IBM® Lotus® Sametime® System Console - The New Browser-based Dashboard for Managing your

Sametime® Infrastructure

Michael Herring, Development Lead, Sametime System ConsoleBhavuk Srivastava, Senior Software Engineer

2

Agenda● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

3

IBM® Lotus® Sametime® 8.5: Introduction A key goal of the 8.5 release is to improve the deployment and administration

experience for Sametime products– Sametime System Console (SSC): Centralized deployment coordination and

administration for Sametime product line.

Sametime Connect Client

Browser Client

Mobile Client

IPNetwork

Presence, ChatAlerts, Invites, Legacy Meeting

Content

Presence, Chat, Alerts, Invites,New Meetings content/media

Federated Presence/Chat,A/V Control signalling

A/V Media

SametimePresence/

IMSametimeLegacy

Meetings

SametimeNew Meetings

SametimeMediaServer

SametimeGateway

SametimeSystem Console

Dom

ino®

Web

Sph

ere®

DB2®

LDAPHTTP

SIP

RTP

VP

Custom App Client

SametimeProxy

4

Lotus® Sametime® 8.5 System ConsoleCentralized configuration and policy management

Sametime Presence/IM

Sametime Meetings

Sametime Media

Sametime Proxy

Server

Sametime Gateway

5

Core Capabilities• Manage Prerequisites.

– System console manages all needed info for prerequisite components.– No more install/reinstall of DB2 (for example) for each separate offering.

• Centralize Configuration.– Setup & testing of things like LDAP centralized in a single location, instead of

various wizards in different installers.

• Facilitate Deployment Planning.– Mechanism to plan the Sametime server deployment – Installation of server nodes is simpler, as the shared configuration already

exists. Server installers are “headless”, and need no input from user.

• Single Point of Action for Administration Tasks– Example: Policy is managed from a single place; is easily made inclusive of all

product line components policy needs.

6

Agenda● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

7

WebSphere® Application Server● Application Server - Supports and hosts user applications. Runs on only

one node, can support many application servers.

● Node - Logical group of server-managed processes that share a common configuration repository.

● Cell - Grouping of nodes into a single administrative domain, all nodes are administered from a deployment manager server.

● Deployment Manager – Allows the administration of multiple nodes from one centralized location.

● Node Agent - Works with the deployment manager to perform administrative activities on the node.

8

WebSphere® Application Server● Cluster -A group of servers that are used for the same purpose and are

identified by a single host name.▬ Horizontal Cluster - Cluster members are on multiple nodes in a cell.▬ Vertical Cluster - Cluster members are on the same node in a cell.

● Federation – Process by which a node becomes part of a cell ▬ A node agent server is created on the node to manage the WebSphere

Application Server environment on that node.● Integrated Solutions Console

▬ Provides a single, common interface for system administration. ▬ Provides the main platform on which IBM and non-IBM products can build

administrative user interfaces as individual plug-ins to a common console framework.

9

Deployment Manager

NodeNode

Node

Node Agent

Node Agent

Application Servers

Application Servers

Cell

WebSphere® Application Server Deployment

10

Cell Profile

● Creates a Deployment Manager Profile and a federated Application Server Profile

● Internally, 2 profiles are createdDeployment Manager profile Application Server profile

● The Application Server is federated to the cell of the Deployment Manager.

● Deployment Manager and Application Server reside on the same system.

11

IBM® Rational® Installation Manager - IM● Eclipse run-time based program to manage entire life-cycle of

product packages

▬ Installation▬ Updates▬ Roll Back▬ Modification▬ Uninstall

12

Agenda● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

13

System Console Server● Built on J2EE technology

● Extension to IBM® Integrated Solutions Console

● Built purely on open standards ▬ XML ▬ HTTP/HTTPs – For some administrative communication ▬ SOAP for all admin related functions ▬ JDBC for all database operations▬ JNDI for all LDAP requests

14

Deployment Manager

Architecture Illustrated

SSC Application Server

System Console Server

DB2

SSC PortletsJMX(MBean)

COMMUNITY

MEDIA

PROXY

MEETINGS

REST API (HTTP)

SSC Admin

REST/JMX

LDAP Community SSC Registration

Utility

JDBC

15

General Concepts - LDAP

Sametime Community is defined by its directory

● Directory choice - LDAP (Domino®, IDS, SunOne, ActiveDirectory, Novell, ADAM)➢ Same directory configuration

● Synchronized LDAP configuration between System Console and Sametime server

● Supports multiple federated repositories

● All servers work from common view of directory and share information in that context➢ Same search filters, login attributes

16

LDAP – Simplified User Experience

17

General Concepts - Database

● Aims to provide a single view of database planning and management.

● Sametime deployment information storage

● Provides validation of the datasource being used for products.

● Auto registration of System Console database.

18

General Concepts - Deployment● Deployment framework is the heart of the System Console application server

● Provides the capabilities of planning and building the Sametime deployment

● Built on schema based deployment description templates and extensible design model. ● Makes the installation of server nodes simpler, as the shared configuration already exists.

● Supports both Domino® and WebSphere® based product ● for e.g. Sametime server, New Meetings server

● Performs validation on deployment object (product servers, LDAP, etc)

● Handles the product server's and pre-requisites relationship and inter-dependencies.

19

Service Layer APIs

Deployment Product(Meetings)

Deployment Product(Media)

Deployment Product(Community)

System Console Server Run Time Engine

XMLDocuments

Deployment Framework

20

General Concepts - Clustering● Sametime System Console provides a user friendly Clustering tool

● Step by step Guided Activity to cluster WebSphere® Application Servers

● Performs validation prior to creating the cluster

● Domino clusters are registered manually using Post Install Registration utilities.

● SSC Deployment Manager can be used as the DM for any Sametime product● Can be shared between multiple products. (One DM for all Sametime servers)● Product dedicated Deployment Managers can also be used

● All tasks including federation are driven from the System Console browser● No switching back and forth between servers to build the Cell

21

Plan and Build- Guided Activities

Guided Activities- The Basics

Guided Activities (GA's) are used to collect information about customer's environment that is used to install and configure products

• Provides cross product validation to reduce occurrences of post-install configuration issues

• Guided activities validate most required input before install time− Disk space, paths etc are validated by installer

• Allows for less user input, since information already known by SSC is not asked for in detail (LDAP settings, etc), reducing human error

22

Plan and Build Planning starts from the System Console using the Guided Activities

Set up Pre-requisites (LDAP, DB2®) Plan Sametime Installations Run Installation Manager to install the product

• Connect to System Console to retrieve Deployment Plan Once a product is installed, the System Console can administer the product

remotely

Some products require other products to be installed prior to planning the installation

Example: Sametime Proxy requires Sametime Community to be installed

23

Plan and Build Pilot Deployment

Small deployments used to test features• Use 'Cell Profile' selection in Guided Activity to install

− This was what most beta customers did− Cell Profile may be used to expand to a cluster later

Clustered Deployment Multi-System deployments used for failover and load balancing

• Vertical clusters contain many servers on a single node (the 'Primary Node')

• Horizontal clusters contain one server on each node in the cluster− Most common cluster topology

24

Plan and Build Building a Cluster

Plan and Install the Product Nodes

Use the System Console Clustering Guided Activity to federate nodes, create the Cluster, and add additional Cluster Members

System Console will provide step by step guide to create a complete cluster Deployment which will be administered using SSC.

25

Retrieving Plans from System Console

26

General Concepts – Product Registration

● Set of command line tools/utilities for registering products into SSC

● Powerful and useful stuff for administrators.➢ Product can be registered after an upgrade to 8.5 ➢ Product can be registered if it was installed without using a Guided Activity.

● A product server must be registered with the SSC in order for it to be administered.

● All 8.5 product installers lay down these utilities

● Can be found in <product install root>/console directory

● Only 8.5 products can be administered from SSC

27

Stand-alone Server Registration and Unregistration

WebSphere® Based products

● registerProduct.bat/shTo register stand-alone product servers (Meetings, Proxy, Gateway, Media) with SSC.

● unregisterWASProduct.bat/shTo unregister product server from SSC

Domino® Based products

● registerSTServerNode.bat/shTo register Community server with SSC.

● unregisterProductNode.bat/shTo unregister Community server from SSC.

28

Cluster Registration and Unregistration

WebSphere® Based products

● registerProduct.bat/shTo register a product cluster with SSC

● removeWASClusterRegistration.bat/shTo remove registration of product cluster from SSC

Domino® Based Product

● registerSTCluster.bat/shTo register Community/Domino server cluster with SSC.

● removeClusterRegistration.bat/shTo remove Community/Domino cluster from SSC

29

General Concepts - Policy

● 8.5 has introduced an enhanced user policy model for all products

● Any product that is administered by the SSC has the same user policy in effect

● Model is based on weights- the document with the highest number that is applied to the user or his/her groups is the policy that is applied to that user (no inheritance model)

● Tools available to look up a user's policy by product

● Policy information is stored in the SSC database➢ Meetings accesses this information directly from the database➢ Community server keeps a cache and updates periodically from SSC

➢ Proxy and Media Manager use Community for Policy info

30

General Concepts - Administration Provides a consolidated administration interface for all Sametime products

Provides secure communication between products and System Console using a common framework model

One interface to administer Policies for all Sametime products

New weights-based model allows administrators to easily set Policy ordering

Easy view of all policies that apply to users and groups

Policy interface is dynamically generated based on policy templates

31

Administration Using the System Console

32

Sametime Infrastructure

33

Agenda● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

34

Agenda● Introduction

● Experience the platform

● Deep Dive

● Lets see it Live

● Tips and Tricks

35

Tips and Tricks● While creating plan for a product or installing the product, make sure all the

servers should be reachable from each other.▬ Add hosts entries in all servers if not present in DNS.

● While creating databases, make sure same database is not shared between two products.

● While getting plan from SSC from installer, if the connection is too slow, you may have to increase the time-out period.

▬ Create an environment variable ST_SSC_CONNECT_TIMEOUT=60/120 (Time in secs)

● Do not include "=" signs in Deployment name in productConfig.properties required for registration.

● LDAP details need to be entered it productConfig.properties file while registering Gateway server

36

● To change an existing LDAP for a product Server(e.g. Sametime Meetings)▬ Add a new LDAP with SSC, and manually configure with meeting server

● To register Secondary Node using registration utilities, DB and LDAP host entries should be entered manually before registrations

● How to install IBM Lotus Sametime Community Server on pure IPv6 machine.▬ For pure IPV6 environment

▬ Through installer install Community Sever without SSC.▬ Later register this server with SSC using utility.

▬ For mixed environment (IPv4 and IPv6) look at the document here:▬ https://idoc2.swg.usma.ibm.com/sametime/index.jsp?topic=/

com.ibm.help.sametime.v85.doc/install/inst_config_chat_ipv6_deployplan.html

Tips and Tricks - contd.

37

● All error messages get logged to the SystemOut.log on the SSC dmgr and STConsoleServer, occasionally the nodeAgent.

● Location for SSC server logs▬ ISC Portlets - Client side logs

▬ <WAS_INSTALL_ROOT>\profiles\STSCDMgrProfile\logs\dmgr▬ SSC Server – Server side logs

▬ <WAS_INSTALL_ROOT>\profiles\STSCAppProfile\logs\STConsoleServer

● Location for SSC client registration utility▬ <Product_Install_Location>\console\logs

▬ e.g. C:\WebSphere\STServerCell\console\logs

● For any issues related to authenticaiton/security, ▬ check deployment manager logs

Troubleshooting

38

Troubleshooting - contd.● The most common problem is that the servers are not started properly.

SSC is a cell profile- this means it has a dmgr, a node agent, and an application server, all 3 need to be running for proper functionality.

▬ startManager.bat(sh)▬ startNode.bat(sh)▬ startServer.bat(sh) STConsoleServer

● Make sure there is no clock skew between servers. ▬ Possible error security tokens no longer valid.

● Creating more than one plan for community server on single machine is invalid.

▬ SSC will not validate Domino credentials in this scenario

39

● All SSC errors start with 'AIDSC' followed by a 4 digit number▬ e.g. 'AIDSC1234E'. Look for these errors first when debugging SSC errors

● LDAP known issues▬ saMAccountName attribute for Active Directory should not be used - enter

uid instead, it will map accordingly to this attribute.

▬ Admin name used for WebSphere should not match a username in the LDAP

Troubleshooting - contd.

40

● Troubleshooting Federation▬ Federation adds the nodes into the dmgr's cell. Most issues with clustering

in 8.5 are around federation.

▬ Before federation there is some validation in the Guided Activity to prevent users from running into problems (clock sync issues, etc.)

▬ Debug as a normal WAS addNode command▬ check addNode.log, on the nodes in logs directory

▬ Check for product technotes for all known issues that we may have skipped here...

Troubleshooting - contd.

41

● Troubleshooting other Clustering issues▬ Ensure that all nodes have been synchronized before restarting the node

agents.

▬ Occasionally the deployment manager will have to be restarted in the middle of the clustering guided activity,

▬ Guided Activity will tell you when it is appropriate to do so. ▬ You can pick up where you left off by using the 'Modify Existing

Cluster' option.

▬ All Clustering Guided Activity actions will log to the deployment manager's SystemOut.log.

▬ The Clustering GA will print error messages to the browser for the most common user errors

▬ (clock sync issues, node not started, etc)

Troubleshooting - contd.

42

● Policy Issues▬ Use the tool in SSC to check which policy is applied to a user

▬ If policies are not in effect for Community users, check that it is configured to use SSC in the sametime.ini

▬ POLICY_DB_BB_IMPL=com.ibm.sametime.policy.databasebb.xml.DbXmlBlackBox

▬ (all one line)

▬ If settings change was recent, community server will refresh after 1 hour, or you can restart the community server and it will refresh its cache upon startup

Troubleshooting - contd.

43

● Installation issues▬ It is always good to use shorter install path names as WAS allows only 80

characters for the profile path name

▬ Make sure that the LDAP/DB2® hostnames are reachable from the product machines during installation

▬ Sometimes it is required to use authenticated access for LDAP. Even though validation passes, when installing WAS is not able to retrieve all attribute values.

▬ Make sure that the DB2® user id which is being used during install has admin rights

▬ Before starting uninstall , stop all the servers.

Troubleshooting - contd.

44

● Installation issues▬ When installing multiple products on same machine ,only Cell profile types

can co-exist.

▬ System Console & Meetings databases are mutually exclusive.▬ Do not use System Console database for attaching into the meetings

Server deployment plan.

▬ For AD LDAP, way to consume the "samAccountName" attribute within WAS is by specifying "uid" (a VMM property) during LDAP plan creation/IM installation as WAS already has a internal map of the uid property to samAccountName

▬ Short host names should be 11 characters or less when planning installations from the Guided Activities in the 8.5 release (bug will be fixed in the next release)

Troubleshooting - contd.

45

Firewalls and Ports● The System Console Server needs access through the following ports for the

following servers▬ Meetings, Gateway, Media, Proxy

▬ SOAP port (default 8880)● AboutThisProfile.txt SOAP connector port value

▬ Meetings needs access to SSC db (default port 50000 on windows)▬ Community

▬ Community HTTP or HTTPs (default 80 and 443)▬ Community needs access to SSC HTTP or HTTPS (default 9080 and

9443)

● Installation Utilities need access to SSC▬ SSC HTTP or HTTPs (default 9080 or 9443)

● DB2® port (default 50000 on windows)

● LDAP (default 389 or 636)

46

THANK YOU!

47

Legal Disclaimer© IBM Corporation 2009. All Rights Reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.