IBM Sametime 8.5.2 installation - From Zero To Hero - Edge Components 18.12.2011

transcript

Social Business

IBM Collaboration Solutions

Installation and Setup of IBM Sametime 8.5.2”From Zero to Hero” Part 2 – Edge Components

Frank Altenburg | SME for Sametime IBM Collaboration Solutionsmailto:frank.altenburg@de.ibm.com

New version from 18. 12. 2011

Agenda

● Components of IBM Sametime 8.5.2

● Requirements for a IBM Sametime 8.5.2 Edge deployment

● Architecture of a IBM Sametime 8.5.2 Edge deployment

● The 25 steps to a IBM Sametime 8.5.2 Edge deployment

The IBM Sametime 8.5.2 Components we will coverIn Part 1:● IBM DB2 Database Server● IBM Sametime System Console● IBM Sametime Community Server● IBM Sametime Proxy Server● IBM Sametime Meeting Server● IBM Sametime Media Manager● IBM Sametime Advanced Server (optional)● IBM Sametime Connect Client

In this Part 2:● IBM Sametime Community MUX (optional)● IBM Sametime SIP Edge Proxy● IBM Sametime Meeting HTTP Proxy● IBM Sametime TURN Server● IBM Sametime Gateway (optional)

In Part 3:● Moving Sametime Servers to separate boxes● Implementing additional Servers for clustering● Clustering of Sametime Servers

IBM Sametime System Level Architecture

SametimeGateway

CommunityServer

MediaManager

UnifiedTelephony

AdvancedServer

MeetingServer

SametimeProxy

Sametime Clients

External IM Communities

Enterprise Phone System

Embedded Applications, including Web Client, Portal, and

Mobile

PartnerA/V Bridges

SIP, RTP SIP, RTPVP

HTTP HTTP

HTTP SIP, XMPP

SIP, TCSPI SIP

Logical servers shown – may be combined physically depending on user workload

IBM Sametime System Console

SametimePresence/IM

SametimeClassic

Meetings

SametimeNew Meetings

SametimeMedia Server

SametimeAdvanced

SametimeProxy

● Manage prerequisites.– System console manages all needed info for

prerequisite components

– No install/reinstall of IBM DB2® (for example) for each separate offering

● Centralize configuration.– Setup & testing of things like LDAP centralized in

a single location, instead of various wizards in different installers

● Facilitate deployment planning.– Mechanism to plan the Sametime server

deployment

– Installation of server nodes is simpler, as the shared configuration already exists. Server installers are “headless”, and need no input from user

● Single point of action for administrative tasks

– Example: Policies are managed from a single place for all components

Agenda

IBM Sametime 8.5.2 Prerequisites● IBM Sametime 8.5.2 Community MUX Server requires

● IBM Sametime Community Server (Version >= 7.5.1)● IBM Sametime 8.5.2 SIP Edge Proxy

● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM Sametime 8.5.2 Mdia Manager

● IBM Sametime 8.5.2 Meeting HTTP Proxy● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM Sametime 8.5.2 Meeting Server

● IBM Sametime 8.5.2 TURN Server requires● IBM Sametime 8.5.2 Media Manager

● IBM Sametime 8.5.2 Gateway Server requires● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM DB2 9.7 or 9.5 FP1● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft®

Active Directory, IBM Tivoli® Directory Server, SunOne® iPlanet®, Novell® eDirectory®)

● IBM Sametime Community Server (Version >= 8.0.1)

● IBM Sametime 8.5.2 System Console Server requires● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM DB2 9.7 or 9.5 FP1● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft®

● IBM Sametime 8.5.2 Community Server requires● IBM Lotus Domino 8.5.1 or 8.5.2 (32 Bit Version only)● LDAP directory server

● IBM Sametime 8.5.2 Proxy Server requires● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM Sametime Community Server (Version >= 7.5.1)

● IBM Sametime 8.5.2 Meeting Server requires● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM DB2 9.5 FP1 (provided automatically via Install)● LDAP directory server

● IBM Sametime 8.5.2 Media Manager requires● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM Sametime 8.5.2 Community Server● LDAP directory server

IBM Sametime 8.5.2 Prerequisites (cont.)

IBM Sametime 8.5.2 Prerequisites (cont.)● IBM Sametime 8.5.2 Advanced Server requires

● IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)● IBM DB2 9.7 or 9.5 FP1● LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft®

● IBM Sametime Community Server (Version >= 8.0.1)

● Software requirements● Client

● Windows XP (SP2), XP Tablet, Vista and Windows 7 – 32 and 64 bit● MAC OS X 10.6.2 x86-64 and future OS fix packs● RHEL 5.0 Update 4 Desktop Edition x86-32 and future OS fix packs● SLED 10.0 SP3 and 11.0 SP1 32 and 64 bit and future OS fix packs● Ubuntu 10.04 LTS x85-32 and future OS fix packs

● Server● Windows Server 2003/2008 - 32 and 64 bit (including R2)● Linux (RHEL, SLES) - 32 and 64 bit● AIX 5.3/6.1● i5/OS 5.4, 6.1● Solaris 10● ESX and ESXi 4.0, MS Hyper-V R2

● Browsers● Microsoft® Internet Explorer 6.x, 7.x, 8.0 (Windows)● Firefox 3.5 and 3.6 (Windows, Mac, Linux)● Safari 5.0 (Mac)

● Other● Domino 8.5.1/8.5.2 for Community Server / 'Classic' meetings● WebSphere Application Server 7 for new servers and gateway (included)● DB2 9.7 for new servers and gateway (included)

IBM Sametime 8.5.2 Prerequisites (continued)

● Software requirements● For WEB A/V

● Microsoft® Internet Explorer 6.x(!!), 7.x, 8.0 (Windows)● Firefox 3.5 and 3.6 (Windows, Mac)

SPECIAL NOTE: Microsoft Internet Explorer 9, Apple Safari and Google Chrome are not supported with the Sametime Audio/Video Browser Plugin in this actual Sametime Version 8.5.2.

We do not support any Linux based OS now for Browser A/V.

Microsoft Internet Explorer 6 should work and is officially supported. But it is not recommended to use this version because it can cause issues when several parallel connections needs to be established with the meeting server.

IBM Sametime 8.5.2 Prerequisites (continued)

Other requirements

● Make sure that all servers you want to use can be resolved in DNS.

● If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers.

● The Media Manager Server does not work when installing with a DNS alias. You must configure the full qualified machine host name (including domain part) and use this for the installation. This name does not need to be configured anywhere else and the client does not see it.

● If you use Windows 2008 as Operating System, then you need to start all installations and configurations in „Administrative mode“.

● You need a LDAP Server hosting your user base. This can be a Domino LDAP or Microsoft Active Directory or any other supported V3 LDAP.

● The Sametime gateway requires a public, not NATed IP address. NAT does not work with SIP traffic (specially when using TLS encryption) because the SIP packages contain the sending IP address inside. Then the receiver refuses the SIP package coming from another address then the one inside the package.

Required files for a deployment on Windows

For a Windows installation of the Edge components you need to download these files from Passport Advantage:

CZYD7ML.zip IBM Sametime Community Server StandardCZYE0ML.zip IBM Sametime Meeting ServerCZYF0ML.zip IBM Sametime Media Manager ServerCZYF9ML.exe IBM Sametime GatewayCZYA0ML.zip IBM Sametime WebSphere Application ServerCZYH1ML.zip IBM Sametime WebSphere Application Server iFixes

Create a directory, for example “C:\Install”, on the servers where you want to install. Then unpack the downloaded files into this directory. Just unpack the files required for your deployment architecture on the particular server.

If you run the CZYF9ML.exe, create a subdirectory “C:\Install\SametimeGateway” to unpack the file.

When unpacked the CZYH1ML.zip file go into the subdirectory “C:\Install\SametimeWASiFixes\WebSphereUPDI” and unzip the update installer for your used operating system.

Agenda

IBM Sametime 8.5.2 - Our pilot recommendation

Compared with the last version of this document installing IBM Lotus Sametime 8.5.1 (from Lotusphere 2011), we have changed again our recommendation for a pilot deployment. The reason for the change is the availability of new features in installation methods as well as our increased experience and many successful installations using this method in the last months.

The most Edge components described in this part 2 can be installed on one single box in the DMZ because all of them use different ports for communication. Only the Sametime Gateway requires a separate box because it uses the SIP Protocol and requires a non NATed public IP address. The Sametime Gateway is optional and not required for the other Edge components to work properly.

It is important to have the full environment described in the Part 1 of this documentation up and running before starting the Edge components installation. The Sametime Advanced part is not required for this installation.

IBM Sametime 8.5.2 Edge – our pilot deployment

DB2 9.5 Server

Sametime System Console

Sametime Meeting Server

webchat.renovations.com192.168.30.30

Sametime Proxy Server

meeting.renovations.com192.168.30.10

Sametime Media

Manager

sametime.renovations.com192.168.30.10

edge.renovations.com192.168.30.50 192.168.40.40

Port Forwardings:80 TCP

1533 TCP5061 TCP5081 TCP3478 UDP

to 192.168.40.40

DNS entries:sametime.renovations.commeeting.renovations.com

chat.renovations.comwebchat.renovations.com

edge.renovations.compointing to 192.168.0.1

SIP Edge Proxy

WAS HTTP Proxy

TURN Server

Active Directory

ldap.renovations.com192.168.30.99

gateway.renovations.com192.168.30.60

gateway.renovations.com192.168.0.60

192.168.0.1

Sametime Community

Server

chat.renovations.com192.168.30.20

Sametime Gateway Server

● 1 Server for the IBM Sametime 8.5.2 Community MUX, IBM Sametime 8.5.2 Meeting HTTP Proxy, IBM Sametime 8.5.2 SIP Edge Proxy, IBM Sametime 8.5.2 TURN ServerQuad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS1 GBit Network Interface with 2 IP addresses (internal and external).

● 1 Server for the IBM Sametime 8.5.2 Gateway ServerDual CPU, 4GB RAM or more, 50GB disk space or more, 64 Bit OS1 GBit Network Interface with 2 IP addresses (internal and external but not NATed).

● Various client endpoints

Hardware required for this Pilot Example Deployment

With such a configuration you can host up to ● 300 concurrent Meeting Participants *● 5.000 concurrent Sametime Clients *● 150 concurrent Media Streams *● 1500 concurrent Proxy web client users *

* Ask you IBM representative for more detailed sizing information in a defined environment

Special IP configuration for the WebSphere based Server

For this Edge environment it is required to have the same FQ Host names that you use in the internal network (see Part 1 of this documentation) be configured in the public DNS pointing to the public IP address of the server machine in the DMZ hosting the Edge components. This means splitted DNS configuration is required.

Host Name: edge.renovations.comAlias Names: sametime.renovations.com

meeting.renovations.comwebchat.renovations.comchat.renovations.com

Public IP: 192.168.0.1 (NATed to the DMZ IP)DMZ IP: 192.168.40.40

Local address in the Intranet:Host Name: edge.renovations.comIP: 192.168.30.50

Special IP configuration for the WebSphere based Server (cont)

For the Sametime Gateway Server a not NATed public IP address is required. Best practice is to have a splited DNS configuration.

Public address in the Internet:Host Name: gateway.renovations.comPublic IP: 192.168.0.60 (not NATed)

Local address in the Intranet:Host Name: gateway.renovations.comIP: 192.168.30.60

Required technical users for IBM Sametime 8.5.2

IBM Sametime requires some technical users for components to communicate in an authenticated mode. All of this users should be configured so that the password never expires and never needs to be changed.

db2admin This user is created during installation of the DB2 server in the Operating System. Do not create this user in advance. It is the user for all IBM Sametime related components using DB2 to access their databases. Be sure to match the password policy requirements of the OS.

wasadminThis is the user to access the IBM WebSphere components and to administer the system. This user must not exist in your LDAP directory. It is created during WebSphere installation in a local file repository. You can use the same user name and password for all components (makes it easier) or different names and passwords. But again, it does not work when this user exists in the LDAP.

Required technical users for IBM Sametime 8.5.2 (cont)

Domino AdministratorThis user is created during installation of Domino for the IBM Sametime Community Server. It is a best practice to not use a existing administrative account because it is the account with that the IBM Sametime System Console communicates with the Community Server.

LDAP Bind UserThis is a user account in your LDAP directory. This account is used to connect in authenticated mode to the LDAP server to get all required attributes. It is possible to connect anonymously to the LDAP but then it does not work with some LDAP systems or the LDAP server requires special configuration to allow anonymous bind.

Starting and stopping the WebSphere based Server

In this pilot deployment we install and configure all WebSphere based Sametime servers using a single Cell. Then it is easy to administer all of them using just one administrative interface. (The Integrated Solutions Console of the Sametime System Console)

With Sametime 8.5.1 the services where created automatically for all servers because we used for all of them a separate “Cell Profile” deployment. Now with IBM Sametime 8.5.2 we use the Network deployment method by implementing all servers as a Primary Node federated to the Deployment Manager of the Sametime System Console in just one Cell.

Using this method the installer does not create some required components and it does not create some services in the Windows operating system. We need to manually create this components and Services. All the required steps are described in detail later this slide deck.

Audio/Video Plug-In for Browser access to Meeting Rooms

The Meeting Plug-In is shipped with the Media Manager in two formats.

1.) Download VersionThis version files needs to be copied onto a Web Server that can be accessed by the Browser from the client who want to access the Meetings using Audio and Video services. This could be the Domino based Sametime Community Server, the Sametime Proxy Server or the Sametime Meeting Server or any other web server in your organization.

In this pilot deployment recommendation we use the Sametime Proxy server for this service.

To download and install this Plug-In it is required to have Administrative access rights on Windows 7. With all other OS the user right is enough

2.) Deployment VersionThis version can be deployed using your preferred deployment tool. It contains a MSI installer file. But be careful in some operating systems as Windows 7, it is required to install this version with administrative rights.

Agenda

The 25 steps to deploy a Sametime 8.5.2 EDGE environment1.Enable Trust for the Community Mux in the Sametime Community

Server2.Install the Sametime Community Mux3.Configure the Community Mux in the Sametime System Console4.Install the SIP EDGE Proxy without the Sametime System Console5.Configure the SIP Edge Proxy6.Post Install Tasks7.Create a Deployment Plan for the Sametime Meeting HTTP Proxy8.Install the Sametime Meeting HTTP Proxy9.Run the guided activity to add the Sametime Meeting HTTP Proxy to

the Meeting Cluster10.Remove the Sametime Meeting Server on the Edge Server11.Create the WebSphere Meeting Http Proxy on the Edge Server12.Post Install tasks13.Install the TURN Server14.Configure the TURN Server and enable NAT Traversal15.Test all the Edge components

The 25 steps to deploy a Sametime 8.5.2 EDGE environment

16.Create the Sametime gateway DB2 Database17.Configure the DB2 Database Prerequisite in the Sametime System

Console18.Enable Trust for the Gateway in the Sametime Community Server19.Install the Sametime Gateway without the Sametime System Console20.Post Install Tasks21.Register the Gateway to the Sametime System Console22.Connect to the local Sametime Community23.Connect to a Partner Sametime Community24.Enable clients to use the Sametime Gateway25.Test the Gateway

STEP ONE: Enable Trust for the Community MUX in the Sametime Community Server

Summary

A Sametime Community Server only accepts connections from a Community Services multiplexer that is listed in the "CommunityTrustedIps" field of a "CommunityConnectivity" document to prevent an unauthorized machine from connecting to the Sametime community server.

This can be configured directly in the “STCONFIG.NSF” Database - “CommunityConnectivity” Document, or – and this is now much easier – in the Sametime System Console. This is the way we want to configure this part.

Enter the URL „http://sametime.renovations.com:8700/admin“.

The WebSphere Application Server Administrative interface (the Integrated Solutions Console ISC) is always secured by SSL. Therefore you will be redirected to HTTPS and the port 8701 automatically. You are prompted to accept the default certificate. For different browsers the procedure to accept this IBM signed certificate is different.You can use the direct URL: „https://sametime.renovations.com:8701/ibm/console“.

Enter the WebSphere Application Server Administrative User name and its password. We use „wasadmin“. Then click the „Log in“ button to continue.

You have now reached the IBM Lotus Sametime System Console.

Click on “Sametime System Console”, then on “Sametime Servers” and then on “Sametime Community Servers”.

Click your “Chat Server” now.

Go to the bottom of the page and enter the IP address of your Edge server that hosts your Sametime Community MUX. Then click the “Add” button

The IP address is now added. Click the “OK” button to save the setting into the Sametime Community Server configuration.

Restart your Sametime Community Server to apply the trust settings. Be aware to use this “restart server” console command only in your test environment. On a production server this won't work because the restart is often faster then stopping all 41 Sametime server tasks. The complete restart can take up to 5 minutes. Wait until all 41 ST... tasks appear in your Task Manager.

STEP TWO: Install the Sametime Community MUX

Summary

This step installs theIBM Sametime 8.5.2 Community MUX.

We like to use a CMD command line window to enter some of the commands and start the installers. For that we have created a short cut in our fast start section.You can use the Windows Explorer as well to navigate to the destination directory and double click the installation file (setupwin32.exe)

Enter the command “cd \Install\CommunityMux” and press the “Enter” key.Enter the command “setupwin32.exe” and press the “Enter” key.

My Operating System was set to German language. But I want to use the English language (default) for the installation. Just click the “OK” button.

Now click the “Next” button to continue.

Accept the terms in the license agreement and click the “Next” button to continue

Remove “Program Files\” and click the “Next” button to continue

We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.

Enter the full qualified host name of your community Server. We use “chat.renovations.com”. Then click the “Next” button to continue.

Click the “Install” button to install the Community MUX.

The Sametime Community MUX is now installing. This step takes approximately 1 to 2 minutes.

Important to know...Consider the requirements of the community server multiplexer machine before installing it.

* community server multiplexer installation files are available for Windows®, AIX®, Linux®, and Solaris. A stand-alone community server multiplexer cannot be installed on IBM® i. However, Sametime® on IBM i supports the use of a stand-alone multiplexer installed on a Windows system.

* The minimum system requirements for the community server multiplexer machine are the same as the system requirements for the core Sametime community server.

* A machine that meets the minimum system requirements should be able to handle approximately 20,000 simultaneous client connections.

* Testing indicates that machines with dual 1133 MHz CPUs and 2 GB of RAM can handle approximately 30,000 simultaneous client connections.

* TCP/IP connectivity must be available between the community server multiplexer machine and the Sametime community server. Port 1516 is the default port for the connection from the community server multiplexer machine to the Sametime Community Server.

When the installation has finished successfully, click the „Finish“ button to close the Installer.

Set the preferences of the Community Mux “ST Mux” service to start and stop automatic with the Operating System. Then start the service.

The Community Mux is now setup to start and stop automatic with the Operating System, and it is started.

Install a Sametime Connect client in the public network and connect to your Sametime Community Mux server. In the public network this should be the same address as in your local network “chat.renovations.com”. The Sametime Community Mux forwards your connection to the internal Sametime Community Server. Login with a user in your directory to see that the Mux works.

Another way to test the functionality and connectivity of your Sametime Community Mux is to enter the command “netstat -an” in a CMD line window. There you should see the ST Mux is listening on ports 1533 and 8082. There are established connections to your Community Server (IP 192.168.30.20) on port 1516 and from your Sametime Client (IP 192.168.0.9) on port 1533.

STEP THREE: Configure the Community MUX in the Sametime System Console

Summary

Use the IBM® Sametime System Console to connect to a Sametime Community Mux and validate its settings.

Click on “Sametime System Console” then on “Sametime Prerequisites” and then on “Connect to Sametime Community Mux Servers”.

Enter the host name of your Sametime Community Mux server (we use “edge.renovations.com”) and click the “Save” button.

Click the “Add” button

The Sametime Community Mux Server is now successfully added to your Sametime System Console.

STEP FOUR: Install the SIP EDGE Proxy without the Sametime System Console

Summary

The IBM® Lotus® SIP Edge Proxy is a SIP Application installed over a WAS server. Since there is no specific installer for the IBM Lotus SIP Edge Proxy server, you can use the SIP Proxy/Registrar installer and then perform manual steps in order to adjust the environment to the Lotus SIP Edge Proxy.

Navigate to the „\Install\SametimeMediaManager“ directory and enter the command „Launchpad“

The Sametime 8.5.2 Launchpad opens. Click the „Install IBM Lotus Sametime Media Manager“ link on the left side.

Now click the link „Launch IBM Lotus Sametime Media Manager 8.5.2 Installation“

The Installation Manager is now loading.

Click the “Next” button to continue.

Accept the terms in the license agreement and click the “Next” button to continue

Remove “Program Files\” and click the “Next” button to continue

We recommend to use path names without spaces (as some scripts may require this) and also shorten the path name so that the typical limits of some operating systems and applications for path + file name length are avoided.

Click the “Install” button to install the Installation Manager.

The installation Manager is now installing

If you are using Windows 2008 R2 or Windows 2003 R2 then it can be possible thatyou run into a JAVA heap memory overflow. To prevent this issue change a parameter inThe “IBMIM.INI” configuration file of the Sametime Install Manager. See the next 2 slideshow to do this. And then click the „Restart Installation Manager“ button to continue.

In the File Explorer navigate to your Install Manager's eclipse directory “C:\IBM\Install Manager\eclipse”. Then open the configuration file “IBMIM.ini” in notepad.

Add he parameter “-Xmx1024m” at the end. Then save and close the file.This parameter is case sensitive.Now click the “Restart Installation Manager” button in your Install Manager screen to continue your Installation.

Click the „Install“ icon to start the installation.

Select „IBM Sametime Media Manager“ and „Version 8.5.2“. Then click the „Next“ button to continue.

Accept the terms in the license agreement and click the „Next“ button to continue.

Enter the correct path (remove „Program Files\“) and click the „Next“ button to continue.

Select “IBM Sametime Media Server 8.5.2” but deselect “Use Lotus Sametime System Console to Install”. Then click the „Next“ button to continue.

With IBM Sametime 8.5.2 it is possible to install Sametime on top of an existing WebSphere 7.0.0.15 Server. We don't want to do this in this pilot deployment.Just click “Next” to continue.

In this screen you need to select the WebSphere deployment method. We use “Standalone” for this installation. And you need to define the WebSphere Application Server administrative user. You need to authenticate with this user to access the Integrated Solutions Console of your Media Manager Server. It is important that this user does not exist in your LDAP. In this example we use the standard „wasadmin“. Enter the password twice and click the „Next“ button to continue.

The host names for the SIP Proxy/Registrar, Conference Manager, Packet Switcher, and Community Server must be all different. The Proxy/Registrar host name should be the local host, and the others should be different from the Proxy/Registrar host name and also from each other. We use in this example: * Conference Manager host name: “sametime.renovations.com” * Proxy/Registrar host name: “edge.renovations.com” * Packet Switcher host name: “meeting.renovations.com” For the Community Server we use our chat server “chat.renovations.com”Then click the „Validate“ button to continue.

If the connection to the different hosts was successful, then you should see that the text in the button has changed to „Validated“.Now click the „Next“ button to continue.

Select the checkbox “Configure LDAP after the installation” and click the “Next” button.

Click the „Install“ button to install the Sametime Media Manager Server.

The Installation Manager now installs the Sametime Media Manager. This step can take approximately 30 to 45 Minutes.

Important to know...It should be possible to do this installation with every other Sametime component that is WebSphere based to just have the WebSphere binaries and the Cell profile structure on the box. But we need to implement a special application - the Edge Proxy Application. This application is shipped in the Media Manager install package. So it is easier to use this installer for this installation.

If you plan to implement all Edge components on one box, like described in this document, then you need to install the SIP Edge Proxy component first – before the Meeting Http Edge Proxy. The reason is the required configuration steps for the Meeting Http Edge Proxy disallow the complete Cell installation of the SIP Edge Proxy.

The Installer first unpacks the WebSphere Application Server install files

Then he installs the WebSphere Application Server 7.0.0.3 binaries

Then he creates the WebSphere profiles

Then he installs the Update Installer

Then he installs the Update to WebSphere 7.0.0.15

Then he install the application and configures everything

Director on Windows 2008: C:\Users\All Users\IBM\Installation Manager\logs\ant

In this directory is the log file where the installer logs its progress. The file increases up to approximately 302 KBytes.

The last step is to configure the services and some post install tasks.

The Sametime Media Manager server has installed successfully. Click the „Finish“ button and close the Installation Manager and the Launchpad.

STEP FIVE: Configure the SIP Edge Proxy

Summary

The SIP Edge Proxy needs to be configured. Several steps are required to complete this configuration:A)Login to the new Media Manager integrated Solutions ConsoleB)Uninstall all Media manager applicationsC)Install the new SIP Edge Proxy applicationD)Configure the SIP PortsE)Modify the SIP Edge Proxy Settings in the edge-proxy.xml fileF)Replace the default certificateG)Exchange certificates between the SIP Edge Proxy and the SIP Proxy Registrar

Enter the URL „http://edge.renovations.com:8800/admin“.

The WebSphere Application Server Administrative interface (the Integrated Solutions Console ISC) is always secured by SSL. Therefore you will be redirected to HTTPS and the port 8701 automatically. You are prompted to accept the default certificate. For different browsers the procedure to accept this IBM signed certificate is different.You can use the direct URL: „https://sametime.renovations.com:8801/ibm/console“.

Then click the “Add Exception” button.

A) Login to the new Media Manager integrated Solutions Console

The IBM signed certificate is not trusted by the browser. Click the „Get Certificate“ button to accept the certificate by clicking the “Confirm Security Exception Button”. (this dialog is different using other browsers)

Enter the WebSphere Application Server Administrative User name and its password. We use „wasadmin“. Then click the „Log in“ button to continue.

You have now reached the IBM WebSphere Integrated Solutions Console.

Click on “Applications” - “Application Types” and then on “WebSphere enterprise applications”.

B) Uninstall all Media manager applications

Select the installed applications “ConferenceFocus” and “SSCConnect.ear”. If other applications are installed like “SIP Proxy”, “SIP Registrar” or “Packet Switch”, select them as well and then click the “Uninstall” button.

Click the “OK” button to continue.

Yes we want to save the changes and click the “save” link.

The applications are now deleted. Next is to install the SIP Edge Proxy application. Click the “Install” button.

C) Install the new SIP Edge Proxy application

If you run your browser on the Edge machine, you can use “Local File System”. If you use your Browser from your workstation, then the install files are “remote”. So use the “Remote file system” and click the “Browse” button.

Select the directory where you have unpacked the Media Manager install files. And from there the subdirectory “SIPEdgeProxy”. Then select the “EdgeProxyAppl.ear” file and click the “OK” button.

Click the “Finish” button to continue.

Click the “save” link to continue.

The EdgeProxyAppl is now installed successfully.

To set up ports for the IBM® Lotus® SIP Edge Proxy, an administrator needs to determine the SIP ports used for the SIP Proxy/Registrar and ensure that the Lotus SIP Edge Proxy listens on these same ports.

To perform this configuration step we open a new browser window and connect to our Sametime System Console – Integrated Solutions Console. Enter the URL “http://sametime.renovations.com:8700/admin”. If the console is already open in your browser, then switch to this browser window.

D) Configure the SIP Ports

Click on “Servers” - “Server Types” and then on “WebSphere application servers”.

Click on “STMediaServer”.

On the right side under “Communications” click on “Ports”.

Record the ports that are used for the “SIP_ProxyRegHOST” and “SIP_ProxyReg_SECURE”. Here we can find ports “5080” and “5081”.

Go back to the Integrated Solutions Console of your Edge Media Manager installation.

Now click on “Servers” - “Server Types” and then on “WebSphere application servers”.

Click on “STMediaServer”.

On the right side under “Communications” click on “Ports”.

Click on “SIP_ProxyRegHOST”

Enter the Port “5062” and click the “OK” button.

Click on “SIP_ProxyReg_SECURE”

Enter the Port “5063” and click the “OK” button

Click on “SIP_DEFAULTHOST”

Click on “SIP_DEFAULTHOST_SECURE”

Click the “Save” link to save the last changes.

Next is to add the ports to the virtual hosts table. Click on “Environment” and then on “Virtual hosts”.

Click on “default_host”

Click on “Host Aliases”.

Click the “New” button to add a new entry.

Leave the Host Name as it is and enter the Port “5080” in the Port field. Then click the “OK” button.

To add an other entry click the “New” button again.

We have changed the SIP_ProxyRegHOST and SIP_ProxyReg_SECURE ports. So we need to map this changes here as well. Click the “*” near the Port “5060”.

Change the port to “5062” and click the “OK” button.

Now click the “*” near the port “5061”.

Click the “Save” link to save the last changes.

We have now successfully configured the host aliases for our SIP Edge Proxy server.

Now we need to make sure that the setting “Use available authentication data when an unprotected URI is accessed” is switched off. To check that click on “Security” - “Global Security”.

Under “Web and SIP security” click on “General settings”.

Confirm that the check box near “Use available authentication data when an unprotected URI is accessed” is switched off.

Now we need to confirm 2 more settings in the Server configuration for our SIP Edge Proxy Server. Click on “Servers” - “Server Types” and then on “WebSphere application servers”

Click the “STMediaServer” application server.

Under “SIP Container Settings” click on “SIP container”.

Now click on “Custom properties”

Confirm that the setting “com.ibm.ws.sip.sent.by.host” contains the full qualified host name of your Edge Proxy Server machine. If this is wrong, click on “com.ibm.ws.sip.sent.by.host” and change the host name. Then check that a property “com.ibm.ws.sip.security.trusted.iplist” does not exist. If it exists mark it and click the “Delete” button. Then click the “Save” link in the next screen.

E) Modify the SIP Edge Proxy Settings in the edge-proxy.xml file

Next step is to configure the “edge-proxy.xml” file and populte it to the server node.Open a windows File explorer and navigate to the directory:“C:\IBM\WebSphere\AppServer\profiles\STMSDMgrProfile\config\cells\edgeMediaCell\applications\EdgeProxyAppl.ear\deployments\EdgeProxyAppl\EdgeProxyWeb.war\WEB-INF”. Then open the file “edge-proxy.xml” with notepad or better with wordpad.

The authoritativeProxy section contains the hostname, port, and transport of the SIP Proxy/Registrar:

* Specify the SIP port used for TCP. * Specify the SIP port used for TLS.

The edgeProxy section contains the hostname, port, and transport of the Lotus SIP Edge Proxy:

* Specify the SIP port used for TCP. * Specify the SIP port used for TLS.

The authProxySourceAddr section specifies the address of the SIP Proxy/Registrar. When the Lotus SIP Edge Proxy receives stand-alone or initial requests, it determines the remote address from which the request was received. If the remote address does not match the SIP Proxy/Registrar address, the request is sent to the SIP Proxy/Registrar for further processing. Supported values: IP address, regular expression that matches the SIP Proxy/Registrar address (for example, "10.10.102.14 | 10.10.102.16").

We use in our example:authProxyHost=”sametime.renovations,com”authProxyPort=”5081”authProxyTransport=”TLS”authProxySourceAddr=”192.168.30.10”edgeProxyHost=”edge.renovations.com”edgeProxyPort=”5081”edgeProxyTransport=”TLS”

Now save the file and close your wordpad editor.

Next is to copy the edited file to the application server configuration in the Deployment Manager. Open a second File explorer and navigate to the directory:“C:\IBM\WebSphere\AppServer\profiles\STMSDMgrProfile\config\cells\edgeMediaCell\nodes\edgeMediaNode\servers\STMediaServer”.

Now copy the file. (be sure to copy and not move the file)

Next is to synchronize the file to the node. In your Edge Integrated Solutions Console click on “System administration” - “Nodes”.

Select the “edgeMediaNode” and click the “Full Resynchronize” button.

F) Replace the default certificate

To avoid the problem of IBM® Sametime® clients rejecting the certificate issued for the IBM Lotus® Edge Proxy server, an administrator needs to replace the default certificate on the Lotus SIP Edge Proxy so that it contains the SIP Proxy/Registrar's FQDN.These instructions are for the default certificate, which is meant for internal communications (not meant to act as a CA). Sametime clients verify that the certificate was issued for the SIP Proxy/Registrar. In a Lotus SIP Edge Proxy deployment, the client opens a TLS connection to the Lotus SIP Edge Proxy resulting in the client receiving a certificate issued for the Lotus SIP Edge Proxy server. This certificate will be rejected by the client.

Click on “Security” and then on “SSL certificate and key management”.

Now click the “Manage endpoint security configurations” link.

Open the “Inbound” tree and click on “edgeMediaCell” and then “edgeMediaNode”

Click the “Manage certificates” button.

Click the “Create” button and then the “Chained Certificate...” menu entry.

This fields are required to continue:

Alias “sip-pr-cn-cert”

Common name“sametime.renovations.com”

Organization“renovations”

Country or region“US”

Then click the “OK” button.

To save the last changes just click the “Save” link.

Now click again the “edgeMediaNode” in the “Inbound” tree.

Click the “Manage certificates” button.

Check mark the “default” certificate and then click the “Replace” button.

In the “Replace with” selection box select the newly generated “sip-pr-cn-cert” certificate. Check mark both check boxes “Delete old certificate after replacement” and “Delete old signers”. Then click the “OK” button.

To save the last changes click the “Save” link.

G) Exchange certificates between the SIP Edge Proxy and the SIP Proxy Registrar

Click “Security” and then on “SSL certificate and key management”.

Now click “Key stores and certificates” on the right side.

Click on “CellDefaultTrustStore”.

On the right side click on “Signer certificates”.

Check the check box near the root certificate (the one with the “root” alias). Then click the “Extract” button.

Enter a path to save the certificate. We use “c:\temp\edgeroot.cer”. Then click the “OK” button.

The certificate was extracted successful. Now you need to copy this certificate file to your Sametime Media Manager box. Best is to copy it there into the “C:\temp” directory.

We have exported the root certificate in the SIP Edge Server and need to import that into the Sametime Media Manager. We have copied the file and need to import it next. Go to the Sametime System Console (which is the Integrated Solutions Console for our Sametime Media Manager). The Browser window should still be open from a previous step. But it can be possible that the session is timed out. Then you need to re-authenticate with your “wasadmin” account.

Click on “Security” and then on “SSL certificate and key management”.

On the right side click on “Key stores and certificates”.

Click the “CellDefaultTrustStore”.

On the right side click on “Signer certificates”.

To import the root certificate from the SIP Edge Proxy server click the “Add” button.

Enter a name for the certificate, we just use “edge_root”. In the “File name” field enter the path to where you have copied the certificate file and the filename. We use “c:\temp\edgeroot.cer”. Then click the “OK” button.

Now we need to do the same thing in the opposite direction. Copying the root certificate of our Media Manager to the SIP Edge Proxy. For that we check the check box near the root certificate (the one with “root” in the Alias) and then click the “Export” button.

Enter a path and file name to where the certificate should be saved. We use “c:\temp\siproot.cer”. Then click the “OK” button.

The certificate is now saved. Next is to copy this file from the Media manager to the SIP Edge Proxy box. Best is to copy the file to “c:\temp”.

Go back to the Integrated Solutions Console of your SIP Edge Proxy server. There just click the “Add” button.

Enter a name for the Media Managers root certificate. We just use “sip_root”. In the “File name” field enter the path to where you have copied the file and the file name. We just use “c:\temp\siproot.cer”. Then click the “OK” button.

To save the last changes just click the “Save” link.

Because we did security changes in bot servers it is required to restart the Deployment Manager and all nodes on both servers. Lets start with the Sametime Media Manager Server first. In the Services window select the Deployment Manager (the Service with the “..._DM” at the end) and click the “Stop service” button. You are asked to stop all services. Click “Yes” to really stop all services.

When all services are stopped you should start all services. Start with the SametimeSystem Console, then the Media Manager, then the Meeting Server and at last theProxy Server. This takes a long time and sometimes the services cause into a popupWindow saying a service could not be started. You can ignore that and just wait untilAll services are started.

Another option is to reboot the Operating system of the box. Then you need to wait asWell until all services are started. This really can take some time.We can recommend to check this in your “Task Manager”. Wait until you can see 10Java.exe tasks running and each of them consuming between 170 and 450 MB of RAM.When the CPU usage goes down then the startup of all tasks has finished.

For the SIP Edge Proxy Server box we will do the restart after we configured the post install tasks.

Summary

This step is to configure automatic stop, startup and dependencies in the Windows Operating System Services.

STEP SIX: Post Install tasks for the Sametime SIP Edge Proxy

Configure the properties of all 3 task to start automatic.Then restart the Operating System of your SIP Edge Proxy Server.

When the Operating System has restarted, you should see all 3 services as started.

Summary

This step is to preconfigure the settings for the Sametime Meeting Edge HTTP Proxy Server installation.

STEP SEVEN: Run the guided activity to configure the IBM Sametime Meeting Server deployment plan for the Meeting Edge HTTP Proxy

Start your browser and enter the URL “http://sametime.renovations.com:8700/admin” to access the Sametime System Console.

Log in with your “wasadmin” user.

In your Sametime System Console click on „Sametime System Console“ then „Sametime Guided Activities“ and then on „Install Sametime Meeting Server“.

Use the first entry „Create a New Deployment Plan“ and click the „Next“ button.

Enter a name for your Meeting Server Deployment Plan. In this example we use „Meeting Edge“. Then click the „Next“ button to continue.

We want to install the product version „8.5.2“. Click the „Next“ button to continue.

Change to „Secondary Node“ and click the „Next“ button to continue.

Check the “Systemconsole...” and click “Next” to continue.

Enter the full qualified host name of your Sametime Meeting Server. In this example we use „edge.renovations.com“. Enter a WebSphere administrative user name and its password twice. We just use the standard „wasadmin“ name.Click the „Next“ button to continue.

Check your settings and then click the „Finish“ button to save the new Deployment Plan.

You have now successfully created a Deployment Plan for the Sametime Meeting Edge Server installation.

The next step is to install the Sametime Meeting Edge Server.

Summary

In this step you install the Sametime Meeting Server secondary node for the Sametime Meeting Edge HTTP Proxy Server using the preconfigured settings in the deployment plan on the Sametime System Console.

STEP EIGHT: Install the IBM Sametime Meeting Server

On your Edge Box start a CMD line window and navigate to the Sametime Meeting Server install directory. We do this with the command: „cd \Install\SametimeMeetingServer“. Then start the Launchpad installer with the command „launchpad“.

Click the „Install IBM Lotus Sametime Meeting Server“ link.

Click the „Launch IBM Lotus Sametime Meeting Server 8.5.2 Installation“ link.

The Installation Manager is starting loading.

Just click the „Install“ icon to start the Sametime Meeting Server installation.

Check the „IBM Sametime Meetings server“ and „Version 8.5.2“ entries. They are unchecked by default. Then click the „Next“ button.

Accept the terms in the license agreement and click the „Next“ button.

Because we have already installed a WebSphere based Sametime Server on this box, (The Sametime SIP Edge Proxy Server) we can reuse the installed binaries. The installer detects this and checks the „Use the existing package group“. And therefore the path is greyed and can not be changed. Click the „Next“ button to continue.

We want to use the predefined Deployment Plan from the Sametime System Console. Click the „Next“ button to continue.

We don't want to use an other existing WebSphere Application Server installation so we just click the “Next” button.

Enter the Sametime System Console Server information and credentials to authenticate.In our example we use „sametime.renovations.com“ as SSC Server name and „wasadmin“ as the WebSphere Administrative User name. The last field is the host name where we want to install the Sametime Meeting Server. Here we use „edge.renovations.com“. Then click the „Validate“ button to check the connection to the System Console Server.

The connection to the Sametime System Console was successful when the button text „Validate“ changes to „Validated“. Click the „Next“ button to continue.

Select your Sametime Meeting Server Deployment plan that you have created in the previous step. We use our „Meeting Edge“. Then click the „Next“ button to continue.

Control the settings you received from the System Console. Then click the „Next“ button.

To start the installation click the „Install“ button.

The Sametime Meeting Server is now installing. This takes approximately 30 to 45 minutes. But because we already have the binaries installed and reuse this data, the installation is much shorter. It then takes only 15 to 20 minutes.

Now the installation is in progress....

Important to know...The Meeting Server can be clustered using the WebSphere Network Deployment. This can be configured and deployed with the Sametime System Console.The new Sametime Meeting Server consists of two components. - the Meeting Server - the Meeting HTTP ProxyClustering means that a meeting room is running only on one server at a time. The Meeting Proxy servers have the information on witch Meeting Server instance the Meeting Room is running and forward incoming requests to the right server. Meeting data are stored only in the database. In case of a fail over the Meeting Room will be started on another Meeting Server in the cluster immediately.

For external access a separate Sametime Meeting Server in your DMZ is recommended for better security.

You have now successfully installed the Sametime Meeting Server. Click the „Finish“ button and exit the Installation Manager and Launchpad.

Click “File” in the menue bar and then “Exit”.

In the Launchpad click again on “Exit”.

Click the “OK” button to close the Launchpad.

Close the CMD line window with the command “exit”.

Summary

In this step you create a Meeting cluster, add the new node on your Edge Server to the WebSphere Cell of your Sametime System Console and add it to the cluster.

STEP NINE: Use the Guided Activity in the Sametime System Console to federate the new installed Meeting Server node to the Deployment Manager and cluster it.

In your Sametime System Console click on “Sametime System Console” - “Sametime Guided Activities” and then on “Cluster WebSphere Application Servers”.

We want to cluster our Meeting Server installations. So select “Sametime Meeting Server” and click the “Next” button.

Enter a name for the cluster. We use “Meeting_Cluster”. Then click the “Next” button.The cluster name can not contain blank characters.

We want to use the “System Console” Deployment Manager. Select the entry and click the “Next” button.

Click the “Create cluster” button to create the cluster. This step can take 4 or 5 minutes. If the process takes too long and runs into a timeout, then you get a failure message here. Wait 2 minutes and click the button “Create cluster” again. Then it works mostly.

The cluster is now created successfully. Click the “Next” button to continue.

The secondary node is already federated to the cell. Click the “Next” button to continue.

To add the secondary node to the cluster click the “Add to cluster” button.

The secondary node is now successfully added to the cluster. Click the “Next” button to continue.

Now you have successfully clustered the 2 Sametime Meeting Servers. Click the “Finish” button to continue.

Summary

In this step you remove the installed meeting server. We only need the node installation for the Edge HTTP Proxy but we dont need the Server.

STEP TEN: Remove the newly created application server “Meeting Server”.

In your Sametime System Console – Integrated Solutions Console – click on “Servers” - “Server Types” and then on “WebSphere application servers”.

Check the check box near your new meeting Server “STMeetingServer1”. The one who is not running and installed on your edge box. Be sure to select the right one. Then click the “Delete” button.

Crosscheck that you have selected the right one. If yes, then click the “OK” button.

Save the last changes by clicking the “Save” link.

Summary

In this step you create a Meeting HTTP Edge Proxy on your Edge Server to forward incomming HTTP requests from Internet clients to your Sametime Meeting and Sametime Proxy servers in your Intranet.This step has to be done in your Sametime System Consoles Integrated Solutions Console.

STEP ELEVEN: Create the WebSphere Meeting HTTP Edge Proxy.

Click on “Servers” - “Server Types” and then on “WebSphere proxy servers”.

Click the “New” button to create the new HTTP Proxy server.

Select the node on your edge server “edgeSTMNode1” and enter a name for your Edge HTTP Proxy Server. We just use “STMeetingHttpEdgeProxy”. Then click the “Next” button to continue.

Uncheck the “SIP” property. In this server we only need HTTP. Then click the “Next” button to continue.

Save the last changes by clicking the “Save” link.

Summary

In this step you configure the ports used by your HTTP Edge Proxy Server and the Services for automatic startup with the Operating System.

STEP TWELVE: Post Install tasks for the WebSphere Meeting HTTP Edge Proxy.

Click on “Servers” - “Server Types” and then on “WebSphere proxy servers”.

Click the newly created “STMeetingHttpEdgeProxy” server.

On the right side click on “Ports”.

Click the “PROXY_HTTP_ADDRESS”.

Change the Port to “80” and click the “OK” button.

Now click the “PROXY_HTTPS_ADDRESS”.

The Installer has installed a service for an server that does not exist anymore. We first need to remove that service and then create the services we need.

In a CMD line window navigate to the directory WebSphere binaries directory with the command “cd \IBM\WebSphere\AppServer\bin”.

Remove the service with the command: “wasservice -remove STMeetingServer”.

Confirm that the removal was successful.

To create the right services we need the profile path in the command line. In your file explorer navigate to the directory “C:\IBM\WebSphere\AppServer\profiles\edgeSTMSNProfile1”. Copy the link into your dashboard with the “Ctrl-C” keycombination.

Now enter the command to create the service: “wasservice -add STMeetingHttpEdgeProxy -serverName STMeetingHttpEdgeProxy -profilePath C:\IBM\WebSphere\AppServer\profiles\edgeSTMSNProfile1 -stopArgs “-username wasadmin -password passw0rd” -encodeParams”.Check that the command was processed successfully.

Now enter the command to create the Nodeagent service: “wasservice -add STMeetingHttpEdgeProxy_NA -serverName nodeagent -profilePath C:\IBM\WebSphere\AppServer\profiles\edgeSTMSNProfile1 -stopArgs “-username wasadmin -password passw0rd” -encodeParams”.Check that the command was processed successfully.

Last step is to configure the dependencies between the 2 services. For that enter the command:“sc config “IBMWAS70Service – STMeetingHttpEdgeProxy” depend= “IBMWAS70Service – STMeetingHttpEdgeProxy_NA””.Confirm that the command was processed successfully.

You have now successfully created the required services. Set both to start automatic. Then restart the OS.

When the OS has been restarted after some minutes you should see that all services are started succesfully.

Summary

In this step you copy the TURN Server files to the Edge server and configure it.

STEP THIRTEEN: Install the TURN server.

First you need to check that JAVA is installed and in the PATH environment variable. Open a CMD line window and enter the command “java -version”. If you get back the version info, then all is ok. The JAVA Version should be 1.6 at minimum. Because we have installed 2 Websphere parts before, we already have the Java version we need.

If the command “java -version” does not return the JAVA version, then you need to set the System PATH environment variable correctly first.

Right Click on your “Computer” and then “Properties”. In the Properties Window click on “Advanced System Settings”

Click the “Environment Variables” Button.

In the “System Variables” part click the “Path” variable and then the “Edit..” button.

At the end of the path add “;C:\IBM\WebSphere\AppServer\java\bin”. Don't forget the Semicolon character at the beginning. Then click the “OK” button.

Click “OK” to close the window.

Click “OK” again to close the window. Then close the Control Panel.

In your File Explorer copy the “TURN_Server” directory from your Media Manager Install package to the destination folder you want. We copy the directory to “C:\IBM”.

Navigate to this new directory “C:\IBM\TURN_Server” and open the configuration file “TurnServer.properties” with notepad or wordpad.

Configure the TURN Server configuration file with the IP addresses who are used in your environment. In this example we use:turn.local.hostname.ipv4 “192.168.40.40”turn.allocation.hostname.ipv4 “192.168.30.50”turn.public.hostname.ipv4 “192.168.0.1”Andudp.turn.port “3478”Then save and close the file.

To start the TURN server open a CMD line window and navigate to the TURN Server directory with the command “cd \IBM\TURN_Server”. Then start the turn server with the command “run”.

The TURN server is now started and listens on the required ports.

Summary

In this step you configure your Sametime Media Manager to support NAT Traversal using the TURN server.

STEP FOURTEEN: Configure the TURN server.

On your Sametime Media Manager Machine open a File Explorer and navigate to the directory: “C:\IBM\WebSphere\AppServer\profiles\STSCDMgrProfile\config\cells\sametimeSSCCell\nodes\sametimeSTMSNode1\servers\STMediaServer”.Here open the file “stavconfig.xml” using your Wordpad. (we need to edit the file so a browser wont work)

Find the setting “NATTraversalEnabled” and set its value to “true”. Then save and close the file.

To synchronize this change to the Sametime Media Manager go to your Sametime System Console – Integrated Solutions Console and click on “System Administration” and then on “Nodes”.

Check all nodes and click the “Full Resynchronize” button.

Then click on “Sametime System Console” - “Sametime Servers” and then on “Sametime Media Managers”.

Click your “Media Manager”.

Go down to the “NAT Traversal” settings. In the “UDP host name” field enter the edge server host name “edge.renovations.com”. Then click the “OK” button.

To apply the changes just restart the Sametime Media Manager by restarting the “STMediaServer” service.

Next is to implement a Service to start and stop the TURN server automatic during OS startup and to run the TURN server in the background.

Stop your running TURN server now by clicking the “Ctrl-C” key combination. Then just hit the “Y” key and then Enter.

For that you need a small tool called “SRVANY.EXE”. This tool is in the Microsoft Windows Resource Kit for the Windows Server 2003. Take a Windows 2003 Server, download the resource kit from Microsoft and install the kit. Then copy this file from the resource kit to your Windows OS into the directory “C:\Windows\system32”. (This can be Windows 2003 or 2008, 32 or 64bit. It works in all versions)

To create the service open a CMD Windows in Administrator mode and enter the command: “sc create “IBM Sametime TURN Server” binPath= “C:\Windows\System32\srvany.exe”

Don't forget the space between the “binPath=” and the path.

Now you need to configure the service. This can be done only in the Registry Editor. Open your regedit and navigate to the key of your new service: “HKEY_LOCAL_MACHINE” - “SYSTEM” - “CurrentControlSet” - “Services” - “IBM Sametime TURN Server”

Create a new key by clicking “Edit” - “New” - “Key”.

Give the new Key a name. Enter just “Parameters”.

Next is to enter the Parameter String. For that a String Value field is required. Click on “Edit” - “New” - “String Value”

Enter the name for your new String Value. Enter “Application” here.

Now double Click into the “Application” String Value to enter the content string.

Enter the string: “java.exe -Djava.util.logging.config.file=c:\IBM\turn_server\logging.properties -cp c:\IBM\turn_server\TurnServer.jar;c:\IBM\turn_server\ICECommon.jar com.ibm.turn.server.TurnServer”

Be sure that you have entered the string correctly.

The Service runs the JAVA command out of the “C:\Windows\System32” directory. And this requires that the TURN Server Properties file is there as well. So copy your “turnserver.properties” file from your “C:\IBM\TURN_Server” to your “C:\Windows\System32” directory.

Your Service is now ready to use. Just configure it to start Automatic and then start it.

Your TURN Server Service is now configured and started.

Summary

In this step you use your Browser and a Sametime Connect client to access your Sametime System from the Internet thrugh a NAT traversal firewall.

STEP FIFTEEN: Test all Edge components.

Install a Sametime Connect client in the public network and connect it to “chat.renovations.com” for community services. Tthis DNS host name should be routed to your Edge server in your public DNS.Login with a user in your LDAP. You should see that you are online and that you have connectivity to your Media Manager when the Audio and Video icons appear.

Configure the Sametime meeting server “meeting.renovations.com” to access your meeting rooms. This host name should point to your Edge server as well in your public DNS.

If you attend a meeting room with someone in your Intranet you should see Audio and Video works.

Next test is to access the URL “http://meeting.renovations.com” in your browser.

You should be redirected to the “../stmeetings” page.

Next test is to access the URL “http://webchat.renovations.com” in your browser.

You should be redirected to the “../stwebclient/index.jsp” page.

Summary

In this step you create the DB2 Database for the Sametime Gateway.

STEP SIXTEEN: Create the DB2 Database for the Sametime Gateway.

You need to copy the DB2 Database creation script “createDb.sql” from the Install directory “C:\Install\SametimeGateway\database\db2” to your DB2 server machine. We copy it to “D:\Install” on this box..

Open a CMD line window, navigate to the “D:\Install” directory and enter the command “db2cmd”.

A new CMD line window opens. This window now has the environment to run the DB2 Database installation script. Enter the command “db2 -tvf createDb.sql”.

It takes some time until the database is created and configured. Confirm that you can see all commands completed successfully.

Summary

In this step you create a DB2 Prerequisite for your Sametime Gateway DB2 database to be used in the Sametime System Console.

STEP SEVENTEEN: Create the DB2 Prerequisite in the Sametime System Console for the Sametime Gateway database.

In the Sametime System Console click on “Sametime System Console” - “Sametime Prerequisites” and then on “Connect to DB2 Databases”.

Click the “Add” button to add your new database.

Enter the data in the form:Host name: “sametime.renovations.com”Database name: “stGW”Application user ID: “db2admin”Application password: password of your db2admin userThen click the “Finish” button.

Your Sametime Gateway DB2 database is now successfully added to the prerequisites in your Sametime System Console.

Summary

In this step you enable your Sametime Gateway to connect to your Sametime Community Server.

STEP EIGHTEEN: Enable Trust for the Sametime Gateway in the Sametime Community Server.

Open the Sametime System Console, and navigate to the Sametime Community Server by clicking on „Sametime System Console“ then „Sametime Servers“ and then „Sametime Community Servers“.

Click the link to your Community Server. We click on „Chat Server“ because this is our name for the Community Server Deployment Plan.

Enter the IP address of the Server you want to allow connecting to the Sametime Community Server. In this example we use the IP „192.168.30.60“ for the Sametime Gateway Server and then click the “Add” Button.

We have now added the required IP addresses for the Sametime Gateway. Now click the “OK” button to continue.

Now restart the Sametime Community Server by entering the command „restart server“ in the Domino Console window. Never use this command in a production Sametime server because it can happen that not all Sametime tasks are stopped before the domino server restarts. This can cause massive problems for starting the Sametime Services. Stop your Domino Server using the “Quit” command or by stopping the “Lotus Domino Service”. Wait until all ST... Tasks disappeared in your TaskManager. Then restart the Domino Server again.

It takes up to 5 Minutes until the Sametime Community Server is completely restarted and all 41 Sametime tasks are again active.

Summary

Complete these steps to install Sametime® Gateway as a single server on Windows®, to create an administrative user ID for WebSphere® Application Server, and to connect to an LDAP server. This installation program installs WebSphere Application Server and Sametime Gateway.

STEP NINETEEN: Install the Sametime Gateway.

Open a CMD line window and navigate to the directory “cd \Install\SametimeGateway”. Then enter the command “install.bat”.

The Install Shield Wizard is starting up.

Select your preferred language. We use “English”. Then click the “OK” button.

Accept the terms in the license agreement and click the “Next” button to continue.

We want to install a “Standalone server”. Then click the “Next” button to continue.

We need to select the WebSphere installation files directory. Click the “Browse” button to continue.

Select the directory “ifpackage” under the directory to where you have unpacked the WebSphere Application Server install package. Click the “Open” button to continue.

As always in this example installation – remove “\Program Files” please. Then click the “Next” button to continue.

Confirm that your host name is listed correctly. Then click the “Next” button to continue.

Enter the user name for your WebSphere Administrator. As for other WebSphere based servers before, this user must not exist in your directory. We use our standard user name “wasadmin”. Enter the password for this user twice. Then click the “Next” button to continue.

As always in this example installation – remove “\Program Files” please. Then click the “Next” button to continue.

In this screen we need to configure the DB2 server and database properties. We use:DB2 Host name: “sametime.renovations.com”Database name: “stGW”Application User ID: “db2admin” and its passwordSchema User ID: “db2admin” and its passwordThen click the “Next” button to continue.

Yes, we want to configure the LDAP settings now. Then click the “Next” button to continue.

The Host name in our example is “ldap.renovations.com”. And the Port is “3268” because it is an Active Directory Server. Then click the “Next” button to continue.

The Bind distinguished name in our example is “cn=LDAP Bind,cn=users,dc=ad,dc=renovations,dc=com”. Enter the password of this user in the Bind password field. Then click the “Next” button to continue.

Theis are the detected baseDN settings retrieved from our AD LDAP. If using another LDAP like Domino LDAP, then this screen can be different. We use the default “DC=ad,DC=renovations,DC=com”. Then click the “Next” button to continue.

Click the “Install” button to start the installation.

The Sametime Gateway including the base WebSphere Application Server is now installing. This task takes approximately 15 minutes.

The installation has finished successfully. Click the “Finish” button to continue.

Summary

In this step you install the WebSPhere Update Installer and install some WebSphere iFixes that are required by the Sametime Gateway. Then you create the service to start the Sametime Gateway automatic with the Operating System.

STEP TWENTY: Post Install tasks for the Sametime Gateway.

You need to unzip the installer for the WebSPhere Update installer first. Unzip the zip file for your Operating System. In our example we use Windows. So we unzip the file “7.0.0.15-WS-UPDI-WinIA32.zip”.

Open a CMD line window and navigate to the directory where you have unpacked the UPDI install files. We just use the command “cd \Install\SametimeWASiFixes\WebSphereUPDI\UpdateInstaller”. Then start the installer with the “install.exe” command.

Accept the terms in the license agreements and click the “Next” button to continue.

Confirm the System Prerequisite Check is passed. Then click the “Next” button to continue.

As always we recommend to remove the “\Program Files” part in the Path. Then click the “Next” button to continue.

The Update Installer is now installing.

Confirm that the installation was successful. Mark the check box to launch the Update installer. Then click the “Finis” button to continue.

We need to change the directory path where the iFixes can be found. Click the “Browse” button.

Change to the directory where you have unpacked the iFixes. We use “C:\Install\SametimeWASiFixes\WebSphereiFixes”. Then click the “Open” button.

The WebSphere iFixes are now installing.

Confirm that all iFixes where installed successfully. Then click the “Finish” button to continue.

To create the service we need the profile path. Open a file explorer and navigate to this directory “C:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile”. Then copy this path into your dashboard using the Ctrl-C key combination.

Now start a CMD line window. There navigate to the WebSphere binaries directory with the command: “cd \IBM\WebSphere\AppServer\bin”. Then enter the command to create the service:“wasservice -add RTCGWServer -serverName RTCGWServer -profilePath C:\IBM\WebSphere\AppServer\profiles\RTCGW_Profile -stopArgs “-username wasadmin -password passw0rd” -encodeParams”Confirm that the service creation was successful.

The Service was created and can be seen in the services view.

Set the service to “Automatic” in the preferences. Then start the service.

The Sametime Gateway Service has started successfully.

Summary

After installing an IBM® Sametime® Gateway server on IBM AIX®, Linux™, Sun Solaris, or Microsoft™ Windows™, register it with the Sametime System Console, so you can manage all of the Sametime servers from a central location.

STEP TWENTYONE: Register the Sametime Gateway in the Sametime System Console.

This registration requires to configure two preferences files and then run a registration batch file. Open a file explorer and navigate to the directory “C:\IBM\WebSphere\STgateway\console”. There open the file “console.properties” in a notepad session.

Configure the parameters:SSCHostName “sametime.renovations.com”SSCUserName “wasadmin” and its password.Then save and close the file.

Next is to open the file “productConfig.properties” in your notepad.

In this file you need to enter several variables:DepName “Sametime Gateway” (or whatever you want to name it in your SSC)WASPassword Enter the password of your local wasadmin user in the Gateway.

Enter the passwords of your “db2admin” user and of your “LDAP Bind” user.

Enter the DNS FQ Host name of your Sametime Community Server. We use “chat.renovations.com”. The Port is “1516”.Important is to set the flag “IsFederated” to “true”. Otherwise the registration can fail.Save and close the file.

Open a CMD line window and navigate to the console directory with the command “cd \IBM\WebSphere\STGateway\console”. Then start the registration bat with the command “registerProduct.bat”.

Just hit the ENTER key...

The registration has finished. Confirm that it has completed successfully.

Summary

Connect a local Sametime® Community Server or Sametime community cluster to Sametime Gateway to enable Sametime users to have instant messaging with external users.

Important: You can only connect one gateway to a community; otherwise the awareness and chat features may not work properly. Likewise, you can connect only one local Sametime community to Sametime Gateway. You must add the local community to Sametime Gateway before you add external communities.

STEP TWENTYTWO: Connect the Sametime Gateway to the local Sametime Community.

In your Sametime System Console click on “Sametime System Console” - “Sametime Servers” and then on “Sametime Gateway Servers”.

Click on “Communities”.

Click the “New” button.

Fill the form with your data. For the Name we just use “Renovations”. The Domains should contain your local internet e-mail domains. We use “renovations.com”. The Sametime Community Host is “chat.renovations.com” in our example. Then click the “Apply” button.

The local community has been added.

Restart the Sametime Gateway by restarting the RTCGWServer service.

After the restart you should see in your Sametime System Console that the local community is connected.

Summary

Add an external Sametime® community to IBM® Sametime Gateway. You connect to a Sametime community by specifying domains in the external community, selecting a translation protocol, and setting the host name, port, and transport protocol for the external community.

STEP TWENTYTHREE: Connect the Sametime Gateway to an other Sametime Community.

To connect to an external Sametime Community click the “New” button in your Sametime System Console.

We have already prepared a partner community with a working Sametime Gateway. We need to fill the connectivity data to this community now.Name “IBM”Type “External”Domains “ibm.com”Protocol “SIP for Sametime Gateway”Host name “gateway.ibm.com”Port “5060”Transport “TCP”then click the “OK” button.

It is again required to restart the gateway server by restarting the “RTCGWServer” service.

The Gateway is restarted and connected to the internal and external Sametime community.

Summary

In this step you allow your Sametime Clients to add external users to their contact lists.

STEP TWENTYFOUR: Enable the clients to use the Sametime Gateway.

In your Sametime System Console click on “Sametime System Console” - “Manage Policies”.

Edit the default policy by clicking the “Edit” button.

Check the check box “Allow users to add external users using the Sametime gateway communities”.

On the bottom of the form click the “OK” button to save the policy changes.

Restart the Sametime Community Server with the console command “restart server”. You know don't use this command in a production environment.

Summary

You are done with installing and configuring all the Edge components. Now you want to know if all works. Here we test the Sametime Gateway functionality.

STEP TWENTYFIVE: Test the Sametime Gateway with the Sametime Client.

In your Sametime Connect Client click the “Add Person” button.

Because of the policy change you can add external users now.

Check the check box to “Add external users by E-mail address” and enter a valid E-mail address from your partner community. We try it with the name “dan.misawa@ibm.com”.

Then click the “Add” button.

The user is now added. Some partner gateways require a permission by the partner. Click the “OK” button.

Close the “New Contact” dialog with the “Close” button.

Wow, it works. You partner user is shown as online and you kan chat with him now.

Additional Steps after the installation:Some additional Tuning steps can be done after all components are installed. You should consult the Sametime Product Documentation in the Internet about this steps here:http://www-10.lotus.com/ldd/stwiki.nsf/dx/Tuning_st852

If you want to implement SSL to access your Sametime Meeting or Sametime Proxy Server, additional configuration steps are required. See the Lotus Sametime InfoCenter for more details or contact the author of this document.

Automatic URL redirection to https (SSL) can be configured. To get the install instructions you can contact the author of this document.

If you want to connect your Sametime Gateway to AOL, then a trusted certificate is required. This needs to be bought from a public certificate authority.

If you want to connect your Sametime Gateway to Google, then you need some special XMPP records in the public DNS.

You can connect your Sametime Gateway to a Microsoft Office Communication Server community or other XMPP based communities (Jabber)

See the Sametime documentation for more information.http://www-10.lotus.com/ldd/stwiki.nsf/xpViewCategories.xsp?lookupName=Product%20Documentation

The first part (Basic installation) of this documentation can be found here:http://www-10.lotus.com/ldd/stwiki.nsf/dx/IBM_Sametime_8.5.2_Installation-From_Zero_To_Hero-Basics

Ports to access the Integrated Solutions Console of the particular Servers

This are the standard ports when the servers are installed with the Cell profile method.

HTTP HTTPSSametime Meeting Server 8500 8501Sametime Proxy Server 8600 8601Sametime System Console 8700 8701Sametime Media Manager 8800 8801

In this Pilot we only need the Sametime System Console and Sametime Media Manager ports for all administrative work in WebSphere and Sametime.

Legal Disclaimer

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.

IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.

Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.

Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

UNIX is a registered trademark of The Open Group in the United States and other countries.

Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both.Other company, product, or service names may be trademarks or service marks of others.

IBM Sametime 8.5.2 installation - From Zero To Hero - Edge Components 18.12.2011

Technology