Andy Higgins, IMCollaboration
Sametime from the Administrator side
Sametime Administration
• Server Administration
• Setup
• Management
• User Administration
• Buddylist conversion
• Stand-alone or Embedded – it makes a difference
• Plugins
Server Administration - Setup
• Check out “Sametime – zero to hero”
• LDAP “mail” attribute
• WAS properties and Wimconfig
• LDAP with SSL
• Ports used – e.g. SIP registration uses 5080/5081
• Foreign characters in passwords
• Windows 2008 IPv6 issues – make sure it’s turned off
• Make sure the servers are all pingable
• On Windows 2008 server “Run as Admin”
ST – server deployment and upgrades
Order of deployment
• Upgrade to LDAP-based ST Community 8.5.2 server first (with mail
attribute!) and convert buddylist
• DB2 server
• ST Console – register Community server with Console
• ST Meeting server
• ST proxy server can go on Console server
• ST Media server should go on it’s own server
• All servers at least dual proc with 4GB RAM – meeting (DB2) server needs
disk space
Server Administration -Management
• Policies – they’ve been moved
• WAS management - similar to Domino
• Deployment Manager, Nodes and Application servers –how do they work with Sametime?
• Security – allows directory authentication, searching and SSL certificate management
• Users and Groups
• Debug
• Media server is special
• SPNEGO authentication
Websphere CELL
A Cell is a virtual unit that is built of a Deployment Manager and one or more nodes.
WAS - explained
The Deployment Manager is a process (in fact it is an special WebSphere instance) responsible for managing the
installation and maintenance of Applications, Connection Pools and other resources related to a J2EE environment. It
is also responsible for centralizing user repositories for application and also for WebSphere authentication and
authorization.
The Deployment Manager communicates with the Nodes through another special WebSphere process, the Node
Agent.
The Node is another virtual unit that is built of a Node Agent and one or more Server instances.
The Node Agent it the process responsible for spawning and killing server processes and also responsible for
configuration synchronization between the Deployment Manager and the Node. Extra care must be taken when
changing security configurations for the cell, since communication between Deployment Manager and Node Agent is
ciphered and secured when security is enabled, Node Agent needs to have configuration fully resynchronized when
impacting changes are made to Cell security configuration.
Servers are regular Java process responsible for serving J2EE requests (eg.: serving JSP/JSF pages, serving EJB
calls, consuming JMS queues, etc).
And to finish, Clusters are also virtual units that groups Servers so resources added to the Cluster are propagated to
every Server that makes up the cluster, this will in fact affect usually more than a single Node instance.
Thanks to Rafael Ribeiro from IT Developer World !!
WAS Concepts
WAS clustering
Don’t forget the load balancer !!
Sametime 8.5 clustered Domain
WAS menu items
At a pinch, the only places you really need to know about are the ones in red above
WAS Security
Allows LDAP access for directory authentication and searching plus SSL certificate management
WAS LDAP access
WAS Users
Check directory access by listing users
WAS users
Note that what gets returned is actually not correct (long-term bug in display only)
ST Media server
User Administration - buddylist
Buddylist conversion – ST convert
Buddylist manipulation (www.epilio.com)
Ensure you set PC.ini for:
• Buddylists from serverbuddyListContactPref=replaceLocal
• Don’t ask the usershowBuddyListConflictDialog=false
User Administrationclient configuration
Rolling out users
• Stand-alone client
• Push methods: Plugin_Customization.ini & Managed_settings.xml
• Embedded client
• Notes 8.5.2 embeds ST 8.0.2 by default
• Need additional embedded plugin for ST 852
• Push methods: Plugin_Customization.ini & Managed_settings.xml
• Additional push options – Domino Policy & Eclipse advanced options
User administration
User setup
• Domino Policy (embedded only) – manages the ST
community server and the SSO policy
• Plugin_customization.ini
• Case sensitive!!
• Special for 8.5.1.1
• Managed_settings.xml
• Sametime policy – manages other ST parameters
Domino ST Policy
Sametime community server defined here
Domino ST IM policy
Sametime server defined here with SSO options too
The policies here were for older versions of the embedded client and today the way to do it is using plugin_customization.ini
Resetting the community server
This will work for both stand-alone and embedded users but is actually the only way you can force the change on the Stand-alone client without a re-install
Key change in V8.5.1.1 ST client
There was a key change made in the latest Sametime
8.5.1.1 client which allows the plugin_customization.ini
to be read during the Notes client startup vs only one
time when the client is reset. This allows
administrators to push out the plugin_customization.ini
to the client and when the client restarts, it'll read the
file.
So in effect, the best way to manage these settings as
we move forwards is with the plugin_customization.ini
file
Policy - Eclipse
I haven’t seen these work successfully yet
Plugin_Customization.ini
File found in “C:\Lotus\Notes\framework\rcp” for embedded client
or “C:\Lotus\Sametime Connect\rcp” for standalone client
com.ibm.collaboration.realtime.community/savePassword=false
com.ibm.collaboration.realtime.community/loginByToken=true
com.ibm.collaboration.realtime.community/loginAtStartup=true
com.ibm.collaboration.realtime.community/name=STCommunity
com.ibm.collaboration.realtime.meetings/hideLegacyMeetingUI=true
com.ibm.collaboration.realtime.community/host=community.server.com
com.ibm.rcp.managedsettings.provider.file/URL=http://community.server.com/sameti
me/managed-settings.xml
com.ibm.collaboration.realtime.community/defaultAuthType=TAM_SPNEGO
com.ibm.collaboration.realtime.community/authServerUrl=http://auth.server.com/sno
op/snoop
com.ibm.collaboration.realtime.community/useAuthServer=true
Additional question to IBM – which managed-settings do we use when we have one
here in the PC.ini file and there is one in ST policies too?
Managed_settings.xml
<ManagedSettings>
<settingGroup name="com.ibm.collaboration.realtime.meetings">
<setting name="hideLegacyMeetingUI" value="true" isLocked="true"/>
</settingGroup>
<settingGroup name="com.ibm.rtc.meetings.shelf">
<setting name="serverName" value=“meeting.server.com"/>
<setting name="serverPort" value="80"/>
<setting name="useHTTP" value="true"/>
<setting name="communityServerName" value=“chat.server.com"/>
<setting name="useCommunityCredentials" value="true" />
</settingGroup>
</ManagedSettings>
Sametime Policy
Sametime user policies
Sametime policies
• User must set this community as the default server community
• Allow user to add multiple server communities
• Allow user to add external users using Sametime Gateway communities
• Allow user to save chat transcripts
• Automatically save chat transcripts
• Etc….
Plugins
Check out this link:
Deploying Plug-ins and Widgets for Lotus Notes and Sametime
WAS install issues
Check out this link to IBM documentation on WAS install errors
Using the Console
A good link to Console information
Contact details
Andy Higgins
++1 (512) 426-6142
www.imcollaboration.com
http://sametimedg.blogspot.com/