Andy Higgins, IMCollaboration

Sametime from the Administrator side

Sametime Administration

• Server Administration

• Setup

• Management

• User Administration

• Buddylist conversion

• Stand-alone or Embedded – it makes a difference

• Plugins

Server Administration - Setup

• Check out “Sametime – zero to hero”

• LDAP “mail” attribute

• WAS properties and Wimconfig

• LDAP with SSL

• Ports used – e.g. SIP registration uses 5080/5081

• Foreign characters in passwords

• Windows 2008 IPv6 issues – make sure it’s turned off

• Make sure the servers are all pingable

• On Windows 2008 server “Run as Admin”

ST – server deployment and upgrades

Order of deployment

• Upgrade to LDAP-based ST Community 8.5.2 server first (with mail

attribute!) and convert buddylist

• DB2 server

• ST Console – register Community server with Console

• ST Meeting server

• ST proxy server can go on Console server

• ST Media server should go on it’s own server

• All servers at least dual proc with 4GB RAM – meeting (DB2) server needs

disk space

Server Administration -Management

• Policies – they’ve been moved

• WAS management - similar to Domino

• Deployment Manager, Nodes and Application servers –how do they work with Sametime?

• Security – allows directory authentication, searching and SSL certificate management

• Users and Groups

• Debug

• Media server is special

• SPNEGO authentication

Websphere CELL

A Cell is a virtual unit that is built of a Deployment Manager and one or more nodes.

WAS - explained

The Deployment Manager is a process (in fact it is an special WebSphere instance) responsible for managing the

installation and maintenance of Applications, Connection Pools and other resources related to a J2EE environment. It

is also responsible for centralizing user repositories for application and also for WebSphere authentication and

authorization.

The Deployment Manager communicates with the Nodes through another special WebSphere process, the Node

Agent.

The Node is another virtual unit that is built of a Node Agent and one or more Server instances.

The Node Agent it the process responsible for spawning and killing server processes and also responsible for

configuration synchronization between the Deployment Manager and the Node. Extra care must be taken when

changing security configurations for the cell, since communication between Deployment Manager and Node Agent is

ciphered and secured when security is enabled, Node Agent needs to have configuration fully resynchronized when

impacting changes are made to Cell security configuration.

Servers are regular Java process responsible for serving J2EE requests (eg.: serving JSP/JSF pages, serving EJB

calls, consuming JMS queues, etc).

And to finish, Clusters are also virtual units that groups Servers so resources added to the Cluster are propagated to

every Server that makes up the cluster, this will in fact affect usually more than a single Node instance.

Thanks to Rafael Ribeiro from IT Developer World !!

WAS Concepts

WAS clustering

Don’t forget the load balancer !!

Sametime 8.5 clustered Domain

WAS menu items

At a pinch, the only places you really need to know about are the ones in red above

WAS Security

Allows LDAP access for directory authentication and searching plus SSL certificate management

WAS LDAP access

WAS Users

Check directory access by listing users

WAS users

Note that what gets returned is actually not correct (long-term bug in display only)

ST Media server

User Administration - buddylist

Buddylist conversion – ST convert

Buddylist manipulation (www.epilio.com)

Ensure you set PC.ini for:

• Buddylists from serverbuddyListContactPref=replaceLocal

• Don’t ask the usershowBuddyListConflictDialog=false

User Administrationclient configuration

Rolling out users

• Stand-alone client

• Push methods: Plugin_Customization.ini & Managed_settings.xml

• Embedded client

• Notes 8.5.2 embeds ST 8.0.2 by default

• Need additional embedded plugin for ST 852

• Push methods: Plugin_Customization.ini & Managed_settings.xml

• Additional push options – Domino Policy & Eclipse advanced options

User administration

User setup

• Domino Policy (embedded only) – manages the ST

community server and the SSO policy

• Plugin_customization.ini

• Case sensitive!!

• Special for 8.5.1.1

• Managed_settings.xml

• Sametime policy – manages other ST parameters

Domino ST Policy

Sametime community server defined here

Domino ST IM policy

Sametime server defined here with SSO options too

The policies here were for older versions of the embedded client and today the way to do it is using plugin_customization.ini

Resetting the community server

This will work for both stand-alone and embedded users but is actually the only way you can force the change on the Stand-alone client without a re-install

Key change in V8.5.1.1 ST client

There was a key change made in the latest Sametime

8.5.1.1 client which allows the plugin_customization.ini

to be read during the Notes client startup vs only one

time when the client is reset. This allows

administrators to push out the plugin_customization.ini

to the client and when the client restarts, it'll read the

file.

So in effect, the best way to manage these settings as

we move forwards is with the plugin_customization.ini

file

Policy - Eclipse

I haven’t seen these work successfully yet

Plugin_Customization.ini

File found in “C:\Lotus\Notes\framework\rcp” for embedded client

or “C:\Lotus\Sametime Connect\rcp” for standalone client

com.ibm.collaboration.realtime.community/savePassword=false

com.ibm.collaboration.realtime.community/loginByToken=true

com.ibm.collaboration.realtime.community/loginAtStartup=true

com.ibm.collaboration.realtime.community/name=STCommunity

com.ibm.collaboration.realtime.meetings/hideLegacyMeetingUI=true

com.ibm.collaboration.realtime.community/host=community.server.com

com.ibm.rcp.managedsettings.provider.file/URL=http://community.server.com/sameti

me/managed-settings.xml

com.ibm.collaboration.realtime.community/defaultAuthType=TAM_SPNEGO

com.ibm.collaboration.realtime.community/authServerUrl=http://auth.server.com/sno

op/snoop

com.ibm.collaboration.realtime.community/useAuthServer=true

Additional question to IBM – which managed-settings do we use when we have one

here in the PC.ini file and there is one in ST policies too?

Managed_settings.xml

<ManagedSettings>

<settingGroup name="com.ibm.collaboration.realtime.meetings">

<setting name="hideLegacyMeetingUI" value="true" isLocked="true"/>

</settingGroup>

<settingGroup name="com.ibm.rtc.meetings.shelf">

<setting name="serverName" value=“meeting.server.com"/>

<setting name="serverPort" value="80"/>

<setting name="useHTTP" value="true"/>

<setting name="communityServerName" value=“chat.server.com"/>

<setting name="useCommunityCredentials" value="true" />

</settingGroup>

</ManagedSettings>

Sametime Policy

Sametime user policies

Sametime policies

• User must set this community as the default server community

• Allow user to add multiple server communities

• Allow user to add external users using Sametime Gateway communities

• Allow user to save chat transcripts

• Automatically save chat transcripts

• Etc….

Plugins

Check out this link:

Deploying Plug-ins and Widgets for Lotus Notes and Sametime

WAS install issues

Check out this link to IBM documentation on WAS install errors

Using the Console

A good link to Console information

Contact details

Andy Higgins

andy@imcollaboration.com

++1 (512) 426-6142

www.imcollaboration.com

http://sametimedg.blogspot.com/