© 2014 IBM Corporation

!SHOW401 : Taking IBM Sametime MobilePaul Mooney, Bluewave Gabriella Davis, The Turtle Partnership

© 2014 IBM Corporation

Plan for Today From Domino Server - Instant Messaging on Mobile

9

But First….Acknowledgements and Disclaimers

© Copyright IBM Corporation 2014. All rights reserved.

▪ U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

▪ IBM, the IBM logo, ibm.com,IBM WebSphere, and iBM Connections, IBM Sametime, IBM Domino, IBM Notes, IBM WebSphere Portal, are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml !

Other company, product, or service names may be trademarks or service marks of others.

Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.

The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

!Gab Davis - Technical Director The Turtle Partnership gabriella@turtlepartnership.com

▪Administrator / Problem Solver / System Designer / Optimist

▪Working with ICS products, Domino, Sametime, WebSphere, Connections etc

▪Also integration with other systems

▪Co-Author of Sametime 8.5.2 Admin Guide, Connections Enterprise RedWiki & connections101.net

▪ I present a lot globally & blog on turtleblog.info

!4

!Paul Mooney - Senior Technical Architect Bluewave Technology paul.mooney@bluewavegroup.eu

▪Administrator, problem solver, enabler, cynic, pessimist

▪Working on ICS products, Salesforce, Google Apps

▪Also integration with anything!

▪Co-Author of connections101.net, blogger, speaker, reviewer

▪Tries to fit motorbikes around anything to do with his work

!5

© 2014 IBM Corporation

Step 1: Starting Point Domino Server 9

Domino 9 Server

▪ Sametime 9 requires Domino 9 and is still a 32bit application installed only on a 32bit Domino server

!7

© 2014 IBM Corporation

Step 2: Install DB2 10.1

Before Installing

▪ Create a db2 account to be used for managing your server.

▪ On Windows we use a local system account “db2admin” that is also in the Administrators group

▪ You can use a domain account but this often causes more problems if the account security is changed in any way

▪ Make sure the password you set does not expire

!9

!10

DB2 Installer

▪ Sametime 9 requires DB2 10.1

▪ for this reason doing an upgrade in place isn’t recommended

▪ DB2 10.1 no longer has a Command Center GUI interface

▪ you must install a separate client (we recommend IBM DB2 Data Studio)

!11

Windows 64bit DB2 10.1 server installer

DB2 Installer Extracted To A Directory

!12

Run The Install

!13

!14

Installing

the DB2 workgroup

Edition

!15

!16

!17

A

custom install lets us filter just the

services we want for Sametime and not

all standard DB2 server services

!18

!19

DB2

Text Search is required by

Sametime Advanced so worth

installing for the future

!20

!21

This is

the default installation name,

only change if you have to

!22

!23

The

DB2 account & password

we created earlier

!24

!25

This

can be any mail server that

will accept SMTP delivery

!26

This

person may get sent a lot

of mail. Consider using a mail in

database instead!

If

you don’t know who to send

to , leave this until

!27

Used by

Sametime Advanced so worth

installing now

!28

The install

will add your db2 account to the

DB2ADMNS group automatically

DB2 Install Summary Screen - Always Read Before Clicking “Install”

!29

And we’re off!

!30

!31

Verify

what port DB2 says it installed

on (default is 50000)

Verify DB2 Is Listening

▪ From a command prompt

▪ netstat -an |find /i “50000” (or whatever your port is)

!32

DB2 Running On The Windows Taskbar

!33

Issuing DB2 Commands

!34

Verifying The DB2 Server Is Licensed

▪ From the DB2 Command window type

▪ db2licm -l

!35

Not

enough memory for

Sametime + Connections

databases (20+).

© 2014 IBM Corporation

Step 3: Installation Manager

Installation Manager Download

▪ Hard to find on IBM’s usual download site

▪ Can be found on fix central

▪ Search Google for ‘installation manager download” to find a technote with FTP links

!37

This is

version 1.7.1. Sametime uses 1.6.2

by default but can use later

!38

Installation

Manager extracted click

“Install” to run

Installing Installation Manager

!39

!40

!41

!42

There

can only be one Installation

Manager on each server

!43

!44

!45

!46

Installation

Manager’s menu “Install” to

install new software“Update”

to patch or hotfix already

installed software

“Modify”

to add new features (we do

this with Connections all the

time)

“Rollback”

to remove a hotfix or patch

“Uninstall”

to completely remove installed

Software

Installation Manager - Things To Know

▪ Installation Manager keeps a track of all software it installs

▪ You can’t uninstall software that was installed via Installation Manager without going through the Installation Manager menu

▪ Everything other than Domino and DB2 installs via Installation Manager

▪ Installation Manager must be on every machine where you want to install a WebSphere component

▪ You can’t uninstall Installation Manager whilst programs it installed still exist

▪ You can’t install multiple Installation Manager’s on the same server

▪ Get the right version

▪ Get it installed in the right place

▪ Leave it alone :-)

!47

© 2014 IBM Corporation

Step 4: WebSphere

WebSphere Installers

!49

The

WAS installers come in multiple

parts which must all be extracted to the

same directory

Extract Each WAS Part File To The Same Directory

!50

WAS Installers Extracted

!51

From Part 1

Part 1Part 2

Part 3

Launch Installation Manager

!52

We Need To Add A New Installation Repository

▪ An installation repository tells Installation Manager where to look for install files

▪ Choose “File - Preferences” from the Installation Manager home screen

!53

!54

Since

this is our first install there

are no repositories yet, we need to

add them

This

checkbox means that

Installation Manager will ask you

for IBM credentials and will search

online for patches and fixes for

any installed software

!55

Browse

to the directory where you

have extracted all your WebSphere

installers

Confirm The

!56

We

select a repository (in this

case our WebSphere installers) by

selecting the repository.config file in

our extracted WAS directory

!57

The

repository is successfully added

which tells Installation Manager “search

here for new software”

Installing WebSphere

▪ Once the repository is created we click “Install” on the Installation Manager home page

!58

Selecting Packages

▪ Installation Manager finds a product to install in the repository it knows about, in this case WebSphere 8.5.5

!59

Select What To Install

!60

Installation Running

!61

Installation Manager Shared Directory ▪ This is the first time we have installed anything via Installation Manager so it wants to know

where you want it to store the information it knows about the software it installed

▪ This location cannot be changed or deleted later and should be accessible to any account running Installation Manager for installs or updates

!62

WebSphere Install Location

!63

Case

sensitive on Linux and

with command scripts

Try to

keep the path length short

and never allow spaces

Features To Install

!64

Summary Screen

!65

Verify disk capacity. By default

logs and other software will be

installed on this same path

Installer Running

▪ This can take some time.. from 10 mins to 40 mins depending on disk speed

!66

Install Complete

!67

Usually

we create a profile but for

Sametime we don’t as the SSC

install creates two of its own

© 2014 IBM Corporation

Step 5: Create System Console DB

The Sametime System Console Database

▪ To store the configuration settings for all the Sametime servers the SSC must have a DB2 database to write to

▪ Databases are used by several Sametime components

▪ System Console

▪ Meetings

▪ Proxy

▪ Advanced

▪ Bandwidth Manager

▪ Before we can install any of the above components we first need to create their databases, starting with the Sametime System Console

!69

!70

Scripts to

auto create the databases and apply the

schema are in the DatabaseScripts directory of

the extracted SSC install files

Running the Create Script For The SSC Database

▪ Go to the directory where the script is located (move it somewhere more convenient if you want but move the entire directory not just the batch file)

▪ The command syntax is

▪ scriptfile nameofdatabase nameofdb2administratore.g. createSCDB STSC db2admin will create a database called STSC with db2admin as its administrator

!71

You May Get A Blank Screen For A Few Minutes Don’t Panic!

!72

!73

Eventually

the createSCDB script

will start writing to screen

and complete

© 2014 IBM Corporation

Step 6: Install Sametime System Console

!75

To

install new software we must

use Installation Manager

!76

As

we did with WebSphere, we have to set

up a repository to tell Installation Manager

where to look for install files

Locate Where You Extracted The System Console Files To

!77

There

should be a repository.config

file in the root folder

We Still Have The WebSphere Repository Defined Leave that in place

!78

Now We Add The Sametime System Console Repository

!79

Now We Have Two Repositories That Installation Manager Knows About

!80

Leaving

both checkboxes selected tells

Installation Manager to search both

directories for new software

Now Our Repository Is Added We Select “Install”

!81

!82

Installation

Manager finds Sametime

System Console To Install

!83

Package Groups

!84

Since this

is the first of the Sametime products

Installation Manager has installed, it wants to create

a new package group and location to store all of its

information about the Sametime product

Confirmation Screen - Note There Are No Optional Features

!85

!86

The

SSC installs using WebSphere

so we need to tell the installer where

WebSphere is

Selecting

validate tells Installation Manager

to verify the directory and WebSphere

are where you said they were

!87

Once

validated you can move to

the next screen

!88

Here

we define our SSC WebSphere

settings including Node name and Cell

name. These are non changeable

once created

This

will be the administrative

credential for all your

Sametime servers

eventually

Avoid

any special password

characters including

! @ { } $ etc

!89

Our

final configuration page is

to tell the install where to find the

DB2 database we just created and

how to login to it

Don’t

forget to validate

!90

Validated

means the installer was able

to connect to your DB2 server and

access the database you specified

using the credentials given

Summary Page

!91

Check

disk capacity before

continuing

Install Running

▪ This can take up to an hour

!92

Sametime System Console Install Complete

!93

Verify The Two New Profiles Exist

▪ STSCDMgrProfile is the deployment manager which manages all servers in the cell

▪ STSCAppProfile is the application server hosting the Sametime System Console application

!94

Sametime 9 On Windows Creates Services For All Components▪ STConsoleServer_DM - the deployment manager

▪ STConsoleServer_NA - the node agent

▪ STConsoleServer - the application server

▪ Services should be started in the order listed above

▪ The application server won’t start until the node agent is started

!95

Starting Servers Manually

▪ To start servers manually go to the “bin” directory under each profile and type

▪ startServer [servername]the server name and (on linux) the command itself are case sensitive

▪ The deployment manager can be started using “startManager” instead of startServer dmgr

▪ The node agent can be started using “startNode” instead of startServer nodeagent

!96

Log Into The Sametime System Console

!97

The

SSC has a certificate

creates by the installer which your

browser won’t recognise

URL

https://<hostname>:8701/ibm/console

Use The Credentials Created During Install To Login

!98

!99

Logged

in we can verify the

SSC is installed

Backup Before Making Changes

▪ Since we’re about to change WebSphere security, let’s backup first

▪ from bin directory under the STSCDMgrProfile type backupconfig <nameofzipfile> -nostop

!100

The STConsoleServer Is Installed And Running

!101

Post Install Step 1: Set The Max JVM Heap Size For The Deployment Manager

!102

!103

Set

the Max Heap Size to

2048 (default is 512)

Whenever You Change A Server Configuration - Restart The Server

!104

Let’s Verify The DB2 Connection Is In Place

!105

!106

You

would only ever edit the

connection if the db2 server hostname

or credentials change

© 2014 IBM Corporation

Step 7: Configuring LDAP

We Need An LDAP Connection To Allow Users To Authenticate▪ Select “Connect to LDAP Server” under Sametime Prerequisites

!108

!109

Defining

LDAP connections. If you

use SSL then you must import

the SSL certificate here

LDAP Base Entry

▪ The level within the LDAP hierarchy that should be searched to find and authenticate users

▪ for Domino this is usually empty so non hierarchical entries like groups can be found

!110

Advanced LDAP Settings - Optional (1st part)

▪ If you don’t modify Advanced settings the default values will be used which will be fine in many standard installs

!111

Using

Advanced settings you can specify the

attribute to be used for display name as well as

that which contains the home sametime

server

Advanced LDAP Settings - Optional (2nd part)

!112

The

attributes users can use to login

and those used when searching for

new contacts

Advanced LDAP Settings - Optional (3rd part)

!113

How

to find groups and

group members

LDAP Configuration Complete

!114

Another Server Change Requires Another Server Restart

!115

!116

Once

the server is restarted you

should test by searching for users

who are in LDAP

© 2014 IBM Corporation

Step 8: Windows Networking

Windows 2008 & Later Networking Issues - Sametime Community Server▪ Before installing the Community Server there are default networking settings that conflict with

Sametime we need to check for incorrect settings using “netsh in tcp show global”

▪ Chimney Offload should be disabled

▪ Receive-Side Scaling should be disabled

▪ Receive Window Auto-Tuning should be disabled

▪ Add-On Congestion Control Provider Should Be None

!118

First Back Up The Registry (To Be On The Safe Side)

▪ Load regedit.exe from the Windows menu

▪ Choose File - Export and save a backup of the registry

!119

!120

Now Issue The Commands To Disable The Unwanted Networking Settings

!121

© 2014 IBM Corporation

Step 9: Install Community Server

Every Sametime Server Install Starts With Creating A Deployment Plan

!123

Name The Deployment Plan Something Meaningful For You Users Won’t See This Name Ever

!124

Choose Which Version Of Community Server To Install

▪ You Can Still Install 8.5.2 In A v9 SSC but would have to use a Domino 8.5.2 server

!125

Configuring Domino Server To Use For Community Server

▪ Domino server must be installed and running HTTP

!126

Credentials

should already exist in

Domino Directory

Select LDAP Configuration To Use

▪ Your options will only be those you have created under “LDAP Configuation” in the previous step

!127

HTTP Tunneling

▪ Enables client connections on port 80 as well as port 1533

!128

Summary Of Deployment Plan

!129

!130

Whilst

the status is “Ready to Install”

the plan can be modified

Sametime Community Server Install Files

!131

To Start The Install Run setupwin32.exe

▪ Sametime Community Server remains a 32bit application and can’t install on a 64bit Domino server

!132

Choose Language Version

!133

!134

!135

!136

!137

Since

we have a deployment plan

we use the System Console to

install

!138

We tell

the installer how to find the

System Console by hostname and

portThese

are credentials to

login to the System

Console

The

hostname used here must

match the one in the plan we

just created

!139

The

hostname matches a plan found in

the System Console and the plan name

is returned

!140

Community Server Install Completed

!141

Restart The Server Once Community Server Is Installed

!142

Status Once Community Server Is Installed

▪ Deployment Plan will be marked “Installed / Registered”

!143

Status Once Community Server Is Installed

▪ A Community Server will be visible in the System Console

!144

© 2014 IBM Corporation

Step 10: Post Community Server Configuration Steps

▪ Any server that will need to connect to the Community Server must be listed in the Trusted IPs for that server. List the ips for any other Sametime component for instance

▪ Choose the server we just installed which is listed under “Sametime Community Servers”

▪ Policies need to be reviewed

▪ Global Community Server properties need to be set

!146

Editing Community Server Connection Properties

▪ The account and password used for the System Console to access the Community Server are stored under “Edit” on Connection Properties

!147

Setting Community Server Properties

▪ Changes here will require a restart of the Community Server so let’s do them all now

!148

On

servers with multiple ips make

sure to bind to a specific

hostname only

!149

Adding Trusted IPs

!150

List of Trusted IPs

▪ Will overwrite the field in stconfig.nsf on restart

▪ Can not apply on the fly, Community Server must be restarted

!151

!152

!153

Enable

offline messages here. The setting will

apply to all Community servers

Working With Policies▪ Two default policies are created, one covering all authenticated users and one for anonymous

users. Review these before going any further

▪ As of Sametime 9 policies no longer exist in the Domino web based Sametime administration and neither does stpolicy.nsf

▪ You must now have a System Console if you want to use policies with Sametime

!154

Instant Messaging Policy

!155

If

you are upgrading communities

side by side consider

This is

a client side setting,

transcripts are not saved on the

server automatically

Contact

list size significantly effects

LDAP performance

Mobile Specific Section Under Instant Messaging Policy

!156

Security Section Under Instant Messaging Policy

!157

Setting “Ignore” For Case Sensitivity During Lookups

▪ Required by iNotes and WebSphere based applications such as IBM Connections

!158

© 2014 IBM Corporation

Step 11: Install Sametime Proxy Server

Sametime Proxy Server

▪ The Sametime Proxy Server acts as a web proxy to your Community Server

▪ It can connect to any server in your Community

▪ Mobile clients connect to the Sametime Proxy Server and from there to the Community Server

▪ Building a new Sametime Proxy Server requires us to create a database and then a deployment plan before installing

!160

▪ The create database script is found in the DatabaseScripts folder in the extracted Sametime Proxy Server install directory

Creating The Sametime Proxy Server Database

!161

▪ Run from a command prompt

▪ createProxyDb [databasenametocreate] [db administrative account]

▪ e.g createProxyDb STPROXY db2admin

Creating The Sametime Proxy Server Database

!162

Database Script Running

!163

It

can take a few minutes to run

but when complete you should

see this

Adding Our Newly Created DB To The System Console

!164

!165

db2

server hostname & port

Newly

created db name

Database Added To The System Console

!166

The

STPROXY database details were

validated before it was added including

DB2 server , port and access

!167

Create A Deployment Plan

!168

Deployment Plan Name

!169

Only

visible to administrators

not users

Community Server Version

!170

You can

install earlier Community Server versions

into a v9 SSC but Domino can’t be v9 unless the

Community Server is

Primary and Secondary Nodes

▪ The first server of a type added to the System Console is the Primary Node

▪ additional servers considered cluster mates are secondary nodes

▪ If you install a server in its own cell it will not be managed by the System Console

▪ There can only be one Primary Node of each server type (Meeting, Proxy , Advanced etc) in each cell

!171

!172

Add

the new node to the existing

Cell (the System Console)

!173

These

are the WebSphere

configuration settings for the

new Sametime Proxy

Install

If

using Primary or Secondary

node,the server will be federated into the

cell and its user id and password

overwritten with that of the SSC

Select Which Community Server To Connect To

▪ The Sametime Proxy will connect to any server in the Community (the Domino domain)

▪ You can modify its XML file later to bind it to a cluster or a specific server

!174

Select The Database To Use

▪ If you try selecting STSC it will not accept that as a valid database because the schema will be wrong, this is why we create a specific database for the Sametime Proxy

!175

Deployment Summary

!176

Deployment Plan Complete & Ready For Install

!177

Locate The Repository.Config

▪ We will need to add the install repository for the Sametime Proxy to the Installation Manager to do the install

▪ The repository.config should be in the root directory of the extracted install files

!178

Launch Installation Manager To Add A New Repository

!179

!180

Browse

to the repository.config file

in the install directory

!181

We

now have three repositories that

Installation Manager is told to look in

WebSphere

SSC

Sametime Proxy

!182

Since

Installation Manager is told to look

in three repositories it finds three software

products to install. We select Sametime

Proxy Server only

!183

Since we

have already installed the SSC we

have a package group

If

this was a dedicated server for

Sametime Proxy there would be no existing

package group and Installation Manager

would create one

!184

We

have a deployment plan so

we use the System Console to

find that and install

!185

Since

Sametime Proxy Server

installs using WebSphere we

must tell the installer where

WebSphere is

We

can’t proceed until

we validate WebSphere

is in place

!186

Once

validated we can move

to the next step

!187

Hostname

& port of the System

Console

Credentials

used to login to the SSC

Hostname

for the Sametime Proxy server

(must match the deployment plan

hostname)

!188

The

settings must be validated

before you can continue, this

ensures the SSC can be found

and connected to

!189

Name of

deployment plan in the SSC

matching this install type (Sametime

Proxy) and hostname

Primary

Node Install

!190

Deployment

plan settings. Select

“validate” to test before install

can complete

!191

Once

deployment plan and install

settings are validated the install

can continue

!192

Check

available disk

Select

“Install”

Sametime Proxy Install Complete

▪

!193

Sametime Proxy Server Started

▪ nodeagent

▪ STProxyServer

!194

Deployment Plan Shows Complete

!195

Check The Ports Assigned To The Server

!196

Select

the STProxyServer

!197

Choose

“ports” under

“Communications”

!198

Go to

http://proxyhostname:wc_defaulhost/stwebclient/index.jsp

!199

Verify

the web client can log you in

(make sure popups aren't

disabled)

!200

Logged

into the web client. If login fails

make sure the trusted ip is listed

correctly and the Community Server

has been restarted

© 2014 IBM Corporation

Step 12: Virtual Hosts and Tuning

Creating A Dedicated Virtual Host

▪ Each Sametime component uses a dedicated virtual host to isolate its traffic from any other server in the cell on the same port

▪ Without this step you may see redirections failing

▪ Make sure you BACKUP deployment manager before making these changes

!202

!203

Pre-

created virtual hosts

admin_host used by the SSC

proxy_host is nothing to do with

the Sametime Proxy

Select

“New” to create a

dedicated virtual host

!204

Call the

new host anything not already in use,

in our case we’ve used

Now

click on Host Aliases to

add our new ports

!205

Click

“New” to add specific ports for

the Sametime Proxy Server

hostname

!206

Add each

port for any hostnames you want to

access the Sametime Proxy Server on

!207

You

should end up with entries

for each hostname for the server

ports

wc_defaulthost

wc_defaulthost_secure

plus: 80 & 443

!208

We

need to modify the default_host

aliases to remove the wildcard entries

for ports we have explicitly mapped

!209

Since

we mapped ports 9081, 9444,

80 and 443 in the stproxy_host we we

need to delete these as they now

conflict

Remaining default_host Ports

!210

Mapping The Application To The New Host

▪ Go to Applications - All applications

!211

!212

Now

we need to map our new

stproxy_host to the Sametime Proxy

Application

Select “Virtual hosts” To Modify The Mapping

!213

!214

Everything

is mapped to default_host.

We need to select all and map to

the new virtual host stproxy_host

!215

Now

the modules are mapped

correctly and we can save this and

restart the Sametime Proxy

Server

Modify The Sametime Proxy Configuration

!216

Connectivity

!217

What

Community Server or

cluster this Sametime Proxy

connects to

Managing Performance

!218

Number

of concurrent user connections.

“0” disables all user connections

Disable

this if you want to prevent the

Sametime Proxy Server authenticating

against the user’s home server instead of the

server connected to this proxy

Mobile Settings

!219

Disable

PUSH for iOS forcing logout when

client goes into the background

APNS

ports for iOS notifications

that must be open outbound

from the Sametime Proxy

Server

Creating A WAS Proxy For Our Sametime Proxy

▪ The Sametime Proxy Server when installed runs on the wc_defaulthost and wc_defaulthost_secure ports for http and https respectively

▪ Those are not the ports 80 & 443

▪ To avoid having to place the port number in the URL to access the Sametime Proxy Server we create a WAS Proxy that runs on ports 80 & 443 and provides a proxy service to the application server

▪ We do the same for Meeting Servers

!220

!221

!222

Select

the node the application

server is on

This

will be the server name

of the WAS Proxy

!223

Make

sure to disable “SIP” which

isn’t used for Sametime Proxy

!224

WAS Proxy Summary

!225

New WAS Proxy Created

!226

Once Started You Should Be Able To See Ports 80 & 443 Listening on the Host Name Being Used▪ You don’t have to install the WAS Proxy on the same server as the Sametime Proxy Server

▪ You can install multiple WAS Proxies behind a load balancer for additional failover

!227

© 2014 IBM Corporation

Step 13: Configure SSL

Configuring SSL

▪ To use SSL we are going to want to install a certificate from a known certificate authority and not use the internal IBM one that the installer created on the fly as that isn’t recognised by any browser or mobile device

▪ To do this we need to import the trusted certificates from whatever CA we choose and then generate a Certificate Signer Request and import the certificate we are given

▪ All of the SSL work is done under SSL Certificate and Key Management

!229

▪ I used GeoTrust for my CA but you could use any provider

▪ Trusted roots are installed into the CellDefaultTrustStore under Signer Certificates

Step 1: Install The Trusted Roots

!230

!231

The

only trusted root that exists is

the one IBM created on the fly

during install

Adding A New Trusted Root Certificate

!232

Take

the trust certificates from your

authority’s site (in my case GeoTrust)

and add them here. Alias can be

anything meaningful to you

!233

Certificate

will be added and show a

confirmation screen.

Both GeoTrust Root Certificates Added

!234

Only The Default Personal Certificate Created By The Installer Exists

!235

Create A Personal Certificate Request (CSR)

▪ This will create a file you can upload to any CA site such as GeoTrust, Verisign, GoDaddy, Thawte to complete your request for a SSL certificate

▪ Go to CellDefaultKeyStore (not trust store) and choose “Personal Certificate Requests”

!236

Completing a CSR (Personal Certificate Request)

!237

The

details you complete

here must match those

submitted on the CA site. The

Organization name must match

the owner of the domain you

are requesting a CSR for

Importing A Completed Certificate

▪ Once your CA returns the certificate to you, it needs to be imported.

▪ If it arrives as an email just copy/paste the contents of the certificate into a text file

▪ Choose “Receive certificate from CA”

▪ You can only receive a certificate you have an outstanding request for

!238

Certificate Successfully Imported

!239

Mapping The New Certificate To The Server Instances

▪ Now we have our new certificate we have to tell our application servers to use it instead of the certificate they were installed with

▪ Wildcard certificates can be used here and with Sametime 9 it’s a requirement that the Sametime Advanced and Sametime Proxy servers do use the same exact certificates

▪ To map a new certificate go to “Manage EndPoint Security Configurations”

!240

!241

Select

the server to map. Here we have

already mapped the STProxyServer but

also need to map the WAS Proxy

stproxy_fwd

Select

server name to map

SSL Mapping

!242

Make sure

to override inherited values

Select the

new alias from the drop down list

!243

Both

inbound and outbound

mappings must be completed for

all servers on the node (but not

the nodeagent)

Restart Both The Application Server And WAS Proxy

▪ Go to https://<stproxyhostname>

▪ redirection will happen automatically

▪ no port required

▪ the new SSL certificate should be in place and no warnings received

!244

To Enable Google Android Push Updates We Need To Import Google’s Certificates

!245

Use

EXACTLY these

settings and select “Retrieve

signer information”

Android’s SSL Certificates

!246

© 2014 IBM Corporation

Step 14: Test

Install The Sametime Mobile Client

▪ Available from both Apple and Android Stores

!248

Configure The Sametime Mobile Client To Connect

!249

Hostname

(must work both internally

and publicly)

Secure

SSL Port

Login

!250

▪ Access Connect Online to complete your session surveys using any: – Web or mobile browser – Connect Online kiosk onsite

8