Get Started Installing IBM Lotus Sametime 8.5.1 – You Too Can Be a WAS Admin!
1
About Me
2
Gabriella Davis– The Turtle Partnership– Technical Director– Security, System Design, Deployment of Lotus
software since 1989
Agenda
3
Why I Wish This Conference Was In June Not MarchSametime ComponentsQuestions You Should Be AskingA Little Bit About Websphere for Some Of YouWhat Do You Need To KnowPre-Installation ChecklistInstalling A PilotPost-InstallationQuestions
Why I Wish This Conference Was In June Not March... I’d tell you but then i’d have to kill you ©IBM
Sametime 8.5 Components
Sametime Community Server
6
Instant Messaging ComponentContains the old style “Classic” Meeting CenterBased on Domino 8.5.(1)Does not require any WASCan still be clustered for IMCan integrate with earlier ST IM serversWorks with existing products
– ST Advanced– ST Gateway
Sametime Community Server
7
Few feature changesCan now be managed by the Sametime System Console within WAS if you have the 8.5.x Infrastructure Policy settings and server settings options are the same on the Sametime System Console and via stconfig.nsf
– If set via WAS they are only refreshed when the server starts or every 60 mins because they are cached in Domino
Sametime Community ServerInfrastructure
8
Sametime Systems Console
9
Manages all the other servers in the Sametime 8.5.x environment including the Domino Community ServerInstalled under WAS 7.0Has a plugin menu to the WAS Integrated Solutions Console for Sametime 8.5 specific tasksMust be running for the other WAS servers to work3 WAS Profiles
– dmgr (deployment manager)– nodeagent– STConsoleServer
Sametime System ConsoleInfrastructure
10
Sametime System Console
Same%me ‘shelf’ for SSC
Connec%ng DB2 and LDAP
Installa%on steps
Management of servers
11
Sametime Meeting Server
12
Installed under WAS 7.0Uses a DB2 database for handling meetingsA meeting must take place on a single serverMust use a different dedicated DB2 database than that used for Sametime System Console but can use the same DB2 serverMeeting Server can be on a separate box from the System ConsoleIntegrates with the Domino IM server to allow instant meetings3 WAS Profiles
– dmgr (deployment manager)– nodeagent– STMeetingServer– STMeetingHttpProxy
Sametime Meeting Server Infrastructure
Default URL hBp://serverhostname/stmee%ngs
13
Sametime Meeting Server
14
Meetings are immediate and persistentMeetings can be hidden and password protectedCreate ReportParticipantsLibrary
– Fast conversion, sharing and downloadChat
– Categorised by type– View just ‘Minutes’ or just ‘ Questions’
RecordApplication Sharing
Sametime Meeting Server
15
Plugin / Client vs BrowserLimited features in Browser
– no recording– no audio / video – no remote control / application sharing
Install meeting room plugin with ST Connect for all features
– Installable for 8.5 Connect Client– or upgraded Embedded client
Sametime Proxy Server
16
Installed under WAS 7.0Interface between browser and ST Community Server in DominoProvides no download / ajax IM client via a browserCustomisable using stylesheetsLimited functionality compared for ST client or embedded clientManaged by the Sametime System Console3 WAS Profiles
– dmgr (deployment manager)– nodeagent– STProxyServer
Sametime Proxy Server
jsp
17
Default URL http://serverhostname:9081/stwebclient/index.jsp
Sametime Media Server
18
WAS 7.0Intended for multi way audio and video in meetingsIntegrates with a Meeting Server but isn’t installed with itManaged by the Sametime System Console
The root cause of the NAT traversal issues
Embedded Client
19
The current plugin for Sametime with the 8.5 client is based on Sametime 8.0.2A client side update is available along with a plugin to support 8.5.1 and 8.5.2The client update includes the ability to start and go to meetings from within the Calendar
Mobile Clients
20
Sametime Mobile 8.5– Unified Communication and Collaboration (UCC)– New ST client based on Expeditor
• Windows mobile 6.0 and 6.1 initially
IPhone browser supportBlackberry Storm and Bold support (9250, 9550, 9700)
What’s Missing In Sametime 8.5.x
21
Clustering for Meetings / Failover and Load BalancingScheduling of MeetingsCurrently A/V via NAT or via VMware (and via some VPNs)
Questions You Should Be Asking
So Should You Deploy Sametime 8.5.1?
23
You already have Sametime– No reason not to upgrade to 8.5.1– Check that existing plugin solutions you are using will
continue to workFor a SMB or limited use meeting/av deployment all the WAS components and DB2 can install onto a single server (4+ processors, 6+GB RAM)Ideally we would keep the meetings and media servers on separate hardware from the other components to allow for expanding demand for resourcesVirtual Servers are your friend
– My default choice for any WAS based software
Can You Migrate In Stages?
24
Co-existence of ‘classic’ style meeting center supports existing meetingsDomino is maintained for IM so offers coexistence with older versions of SametimeAvailable upgrade to the embedded Sametime in the Notes client (which is currently based on ST 8.0.2)Available upgrade to mail template to create meetings in new Meeting Center (instead of on Domino)
What About Getting Rid Of Domino Completely?
25
IM is remaining on Domino as it performs well , clusters easily and there is little perceived value in re-engineering it
A Little Bit About Websphere For Some Of You
Websphere Infrastructure
27
Environment for running multiple application servers which can be completely isolated from each otherRequires separate data store (in this case DB2)Requires separate
– SMTP (if your application uses it)– LDAP (if you want to use a directory)
Sametime System Console is 3 separate server instances– as is the Media Manager– as is the Proxy Server – the Meeting Server is 4 separate server instances– (so that’s 13 server instances in total on one box for those that are counting!)
You can install separate components on separate boxes such as the Meeting Server but you will need to install an ISC alongside
Websphere 7.0
28
First Lotus product to use WAS 7.0Sametime Advanced, Gateway and EMS all used different 6.x versionsWAS can cluster and can centrally manage server configurations but only if versions matchLotus products are very specific about which WAS versions they need
DB2 Data Store
29
DB2 server installs as part of the Sametime System Console processCreation of the required DB2 databases is done via batch files in a DB2 command windowYou will need a basic understanding of DB2, the command window and administration to be able to fully support your environment
– understanding how to backup / restore / drop and delete databases
Don’t try and manage the security for the Sametime applications via the DB2 interface only via the Sametime Systems Console
LDAP Integration
30
The Sametime Environment under Websphere needs an LDAP server to connect to
– this should be the same directory as used by the Domino IM server
– You can use multiple LDAP servers in Websphere configured as Federated Repositories
• Each repository much use a unique set of credentials
In our demo environment the Domino IM server is configured for LDAP and the Websphere servers point to that as an LDAP source
What Do You Need To Know?
What Do You Need To Know:Websphere
32
How to access to solutions console via a browser and loginHow to access other servers (and find out which ports they are on) via a browserUnderstanding of networking such as checking for listening portsHow to update Websphere configuration and take backups of properties filesHow to find logsHow to start and stop serversAdding additional administrators
What Do You Need To Know:DB2
33
How to work with DB2 tools such as command line and administrationDB2 concepts such as the catalog and why you need to drop a database before deleting itHow to verify if databases exist on a server
What Do You Need To Know:LDAP
34
What is a schema How you need to pass a query to your LDAP serverHow to perform an ldap browse independently for testing
– Softerra’s LDAPBrowser is a good free toolThe difference between your LDAP directory and the Websphere local repository
Pre-Installation
Decisions Prior to Installing
36
What components to install– Do you want to allow IM access for non ST clients– Limited Use– Meeting Server– Media ServerPlatform Handling Coexistence and MigrationHow many servers / how much potential growth– Only Meeting and Proxy servers can be clustered
Cells and Nodes - A Brief Detour
37
Each Websphere Server is installed in a NodeEach Node must exist within a CellA single Cell can contain multiple separate WAS servers in different NodesEach server is isolated from the other within the CellClustering is done at a Node level within a Cell– Clustering for Sametime 8.5 is not for load
balancing but for failover
Deployment Manager and Profiles
38
The deployment manager within a Cell contains the configuration for all nodes in that cellAlso responsible for Websphere authentication and securityUses each server’s nodeagent to update the Node– Each Node takes its configuration from its deployment
manager and stores it in its profile– If you change the cell configuration you have to reload
the deployment manager– If you cluster then the deployment manager in the cell
services all nodes in the cluster regardless of where they are located
Node Agents
39
Starts and stops each server– If the server is a deployed cluster node it doesn’t
have its own Node agentSynchronizes between deployment manager and the server
Servers
40
The server is a java process performing a function / application– Proxy Server– Meeting Server– Meeting HTTP Proxy– Sametime System ConsoleEvery server runs on its own discrete port– None of them run on port 80 or 443, you need a
proxy for that
Network Deployment
41
Servers can be deployed via Network Deployment whereby a central Websphere server handles the configuration of multiple nodes and distributes them to different hardwareThis is only useful is all your nodes are using the same version of WebsphereThis can’t be used for managing the infrastructure of several Lotus products as each currently uses a different version of Websphere
In Other Words
42
Have some idea of your future direction and potential growth before you startBuild a single server cluster if you think you might want to cluster in the futureDon’t install everything on one box unless you are happy to reinstall later
Getting your ducks in a row
43
DNS, DNS, DNS– Make sure every server you are going to install on
can ping its own FQHN and that of all other servers
LDAP source and LDAP credentials– Test using LDAPBrowserWAS credentials to be used during installDB2 location
LDAPBrowser
An ldapbrowser (eg this one from SoJerra) allows you to verify LDAP creden%als and connec%vity
44
Installing A Pilot (single server)
Installing - Step 1. DB2
46
Starting with DB2 – IBM Installation Manager will briefly install itself first to manage
this and other installs if it’s not already in placeSametime System Console download contains CreateSCDB program– login using db2 account you just created– default db name is STSC but can be anything you choose– it will automatically be federated into the Sametime Console– the db2 account that is created will be local to the installer server
• a local account MUST meet password complexity defined by the server or the Domain Controller
– The installer will fail with status=87 when it tries to create the account otherwiseOnce installed DB2 will be on port 50000Use the General Administration tool in Windows to verify the database STSC is created
Installing - Step 1. DB2
47
Installing - Step 1. DB2
48
Installing - Step 1. DB2
Don’t install under \program files\ -‐ you want as short an install path as possible. I use drive:\IBM
49
Installing - Step 1. DB2
Click Install
50
Installing - Step 1. DB2
51
Installing - Step 1. DB2
52
Installing - Step 1. DB2
Again -‐ don’t use \program files\ to install under
53
Installing - Step 1. DB2
Since this is the first server installed on this machine, we use a new Package Group
54
Installing - Step 1. DB2
This is a new local account being created. The password MUST conform to your local security policy -‐ but it won’t warn you if it doesn’t. The install will just fail.
If in doubt, try crea%ng a test local account with the same password you want to use.
55
Installing - Step 1. DB2
The install may take some %me (I’ve seen it take 2hrs on slower machines). Don’t be tempted to press “cancel”.
Monitor the available disk space. If you run out the install will just fail and you may have to rollback
56
Installing - Step 1. DB2
Run CreateSCDB from its extracted directory in a command prompt
CreateSCDB STSC
This may take several minutes during which you will have a blank screen before the commands start running.
The Screenshot here shows a successful comple%on of the process
57
Testing
58
Ensure DB2 is running and listening on port 50000In DB2 administration - verify that the STSC database is created
Installing - Step 2. SSC
We’re going to step through these System Pre-‐Reqs as the next stages of the install
59
Run launchpad from within Sametime System Console extracted files
Once SSC is installed login and verify the ISC has the correct menus– login using was creds created during SSC install– http://baltic.turtleweb.com:8701/ibm/console
Installing - Step 2. SSC
60
Installing - Step 2. SSC
61
Our exis%ng package group is for DB2 so this is our first WAS package group and we create a new one for the SSC
Installing - Step 2. SSC
62
Installing - Step 2. SSC
63
The installer will create Node and Cell names based on the computer name “bal%c”
Your computer name shouldn’t be more than 8 chars
FQHN has to resolve. Use a local host entry if necessary
These are your admin creden%als for the SSC you are about to create. You’ll type these A LOT
Installing - Step 2. SSC
64
Here we verify the DB2 is installed, listening and has the required DB2 database in place
The “Validate” buBon becomes “Validated” when you click it if all is OK
Installing - Step 2. SSC
65
Testing
66
Login to SSC on– http://hostname:8701/ibm/consoleVerify Sametime System Console menu is present
Installing - Step 3. Configuring LDAP
67
Guided task under SSCWill validate the LDAP credentials in real timeRequires a base_dn – If you are using Domino you probably won’t have one– a blank base_dn will be set in the background as
c=US and ignored for Domino LDAP sourcesFederated under WAS security– You can add additional LDAP sources there tooUsed by ALL components– Make sure all servers are using the same LDAP
source
Installing - Step 3. Configuring LDAP
Test all of this in an external LDAPBrowser from the installa%on machine before star%ng
68
Installing - Step 3. Configuring LDAP
If using Domino the search base is empty during install usually
69
Installing - Step 3. Configuring LDAP
Once installed you should see the LDAP profile listed
70
Installing - Step 3. Configuring LDAP
Post installa%on, you can modify the LDAP secngs here by configuring the Federated repository that was created in the background 71
Testing
72
From within SSCSecurity - Users and Groups - Manage UsersSearch your LDAP directory
Installing - Step 4. Community Server
73
Community Server under Domino can be installed via the SSC or standaloneIf installed via the SSC, the Domino administration interface for ST isn’t usedThe SSC needs to be given Domino credentials with Sametime admin rightsYou can also tell the SSC about multiplexors– So your Sametime IM infrastructure needn’t
change
Installing - Step 4. Community Server
74
Installing - Step 4. Community Server
75
Installing - Step 4. Community Server
76
Installing - Step 4. Community Server
77
Installing - Step 4. Community Server
When you click “Next” it will aBempt to access the Domino server using the creden%als you have listed here.
If it fails, try accessing the Domino server yourself using these creden%als and a browser
78
Installing - Step 4. Community Server
79
Installing - Step 4. Community Server
Which LDAP server do you want Domino to use. Note using the Domino Directory instead of LDAP isn’t an op%on with SSC Deployment
80
Installing - Step 4. Community Server
81
Installing - Step 4. Community Server
82
Installing - Step 4. Community Server
This is the Domino ST installer we all know. Now however you get an addi%onal prompt to install via the SSC if you want
83
Installing - Step 4. Community Server
These are our SSC details
The SSC must be running at this point
84
Installing - Step 4. Community Server
This is the deployment plan we just created
Installer looks for deployment plans that match this hostname
85
Installing - Step 4. Community Server
86
Testing
87
Log into Community Server via Sametime IM clientIf upgrading ensure buddy list is presentVerify you presence awareness is working and you can see people online– New Presence services replace ST Buddylist
service
Installing - Step 5. Proxy Server
88
Optional Install– Not needed for IM– Not needed for MeetingsProvides a browser based ajax IM client – Can be used in place of stlinks as there is no javaCan be used against older Sametime IM serversMultiple proxy servers can be used to support large scale deployments of browser IM client or browser based IM features
Installing - Step 5. Proxy Server
89
Installing - Step 5. Proxy Server
90
Installing - Step 5. Proxy Server
91
Installing - Step 5. Proxy Server
92
Installing - Step 5. Proxy Server
You would install as a Cell profile if there is already another WAS instance on this server eg. the SSC
You would install as a primary Node if you are installing the first Proxy server in a cluster on its own machine
93
Installing - Step 5. Proxy Server
94
Installing - Step 5. Proxy Server
95
Installing - Step 5. Proxy Server
96
Installing - Step 5. Proxy Server
97
The SSC package group already exists on this server so we’ll use it
Installing - Step 5. Proxy Server
98
Installing - Step 5. Proxy Server
99
Installing - Step 5. Proxy Server
100
Installing - Step 5. Proxy Server
101
Installing - Step 5. Proxy Server
102
You will need to modify the configuration of the Community server in SSC to add the ip address of the Proxy server as a “Trusted IP”– That will require restarting the Community Server
Testing
103
Log into Community Server via Proxy by browsing to – http://hostname:9081/stwebclient/index.jsp
Installing - Step 6. Installing Media Manager
104
Optional InstallProvides Audio and Video services for meetingsCan’t be clusteredCan be used by multiple meeting serversHigh CPUNAT Traversal issues– currently only works when clients are on same
network– if you don’t have camera and mic on your client,
you can’t set up a meeting with A/V services
Installing - Step 6. Installing Media Manager
105
Installing - Step 6. Installing Media Manager
106
Installing - Step 6. Installing Media Manager
In a large scale A/V deployment you may want to distribute the components around your network on mul%ple machines
107
Installing - Step 6. Installing Media Manager
108
Installing - Step 6. Installing Media Manager
109
Installing - Step 6. Installing Media Manager
110
Installing - Step 6. Installing Media Manager
111
Installing - Step 6. Installing Media Manager
112
Installing - Step 7. Creating Meeting Server Database
113
DB2 Database needed for each meeting serverMust use different DB2 db than System ConsoleScript provided with MeetingServer installer files to create the database– CreateMeetingDB STMS
• STMS is the default name, but it can be anything
Installing - Step 7. Creating Meeting Server Database
Run CreateMee%ngDB from its extracted directory in a command prompt
CreateMee%ngDB STMS
This may take several minutes during which you will have a blank screen before the commands start running.
114
Installing - Step 7. Creating Meeting Server Database
115
Once created you will need to go into the SSC and “Connect” the new database by adding a new connection
Installing - Step 8. Installing Meeting Server
116
Multiple meeting servers can be installedMeeting servers can be clustered– clustering is failover only– all attendees must be on the same server
Installing - Step 8. Installing Meeting Server
117
Installing - Step 8. Installing Meeting Server
118
Installing - Step 8. Installing Meeting Server
119
Installing - Step 8. Installing Meeting Server
You would install as a Cell profile if there is already another WAS instance on this server eg. the SSC or Proxy server
You would install as a primary Node if you are installing the first Mee%ng server in a cluster on its own machine and as “Secondary” node if this is an addi%onal mee%ng server
120
Installing - Step 8. Installing Meeting Server
121
Installing - Step 8. Installing Meeting Server
122
Installing - Step 8. Installing Meeting Server
123
Installing - Step 8. Installing Meeting Server
124
Installing - Step 8. Installing Meeting Server
125
Installing - Step 8. Installing Meeting Server
126
Installing - Step 8. Installing Meeting Server
127
Installing - Step 8. Installing Meeting Server
128
Installing - Step 8. Installing Meeting Server
129
Installing - Step 8. Installing Meeting Server
130
Testing
131
Browse to meeting server on– http://hostname/stmeetings
• if installed as a cluster node then use port 9080 for testing
Installing - Step 9 & 10 +++
132
If you installed the Proxy or Meeting server as a Primary or Secondary Node you won’t see them under the SSC - Don’t Worry!– First you have to create a cluster and join those
newly installed servers to it– Then you may want to create a proxy service so
you can access them on Port 80• The Meeting Server , when installed as a cluster node,
does not include the STMeetingHTTPProxy
Post-Installation
Policies - IM
134
All policies are managed from the SSC
If you modify policies via the Domino interface, these will be overwritten by WAS
Changing a policy in WAS will take up to an hour to refresh in Domino
Policies - Meeting Server
135
Meeting server settings are managed from within the SSCThe Meeting server settings in Domino do not apply to the new WAS meeting server– but the WAS policies include a section for the
“Classic” meeting server
Policies - Meeting Server
136
Create multiple polices, assigned to users to control who can use which features– Ability to create persistent meetings– Ability to create instant meetings– Application sharing– File sharing etc
Policies - Media Manager
137
Legal Disclaimer
139
© IBM Corporation 2009. All Rights Reserved
The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.
IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.
Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.