the
Sametime Server and authenticated.
List of Customization settings:
– http://epil.io/hu530
14
15. Example for preconfiguring two communities
#define managedIds for alternate communities
com.ibm.collaboration.realtime.community/altCommunityConfig.managedIds=Host1,revProxy
#define alternate community for altHost1 (disabled)
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.enabled=false
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.desc=Alternate host IP1
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.targetCommunityHost=st.ac
me.com
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.host=192.0.2.0
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.weight=1
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.port=1544
com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.connectionType=direct
#define alternate community for reverse proxy
com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.desc=Reverse proxy for
server1
com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.targetCommunityHost=st
.acme.com
com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.weight=0
com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.connectionType=reverse
-proxy
com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.proxyHost=http://rever
seproxy.acme.com:81/server1
15
16. Managing IBM Sametime Connect Client Settings post
installation
For updating a deployed user base, rely on managed-settings.xml and managedcommunityconfigs.xml file to control settings
– If local preferences are different to the server defined settings, the server provided
managed settings will win
– So configure locked down settings, and leave out the settings end users are allowed to
change
Files are served up from a HTTP server, both files should be placed in the location where the
Sametime policy update site points.
– Example, if the administration update site URL is http://acme.com/updates, the client
looks for updated preferences in http://acme.com/updates/managed-settings.xml.
Use different policies to point to different updatesite/settings file locations
Managed settings are updated every 12 hours and whenever the Sametime Connect client is
started.
16
17. Example managed-settings.xml to add alternative
community
<ManagedSettings>
<settingGroup name="com.ibm.collaboration.realtime.community">
<setting name="altCommunityConfig.managedIds" value="Host2"/>
<!-- define alternate community Host2 -->
<setting name="altCommunityConfig.Host2.enabled" value="false"/>
<setting name="altCommunityConfig.Host2.desc" value="Alternate host IP1"/>
<setting name="altCommunityConfig.Host2.targetCommunityHost" value="st2.acme.com"/>
<setting name="altCommunityConfig.Host2.host" value="192.0.3.0"/>
<setting name="altCommunityConfig.Host2.weight" value="1"/>
<setting name="altCommunityConfig.Host2.port" value="1544"/>
<setting name="altCommunityConfig.Host2.connectionType" value="direct"/>
</settingGroup>
</ManagedSettings>
This doesn’t replace the existing community, it adds a new alternative one.
17
18. Managing IBM Sametime Connect Client Settings post
installation Continued…
All unlocked settings can be modified by the user. Once a setting is modified by the user, any
subsequent update to the same setting will not apply unless the setting is changed to
isLocked=true on the settings XML file. This behavior is consistent with settings changed
with the plugin_customization.ini file. User-modified preferences take precedence over
settings from the plugin_customization.ini file and settings XML file. However, if the user's
workspace is cleaned, the administrator's values will apply.
Any settings or setting groups removed from the settings XML file (for example, to
unmanage those settings) will remain on the client, and if the setting was previously locked,
it will be automatically set to unlocked.
All unmanaged settings will automatically be managed as standard preferences.
18
19. Changing a Sametime Server using managed-communityconfigs.xml
This will update the existing Sametime Server Settings, to point to a new host.
<managed-communities>
<managed-community id="Host1" host="192.0.2.0" newHost="192.0.2.1"/>
<managed-community-action type="update" managed-community-id="Host1"/>
</managed-communities>
By default update actions result in a client restart if the host name is changed. So using this
managed-community-configs.xml the client will restart.
19
20. Really useful web pages
List of client preferences
– http://www.lotus.com/ldd/stwiki.nsf/dx/Sametime_client_preferences_st9
Automatically updating client preferences with the managed-settings.xml file
– http://www.lotus.com/ldd/stwiki.nsf/dx/Automatically_updating_client_preferences_with_the_manage
dsettings.xml_file_st9
Editing the plugin_customization.ini file to add custom features and change default
preferences
– http://www10.lotus.com/ldd/stwiki.nsf/dx/Editing_the_plugincustomization.ini_file_to_add_custom_features_and
_change_default_preferences_st9
Configuring managed preferences providers
– http://www.lotus.com/ldd/lewiki.nsf/dx/Configuring_providers_XPD623
Managed community settings
– http://www.lotus.com/ldd/stwiki.nsf/dx/Managed_community_settings_sta9
20
21. Feel free to contact me
Carl Tyler
CTyler@Epilio.com
Twitter: @flyboytyler
Skype: CarlTyler
Greenhouse: CTyler@epilio.com
Tel: 1-866-9Ep-ilio (937-4546)
http://www.epilio.com
21
22. Access Connect Online to complete your session surveys using any:
– Web or mobile browser
– Connect Online kiosk onsite
22
Program Stream 2: For IT Practitioners
Track Track 06: Best Practices
Activity Type Lecture
Speaker(s)Carl Tyler, Epilio
Abstract IBM Sametime Connect is a powerful unified communications client, offering real-time communications capabilities. In this session, we'll cover how to build custom IBM Sametime installation packages, how to include interim fixes in the installation. We'll also cover how to customize various aspects of the client install with the installer, and how to ensure the install and uninstall is configured correctly. We'll also explain how you can manage IBM Sametime settings from the server post installation.
When Tue, 28/Jan 01:30 PM - 02:30 PM
Where Dolphin N. Hem D