st801cf1adv_instal

7/28/2019 st801cf1adv_instal

http://slidepdf.com/reader/full/st801cf1advinstal 1/264

Lotus ® Sametime

Version 8.0.1 CF1

Version 8.0.1 CF1

Lotus Sametime Advanced 8.0.1 CF1

Installation and Administration Guide

SC23-8767-00



Lotus ® Sametime

Version 8.0.1 CF1

Version 8.0.1 CF1

Lotus Sametime Advanced 8.0.1 CF1

Installation and Administration Guide

SC23-8767-00



NoteBefore using this information and the product it supports, read the information in "Notices."

Edition notice

This edition applies to version 8.0.2 of IBM Lotus Sametime Advanced (program number 5724–J23) and to allsubsequent releases and modifications until otherwise indicated in new editions.

© Copyright IBM Corporation 2007, 2010.US Government Users Restricted Rights – Use, duplication or disclosure restricted by GSA ADP Schedule Contractwith IBM Corp.



Contents

Chapter 1. Overview . . . . . . . . . 1What is Lotus Sametime Advanced? . . . . . . 1

Accessibility features for Lotus Sametime Advanced 2

Chapter 2. Planning . . . . . . . . . . 5System requirements. . . . . . . . . . . . 5Lotus Sametime Advanced installation overview . . 5

Chapter 3. Installing . . . . . . . . . 7Installing servers . . . . . . . . . . . . . 7

Downloading Lotus Sametime Advanced files forinstallation . . . . . . . . . . . . . . 7Installing Lotus Sametime Standard. . . . . . 7Installing Lotus Sametime Advanced . . . . . 8

Starting and stopping servers . . . . . . . . 106

Starting Windows servers automatically . . . 106Starting Linux servers automatically. . . . . 107Starting and stopping a DB2 server . . . . . 108Starting and stopping DB2 Net Search Extender 108Starting and stopping the HTTP Server. . . . 109Starting and stopping a Sametime server . . . 109Starting and stopping a Domino server. . . . 109Starting and stopping Lotus SametimeAdvanced and WebSphere Application Server . 110Starting and stopping WebSphere MQ andWebSphere Event Broker. . . . . . . . . 111Starting and stopping a network deployment 111

Uninstalling . . . . . . . . . . . . . . 113Uninstalling prerequisite components . . . . 113

Uninstalling Lotus Sametime Advanced . . . 117

Chapter 4. Upgrading . . . . . . . . 123Upgrading Lotus Sametime Advanced on a singleserver . . . . . . . . . . . . . . . . 123

Upgrading WebSphere Event Broker. . . . . 123Upgrading the Lotus Sametime Advancedapplication . . . . . . . . . . . . . 126

Upgrading Lotus Sametime Advanced in a cluster 128Upgrading the Deployment Manager . . . . 129Upgrading the Primary Node . . . . . . . 130Upgrading a Secondary Node . . . . . . . 130Upgrading Enterprise Applications on theDeployment Manager . . . . . . . . . 131

Upgrading Lotus Sametime Advanced clients . . 133Providing an update site for clients . . . . . 133Installing client software. . . . . . . . . 138

Chapter 5. Configuring . . . . . . . 153Finishing the deployment . . . . . . . . . 153

Supporting connections on port 80 . . . . . 153Configuring an LDAP connection . . . . . 157Configuring a mail server . . . . . . . . 166Connecting Lotus Sametime Advanced to LotusSametime Standard . . . . . . . . . . 167

Connecting Lotus Sametime Connect clients tothe Lotus Sametime Advanced server . . . . 174

Accessing Lotus Sametime Advanced from a browser . . . . . . . . . . . . . . 193Configuring SSL . . . . . . . . . . . . 193

Configuring SSL for the Sametime AdvancedServer . . . . . . . . . . . . . . . 194Configuring SSL for Web access to SametimeAdvanced . . . . . . . . . . . . . 200Configuring SSL for the Sametime Client . . . 202Configuring Sametime Advanced for SSLcommunication with Event Broker . . . . . 205Configuring Event Broker for SSLcommunication with Sametime Advanced . . . 206Configuring SSL for broadcast communities . . 207

Integrating SiteMinder with Lotus Sametime

Advanced . . . . . . . . . . . . . . 210Creating configuration objects . . . . . . . 211Configuring domains and realms for LotusSametime Advanced . . . . . . . . . . 213Installing and configuring the SiteMinder WebAgent . . . . . . . . . . . . . . . 215Installing and configuring the SiteMinder TAI 216Enabling and testing the SiteMinder Web Agentand TAI . . . . . . . . . . . . . . 217Configuring logout in SiteMinder . . . . . 217Configuring SiteMinder for the Lotus Sametimeserver . . . . . . . . . . . . . . . 218Awareness and SiteMinder . . . . . . . . 222

Chapter 6. Administering . . . . . . 223Controlling access in Sametime Advanced . . . . 223

Configuring the user access level to SametimeAdvanced . . . . . . . . . . . . . 223Setting up a folder hierarchy for chat rooms . . 224Assigning creators for broadcast communities 226Limiting anonymous access . . . . . . . 227

Configuring licensing management . . . . . . 227Issuing licenses to users . . . . . . . . . 228Command line user management. . . . . . 229

Turning on workflow . . . . . . . . . . . 230Enabling Awareness . . . . . . . . . . . 231Changing the administrator password . . . . . 232

Updating your LDAP administrator password 233

Updating your WAS administrator password 233Updating your Event Broker administratorpassword. . . . . . . . . . . . . . 234Updating your DB2 administrator password . . 234Changing SMTP user credentials afterinstallation . . . . . . . . . . . . . 235

Integrating Lotus Sametime Advanced with LotusConnections . . . . . . . . . . . . . . 236

Granting an administrator rights to Connectionscommunities. . . . . . . . . . . . . 236

© Copyright IBM Corp. 2007, 2010 iii



Synchronizing Sametime Advanced with LotusConnections . . . . . . . . . . . . . 237Setting up community synchronization withHTTPS . . . . . . . . . . . . . . 237

Monitoring Sametime Advanced . . . . . . . 238Monitoring chat room statistics . . . . . . 238Monitoring broadcast community statistics . . 239

Archiving chat rooms . . . . . . . . . . 239Disabling chat rooms . . . . . . . . . . . 239Backing up user data . . . . . . . . . . . 240

Chapter 7. Tuning . . . . . . . . . 241Tuning WebSphere Application Server . . . . . 241

Setting thread pool values . . . . . . . . 241Tuning the JVM . . . . . . . . . . . 241Tuning access to the LDAP server . . . . . 242Tuning the Web container . . . . . . . . 243

Tuning security. . . . . . . . . . . . 243Tuning DB2 . . . . . . . . . . . . . . 244Tuning IBM HTTP Server . . . . . . . . . 245Setting open file limits in Linux . . . . . . . 245

Chapter 8. Troubleshooting . . . . . 247Gathering logs and traces for IBM support . . . 247

Setting a diagnostic trace on a server . . . . . 248Troubleshooting using JVM logs . . . . . . . 248Troubleshooting a failed WebSphere ApplicationStartup . . . . . . . . . . . . . . . 249Troubleshooting authentication . . . . . . . 250Troubleshooting Event Broker password changes 250

Notices . . . . . . . . . . . . . . 253Trademarks . . . . . . . . . . . . . . 255

iv Lotus Sametime Advanced: Installation and Administration Guide



Chapter 1. Overview

Learn about a IBM® Lotus® Sametime® Advanced deployment.

What is Lotus Sametime Advanced?

IBM Lotus Sametime Advanced works with a Lotus Sametime Standarddeployment to extend the infrastructure and features.

For organizations that need advanced collaboration, within specific departments oracross the entire global enterprise, Lotus Sametime Advanced makes it easy to findinformation and share expertise, engage in ongoing conversations, share yourdesktop instantaneously for collaboration or help desk support, and automaticallystore and reuse geographic location information.

v Persistent Group Chat Rooms

– Users can create, enter, and read/contribute to ongoing chats at any time

– Users can be alerted to new content, events, and people in the chat room

– Users can participate from the Lotus Sametime Connect client or a browser

– Persistent Chat Rooms can be linked to Broadcast Channels

v Real-time Broadcast Channels

– Broadcast Announcements: real-time alerts can be sent to channel subscribers

– Instant Poll: subscribers can create and respond to real-time polls

– Skill Tap: subscribers can find and interact with experts; expert responses can be saved and retrieved

– Broadcast Chat: invite members of a broadcast community to an online groupconversation

v

Location services– Server-stored locations

– Ability to see the last time and location from which an offline colleague waslast online

v Instant Share: share or remotely control a computer screen with colleagues

Component applications

Lotus Sametime Advanced operates with several component applications, whichmay be installed on different computers to distribute the load:

v LDAP directory

An LDAP directory stores information about all of your users so that they can

be authenticated at login and their data (such as buddy lists) can be properlytracked. You must have an LDAP directory installed and configured before youattempt to deploy Lotus Sametime Advanced because you will need to configureseveral fields and port settings either while installing Lotus Sametime Advanced,or immediately afterward (the LDAP directory is not included with LotusSametime Advanced software components).

v Lotus Sametime Standard and Lotus Sametime Connect client

Lotus Sametime Standard provides the base instant-messaging features used inthe deployment; users access both Lotus Sametime Standard and LotusSametime Advanced by means of the Lotus Sametime Connect client (or a

© Copyright IBM Corp. 2007, 2010 1



browser for persistent group chat). You must have the Lotus Sametime Standardcommunity server installed and configured before you attempt to deploy LotusSametime Advanced, because you will need to reference the Lotus SametimeStandard community server host name and HTTP port when installing LotusSametime Advanced.

v DB2® relational database system

Two databases are used in a Lotus Sametime Advanced deployment: one (called"STADV" in this documentation) stores data related to the function of LotusSametime Advanced itself; another (called "BRKRDB" in this documentation)stores messaging-related data for use by WebSphere® Event Broker. You musthave DB2 installed, and these databases created, before you attempt to deployLotus Sametime Advanced, because you will establish connections to thedatabases during the Lotus Sametime Advanced and the WebSphere EventBroker installations.

v Websphere MQ and WebSphere Event Broker

WebSphere MQ and WebSphere Event Broker work together to improve theperformance and security of communications between applications; that is whythey must always be installed on the same server. WebSphere MQ providesconfiguration and queuing support for messaging, while WebSphere EventBroker provides broadcast capabilities by means of a "message flow" whosedefinition tells the broker what port listen on, and what to do with incomingmessages.

Accessibility features for Lotus Sametime Advanced

Accessibility features help users who have a physical disability, such as restrictedmobility or limited vision, to use information technology products successfully.

Accessibility features

IBM Lotus Sametime Advanced has the following accessibility features:

vThe following features are for vision-impaired users:– Can be operated by using only the keyboard

– Communicates all information independent of color

– Supports interfaces commonly used by screen readers and screen magnifiers

– Supports the attachment of alternate output devices

– Provides help information in an accessible format

v The following features are for users who have mobility impairments or limiteduse of their hands:

– Allows the user to request more time to complete timed responses

– Can be operated by using only the keyboard

– Supports the attachment of alternative input and output devices

v The following features are for the deaf and hard of hearing users:

– Supports alternatives to audio information

– Supports adjustable volume control

v The console does not flash the screen at rates that could induce epileptic seizures

The help system has the following accessibility features:

v Uses the accessibility support enabled by the browser that is used to display thehelp

v Enables navigation by using the keyboard

2 Lotus Sametime Advanced: Installation and Administration Guide



Tip: The Sametime Information Center and its related publications areaccessibility-enabled. You can operate all features using the keyboard instead of themouse.

Navigating the console by using the keyboard

This product uses standard Microsoft® Windows® navigation keys.

To move through the controls on a particular page, use the Tab key.

To click a link or control on a page using the keyboard, navigate to the link orcontrol and press Enter.

To change the navigation view using the keyboard, follow these steps.

1. Navigate to the View selection list using the Tab key.

2. Use the up and down arrows to change the value of the selection list.

3. Press Enter. The tasks displayed in the navigation are changed according toyour selection.

Navigating help by using the keyboard

Use the following key combinations to navigate the help system by keyboard:

v To bring the Topic pane (the right hand side) into focus, press Alt+K, and thenpress Tab.

v In the Topic pane, to go to the next link, press Tab.

v To go to the previous link, press Shift+Tab.

v To go directly to the Search Results view in the left hand side, press Alt+R, andthen press Enter or Up arrow to enter the view.

v To go directly to the Navigation (Table of Contents) view in the left hand side,press Alt+C, and then press Enter or Up arrow to enter the view.

v

To navigate your browser history, press Alt+Left arrow to go back. If you havenavigated back to a previously view page, you can use Alt+Right arrow tonavigate forward again.

v To expand and collapse a node in the navigation tree, tab to the + or - imagenext to it to bring the image into focus, and then press the Right or Left arrows.

v To go to the next frame in the help system, press F6.

v To go to the previous frame in the help system, press Shift+F6. In the navigation,to move to the next topic node, press the Down arrow or Tab.

v To move to the previous topic node, press the Up arrow or Shift+Tab.

v To go to the next link, button, or topic node from inside a view, press Tab.

v To scroll all the way up or down in a frame, press Home or End, respectively.

v

To print the active pane, press Ctrl+P.v To move to the search entry field, press Alt+S.

IBM and accessibility

See the IBM Accessibility Center for more information about the commitment thatIBM has to accessibility.

Chapter 1. Overview 3

http://www.ibm.com/able

http://www.ibm.com/able



Chapter 2. Planning

Plan your IBM Lotus Sametime Advanced installation by reviewing systemrequirements and the products included in a deployment.

System requirements

Review hardware and software requirements for IBM Lotus Sametime Advancedand its components.

Detailed hardware and software requirements for Lotus Sametime Advanced 8.0.1,as well as its components and related products, are maintained at the followingWeb address:

http://www-1.ibm.com/support/docview.wss?&uid=swg27012109

Important: Lotus Sametime Advanced will not function properly if you install it

on the same computer as the Lotus Sametime server.

Lotus Sametime Advanced installation overview

See an overview of how you will install IBM Lotus Sametime Advanced and itsprerequisite components.






Chapter 3. Installing

Install IBM Lotus Sametime Advanced and related products, start and stop servers,and uninstall components of the deployment.

About this task

Choose the appropriate task:

Installing servers

Install IBM Lotus Sametime Advanced by completing the appropriate tasks foryour selected deployment. All deployments require you to install prerequisitecomponents and complete additional tasks to finish setting up the deployment.

Before you begin

Important: Lotus Sametime Advanced will not function properly if you install iton the same computer as the Lotus Sametime server.

About this task

Installing Lotus Sametime Advanced consists of the following tasks, performed inthe sequence shown here:

Downloading Lotus Sametime Advanced files for installationIBM enables users to download IBM Lotus Sametime Advanced installation kitsfrom the Passport Advantage Web site.

Before you begin

You must have a Passport Advantage account with IBM to use this facility. Formore information on using Passport Advantage, see the following Web address:

http://www.ibm.com/software/howtobuy/passportadvantage/paocustomer/docs/en_US/ecare.html

About this task

The Sametime Advanced 8.0.1 Download document contains a complete listing of required and optional parts for this release. Locate the components you need in thedocument's listing, and download the packages labelled with the correspondingpart numbers. You can view the Download document at the following Web

address:http://www.ibm.com/support/docview.wss?rs=477&uid=swg24018149

Installing Lotus Sametime StandardInstall an IBM Lotus Sametime Standard server, which will be managed with LotusSametime Advanced. You must install the Lotus Sametime Standard server beforeyou attempt to install Lotus Sametime Advanced, as you will be prompted for theLotus Sametime Standard server's host name and HTTP port during installation of Lotus Sametime Advanced.



http://www.ibm.com/support/docview.wss?rs=477&uid=swg24018149





1. Log in to your computer as the system administrator (Microsoft Windows) oras root (IBM AIX®, Linux®, Solaris).

2. Download the appropriate package for your operating system, and extract thefiles.

Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:

www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.3. Install the Lotus SametimeStandard server.

Installing a Lotus Sametime Standard server is explained in the Lotus SametimeStandard Sametime Server Installation help, located in the Lotus Sametimeinformation center at:

http://publib.boulder.ibm.com/infocenter/sametime/v8r0/index.jsp

4. Make the Lotus Sametime Connect Client available on the network.

Follow the instructions in the Sametime Standard Server Installation help topic“Making the client installation files available” to post the client files on theSametime Standard server so users can download to their computers.

Installing Lotus Sametime AdvancedYou can install IBM Lotus Sametime Advanced using a single server or a clustereddeployment; the procedures are the same for both releases.

A single-server deployment can consist of all prerequisite applications hosted onthe same computer as Lotus Sametime Advanced, or of one computer hostingLotus Sametime Advanced plus one or more additional computers hosting theother applications. A clustered deployment uses the IBM WebSphere ApplicationServer network deployment to distribute and manage multiple instances of LotusSametime Advanced. Your deployment needs will depend on the amount of resources available and the number of users you anticipate supporting.

Note: If you install Lotus Sametime Advanced using the single-server deployment,

you will not be able to easily convert it to a clustered deployment later; if youanticipate an increase in capacity needs in the near future, you may want to deploya minimally sized cluster instead. It is recommended that you initially deployLotus Sametime Advanced in a cluster, even if it only contains a single node, as itwill be easier to later add additional nodes.

Select a deployment and follow the instructions to install and configure LotusSametime Advanced:

Installing Lotus Sametime Advanced on a single serverSelect a method for installing the IBM Lotus Sametime Advanced server softwareas a single-server deployment. Linux users can run a simplified install using thearchive installation program, which automatically installs and configures

prerequisite components, along with Lotus Sametime Advanced, on a singlecomputer. Using the graphical installation program lets you decide whichcomputers should host the various applications used in the deployment, butrequires you to install and configure them.

There are two ways to install the Lotus Sametime Advanced server software:

Running the archive installer on Linux:




Linux users can run an archive installer to automatically install and configure IBMLotus Sametime Advanced as a single-server deployment. This feature is availableonly for the Red Hat and SuSE operating systems.

Before you begin

The archive installer is intended for pilot and proof-of-concept use only. Installing

all of these components on a single server is not recommended for a productionenvironment because you will not be able to support a large number of users.

IBM makes the archive file available to you for downloading; you then run thearchive installer on Linux to install and configure Lotus Sametime Advanced, plusrelated applications, on a single computer.

Note: This procedure assumes you have installed one of the following Linuxoperating systems on your computer:

v Linux RHEL AS xSeries® 4.0 Update 4

v SuSE Linux Enterprise Server xSeries 10.0 SP1

You will also need to ensure that python and python xml tools have been installed,as these may not be installed default in SuSE.

About this task

The archive install automatically installs and configures the following componentsin addition to the Lotus Sametime Advanced application itself:

v IBM DB2 Enterprise Server Edition

Attention: This installer automatically creates a two databases:

– CHATS is created for use with Lotus Sametime Advanced; wheneverinstructions or examples in this documentation refer to the database namedSTADV, you will work with the CHATS database instead.

– BRKRDB is created for use with IBM WebSphere Event Broker; if theinstructions refer to the BRKRDB database, then you should use that name.

If you change these database names yourself, then be sure to note down the newnames and use them later.

v IBM HTTP Server

v IBM WebSphere MQ

v IBM WebSphere Event Broker

You must already have a supported LDAP directory installed, and will be requiredto configure it during the archive installation.

Set up and run the archive installer by following these procedures:

1. (Linux RHEL only) Disable SELinux on any RedHat operating system:

a. Log in as root on the Linux RedHat server where you will install LotusSametime Advanced.

b. Open the /etc/selinux/config file for editing.

c. Locate the SELINUX setting.

d. Change its value to either disable or permissive.

e. Save and close the file.

f. Restart the Linux server.

Chapter 3. Installing 9



2. Log in as root on the computer where you will install Lotus SametimeAdvanced.

3. Download the archive installer package to the /opt directory.

Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.

You will need at least 15GB of free space in the directory where you store thearchive installation file; the installation itself requires 6GB space.

4. Extract the archive installer using the following command:

tar -xvzpf file_name.tar.gz

5. Navigate to the directory containing the extracted archive installer:

cd /opt/Applianceware

6. Run the installation with the following command:

./install.sh

The archive installer begins: As the installer runs, you will be prompted toenter information about your deployment.

7. Type information in response to the install and configuration prompts thatappear:

Option Description

Welcome to the IBM Lotus SametimeAdvanced Server install.

OCO Source Materials L-GHUS-6LUKN6(c) Copyright IBM Corp. 2008The source code for this program is not

published or otherwise divested of itstrade secrets, irrespective of what has been deposited with the U.S. CopyrightOffice.

Do you agree with the license agreement?1) Yes 2) NoEnter your choice : 1You entered "1".Is this correct? (y/n) y

Type y to accept the license agreement. Youcannot proceed with the install unless youaccept the license agreement.

In this example, the user has typed "1" andthen "y" to confirm it.

Enter the fully qualified host nameof this system : sales3.acme.com

Type the fully qualified DNS(host_name.domain) for the current server;for example: sales3.acme.com.

In this example, the user did not accept thedetected host name, and specifiedsales3.acme.com as the host name instead.

Enter the LDAP host name :ldap.acme.com

You entered ldap.acme.com.Is this correct? (y/n) y

Type the host name (or IP address) of yourLDAP server.

In this example, the user typed"ldap.acme.com" as the host name of theLDAP server, and then "y" to confirm it.

Enter the LDAP port number : 389You entered "389".Is this correct? (y/n) y

Type the port used for access the LDAPserver; for example: 389.

In this example, the user typed "389" as theLDAP port, and then "y" to confirm it.




Option Description

What LDAP server are you using?

What LDAP server are you using?1) IBM Directory Server2) IBM Lotus Domino®

3) Sun One

4) Microsoft Active DirectoryEnter your LDAP server type [1-4] : 1You entered IBM Directory Server.Is this correct? (y/n) y

Type the number that matches the LDAPproduct you are using.

In this example, the user typed "1" to specifyIBM Directory Server as the LDAP, and then"y" to confirm it.

If product entered is 2) - IBM Lotus Domino,then you will be asked the following question:Is BaseDN Null 1) Yes 2) No ? 2You entered "2".Is this correct? (y/n) y

Type 1 to if the base distinguished name(Base DN) is null, or 2 if not.Note: You should type "2" for No (not null)as shown in this example, and then specify aBase DN when prompted, to avoid problemslater when enabling SSO and awareness.

For all LDAP products (including Lotus Dominoif you indicated that the Base DN in not Null), you will be asked for the LDAP's base

distinguished name:Enter the LDAP BaseDN: o=ibm.comYou entered “o=ibm.com".Is this correct? (y/n) y

Type the name of the field used as the BaseDN in your LDAP. The Base DN (basedistinguished name) indicates the level at

which searches begin in the LDAP.

In this example, the user typed "o=ibm.com"as the base distinguished name, and then "y"to confirm it.

What LDAP field is used during theauthentication process? mail

You entered "mail".Is this correct? (y/n) y

Type the name of the field in the LDAPdirectory that will be used for authenticationwhen a user logs in. This is frequently theLDAP's mail field. To support SSL, this fieldmust match the field used for authenticationwith the classic Lotus Sametime 8 server.

In this example, the user typed "mail" as thefield used for authentication, and then "y" toconfirm it.

What LDAP field is used to identify theDisplay Name ? cn

You entered "cn".Is this correct? (y/n) y

Type the name of the field in the LDAPdirectory that will be used as the DisplayName. This is frequently the cn field.

In this example, the user typed "cn" as thefield used for authentication, and then "y" toconfirm it.

Enter the type of access :1) Anonymous 2) Authenticated ? 1You entered "1".Is this correct? (y/n) y

Type the number that matches the type of LDAP authentication you will use.

In this example, the user typed "1" toindicate that anonymous access will be

allowed, so users will not be required to login.

Enter WAS Admin User ID : Enter the name of a user who is not presentin your LDAP directory; this user will be theprimary administrator for the IBMWebSphere Application Server. In thisexample, the user typed "wsadmin".

Enter WAS Admin Password : Type the password associated with theWebSphere Application Server administratoraccount.




Option Description

Enter Sametime AdvancedAdmin User ID :

Enter the name of a user who is not presentin your LDAP directory; this user will be theprimary administrator for the LotusSametime Advanced server. In this example,the user typed "stadvadmin".

Enter Sametime AdvancedAdmin Password : Type the password associated with the LotusSametime Advanced administrator account.

Do you want configure SMTP :1) Yes 2) No ? 2You entered "2".Is this correct? (y/n) y

Indicate whether you want to configure theSMTP server (used for mail) duringinstallation.

Creating required accounts...Enter the desired password for

the following accounts:mqm, mqsi, db2adm1, db2inst1, db2fenc1

Password :Retype password :

Type a common password to be associatedwith all of the service accounts listed in theprompt, and then type it again to confirm.

Finally, you will see a series of messages as the

installation proceeds:Changing password for user mqm.passwd: all authentication tokens updated

successfully.Changing password for user mqsi.passwd: all authentication tokens updated

successfully.Changing password for user db2adm1.passwd: all authentication tokens updated

successfully.Changing password for user db2fenc1.passwd: all authentication tokens updated

successfully.Changing password for user db2inst1.

passwd: all authentication tokens updatedsuccessfully.

Changing password for user db2fenc1.passwd: all authentication tokens updated

successfully.Installing ApplianceWare ToolKit RPMs...Installing DB2 RPMs...Installing IBM HTTP Server RPMs...Installing IBM WebSphere Application

Server ...Installing Webserver Plugin ..Installing WebSphere MQ...Creating WebSphere MQ queue manager...Starting WebSphere MQ...

Configuring WebSphere MQ...Installing MQ Broker...Configuring DB2...Modifying /etc/hosts...Configuring Event Broker...Installing SCCS serviceStarting services...

Installation Complete

8. After installation is complete, you must activate the DB2 license:




a. Open a command prompt.

b. Run the following command to launch the DB2 Command window:

DB2CMD

c. In the DB2 Command window, navigate to the directory where youextracted the archive installer; for example: /opt/ApplianceWare/CD1/DB2Activation/db2ese_o.lic.

d. Activate the DB2 license by running the following command in the DB2window:

db2licm -a db2ese_o.lic

e. Exit the DB2 Command window by running the following command:

EXIT

9. Finally, restart the server to ensure that the Broadcast tools are properlyenabled.

Results

If the installation fails at any point, the following logs will be created:

v /tmp/sccsInstall.log

v /tmp/stadv/logs/wizard_installlog.txt

v /tmp/stadv/logs/wizard_install_optional.log

v /opt/IBM/WebSphere/STAdvServer/logs/installlog.txt

Review the logs and correct any problems before uninstalling and beginning again.

Installing Lotus Sametime Advanced on any supported platform:

Run the IBM Lotus Sametime Advanced graphical installation program on anysupported operating system to install and configure the application. This version of the installation program requires you to install and configure IBM WebSphere MQand WebSphere Event Broker as part of your deployment.

Before you begin

Before proceeding, make sure you have installed and configured the followingprerequisite applications:

v IBM Lotus Sametime Standard

v IBM DB2 Workgroup Server Edition

In addition, you must already have a supported LDAP directory installed; you will be given the choice of configuring it during the installation or after installationcompletes.

About this task

To install Lotus Sametime Advanced on any supported platform, complete thefollowing procedures in the sequence shown:

Installing prerequisite components:

Choose how to install prerequisite components. The prereqs installer runs onMicrosoft Windows only to install and configure the components on a singlecomputer, and is recommended only for pilots and demonstrations. You can install




the individual components using one or more computers and any supportedplatforms, and customize the configuration and deployment.

Before you begin

Choose a method for installing the prerequisite components:

Running the prerequisite installer on Windows:

If you are installing IBM Lotus Sametime Advanced, you can use the prerequisiteinstaller to quickly install the prerequisite components (IBM DB2 Enterprise ServerEdition, IBM DB2 Net Search Extender, IBM WebSphere MQ, and IBM WebSphereEvent Broker) on a single computer. This type of deployment is intended for pilotsand demos only, and should not be used in a production environment.

Before you begin

The prerequisite installer is intended for pilot and proof-of-concept use only.Installing all of these components on a single server is not recommended for aproduction environment because you will not be able to support a large number of

users.

Attention: The prerequisite installer installs versions of DB2, WebSphere MQ, andWebSphere Event Broker for use with release 8.0 of Lotus Sametime Advanced. To

bring the WebSphere MQ up to the level required for later versions of LotusSametime Advanced, complete the steps described in “Upgrading WebSphereEvent Broker on Windows” on page 125.

About this task

The prerequisite installer runs only on a Microsoft Windows server, installing theprerequisite components on a single computer using a default configuration. Whenyou run the prerequisite installer, it completes the following operations in thesequence shown

:

1. Installs DB2 Enterprise Server Edition

2. Installs DB2 Net Search Extender

3. Creates the Net Search Extender text search service

4. Creates and initializes the databases for Lotus Sametime Advanced andWebSphere Event Broker

5. Installs the Eclipse platform required by WebSphere MQ

6. Installs WebSphere MQ (application and fix pack)

7. Installs WebSphere Event Broker

8. Configures WebSphere Event Broker by running the configureEB script

Run the prerequisite installer by completing the steps below:

1. Log in to your computer as the system administrator.

2. Download the prerequisite installer file, called STA8_PI.exe.


www.ibm.com/support/docview.wss?rs=477&uid=swg24018149

3. Run the prerequisite installer with the following command:




STA8_PI.exe

Note: The actual file name for this part may be different on the CD than onPassport Advantage; the Download document lists the part number that is usedas a file name on Passport Advantage.

The prerequisite installer is a self-extracting zip; running STA8_PI.exe extractsall of the files needed for installing prerequisite components and then

launches the installation program.

4. At the "WinZip - Self-Extractor" screen, click Setup.

Once the files have been extracted, the installation program beginsautomatically, displaying its own screens (the extractor's dialog may still bevisible, do not close it as it will continue running to remove temporary filesafter the installation is complete).

5. At the "Welcome" screen, click Next.

6. At the "Software License Agreement" screen, click I accept the terms of thelicense agreement, and then click Next.

7. At the "Specify your preferences for IBM DB2" screen, enter the followinginformation, and then click Next:

Option Description

Installation directory Accept the default location, type a newlocation, or click Browse to locate and selecta directory.

User ID Type a user name for a new DB2administrator; this account will be createdduring installation and assigned DB2administrative privileges.

Password Type a password to be assigned to the newDB2 administrator account.

Confirm password Retype the password to confirm it.

8. At the "Specify names to be used for the Sametime Advanced databases"screen, type names for the two databases that will be created duringinstallation, and then click Next:

Option Description

IBM Lotus Sametime Advanced Type a name consisting of up to 8characters. The examples in thisdocumentation use STADV for thisdatabase's name.

Attention: Do not use the same name asthe host name for this computer, as thatwould create conflicts.

IBM WebSphere Event Broker Type a name consisting of up to 8characters. The examples in thisdocumentation use BRKRDB for thisdatabase's name.

9. At the "Click Next to install IBM WebSphere MQ" screen, you can accept thedefault location, type a new location, or click Browse to locate and select adirectory before clicking Next.




10. At the "Click Next to install IBM WebSphere Event Broker" screen, you canaccept the default location, type a new location, or click Browse to locate andselect a directory before clicking Next.

11. At the "Enter the following values for use in configuring Event Broker" screen,enter the following information, and then click Next:

Option Description

Fully qualified host name or IP address ofthis server

Type either the fully qualified domain name(for example, stadv.acme.com) or the IPaddress of the computer where you areinstalling the prerequisite components.

Existing Administrative User ID Type the Windows system administrator'suser name.

Administrative User Password Type the password associated with that username.

12. At the "The following products will be installed" screen, review the list of products and installation paths, and then confirm it by clicking Next to beginthe installation.

13. At the "Installation of Lotus Sametime Advanced prerequisites is nowcomplete" screen, click Finish to exit the installation program.

The "WinZip Self-Extractor" removes temporary files; wait until that screendisappears to be sure the program has finished.

14. Now activate your DB2 license:



DB2CMD

c. In the DB2 Command window, navigate to the folder where you chose toinstall the DB2 server in step 7, and then navigate to that folder'sactivation subfolder.

During installation, a DB2 licensing file called db2ese_o.lic was stored inthe activation subfolder; for example, C:\Program Files\IBM\SQLLIB\activation.

d. Run the following command in the DB2 environment:


Sample output

LIC1402I License added successfully.

LIC1426I This product is now licensed for use as specified in the LicenseAgreement and License Information documents pertaining to the licensed copyof this product. USE OF THE PRODUCT CONSTITUTES ACCEPTANCE OF THE TERMS OFTHE IBM LICENSE AGREEMENT AND LICENSE INFORMATION DOCUMENTS, LOCATED IN THEFOLLOWING DIRECTORY: "C:\PROGRA~1\IBM\SQLLIB\license\en"


EXIT

What to do next

The prerequisite components you just installed are intended for use with LotusSametime Advanced 8.0. Next, upgrade IBM WebSphere Event Broker toaccommodate Lotus Sametime Advanced 8.0.1 by following these steps:

1. Download the WebSphere Event Broker update program as follows:

a. Log in to Microsoft Windows as the system administrator.




b. Download the update_stadv801_Eb.bat script from theSupportingFiles\EB-V60-image directory.



2. Add the commons-httpclient-contrib-3.1.jar file to the CLASSPATH

statement in the .profile of the user account that will start and stop the brokerservices (this enables that user to properly start the message flow and accessthe broker database):

The CLASSPATH statement was formatted for readability here, but you shouldtype it as one line. The new file appears at the end of the CLASSPATHstatement:

existing_classpath_values;%MQSIINSTALLPATH%\classes\AddBroker.jar;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar

where %MQSIINSTALLPATH% is the absolute path to your WebSphere EventBroker install location; for example:

C:\Program Files\IBM\MQSI\6.0

3. Open the Broker Command Console and then stop the broker by running thefollowing command (substitute the name of your own broker):

mqsistop BRKR_SCCS

Note: You must stop the broker before attempting to run the upgrade script inthe next step.

4. Still in the Broker Command Console, navigate to the directory where youdownloaded the upgrade script (for example: SupportingFiles\EB-v60-image\)and run the broker update script:

Note: The command below has been formatted to fit for readability but youmust type it all on a single line.

update_stadv801_EB.bat -stadvserver host_name- userid service_user_id -mqsiinstallpath EventBroker_installation_path

where:

v -stadvserver host_name indicates the host name of the Lotus SametimeAdvanced server.

v -userid service_user_id indicates the ID used when you created the BrokerService.

v -mqsiinstallpath EventBroker_installation_path indicates the path whereyou installed WebSphere Event Broker.

For example:update_stadv801_EB.bat -stadvserver sales3.acme.com

-userid administrator -mqsiinstallpath C:\Program Files\IBM\MQSI\6.0

The script updates files as necessary and then restarts the broker. If the brokerfails to start, you can start it manually as described in the topic, "Starting andStopping WebSphere MQ and WebSphere Event Broker."

5. Restart the broker services as follows (substitute the name of your own brokerin these commands):

a. Stop the broker with the following command:

mqsistop BRKR_SCCS




b. Start the broker with the following command:

mqsistart BRKR_SCCS

c. Close the Broker Command Console.

6. Now verify that you have the right fix-pack level of WebSphere Event Broker:

a. Open the Message Broker Command Console.

b. Run the following command:

mqsiservice - v

This command displays information about your installation, including thefix pack; look for a line that specifies the product version. This exampleshows the correct product and fix pack:

BIP8996I: Version: 6003

c. If you do not have the correct fix pack (6.0.0.3) installed, you can downloadit from the following Web address:

http://www-1.ibm.com/support/docview.wss?uid=swg24013951

d. Now install the fix pack as explained in the Release Notes document postedon the same page.

Now your prerequisite components are ready for use with Lotus SametimeAdvanced 8.0.1.

Installing prerequisite components on any supported platform:

Before you begin installing IBM Lotus Sametime Advanced, you must install theIBM DB2 database management system and an IBM Lotus Sametime Standardserver.

Before you begin

You will need these prerequisite components for any type of deployment; you willneed one instance of each, although you may additionally need to install the IBM

DB2 Client application on computers that require access to the database server.

Installing the DB2 database management system:

IBM DB2 is a database management system that stores information used by IBMLotus Sametime Advanced.

About this task

Installing DB2 involves the following tasks:

Installing DB2 Enterprise Server Edition:

Install the IBM DB2 server software.

Before you begin

For IBM Lotus Sametime Advanced, you need to install IBM DB2 Enterprise ServerEdition.

About this task

1. Log in to your computer as the system administrator (Microsoft Windows) oras root (IBM AIX, Linux, Solaris).




2. Download the appropriate DB2 package for your operating system, and extractthe files.

Note: You must also download the DB2 license file db2ese_o.lic, which youactivate after installing the DB2 server; this file is stored with the DB2 package.


www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.

3. Install the DB2 server as explained in the DB2 information center at thefollowing Web address:

http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp

In the information center, search for the following text to locate installationinstructions: "Installing DB2 Servers".

4. Accept the default values and settings during DB2 installation.

Note: When you create the DB2 administrative user account, the password thatyou assign to the account must satisfy your server operating system'srequirements as well as any additional requirements imposed by yourcompany. For information, see the Password Rules topic in the DB2 informationcenter.




DB2CMD

c. In the DB2 Command window, navigate to the folder where youdownloaded the DB2 license file.



Sample output for Windows

LIC1402I License added successfully.LIC1426I This product is now licensed for use as specified in the LicenseAgreement and License Information documents pertaining to the licensed copyof this product. USE OF THE PRODUCT CONSTITUTES ACCEPTANCE OF THE TERMS OFTHE IBM LICENSE AGREEMENT AND LICENSE INFORMATION DOCUMENTS, LOCATED IN THEFOLLOWING DIRECTORY: "C:\PROGRA~1\IBM\SQLLIB\license\en"


EXIT

Installing DB2 Net Search Extender:

Install IBM DB2 Net Search Extender to support text retrieval by concurrent IBMLotus Sametime Advanced users.

Before you begin

Make sure you have a DB2 server installed before you begin.

About this task

Install DB2 Net Search Extended on the DB2 server by following these steps:



http://publib.boulder.ibm.com/infocenter/db2luw/v9r5/topic/com.ibm.db2.luw.qb.server.doc/doc/c0011027.html




2. Download the appropriate DB2 Net Search Extender package for youroperating system, and extract the files.

Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document atwww.ibm.com/support/docview.wss?rs=477&uid=swg24018149.

3. Install DB2 Net Search Extender as explained in the DB2 information center at

publib.boulder.ibm.com/infocenter/db2luw/v9/index.jspIn the information center, search for the following text to locate installationinstructions: "Installing Net Search Extender".

4. Accept the default values and settings while installing Net Search Extender.

5. When installation is finished, start Net Search Extender by running thefollowing command in the DB2 environment:

db2text start

What to do next

Attention: DB2 Net Search Extender must be running to support Lotus SametimeAdvanced operations. If you stop this service for any reason, be sure to restart it.

To remove the need for manual restarts, you may want to set this service to startautomatically:

v AIX, Linux, Solaris: Add the text indexing service startup to the databasestartup script.

v Windows: Set the "DB2EXT" service to "Automatic" in the Windows Servicescontrol panel.

Creating the WebSphere Event Broker database:

Use IBM DB2 to create a database for storing IBM WebSphere Event Broker data.

Before you begin

The WebSphere Event Broker database contains Broker-specific systemconfiguration information that is added or modified whenever a broker is createdor configured.

You can define your own names for this database using 8 characters or less; in theexamples presented in this documentation, the Event Broker database is named"BRKRDB".

1. Log in to the DB2 server as the DB2 Administrator (or as a user in theDB2ADMNS group).

2. Open a DB2 command window. For example, in Windows, click Start →Programs → IBM DB2 → DB2COPY1 (default) → Command Line Tools →Command Window .

3. Run the following command to create the WebSphere Event Broker database(called "BRKRDB" in this documentation):

DB2 CREATE DATABASE database_name USING CODESET UTF-8 TERRITORY US

For example:

DB2 CREATE DATABASE BRKRDB USING CODESET UTF-8 TERRITORY US

Sample Output:

DB20000I The CREATE DATABASE command completed successfully.

Creating the Lotus Sametime Advanced database:











Use IBM DB2 to create a database for storing IBM Lotus Sametime Advanced data.

Before you begin

The Lotus Sametime Advanced database requires a DB2 database to storeinformation. In the examples presented in this documentation, the Lotus SametimeAdvanced database is named STADV.

About this task

Create the database directly on the DB2 server using the provided script.

1. Download the appropriate versions of the scripts for your operating system tothe DB2 server.

The scripts are stored in the \SupportingFile\DB2-image\db2-scripts directorywithin the Lotus Sametime Advanced software download; be sure to take all of the files for your operating system.


2. Verify that you are working in DB2 as the DB2 Administrator (or as a user inthe DB2ADMNS group).

3. (AIX, Linux, Solaris) Assign execute privileges to the createDb.sh file byrunning the following command:

chmod +x createDb.sh

4. In the DB2 environment, create the database by running the script as follows:

AIX, Linux, Solaris

./createDb.sh database_name

Windows

createDb.bat database_name

where database_name is the name of the Lotus Sametime Advanced database (inthis documentation, examples will use "STADV" as that database's name).

For example:

./createDb.sh STADV

Attention: Do not use the same name as the host name for this computer, asthat would create conflicts.This script creates the new database and sets up the schema and tables neededfor Lotus Sametime Advanced.

Creating text indexes for searching the Lotus Sametime Advanced database:

Create indexes in an IBM DB2 database hosted on either Microsoft Windows or

Linux.

Before you begin

You must have installed the IBM DB2 server software and DB2 Net SearchExtender, then started those applications, created a database, and set up thedatabase schema. The DB2 command window should still be open from theprevious task (open it if necessary).









About this task

Note: If the indexes should become corrupted, you can safely rerun the dbtextscript at any time without losing any existing data.

1. Download the appropriate version of the dbtext script for your operatingsystem to the DB2 server.

This script is stored in the \SupportingFiles directory within the LotusSametime Advanced software download.

Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document at www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.

2. In the DB2 Command Window, run the following command to create the textindexes:

AIX, Linux, Solaris

./dbtext.sh database_name

Windows

dbtext.bat database_name

where database_name is the name of the Lotus Sametime Advanced database("STADV" in this documentation). If you see an error stating that "DB2TEXT" isnot a recognized command, make sure that DB2 Net Search Extender has beeninstalled and is running.

3. Once the script successfully completes, you can disconnect from the databasewith the following command:

DB2 DISCONNECT STADV

Sample output

DB20000I The SQL DISCONNECT command completed successfully.

4. Now type the following command in the DB2 Command Window:

EXIT

5. Close the DB2 Command Window.

Installing the DB2 client:

If an application requires access to a remote IBM DB2 database, install the DB2Client application and then catalog the remote database.

Before you begin

IBM WebSphere MQ and WebSphere Event Broker require a connection to thedatabase used for storing messaging information (called "BRKRDB" in thisdocumentation). If the BRKRDB database is on a remote server, you must installthe DB2 client on the server hosting WebSphere MQ and WebSphere Event Broker,and then catalog the database from the client to ensure access.

The Lotus Sametime Advanced server does not require the DB2 client, even whenDB2 is hosted on a separate computer (because the use of JDBC type 4 driversremoves the need for a DB2 client to access the remote DB2 server).












3. Install the DB2 client as explained in the DB2 information center at thefollowing Web address:


In the information center, search for the following text to locate installationinstructions: "Installing DB2 clients".

4. Accept default values and settings during installation.

5. When the installation is complete, catalog the DB2 database by running thefollowing commands in the DB2 Command Window:

db2 catalog tcpip node node_name remote server_dns_name server server_portdb2 catalog database database_name at node node_name

where:

v node_name is any eight-character name you want to assign to the node, as in:myDB2svr (simply make up a name)

v server_dns_name is the fully qualified domain name of the remote databaseserver, as in: db2server.acme.com

v server_port is the port on which DB2 is installed; this is normally port 50000(Microsoft Windows) or 50001 (IBM AIX, Linux, and Sun Solaris)

v database_name is the name of the database to be used for WebSphere EventBroker (BRKRDB in this documentation).

Example:

db2 catalog tcpip node DBSRV remote sales.acme.com server 50000db2 catalog db BRKRDB at node DBSRV

Note: If you catalog the database using an alias, that name must match thedatabase name already used on the DB2 server. In the examples in thisdocumentation, the database name is BRKRDB, so the alias name would also beBRKRDB.

Installing WebSphere MQ:

IBM WebSphere MQ provides messaging across multiple platforms, allowingindependent applications on a distributed system to communicate with each other.

Before you begin

WebSphere MQ enables information packaged as messages to flow betweendifferent business applications. There are two ways in which WebSphere MQ canact on messages:

v Message routing performs a defined set of operations on a message, applying

them in a prescribed sequence, to route them from sender to recipient.v Message transformation modifies messages by changing, combining, adding, or

removing data; for example to change the format to accommodate the recipient'srequirements.

About this task

If you already installed WebSphere MQ, you do not have to install it again for anew Lotus Sametime Advanced deployment. If you uninstalled Lotus SametimeAdvanced and are installing a newer version, you should have removed the broker




services already and can simply configure them anew. Installing WebSphere MQinvolves the following tasks:

Installing the WebSphere MQ application:

Install the IBM WebSphere MQ application to support messaging in yourdeployment.

About this task

The procedure for installing the WebSphere MQ application varies with theoperating system:

Installing the WebSphere MQ application on AIX:

Install the IBM WebSphere MQ application on IBM AIX.

Before you begin

You can install WebSphere MQ on the same computer that will host IBM Lotus

Sametime Advanced, or on a different one; however, WebSphere MQ must behosted on the same computer as WebSphere Event Broker, which you will install ina later task.

About this task

For information on installing WebSphere MQ, see the WebSphere MQ for AIXQuick Beginnings Guide at:

publibfp.boulder.ibm.com/epubs/pdf/amqaac08.pdf

The guide explains how to use SMIT or SMITTY (smitty install_latest) to install thefollowing WebSphere MQ components

v

mqm.base.runtimev mqm.base.samples

v mqm.base.sdk

v mqm.java.rte

v mqm.keyman.rte

v mqm.man.en_US.data

v mqm.msg.en_US

v mqm.server.rte

The localized components may vary.

Installing the WebSphere MQ application on Linux and Solaris:

Install the IBM WebSphere MQ application on Linux or Solaris.

Before you begin

You can install WebSphere MQ on the same computer that will host IBM LotusSametime Advanced, or on a different one; however, WebSphere MQ must behosted on the same computer as WebSphere Event Broker, which you will install ina later task.


http://publibfp.boulder.ibm.com/epubs/pdf/amqaac08.pdf

http://publibfp.boulder.ibm.com/epubs/pdf/amqaac08.pdf



For additional information on installing WebSphere MQ, see the WebSphereMessage Broker information center at:

http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp

Search for the following text: "Installing a WebSphere MQ server".

About this task

You can install WebSphere MQ on the same computer as IBM Lotus SametimeAdvanced, or on a different machine.

When you run the WebSphere MQ installer, it first verifies that its own prerequisitecomponents are already installed on the server; if the requirements have not beenmet, you must install the components before you can install WebSphere MQ.

Tip: For additional information on preparing the server and installing WebSphereMQ, review the "Quick Beginnings for operating_system > Server > Preparing toinstall" topic in the WebSphere MQ information center.

1. Log in to your computer as root.



Note: You will download the fix pack directly from the IBM Web site in thenext task.

3. Set up user permissions for the broker services by doing the following:

a. Create the mqsi user.

b. Create the mqbrkrs group.

c. Create the mqm group.

d. Add the mqsi and root users to the mqbrkrs and mqm groups.

e. Add the local DB2 user account to the mqm and mqbrkrs groups.

4. Navigate to the directory where you stored the installation files.

5. Begin the installation by running the following command: ./mqlicense.sh .

6. At the "Software License Agreement" screen, read the license agreement andclick Accept.

7. Install WebSphere MQ:

AIX, Linux

a. Run the following command to install the MQSeries Runtime application:

rpm -ivh MQSeriesRuntime-6.0.0-0.i386.rpm

b. Run the following command to install the MQSeries Java application:rpm -ivh MQSeriesJava-6.0.0-0.i386.rpm

c. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setupthe Default Configuration, click Next to skip that task and finish theinstallation without setting up the default configuration.

Solaris

a. Run the following command to install the MQ application:

pkgadd -d.






b. When presented with a list of available packages, type the numberrepresenting "mqm" package.

c. When presented with the list of components, type the number representingMQ Series application, then type a comma as a separator before typing thenumber of the MQ Java application.

d. Type "y" if you are prompted with any questions.

e. When you see the message indicating that installation is complete, type "q"to exit the installation program.

Installing the WebSphere MQ application on Windows:

Install the IBM WebSphere MQ application on Microsoft Windows.

Before you begin




About this task

You can install WebSphere MQ on the same computer as IBM Lotus SametimeAdvanced, or on a different machine. If you take the defaults then typically, MQinstalls to a path like this:

C:\Program Files\IBM\WebSphere MQ\Java\lib


Tip: For additional information on preparing the server and installing WebSphereMQ, review the "Windows Quick Beginnings > Installing the WebSphere MQServer > Preparing for server installation" topic in the WebSphere MQ informationcenter.

1. Log in to your computer as the Microsoft Windows administrator.

Attention: Logging in with an account other than the Administrator willprevent the mqsi user from being added to the Administrators groups, whichwill cause the configureEB script to fail in a later step.

2.Set up user permissions for the broker services by doing the following:a. Create the mqsi user.

b. Add the mqsi user to the Windows "Administrators" group .

c. Create the mqbrkrs group.

d. Create the mqm group.

e. Add the mqsi and Windows Administrator users to the mqbrkrs and mqmgroups.

f. Add the local DB2 user account to the mqm and mqbrkrs groups.


http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/topic/com.ibm.mq.amqtac.doc/wq10430_.htm






3. Download the appropriate installation package for your operating system, andextract the files.



4. Navigate to the directory where you extracted the file and begin theinstallation by running the following command:

Setup.exe

5. At the "Welcome to the WebSphere MQ Launchpad" screen, click the SoftwareRequirements button on the left.

This initiates a check for any applications that must be in place before you caninstall WebSphere MQ. In particular, this will check for the existence of WebSphere Eclipse Platform and, if that application is not already installed,will give you a chance to install it now.

6. At the "Software Requirements for WebSphere MQ on Windows" screen, check

the status of WebSphere Eclipse Platform.7. Do one of the following:

v If the requirements have all been satisfied, skip to Step 9.

v Otherwise, continue to Step 8 and proceed from there.

8. If WebSphere Eclipse Platform is not already available on this computer,install it now as follows:

a. Click the + next to "WebSphere Eclipse Platform Version 3.0.1" to displayinstallation information.

b. Click the Network button, then click Open and select setup.exe to begininstalling WebSphere Eclipse Platform.

c. At the "Select Setup Language" screen, select a language and click OK. The

"WebSphere Eclipse Platform" splash screen displays as the installationprocess begins.

d. At the "Welcome to the Installation Wizard for WebSphere EclipsePlatform" screen, click Next.

e. At the "License Agreement" screen, click the option to accept theagreement, and then click Next.

f. At the "Destination Folder" screen, accept the default destination forWebSphere Eclipse Platform files, and click Next.

To select a different destination, click the Change button; when yourdestination is correctly specified, click Next.

g. At the "Ready to Install WebSphere Eclipse Platform" screen, click Install.

h. At the "Installing WebSphere Eclipse Platform" screen, wait for theinstallation process to complete.

i. At the "Installation Wizard Completed Successfully" screen, click Finish.WebSphere Eclipse Platform is now installed on the server, and you areready to install WebSphere MQ.

j. Click the Refresh button to repeat the requirements check for WebSphereMQ.

9. When the "Software Requirements for WebSphere MQ on Windows" screenshows that all requirements have been satisfied, click the WebSphere MQInstallation button and install WebSphere MQ as follows:




a. At the "WebSphere MQ Installation" screen, select a language, and thenclick 'Launch IBM WebSphere Installer.

b. At the "License Agreement" screen, click the option to accept theagreement, and then click Next.

c. At the "Setup Type" screen, click Typical to select a typical installation, andthen click Next.

d. At the "Ready to Install WebSphere MQ" screen, review your settings;when you are ready to proceed, click Install.

e. At the "Installing WebSphere MQ" screen, wait while the installer copiesfiles and installs WebSphere MQ.

f. At the "Installation Wizard Completed Successfully" screen, click Finish toexit the installation wizard. Once the basic WebSphere MQ installation isfinished, the Prepare WebSphere MQ Wizard launches automatically.

10. Run the Prepare WebSphere MQ Wizard as follows:

a. At the "Welcome to the Prepare WebSphere MQ Wizard" screen, click Next.

b. At the "WebSphere MQ Network Configuration" screen, wait forconfiguration to complete, and then click Next.

c. You will asked whether there is a Windows domain controller in thenetwork.

v If there is not, click No and skip to step 10e.

v If there is a domain controller, click Yes and proceed to step 10d foranother step.

d. If the Windows administrator account that you logged in with belongs to adomain (DOMAIN/USER), then you may see a screen like this, promptingfor additional information about the domain account. Unless the domainhas imposed restrictions on local user accounts, you can simply clickCancel at this point, and consider your WebSphere MQ installationcomplete.

Clicking the More Information button provides the following details to

help you determine how to respond and complete this screen.When WebSphere MQ is running, it must check that only authorized userscan access queue managers or queues. Whenever any user attempts suchaccess, WebSphere MQ uses its own local account to query informationabout the user. Domain controllers that are running Windows 2000 Server,Windows 2003 Server, or later, can be set up in such a way that WebSphereMQ cannot use local accounts to check that users defined on thosedomains are authorized to access queue managers or queues. In this case,you must provide WebSphere MQ with a special domain user account touse. If you are unsure whether this case applies to you, you should consultyour domain administrator.

If a special domain user account is required, send the "Configuring

Windows Accounts" page to your domain administrator, and ask for one of the special accounts it describes. Enter the account details into the PrepareWebSphere MQ Wizard. This wizard runs automatically at the end of installation; the wizard can also be run at any time from the Start menu.

Restriction: If the special domain user account is required but you carryon anyway and configure WebSphere MQ without it, many or all parts of WebSphere MQ will not work, depending upon the particular useraccounts involved. In particular, if you are currently logged on with adomain user account, you might not be able to complete the DefaultConfiguration, and the Postcard and API Exerciser might not work.




e. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setupthe Default Configuration, click Next to skip that task and finish theinstallation without setting up the default configuration.

At this point, the WebSphere MQ application is installed, and you are ready toinstall the accompanying fix pack in the next task.

Installing the WebSphere MQ fix pack:

After installing the IBM WebSphere MQ application, install the fix pack to ensurethe product is up-to-date.

Before you begin

After installing IBM WebSphere MQ, check the Lotus Sametime systemrequirements at the following Web address, and determine whether you need toinstall a fix pack:

www.ibm.com/support/docview.wss?&uid=swg27010738

Note: You must install the base application before you can update it with a fix

pack.

About this task

The procedure for installing the WebSphere MQ fix pack varies with the operatingsystem:

Installing the WebSphere MQ fix pack on Linux and Solaris:

Install the IBM WebSphere MQ fix pack to update the application to the necessarylevel for use IBM Lotus Sametime Advanced.

Before you begin

Make sure that the WebSphere MQ application has already been installed on theserver. You do not have to configure WebSphere MQ before installing the fix pack.

About this task

Install the WebSphere MQ fix pack on the same computer where you installed theWebSphere MQ application.

1. Download the latest fix pack from the IBM site as follows:

a. Open a browser and navigate to the following Web address to downloadthe fix pack:

www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980

b. Scroll to the "Download package" table at the bottom of the page and selectthe appropriate fix pack for your operating system.

c. At the "Terms and Conditions" screen, click I agree.

You will now be redirected automatically to the IBM Support site, whereyou can download the fix pack.

d. Sign in as prompted to access the download site.

e. Review the Business Control, Privacy, and License; then click the I agree box.

f. Now click I confirm at the bottom of the page.


http://www.ibm.com/support/docview.wss?&uid=swg27010738

http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980





g. Select a download method and language, and download the fix pack.

2. Now install the fix pack as follows:

a. Navigate to the directory where you stored the fix pack.

b. Perform the product update by running the following command:

AIX, Linux

rpm -ivh MQSeriesRuntime-6.0.2-3.i386.rpm MQSeriesServer- fixpack_version.i386.rpm

Solaris

pkgadd -d fixpack_file_name.img

What to do next

You do not need to configure WebSphere MQ right now because it will beconfigured for you when you run the script that configures WebSphere EventBroker in a later task.

Installing the WebSphere MQ fix pack on Windows:

Install the IBM WebSphere MQ fix pack to update the application to the necessary

level for use IBM Lotus Sametime Advanced.

About this task













a. Navigate to the folder where you stored the fix pack.

b. Start the fix pack installation by running the following file:WebSphereMQMDV _FPversion_EnUs.exe.

c. At the "Welcome to the InstallShield Wizard for WebSphere MQ" screen,click Next.

d. At the "Remove Installation Files" screen, click the first option (upack thefiles to a temporary location and then remove them after installation iscomplete), and then click Next.

e. At the "Extracting Files" screen, wait. Wait some more. When the Next button is enabled, click it.




f. Wait some more while the installer progresses through a series of screenssuch as the "Checking files" screen.

g. At the "Click Install to begin installation" screen, you can accept the defaultinstallation location, or optionally select a new location. Then click Install.

h. Next, a series of screens appears while the fix pack installation process runs.Wait some more; do not click anything on these screens.

i. At the "Fix Pack installation is complete" screen, click Finish.

What to do next


Installing WebSphere Event Broker:

IBM WebSphere Event Broker extends the reach, scope, and scale of the WebSphereMQ infrastructure, enabling the secure and seamless interaction of enterpriseapplications with thousands of users. The centralized administration of distributed

brokers provided by WebSphere Event Broker improves the flexibility, security, androuting of messaging.

About this task

You can install WebSphere Event Broker on the same computer as IBM LotusSametime Advanced, or on a different machine. Note that WebSphere Event Brokermust be hosted on the same computer as WebSphere MQ so that the twoapplications can work together.

Installing WebSphere Event Broker consists of the following tasks:

Installing the WebSphere Event Broker application:



About this task

A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker,and the two applications must be installed on the same computer. This deploymentcan support only one broker for Lotus Sametime Advanced, which specificallylooks for the broker on port 1506.

In addition, these components require access to the DB2 database; if the database ishosted on a different computer, you must install the DB2 client application on thesame computer as WebSphere MQ and WebSphere Event Broker.

If you already installed WebSphere Event Broker, you do not have to install itagain for a new Lotus Sametime Advanced deployment. If you uninstalled LotusSametime Advanced and are installing a newer version, you should have removedthe broker services already and can simply configure them anew.




The procedure for installing WebSphere Event Broker varies with the operatingsystem on which it will be hosted:

Installing the WebSphere Event Broker application on AIX, Linux, Solaris:

Install the IBM WebSphere Event Broker application on IBM AIX, Linux, or Solaris.

Before you begin

There are two prerequisites for installing WebSphere Event Broker:

v You must install WebSphere Event Broker on the same computer where youinstall IBM WebSphere MQ; this is required for these components to functionproperly.

v If you are not installing WebSphere Event Broker directly on the DB2 server, youmust install a copy of the DB2 client on this computer, and then catalog thedatabase that you created for WebSphere Event Broker (called "BRKRDB" in thisdocumentation) from the DB2 client.

About this task

For additional information on installing WebSphere Event Broker, see theWebSphere Message Broker information center at:

http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp

Follow these steps to install WebSphere Event Broker:

1. Download and extract the WebSphere Event Broker installation program asfollows:

a. Log in to the server as root..

b. Download the appropriate package for your operating system, and extractthe files.

Downloading files for Lotus Sametime Advanced and related applications is

described in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.

2. Install WebSphere Event Broker as follows:

a. Start the WebSphere Event Broker installer by navigating to the directorywhere you extracted the file and running the appropriate setup command:

v AIX: ./setupaix

v Linux: ./setuplinuxia32

v Solaris: ./setupsolaris

The installation program begins by displaying the WebSphere Event Brokersplash screen.

b. At the "Welcome to the InstallShield Wizard for IBM WebSphere EventBroker" screen, click Next.

c. At the "Software License Agreement" screen, click the option to accept theagreement, and then click Next.

d. At the "Choose the setup type that best suits your needs" screen, clickTypical, and then click Next.

e. At the "IBM WebSphere Event Broker will be installed in the followinglocation" screen, click Next.

f. At the "Installing IBM WebSphere Event Broker" screen, please wait.




g. At the "Would you like to launch a command console after the installwizard finishes?" screen, click the Yes option if you want to automaticallylaunch the command console; then click Next.

h. At the "InstallShield Wizard has successfully installed WebSphere EventBroker" screen, click Finish.

3. Now verify that you have the right fix-pack level of WebSphere Event Broker:

a. Open the Message Broker Command Consoleb. (Solaris only) Run the following set up command:

AIX and Linux users should skip this step.

. /opt/IBM/mqsi/6.0/bin/mqsiprofile

c. Run the following command to display the MQ version:

mqsiservice - v



d. If you do not have the correct fix pack installed, you can download it from

the IBM Web Site using the same method as you did for WebSphere MQearlier.

Download the Fix Pack (6.0.0.3) from the following Web address:


e. Now install the fix pack as explained in the Release Notes document postedon the same page.

Installing the WebSphere Event Broker application on Windows:

Install the IBM WebSphere Event Broker application on Microsoft Windows.

Before you begin




About this task




1. Download and extract and the WebSphere Event Broker installation program asfollows:





Attention: Logging in with an account other than the Administrator willprevent the mqsi user from being added to the Administrators groups,which will cause the configureEB script to fail in a later step.


Downloading files for Lotus Sametime Advanced and related applications is

described in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.


a. Start the WebSphere Event Broker installer by navigating to the directorywhere you extracted the file and running the following command:

Setup.exe



c. At the "Software License Agreement" screen, click the option to accept the

agreement, and then click Next.d. At the "Choose the setup type that best suits your needs" screen, click

Typical, and then click Next.





3. Now verify that you have the right fix-pack level of WebSphere Event Broker:a. Open the Message Broker Command Console.


mqsiservice - v





d. Now install the fix pack as explained in the Release Notes document postedon the same page.

Configuring WebSphere Event Broker:

Configure IBM WebSphere Event Broker for your single-server IBM LotusSametime Advanced deployment.




Before you begin

Make sure you have installed the WebSphere Event Broker application before youattempt to configure it.

About this task

The procedure for configuring WebSphere Event Broker varies with the operatingsystem on which it is hosted:

Configuring WebSphere Event Broker on AIX, Linux, Solaris:

Configuring IBM WebSphere Event Broker for IBM Lotus Sametime Advanced bycopying jar files to the classpath and then running a predefined script.

About this task

Configure WebSphere Event Broker on the computer where you installed it bylogging in as a system administrator and completing the following procedures:

Adding jar files to the classpath on AIX, Linux, Solaris:

Copy required jar files to the classpath so they can be referenced duringconfiguration of IBM WebSphere Event Broker on AIX, Linux, or Solaris.

About this task

Follow these steps to add supporting jar files to the system classpath. All of the jarfiles need to be available on the system classpath so that the event broker can besuccessfully configured for the real-time message flow on your server. In addition,the SametimePlusExits.jar file must be available on the system classpath to preventruntime errors when the event broker is started.

Add the following statements to the .profile of the user account that will startand stop the broker services (this adds jars to the classpath and enables that userto properly start the message flow and access the broker database):AIX, Linux

Note: The CLASSPATH statement was formatted for readability here, but youmust type it as a single line.

export CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/AddBroker.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-codec-1.3.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-3.1.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar

;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-logging-1.1.jarif [ -f /home/db2inst1/sqllib/db2profile ]; then. /home/db2inst1/sqllib/db2profile

fi

where mqsi_install_path is the absolute path to your WebSphere Event Broker installlocation; for example:Solaris

CLASSPATH= mqsi_install_path/classes/SametimePlusExits.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/AddBroker.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-codec-1.3.jar




CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-3.1.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-contrib-3.1.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-logging-1.1.jar

export CLASSPATHif [ -f /home/db2inst1/sqllib/db2profile ]; then

. /home/db2inst1/sqllib/db2profilefi

where mqsi_install_path is the absolute path to your WebSphere Event Broker installlocation; for example:

/opt/ibm/mqsi/6.0

Running the configureEB script on AIX, Linux, Solaris:

Configure IBM WebSphere Event Broker services on Microsoft Windows byrunning the provided script.

Before you begin

After installing WebSphere Event Broker, run the configureEB.sh configurationscript for your operating system.

About this task

The configureEB script completes the following tasks:

v Removes any stuck deployment requests on the configuration manager

v Deletes the configuration manager

v Deletes the event broker

v Removes the listener

v Removes the queue manager

v Creates the queue manager

v Creates the listener

v Creates the event broker

v Creates the configuration manager

v Configures broker security

v Runs the AddBroker configuration

v Deploys the BAR file

v Starts the message flow

v Starts the queue manager, the broker services, and the configuration manager

1. Download the configureEB.sh script to the server.



2. If a message queue is running (sccs.queue.manager or anything configured touse port 1414), end it (or delete it) before proceeding.

3. Run the configuration script with the following command (type the entirecommand on one line):

ConfigureEB.sh -hostname host _name -userid admin_name-userpassword admin_password -dbusername database_username-dbpassword database_password -dbname database_name-dbinstallpath sqllib_directory -stadvserver sametime_advanced_server




where:

v host_name is the fully qualified host name or IP address of the current server(where WebSphere Event Broker is installed)

v admin_name is the local system account ('mqsi' in this documentation) thatwill be used to run the event broker and configuration manager's services. Itis assumed this user is a member of the 'mqbrkrs' group.

v

admin_password is the password for the admin_name accountv database_username is the user ID of an IBM DB2 database administrator who

can access the database used by WebSphere Event Broker

v database_password is the password for the database_username account

v database_name is the name of the DB2 database used for storing WebSphereEvent Broker data (in this documentation, BRKRDB)

v sqllib_directory is the full path to the sqllib directory (where the DB2 serveror client is installed)

v sametime_advanced_server is the host name of the server where LotusSametime Advanced is installed

For example (remember to type the entire command on one line):

ConfigureEB.sh -hostname myhost.acme.com -userid mqsi-userpassword p@ssword -dbusername db2admin-dbpassword passw0rd -dbname BRKRDB-dbinstallpath /home/db2inst1/sqllib -stadvserver sales3.acme.com

4. Increase the limit on the number of files that can be open at the same time:

v AIX

Edit the /etc/system/limit file and add the following settings:

root:nofiles=10000

mqm:nofiles=10000

mqsi:nofiles=10000

v Linux

Edit the /etc/security/limits.conf file and add the following settings:

mqm soft nofile 50000mqm hard nofile 50000mqsi soft nofile 50000mqsi hard nofile 50000root soft nofile 50000root hard nofile 50000

v Solaris

Edit the /etc/system file and add the following settings:

set rlim_fd_max = 10000

set rlim_fd_cur=100005. Restart the server.

Parameters for the configureEB script on AIX, Linux, Solaris:

The configureEB.sh script uses both required and optional parameters.

You can display the list of arguments for the script by running the followingcommand on an IBM AIX, Linux, or Solaris server:

ConfigureEB.sh -help




System output

################REQUIRED COMMANDS################

-hostname : The resolvable hostname or IP address for this system-userid : The local system account 'mqsi' that will be used to run

the event broker and configuration manager's services.

It is assumed that user 'mqsi' is a member of the 'mqbrkrs'group.

-userpassword : The password for the -userid account.-dbusername : The name of the DB2 database administrator who can access

the database used by the event broker.-dbpassword : The password for the -dbusername account.-dbname : The name of the database used by event broker.-dbinstallpath : The absolute path to the DB2 instance owner's sqllib directory.

Example: /home/db2inst1/sqllib-stadvserver : The hostname of the Sametime Advanced server the event broker

will connect to.

################OPTIONAL COMMANDS################

It is recommended that the default values be used for the following.If for some reason the default settings are causing problems, the settingscan be modified using the below flags:

-silent : Do not prompt for user input.-javahome : If java is not on your classpath, use this flag to tell

the script where java can be found on your system.-listenerport : The port used when defining the listener on the queue

manager, default is 1414.-qmgrname : The name of the queue manager to create, default is

sccs.queue.manager-brokername : The name of the event broker instance to create, default

is BRKR_SCCS

-configmgrname : The name of the configuration manager instance to create,default is CMGR_SCCS-executiongroup : The name of the execution group to create on the broker,

default is 'default'

Note: In the script, the event broker is configured to listen on port 1506; this portis not provided as a parameter because it cannot be changed:

#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506

Configuring WebSphere Event Broker on Windows:

Configuring IBM WebSphere Event Broker for IBM Lotus Sametime Advanced bycopying jar files to the classpath and then running a predefined script.

About this task

Configure WebSphere Event Broker on the computer where you installed it bylogging in as a system administrator and completing the following procedures:

Adding jar files to the classpath on Windows:

Copy required jar files to the classpath so they can be referenced duringconfiguration of IBM WebSphere Event Broker on Microsoft Windows.




About this task


1. Log on to the server as the Windows system administrator.

2. Add the following files to the CLASSPATH, keeping the statement on one line:

List of files:

v SametimePlusExits.jar

v AddBroker.jar

v commons-codec-1.3.jar

v commons-httpclient-3.1.jar

v commons-httpclient-contrib-3.1.jar

v commons-logging-1.1.jar

How they look on the CLASSPATH (this was formatted for readability, your

CLASSPATH statement must be formatted as one line):existing_classpath_values

;%MQSIINSTALLPATH%\classes\AddBroker.jar;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar



Note: These jar files do not exist in the classes directory yet, when you run the

configureEB.bat script in the next task; the files will be copied to your serverfor use during configuration.

3. Restart the server so these changes take effect before you configure WebSphereEvent Broker.

Running the configureEB script on Windows:

Configure IBM WebSphere Event Broker services on Microsoft Windows byrunning the provided script.

Before you begin

After installing WebSphere Event Broker and adding the jar files to the

CLASSPATH statement, run the configureEB.bat configuration script.

About this task

The script completes the following tasks:

v Removes any stuck deployment requests on the configuration manager

v Deletes the configuration manager

v Deletes the event broker

v Removes the listener




v MQSI_install_path is the path to the root of the WebSphere Event Brokerinstallation (by default, "C:\Program Files\IBM\MQSI\6.0" enclosed inquotation marks as shown

v sametime_advanced_server is the host name of the server where LotusSametime Advanced is installed

This script starts the queue manager, the broker services, and the configuration

manager.

Example

For example (remember to type the entire command on one line):

ConfigureEB.bat -hostname sales3.acme.com -userid mqsi-userpassword p@ssword -dbinstallpath "C:\Program Files\IBM\SQLLIB"-dbusername db2admin -dbpassword passw0rd -dbname BRKRDB-mqsiinstallpath "C:\Program Files\IBM\MQSI\6.0" -stadvserver sales3.acme.com

Parameters for the configureEB script on Windows:

The configureEB.bat script uses both required and optional parameters.

When working on a Microsoft Windows server, you can display the list of arguments by running the following command:

ConfigureEB.bat -help

System output

################REQUIRED COMMANDS################

-hostname : The resolvable hostname or IP address for this system-userid : The local system account (or domain account) that will

be used to run the event broker (user 'mqsi')and configuration manager's windows services.

-userpassword : The password for the -userid account.-dbinstallpath : The long path name to the directory where DB2 is intalled.Default: C:\Program Files\IBM\SQLLIB

-dbusername : The name of the DB2 database administrator who can accessthe database used by the event broker.

-dbpassword : The password for the -dbusername account.-dbname : The name of the database used by event broker.-mqsiinstallpath : The long path name to the directory where MQSI components

are installed. Default is C:\Program Files\IBM\MQSI\6.0-stadvserver : The resolvable hostname of the Sametime Advanced server

################OPTIONAL COMMANDS################

It is recommended that the default values be used for the following.If for some reason the default settings are causing problems, the settingscan be modified using the below flags:

-silent : Do not prompt for user input-javahome : If java is not on your classpath, use this flag to tell

the script where java can be found on your system.-listenerport : The port used when defining the listener on the queue

manager, default is 1414.-qmgrname : The name of the queue manager to create, default is

sccs.queue.manager-brokername : The name of the event broker instance to create, default




is BRKR_SCCS-configmgrname : The name of the configuration manager instance to create,

default is CMGR_SCCS-executiongroup : The name of the execution group to create on the broker,

default is 'default'

Note: In the script, the event broker is configured to listen on port 1506; this portis not provided as a parameter because it cannot be changed in the current release:

#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506

Installing the Lotus Sametime Advanced application:

Install, configure, and verify IBM Lotus Sametime Advanced on a single server.

Before you begin

Installing and configuring Lotus Sametime Advanced requires completing thefollowing tasks:

Choosing a method for installing the Lotus Sametime Advanced application:

There are several ways you can install the IBM Lotus Sametime Advancedapplication.

Before you begin

Choose a method for installing the Lotus Sametime Advanced application softwareon a single server:

Running the graphical installer for Lotus Sametime Advanced:

After you have installed all the prerequisite components, install the IBM Lotus

Sametime Advanced application using the graphical interface.

Running the graphical installation program:Before you begin

Verify that you have installed and configured the following components before you begin installing Lotus Sametime Advanced:

v A supported LDAP directory (see the IBM Lotus Sametime AdvancedRequirements for the list of supported products)



v IBM WebSphere MQ


About this task

Follow these steps to install Lotus Sametime Advanced using the "Single server(Primary node for Network Deployment)" option.












3. Download the appropriate packages for your operating system, and extractthe files.


You will need to download packages for the following products onto thisserver:

v WebSphere Application Server 6.1.0.13

v Lotus Sametime Advanced

4. Extract the files for WebSphere Application Server so they can be used by theLotus Sametime Advanced installer.

5. Navigate to the folder where you stored the downloaded files for LotusSametime Advanced and start the installation program by running one of thefollowing commands:

v AIX, Linux, Solaris

./install.sh

v Windows

install.bat

6. At the "Select a language" prompt, select English and then click OK.


8. At the "license agreement" screen, click the I accept both the IBM and thenon-IBM terms option, and then click Next.

9. At the "type of installation" screen, select Single server (Primary node forNetwork Deployment) and then click Next.

10. At the "root path to the installation files for WebSphere Application Server"screen, enter the path to the folder where you extracted the IBM WebSphereApplication Server files, and then click Next.

11. At the "To install WebSphere Application Server in this location" screen, enterthe path to where you want to install WebSphere Application Server, and clickNext.

12. At the "Create the administrative user ID and password for the WebSphereApplication Server" screen, enter the WebSphere Application Serveradministrator name and password.

The WebSphere Application Server administrator user will be created insidethe WebSphere Application Server file-based repository. The user name can bea common name, such as wasadmin.

13. At the "Create the administrative user ID and password for the Web basedadministration of the Sametime Advanced Server" screen, enter the LotusSametime Advanced Administrator user name and password.

The Lotus Sametime Advanced Administrator user will be created inside theWebSphere Application Server file-based repository. The user name can be acommon name, such as stadvadmin. This user can be switched to anLDAP-based user ID after installation is finished.




14. At the "Enter the properties for this instance of Sametime Advanced Server"screen, the Cell, Node, and Host name fields are pre-populated; makechanges as appropriate.

15. At the "To install Sametime Advanced server in this location" screen, provide alocation for the configuration and log files needed for the Lotus SametimeAdvanced server installation.

The files in this folder are related to installation and configuration, and willnot affect the functioning of the server once the installation is finished.

16. At the "DB2 properties" screen, provide the following properties for the IBMDB2 server:

Option Description

Host name Host name of the database server

Port Port on which the database server islistening; this is normally port 50000.

Database Name Name of the IBM DB2 database that youcreated for Lotus Sametime Advanced(for example, STADV )

Application user ID The DB2 Administrator user name used toconnect to the database

Application Password The password for the DB2 Administratoraccount.

17. At the "Sametime Server Properties" screen, provide the host name and theHTTP port on the Lotus Sametime Standard server, from which you candownload the files required for supporting the awareness feature (the defaultis port 80).

Note: If you leave these fields empty, your Lotus Sametime Advanceddeployment will be configured without a Lotus Sametime Standard server andwill not have access to certain features.

18. At the "SMTP Messaging Server" screen, click the checkbox if you want to usean SMTP server with Lotus Sametime Advanced (for example, for notificationsto members of a Persistent Chat Room), and then click Next.

If you do not want to configure the SMTP settings now, leave the checkboxunselected and click Next. The Lotus Sametime Advanced Server will still befunctional.

19. At the "SMTP Messaging Server Properties" screen, provide the followingSMTP server properties:

Option Description

Host name The host name of the SMTP transport server.

User name, Password The user name and password are onlyneeded if your SMTP server requires themfor authentication before sending e-mail. If necessary, you can change these values laterusing the Integrated Solutions Console.

E-mail address (Optional) Type the e-mail address to beused as the "From" address when sendingnotifications.




Option Description

Do you want to encrypt outgoing trafficusing SSL?

If your SMTP server is configured to useSSL for outgoing messages, click Yes (port465 is used by default for encrypted traffic);otherwise click No (port 25 is used bydefault for unencrypted traffic).

20. At the "IBM WebSphere Messaging Broker Properties" screen, provide the fullyqualified hostname of the WebSphere Message Broker Server, and then clickNext.

21. At the "LDAP Configuration" screen, select whether to configure LotusSametime Advanced to work with your LDAP directory now, or after theinstallation is finished, and then click Next:

v Configure LDAP Now: continue with step 21.

v Configure LDAP after the installation: skip to step 24.

22. Do one of the following:

Note: Lotus Sametime Advanced must use the same LDAP server/directory

as the Lotus Sametime Standard server.v If an LDAP directory is found, the "LDAP Server Connection" screen allows

you to either select that LDAP or specify another before clicking Next:

v If no LDAP directory was found, the "LDAP Server Connection" screeninstead allows you to provide the LDAP server Host name and Port beforeclicking Next.

23. Choose the type of binding to use with your LDAP server and, if necessary,provide credentials for authenticated binding (the Bind distinguished nameand the associated password); then click Next.

The type of binding used to connect to your LDAP server is determined bythe settings in the LDAP directory. If anonymous access is allowed, you seethe "LDAP Anonymous Bind Allowed" screen.If anonymous access is not

allowed, the "LDAP Authenticated Bind Required" screen appears.24. At the "LDAP Settings for People and Group Entries" screen, fill in

information about the LDAP fields used for authentication:

Option Description

Detected root DN If a root distinguished name is detected, itwill be displayed here and you can eitherselect it, or enter a different value in thenext field.

Base distinguished name If you selected a detected root DN, leavethis field blank; otherwise, type the name of the field used as the Base DN in your LDAP.The Base DN (base distinguished name)indicates the level at which searches begin inthe LDAP.Note: If you use IBM Lotus Domino as yourLDAP directory, you should specify a basedistinguished name now to avoid problemslater when enabling SSO and awareness.




Option Description

Log in Type the name of the field in the LDAPdirectory that will be used for authenticationwhen a user logs in. This is frequently theLDAP's mail field.Note: If your deployment's Lotus SametimeStandard server requires users to log in, this

field must match that setting (found in thestconfig.nsf database).

Display name Type the name of the field in the LDAPdirectory that will be used as the DisplayName. This is frequently the cn field.

25. At the "The IBM Lotus Sametime Advanced Server is ready to install" screen,review the settings, then click Install to start the installation.

Results

Note: If the installation was not successful, look at the two installation logs for

more information about what occurred during the installation attempt. Fix theproblem, then try installing again.

v ST_Advanced_Install_Location/logs/installlog.txt

v Temp/stadv/logs/wizard_installlog.txt

You will need to find the default Temp location for your operating system. Forexample, for Windows, it is

C:\Documents and Settings\Administrator\Local Settings\Temp

Installing Lotus Sametime Advanced from the console on any supported platform:

Use the console to install and configure IBM Lotus Sametime Advanced.

About this task

Follow these steps to install Lotus Sametime Advanced as a single-serverdeployment from the console:.









3. Navigate to the folder where you stored downloaded files for Lotus SametimeAdvanced, and start the installation program by running one of the followingcommands:


./install.sh -console

v Windows





13. At the "DB2 properties" screen, provide the following properties for the IBMDB2 server and then type "1" to proceed to the next screen:

Option Description






14. At the Specify the Sametime server hostname and port" screen, type the host

name and the HTTP port (on the Lotus Sametime Standard server) fromwhich you can download the files required for supporting the awarenessfeature (the default is port 80), and then type "1" to proceed to the next screen.


15. At the "SMTP Messaging Server" screen, type "1" if you want to use an SMTPserver with Lotus Sametime Advanced (for example, for notifications tomembers of a Persistent Chat Room); otherwise type "0" (your deploymentwill still function) to skip this step.

16. At the "SMTP Messaging Server Properties" screen, provide the followingSMTP server properties before typing "1" to proceed to the next screen:

Option Description


User ID, Password The user name and password are onlyneeded if your SMTP server requires themfor authentication before sending e-mail. If necessary, you can change these values laterusing the Integrated Solutions Console.


If your SMTP server is configured to useSSL for outgoing messages, type "2" (Yes) ;otherwise type "1" (No); the default value usNo.

Port Type the port number to use for SMTPtraffic: port 465 is used by default forencrypted traffic (if you chose to use SSL);port 25 is used by default for unencryptedtraffic.

SMTP e-mail address (Optional) Type the e-mail address to beused as the "From" address when sendingnotifications.




17. At the "IBM WebSphere Messaging Broker Properties" screen, type the fullyqualified host name of the WebSphere Message Broker Server, and then type"1" to proceed to the next screen.

18. At the "Configure LDAP Now" (LDAP configuration) screen, type "1" toconfigure Lotus Sametime Advanced to work with your LDAP directory now,or "2" to configure it after the installation is finished, and then type "1" toproceed to the next screen.

v If you chose to Configure LDAP Now: continue with step 20.

v If instead you chose to Configure LDAP after the installation: skip to step23.

19. At the "LDAP Server Connection" screen, type the host name and port for theLDAP server, and then type "1" to proceed to the next screen,

If the LDAP server was detected, the existing values are supplies for you;accept them or modify them now.

Note: Lotus Sametime Advanced must use the same LDAP server/directoryas the Lotus Sametime Standard server.

The type of binding used to connect to your LDAP server is determined by

the settings in the LDAP directory. If anonymous access is allowed, you seethe "LDAP Anonymous Bind Allowed" screen; otherwise the "LDAPAuthenticated Bind Required" screen appears.


v If the "Anonymous Access Allowed" screen appears, choose whether toaccept it by typing "1" to allow Anonymous access or "2" to requireAuthenticated access; then type "1" to proceed to the next screen.

v If the "Authenticated Access Required" screen appears, type the credentialsto be used for authenticated binding (the Bind distinguished name and theassociated password), then type "1" to proceed to the next screen.

21. At the "Choose one of the detected root distinguished names" screen, type thenumber corresponding to the correct root DN, and then type "1" to proceed to

the next screen.22. At the "Login field" screen, do the following:

a. Type the name of the field in the LDAP directory that will be used forauthentication when a user logs in.

This is frequently the LDAP's "mail" field. If your deployment's LotusSametime Standard server requires users to log in, this field must matchthat setting (found in the stconfig.nsf database).

b. Type the name of the field in the LDAP directory that will be used as theDisplay Name.

This is frequently the "cn" field.

c. Type "1" to proceed to the next screen.

23. At the summary screen, verify your settings and then type "1" to proceed withthe installation.

Results

Note: If the installation was not successful, look at the two installation logs formore information about what occurred during the installation attempt. Fix theproblem, then try installing again.








Installing Lotus Sametime Advanced silently on any supported platform:

Install and complete basic configuration for IBM Lotus Sametime Advanced

silently.

Before you begin





v IBM WebSphere MQ

v

IBM WebSphere Event Broker

About this task

Follow these steps to install Lotus Sametime Advanced silently using the responsefile to provide installation parameters:









3. Download the appropriate packages for your operating system, and extract thefiles.


In addition to the silent-install's response file STAdvanced_Install.rsp, you willneed to download packages for the following products onto this server:

v WebSphere Application Server 6.1.0.13v Lotus Sametime Advanced


5. Navigate to the dist directory below the directory where you stored thedownloaded files for Lotus Sametime Advanced and modify theSTAdvanced_Install.rsp response file as follows:

v Each parameter is preceded with a comment section that provides examplesto follow; for each parameter, edit the uncommented statement to enter yourresponse value. For example:




############################################################## Has the license been accepted## The license must be accepted before installation so this# value must be true for the install to be successful.# Example: -V licenseAccepted=true#

-V licenseAccepted=true

v Be careful with values containing special symbols such as = and @

For example, the LDAPBindDN and BaseDN. fields contain both of thesesymbols and use the format: LDAPBindDN="cn@root" and BaseDN="dc@acem,dc@com"

6. Start the silent install program by running one of the following commands,specifying the absolute path to the response file as well as the "-silent"argument:


./install.sh STAdv_download_folder/STAdvanced_Install.rsp -silent

For example:-options /opt/CD1/dist/STAdvanced_Install.rsp -silent

v Windows

install.bat -options STAdv_download_folder\STAdvanced_Install.rsp -silent

For example:

install.bat -options C:\CD1dist\STAdvanced_Install.rsp -silent

Results

Note: If the installation was not successful, look at the two installation logs formore information about what occurred during the installation attempt. Fix theproblem, then try installing again.





Verifying the Lotus Sametime Advanced installation:

Verify that your IBM Lotus Sametime Advanced application, as well as its requiredcomponents, has been successfully installed.

About this task

The procedure for verifying the installation varies depending on the operatingsystem that hosts Lotus Sametime Advanced:

Verifying the Lotus Sametime Advanced installation on AIX, Linux, Solaris:

Verify that your IBM Lotus Sametime Advanced application has been successfullyinstalled on IBM AIX, Linux, or Solaris.




About this task

Verify the installation by connecting to Lotus Sametime Advanced from a browser.

On any computer in the deployment, open a browser and verify that LotusSametime Advanced is running by logging in with a user account from the LDAPdirectory.

The Web address will resemble the one below, but the host name and port willdepend upon your own deployment:

http://hostname_or_IPaddress:9080/stadvanced

For example:

http://stadv.acme.com:9080/stadvanced

Verifying the Lotus Sametime Advanced installation on Windows:

Verify that your IBM Lotus Sametime Advanced application, as well as its requiredcomponents, has been successfully installed on Microsoft Windows.

About this task

Verify the installation by making sure that IBM WebSphere MQ, WebSphere EventBroker, IBM DB2, and Lotus Sametime Advanced are all running:

1. On the server hosting WebSphere MQ and WebSphere Event Broker, click Start→ Control Panel → Administrative Tools → Services and use the WindowsServices console to verify that the following services are running:

v IBM MQSeries®

v IBM WebSphere Message Broker component BRKR_SCCS

v IBM WebSphere Message Broker component CMGR_SCCS

You can start and stop individual services in this console by right-clicking"Started" (or "Stopped") in the "Status" column, and then selecting Start or Stop

from the menu.2. Open MQ Explorer by clicking Start → All Programs → IBM WebSphere MQ →

WebSphere MQ Explorer, and verify that the queue manager (such assccs.queue.manager) is started.

You can start and stop the queue manager in this console by right-clicking itsname, and then selecting Start or Stop from the menu.

3. On the DB2 server, click Start → Control Panel → Administrative Tools →Services and use the Windows Services console to verify that the DB2 servicesare running.

Note: Remember that the DB2 Net Search Extender (DB2EXT) must also berunning.

4. Still on the DB2 server, click Start → All Programs → IBM DB2 → DB2COPY1(default) → General Administration Tools → Control Center to open the DB2Control Center so you can check (and manage) the DB2 database, and workwith its tables and schemas.

5. On any computer in the deployment, open a browser and verify that LotusSametime Advanced is running by logging in with a user account from theLDAP directory.

The Web address will resemble the one below, but the host name and port willdepend upon your own deployment:





For example:


Installing Lotus Sametime Advanced in a clusterInstalling IBM Lotus Sametime Advanced as a clustered deployment involvessetting up an IBM WebSphere Application Server network deployment to distributethe workload and a WebSphere MQ cluster to support the additional messaging

involved.

Complete the tasks below to create the WebSphere Application Server networkdeployment, and then create the WebSphere MQ cluster:

Installing the DB2 database management system:

IBM DB2 is a database management system that stores information used by IBMLotus Sametime Advanced.

About this task

Installing DB2 involves the following tasks:

Installing DB2 Enterprise Server Edition:

Install the IBM DB2 server software.

Before you begin

For IBM Lotus Sametime Advanced, you need to install IBM DB2 Enterprise ServerEdition.

About this task

1. Log in to your computer as the system administrator (Microsoft Windows) or

as root (IBM AIX, Linux, Solaris).2. Download the appropriate DB2 package for your operating system, and extract

the files.

Note: You must also download the DB2 license file db2ese_o.lic, which youactivate after installing the DB2 server; this file is stored with the DB2 package.


3. Install the DB2 server as explained in the DB2 information center at thefollowing Web address:


In the information center, search for the following text to locate installationinstructions: "Installing DB2 Servers".

4. Accept the default values and settings during DB2 installation.

Note: When you create the DB2 administrative user account, the password thatyou assign to the account must satisfy your server operating system'srequirements as well as any additional requirements imposed by yourcompany. For information, see the Password Rules topic in the DB2 informationcenter.









DB2CMD

c. In the DB2 Command window, navigate to the folder where youdownloaded the DB2 license file.


db2licm -a db2ese_o.licSample output for Windows

LIC1402I License added successfully.

LIC1426I This product is now licensed for use as specified in the LicenseAgreement and License Information documents pertaining to the licensed copyof this product. USE OF THE PRODUCT CONSTITUTES ACCEPTANCE OF THE TERMS OFTHE IBM LICENSE AGREEMENT AND LICENSE INFORMATION DOCUMENTS, LOCATED IN THEFOLLOWING DIRECTORY: "C:\PROGRA~1\IBM\SQLLIB\license\en"


EXIT

Installing DB2 Net Search Extender:

Install IBM DB2 Net Search Extender to support text retrieval by concurrent IBMLotus Sametime Advanced users.

Before you begin

Make sure you have a DB2 server installed before you begin.

About this task

Install DB2 Net Search Extended on the DB2 server by following these steps:

1. Log in to your computer as the system administrator (Microsoft Windows) or

as root (IBM AIX, Linux, Solaris).2. Download the appropriate DB2 Net Search Extender package for your

operating system, and extract the files.


3. Install DB2 Net Search Extender as explained in the DB2 information center at

publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp

In the information center, search for the following text to locate installationinstructions: "Installing Net Search Extender".

4. Accept the default values and settings while installing Net Search Extender.

5.When installation is finished, start Net Search Extender by running thefollowing command in the DB2 environment:

db2text start











What to do next

Attention: DB2 Net Search Extender must be running to support Lotus SametimeAdvanced operations. If you stop this service for any reason, be sure to restart it.To remove the need for manual restarts, you may want to set this service to startautomatically:

v AIX, Linux, Solaris: Add the text indexing service startup to the databasestartup script.

v Windows: Set the "DB2EXT" service to "Automatic" in the Windows Servicescontrol panel.

Creating the WebSphere Event Broker database:

Use IBM DB2 to create a database for storing IBM WebSphere Event Broker data.

Before you begin

The WebSphere Event Broker database contains Broker-specific systemconfiguration information that is added or modified whenever a broker is created

or configured.

You can define your own names for this database using 8 characters or less; in theexamples presented in this documentation, the Event Broker database is named"BRKRDB".

1. Log in to the DB2 server as the DB2 Administrator (or as a user in theDB2ADMNS group).

2. Open a DB2 command window. For example, in Windows, click Start →Programs → IBM DB2 → DB2COPY1 (default) → Command Line Tools →Command Window .

3. Run the following command to create the WebSphere Event Broker database(called "BRKRDB" in this documentation):

DB2 CREATE DATABASE database_name USING CODESET UTF-8 TERRITORY USFor example:

DB2 CREATE DATABASE BRKRDB USING CODESET UTF-8 TERRITORY US

Sample Output:

DB20000I The CREATE DATABASE command completed successfully.

Creating the Lotus Sametime Advanced database:

Use IBM DB2 to create a database for storing IBM Lotus Sametime Advanced data.

Before you begin

The Lotus Sametime Advanced database requires a DB2 database to storeinformation. In the examples presented in this documentation, the Lotus SametimeAdvanced database is named STADV.

About this task

Create the database directly on the DB2 server using the provided script.

1. Download the appropriate versions of the scripts for your operating system tothe DB2 server.




The scripts are stored in the \SupportingFile\DB2-image\db2-scripts directorywithin the Lotus Sametime Advanced software download; be sure to take all of the files for your operating system.


2. Verify that you are working in DB2 as the DB2 Administrator (or as a user inthe DB2ADMNS group).

3. (AIX, Linux, Solaris) Assign execute privileges to the createDb.sh file byrunning the following command:

chmod +x createDb.sh

4. In the DB2 environment, create the database by running the script as follows:

AIX, Linux, Solaris

./createDb.sh database_name

Windows

createDb.bat database_name

where database_name is the name of the Lotus Sametime Advanced database (in

this documentation, examples will use "STADV" as that database's name).For example:

./createDb.sh STADV

Attention: Do not use the same name as the host name for this computer, asthat would create conflicts.This script creates the new database and sets up the schema and tables neededfor Lotus Sametime Advanced.

Creating text indexes for searching the Lotus Sametime Advanced database:

Create indexes in an IBM DB2 database hosted on either Microsoft Windows orLinux.

Before you begin

You must have installed the IBM DB2 server software and DB2 Net SearchExtender, then started those applications, created a database, and set up thedatabase schema. The DB2 command window should still be open from theprevious task (open it if necessary).

About this task

Note: If the indexes should become corrupted, you can safely rerun the dbtextscript at any time without losing any existing data.

1. Download the appropriate version of the dbtext script for your operatingsystem to the DB2 server.



2. In the DB2 Command Window, run the following command to create the textindexes:

AIX, Linux, Solaris














./dbtext.sh database_name

Windows

dbtext.bat database_name

where database_name is the name of the Lotus Sametime Advanced database("STADV" in this documentation). If you see an error stating that "DB2TEXT" isnot a recognized command, make sure that DB2 Net Search Extender has been

installed and is running.3. Once the script successfully completes, you can disconnect from the database

with the following command:

DB2 DISCONNECT STADV

Sample output

DB20000I The SQL DISCONNECT command completed successfully.

4. Now type the following command in the DB2 Command Window:

EXIT

5. Close the DB2 Command Window.



Before you begin


The Lotus Sametime Advanced server does not require the DB2 client, even when

DB2 is hosted on a separate computer (because the use of JDBC type 4 driversremoves the need for a DB2 client to access the remote DB2 server).









db2 catalog tcpip node node_name remote server_dns_name server server_portdb2 catalog database database_name at node node_name

where:








Example:db2 catalog tcpip node DBSRV remote sales.acme.com server 50000db2 catalog db BRKRDB at node DBSRV


Clustering WebSphere MQ and WebSphere Event Broker:

Set up a clustered deployment of IBM WebSphere MQ and WebSphere EventBroker servers to improve the performance and security of messaging within an

IBM Lotus Sametime Advanced clustered deployment.

Before you begin

A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker,which is why they must be installed on the same server. Each of these servers cansupport only one broker for Lotus Sametime Advanced, which looks for the brokeron a particular port (1506). A broker can support messaging for roughly 10-15thousand users; if you foresee a larger number of users, you will probably want todeploy multiple WebSphere MQ/WebSphere Event Broker servers and then clusterthem for efficiency.

A traditional WebSphere MQ network uses distributed queues, where every queuemanager is independent and queues are not shared. One queue manager can onlysend a message to another if a specific channel has been created between them. AWebSphere MQ cluster enables the queue managers to share queues andcommunicate directly, without the need for specific channel definitions betweeneach pair of queue managers.

In addition to clustering the queue managers (provided by WebSphere MQ), youcan gather the brokers (provided by WebSphere Event Broker) into a different typeof cluster, called a collective. The brokers within a collective are interconnected,share a single DB2 database (called "BRKRDB in this documentation), and arecontrolled by a single configuration manager.

Using a collective improves messaging performance in several ways:

v A message from a particular client is routed directly to the target broker, takingthe shortest path and bypassing intermediate brokers.

v A client can connect to the nearest broker within the collective instead of beingassigned to a broker that may actually be located farther away.

v The connections between the brokers in a collective are automatically tested forvalidity when the collective is created, which ensures that messages are alwaystransported to their destinations and do not circle endlessly.




About this task

Clustering WebSphere MQ and WebSphere Event Broker involves the followingtasks:

Installing component applications:

The first task in clustering IBM WebSphere MQ servers and creating a brokercollective is to install the component applications on every server in the cluster.

Before you begin

Install the following component applications on every server that will be a part of the WebSphere MQ cluster:

v IBM DB2 client

v WebSphere MQ

v WebSphere Event Broker

Note: Each server within the cluster requires a copy of the DB2 client application

so that the broker services can access data stored in the database you createdearlier.

About this task

To ensure that each server has all the necessary components set up before youconfigure the servers as a cluster, complete the following installation tasks (in thesequence shown) on every server in the WebSphere MQ cluster:



Before you begin


The Lotus Sametime Advanced server does not require the DB2 client, even whenDB2 is hosted on a separate computer (because the use of JDBC type 4 driversremoves the need for a DB2 client to access the remote DB2 server).












db2 catalog tcpip node node_name remote server_dns_name server server_port

db2 catalog database database_name at node node_namewhere:





Example:

db2 catalog tcpip node DBSRV remote sales.acme.com server 50000db2 catalog db BRKRDB at node DBSRV


Installing WebSphere MQ:

IBM WebSphere MQ provides messaging across multiple platforms, allowingindependent applications on a distributed system to communicate with each other.

Before you begin

WebSphere MQ enables information packaged as messages to flow betweendifferent business applications. There are two ways in which WebSphere MQ canact on messages:

v Message routing performs a defined set of operations on a message, applyingthem in a prescribed sequence, to route them from sender to recipient.

v Message transformation modifies messages by changing, combining, adding, orremoving data; for example to change the format to accommodate the recipient'srequirements.

About this task

If you already installed WebSphere MQ, you do not have to install it again for anew Lotus Sametime Advanced deployment. If you uninstalled Lotus SametimeAdvanced and are installing a newer version, you should have removed the brokerservices already and can simply configure them anew. Installing WebSphere MQinvolves the following tasks:

Installing the WebSphere MQ application:

Install the IBM WebSphere MQ application to support messaging in yourdeployment.




About this task

The procedure for installing the WebSphere MQ application varies with theoperating system:

Installing the WebSphere MQ application on Linux and Solaris:

Install the IBM WebSphere MQ application on Linux or Solaris.

Before you begin




Search for the following text: "Installing a WebSphere MQ server".

About this task

You can install WebSphere MQ on the same computer as IBM Lotus SametimeAdvanced, or on a different machine.


Tip: For additional information on preparing the server and installing WebSphere

MQ, review the "Quick Beginnings for operating_system > Server > Preparing toinstall" topic in the WebSphere MQ information center.






a. Create the mqsi user.b. Create the mqbrkrs group.

c. Create the mqm group.

d. Add the mqsi and root users to the mqbrkrs and mqm groups.

e. Add the local DB2 user account to the mqm and mqbrkrs groups.

4. Navigate to the directory where you stored the installation files.

5. Begin the installation by running the following command: ./mqlicense.sh .

6. At the "Software License Agreement" screen, read the license agreement andclick Accept.






7. Install WebSphere MQ:

AIX, Linux

a. Run the following command to install the MQSeries Runtime application:

rpm -ivh MQSeriesRuntime-6.0.0-0.i386.rpm

b. Run the following command to install the MQSeries Java application:

rpm -ivh MQSeriesJava-6.0.0-0.i386.rpm

c. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setupthe Default Configuration, click Next to skip that task and finish theinstallation without setting up the default configuration.

Solaris

a. Run the following command to install the MQ application:

pkgadd -d.

b. When presented with a list of available packages, type the numberrepresenting "mqm" package.

c. When presented with the list of components, type the number representingMQ Series application, then type a comma as a separator before typing thenumber of the MQ Java application.

d. Type "y" if you are prompted with any questions.e. When you see the message indicating that installation is complete, type "q"

to exit the installation program.

Installing the WebSphere MQ application on Windows:

Install the IBM WebSphere MQ application on Microsoft Windows.

Before you begin




About this task

You can install WebSphere MQ on the same computer as IBM Lotus SametimeAdvanced, or on a different machine. If you take the defaults then typically, MQinstalls to a path like this:



Tip: For additional information on preparing the server and installing WebSphereMQ, review the "Windows Quick Beginnings > Installing the WebSphere MQServer > Preparing for server installation" topic in the WebSphere MQ informationcenter.

1. Log in to your computer as the Microsoft Windows administrator.








Attention: Logging in with an account other than the Administrator willprevent the mqsi user from being added to the Administrators groups, whichwill cause the configureEB script to fail in a later step.


a. Create the mqsi user.

b. Add the mqsi user to the Windows "Administrators" group .

c. Create the mqbrkrs group.d. Create the mqm group.

e. Add the mqsi and Windows Administrator users to the mqbrkrs and mqmgroups.

f. Add the local DB2 user account to the mqm and mqbrkrs groups.

3. Download the appropriate installation package for your operating system, andextract the files.



4. Navigate to the directory where you extracted the file and begin theinstallation by running the following command:

Setup.exe

5. At the "Welcome to the WebSphere MQ Launchpad" screen, click the SoftwareRequirements button on the left.

This initiates a check for any applications that must be in place before you caninstall WebSphere MQ. In particular, this will check for the existence of WebSphere Eclipse Platform and, if that application is not already installed,will give you a chance to install it now.

6. At the "Software Requirements for WebSphere MQ on Windows" screen, check

the status of WebSphere Eclipse Platform.7. Do one of the following:

v If the requirements have all been satisfied, skip to Step 9.

v Otherwise, continue to Step 8 and proceed from there.

8. If WebSphere Eclipse Platform is not already available on this computer,install it now as follows:

a. Click the + next to "WebSphere Eclipse Platform Version 3.0.1" to displayinstallation information.

b. Click the Network button, then click Open and select setup.exe to begininstalling WebSphere Eclipse Platform.

c. At the "Select Setup Language" screen, select a language and click OK. The

"WebSphere Eclipse Platform" splash screen displays as the installationprocess begins.

d. At the "Welcome to the Installation Wizard for WebSphere EclipsePlatform" screen, click Next.

e. At the "License Agreement" screen, click the option to accept theagreement, and then click Next.

f. At the "Destination Folder" screen, accept the default destination forWebSphere Eclipse Platform files, and click Next.

To select a different destination, click the Change button; when yourdestination is correctly specified, click Next.




g. At the "Ready to Install WebSphere Eclipse Platform" screen, click Install.

h. At the "Installing WebSphere Eclipse Platform" screen, wait for theinstallation process to complete.

i. At the "Installation Wizard Completed Successfully" screen, click Finish.WebSphere Eclipse Platform is now installed on the server, and you areready to install WebSphere MQ.

j. Click the Refresh button to repeat the requirements check for WebSphereMQ.

9. When the "Software Requirements for WebSphere MQ on Windows" screenshows that all requirements have been satisfied, click the WebSphere MQInstallation button and install WebSphere MQ as follows:

a. At the "WebSphere MQ Installation" screen, select a language, and thenclick 'Launch IBM WebSphere Installer.

b. At the "License Agreement" screen, click the option to accept theagreement, and then click Next.

c. At the "Setup Type" screen, click Typical to select a typical installation, andthen click Next.

d. At the "Ready to Install WebSphere MQ" screen, review your settings;when you are ready to proceed, click Install.

e. At the "Installing WebSphere MQ" screen, wait while the installer copiesfiles and installs WebSphere MQ.

f. At the "Installation Wizard Completed Successfully" screen, click Finish toexit the installation wizard. Once the basic WebSphere MQ installation isfinished, the Prepare WebSphere MQ Wizard launches automatically.

10. Run the Prepare WebSphere MQ Wizard as follows:

a. At the "Welcome to the Prepare WebSphere MQ Wizard" screen, click Next.

b. At the "WebSphere MQ Network Configuration" screen, wait forconfiguration to complete, and then click Next.

c. You will asked whether there is a Windows domain controller in the

network.v If there is not, click No and skip to step 10e.

v If there is a domain controller, click Yes and proceed to step 10d foranother step.

d. If the Windows administrator account that you logged in with belongs to adomain (DOMAIN/USER), then you may see a screen like this, promptingfor additional information about the domain account. Unless the domainhas imposed restrictions on local user accounts, you can simply clickCancel at this point, and consider your WebSphere MQ installationcomplete.

Clicking the More Information button provides the following details tohelp you determine how to respond and complete this screen.

When WebSphere MQ is running, it must check that only authorized userscan access queue managers or queues. Whenever any user attempts suchaccess, WebSphere MQ uses its own local account to query informationabout the user. Domain controllers that are running Windows 2000 Server,Windows 2003 Server, or later, can be set up in such a way that WebSphereMQ cannot use local accounts to check that users defined on thosedomains are authorized to access queue managers or queues. In this case,you must provide WebSphere MQ with a special domain user account touse. If you are unsure whether this case applies to you, you should consultyour domain administrator.




If a special domain user account is required, send the "ConfiguringWindows Accounts" page to your domain administrator, and ask for one of the special accounts it describes. Enter the account details into the PrepareWebSphere MQ Wizard. This wizard runs automatically at the end of installation; the wizard can also be run at any time from the Start menu.

Restriction: If the special domain user account is required but you carry

on anyway and configure WebSphere MQ without it, many or all parts of WebSphere MQ will not work, depending upon the particular useraccounts involved. In particular, if you are currently logged on with adomain user account, you might not be able to complete the DefaultConfiguration, and the Postcard and API Exerciser might not work.

e. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setupthe Default Configuration, click Next to skip that task and finish theinstallation without setting up the default configuration.

At this point, the WebSphere MQ application is installed, and you are ready toinstall the accompanying fix pack in the next task.

Installing the WebSphere MQ fix pack:

After installing the IBM WebSphere MQ application, install the fix pack to ensurethe product is up-to-date.

Before you begin

After installing IBM WebSphere MQ, check the Lotus Sametime systemrequirements at the following Web address, and determine whether you need toinstall a fix pack:

www.ibm.com/support/docview.wss?&uid=swg27010738

Note: You must install the base application before you can update it with a fixpack.

About this task

The procedure for installing the WebSphere MQ fix pack varies with the operatingsystem:

Installing the WebSphere MQ fix pack on Linux and Solaris:


Before you begin

Make sure that the WebSphere MQ application has already been installed on theserver. You do not have to configure WebSphere MQ before installing the fix pack.

About this task









www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980




d. Sign in as prompted to access the download site.e. Review the Business Control, Privacy, and License; then click the I agree

box.




a. Navigate to the directory where you stored the fix pack.

b. Perform the product update by running the following command:

AIX, Linux

rpm -ivh MQSeriesRuntime-6.0.2-3.i386.rpm MQSeriesServer- fixpack_version.i386.rpm

Solaris

pkgadd -d fixpack_file_name.img

What to do next


Installing the WebSphere MQ fix pack on Windows:


About this task













a. Navigate to the folder where you stored the fix pack.






b. Start the fix pack installation by running the following file:WebSphereMQMDV _FPversion_EnUs.exe.

c. At the "Welcome to the InstallShield Wizard for WebSphere MQ" screen,click Next.

d. At the "Remove Installation Files" screen, click the first option (upack thefiles to a temporary location and then remove them after installation is

complete), and then click Next.e. At the "Extracting Files" screen, wait. Wait some more. When the Next

button is enabled, click it.

f. Wait some more while the installer progresses through a series of screenssuch as the "Checking files" screen.

g. At the "Click Install to begin installation" screen, you can accept the defaultinstallation location, or optionally select a new location. Then click Install.

h. Next, a series of screens appears while the fix pack installation process runs.Wait some more; do not click anything on these screens.

i. At the "Fix Pack installation is complete" screen, click Finish.

What to do next


Installing the WebSphere Event Broker application:



About this task

A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker,and the two applications must be installed on the same computer. This deploymentcan support only one broker for Lotus Sametime Advanced, which specificallylooks for the broker on port 1506.

In addition, these components require access to the DB2 database; if the database ishosted on a different computer, you must install the DB2 client application on thesame computer as WebSphere MQ and WebSphere Event Broker.

If you already installed WebSphere Event Broker, you do not have to install itagain for a new Lotus Sametime Advanced deployment. If you uninstalled LotusSametime Advanced and are installing a newer version, you should have removedthe broker services already and can simply configure them anew.

The procedure for installing WebSphere Event Broker varies with the operatingsystem on which it will be hosted:

Installing WebSphere Event Broker on AIX, Linux, Solaris:





About this task

The procedure for installing WebSphere Event Broker for use on a clustered serverincludes two tasks, which you perform in the sequence shown:

Installing the WebSphere Event Broker application on AIX, Linux, Solaris:


Before you begin




About this task




1. Download and extract the WebSphere Event Broker installation program asfollows:

a. Log in to the server as root..

b. Download the appropriate package for your operating system, and extract

the files.Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.


a. Start the WebSphere Event Broker installer by navigating to the directorywhere you extracted the file and running the appropriate setup command:

v AIX: ./setupaix

v Linux: ./setuplinuxia32

v Solaris: ./setupsolaris

The installation program begins by displaying the WebSphere Event Broker

splash screen.b. At the "Welcome to the InstallShield Wizard for IBM WebSphere Event

Broker" screen, click Next.










3. Now verify that you have the right fix-pack level of WebSphere Event Broker:a. Open the Message Broker Command Console

b. (Solaris only) Run the following set up command:

AIX and Linux users should skip this step.

. /opt/IBM/mqsi/6.0/bin/mqsiprofile

c. Run the following command to display the MQ version:

mqsiservice - v



d. If you do not have the correct fix pack installed, you can download it fromthe IBM Web Site using the same method as you did for WebSphere MQearlier.

Download the Fix Pack (6.0.0.3) from the following Web address:


e. Now install the fix pack as explained in the Release Notes document postedon the same page.

Adding jar files to the classpath on AIX, Linux, Solaris:

Copy required jar files to the classpath so they can be referenced duringconfiguration of IBM WebSphere Event Broker on AIX, Linux, or Solaris.

About this task


Add the following statements to the .profile of the user account that will startand stop the broker services (this adds jars to the classpath and enables that userto properly start the message flow and access the broker database):AIX, Linux

Note: The CLASSPATH statement was formatted for readability here, but youmust type it as a single line.

export CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/AddBroker.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-codec-1.3.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-3.1.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar




;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-logging-1.1.jarif [ -f /home/db2inst1/sqllib/db2profile ]; then


where mqsi_install_path is the absolute path to your WebSphere Event Broker installlocation; for example:Solaris

CLASSPATH= mqsi_install_path/classes/SametimePlusExits.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/AddBroker.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-codec-1.3.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-3.1.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-contrib-3.1.jarCLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-logging-1.1.jar

export CLASSPATHif [ -f /home/db2inst1/sqllib/db2profile ]; then


where mqsi_install_path is the absolute path to your WebSphere Event Broker installlocation; for example:

/opt/ibm/mqsi/6.0

Installing WebSphere Event Broker on Windows:


About this task

The procedure for installing WebSphere Event Broker for use on a clustered serverincludes two tasks, which you perform in the sequence shown:

Installing the WebSphere Event Broker application on Windows:


Before you begin




About this task




1. Download and extract and the WebSphere Event Broker installation program asfollows:





Attention: Logging in with an account other than the Administrator willprevent the mqsi user from being added to the Administrators groups,which will cause the configureEB script to fail in a later step.




a. Start the WebSphere Event Broker installer by navigating to the directorywhere you extracted the file and running the following command:

Setup.exe








h. At the "InstallShield Wizard has successfully installed WebSphere Event

Broker" screen, click Finish.3. Now verify that you have the right fix-pack level of WebSphere Event Broker:

a. Open the Message Broker Command Console.


mqsiservice - v




http://www-1.ibm.com/support/docview.wss?uid=swg24013951d. Now install the fix pack as explained in the Release Notes document posted

on the same page.

Adding jar files to the classpath on Windows:

Copy required jar files to the classpath so they can be referenced duringconfiguration of IBM WebSphere Event Broker on Microsoft Windows.




About this task


1. Log on to the server as the Windows system administrator.

2. Add the following files to the CLASSPATH, keeping the statement on one line:

List of files:

v SametimePlusExits.jar

v AddBroker.jar

v commons-codec-1.3.jar

v commons-httpclient-3.1.jar

v commons-httpclient-contrib-3.1.jar

v commons-logging-1.1.jar

How they look on the CLASSPATH (this was formatted for readability, your

CLASSPATH statement must be formatted as one line):existing_classpath_values

;%MQSIINSTALLPATH%\classes\AddBroker.jar;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar



Note: These jar files do not exist in the classes directory yet, when you run the

configureEB.bat script in the next task; the files will be copied to your serverfor use during configuration.

3. Restart the server so these changes take effect before you configure WebSphereEvent Broker.

Creating a data source for the broker:

If you are using Microsoft Windows 2003, then configuring IBM WebSphere EventBroker for use in a cluster involves defining a data source for the broker.

About this task

Follow these steps to create a data source.

Note: This task is needed only on Windows 2003 server. If you are using adifferent operating system, skip this task.

1. Open the ODBC Tool by clicking Start → Programs → Administrative Tools →DataSources (ODBC).

2. Click the System DSN - System Data Sources tab.

3. Click Add.

4. In the "Create New Data Source" dialog box, select IBM DB2 ODBC Driver-DB2COPY1 and then click Finish.




5. In the CLI/ODBC Settings dialog box, fill in values for the new data source,and then click OK:

Option Description

Data Source Name BRKRDB

Description MQSIBKDB DB2 ODBC Database

Databases STADVUser ID and Password User name and password for the database,

such as db2admin and passw0rd.

6. Still in the CLI/ODBC Settings dialog box, click Connect to test the connection.

7. When you have finished, close all of the ODBC dialog boxes.

Setting up a MQ cluster and Event Broker collective:

After installing IBM WebSphere MQ and WebSphere Event Broker on two or moreservers, configure them as a WebSphere MQ cluster and then create a brokercollective to improve messaging efficiency.

A WebSphere MQ cluster consists of two or more servers, each hosting an instanceof WebSphere MQ and an instance of WebSphere Event Broker. To avoid confusionwith topics discussing WebSphere Application Server network deployment clusters,the topics on configuring a WebSphere MQ cluster use these terms to describe theservers that you will cluster:

v Initial server: This is the server that will host the broker collective's configurationmanager; you will create the WebSphere MQ cluster on this server and then addservers to the cluster.

v Additional server: This represents any servers added to the cluster, regardless of how many there are. The tasks that apply to "Additional server" must becompleted on every additional server, in the same sequence shown in thedocumentation.

There can be only one Initial server, but there may be as many Additional serversas required; each Additional server must be installed on a separate computer

because the broker uses port 1506.

Important: Decide in advance how many servers will comprise the WebSphereMQ cluster, because you must complete certain tasks on each Additional server

before proceeding to the next task on the Initial server. In addition, you cannot addservers to the cluster after you have created the broker collective in Step 6 below.

General setup:

Before configuring the MQ Cluster and Event Broker collective, you must complete

some prerequisite database and server setup tasks.1. Create the broker database.

See “Creating the WebSphere Event Broker database” on page 20 for moredetailed information.

On the remote DB2 server, create the broker database:

a. Open a DB2 command window.

b. Create the broker database by entering the following line, replacing<BROKER_DATABASE_NAME> with a database name, such as BRKRDB:

DB2 CREATE DATABASE <BROKER_DATABASE_NAME> USING CODESET UTF-8 TERRITORY US




Note: If a previous broker database exists, you can remove it by enteringDB2 DROP DATABASE <BROKER_DATABASE_NAME>.

2. On each server (initial and additional), install the following:

v The DB2 client (for more information, see “Installing the DB2 client” on page22. After you install the DB2 client, remember to catalog the Brokerdatabase.).

v

WebSphere MQ and any relevant fixpacks (as for a single node Event Brokerinstall)

v Event Broker (as for a single node Event Broker install)

3. On each server (initial and additional), perform the following configurationsteps:

v Configure the ODBC data source (Windows).

a. Run the following command to enable the ODBC settings to take effect:

db2set db2comm=TCPIP

b. In the Windows Start menu, select Start > Run...

c. In the Run dialog, type odbcad32.exe.

d. In the ODBC Data Source Administrator dialog, select the System DSN

tab, then click Add.e. In the Create New Data Source dialog, select the IBM DB2 ODBC

DRIVER - DB2COPY1 driver. Note the "DB2COPY1" part of the drivername may be different depending on how your installation wasperformed.

f. In the ODBC IBM DB2 Driver - Add dialog, enter the followinginformation:

– Data source name - The name which you cataloged the remote Brokerdatabase in the local DB2 client. Most likely, it is BRKRDB.

– Database alias - Leave this as is.

– Description - Free description text. You can enter, for example, ST AdvEvent Broker Database.

g. Click OK.

h. In the ODBC Data Source Administrator dialog, you should see thenewly created data source listed as a system DSN. Select it and clickConfigure...

i. In the CLI/ODBC Settings dialog, enter the following information:

– User ID - The name of a user with access to the broker database (forexample, db2admin).

– Password - The password of the user with access to the brokerdatabase (for example, db2password).

– Save password - Select this checkbox.

j. Click Connect. A confirmation message displays.

k. Click OK, and then OK again in the ODBC Data Source Administratordialog

v Configure the ODBC data source (Linux, Unix).

a. Create a backup copy of /var/mqsi/odbc/.odbc.ini by copying it to.odbc.ini.orig.

b. Edit .odbi.ini to contain:

[ODBC Data Sources]BRKPERF=IBM DB2 ODBC DRIVER

[BRKPERF]




Driver=/opt/ibm/db2/V9.1/lib32/libdb2.soDescription=Event Broker DB2 ODBC DatabaseDatabase=BRKPERF

[ODBC]Trace=0Tracefile=/tmp/advanced/odbctrace.outTraceDll=/opt/ibm/mqsi/6.0/merant/lib/odbctrac.so

InstallDir=/opt/ibm/mqsi/6.0/merantUseCursorLib=0IANAAppCodePage=4UNICODE=UTF-8

c. Change BRKPERF to reflect your database name.

d. Change the Driver to be correct for your platform:

– AIX: <DBINSTALLPATH>/lib32/libdb2.a

– Solaris, Linux: <DBINSTALLPATH>/lib32/libdb2.so

e. Check to see that the other path references are correct for yourdeployment.

v Copy the required JAR files on the server and set the class path.

a. Locate the \SupportingFiles\EB-V60-image\st-adv-jars-EB directory

within the Lotus Sametime Advanced software download.b. Copy the following JAR files from this location to the \6.0\classes

directory underneath the WebSphere Event Broker installation directory.

– commons-codec-1.3.jar

– commons-httpclient-3.1.jar

– commons-httpclient-contrib-3.1.jar

– commons-logging-1.1.jar

c. Download Hotfix # OBEN-7RJSFH and copy the following files from it(these replace any copies of the same files located in the\SupportingFiles\EB-V60-image\st-adv-jars-EB folder used in theprevious step) and copy them to the same location (\6.0\classes):

– AddBroker.jar– SametimePlusExits.jar

– exitSetting.ini

d. On the Windows platform only, add the JAR files to the system classpath. For information, refer to “Adding jar files to the classpath onWindows” on page 38.

v Copy the exitSetting.ini file.

a. Locate the \SupportingFiles\EB-V60-image\st-adv-jars-EB directorywithin the Lotus Sametime Advanced software download.

b. Copy the exitSetting.ini files from this location to the \6.0\bindirectory underneath the WebSphere Event Broker installation directory.

c. Open the file in its new location using a text editor and change thefollowing entries:

– servletURL - Change the host and port for this entry to the host andport where the Sametime Advanced server will be accessible.

– jsecurityURL - Change the host and port for this entry to the host andport where the Sametime Advanced server will be accessible.

d. Save the changes to the file and close it.

v Copy the BAR file on the server.




a. Locate the \SupportingFiles\EB-V60-image\st-adv-jars-EB directorywithin the Lotus Sametime Advanced software download.

b. Copy the realtime1506.bar files from this location to the \6.0 directoryunderneath the WebSphere Event Broker installation directory.

MQ Cluster and Event Broker Collective setup:

Configure an IBM WebSphere MQ cluster and a WebSphere Event Brokercollective.

Before you begin

The following instructions distinguish two types of servers:

v The initial server hosting the configuration manager and the initial broker

v The additional server(s) hosting additional brokers

There can be only one initial server, but there may be as many additional serversas required.

The instructions assume that each broker run on a different machine. It is notpossible to run two brokers (for Lotus Sametime Advanced) on the same machine,as the 1506 port number is hard coded in the BAR file.

As there are a number of instances (one per server) of certain items (such as brokers), the following conventions are used:

Table 1. Broker naming conventions used in this topic

Name Description Example

HOSTNAMEn The host name or IP addressof server #n.

broker2.mydomain.com

BRKR_SCCSn The name of the broker on

server #n.

BRKR_SCCS1

INTER_BROKER_PORTn The inter brokercommunication port for broker #n.

Typical value is 1507

SCCS.QUEUEn.MANAGER The name of the queuemanager on server #n.

SCCS.QUEUE2.MANAGER

The initial server is assumed to be server #1.

The following commands must be typed into an Event (Message) BrokerCommand Console. It is recommended you disable firewalls on all servers runningEvent Broker while you are doing the setup. Once the setup is complete, you can

enable them again.

Important: The following instructions contain a number of steps. Each stepinvolves running a number of commands on the different servers making up the

broker collective. It is important to run the requested commands on all requestedservers before moving on to the next step (rather than running all the steps onserver 1, then running all the steps on server 2, and so on). Failure to completeeach set of commands on the requested server as instructed will result in thecollective not working properly.

1. Create the queue manager and listener.




On each server, run the following commands:

crtmqm -q SCCS.QUEUEn.MANAGERstrmqm SCCS.QUEUEn.MANAGERrunmqscDEFINE LISTENER('LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)START LISTENER('LISTENER.TCP')DEFINE CHANNEL (SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)END

For example, on server #2 (similarly on the other server), you will run:

crtmqm -q SCCS.QUEUE2.MANAGERstrmqm SCCS.QUEUE2.MANAGERrunmqscDEFINE LISTENER('LISTENER.TCP') TRPTYPE(TCP) PORT(1414) CONTROL(QMGR)START LISTENER('LISTENER.TCP')DEFINE CHANNEL (SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN)END

2. Configure the queue manager on the initial server for clustering.

On the initial server only, run the following command:

runmqscALTER QMGR REPOS(STAMQCLUSTER)END

3. Create the cluster receiver channel.

On each server, run the following commands (enter the DEFINE command ona single line, even if it displays here on two lines):

runmqscDEFINE CHANNEL(SCCS.QUEUEn.MANAGER) CHLTYPE(CLUSRCVR) TRPTYPE(TCP) CONNAME('HOST_NAME

CLUSTER(STAMQCLUSTER) DESCR('CLUSRCV')END

Example

For example, if you have three servers, you will run the following on server#1...

runmqscDEFINE CHANNEL(SCCS.QUEUE1.MANAGER) CHLTYPE(CLUSRCVR) TRPTYPE(TCP) CONNAME('broker1.m


...on server #2:



...and on server #3:



4. Create the cluster sender channels.

Note: The sender and receiver channels at both end of a connection (betweenthe initial and an additional server) must have the same name.

a. On the initial server, run the following commands once for everyadditional server:

Note: Enter the DEFINE command on a single line, even if it displays hereon two lines.




runmqscDEFINE CHANNEL( ADDITIONAL_QMn) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME(' ADDITIONAL_QM

CLUSTER(STAMQCLUSTER) DESCR('CLUSSDR')END

where:


ADDITIONAL_QMn The name of the QueueManager on the additionalserver #n

SCCS.QUEUE3.MANAGER

ADDITIONAL_QM_HOSTNAMEn The host name of theadditional server #n


b. On each additional server, run the following command:

Note: Enter the DEFINE command on a single line, even if it displays hereon two lines.

runmqscDEFINE CHANNEL(INITIAL_QM ) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME('INITIAL_QM_HOSTNA

CLUSTER(STAMQCLUSTER) DESCR('CLUSSDR')

ENDwhere:


INITIAL_QM The name of the QueueManager on the initial server

SCCS.QUEUE1.MANAGER

INITIAL_QM_HOSTNAME The host name of the initialserver


For example, if you have 3 servers called broker1, broker2, and broker3, where broker1 is the initial server and broker2 and broker3 are additional servers,you will run the following commands:

On server broker1 (the initial server):runmqscDEFINE CHANNEL(SCCS.QUEUE2.MANAGER) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME('broker2.mydo


runmqscDEFINE CHANNEL(SCCS.QUEUE3.MANAGER) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME('broker3.mydo


On server broker2 (the first additional server):


CLUSTER(STAMQCLUSTER) DESCR('CLUSSDR')

ENDOn server broker3 (the second additional server):



5. Create a configuration manager.

On the initial server only, run the following command (type the command asa single line, even if it displays as two lines here):




mqsicreateconfigmgr CONFIG_MANAGER_NAME -i SERVICE_USER_ID -a SERVICE_USER_PWD-q SCCS.QUEUE1.MANAGER -w WORK_DIR

Where:


CONFIG_MANAGER_NAME The configuration managername

CMGR_SCCS

SERVICE_USER_ID The service user ID mqsi

SERVICE_USER_PWD The service user password password

WORK_DIR The working directory forthe config manager

C:\Progra~1\IBM\MQSI\6.0\wrkdir

Service user ID notes:

v This can be specified in any valid user name syntax for the platform. If youuse the unqualified form for this user ID (user name) on Windows systems,the operating system searches for the user ID throughout its domain,starting with the local system. This search might take some time tocomplete.

vThe ServiceUserID specified must be a member (either direct or indirect) of the local group mqbrkrs, and must be authorized to access the homedirectory (where WebSphere Message Broker has been installed), and theworking directory (if specified by the -w flag).

v This user ID must also be a member (either direct or indirect) of the localgroup mqm or of the local Windows Administrators group.

For example, on server #1 (and never on the other servers), you will run:

mqsicreateconfigmgr CMGR_SCCS -i mqsi -a password -q SCCS.QUEUE1.MANAGER -w C:\Progra

After creating the configuration manager, it should be started using thecommand:

mqsistart CMGR_SCCS

6. Create the brokers.

On each servers, run the following command once (type the command as asingle line, even if it displays as two lines here):

mqsicreatebroker BRKR_SCCSn -i SERVICE_USER_ID -a SERVICE_USER_PWD-q SCCS.QUEUEn.MANAGER -n BROKER_DB_NAME -u BROKER_DB_USER -p BROKER_DB_PWD

Where...


BRKR_SCCSn The broker name. It must beunique among all the created brokers.

BRKR_SCCS1

SERVICE_USER_ID The service user ID mqsi

SERVICE_USER_PWD The service user password passwordSCCS.QUEUEn.MANAGER The queue manager name

created on this server at step1

SCCS.QUEUE1.MANAGER

BROKER_DB_NAME The broker database name BRKRDB

BROKER_DB_USER The broker database username

db2admin

BROKER_DB_PWD The broker database userpassword

db2password




For example, on server #2 (and similarly on the other servers), run:

mqsicreatebroker BRKR_SCCS2 -i mqsi -a password -q SCCS.QUEUE2.MANAGER -n BRKRDB -u db2

7. Add the brokers to the configuration.

On each server, run the following command (type the command as a singleline, even if it displays as two lines here):

java mqsi.AddBroker -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn

-k SCCS.QUEUEn.MANAGER

Note: The -i and -q parameters refer to the host name and queue managerholding the configuration manager (the initial server).

For example, if you have three servers, you will run the following commandson server #2 (and similarly on the server #3):

java mqsi.AddBroker -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS-k SCCS.QUEUE2.MANAGER

When the command runs, you will see a message detailing results.

If the broker addition failed, you cannot proceed until you have successfullyadded the broker to the topology. Look for the message stating "Adding

broker to topology......." and check the status ("ok" or "failed").

If the addition of the default execution group fails, you might still be able toproceed because you will add it explicitly in a later step. Look for the messagestating "Adding default execution group to topology......" and check the status(ok" or "failed").

8. Start the brokers.

On each server, run the following command to start the broker:

mqsistart BRKR_SCCS<n>

For example, on server #2 (and similarly on the other servers), run:

mqsistart BRKR_SCCS2




9. Create a default execution group.

On each server, run the following command (type the command as a singleline, even if it displays as two lines here):

mqsicreateexecutiongroup -b BRKR_SCCSn -e default -i HOSTNAME1 -p 1414-q SCCS.QUEUE1.MANAGER -w 600

Where the -i and -q parameters refer to the host name and queue manager

holding the configuration manager.For example, on server two, the command would be:

mqsicreateexecutiongroup -b BRKR_SCCS2 -e default -i server1.mydomain.com -p 1414-q SCCS.QUEUE1.MANAGER -w 600

If you see a message stating that the command failed because the defaultexecution group already exists, you can ignore it and continue to the nextstep.

10. Deploy the topology.

On the initial server only, run the following commands:

mqsideploy -l -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -w 300

Where the -i and -q parameters refer to the host name and queue managerholding the configuration manager (the initial server).

For example, if you have three servers, you will run the following commandson server 1 (on no commands on any other servers):

mqsideploy -l -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -w 300

11. Deploy the BAR file.On each server, run the following command (type the command as a singleline, even if it displays as two lines here):

mqsideploy -m -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn -e default-a BAR_FILE_PATH -w 300

Where BAR_FILE_PATH is the path for the message flow BAR file on this server.For example, C:\Progra~1\IBM\MQSI\6.0\realtime1506.bar.

Note: The -i and -q parameters refer to the host name and queue managerholding the configuration manager (the initial server).

For example, if you have three servers, you will run the following on server#1:

mqsideploy -m -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1 -e-a C:\Progra~1\IBM\MQSI\6.0\realtime1506.bar -w 300

...the following on server #2:


...and the following on server #3:


12. Set the inter broker connectivity parameters.




On each server, run the following commands (type each command as a singleline, even if it displays as two lines here):

java mqsi.SetInterBrokerParam -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn-h HOSTNAMEn -o INTER_BROKER_PORTn

mqsichangeproperties BRKR_SCCSn -e default -o DynamicSubscriptionEngine-n interbrokerHost -v HOSTNAMEn

mqsichangeproperties BRKR_SCCSn -e default -o DynamicSubscriptionEngine-n interbrokerPort -v INTER_BROKER_PORTn

Where INTER_BROKER_PORTn is the inter broker communication port for broker#n; for example, port1507.

The inter broker port must be a free TCP/IP port on the server where the broker is running.

The -i and -q parameters of the mqsi.SetInterBrokerParam command refer tothe host name and queue manager holding the configuration manager.

For example, if you have three servers, you will run the following commandson server #1...

java mqsi.SetInterBrokerParam -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b-h server1.mydomain.com -o 1507

mqsichangeproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine-n interbrokerHost -v server1.mydomain.com

mqsichangeproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine-n interbrokerPort -v 1507

...the following commands on server #2:


mqsichangeproperties BRKR_SCCS2 -e default -o DynamicSubscriptionEngine-n interbrokerHost -v server2.mydomain.com

mqsichangeproperties BRKR_SCCS2 -e default -o DynamicSubscriptionEngine-n interbrokerPort -v 1507

...and the following commands on server #3:


mqsichangeproperties BRKR_SCCS3 -e default -o DynamicSubscriptionEngine

-n interbrokerHost -v server3.mydomain.commqsichangeproperties BRKR_SCCS3 -e default -o DynamicSubscriptionEngine-n interbrokerPort -v 1507

13. Create the collective.

On the initial server only, run the following command (type the command asa single line, even if it displays as two lines here):

java mqsi.CreateCollective -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1-b BRKR_SCCS2 ... -b BRKR_SCCSn

Note: The -b BRKR_SCCSn option must be repeated for every broker to beincluded in the collective. The '...' is not part of the command.

If you have three servers, you will run the following command on server #1(and no commands on any other server):

java mqsi.CreateCollective -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1-b BRKR_SCCS2 -b BRKR_SCCS3

14. Stop the configuration manager.


mqsistop CONFIG_MANAGER_NAME

Where CONFIG_MANAGER_NAME is the configuration manager name. For example,CMGR_SCCS.

15. Set the broker security.

On each of the servers, run the following commands:




mqsistop BRKR_SCCSnmqsiservice BRKR_SCCSn -r PubSubAccessControl=yesmqsiservice BRKR_SCCSn -r PubSubAuthorizationService=com.ibm.orgcollab.wbi.exits.restmqsiservice BRKR_SCCSn -r PubSubPrincipalDirectory=com.ibm.orgcollab.wbi.exits.rest.mqsistart BRKR_SCCSn

For example, if you have three servers you will run the following commandson server #2 (and similarly on all other servers):

mqsistop BRKR_SCCS2mqsiservice BRKR_SCCS2 -r PubSubAccessControl=yesmqsiservice BRKR_SCCS2 -r PubSubAuthorizationService=com.ibm.orgcollab.wbi.exits.restmqsiservice BRKR_SCCS2 -r PubSubPrincipalDirectory=com.ibm.orgcollab.wbi.exits.rest.Rmqsistart BRKR_SCCS2

16. Start the configuration manager.


mqsistart CONFIG_MANAGER_NAME

Where CONFIG_MANAGER_NAME is the configuration manager name. For example,CMGR_SCCS.

Authenticating the inter-broker connection:

When the collective starts, a connection is established between the brokers in thecollective (using the inter-broker port). This connection is authenticated by passingthe broker ID to the ST Adv security exit of the other broker.

By default, this ID is set in the broker to ' Broker'. If this ID is set to somethingdifferent, the Security exit must be notified by setting an additional property in theexitSettins.ini file:

brokerID=<BROKER_ID>

Where <BROKER_ID> is the new broker ID.

You can check the broker ID value by opening an Event Broker Command Console

and entering the following command:mqsireportproperties <BRKR_NAME> -e default -o DynamicSubscriptionEngine -n myBrokerUid

Where <BRKR_NAME> is the broker name.

Example

mqsireportproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine -n myBrokerUid

StaBroker01

BIP8071I: Successful command completion.

In this case, the ID of broker BRKR_SCCS1 (StaBroker01) will be sent to the securityexit on the other broker (BRKR_SCCS2) for authentication. The exitSetting.ini fileon BRKR_SCCS2 should be updated with an entry reading:

brokerID=StaBroker01

If you are having trouble with the collective and you suspect the problem iscoming from the authentication not working, enable the DummyTrue exit instead of the rest.RestImpl. With the DummyTrue exit, authentication requests always succeedregardless of what the ID of the brokers are. On the other hand, if your collectivealready starts with the DummyTrue exit, the problem is coming from the inter-brokerauthentication.




Verifying the configuration:

Once the collective is configured, you should verify it is working correctly.

If the collective is set up properly, you should see the following message in thesystem log once all the brokers in the collective start:

(<BROKER_NAME>.default) Broker-Broker connection on socket '<BROKER_IP>:<INTER_BROKER_PORT>

If this message does not display, it is likely your collective is not set up properly.

Once the collective is set up you can verify it is working correctly by connectingone client to a broker in the collective, and a second client to another broker.Messages published on one broker should be broadcast on the other.

Enabling load balancing for the cluster with a round robin DNS:

Enable load balancing for the IBM WebSphere MQ cluster by setting up a roundrobin DNS. Load balancing allows a client to point to multiple brokers within thecollective rather than being limited to a single broker.

Before you begin

A round robin DNS distributes load by directing queries to different members of thecluster in sequence. After you set up the round robin DNS, the IBM LotusSametime Advanced plug-ins use this DNS server to connect to the brokercollective so that broker requests are load-balanced among the Broker nodes thatmake up the collective.

The mechanism for setting up a round robin DNS is determined by the networkand operating systems that comprise your deployment.

Clustering Lotus Sametime Advanced and WebSphere Application Server:

Create a cluster of IBM Lotus Sametime Advanced servers using an IBMWebSphere Application Server network deployment.

Before you begin

A WebSphere Application Server network deployment is the only configurationsuitable for an enterprise-level deployment of Lotus Sametime Advanced because itis scalable and eliminates single points of failure. Each instance of Lotus SametimeAdvance is installed with WebSphere Application Server, and is managed throughthe network deployment as a "cell". A network deployment cell consists of aPrimary node, one or more Secondary nodes, and a Deployment Manager thatmanages the all of nodes (servers) within the cell as a single domain.

Typically, a network deployment contains one node per physical computer. This isnot a requirement; nodes are logical groupings of application servers, so you canhave more than one node installed on a physical system. For performance reasons,most installations have only one cluster member per node, since each clustermember creates its own JVM footprint.

In a network deployment, all nodes are federated into the Deployment Manager's"cell". This allows the Deployment Manager to fulfill its purpose in life: managethe deployment by administering the cell into which the nodes are installed. ThePrimary node is basically the same thing as a single-server installation; it contains




all the applications and WebSphere Application Server components that arerequired to run Lotus Sametime Advanced. When you install the Primary node,you create a server "template". This template is then cloned for use with allSecondary nodes across the cluster.

The Secondary nodes are WebSphere Application Server placeholders that can runadditional cluster members (servers created as clones of the Primary node). When

you install a Secondary node for Lotus Sametime Advanced, the installation createsa node and a default server instance, as well as some node-level WebSphereApplication Server attributes such as data sources, WebSphere variables, andshared library definitions. A network deployment of Lotus Sametime Advancedcan contain up to 254 Secondary nodes, or as few as one.

About this task

Clustering with a WebSphere Application Server network deployment involves thefollowing tasks, which should be completed in the sequence shown:

Installing the Deployment Manager:

Run the installation program to deploy the IBM Lotus Sametime Advancedapplication on your computer using the "Deployment Manager" option.

Before you begin

The Deployment Manager administers the cluster where you deploy LotusSametime Advanced. The Deployment Manager servers as a central point of administration, handling the configuration of all cluster-level configurations,including (but not limited to) JDBC providers and data sources (the connections tothe remote database), WebSphere Application Server variables, applications,application servers, clusters, IBM HTTP server configuration management, securityconfigurations (LDAP, SSL, SSO), and various other components necessary to runan enterprise-level application.

When you deploy a cluster, you install the Deployment Manager first, and thenadd other servers, called "nodes," to it. In addition to deploying WebSphereApplication Server and Lotus Sametime Advanced, installing the DeploymentManager installs the WebSphere shared binaries, the deployment manager profileused by Lotus Sametime Advanced, some of the Lotus Sametime Advancedconfiguration, and the user directory configuration (LDAP, local file system, andremote database user repositories).

About this task

Follow these steps to install Lotus Sametime Advanced:


2. Download the appropriate packages for your operating system, and extractthe files. Downloading files for Lotus Sametime Advanced and relatedapplications is described in the Download document posted at the followingWeb address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.








4. Navigate to the folder where you stored the downloaded files for LotusSametime Advanced and start the installation program by running one of thefollowing commands:


./install.shv Windows

install.bat



7. At the "license agreement" screen, click the Accept option, and then clickNext.

8. At the "type of installation" screen, select Deployment Manager and then clickNext.

9. At the "root path to the installation files for WebSphere Application Server"screen, enter the path to the folder where you extracted the IBM WebSphere

Application Server files, and then click Next.10. At the "To install WebSphere Application Server in this location" screen, enter

the path to where you want to install WebSphere Application Server, and clickNext.


The WebSphere Application Server administrator user will be created insidethe WebSphere Application Server file-based repository. The user name can bea common name, such as wasadmin.

12. At the "Create the administrative user ID and password for the Web basedadministration of the Sametime Advanced Server" screen, enter the Lotus

Sametime Administrator user name and password.The Lotus Sametime Administrator user will be created inside the WebSphereApplication Server file-based repository. The user name can be a commonname, such as stadvadmin. This user can be switched to an LDAP-based userID after installation is finished.

13. At the "Enter the properties for this instance of Sametime Advanced Server"screen, the Cell, node, and Host name fields are pre-populated; make changesas appropriate for your Deployment Manager.


The files in this folder are related to installation and configuration, and will

not affect the functioning of the server once the installation is finished.15. At the "DB2 properties" screen, provide the following properties for the IBM

DB2 server:

Option Description


Port Port on which the database server islistening; this is normally port 50000(Microsoft Windows) or 50001 (IBM AIX,Linux, and Sun Solaris)




Option Description

Database Name Name of the IBM DB2 database that youcreated for Lotus Sametime Advanced(STADV in this documentation )







Note: Lotus Sametime Advanced must use the same LDAP server/directoryas the classic Lotus Sametime 8 server.

v If an LDAP directory is found, the "LDAP Server Connection" screen allowsyou to either select that LDAP or specify another before clicking Next:


18. At the "LDAP Settings for People and Group Entries" screen, fill ininformation about the LDAP fields used for authentication:

Option Description

Detected root DN If a root distinguished name is detected, itwill be displayed here and you can eitherselect it, or enter a different value in the

next field.


Log in Type the name of the field in the LDAPdirectory that will be used for authentication

when a user logs in. This is frequently theLDAP's mail field.Note: If your deployment's Lotus SametimeStandard server requires users to log in, thisfield must match that setting (found in thestconfig.nsf database).






Results

Note: If the installation was not successful, look at the two installation logs formore information about what occurred during the installation attempt. Fix the

problem, then try installing again.v ST_Advanced_Install_Location/logs/installlog.txt




Installing the Primary node:

Install the Primary node for an IBM WebSphere Application Server networkdeployment with IBM Lotus Sametime Advanced

Before you begin

The Primary node is the first node in the cluster, and serves as a template forinstalling the other nodes into the cluster. The Primary node is responsible forconfiguring the DB2 database (STADV in this documentation) that contains LotusSametime Advanced data. When you install the Primary node, it additionallyinstalls the WebSphere Application Server's shared binaries (if the primary nodeshares the same hardware as the Deployment Manager, this step is skipped),creates an application server profile to be used by Lotus Sametime Advanced,configures WebSphere Application Server for Lotus Sametime Advanced, and setsup LDAP security.

Running the graphical installation program:Before you begin





v IBM WebSphere MQ


About this task

Follow these steps to install Lotus Sametime Advanced using the "Single server(Primary node for Network Deployment)" option.












3. Download the appropriate packages for your operating system, and extract

the files.Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.





5. Navigate to the folder where you stored the downloaded files for Lotus

Sametime Advanced and start the installation program by running one of thefollowing commands:


./install.sh

v Windows

install.bat




9. At the "type of installation" screen, select Single server (Primary node for

Network Deployment) and then click Next.10. At the "root path to the installation files for WebSphere Application Server"

screen, enter the path to the folder where you extracted the IBM WebSphereApplication Server files, and then click Next.



The WebSphere Application Server administrator user will be created insidethe WebSphere Application Server file-based repository. The user name can be

a common name, such as wasadmin.13. At the "Create the administrative user ID and password for the Web based

administration of the Sametime Advanced Server" screen, enter the LotusSametime Advanced Administrator user name and password.

The Lotus Sametime Advanced Administrator user will be created inside theWebSphere Application Server file-based repository. The user name can be acommon name, such as stadvadmin. This user can be switched to anLDAP-based user ID after installation is finished.




14. At the "Enter the properties for this instance of Sametime Advanced Server"screen, the Cell, Node, and Host name fields are pre-populated; makechanges as appropriate.



16. At the "DB2 properties" screen, provide the following properties for the IBMDB2 server:

Option Description






17. At the "Sametime Server Properties" screen, provide the host name and theHTTP port on the Lotus Sametime Standard server, from which you candownload the files required for supporting the awareness feature (the defaultis port 80).


18. At the "SMTP Messaging Server" screen, click the checkbox if you want to usean SMTP server with Lotus Sametime Advanced (for example, for notificationsto members of a Persistent Chat Room), and then click Next.

If you do not want to configure the SMTP settings now, leave the checkboxunselected and click Next. The Lotus Sametime Advanced Server will still befunctional.

19. At the "SMTP Messaging Server Properties" screen, provide the followingSMTP server properties:

Option Description


User name, Password The user name and password are onlyneeded if your SMTP server requires themfor authentication before sending e-mail. If necessary, you can change these values laterusing the Integrated Solutions Console.

E-mail address (Optional) Type the e-mail address to beused as the "From" address when sendingnotifications.




Option Description


If your SMTP server is configured to useSSL for outgoing messages, click Yes (port465 is used by default for encrypted traffic);otherwise click No (port 25 is used bydefault for unencrypted traffic).

20. At the "IBM WebSphere Messaging Broker Properties" screen, provide the fullyqualified hostname of the WebSphere Message Broker Server, and then clickNext.





Note: Lotus Sametime Advanced must use the same LDAP server/directory

as the Lotus Sametime Standard server.v If an LDAP directory is found, the "LDAP Server Connection" screen allows

you to either select that LDAP or specify another before clicking Next:


23. Choose the type of binding to use with your LDAP server and, if necessary,provide credentials for authenticated binding (the Bind distinguished nameand the associated password); then click Next.

The type of binding used to connect to your LDAP server is determined bythe settings in the LDAP directory. If anonymous access is allowed, you seethe "LDAP Anonymous Bind Allowed" screen.If anonymous access is not

allowed, the "LDAP Authenticated Bind Required" screen appears.24. At the "LDAP Settings for People and Group Entries" screen, fill in

information about the LDAP fields used for authentication:

Option Description

Detected root DN If a root distinguished name is detected, itwill be displayed here and you can eitherselect it, or enter a different value in thenext field.





Option Description

Log in Type the name of the field in the LDAPdirectory that will be used for authenticationwhen a user logs in. This is frequently theLDAP's mail field.Note: If your deployment's Lotus SametimeStandard server requires users to log in, this

field must match that setting (found in thestconfig.nsf database).



Results

Note: If the installation was not successful, look at the two installation logs for

more information about what occurred during the installation attempt. Fix theproblem, then try installing again.





Federating the Primary node:

Add the Primary node to the cell controlled by the Deployment Manager. This task backs up the original configuration on the Primary node, and adds all the Primarynode's components to the Deployment Manager's cell. This allows a central pointof administration for the network deployment by using the Deployment Manager'sIntegrated Solutions Console. You will not be able log into the Primary node's ownIntegrated Solutions Console after this step but will instead be required to use theDeployment Manager.

Before you begin

The Deployment Manager must be installed and running.

About this task

When you federate, the Integrated Solutions Console of the Primary node isdisabled because you will be using the Integrated Solutions Console from theDeployment Manager. The Primary node inherits all of the cell-level configurationdata from the Deployment Manager. Any information you can see through theDeployment Manager's Integrated Solutions Console is now stored on the Primarynode, so it is accessible from any application. Because the LDAP configuration andyour credentials as the WebSphere Application Server administrative user in theDeployment Manager are defined at the cell level, this data overwrites the securitysettings of the Primary node: the Deployment Manager's settings now apply to thePrimary node as well. If you remove the Primary node from the cell, its originalsecurity configuration is restored.




After you have federated the Primary node, you can run a real environment andconfigure your Lotus Sametime communities just as you would in a single-serverenvironment. What is lacking is failover and load balancing capabilities. To addthose features, you need to add a Secondary node, and create a cluster, asdescribed in later tasks.

1. Synchronize the system clocks on the Deployment Manager and the Primarynode, and make sure they are set for the same timezone.

2. On the Deployment Manager, ping the Primary node to make sure the hostname is resolvable and a valid connection exists.

3. On the Primary node, ping the Deployment Manager to make sure that hostname is also resolvable.

4. Still on the Primary node, open a command window and navigate to the \bindirectory under the WebSphere Application Server root installation.

For example, on Windows:

C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\bin

5. Run the following command to federate the Primary node to the DeploymentManager:

Note: Type the command all on one line.AIX, Linux, Solari

./addnode.sh DM_server_host_name DM_SOAP_port-username WAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM -includeapps

Windows

addnode.bat DM_server_host_name DM_SOAP_port-username WWAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM -includeapp

where:

v DM_server_host_name is the resolvable host name of the DeploymentManager

v DM_SOAP_port is the port that the Deployment Manager's SOAP port islistening on (typically this is 8879)

v WAS_Admin_Username_on_DM is the user ID of the WebSphere ApplicationServer administrator account on the Deployment Manager

v WAS_Admin_password_on_DM is the password associated with thatWebSphere Application Server administrator account

System output

The final line of the system output should indicate success; for example:

ADMU0003I: Primary_node_name has been successfully federated.

6. To verify that the Primary node has joined the Deployment Manager's cell,move to the Deployment Manager and log into the Integrated SolutionsConsole using your WebSphere Application Server administrative user ID andpassword, and then click Servers → Application servers. Make sure you can see

the Primary node's information.

Installing a Secondary node:

Run the installation program to deploy the IBM Lotus Sametime Advancedapplication on your computer using the "Secondary node" option.

Before you begin

The Secondary nodes are used to run the Lotus Sametime Advanced applicationsin a distributed environment, allowing you to deploy the product in a manner that




takes advantage of load balancing and fail-over features provided in a networkdeployment. For Lotus Sametime Advanced, the Secondary node installer willinstall a basic WebSphere Application Server environment with its componentsdefined at the node level for running Lotus Sametime Advanced as a clustermember. The majority of the components required for running Lotus SametimeAdvanced are installed on the Primary node, so when you use the Primary node asa template for the Secondary nodes in the cluster, each Secondary node inherits a

copy of those components. Some components, such as the path to a resourceprovider driver file, need to be defined differently on each node since they mayexist in different locations or have system-specific values. These components areconfigured during the installation of the Secondary node; this step should becompleted on every Secondary node.

About this task

Follow these steps to install Lotus Sametime Advanced:


2. Download the appropriate packages for your operating system, and extract

the files.Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:







Sametime Advanced and start the installation program by running one of thefollowing commands:


./install.sh

v Windows

install.bat



7. At the "license agreement" screen, click the Accept option, and then clickNext.

8. At the "type of installation" screen, select Secondary node and then click Next.

9. At the "root path to the installation files for WebSphere Application Server"screen, enter the path to the folder where you extracted the IBM WebSphereApplication Server files, and then click Next.


11. At the "Enter the properties for this instance of Sametime Advanced Server"screen, the Cell, node, and Host name fields are pre-populated; make changesas appropriate.








13. At the "The IBM Lotus Sametime Advanced Server is ready to install" screen,

review the settings, then click Install to start the installation.

Note: If the installation was not successful, look at the two installation logsfor more information about what occurred during the installation attempt. Fixthe problem, then try installing again.





14. Finally, update the virtual host "default_host" alias to reflect the port on whichWebSphere Application Server is listening (port 9081):

a. Open the Integrated Solutions Console (the WebSphere administrativeconsole) on the new node.

b. Click Environment → Virtual Hosts → default_host → Host Aliases.

c. Set the port to 9081.

d. Save your changes.

Federating a Secondary node:

Federate a Secondary node to a cell within an IBM WebSphere Application Servernetwork deployment.

Before you begin

The Deployment Manager must be installed and running. Federating a Secondarynode is a similar process to federating the Primary node:

1. Synchronize the system clocks on the Secondary Node to match the PrimaryNode, and make sure they are set to the same timezone.

Although general clustering guidelines instruct you to set the node clocks towithin a few minutes of each other, Lotus Sametime Advanced requires them tomatch; otherwise users may see odd results while chatting.

2. On the Deployment Manager, ping the Secondary node to make sure the hostname is resolvable and a valid connection exists.

3. On the Secondary node, ping the Deployment Manager to make sure that host

name is also resolvable.4. Still on the Secondary node, open a command window and navigate to the

\bin directory under the WebSphere Application Server root installation.


C:\Program Files\IBM\WebSphere\AppServer\bin

5. Run the following command to federate the Secondary node to the DeploymentManager:

Note: Type the command all on one line.

AIX, Linux, Solari




./addnode.sh DM_server_host_name DM_SOAP_port-username WAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM

Windows

addnode.bat DM_server_host_name DM_SOAP_port-username WWAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM

where:

v

DM_server_host_name is the resolvable host name of the DeploymentManager

v DM_SOAP_port is the port that the Deployment Manager's SOAP port islistening on (typically this is 8879)

v WAS_Admin_Username_on_DM is the user ID of the WebSphere ApplicationServer administrator account on the Deployment Manager

v WAS_Admin_password_on_DM is the password associated with thatWebSphere Application Server administrator account

System output

The final line of the system output should indicate success; for example:

ADMU0003I: Secondary_node_name has been successfully federated.

6. To verify that the Secondary node has joined the Deployment Manager's cell,move to the Deployment Manager and log into the Integrated SolutionsConsole using your WebSphere Application Server administrative user ID andpassword, and then click Servers → Application servers. Make sure you can seethe Secondary node's information.

7. For each additional Secondary node, repeat the preceding steps.

8. After you have finished federating Secondary nodes, move to the DeploymentManager and restart it by typing the following commands: (Wait for the firstcommand to finish before starting the Deployment Manager:

stopManager

Wait for the first command to finish before running the second:

startManager

Configuring the cluster:

Configuring the network deployment as a cluster converts the applications that are(by default) running on "server1" of the Primary node to run at the cluster level,taking advantage of the enterprise-level features of IBM WebSphere, such as load

balancing and failover.

Before you begin

To configure the cluster, you will use the Primary node's server1 (WebSphereApplication Server) instance as a template to define the Secondary nodes as clustermembers. Every Secondary node added to the cluster will receive a copy of all of

the components that are currently configured on the Primary node's applicationserver and the application modules will be configured to run at the cluster level.

This task will leave the Primary node's server intact, but it is not going to be auseful server anymore after this step. If you attempt to server1 after this process iscomplete, it will fail to start – instead, you should only start the Secondary nodesthat have been added to the cluster.




About this task

Complete the tasks below in the sequence shown:

Defining the cluster members:

Define each Secondary node as a member of the IBM WebSphere Application

Server network deployment cluster, using the Primary node as a template. Thisensures that the each Secondary node receives a copy of all of the components thatare currently configured on the Primary node's application server, and that theapplication modules can be configured to run at the cluster level in the next task.

1. Make sure the Deployment Manager is running and use it to log into theIntegrated Solutions Console using a WebSphere Application Serveradministrative account.

2. In the console, navigate to the Cluster Members as follows:

a. Expand Servers and click on Clusters.

b. Locate the cluster called STAdvancedCluster and click on it.

c. Under "Additional Properties", click the Cluster Members link.

3. Create first cluster member Define the Primary node as the first member of thecluster:

a. Click New.

b. Fill in the following fields using information for the Primary node:

Member Name Type a name for the Primary node; forexample: STPrimaryClusterMember.

Select Node Select the Primary node from the list.

Weight Leave the node's weight set at "2".

Generate Unique HTTP ports Leave this setting selected.

Select basis for first cluster member Select Create the member using anapplication server template

Now you need to specify the applicationserver being used as the template for thiscluster – select the server1 instance on thePrimary node. The instance displays as"cellName\nodeName\server1" so look forthe one that uses the cell name and nodename that you provided when running theLotus Sametime Advanced installer on thePrimary node.

c. Click Next.

4. Create additional cluster members Define a Secondary node as an additional

member of the cluster:

Note: You will need to complete this step for every Secondary node. If youwish, you can add Secondary nodes to the cluster later by returning to thisscreen and filling it in for each additional Secondary node.

a. Fill in the following fields using information for the current Secondarynode:




Member Name Type a unique name for the currentSecondary node; for example:STSecondaryClusterMember1.

Select Node Select this Secondary node from the list.

Weight Leave the node's weight set at "2".

Generate Unique HTTP ports Leave this setting selected.

b. Click Add Member.

5. After until all your Secondary node cluster members have been defined (theywill appear in the table at the bottom of the page), click Next.

6. Review your settings, and then click Finish.

7. Verify that the cluster was created successfully by returning to the "ClusterMembers" screen and making sure all your cluster members are listed:

a. Expand Servers and click on Clusters.

b. Locate the cluster called STAdvancedCluster and click on it.

c. Under "Additional Properties", click the Cluster Members link.

When all of your cluster members appear in the list, your cluster has beencreated successfully.

Modifying application modules to run at the cluster level:

Modify the application modules hosted on the Primary node's "server1" to run onthe cluster. This task moves the application modules to the cluster scope, so that aninstance of the application is running on all cluster members. This is accomplished

by "pushing" the applications to each of the Secondary nodes.

1. Make sure the Deployment Manager is running and use it to log into theIntegrated Solutions Console using an IBM WebSphere Application Serveradministrative account.

2. In the console, expand Applications and click on Enterprise Applications.

3. In the list of "Enterprise Applications", select an application by clicking it, andcomplete the following steps for each application:

You will modify these applications:

v Location Service

v Lotus Sametime Advanced Application

v Was-at Service

a. In the application-specific screen that appears next, locate the "Modules"section on the right, and click the Manage Modules link.

b. In the "Manage Modules" screen, locate the list of modules in the lower half of the page, and click the Select box next to each of the application'smodules.

c. Now move to the Clusters and Servers list in upper half of the page, andclick the name of your cluster (for example, "STAdvanced_Cluster") to setthe scope to the cluster.

d. Click Apply, and verify that the selected cluster name appears in the"Server" column of the modules table in the lower half of the screen.

e. Click OK to confirm the setting.

f. Repeat this process for each of the applications listed at the beginning of thisstep.

4. Set security for inbound communications in the cluster:




a. Still in the Integrated Services Console, locate and click Security → Secureadministration, applications and infrastructure.

b. In the "Secure administration, applications and infrastructure" screen, locateRMI/IIOP security on the right and click to expand it.

c. Click the CSIv2 inbound authentication link.

d. In the "CSIv2 inbound authentication" screen, click the Identity Assertion

box.e. In the Trusted Identities field, type the list of all cluster members,

separating names with the | character.

For example:

STPrimaryClusterMember|STSecondaryClusterMember1|STSecondaryClusterMember2

f. Click Apply so your changes will take effect immediately.

5. Now set security for outbound communications in the cluster:

a. Still in the Integrated Services Console, locate and click Security → Secureadministration, applications and infrastructure.

b. In the same "RMI/IIOP security" section, click the CSIv2 outboundauthentication link.

c. In the "CSIv2 outbound authentication" screen, click the Identity Assertion box.

d. Under "Identity Assertion", click Use server trusted identity (this applies tothe cluster members you listed when you set up inbound security).

e. Click Apply.

f. Click Save to save your changes.

6. Now synchronize the nodes:

a. In the Integrated Services Console, expand System Administrationand clickon Nodes.

b. In the "Nodes" table, click the checkbox next to every node in your cluster(you want to select all nodes).

c. Click the Synchronize button.d. Allow several minutes for replication to complete before proceeding to the

next step.

7. Restart the cluster by restarting the node agents and the Deployment Manager:

a. Still in the Integrated Services Console on the Deployment Manager, clickSystem Administration → node agents .

b. Select all node agents, and then click Restart.

c. Now open a command window and navigate to theWAS_Install_Directory\bin directory.



d. Stop the Deployment Manager with the following command, providing auser name and password with WebSphere Application Server administrativeaccess:

AIX, Linux, Solaris

./stopManager.sh -username wasadmin_name -password password

Windows

stopManager.bat

e. Now Start the Deployment Manager with the following command, againproviding a user name and password with WebSphere Application Serveradministrative access:




AIX, Linux, Solaris

./startManager.sh wasadmin_name -password password

Windows

startManager.bat

Installing the scheduler into the cluster:

Create a scheduler on the every Secondary node in the network deploymentcluster.

1. On the Deployment Manager, open the Integrated Services Console and log inwith a WebSphere Application Server administrator account.

2. Click Resources → Schedulers.

3. Do the following for every Secondary node in the cluster:

a. Select the scope of the secondary node.

b. Select the scheduler (Default Sched) in that scope.

c. Change the Table Prefix for the current Secondary node.

Be sure to give each Secondary node a unique Table Prefix. For example, for

the first Secondary node, use SCHED_SEC1; for the second, useSCHED_SEC2. and so on.

d. Click Apply, and then click Save.

4. Click the Scheduler check box in the same Secondary node scope.

5. Click the Create Table button.

Setting up service integration for the cluster:

Use the Integrated Solutions Console to set up service integration buses, topicspaces, and queues for the nodes in the cluster.

About this task

Complete the following tasks in the sequence shown to ensure they are processedproperly:

Creating buses for the cluster:

Create service integration buses to support messaging-based applications in thecluster.

Before you begin

You will create three service integration buses to support messaging among thecluster members in the network deployment, and then add all of the cluster

members to each bus:v orgcollab_service_bus

v rtc4web_cluster_service_bus

v rtc4web_node_service_bus

About this task

Use the Integrated Solutions Console on the Deployment Manager to complete thistask (log in as a WebSphere Application Server administrative user).

1. Create the orgcollab_service_bus bus:




a. Click Service integration → Buses.

b. In the "Buses" screen, click the New button.

c. In the "Create a new bus" screen, enter orgcollab_service_bus as the busname.

d. Deselect the Bus security option.

e. Click Next.

f. In the "Confirm create of new bus" screen, click Finish.

g. Repeat for the remaining buses.

2. Create the rtc4web_cluster_service_bus bus:



c. In the "Create a new bus" screen, enter rtc4web_cluster_service_bus as the bus name.


e. Click Next.


g. Repeat for the remaining buses.3. Create the rtc4web_node_service_bus bus:



c. In the "Create a new bus" screen, enter rtc4web_node_service_bus as the bus name.


e. Click Next.


g. Repeat for the remaining buses.

4. Add the cluster members to the each bus:

a. In the "Buses" screen, click the link representing a new bus.

b. In the "bus_name" screen, locate the "Topology" section on the right, andclick Bus members.

c. In the "Bus members" table, click the Add button.

d. In the "Select Server, cluster, or WebSphere MQ server" screen, click Server,select the names of your cluster's members (for example,STPrimaryClusterMember, STSecondaryClusterMember1, andSTSecondaryClusterMember2), and then click Next.

e. In the "Select the type of message store" screen, click File Store, and thenclick Next.

f. In the "Provide the message store properties" screen, click, accept the default

settings and click Next.g. In the confirmation screen, click Finish.

h. Repeat for the remaining buses.



b. Select all node agents, and then click Restart.

c. Now open a command window and navigate to theWAS_Install_Directory\bin directory.







AIX, Linux, Solaris

./stopManager.sh -username wasadmin_name -password passwordWindows

stopManager.bat

e. Now Start the Deployment Manager with the following command, againproviding a user name and password with WebSphere Application Serveradministrative access:

AIX, Linux, Solaris


Windows

startManager.bat

Creating topic spaces for the cluster:

Create default topic spaces for the service integration buses.

About this task

Use the Integrated Solutions Console on the Deployment Manager to complete thistask (log in as a WebSphere Application Server administrative user). Remember,the bus names are as follows:

v orgcollab_service_bus

v rtc4web_cluster_service_bus

v rtc4web_node_service_bus

1. Add the Destination type Topic space using "Default.Topic.Space" for all the buses:

a. Open the Integrated Solutions Console on the Deployment Manager and login as a WebSphere Application Server administrative user.

b. Click Service integration → Buses.

c. In the "Buses" screen, click the link representing a new bus.

d. In the "bus_name" screen, locate the "Destination resources section (below"Topology"), and click Destinations.

e. In the "Destinations" table, click the New button.

f. In the "Create new destinations" screen, click Topic space, and then clickNext.

g. In the "Create new topic space" screen, provide a name for the topic space(for example, Default.Topic.Space), and then click Next.

h. In the confirmation screen, click Finish.

i. Click Apply.

j. Click Save to save your changes.

k. Repeat for the remaining buses; you must complete this step for all three buses.

2. Add the Destination type Topic space using "Default.Topic.Space.noden" onlyfor thertc4web_node_service_bus:




a. Open the Integrated Solutions Console on the Deployment Manager and login as a WebSphere Application Server administrative user.

b. Click Service integration → Buses.

c. In the "Buses" screen, click the rtc4web_node_service_bus link.

d. In the "bus_name" screen, locate the "Destination resources section (below"Topology"), and click Destinations.

e. In the "Destinations" table, click the New button.f. In the "Create new destinations" screen, click Topic space, and then click

Next.

g. In the "Create new topic space" screen, provide a unique name for the topicspace on a Secondary node (for example, Default.Topic.Space.node2), andthen click Next.

You will do this for every Secondary node, so remember to keep the namesunique, for example, by numbering.

h. In the confirmation screen, click Finish.

i. Click Apply.

j. Click Save to save your changes.

k. Repeat for the remaining Secondary nodes, so that you create this topicspace on each of them, but only for the rtc4web_node_service_bus.

Creating queues for the cluster:

Create queues for the Primary node and for all Secondary nodes within the cluster.

About this task


1. Add the Destination type Queue for the Primary node using"orgcollab_batchQ" only for the orgcollab_service_bus:

a. In the "Buses" screen, click the orgcollab_service_bus link.

b. In the "orgcollab_service_bus" screen, click Destinations.

c. In the "Destinations" table, click the New button.

d. In the "Create new destinations" screen, click Queue, and then click Next.

e. In the "Create new queue" screen, provide a name for the topic space (forexample, orgcollab_batchQ), and then click Next.

f. Select the Primary node from the list of bus members, and then click Next.

g. In the confirmation screen, click Finish.

h. Click Apply.

i. Click Save to save your changes.

2. Add the Destination type Queue for each Secondary node using"orgcollab_batchQ_noden" only for the orgcollab_service_bus:

a. Return to the "orgcollab_service_bus > Destinations" table, and click theNew button.

b. In the "Create new destinations" screen, click Queue, and then click Next.

c. In the "Create new queue" screen, provide a name for the topic space (forexample, orgcollab_batchQ_node2), and then click Next.

You will do this for every Secondary node, so remember to keep the queuenames unique, for example, by numbering.




d. Select a Secondary node from the list of bus members, and then click Next.

e. In the confirmation screen, click Finish.

f. Click Apply.

g. Click Save to save your changes.

h. Repeat for the remaining Secondary nodes, so that you create a queue oneach of them, but only for the orgcollab_service_bus.

Modifying queues for Secondary nodes:

Modify the queues for the Secondary nodes within the cluster.

About this task


Modify the Queues setting as follows:

1. Click Resources → JMS → Queues.

2. In the "Queues" screen, locate the secondary node scope in the Scope list, andclick it.

The node displays with the name you provided for it when installed LotusSametime Advanced; for example, node=STSecondaryClusterMember1,server=server1.

3. In the queues table, click the orgcollab_batchQ link.

4. In the "General Properties" screen, locate the "Connections" section, open theQueue Names list, and click orgcollab_batchQ_noden to select it.

5. Click Apply.

6. Click Save to save your changes.

7. Repeat for the remaining Secondary nodes and their corresponding queues.

Modifying topic spaces for Secondary nodes:

Modify the topic spaces for the Secondary nodes within the cluster.

About this task


1. Modify the Topics setting as follows:

a. Now click Resources → JMS → Topics.

b. In the "Topics" screen, locate the secondary node scope in the Scope list,and click it.

The node displays with the name you provided for it when installed LotusSametime Advanced; for example, node=STSecondaryClusterMember1,server=server1.

c. In the topics table, click the rtc4web_node_topic link.

d. In the "General Properties" screen, locate the "Connections" section, open theTopic Space Names list, and click Default.Topic.Space.nodento select it.

e. Click Apply.

f. Click Save to save your changes.

g. Click Apply.




h. Click Save to save your changes.

i. Repeat for the remaining Secondary nodes and their corresponding topicspaces.



b. Select all node agents, and then click Restart.c. Now open a command window and navigate to the

WAS_Install_Directory\bin directory.




AIX, Linux, Solaris

./stopManager.sh -username wasadmin_name -password password

Windows

stopManager.bate. Now Start the Deployment Manager with the following command, again

providing a user name and password with WebSphere Application Serveradministrative access:

AIX, Linux, Solaris


Windows

startManager.bat

Starting the network deployment for the first time:

When starting a network deployment cluster for the first time, you must start theDeployment Manager, node agents for the Primary node and all Secondary nodes,and then all of the IBM Lotus Sametime Advanced servers.

About this task

In the steps that follow, you start the Deployment Manager in a command windowso that you can log in to the Integrated Solutions Console and complete theremaining steps. After the Deployment Manager is started, you can view theIntegrated Solutions Console pages. However, you cannot view the LotusSametime Advanced administration pages until you start at least one node agentand the Lotus Sametime Advanced server hosted on that node.

1. Log in to the Deployment Manager node as a user with WebSphere Application

Server administrative privileges.2. Open a command window and navigate to the WAS_Install_Directory\bin

directory.

For example, on Microsoft Windows:


3. If not already started, start the Deployment Manager with the followingcommand:

AIX, Linux, Solaris

./startManager.sh




[-configRoot configuration_repository_directory][-startArgs additional_start_arguments][-stopArgs additional_stop_arguments][-userid user_id -password password][-logFile service_log_file][-logRoot server_log_directory][-restart true | -restart false][-startType automatic | manual | disabled]

For example:

D:\IBM\WAS\AppServer\bin>WASService -add "SametimeAdvanced" -serverName server1-profilePath "d:\ibm\was\AppServer\profiles\ST_Advanced_Profile"-startType automatic

You get the following results:

Adding Service: SametimeAdvancedConfig Root: d:\ibm\was\AppServer\profiles\ST_Advanced_Profile\configServer Name: server1Profile Path: d:\ibm\was\AppServer\profiles\ST_Advanced_ProfileWas Home: D:\IBM\WAS\AppServer\Start Args:Restart: 1

IBM WebSphere Application Server V6.1 - SametimeAdvanced service successfully adde2. Click Start → Control Panel.

3. Double-click Administrative Tools

4. Double-click Services

5. For each of the following services:

v IBM MQ Series

v IBM WebSphere Message Broker component BRKR_SCCS

v IBM WebSphere Message Broker component CMGR_SCCS

v IBM WebSphere Application Server V6,1 - <node-name>.

The DB2 service needs to be started first if its on the same server.

v

IBM HTTP Server 6.1a. Double-click the service name.

b. Select Automatic as the Startup type.

c. Click OK.

Starting Linux servers automaticallyIBM Lotus Sametime Advanced, IBM WebSphere Application Server, WebSphereMQ, and WebSphere Event Broker can be configured to start automatically whenthe operating system is started.

About this task

For Linux servers running a Red Hat or SuSE operating system, you can edit your boot files to start a service automatically. The Red Hat boot file is named rc.local,and the SuSE boot file is named boot.local. Typically, these files are in the /etc/directory.

For example, the following commands in a boot.local file automatically start theLotus Sametime Advanced, WebSphere MQ, and WebSphere EB servers (which areassumed to reside on a single computer in this example):




su -l root -c /opt/WebSphere/AppServer/profiles/STAdvanced_Profile/bin/startServer.sh serversu - mqsi -c "/opt/mqm/bin/strmqm sccs.queue.manager"su - mqsi -c "mqsistart broker_name"su - mqsi -c "mqsistart config_manager"

where:

v broker_name is the name of the broker service; for example: BRKR_SCCS

v config_manager is the name of the configuration manager; for example:CMGR_SCCS

Starting and stopping a DB2 serverIBM DB2 provides a Control Center where you can manage server instances andrelated applications.

About this task

You can start and stop a DB2 instance using the Control Center on the computerhosting the DB2 server:

1. Start the DB2 Control Center.

v IBM AIX, Linux, Solaris: open the IBM DB2 folder on the desktop and clickControl Center

v Microsoft Windows: click Start → Programs → IBM DB2 → GeneralAdministration Tools → Control Center

2. From the object tree in DB2, click on a system to display the available instances.

3. Highlight the instance for which you want to start or stop.

4. Right-click on the instance, and select the appropriate command:

v Start

v Stop, then click OK to confirm

You can also start and stop the DB2 instance from a DB2 commandenvironment with the following commands:

v db2start

v db2stop

Starting and stopping DB2 Net Search ExtenderIBM DB2 provides a Control Center where you can manage server instances andrelated applications.

About this task

Start and stop DB2 Net Search Extender services using the Control Center on thecomputer hosting the DB2 server:

1. From the object tree in DB2, click on a system to display the available instances.2. Highlight the instance for which you want to start or stop Net Search Extender.

3. Right-click on the instance, and select the appropriate command:

v Start Net Search Extender Instance Services

v Stop Net Search Extender Instance Services

You can also start and stop Net Search Extender from a DB2 commandenvironment with the following commands:

v db2text start

v db2text stop




Starting and stopping the HTTP ServerYou can start and stop the IBM HTTP Server on any operating system using theIntegrated Solutions Console.

Before you begin

The Integrated Solutions Console is provided with IBM WebSphere ApplicationServer and provides access to WebSphere-hosted services including IBM HTTPServer.

1. Launch the Integrated Solutions Console by opening a Web browser andnavigating to: http://stadv.acme.com:9060/ibm/console

For example:

http://stadv.acme.com:9060/ibm/console

2. On the left, click Servers → Web servers.

3. In the Web Servers window, click the link that represents your HTTP Server.

4. Click the button corresponding to the action you want:

v Click Start to start HTTP Server.

v

Click Stop to stop HTTP Server.

Starting and stopping a Sametime serverIBM Lotus Domino and IBM Lotus Sametime are hosted on the same computer.

About this task

You can start and stop Lotus Sametime using the Lotus Domino console on thesame computer, regardless of the operating system on which they are hosted.

Starting Lotus Sametime

1. Open the Lotus Domino server console.

2. Type the following command:Load STADDIN

Stopping Lotus Sametime

1. Open the Lotus Domino server console.

2. Type the following command:

Tell STADDIN Quit

Starting and stopping a Domino serverAlthough Lotus Domino and Lotus Sametime Standard are hosted on the samecomputer, you can start and stop them separately.

About this task

Do not enter keystrokes or click the mouse while the Lotus Domino server isstarting or shutting down.

Starting Lotus Domino

v IBM AIX, Linux, Solaris:

Type the path to the directory where you installed Lotus Domino, and end itwith the server command.




For example, if you installed Lotus Domino in the /opt directory; you would usethis command to start the server:

/opt/ibm/lotus/bin/server

v Microsoft Windows:

Click Start → Programs → Lotus Applications → Lotus Domino Server.

Stopping Lotus Domino

On any operating system, stop the Lotus Domino server directly from the Dominoconsole by running the exit command or the quit command. It may take tenseconds or more for the server to shut down.

Starting and stopping Lotus Sametime Advanced andWebSphere Application Server

Lotus Sametime Advanced and IBM WebSphere Application Server are hosted onthe same computer and are started and stopped as one using the server called"server1".

About this task

Batch files to start and stop the server are located in the WAS_Install_Directory\profiles\ST_Advanced_Profile\bin directory; for example:

C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\bin

When starting and stopping this server, provide the user name and password of aWebSphere Application Server administrator, and type the entire command on oneline.

Batch file commands for starting and stopping Lotus Sametime Advanced and WebSphere

Application Server

IBM AIX, Linux, Solaris Microsoft Windows

Start ./startServer.sh server1-username wasadmin_name-password password

startServer.bat server1-username wasadmin_name-password password

Stop ./stopServer.sh server1-username wasadmin_name-password password

stopServer.bat server1-username wasadmin_name-password password

Starting and stopping WebSphere MQ and WebSphere EventBroker

IBM WebSphere MQ and WebSphere Event Broker are hosted on the samecomputer.

About this task

The commands for starting and stopping broker (and related) services vary withthe operating system on which WebSphere MQ and WebSphere Event Broker arehosted. Run these commands from the Message Broker Command Console, typingeach command on one line.

In the following commands:




v queue_manager_name is the name assigned to the queue manager, for example:sccs.queue.manager

v broker_name is the name of the message broker, for example: BRKR_SCCS

v config_manager_name is the name of the configuration manager, for example:CMGR_SCCS

Commands for starting and stopping WebSphere MQ and WebSphere Event Broker

services

IBM AIX, Linux, Solaris (login as root)

Microsoft Windows (log inthe Windows systemadministrator)

Start WebSphere MQ strmqmqueue_manager_name

strmqmqueue_manager_name

Start WebSphere EventBroker

mqsistart broker_name

mqsistartconfig_manager_name

mqsistart broker_name

mqsistartconfig_manager_name

Stop WebSphere MQ endmqmqueue_manager_name

endmqmqueue_manager_name

Stop WebSphere EventBroker

mqsistop broker_name

mqsistopconfig_manager_name

mqsistop broker_name

mqsistopconfig_manager_name

Starting and stopping a network deploymentStart and stop the servers and node agents in an IBM WebSphere ApplicationServer network deployment of IBM Lotus Sametime Advanced.

About this task

In a network deployment, the node agents are started and stopped separately from

the Lotus Sametime Advanced server instances hosted on the nodes:

Starting and stopping the Deployment ManagerStart and stop the Deployment Manager in a IBM WebSphere Application Servernetwork deployment.

About this task

Batch files to start and stop the Deployment Manager are located in theWAS_Install_Directory\bin directory; for example, on Windows:


When starting and stopping this server, provide the user name and password of aWebSphere Application Server administrator, and type the entire command on oneline.

Batch file commands for starting ad stopping the Deployment Manager


./startManager.sh startManager.bat

./stopManager.sh-username wasadmin_name-password password

stopManager.bat-username wasadmin_name-password password




Starting and stopping a node agentStart and stop the node agents in a IBM WebSphere Application Server networkdeployment.

Before you begin

Typically, you stop and start node a node agent by logging onto a node and

running the stop node or start node command. However, for convenience, you canrestart all node agents from the Deployment Manager node by using the IntegratedSolutions Console only if the node agents are running. If they are stopped, youmust start the node agents from nodes themselves.

About this task

Batch files to start and stop the node agent are located in theWAS_Install_Directory\bin directory; for example, on Windows:


When starting and stopping this server, provide the user name and password of a

WebSphere Application Server administrator, and type the entire command on oneline.

Batch file commands for starting and stopping the node agent


./startNode.sh startNode.bat

./stopNode.sh stopNode.bat

To quickly restart node agents that are already running:

1. Make sure the Deployment Manager is running and log into the IntegratedSolutions Console on the Deployment Manager node.

2. Click System Administration → Node agents .3. Select all node agents, and then click Restart.

Starting and stopping application serversThe applications in a WebSphere Application Server network deployment areinstalled on a server instance on each node. Starting and stopping an application isdifferent from starting and stopping the node agent.

About this task

You can start and stop the application server on a node without affecting the nodeagent.

1. Log into the Integrated Solutions Console on the Deployment Manager serveras a user with WebSphere Application Server administrative privileges.

2. Click Servers → Application Servers .

3. If you want to stop a server, select the application server's checkbox and clickStop.

4. If you want to start a server, select the application server's checkbox and clickStart.




Uninstalling

Before you can install a newer version of IBM Lotus Sametime Advanced, youmust uninstall the currently deployed version.

About this task

Complete these tasks to uninstall Lotus Sametime Advanced:

Uninstalling prerequisite componentsTo completely remove an IBM Lotus Sametime Advanced deployment, you mustuninstall the prerequisite components as well.

Before you begin

Use the Web addresses below to locate information on uninstalling the prerequisitecomponents that you deployed with Lotus Sametime Advanced. Each componentis documented in an IBM information center that contains one or more topicsrelated to uninstalling applications. Navigate to the Web address for a specific

information center, and then use the Search feature to locate topics on uninstalling.

About this task

Web addresses for IBM information centers documenting prerequisite components

Prerequisite component Information Center location Search for this text

IBM DB2 Workgroup ServerEdition


"Uninstalling your DB2product (Windows)"

"Uninstalling your DB2product (Linux andUNIX®)"

IBM DB2 Net SearchExtender

http://publib.boulder.ibm.com

/infocenter/db2luw/v9/index.jsp

"Uninstalling Net SearchExtender"

IBM HTTP Server http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp

"Uninstalling IBM HTTPServer"

IBM Lotus Sametime 8 http://publib.boulder.ibm.com/infocenter/sametime/v8r0/index.jsp

"Uninstalling a Sametimeserver"

IBM WebSphere EventBroker

http://publib.boulder.ibm.com

/infocenter/wmbhelp/v6r0m0/index.jsp

"Uninstalling"

IBM WebSphere MQ http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp

"Uninstalling WebSphereMQ"

Note: If you intend to install another release of IBM Lotus Sametime Advanced,you do not have to uninstall DB2, WebSphere MQ, and WebSphere Event Broker.

Just remove the broker services and then reconfigure them for the new installation.




Removing broker services on AIX, Linux, SolarisIn some situations, you may want to remove broker services from a server whereyou install IBM WebSphere MQ and WebSphere Event Broker. Removing brokerservices involves deleting the queue manager, the configuration manager, the

broker itself, and the database tables used for storing associated information.

Before you begin

There are several situations in which you may want to remove the broker servicesfrom a Linux deployment; for example:

v When you want to replace the WebSphere Event Broker configuration (possiblyto use different ports for the listeners)

v When you are uninstalling WebSphere MQ and WebSphere Event Broker, andyou want to be sure you are leaving a clean configuration

1. Log on to the server hosting WebSphere MQ and WebSphere Event Broker asroot.

2. Remove the broker services as follows:

a. Open the Message Broker Command Console..

b. Navigate to the directory where you installed WebSphere Event Broker.c. Stop the message broker with the following command:

su - mqsi -c "mqsistop broker_name"

For example:

su - mqsi -c "mqsistop BRKR_SCCS"

d. Delete the message broker with the following command:

mqsideletebroker broker_name

For example:

mqsideletebroker BRKR_SCCS

e. Stop the configuration manager with the following command:

su - mqsi -c "mqsistop config_manager_name"

For example:

su - mqsi -c "mqsistop CMGR_SCCS"

f. Now delete the configuration manager with the following command:

mqsideleteconfigmgr config_manager_name -n

For example:

mqsideleteconfigmgr CMGR_SCCS -n

You will see a confirmation:


You can verify that the broker has been removed by ensuring that it nolonger appears in the results when you run the following command:

mqsilist

3. Remove the queue manager as follows:

a. Open a terminal and navigate to the root of the WebSphere MQ installation.

a. Stop the queue manager with the following command:

su - mqsi -c"/opt/mqm/bin/endmqm queue_manager_name"

For example,

su - mqsi -c"/opt/mqm/bin/endmqm sccs.queue.manager"




You will see a confirmation message:

Quiesce request accepted.The queue manager will stop when all outstanding work is complete.

b. Delete the queue manager with the following command:

dltmqm queue_name

For example:

dltmqm sccs.queue.manager


WebSphere MQ queue manager 'sccs.queue.manager' deleted.

4. Still on the same server, remove the data source for WebSphere Event Broker asfollows:

a. Open the ODBC Tool by clicking Start → Programs → Administrative Tools →DataSources (ODBC).

b. Click the System DSN - System Data Sources tab.

c. Select the datasource that you created for WebSphere Event Broker, and thenclick Remove.

5. On the IBM DB2 server, open a DB2 Command Window and drop the databasethat stores WebSphere Event Broker data.

Note: Make sure the database is not in use; all users must be disconnectedfrom the database before the database can be dropped.

For example, if your database is called BRKRDB:

DB2 DROP DATABASE BRKRDB

Removing broker services on WindowsIn some situations, you may want to remove broker services from a server whereyou install IBM WebSphere MQ and WebSphere Event Broker. Removing brokerservices involves deleting the queue manager, the configuration manager, the

broker itself, and the database tables used for storing associated information.

Before you begin

There are several situations in which you may want to remove the broker servicesfrom a Microsoft Windows deployment; for example:

v When you want to replace the WebSphere Event Broker configuration (possiblyto use different ports for the listeners)

v When you are uninstalling WebSphere MQ and WebSphere Event Broker, andyou want to be sure you are leaving a clean configuration

1. Log on to the server hosting WebSphere MQ and WebSphere Event Broker asthe Windows system administrator.

2. Remove the broker services as follows:

a. Open the Message Broker Command Console by clicking Start → Programs →IBM Websphere Message Broker 6.0 → Command Console.

b. Navigate to the directory where you installed WebSphere Event Broker.

For example:

\Program Files\IBM\MQSI\6.0

c. Stop the message broker with the following command:

- mqsistop broker_name

For example:

- mqsistop BRKR_SCCS




d. Delete the message broker with the following command:

mqsideletebroker broker_name

For example:

mqsideletebroker BRKR_SCCS

e. Stop the configuration manager with the following command:

- mqsistop config_manager_name

For example:

- mqsistop CMGR_SCCS

f. Now delete the configuration manager with the following command:

mqsideleteconfigmgr config_manager_name -n

For example:

mqsideleteconfigmgr CMGR_SCCS -n

You will see a confirmation:


You can verify that the broker has been removed by ensuring that it nolonger appears in the results when you run the following command:

mqsilist3. Next, remove the queue manager as follows:

a. Open a command prompt and navigate to the root of the WebSphere MQinstallation.

For example:


b. Stop the queue manager with the following command:

endmqm queue_manager_name

For example,

endmqm sccs.queue.manager

You will see a confirmation message:Quiesce request accepted.The queue manager will stop when all outstanding work is complete.

c. Delete the queue manager with the following command:

dltmqm queue_name

For example:

dltmqm sccs.queue.manager


WebSphere MQ queue manager 'sccs.queue.manager' deleted.

4. Still on the same server, remove the data source for WebSphere Event Broker as

follows:a. Open the ODBC Tool by clicking Start → Programs → Administrative Tools →

DataSources (ODBC).

b. Click the System DSN - System Data Sources tab.

c. Select the datasource that you created for WebSphere Event Broker, and thenclick Remove.

5. Now move to the IBM DB2 server, open a DB2 Command Window and dropthe database that stores WebSphere Event Broker data.




Note: Make sure the database is not in use; all users must be disconnectedfrom the database before the database can be dropped.

For example, if your database is called BRKRDB:

DB2 DROP DATABASE BRKRDB

Uninstalling Lotus Sametime Advanced

Remove IBM Lotus Sametime Advanced and IBM WebSphere Application Serverfrom your computer.

About this task

The procedure for uninstalling Lotus Sametime Advanced and IBM WebSphereApplication Server vary, depending on the operating system that hosts yourinstallation and the type of uninstall you want to run:

Results

Uninstalling a Lotus Sametime Advanced archive installation onLinux

Uninstall a version of IBM Lotus Sametime Advanced (and IBM WebSphereApplication Server) that was originally installed using the archive installationprogram on a Linux server.

Before you begin

If you have previously run the archive installer on your computer, you mustuninstall it and remove associated directories before deploying a new version of Lotus Sametime Advanced.

About this task

Follow the steps below to uninstall the archive.

1. Log in to the computer as root.

2. Stop IBM WebSphere Application Server by running the following command:

./stopServer.sh server1

Verify that the server has stopped before proceeding to the next step:

ps -ef | grep java


v Navigate to the following directory: /opt/IBM/WebSphere/STAdvServer/

v Mount the ApplianceWare DVD and then navigate to the following directory:cd /Applianceware/uninstall

4. Run the uninstall program:

./uninstall.sh

The uninstallation logs will be created and stored in the /tmp/sccsUnInstall.log file.

5. Clean out the following files and directories using the following command:

rm -rf directory_or_file

For example:

rm -rf /opt/.ibm

v /opt/IBM




v /opt/.ibm

v /opt/IBMIHS

v /root/InstallShield

v /root/vpd.properties

v /sbin/insserv

v /tmp/db2*

v /tmp/stadv

6. Restart the computer.

Uninstalling Lotus Sametime Advanced from the console on anysupported platformUse the console to uninstall IBM Lotus Sametime Advanced on any supportedplatform.

About this task

Follow these steps to uninstall Lotus Sametime Advanced; IBM WebSphereApplication Server is removed at the same time.


2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bindirectory.

3. Delete the following file:

WAS_Install_Dir/profiles/ST_Advanced_Profile/logs/server1/server1.pid

4. Stop WebSphere Application server by running one of the following commands:



v Windows

stopServer.bat server1



6. Now navigate to the StAdv_Install_Dir/_uninst directory and start theuninstall program by running one of the following commands:


./uninstall.bin -console

v Windows

uninstall.exe -console

7. At the "Select a language" prompt, type the number that represents thelanguage you want the console uninstaller to use (for example, type "1" forEnglish), and then press Enter.

8. At the "Welcome" screen, type "1" to select the uninstall option.

9. Finally, type the number indicating the "uninstall" option to uninstall LotusSametime Advanced.

Uninstalling Lotus Sametime Advanced with the graphicaluninstaller on AIX, Linux, SolarisUninstall the version of IBM Lotus Sametime Advanced (and IBM WebSphereApplication Server) that was originally installed using the graphical interface on aLinux server.




About this task

Follow these steps to uninstall Lotus Sametime Advanced; WebSphere ApplicationServer is removed at the same time.


2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bin

directory.3. Stop WebSphere Application server by running the following command:


4. Now navigate to the StAdv_Install_Dir/_uninst directory.

5. Start the Uninstall program by running the following command:

./uninstaller.bin

6. When the Uninstall program starts, select a language.

7. On the Welcome screen, click Next.

8. Click Uninstall to begin uninstalling files.

9. If you encounter problems during the uninstall process, follow these steps tomanually remove any remaining files:

a. Navigate to the folder where you installed WebSphere Application Server.b. Navigate to the /uninstall subfolder, and run uninstaller.bin

(WebSphere Application Server's own uninstall program).

c. Delete the following file:


d. Delete the following directory:

/root/InstallShield/Universal/common/Gen2/_vpddb


Results

Note: If the uninstall operation was not successful, look at the two uninstall logsfor more information about what occurred:

v ST_Advanced_Install_Dir/logs/uninstall.log

v ST_Advanced_Install_Dir/logs/uninstall_optional.log

Uninstalling Lotus Sametime Advanced with the graphicaluninstaller on WindowsUninstall IBM Lotus Sametime Advanced and IBM WebSphere Application Serverfrom a Microsoft Windows server.

About this task

Follow these steps to uninstall Lotus Sametime Advanced; WebSphere ApplicationServer is removed at the same time.

1. Log in to your computer as the system administrator.

2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir\bindirectory.

3. Stop WebSphere Application server by running the following command:


4. Click Start → Control Panel → Add/Remove Programs → IBM SametimeAdvanced Server → Change/Remove.

5. When the Uninstall program starts, select a language.




6. On the Welcome screen, click Next.

7. Click Uninstall to begin uninstalling files.

8. If you encountered problems during the uninstall process, follow these stepsto manually remove any remaining files:

a. Open Windows Explorer and navigate to the folder where you installedWebSphere Application Server.

b. Navigate to the \uninstall subfolder, and double-click uninstaller.exe torun the WebSphere Application Server's own uninstall program.

Note: You may find that some folders cannot be deleted automatically because the paths are too long; the next step explains how to delete thosefolders manually; for example, you may need to delete the following file:

WAS_Install_Dir\profiles\ST_Advanced_Profile\logs\server1\server1.pid

c. Now delete the following folder:

C:\Program Files\Common Files\InstallShield\Universal\common\Gen2\_vpddb

9. If you encountered problems deleting directories with long paths, you canremove folders manually by navigating partway to them and deleting thepaths incrementally.

For example, you can delete these two exceptionally long paths by followingthe steps below (notice that the beginning of these paths are the same untilthey diverge below the \cells folder):

C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\config\cells\SalesTeamCell\applications\Lotus Sametime Advanced Application.ear\deployments\Lotus Sametime Advanced Application\skilltap.ws.war\WEB-INF\classes\WebContent\wsdl\com

and

C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\config\cells

\SalesTeamCell\applications\Lotus Sametime Advanced Application.ear\deployments\Lotus Sametime Advanced Application\community.management.

webservices.war\WEB-INF\wsdla. Move the %WAS_HOME%\profiles\ST_Advanced_Profile\config\cells folder

to the C: drive.

b. Delete the folder C:\cells.

c. Then delete the folder %WAS_HOME%\profiles\ST_Advanced_Profile\config.


Results

Note: If the uninstall operation was not successful, look at the two uninstall logsfor more information about what occurred:

v ST_Advanced_Install_Location\logs\uninstall.log

v ST_Advanced_Install_Location\logs\uninstall_optional.log

Uninstalling Lotus Sametime Advanced silently on anysupported platformUninstall IBM Lotus Sametime Advanced silently on any supported platform.

About this task

Follow these steps to uninstall Lotus Sametime Advanced; IBM WebSphereApplication Server is removed at the same time.





2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bindirectory.

3. Stop WebSphere Application server by running one of the following commands:


./stopServer.sh server1v Windows




5. Now navigate to the StAdv_Install_Dir/_uninst directory and start theuninstall program by running one of the following commands:


./uninstall.bin -silent

v Windows

uninstall.exe -silent

The silent uninstallation begins immediately.

Uninstalling Lotus Sametime Advanced from the Lotus SametimeConnect clientUsers can uninstall the IBM Lotus Sametime Advanced plug-ins from their IBMLotus Sametime Connect clients.

1. Log in to the Lotus Sametime Connect client.

2. Click Tools → Plug-Ins → Manage Plug-ins .

3. In the Application Management dialog, expand the sametime_connect/shared/eclipse directory.

4. Press the CTRL key, and select the following plug-ins:

v Broadcast Suite Feature time_stampv Instantshare Feature time_stamp

v Sametime Advanced Core Feature time_stamp

v Sametime Advanced Plugin Customization Feature time_stamp

v Sametime Chat Feature Advanced Patch time_stamp

v Sametime Chat Rooms Feature time_stamp

5. Right-click on an item that you selected, and click Uninstall. You are promptedto confirm and to restart before the changes are applied.




Chapter 4. Upgrading

Upgrade the servers in an IBM Lotus Sametime Advanced deployment.

About this task

The upgrade procedure varies according to the type of deployment:

Upgrading Lotus Sametime Advanced on a single server

Upgrade a single-server deployment of IBM Lotus Sametime Advanced.

Before you begin

If you installed Lotus Sametime Advanced on Linux using the archive installer,you cannot "upgrade" it but must run a new installation instead, as described in

the "Installing" section of this documentation.

About this task

To upgrade any other instance of a single Lotus Sametime Advanced server (onany supported platform), complete the following tasks in the sequence shown:

Upgrading WebSphere Event BrokerUpgrade the previously installed instance of IBM WebSphere Event Broker.

About this task

The procedure for upgrading the WebSphere Event Broker application varies withthe operating system:

Upgrading WebSphere Event Broker on AIX, Linux, SolarisUpgrade the previous instance of IBM WebSphere Event Broker installed on IBMAIX, Linux, or Solaris.

About this task

Follow the steps below to upgrade an installed instance of WebSphere EventBroker.

Note: If you are upgrading a broker collective (within a WebSphere MQ cluster),follow the steps below for each broker node in the collective.


a. Log in to the server as root.

b. Download the appropriate update_stadv801_Eb script for your operatingsystem from the CD1\SupportingFiles\EB-V60-image directory.





2. Add the commons-httpclient-contrib-3.1.jar file to the CLASSPATHstatement in the .profile of the user account that will start and stop the brokerservices (this enables that user to properly start the message flow and accessthe broker database):


export CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/AddBroker.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/SametimePlusExits.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-codec-1.3.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-3.1.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-logging-1.1.jar;CLASSPATH=$CLASSPATH: mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar

if [ -f /home/db2inst1/sqllib/db2profile ]; then. /home/db2inst1/sqllib/db2profile

fi

where mqsi_install_path is the absolute path to your WebSphere Event Brokerinstall location; for example:

/opt/ibm/mqsi/6.0


mqsistop BRKR_SCCS


4. Still in the Broker Command Console, navigate to the directory where youdownloaded the upgrade script (for example: CD1\SupportingFiles\EB-v60-image\) and run the broker update script:

./update_stadv801_EB.sh -stadvserver host_name - userid service_user_id

where:

v -stadvserver host_name indicates the host name of the Lotus Sametime

Advanced server

v - userid service_user_id indicates the ID used when you created the BrokerService

For example:

./update_stadv801_EB.sh -stadvserver sales3.acme.com -userid mqsi


5. Enable a secure connection (using SSL) between the Broker and IBMWebSphere Application Server by editing the /var/mqsi/exitSetting.ini fileand modifying the following URLs to use "https" protocol:

vservletURL:

servletURL=https://sales3.acme.com:443/cas/oc

v jsecurityURL:

jsecurityURL=https://sales3.acme.com:443/stadvanced/j_security_check

6. Finally, restart the broker services as follows (substitute the name of your own broker in the commands):


mqsistop BRKR_SCCS

b. Sart the broker with the following command:




mqsistart BRKR_SCCS


Upgrading WebSphere Event Broker on WindowsUpgrade the previous instance of IBM WebSphere Event Broker installed onMicrosoft Windows.

About this task

Follow the steps below to upgrade an installed instance of WebSphere EventBroker.

Note: If you are upgrading a broker collective (within a WebSphere MQ cluster),follow the steps below for each broker node in the collective.



b. Download the appropriate update_stadv801_Eb script for your operatingsystem from the CD1\SupportingFiles\EB-V60-image directory.


2. Add the commons-httpclient-contrib-3.1.jar file to the CLASSPATHstatement in the .profile of the user account that will start and stop the brokerservices (this enables that user to properly start the message flow and accessthe broker database):


existing_classpath_values;%MQSIINSTALLPATH%\classes\AddBroker.jar;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar

;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar




mqsistop BRKR_SCCS


4. Still in the Broker Command Console, navigate to the directory where youdownloaded the upgrade script (for example: CD1\SupportingFiles\EB-v60-image\) and run the broker update script:

Note: The command below has been formatted to fit for readability but youmust type it all on a single line.

update_stadv801_EB.bat -stadvserver host_name- userid service_user_id -mqsiinstallpath EventBroker_installation_path

where:

Chapter 4. Upgrading 125



v -stadvserver host_name indicates the host name of the Lotus SametimeAdvanced server.

v - userid service_user_id indicates the ID used when you created the BrokerService.

v -mqsiinstallpath EventBroker_installation_path indicates the path where youinstalled WebSphere Event Broker.

For example:update_stadv801_EB.bat -stadvserver sales3.acme.com

-userid administrator -mqsiinstallpath C:\Program Files\IBM\MQSI\6.0


5. Enable a secure connection (using SSL) between the Broker and IBMWebSphere Application Server by editing the exitSetting.ini file andmodifying the following URLs to use "https" protocol:

v servletURL:

servletURL=https://sales3.acme.com:443/cas/oc

v jsecurityURL:

jsecurityURL=https://sales3.acme.com:443/stadvanced/j_security_check

6. Finally, restart the broker services as follows (substitute the name of your own broker in the commands):


mqsistop BRKR_SCCS

b. Sart the broker with the following command:

mqsistart BRKR_SCCS


Upgrading the Lotus Sametime Advanced applicationThere are several ways you can upgrade the IBM Lotus Sametime Advancedapplication.

Before you begin

Choose a method for upgrading the Lotus Sametime Advanced applicationsoftware on a single server:

Upgrading Lotus Sametime Advanced with the graphicalinterface on any supported platformRun the graphical installation program to upgrade the IBM Lotus SametimeAdvanced application on any supported platform. The installer detects the existingversion of Lotus Sametime Advanced and offers you the option of upgrading it.

About this task

Follow these steps to upgrade an existing installation of Lotus SametimeAdvanced:

1. Log on to the Lotus Sametime Advanced server as the Windows administrator(Microsoft Windows) or as root (AIX, Linux, Solaris).

2. Stop the Lotus Sametime Advanced server.






4. Navigate to the folder where you stored the downloaded files for LotusSametime Advanced and start the upgrade by running one of the followingcommands to launch the graphical installer:

v

AIX, Linux, Solaris./install.sh

v Windows

install.bat



The installer detect the existing Lotus Sametime Advanced deployment on thisserver, prompts for an upgrade, which is the only option for a server where theapplication is already installed.

7. At the "An existing Sametime Advanced server was found" screen, clickUpgrade an existing instance of Sametime Advanced server, modify thelocation in the "Select Directory" field if needed, and then click Next.

8. At the "The IBM Lotus Sametime Advanced server is ready to upgrade" screen,review the settings before clicking Install.

If necessary, you can change a setting by clicking Back.

9. At the "the wizard successfully installed Sametime Advanced server on yourcomputer" screen, click Finish.

Upgrading Lotus Sametime Advanced silently on any supportedplatformRun the silent upgrade program for the IBM Lotus Sametime Advancedapplication on any supported platform.

About this task

Follow these steps to silently upgrade an existing installation of Lotus SametimeAdvanced:

1. Log on to the Lotus Sametime Advanced server as the Windows administrator(Microsoft Windows) or as root (AIX, Linux, Solaris).

2. Stop the Lotus Sametime Advanced server.


Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document posted at the following Web address:www.ibm.com/support/docview.wss?rs=477&uid=swg24018149

.4. Edit the STAdvanced_Install.rsp response file and set values for the following

variables:




Option Description

UpgradeLocation The path to the root of the existing LotusSametime Advanced installation that you areupgrading; for example:

C:/IBM/WebSphere/STAdvServer

The upgrade location must be the same as

the installation root's location.

Upgrade true

5. Open a command window and run the following command:

$V(CD_LOCATION)/WAS/install –options $V(RSP_LOCATION)/STAdvanced_Install.rsp -silent

6. When the upgrade finishes, verify it by checking the logs:

v C:/IBM/WebSphere/STAdvServer /installlog.txt

Verify that the "Return Code" has a value of 0 to indicate a successfulupgrade; for example:

(Apr 22, 2008 5:06:05 AM), stadv, null, msg2, StdOut : ADMU3200I:Server launched. Waiting for initialization status.

(Apr 22, 2008 5:07:35 AM), stadv, null, msg2, StdOut : ADMU3000I:Server server1 open for e-business; process id is 20010(Apr 22, 2008 5:07:35 AM), stadv, null, msg2, Return code = 0

v You may also want to review the log: C:\Documents andSettings\Administrator\Local Settings\Temp\stadv\logs\wizard_installlog.txt

Results

If the upgrade failed, you should check the following settings in thewizard_installlog.txt listed above, and correct them as needed before tryingagain:

v The Lotus Sametime Advanced version setting should be "8.0" before the

upgrade beginsFor example, this message shows an incorrect version setting:

(May 13, 2008 12:12:25 PM), stadv, com.installshield.wizard.service.LocalWizardServices,err, convertVerStrToVerIntArray method called : version : 8.0.1.0

(May 13, 2008 12:12:25 PM), stadv, com.ibm.sametime.advserver.install.CheckVPDRegistry,err, The installed Sametime Advanced server version must be a versionsupported for upgrade.

v The Lotus Sametime Advanced server cannot be running during the upgrade

This message indicates that the server was still running when the upgrade began, which caused the upgrade to fail:

(May 13, 2008 12:12:25 PM), stadv, err, The installed Sametime Advanced serverhas running servers. Stop all active application servers before upgrading

vThe upgrade location must be the same as the installation root's location.This message indicates that the current instance of Lotus Sametime Advancedcould not be found at the specified upgrade location; this is probably due to anincorrect location being specified in the response file.

(May 13, 2008 12:12:25 PM), stadv, err, Unable to locate a Sametime Advanced serverat “C:/IBM/WebSphere/STAdvServer”

Upgrading Lotus Sametime Advanced in a cluster

Upgrade the installed instances of IBM Lotus Sametime Advanced on every nodein a cluster.




Before you begin

The upgrade procedure is essentially the same whether the Deployment Managerand Primary Node share a computer or reside on separate computers – both typesof deployment are supported for upgrade.

About this task

Complete the tasks below to upgrade the cluster:

Upgrading the Deployment ManagerUpgrade the instance of IBM Lotus Sametime Advanced installed on a networkdeployment's Deployment Manager.

About this task

Follow these steps to upgrade the Deployment Manager:

1. Log on to the Deployment Manager as the IBM WebSphere ApplicationServices administrator.

2. Stop the Deployment Manager.

3. Stop the node agent on Primary Node.

4. Stop the application server on Primary Node.

5. Download the appropriate packages for your operating system, and extractthe files.



v AIX, Linux, Solaris./install.sh

v Windows

install.bat



The installer detect the existing Lotus Sametime Advanced deployment on thisserver, prompts for an upgrade, which is the only option for a server wherethe application is already installed.

9. At the "An existing Sametime Advanced server was found" screen, click

Upgrade an existing instance of Sametime Advanced server, modify thelocation in the "Select Directory" field if needed, and then click Next.

10. At the "The IBM Lotus Sametime Advanced server is ready to upgrade"screen, review the settings before clicking Install.


The installer detects that this is a Deployment Manager and upgradesaccordingly.





Upgrading the Primary NodeUpgrade the instance of IBM Lotus Sametime Advanced installed on a networkdeployment's Primary Node.

Before you begin

The node agent and the application server should already be stopped.

About this task

Upgrading the Primary Node is similar to upgrading the Deployment Manager:

1. Log on to the Primary Node as the IBM WebSphere administrator.




Sametime Advanced and start the upgrade by running one of the followingcommands to launch the graphical installer:


./install.sh

v Windows

install.bat



The installer detect the existing Lotus Sametime Advanced deployment on thisserver, prompts for an upgrade, which is the only option for a server where the

application is already installed.6. At the "An existing Sametime Advanced server was found" screen, click

Upgrade an existing instance of Sametime Advanced server, modify thelocation in the "Select Directory" field if needed, and then click Next.

7. At the "The IBM Lotus Sametime Advanced server is ready to upgrade" screen,review the settings before clicking Install.


The installer detects that this is a Primary Node and upgrades accordingly.


Upgrading a Secondary NodeUpgrade the instance of IBM Lotus Sametime Advanced installed on a networkdeployment's Secondary Node.

Before you begin

Complete this task for every Secondary Node in the cluster.




About this task

Upgrading a Secondary Node is similar to upgrading the Deployment Managerand the Primary Node:

1. Log on to the Deployment Manager as the IBM WebSphere administrator.

2. Stop the node agent on this Secondary Node.

3. Stop the application server on this Secondary Node.4. Download the appropriate packages for your operating system, and extract

the files.




./install.sh

v Windows

install.bat



The installer detect the existing Lotus Sametime Advanced deployment on thisserver, prompts for an upgrade, which is the only option for a server wherethe application is already installed.

8. At the "An existing Sametime Advanced server was found" screen, clickUpgrade an existing instance of Sametime Advanced server, modify thelocation in the "Select Directory" field if needed, and then click Next.

9. At the "The IBM Lotus Sametime Advanced server is ready to upgrade"

screen, review the settings before clicking Install.If necessary, you can change a setting by clicking Back.

The installer detects that this is a Secondary Node and upgrades accordingly.


Upgrading Enterprise Applications on the DeploymentManager

After upgrading the installed instance of IBM Lotus Sametime Advanced on eachnode in the cluster, upgrade the Enterprise Applications (EAR files) on theDeployment Manager.

Before you begin

Make sure you have upgraded the Lotus Sametime Advanced instance on everynode in the cluster before beginning this task.

1. Start the Deployment Manager.

2. Start the node agent on the Primary Node.

3. Start the application server on the Primary Node.

4. On the Primary Node, log in to the Deployment Manager's IntegratedSolutions Console as the WebSphere Application Services administrator.




This must be done from the Primary Node so that EAR files can be copied tothis computer, where they are physically stored.

5. In the console, expand Applications and click on Enterprise Applications.

6. In the list of "Enterprise Applications", select an application to upgrade byclicking it, and complete the following steps for each application:

You will upgrade these applications:

v Location Servicev Lotus Sametime Advanced Application

v Was-At Service

7. Click the Update button.

8. In the "Preparing for the application installation" panel, complete thefollowing steps to replace the application:

a. Select the Replace the entire Application option.

b. Select the Local file system option, browse to the path shown below, andselect the replacement EAR file; then click Next.

Table 2. Applications and their corresponding EAR files

Application EAR fileLocation Service NLS5EAR.ear

Lotus Sametime Advanced Application orgcollab.ear-8.0.ear

Was-At Service WALS5EAR.ear

The EAR file is located in the Primary Node's Sametime Advanced folder,in the following location:

STAdvanced_HOME\SametimeAdvServerOffering\SametimeAdvServer\STAdvanced\orgCollab\installableApps

For example,

IBM AIX, Linux, Solaris

/opt/IBM/WebSphere/STAdvServer/SametimeAdvServerOffering/SametimeAdvServer/STAdvanced/orgCollab/installableApps

Microsoft Windows

C:\IBM\WebSphere\STAdvServer\SametimeAdvServerOffering\SametimeAdvServer\STAdvanced\orgCollab\installableApps

c. In the next screen, accept the default settings, and click Next.

d. In the application-specific screen that appears next, locate the "Modules"section on the right, and click the Manage Modules link.

e. In the "Manage Modules" screen, locate the list of modules in the lowerhalf of the page, and click the Select box next to each of the application'smodules.

f. Now move to the Clusters and Servers list in upper half of the page, and

click the name of your cluster (for example, "STAdvanced_Cluster") to setthe scope to the cluster.

g. Click Apply, and verify that the selected cluster name appears in the"Server" column of the modules table in the lower half of the screen.

h. Click OK to confirm the setting.

i. Complete this process for each of the applications listed at the beginning of this step.

9. Back on the Applications → Enterprise Applications screen, check the statusof the applications you just upgraded, to make sure they are all running:




v Location Service

v Lotus Sametime Advanced Application

v Was-At Service

10. Set the DB2 environment variables as follows:

a. In the Deployment Manager's Integrated Services Console, clickEnvironment → WebSphere Variables.

b. Click on the variable DB2UNIVERSAL_JDBC_DRIVER_PATH andchange the value to: ${WAS_LIBS_DIR} to point to the WebSphere lib files.

For example, in Windows, the WAS_LIBS_DIR variable would point to:

C:/IBM/WebSphere/AppServer/lib

c. Now click on the variable DB2_JDBC_DRIVER_PATH and assign it thesame value.

d. Modify those two variables for all scopes: cell , node, cluster.

11. Restart the cluster.

Upgrading Lotus Sametime Advanced clients

After you upgrade IBM Lotus Sametime Advanced, upgrade the clients so they canaccess new features.

Before you begin

Users can access Lotus Sametime Advanced features using either the LotusSametime Connect client, or the Lotus Notes® client. Existing users can access newfeatures through an update site that you set up on a server. New users can installthe Lotus Sametime Advanced client along with the Lotus Sametime Connect clientor Lotus Notes client.

About this task

The tasks below provide instructions for distributing the newest Lotus SametimeAdvanced client features to all of these users:

Providing an update site for clientsProvide an update site on the HTTP server that allows Lotus Sametime Connectclients to install plugins and features for Lotus Sametime Advanced.

Before you begin

Note: If you used the archive installation program on Linux, the update site wasset up for you during installation and you can skip this task.

Before beginning this task, make sure you have installed and configured thefollowing applications and their prerequisite components:

v Lotus Sametime Standard


v IBM HTTP Server

1. Make sure you have downloaded the appropriate files to the computer whereyou will install the Lotus Sametime Advanced Client Update site.










The Sametime Advanced Client plugins are packaged with the SametimeAdvanced Server, in the AdvUpdateSite directory.

2. Copy sametime.advanced.update.site.zip to a local folder on the computerthat will host the update site.

3. Navigate to the http document root folder for IBM HTTP Server.

Typically, the folder is located in the Program Files\IBM\HTTPServer\htdocs\

locale folder; for example, on Windows:C:\Program Files\IBM\HTTPServer\htdocs\en_US

If you do not know the folder's name or location, check the httpd.conf filelocated inC:\Program Files\IBM\HTTPServer\conf.

4. Create a subfolder called updatesite.

5. In this new folder, unzip sametime.advanced.update.site.zip.

Now that the update site is posted, you should test it with the following steps.

6. Check the folder structure on your HTTP server:

a. The update folders should be located under the http document root folder.

For example:

C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\

b. The updatesite folder should contain the following:

v site.xml

v plugins

v features

7. Start the HTTP server and use a Web browser to connect to the update URL:http://server_host/updatesite/site.xml.

For example:

http://stadv.acme.com/updatesite/site.xml

Make sure the contents of the site.xml file are displayed.

What to do next

After you have verified the update site, you must edit the plugin_customization.inifile with the IBM Lotus Sametime Advanced default settings for Lotus SametimeConnect client preferences. See the next topic.

Setting up Sametime default client preferences for SametimeAdvancedThe plugin_customization.ini configuration file lets you customize the IBM LotusSametime Advanced default settings for Lotus Sametime Connect clientpreferences. You can set the Lotus Sametime Advanced server names and portnumbers for all your users in this file. You can also use this to deploy clients tohave consistent behavior so that all users have a similar experience with Lotus

Sametime Advanced. This method does not force the settings to stick; it simply setsthe default setting.

About this task

You edit the plugin_customization.ini file incom.ibm.collaboration.realtime.advanced.preferences.feature with the defaultpreferences that you want. The feature should then be posted on a Lotus SametimeAdvanced update site for the Lotus Sametime clients to download. When a newclient logs in, it finds the new customization feature and downloads it, and mergesthe contents of the plugin_customization.ini with the existing one. The client




restarts and reads the new preferences. The client never downloads the featureagain since it has already been installed. Every time the client starts, theplugin_customization.ini preferences are read.

The following steps explain how to update the plugin_customization.ini file.

1. On your HTTP server, unzip the feature jar file.

For example:C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\features\com.ibm.collaboration.realtime.advanced.preferences.feature_8.0.0.time_stamp.jar

2. Modify or replace the plugin_customization.ini file so that it contains theSametime Advanced server host names, port numbers, and any other pluginpreferences that you want. A preference has to be entered into the file with thefull path: plugin_id/ propertyName = propertyValue .

Note: The code below has been formatted for readability. For descriptions of the following preferences, click the topic, "Sametime Advanced clientpreferences" after the last step in this procedure.For example:

#Set the Advanced broadcast server host name

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=stv_server.mycompany.com

#Set the Advanced broadcast server portcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=80#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=

server.mycompany.com#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=

eb_server.mycompany.com#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506#Use SSL while connecting to the server? Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false

3. Repackage the feature. Make sure the version in the feature.xml and site.xmlreference the correct version of the file. If this is not the first time provisioningthis feature, increment the feature version of the jar file. For example:

<site><feature url="features/com.ibm.collaboration.realtime.advanced.preferences.

feature_8.0.0.time_stamp.jar"id="com.ibm.collaboration.realtime.advanced.preferences.feature"version="8.0.0"><category name="Other" />

</feature><category-def name="Other" label="Other" />

</site>

4. On the IBM HTTP server, navigate to your update site folder, for example:

C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite5. Copy your jar file to the update site.

Lotus Sametime Advanced client preferences:

The following table contains the IBM Lotus Sametime Advanced preferences forthe Lotus Sametime Connect client that are set by administrators in theplugin_customization.ini file.




Entry Description

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=

Required. Fully qualified IBM WebSphere ApplicationServer host name, for example: sales.acme.com(resides on the same computer as Lotus SametimeAdvanced).

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=

Required. Lotus Sametime Advanced server portnumber.

com.ibm.collaboration.realtime.bcs/sametimeCommunityServer

Required. Default Lotus Sametime community hostname. This is the server users log in to for awarenessand chat.

com.ibm.collaboration.realtime.bcs/ broadcastToolsServerName=

Required. Fully qualified WebSphere Event Brokerserver host name.

com.ibm.collaboration.realtime.bcs/ broadcastToolsServerPort=

Required. WebSphere Event Broker server portnumber

com.ibm.collaboration.realtime.bcs/useHTTPS=false

If you are using SSL while connecting to the server,set to true. If you are using HTTP set to false.

com.ibm.collaboration.realtime.bcs/

advancedServerConnectionType=

Connection type to connect to the Lotus Sametime

Advanced server. Set to 0 for a direct connection tothe server. Set to 1 to connect through a reverse proxy.

com.ibm.collaboration.realtime.bcs/ broadcastServerConnectionType=

Connection type to connect to the Broadcast toolsserver. Set to 1 for a direct connection to the server.Set to 2 to connect using SSL (HTTPS) Set to 3 to usereverse proxies.

com.ibm.collaboration.realtime.bcs/useHttpProxy=

Set to true if you are using an HTTP forward proxy,otherwise set it to false.

com.ibm.collaboration.realtime.bcs/proxyHost=

Enter the proxy IP address or host name if you areusing a HTTP proxy, otherwise leave it blank.

com.ibm.collaboration.realtime.bcs/proxyPort=

Enter the HTTP proxy port to which you areconnecting.

com.ibm.collaboration.realtime.bcs/proxyUserName=

Enter the user name if the HTTP proxy requires onefor authentication, otherwise leave it blank.

com.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=

Enter the reverse proxy base URL to use if connectingthrough a reverse proxy. For example:http://mycompany.com/mycontext. Leave blankotherwise.

com.ibm.collaboration.realtime.bcs/reverseProxyUserName=

Enter the reverse proxy user name if the proxy isauthenticating. Leave blank if you are not usingreverse proxies.

com.ibm.collaboration.realtime.bcs/ jmsProtocol=disthub

Internal protocol for connecting to WebSphere EventBroker. Enter disthub (no SSL) or disthubs (with SSL).

com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000

Time allowed in milliseconds for awareness names toresolve.

com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=true

Prohibits licensing to users and groups with wildcardcharacters in their names.

com.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=true

Alert users when a new open community is created.

com.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=true

Alert users when a new moderated community iscreated.

com.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=true

Alert users when a new private community is created.




Entry Description

com.ibm.collaboration.realtime.bcs/ blockBroadcastOnDoNotDisturb=true

Blocks broadcasts when user has set client to "Do notdisturb".

com.ibm.collaboration.realtime.bcs/ blockBroadcastOnInMeeting=false

Blocks broadcast when user is in a meeting.

com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true

Alert users when a chat room has a new member.

com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=true

Blocks chat room notifications when user has setclient to "Do not disturb".

com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false

Blocks chat room notifications when user is in ameeting.

com.ibm.collaboration.realtime.bcs/ broadcastServerUserIdType=email

Set to "email" to use the Sametime ID's emaildirectory field. You need to use the same propertyvalue to log in to both the Sametime client andSametime Advanced.

Setting Sametime policies for your update siteWhen you set up your IBM Lotus Sametime Advanced update site, you need tospecify policies on the Sametime Standard server for how users will get the LotusSametime Advanced plugins as well as updates.

Before you begin

Before you begin, you should have installed the HTTP server and set up an updatesite on the server.

About this task

There are two methods for pushing updates to users:

v Automatic Updates: Administrators can provision new or updated LotusSametime Advanced plugins to their clients in a "push" mode so that all clientsuse the same set of features. The push method enables the client to receiveupdates automatically whenever he or she logs in to Lotus Sametime Connect.

v Optional Updates: Administrators can also provide new Lotus SametimeAdvanced features to their clients as an option. With the optional method, theuser is notified that updates are available when logging in to the LotusSametime Connect client. The user selects which updates to install, if any.

1. Log in to Lotus Sametime at http://<sametime_host_name>/stcenter.nsf.

2. Under Administration tools, click Administer the server.

3. Click Policies.

4. Click a policy that is available to Lotus Sametime Advanced users. You can alsocreate a policy exclusively for Lotus Sametime Advanced users. You mightwant to do this if Advanced users are a subset of Sametime users or if you planan maintaining separate update sites on the Sametime and Sametime advancedservers.

5. If you want to set up automatic updates, then add the update site URL to theSametime update site URL field. If you already have an existing update site inthe URL, for example for Sametime Standard users, then you can add anadditional URL for Sametime Advanced separated by a semicolon or a comma.

http://<sametime_host_name>/updatesite,http://<stadvanced_host_name>/updatesite




6. If you want to set up an optional updates, then add the update site URL in theSametime optional add-on site URLs field.

http://<stadvanced_host_name>/updatesite

7. Click OK.

Installing client software

To complete your IBM Lotus Sametime Advanced deployment, install theappropriate client software on each end-user computer.

Before you begin

There are two types of client you may want to install:

v Lotus Sametime Connect client

This client runs as an application on the end-user's computer to access LotusSametime Standard features. After you set up the Lotus Sametime Advancedupdate site, users can install new features available with Lotus SametimeAdvanced and use them within the Lotus Sametime Connect client.

If users have not installed the Connect client yet, you can modify the installation

kit and insert the Lotus Sametime Advanced client right into it, so that users caninstall both clients at once.

v Lotus Sametime Advanced embedded client for Lotus Notes users

This client can be installed as an addition to the Lotus Notes client, allowingusers to access Lotus Sametime Advanced features from within the Lotus Notesuser interface.

About this task

Select the topic that reflects the type of client you wish to deploy to your users:

Distributing the Lotus Sametime Advanced client to Lotus

Sametime Connect usersThe IBM Lotus Sametime Advanced client works with the Lotus Sametime Connectclient to provide additional features to Lotus Sametime users.

Before you begin

Before distributing the Lotus Sametime Connect client to users, you can add theLotus Sametime Advanced client into the installation kit to ensure users haveaccess to features of both products.

Note: Adding the Lotus Sametime Advanced client into the Connect client'sinstallation kit uses difference procedures for Lotus Sametime 8 and LotusSametime 8.0.1, so be sure to follow the correct set of instructions for this task:

Adding the Lotus Sametime Advanced client to the Lotus Sametime Connectclient installation kit:

If users have not installed the IBM Lotus Sametime Connect client yet, you canmodify the installation kit and insert the Lotus Sametime Advanced client rightinto it, so that users can install both clients at once.




Before you begin

Note: Adding the Lotus Sametime Advanced client into the Lotus SametimeConnect client's installation kit uses difference procedures for different releases of Lotus Sametime Connect, so be use the correct set of instructions for this task:

Lotus Sametime Connect 8.0 client installation kit: adding in the Lotus Sametime

Advanced 8.0 client:

If your deployment still uses IBM Lotus Sametime release 8.0, use the instructionsin this topic to distribute the IBM Lotus Sametime Advanced 8.0 client them byinserting it directly into the Lotus Sametime Connect client installation kit. Thismethod requires the user to run the Lotus Sametime Connect client installation,and the Lotus Sametime Advanced client is installed at the same time.

About this task

Add the Lotus Sametime Advanced 8.0 client to the Lotus Sametime 8.0 Connectclient installation kit by completing the following steps:

1. (Linux only) Complete the following two tasks:

a. Install Lotus Sametime Standard 8.0 using the following command:

rpm -ivh path_to_rpm

b. Install Lotus Sametime Advanced 8.0 using the following command:


2. Add the Lotus Sametime Advanced client plugin features to the installmanifest.

a. Open the install_pkg_root/deploy/install.xml file for editing.

b. Search this file for the feature whose ID is com.ibm.swt.xulrunner.feature,and change the version tag on this feature to 3.2.0.v200803071645.

c. Add the following plugin features, included in the Lotus Sametime

Advanced 8.0 client plugin update site, to the bottom of the install.xml filedirectly after the last </installfeature> closing tag:

Note: The statements below have been formatted for readability.

<installfeature id="SametimeAdvanced" required="true"><requirements><feature id="com.ibm.collaboration.realtime.core.advanced.feature"

version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.rtc.web.utils.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.chat.feature.patch.advanced"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.broadcast.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.rtcadapter.feature.patch"version="8.0.0.20080322-1214" match="compatible" download-size="3" size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.instantshare.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.location.patch.advanced"





</requirements></installfeature>

3. Add the Lotus Sametime Advanced 8.0 features to the install updateSite.

a. Copy the "features" from the Lotus Sametime Advanced 8.0 client pluginupdate site into the "features" directory inside the install_pkg_root/

updateSite folder.b. Copy the "plugins" from the Lotus Sametime Advanced 8.0 client plugin

update site into the "plugins" directory inside the install_pkg_root/updateSite folder.

c. Add each feature element from the Lotus Sametime Advanced 8.0 clientplugin update site's site.xml file to the install_pkg_root/updateSite/site.xml file, after the last </feature> tag:


<featureurl="features/com.ibm.collaboration.realtime.

core.advanced.feature_8.0.0.20080322-1214.jar"id="com.ibm.collaboration.realtime.core.advanced.feature"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><feature

url="features/com.ibm.rtc.web.utils.feature_8.0.0.20080322-1214.jar"

id="com.ibm.rtc.web.utils.feature"version="8.0.0.20080322-1214"><category name="platform"/>

</feature><feature

url="features/com.ibm.collaboration.realtime.chatrooms.feature_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.0.20080322-1214">

<category name="sametimeAdvanced"/></feature><feature

url="features/com.ibm.collaboration.realtime.chat.feature.patch.advanced_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.chat.feature.patch.advanced"version="8.0.0.20080322-1214">


url="features/com.ibm.collaboration.realtime.broadcast.feature_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.broadcast.feature"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><featureurl="features/com.ibm.collaboration.realtime.rtcadapter.

feature.patch_8.0.0.20080322-1214.jar"id="com.ibm.collaboration.realtime.rtcadapter.feature.patch"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><feature

url="features/com.ibm.collaboration.realtime.instantshare.feature_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.instantshare.feature"version="8.0.0.20080322-1214">





url="features/com.ibm.collaboration.realtime.location.patch.advanced_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.location.patch.advanced"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><category-def name="sametimeAdvanced" label="Sametime Advanced Components"/>

d. Locate the tag whose ID is com.ibm.swt.xulrunner.feature; change the"url" tag on this feature to be features/com.ibm.swt.xulrunner.feature_3.2.0.v200803071645.jar and the "version"tag on this feature to be 3.2.0.v200803071645.

4. Edit the install_pkg_root/_deploy/plugin_customization.ini file, and addthe following install settings to the bottom of the file:

You can customize the settings as needed.

#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=#Set the Advanced broadcast server port

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=#Use SSL while connecting to the server? Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --# 0 = Direct connection to the server# 1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=

#Connection type to connect to the broadcast tools server.#Set to one of the following values --#1 = Direct connection to the server#2 = Use SSL (HTTPS)#3 = Use reverse proxiescom.ibm.collaboration.realtime.bcs/broadcastServerConnectionType=

#Set to true if using a HTTP forward proxy;false, otherwise.com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy; Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication.#Leave blank otherwise.com.ibm.collaboration.realtime.bcs/proxyUserName=

#Set the reverse proxy base URL to use if connecting via a reverse proxy.#Leave blank otherwise.#Eg. http://mycompany.com/mycontextcom.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=#Set the reverse proxy user name if the proxy is authenticating.#Leave blank if not using reverse proxiescom.ibm.collaboration.realtime.bcs/reverseProxyUserName=com.ibm.collaboration.realtime.bcs/jmsProtocol=disthubcom.ibm.collaboration.realtime.bcs/groupServicePath=

/cas/services/GroupMemberServicecom.ibm.collaboration.realtime.bcs/skilltapServicePath=




/skilltapws/servlet/rpcroutercom.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=truecom.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=false

com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false#Set to "email" to use the Sametime Id's email directory fieldcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType=

Note: The following two statements from the example above were split to fiton the page; you should enter them each as one statement:v com.ibm.collaboration.realtime.bcs/groupServicePath=

/cas/services/GroupMemberServicev com.ibm.collaboration.realtime.bcs/skilltapServicePath=

/skilltapws/servlet/rpcrouter

Lotus Sametime Connect 8.0.1 client installation kit: adding in the Lotus Sametime

Advanced 8.0.1 client:

Distribute the IBM Lotus Sametime Advanced 8.0.1 client to Lotus Sametime 8.0.1Connect users by inserting it directly into the Lotus Sametime Connect clientinstallation kit. This method requires the user to run the Lotus Sametime Connectclient installation, and the Lotus Sametime Advanced client is installed at the sametime.

About this task

Add the Lotus Sametime Advanced 8.0.1 client to the Lotus Sametime 8.0.1Connect client installation kit by completing the following steps:


a. Install Lotus Sametime Standard 8.0.1 using the following command:


b. Install Lotus Sametime Advanced 8.0.1 using the following command:


2. Add the Lotus Sametime Advanced 8.0.1 client plugin features to the installmanifest.


b. Locate each of the IDs listed in the table, and update the corresponding"version" tag to match the one provided in the table:

ID Version

com.ibm.swt.xulrunner.feature 3.2.0.v200805151900

com.ibm.collaboration.realtime.browser.xul.feature 8.0.1.20080606-2005

com.ibm.collaboration.realtime.browser.feature 8.0.1.20080606-2005

com.ibm.collaboration.realtime.location.feature 8.0.1.20080606-2005

com.ibm.rtc.web.utils.feature 8.0.1.20080606-2005

c. Add the following plugin features, included in the Lotus SametimeAdvanced 8.0.1 client plugin update site, to the bottom of the install.xmlfile directly after the last </installfeature> closing tag:







<feature id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.1.20080606-2005" match="compatible" download-size="3"

size="3" action="install" shared="false"/><feature id="com.ibm.collaboration.realtime.broadcast.feature"




3. Add the Lotus Sametime Advanced 8.0.1 features to the install updateSite.

a. Copy the "features" from the Lotus Sametime Advanced 8.0.1 client pluginupdate site into the "features" directory within the install_pkg_root/updateSite folder.

b. Copy the "plugins" from the Lotus Sametime Advanced 8.0.1 client pluginupdate site into the "plugins" directory within the install_pkg_root/updateSite folder.

c. Add each feature element from the Lotus Sametime Advanced 8.0.1 clientplugin update site's site.xml file to the install_pkg_root/updateSite/site.xml file, after the last </feature> tag:


<featureurl="features/com.ibm.collaboration.realtime.core.advanced.

feature_8.0.1.20080606-2005.jar"id="com.ibm.collaboration.realtime.core.advanced.feature"version="8.0.1.20080606-2005">

<category name="sametimeAdvanced"/></feature><feature url="features/com.ibm.collaboration.realtime.chatrooms.

feature_8.0.1.20080606-2005.jar"id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.1.20080606-2005"><category name="sametimeAdvanced"/>

</feature><feature



</feature><feature


id="com.ibm.collaboration.realtime.instantshare.feature"version="8.0.1.20080606-2005"><category name="sametimeAdvanced"/>

</feature>

<category-def name="sametimeAdvanced" label="Sametime Advanced Components"/>

d. Locate each of the IDs listed in the table within the install_pkg_root/updateSite/site.xml file, and update the corresponding "url" and "version"tags to match those provided in the table:




ID URL Version

com.ibm.swt.xulrunner.feature

features/com.ibm.swt.xulrunner.feature_3.2.0.v200805151900.jar

3.2.0.v200805151900

com.ibm.collaboration.realtime.browser.xul.

feature

features/com.ibm.collaboration.realtime.browser.xul.

feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.collaboration.realtime.browser.feature

features/com.ibm.collaboration.realtime.browser.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.collaboration.realtime.location.feature

features/com.ibm.collaboration.realtime.location.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.rtc.web.utils.feature

features/com.ibm.rtc.web.utils.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005



#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=#Set the Advanced broadcast server portcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=#Use SSL while connecting to the server?#Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --#0 = Direct connection to the server#1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=#Connection type to connect to the broadcast tools server.#Set to one of the following values --#1 = Direct connection to the server#2 = Use SSL (HTTPS)#3 = Use reverse proxiescom.ibm.collaboration.realtime.bcs/broadcastServerConnectionType=

#Set to true if using a HTTP forward proxy;false, otherwise.

com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy;#Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication.#Leave blank otherwise.com.ibm.collaboration.realtime.bcs/proxyUserName=

Downloading and Installing the Lotus Sametime Connect Client:




IBM Lotus Sametime users communicate with the server and each other using theLotus Sametime Connect Client software.

Before you begin

Users can download and install the Lotus Sametime Connect client themselvesfrom the Lotus Sametime Welcome page, using the procedures listed here. You

may want to distribute these instructions for downloading and installing the LotusSametime Connect client to your end users.

About this task

To install the Lotus Sametime connect client files from your server, follow thesesteps:

1. Using a Web browser, open the Sametime Welcome page (stcenter.nsf) on yourSametime server.

For example, if your Sametime server host name is stserver.com, you open:

http://stserver.com/stcenter.nsf

2. Click Download Lotus Sametime Connect Client. The "Welcome to the IBM

Lotus Sametime Connect Client Download Site" page appears.

3. Click Install Now.

Once all files have been downloaded, the actual client installation begins:

v On Microsoft Windows and Apple Mac, the client installer will display.Follow the instructions in the installer and enter the required information tocomplete the installation.

v On Linux, the RPM installer will run automatically.

Note: If there are problems running the client installer, or if you want to installat a later time, click Save on the "Welcome to the IBM Lotus Sametime ConnectClient Download Site" page. This will bring you to a downloads page whereyou can select the operating system of the installer you wish to save. Thedownloads page includes instructions for downloading the installer for lateruse.

4. Download plugins for Lotus Sametime Advanced.

Connect to the update site that was set up during IBM HTTP Serverconfiguration and download the Sametime Advanced Client features. Forexample:

http://stadvdev.lotus.com/updatesite/site.xml

What to do next

Now you can use the Lotus Sametime Connect client and experience the newfeatures provided by Lotus Sametime Advanced.

Distributing the Lotus Sametime Advanced embedded client toLotus Notes usersThe IBM Lotus Sametime Advanced embedded client works with IBM Lotus Notesusers to provide Lotus Sametime Advanced features within the Lotus Notesenvironment.




Before you begin

There are two ways to distribute the Lotus Sametime Advanced embedded clientto Lotus Notes users: you can add the embedded client to the Lotus Notes clientinstallation program so the user can choose it as an option during Lotus Notesinstallation, or you can use IBM Lotus Expeditor to provision Lotus Notes with theembedded client so that you can add the embedded client to existing Lotus Notes

clients.

About this task

Select the method that best suits your needs:

Adding the Lotus Sametime Advanced client to the Lotus Notes clientinstallation kit:

Distribute the Lotus Sametime Advanced embedded client to Lotus Notes users byinserting the embedded client directly into the Lotus Notes client installation kit.This method requires the user to run the Lotus Notes client installation, and offersthem the option of installing the Lotus Sametime Advanced client at the same

time.

Before you begin

For more information on modifying the Lotus Notes client installation kit, searchon "Customizing the Notes install kit" in the Lotus Domino 8 Administrationinformation center.

About this task

Add the Lotus Sametime Advanced embedded client to the Lotus Notesinstallation kit by completing the following steps:

1. Place a copy of the Lotus Sametime Advanced Update site in the root directoryof the Lotus Notes installation kit.

2. Modify the installation kit's deploy\plugin_customization.ini file.

This is the base version of the plugin_customization.ini file included in theLotus Notes client installation. Append the settings below to this file,modifying them as needed to match the settings used in your organization. Forexample, you will want to include the host name of the Lotus SametimeAdvanced server as well as MQ Broker details.

#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=sales3.acme.com#Set the Advanced broadcast server portcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=1234#Set the Advanced broadcast server community host name

com.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=test.mul.ie.ibm.com#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=4321#Use SSL while connecting to the server? Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --# 0 = Direct connection to the server# 1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=


http://publib.boulder.ibm.com/infocenter/domhelp/v8r0/index.jsp




#Set to true if using a HTTP forward proxy;false, otherwise.

com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy; Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication. Leave blank otherwise.com.ibm.collaboration.realtime.bcs/proxyUserName=

#Set the reverse proxy base URL to use if connecting via a reverse proxy.#Leave blank otherwise.#Eg. http://mycompany.com/mycontextcom.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=#Set the reverse proxy user name if the proxy is authenticating.#Leave blank if not using reverse proxiescom.ibm.collaboration.realtime.bcs/reverseProxyUserName=com.ibm.collaboration.realtime.bcs/jmsProtocol=disthubcom.ibm.collaboration.realtime.bcs/groupServicePath=/cas/services/GroupMemberServicecom.ibm.collaboration.realtime.bcs/skilltapServicePath=/skilltapws/servlet/rpcroutercom.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=truecom.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=falsecom.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false#Set to "email" to use the Sametime Id's email directory fieldcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType=

3.Modify the installation kit's deploy\install.xml file to include Lotus SametimeAdvanced.

The install.xml file defines what actually gets installed when the installationprogram runs; add in the reference to Lotus Sametime Advanced bycustomizing the code below and appending it to the "install" node of theinstall.xml file.

Note: The code below has been formatted for readability; each statement isenclosed in < and > markers.

<installfeature default="false" description="Sametime Advanced 8.0.1" id="STAdvanced"name="Sametime 8.0.1 Advanced" required="false" show="true" version="build_version">

<requirements><feature url="jar:${installer.root}/update_sitefile.zip!/"

id="com.ibm.rcp.xulrunner.runtime.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.core.advanced.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.chatrooms.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"

id="com.ibm.collaboration.realtime.instantshare.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.location.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.broadcast.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.browser.xul.feature"version="build_version" match="perfect" shared="true"/>


Modify the following attributes for your deployment:

a. In the following statement, replace build_version with the actual version being installed:

<installfeature default="false" description="Sametime Advanced"id="STAdvanced" name="Sametime 8.0 Advanced" required="false" show="true" version="build_version"

b. For every feature element, modify the url attribute with the path to thesource of the Lotus Sametime Advanced update site.

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.rcp.xulrunner.runtime.feature"version="3.2.0.v200803071645" match="perfect" shared="true"/>

For example, the placeholder URL:

"jar:${installer.root}/update_sitefile.zip!/"

will change to something like this:

"jar:${installer.root}/sametime.advanced.embedded.update.site.20080515-1743.signed.zi

c. For every feature element, modify the version="8.0.1.x" attribute with theactual version of the ID contained within the site.xml file for LotusSametime Advanced.

The site.xml is contained within the update.zip file; the version attribute isthe same and can be copied from thesite.xml file.

4. Linux only: In the install.xml file, comment out the following feature

Note: This feature is contained within the "Platform.XPD.linux" feature.

com.ibm.rcp.xulrunner.runtime.feature

This example shows the com.ibm.rcp.xulrunner.runtime.feature featurecommented out:



Results

During installation of the Lotus Notes client, the user will be offered the choice of additionally installing the Lotus Sametime Advanced embedded client.

Provisioning the Lotus Sametime Advanced client for existing Lotus Notesclients:

Distribute the IBM Lotus Sametime Advanced embedded client by provisioning itfor existing IBM Lotus Notes users. This method assumes that the user has alreadyinstalled the Lotus Notes client, and uses IBM Lotus Expeditor to enableprovisioning.



About this task

Provision the Lotus Sametime Advanced embedded client for the Lotus Notesinstallation kit by completing the following steps:

1. Download the appropriate provision-advanced provisioning script for youroperating system (.sh or .bat) to the computer where you will set upprovisioning.


2. Create an installation manifest file using the template below.

The manifest defines what will be installed to the Lotus Notes clients; add inthe reference to Lotus Sametime Advanced by customizing the code below andsaving the file in XML format; for example, using by naming the filestadvanced_manifest.xml.


WindowsUse the following template:

<?xml version="1.0" encoding="UTF-8"?><ibm-portal-composite><domain-object name="com.ibm.rcp.installmanifest"><object-data><install>

<installfeature id="sametime-advanced" required="true" mergeaction="add"><requirements><feature url="jar:file:path-to-update-site.zip!/"


<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.core.advanced.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.chatrooms.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.instantshare.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.location.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.broadcast.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.browser.xul.feature"version="build_version" match="perfect" shared="true"/>


</install></object-data></domain-object></ibm-portal-composite>

Linux

Use the following template:






id="com.ibm.rcp.xulrunner.runtime.feature"version="build_version" match="perfect" shared="true"/><feature url="jar:file:path-to-update-site.zip!/"

id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>







</requirements><installfeature id="Platform.XPD.linux" required="true">

<requirements><feature action="install" id="com.ibm.rcp.xulrunner.runtime.feature" match="perfect"shared="true" url="jar:file:path-to-update-site.zip!/" version="build_version"/>


</install>

</object-data></domain-object></ibm-portal-composite>

In the manifest template, modify the following attributes for your deployment:

a. For every feature element, modify the url attribute with the path to thesource of the Lotus Sametime Advanced update site.

<feature url="jar:file:/path-to-update-site.zip!/"id="com.ibm.swt.xulrunner.feature"version="3.2.0.v200803071645" match="perfect" shared="true" action="install"/>


"jar:file:/path-to-update-site.zip!/"


"jar:file:/C:\install-adv\update.zip!/"

Note: The manifest cannot accept a path containing embedded spaces.

b. For every feature element, modify the version="8.0.1.x" attribute with theactual version of the ID contained within the site.xml file for LotusSametime Advanced.

The site.xml is contained within the update.zip file; the version attribute isthe same and can be copied from thesite.xml file.

3. Now install and activate the embedded client for each Lotus Notes user asfollows:




a. Copy the stadvanced_manifest.xml manifest file, the appropriateprovision-advanced provisioning script for the computer's operatingsystem, and the Lotus Sametime Advanced update site into a singledirectory on the Lotus Notes client computer.

The provisioning scripts assume that all of these files are located in thesame directory.

b. Log in to the Lotus Notes client computer as a Windows Administrator(Windows) or as root (Linux).

c. On the Lotus Notes client computer, run the provision-advancedprovisioning script with the following parameters:

Linux

./provision-advanced.sh stadvanced_manifest.xml Notes_install_path

Example:

./provision-advanced.sh stadvanced_manifest.xml /opt/ibm/lotus/notes

Windows

provision-advanced.bat stadvanced_manifest.xml "Notes_install_path"

Note: If the path contains spaces, enclose it in quotation marks.

Example:

provision-advanced.bat stadvanced_manifest.xml C:\Notes

d. (Linux only) Activate the Lotus Sametime Advanced features by runningthe following script:

Note: The user should be logged in as usual, you do not need to log in asroot to run the script.

./user-provision.sh Notes_install_path

For example:

./user-provision.sh /opt/ibm/lotus/notes

If Lotus Notes is open, the Lotus Notes splash screen appears while the

change is taking place, then Lotus Notes restarts. If Lotus Notes is closed,the splash screen is followed by a progress meter, which disappears oncethe update is complete.

The next time the user launches Lotus Notes, the Lotus Sametime Advancedembedded client will be available for use.

e. Repeat for each Lotus Notes user.




Chapter 5. Configuring

Configure connections and security in an IBM Lotus Sametime Advanceddeployment.

About this task

Complete the configuration tasks in the order shown here:

Finishing the deployment

After you have installed your prerequisite components and IBM Lotus SametimeAdvanced, complete your deployment by configuring your LDAP directory,installing IBM HTTP Server as your Web server, connecting to an IBM LotusSametime Server, and setting up clients.

About this task Finish deploying Lotus Sametime Advanced by completing these tasks:

Supporting connections on port 80Configure either a proxy server or an HTTP server to support connections betweenclients and the IBM Lotus Sametime Advanced server over port 80.

About this task

For performance reasons, the IBM HTTP server has a limit of around 2000concurrent connections; this may be insufficient when you are supportingpersistent chats with Lotus Sametime Advanced. For deployments involving morethan 2000 simultaneous users, it is recommended that you use a WebSphereApplication Server Proxy server instead of an HTTP server.

Installing a WebSphere Application Server proxy serverAn IBM WebSphere Application Server proxy server operates with WebSphereApplication Server to provide Web access for concurrent users in a largedeployment. This is recommended over using IBM HTTP server because IBMLotus Sametime Advanced persistent chats will use up many of the 2000connections supported by HTTP server and be insufficient for your user base.

Before you begin

For performance reasons, the IBM HTTP server has a limit of around 2000concurrent connections; this may be insufficient when you are supportingpersistent chats with Lotus Sametime Advanced. For deployments involving morethan 2000 simultaneous users, it is recommended that you use a WebSphereApplication Server proxy server instead of an HTTP server.

It is recommended that you deploy Lotus Sametime Advanced in a cluster, even if it only contains a single node, as it will be easier to later add additional nodes. If you did not set up a single-node cluster, you can still configure a proxy serverprovided a deployment manager is managing the node with a single server; youwill simply configure the proxy server to direct traffic to that server. Note that the




proxy server is similar to other nodes in a cluster in that it is difficult to install onenode inside the DMZ while other nodes are not. Because of this, the proxy willneed to be in the same zone as the cluster's other nodes.

Verify that the following requirements are satisfied:

v The Lotus Sametime Advanced WebSphere cluster is fully configured andoperational

v The WebSphere Application Server Network Deployment software is installed onthe node that will run the proxy server

v That target note is in the same zone as the cluster's other nodes

v The node agent is running on that target node

v Lotus Sametime Advanced is running on that target node

v The IBM HTTP server is not running on that target node

About this task

Follow these steps to configure the WebSphere Application Server proxy server:

1. On the target node, log in to the Integrated Solutions Console as a WebSphere

Application Server administrator.2. Click Proxy Servers → New, and select the node from the list.

3. Type a name for the new proxy server and click Next.

4. On the "Support Protocols" page, leave HTTP and SIP selected, leave Generateunique ports selected; click Next.

5. On the "Template" page, leave http_sip_proxy_server selected; click Next.

6. Verify that the proxy server is functioning by using a browser to access theSametime Advanced application with the URL: http:// proxy_server_name/stadvanced.

7. To install an update site, either deploy an HTTP server on a different node, orinstall a WebSphere Application Server update site application on the cluster.

Installing HTTP Server to support connections on port 80IBM HTTP Server operates with IBM WebSphere Application Server to provideWeb access for IBM Lotus Sametime Advanced.

Before you begin

For performance reasons, the IBM HTTP server has a limit of around 2000concurrent connections; this may be insufficient when you are supportingpersistent chats with Lotus Sametime Advanced. For deployments involving morethan 2000 simultaneous users, it is recommended that you use a WebSphereApplication Server Proxy server instead of an HTTP server.

About this task

You install and configure IBM HTTP Server in two stages as described below:

Installing the IBM HTTP Server application:

IBM Lotus Sametime Advanced uses IBM HTTP Server to provide an update sitewhere Lotus Sametime clients can access plug-ins and features for Lotus SametimeAdvanced.




Before you begin

For additional information on installing IBM HTTP Server, see the "IBM HTTPServer for WebSphere Application Server" help in the IBM WebSphere ApplicationServer information center at:

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp

About this task

Follow these steps to install IBM HTTP Server on the Lotus Sametime Advancedcomputer.


2. Download the appropriate Edge Components package for your operatingsystem and extract the files. The Edge Components package contains aninstaller for installing the IBM HTTP Server.


3. Navigate to the directory where you stored the downloaded file.

4. Run the HTTP Server installation program with the following command:

AIX, Linux, Solaris

./install

Windows

install.exe


6. At the "Software License Agreement" screen, accept the license agreement andclick Next.

7. At the "System prerequisites check" screen, make sure your server has passed

the check, and click Next.If your server did not pass, you must install the missing prerequisites beforeyou can install HTTP server.

8. At the "Enter the install location" screen, browse the directory where you wantto install HTTP server, and then click Next.

9. At the "Port Values Assignment" screen, accept the default port settings byclicking Next.

10. (Windows) At the "Windows Service Definition" screen, do one of thefollowing before clicking Next:

v Accept the default settings to install as a service, and enter the Windowssystem administrator's user name and password.

v Click "Log on as a local system account".

Note: If your company's security policy does not allow for services to runas the local system user, change the log-on properties of the Windowsservices to an account that is authorized to run these services.

11. At the "HTTP Administration Server Authentication" screen, provide theappropriate user name and password for IBM HTTP Administration Server.

You will be prompted for these credentials during the configuration task; forexample, you might enter httpadmin as the user name and passw0rd as thepassword.

Chapter 5. Configuring 155



12. (AIX, Linux, Solaris) At the "Set up HTTP Administration Server" screen,provide the operating system user and group information that you want theadministration server to run as, and then click Next.

This will create a new user and group on the system.

13. At the "IBM HTTP Server Plug-in for WebSphere Application Server" screen,do the following:

a. Click Install the IBM HTTP Server Plug-in for WebSphere ApplicationServer.

b. Enter a unique name for the Web server definition; the suggested namefor your Lotus Sametime Advanced deployment is stadvhttp.

You will be prompted for this name when configuring the HTTP Server inthe next task.

c. Enter your fully qualified host name for the Application Server.

d. Click Next.

14. At the "Installation Summary" screen, review the settings and then click Next;then wait for the installation to complete.

15. At the "Success" screen, click Finish.

Configuring WebSphere Application Server for use with HTTP Server:

Configure IBM WebSphere Application Server to interact with IBM HTTP Server.

About this task

Follow these steps to configure the IBM WebSphere Application Server with HTTPServer. You will work on the server where you installed IBM Lotus SametimeAdvanced and IBM WebSphere Application server.

1. On the Lotus Sametime Advanced server, log in to the Integrated SolutionsConsole using a WebSphere Application Server administrator account:

The Web address resembles this but depends on your host name and port:

http://hostname_or_IPaddress:9060/ibm/console

For example:


2. Click Servers → Web servers → New and use the Create new Web serverdefinition wizard to create the Web server definition.

3. Enter the Web server properties:

a. Server name: stadvhttp

This is the name you assigned to the Web Server in when you installed theHTTP Server application.

b. Type: IBM HTTP Server

c.Host name: the fully qualified name name of the server where IBM HTTPserver is installed

d. Platform: operating_system

e. Click Next

f. Web server template: IHS

g. Click Next

h. Enter properties for new Web server: accept default settings and provide thecredentials for the IBM HTTP Administrative Server (which you createdwhen you installed IBM HTTP Server).




Before you begin

Make sure you have a supported LDAP directory installed. If you alreadyconfigured the LDAP connection while installing Lotus Sametime Advanced, skipthis task. Otherwise, configure the connection now using one of the followingoptions:

Configuring the LDAP connection without SSLIf you chose not to configure your LDAP connection while installing IBM LotusSametime Advanced, you must do it now.

Before you begin

This procedure describes how to configure a connection to an LDAP directorywithout using SSL (secure socket layer).

Note: Lotus Sametime Advanced must use the same LDAP server/directory as theLotus Sametime Standard server.

About this task

If you configured your LDAP connection during Lotus Sametime Advancedinstallation, these steps were completed for you as part of that process and you canskip this task. Otherwise, make sure that both the LDAP server and the LotusSametime Advance are running.

1. On the Lotus Sametime Advanced server, enter your LDAP settings in theorgCollab.properties file:

a. On the Lotus Sametime Advanced server, navigate to theSametimeAdvServer\STAdvanced\orgCollab\orgCollab folder within yourLotus Sametime Advanced installation.

For example:

IBM AIX, Linux, Solaris

/opt/IBM/WebSphere/STAdvServer/SametimeAdvServerSTAdvanced/orgCollab/orgCollab/orgCollab.properties

Microsoft Windows

C:\Program Files\IBM\WebSphere\STAdvServer\SametimeAdvServer\STAdvanced\orgCollab\orgCollab

b. Edit the orgCollab.properties file and locate the "LDAP Configuration"section, which begins with this header:

##################################################### Please modify following properties if you are configuring LDAP later# (with or without SSL enablement)####################################################

c. Enter the following values in the "LDAP Configuration" section:




LDAP settings in the orgCollab.properties file when you do not use SSL

Entry Description Example

orgCollab.LDAPServerType=

The type of LDAP server to beused for WebSphere; possiblevalues are:

v SECUREWAY

v IDS4v IDS51

v IDS52

v IDS6

v ZOSDS

v DOMINO5

v DOMINO6

v DOMINO65

v DOMINO7

v NDS

v SUNONE

v AD2000v AD2003

v ADAM,CUSTOM

orgCollab.LDAPServerType=IDS6

orgCollab.HostName=orgCollab.LDAP_port=

Specify the LDAP host name andport to enable SametimeAdvanced Server to connect toLDAP.

orgCollab.HostName=bluepages.ibm.com

orgCollab.LDAP_port=389

orgCollab.isAnonymousBind=

Select authenticated access if youwant to provide anauthentication identify, or chooseanonymous access only.

orgCollab.isAnonymousBind=true

or

For Authenticated AccessorgCollab.isAnonymousBind=false

orgCollab.loginProperties=

Determine the value of theAttribute of the person entrythat defines the internal ID of aSametime user field in the LotusSametime Standard STConfig.nsf file. If it has a value, then matchit in orgCollab.loginProperties. If it is empty, do not change it, andthen specify an LDAP attributein orgCollab.loginProperties thatit is appropriate for logging in toLotus Sametime Advanced atyour site.

orgCollab.loginProperties=mail

d. Save and close the orgCollab.properties file.

2. Navigate to the \bin directory within your IBM WebSphere Application Serverinstallation.


Open a terminal and navigate to:

/opt/IBM/WebSphere/AppServer/bin

v Windows

Open a command prompt and navigate to:





3. Run the following command (type it all on one line):


wsadmin.sh -lang jython -user user_name -password password-f "STAdv_install_location\ConfigLDAPLater.py""STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/

orgCollab/orgCollab.properties""BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"

v Windowswsadmin.bat -lang jython -user user_name -password password

-f "STAdv_install_location\ConfigLDAPLater.py""STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/


where:

v user_name and password are the WebSphere Application Server administrator'suser name and password.

v STAdv_install_location is the path where you installed Lotus SametimeAdvanced on this computer.

v %Base_DN% is the LDAP Base Distinguished Name. Use "Base_DN=" for an

empty Base DN value.v %LDAP_Bind_DN% is the LDAP bind distinguished name. Usee

"BIND_DN=" for Anonymous access to the LDAP.

v %LDAP_Bind_Pwd% is the LDAP bind password. Use "BIND_PWD=" forAnonymous access to the LDAP.

For example (remember that you must type it all on one line):

AIX, Linux, Solaris

wsadmin.sh -lang jython -user wasadmin -password mypassw0rd-f "/opt/IBM/WebSphere/STAdvServer/ConfigLDAPLater.py""/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer/STAdvanced/orgCollab/

orgCollab/orgCollab.properties""BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"

Windowswsadmin.bat -lang jython -user wasadmin -password mypassw0rd

-f "C:\Program Files\IBM\WebSphere\STAdvServer\ConfigLDAPLater.py""C:\Program Files\IBM\WebSphere\STAdvServe\SametimeAdvServer\

STAdvanced\orgCollab\orgCollab\orgCollab.properties""BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"

4. Add attributes to the "wimconfig.xml" file as follows:

a. Navigate to the following directory:

WAS_install_location\profiles\ profile_name\config\cells\cell_name\wim\config

b. Make a backup copy of the wimconfig.xml file.

c. Now open the wimconfig.xml for editing.

d. In the file, search for the following statements:

<config:attributeConfiguration><config:attributes name="userPassword" propertyName="password" />

e. Add the following statements right below the ones you located:

<config:attributes name="EMAIL_FIELD" propertyName="mail"/><config:attributes name="LOGIN_FIELD" propertyName="loginField"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes><config:attributes name="DISPLAY_NAME " propertyName="displayName"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes>

where




v EMAIL_FIELD should have the value "mail"

v LOGIN_FIELD is the name of the login field required by the ldap search base (for example, "mail" or "cn")

v DISPLAY_NAME is the name of the display field of the LDAP's search base (for example, "cn")

Here's an example of the new section with those values filled in:

<config:attributes name="mail" propertyName="mail"/><config:attributes name="mail" propertyName="loginField"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes><config:attributes name="cn" propertyName="displayName"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes>

f. Save and close the file.

5. Still in the WebSphere Application Server installation's \bin directory, stop andstart WebSphere Application Server:

This stops and restarts both WebSphere Application server and Lotus SametimeAdvanced:



./startServer.sh server1

v Windows

stopServer.bat server1startServer.bat server1

6. Now open the WebSphere Administrative console by clicking Start → AllPrograms → IBM WebSphere → Application Server Network Deployment V6.1→ Profiles → ST_Advanced_Profile → Administrative console.

7. In the console, click Security → Secure administration, applications, andinfrastructure → Federated repositories and verify that the "LDAP1" repositoryhas been created.

8. Verify that your LDAP connection is working by pointing a browser athttp://server_name:9080/stadvanced and logging in to Lotus SametimeAdvanced with a user account from the LDAP directory.

Configuring the LDAP connection with SSLIf you chose not to configure your LDAP connection while installing IBM LotusSametime Advanced, you must do it now. This section describes how to configurean LDAP connection with Secure Sockets Layer (SSL).

Before you begin

Before you begin, set up an LDAP server with SSL.

Note: Lotus Sametime Advanced must use the same LDAP server/directory as theLotus Sametime Standard server.

About this task

1. Copy the SSL certificate (certificate_name.arm) from the LDAP server to the\profiles\Default_profile\etc\ directory within your IBM WebSphereApplication Server installation.

For example:

v IBM AIX, Linux, Solaris:

Copy this file:




/opt/IBM/ldap/LDAP_cert_name.arm

To this directory:

/opt/IBM/WebSphere/AppServer/profiles/default_profile/etc/LDAP_cert_name.arm

v Microsoft Windows

Copy this file:

C:\IBM\ldap\LDAP_cert_name.arm

To this directory:

C:\Program Files\IBM\WebSphere\AppServer\profiles\default_profile\etc\LDAP_cert_name.arm

2. Navigate to the WebSphere Application Server installation's \bin directory,and stop the WebSphere Application Server (this also stops Lotus SametimeAdvanced):

v Windows


v AIX, Linux, Solaris:


3. Now open the WebSphere Administrative console by clicking Start → AllPrograms → IBM WebSphere → Application Server Network DeploymentV6.1 → Profiles → ST_Advanced_Profile → Administrative console.

4. In the console, click Security → SSL certificate and key management → Keystores and certificates → NodeDefaultTrustStore → Signer certificates. .

5. Click Add, and enter the following information:

Option Description

Alias Type the name you prefer for the trustcertificate.

File name Type the name of the *.arm file which iscopied into

\AppServer\profiles\default_profile\etc\

6. Click OK, and then click Save.

7. In the WebSphere Application Server installation's \bin directory, and startWebSphere Application Server:

v Windows

startServer.bat server1

v AIX, Linux, Solaris:


8. On the Lotus Sametime Advanced server, enter your LDAP settings in theorgCollab.properties file:

a. On the Lotus Sametime Advanced server, navigate to theSametimeAdvServer\STAdvanced\orgCollab\orgCollab folder within yourLotus Sametime Advanced installation.

AIX, Linux, Solaris

/opt/IBM/WebSphere/STAdvServer/SametimeAdvServerSTAdvanced/orgCollab/orgCollab/orgCollab.properties

Windows

C:\Program Files\IBM\WebSphere\STAdvServer\SametimeAdvServer\STAdvanced\orgCollab\orgCollab




b. Edit the orgCollab.properties file and locate the "LDAP Configuration"section, which begins with this header:

##################################################### Please modify following properties if you are configuring LDAP later# (with or without SSL enablement)####################################################

c. Enter the following values in the "LDAP Configuration" section:

LDAP settings in the orgCollab.properties file when you use SSL

Entry Description Example

orgCollab.LDAPServerType=

The type of LDAP server to beused for WebSphere; possiblevalues are:

v SECUREWAY

v IDS4

v IDS51

v IDS52

v

IDS6v ZOSDS

v DOMINO5

v DOMINO6

v DOMINO65

v DOMINO7

v NDS

v SUNONE

v AD2000

v AD2003

v ADAM,CUSTOM

orgCollab.LDAPServerType=IDS6

orgCollab.HostName=orgCollab.LDAP_port=

Specify the LDAP host name andport to enable SametimeAdvanced Server to connect toLDAP.

orgCollab.HostName=acme.com

orgCollab.LDAP_port=389

orgCollab.isAnonymousBind=

Select authenticated access if youwant to provide anauthentication identify, or chooseanonymous access only.

orgCollab.isAnonymousBind=true

or

For Authenticated AccessorgCollab.isAnonymousBind=false

orgCollab.loginProperties=

Determine the value of theAttribute of the person entrythat defines the internal ID of aSametime user field in the Lotus

Sametime Standard STConfig.nsf file. If it has a value, then matchit in orgCollab.loginProperties. If it is empty, do not change it, andthen specify an LDAP attributein orgCollab.loginProperties thatit is appropriate for logging in toLotus Sametime Advanced atyour site.

orgCollab.loginProperties=mail

orcCollab.sslenabled=

Set this variable to true if theLDAP server has SSL enabled.

orgCollab.sslenabled=true




d. Save and close the orgCollab.properties file.

9. Navigate to the \bin directory within your IBM WebSphere Application Serverinstallation.


Open a terminal and navigate to:

/opt/IBM/WebSphere/AppServer/binv Windows

Open a command prompt and navigate to:


10. Run the following command (type it all on one line):


wsadmin.sh -lang jython -user user_name -password password-f "STAdv_install_location\ConfigLDAPLater.py""STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/

orgCollab/orgCollab.properties" "BASE_DN=<%BASEDN%>""BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"

v Windows

wsadmin.bat -lang jython -user user_name -password password-f "STAdv_install_location\ConfigLDAPLater.py""STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/


Where:

v user_name and password are the WebSphere Application Serveradministrator's user name and password.

v STAdv_install_location is the path where you installed Lotus SametimeAdvanced on this computer.

v %Base_DN% is the LDAP Base Distinguished Name. Use "Base_DN=" for anempty Base DN value.

v %LDAP_Bind_DN% is the LDAP bind distinguished name. Usee"BIND_DN=" for Anonymous access to the LDAP.

v %LDAP_Bind_Pwd% is the LDAP bind password. Use "BIND_PWD=" forAnonymous access to the LDAP.

For example (remember, it must all be typed on one line):


wsadmin.sh -lang jython -user wasadmin -password mypassw0rd-f "/opt/IBM/WebSphere/STAdvServer/ConfigLDAPLater.py""/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer/STAdvanced/orgCollab/

orgCollab/orgCollab.properties""BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"

v Windows

wsadmin.bat -lang jython -user wasadmin -password mypassw0rd-f "C:\Program Files\IBM\WebSphere\STAdvServer\ConfigLDAPLater.py""C:\Program Files\IBM\WebSphere\STAdvServe\SametimeAdvServer\

STAdvanced\orgCollab\orgCollab\orgCollab.properties""BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"

11. Add attributes to the "wimconfig.xml" file as follows:

a. Navigate to the following directory:

WAS_install_location\profiles\ profile_name\config\cells\cell_name\wim\config

b. Make a backup copy of the wimconfig.xml file.

c. Now open the wimconfig.xml for editing.




d. In the file, search for the following statements:

<config:attributeConfiguration><config:attributes name="userPassword" propertyName="password" />

e. Add the following statements right below the ones you located:

<config:attributes name="EMAIL_FIELD" propertyName="mail"/><config:attributes name="LOGIN_FIELD" propertyName="loginField"><config:entityTypes>PersonAccount</config:entityTypes>

</config:attributes><config:attributes name="DISPLAY_NAME " propertyName="displayName"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes>

where

v EMAIL_FIELD should have the value "mail"

v LOGIN_FIELD is the name of the login field required by the ldap search base (for example, "mail" or "cn")

v DISPLAY_NAME is the name of the display field of the LDAP's search base (for example, "cn")

Here's an example of the new statements with those values filled in:

<config:attributes name="mail" propertyName="mail"/>

<config:attributes name="mail" propertyName="loginField"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes><config:attributes name="cn" propertyName="displayName"><config:entityTypes>PersonAccount</config:entityTypes></config:attributes>

f. Save and close the file.

12. Still in the WebSphere Application Server installation's \bin directory, stopand start WebSphere Application Server:

This stops and restarts both WebSphere Application server and LotusSametime Advanced:

v Windows

stopServer.bat server1startServer.bat server1




13. Now open the WebSphere Administrative console by clicking Start → AllPrograms → IBM WebSphere → Application Server Network DeploymentV6.1 → Profiles → ST_Advanced_Profile → Administrative console.

14. In the console, click Security → Secure administration, applications, andinfrastructure → Federated repositories and verify that the "LDAP1" repositoryhas been created.

15. Verify that your LDAP connection is working by pointing a browser at

http://server_name:9080/stadvanced and logging in to Lotus SametimeAdvanced with a user account from the LDAP directory.

Enabling group search for an LDAP directoryIf you plan on issuing licenses to groups of users, you should update thewimconfig.xml file. Updating this file lets you use IBM Lotus Sametime Advancedto search for groups in your LDAP directory.

1. Use a text editor to open the wimconfig.xml file here: was_home\profiles\ profile\config\cells\cell_node\wim\config\wimconfig.xml.




2. The following code sample is an example of a basic wimconfig.xml file that has been re-configured to search for groups. The appropriate values that have beenmodified are shown in italics. Update these values with the object class nameas defined within your LDAP directory.

<config:ldapEntityTypes name="Group"><config:objectClasses> groupOfUniqueNames</config:objectClasses>

</config:ldapEntityTypes>

<config:groupConfiguration><config:memberAttributes dummyMember="uid=dummy"

name="uniquemember" objectClass="groupOfUniqueNames"scope="direct"/>

</config:groupConfiguration>

Configuring a mail serverConfigure a mail server for use with an IBM Lotus Sametime Advanceddeployment.

About this task

Follow these steps to configure a mail server for the Lotus Sametime Advanced

deployment:1. Log in to the Integrated Solutions Console as an IBM WebSphere Application

Server administrator.

v In a single-server deployment, log in from the Lotus Sametime Advancedserver.

v In a clustered deployment, log in from the cluster's Deployment Manager.

2. Click Resources → Mail → Mail Sessions.

3. In the "Mail Sessions" screen, expand the Scope section and select a scope:

v In a single-server deployment the scope is a server, so select your serverfrom the list (for example: Node=node_name, Server=server1).

v In a clustered deployment the scope is a cluster, so select your cluster from

the list.4. In the table, click the New button to create a new mail session.

5. Fill out the new mail session form as follows:

On this form, some fields have information supplied already, which you canaccept or modify; you must provide values for the following fields:

Option Description

Name Type a name for the mail server; forexample: Sametime Mail Notifier

JNDI Name Provide an associated JNDI name; use:mail/sametime/notifier

Mail transport host Provide the fully qualified host name of your SMTP server; for example:sales.acme.com

Mail transport protocol Select the mail transport protocol; in thisexample, it would be SMTP

You can optionally supply a user name andpassword for the SMTP server; this is onlynecessary when your SMTP server requiresthem for authentication before sendinge-mail.




Option Description

Mail from Type the e-mail address to be used as the"From" address when sending notifications.

6. Click OK to save your settings.

Connecting Lotus Sametime Advanced to Lotus SametimeStandard

Establish a connection between the IBM Lotus Sametime Advanced and LotusSametime servers.

Before you begin

After you have installed your Lotus Sametime Advanced and Lotus Sametimeservers, you must establish a connection between them. This connection enablesthe Single Sign-On (SSO) and Awareness features. "Awareness" is a featureprovided with Lotus Sametime that enables it to track the presence of users whologged in. Before you can enable the awareness feature, you must configure single

sign-on between the IBM WebSphere component of the Lotus Sametime Advancedserver and the IBM Lotus Domino component of the Lotus Sametime server.

Enabling Single Sign-onEnable single sign-on between IBM Lotus Sametime Advanced and IBM LotusSametime Standard servers.

Before you begin

"Single sign-on" (SSO) is a method of access control that allows a user toauthenticate with one server and, by means of a shared key, access related serverswithout having to authenticate again. Lotus Sametime Advanced uses the singlesign-on feature to support awareness; you must enable single sign-on before you

can enable awareness.

Note: The Lotus Sametime Advanced and Lotus Sametime Standard servers mustreside in the same domain and share a common LDAP directory to support singlesign-on and awareness.

When you configure single sign-on, you create a key in the IBM WebSphereApplication Server component on the Lotus Sametime Advanced server, and thenexport the key. Next, you import that key to the IBM Lotus Domino component of the Lotus Sametime Standard server to complete the single sign-on enablement.

For more information on enabling single sign-on, visit the Websphere Portalinformation center at the following Web address and search on "Configuring IBM

Lotus Domino Enterprise Server mail and application servers and WebSpherePortal to work together":

http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp

Enable single sign-on by completing the following tasks:

Configuring SSO for the nodes in a cluster:

If you install multiple IBM Lotus Sametime Advanced servers and cluster themwith a network deployment, you should enable single sign-on (SSO) on each node




in the cluster. This prevents authentication problems when users are automaticallyswitched to a different node due to load-balancing or fail-over issues.

About this task

You will use the cluster's deployment manager to enable single sign-on for the IBMWebSphere Application Server component of all nodes.

1. Log in to the WebSphere Administrative console on the cell's deploymentmanager using WebSphere administrator credentials.

2. Click Security → Secure administration, applications, and infrastructure,expand Web Security in the "Authentication: area, and then open singlesign-on (SSO).

3. In the Domain Name field, type the domain name (for example, .acme.com) of the nodes in the cluster. Include a leading dot (.) as shown in the example.

4. Save the changes, synchronize the nodes, and restart the servers in this cluster.

Configuring SSO for Lotus Sametime Advanced:

Enable single sign-on and configure its properties on the IBM Lotus Sametime

Advanced server.

Before you begin

Be sure that both machines have the same time zone and time.

About this task

Enable single sign-on with the following steps:

1. On the Lotus Sametime Advanced server, log in to the Integrated SolutionsConsole using a WebSphere Application Server administrator account.

The Web address resembles this but depends on your host name and port:

http://hostname_or_IPaddress:9060/ibm/consoleFor example:


2. Enable the single sign-on feature:

a. Click Security → Secure administration, applications, and infrastructure →Web security (Under Authentication) → single sign-on (SSO).

b. Edit the configuration properties as needed, selecting the following settings:

Enabled Select this setting.

Requires SSL Clear this setting if it has been selected.

Interoperability Mode Select this setting.

Web inbound security attributepropagation

Select this setting.

Domain name Type the name of a domain that both theLotus Sametime Advanced and the LotusSametime Standard servers belong to; forexample: .acme.com. You will enter thisvalue again when you enable SSO on theLotus Sametime Standard server.




c. Click Apply, and then when the "Changes have been made to your localconfiguration" message appears, click Save.

3. Restart the WebSphere Application Server on this computer:

a. Navigate to the \profiles\ST_Advanced_Profile\bin directory in theWebSphere Application Server installation path.


C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\binb. Stop WebSphere Application Server and Lotus Sametime Advanced by

running the following command:

AIX, Linux, Solaris

./stopServer.sh server1 -username wasadmin_name -password password

Windows

stopServer.bat server1 -username wasadmin_name -password password

c. Now start WebSphere Application Server and Lotus Sametime Advanced byrunning the following command:

AIX, Linux, Solaris

./startpServer.sh server1 -username wasadmin_name -password password

Windows

startServer.bat server1 -username wasadmin_name -password password

4. Now create an LTPA key and export it as follows:

a. Click Secure administration, applications, and infrastructure →authentication mechanisms and expiration.

b. Now fill in the configuration settings, and assign a password and a filename to the key::

Authentication cache timeout Type values for the minutes and secondsrepresenting the amount of time beforeauthentication information expires

Timeout value for forwarded credentials

between servers

Type the number of minutes before

forwarded credentials will expire

PasswordConfirm password

Type, and then confirm, a password to beassociated with the LTPA key.

Attention: When you create the password, be sure to note it down – you will need itwhen you import the LTPA key to the LotusSametime Standard server.

Fully qualified key file name Type the path to the file plus the file's name;for example: c:\temp\acme.cer.

c. Click Export keys.

d. Click OK, and then click Save.

What to do next

Next you will enable SSO on the Lotus Sametime Standard server and import thisLTPA key.

Configuring SSO for Lotus Sametime Standard:

Enable single sign-on (SSO) and configure its properties on the IBM LotusSametime server before importing the LTPA key.




Before you begin

You will move to the Lotus Sametime Standard server for this task.

1. First, manually copy the key file you created on the Lotus Sametime Advancedserver to the Lotus Sametime Standard server; for example: c:\temp\ames.cer.

2. On the Lotus Sametime Standard server, start the IBM Lotus Domino

Administrator application:a. Navigate to the directory where Lotus Domino is installed; for example, on

Windows: C:\Program Files\IBM\Lotus\Domino.

b. Open the IBM Lotus Domino administrator.

3. Enable the single sign-on feature by completing these steps:

a. In the Lotus Domino Administrator, click the name of the current server (inthe listing on the left).

b. Click the Files tab.

c. Open the file names.nsf (this is the Domino Directory for the currentserver).

d. Click Configuration → Web → Web Configurations.

e. Open * - Web SSO Configurations.You will see one SSO document. If you open it, you may encounter an errormessage stating that portions of the document cannot be accessed –disregard the error.

f. Whether or not you received an error message, delete this SSO document.

g. Now open the Server document by clicking the Configuration tab, and thenclicking Server → Current Server Document.

h. Click Create Web → SSO Configuration.

i. Enter the following information for the SSO configuration, and leave thedocument open.

Configuration name Use LtpaToken as the configuration name

(case sensitive, no spaces).

Organization Name Leave this field blank; this document willappear in the "Web Configurations" view.

DNS domain Type the name of a domain that both theLotus Sametime Advanced and the LotusSametime servers belong to; for example:acme.com. Use the value you entered whileenabling SSO on the Lotus SametimeAdvanced server.

Domino Server Name Click the current Lotus Domino server'sname to select it.

4. Now import the LTPA key that you created on the Lotus Sametime Advancedserver as follows:

a. At the top of the document, click Keys → Import WebSphere LTPA keys.

b. Type in the exact file location of the key file you created on the LotusSametime Advanced server.

c. Enter the password you created on the Lotus Sametime Advanced serverwhen you enabled single sign-on.

d. Click OK.

The message Successfully imported WebSphere LTPA keys appears after thekey has been imported.




e. With the Server document still open, verify that the "LDAP realm" value isSCCS.

f. Click Save & Close.

g. Restart the Lotus Domino server to put your changes into effect.

h. Verify that all the Lotus Sametime Standard services have been started bychecking Windows services.

5. Verify that the SSO Configuration document was saved correctly:a. In the Lotus Domino Administrator, click the name of the current server (in

the listing on the left).

b. Click the Files tab.

c. Open the file names.nsf (this is the Domino Directory for the currentserver).

d. Click Configuration → Web → Web Configurations.

e. Open * - Web SSO Configurations.

f. Verify that your settings appear (or make changes as needed).

g. Verify that the "WebSphere" section at the end of the document is populatedcorrectly and make any necessary changes

h. Click Save & Close.

Verifying that SSO is working:

Test to ensure that single sign-on has been enabled between IBM Lotus SametimeAdvanced and Lotus Sametime.

Before you begin

Log in to the Lotus Sametime Advanced server and then access the LotusSametime server to verify that you do not have to authenticate a second time; thisensures that single sign-on is working properly.

1. Start the Lotus Sametime Advanced server, if it is not already running.2. Start the Lotus Sametime server, if it is not already running.

3. Open a browser, navigate to Lotus Sametime Advanced, and log in as anadministrator.

The Web address for Lotus Sametime Advanced looks like this, but will dependupon your own installation:


For example:


4. Next, navigate to your Lotus Sametime server's Meeting Center.

The Web address for the Lotus Sametime Meeting Center looks like this, but

will depend upon your own installation:http://sametime_server.domain/stcenter.nsf

For example:

http://sametime.acme.com/stcenter.nsf

5. Click Attend a Meeting.

6. Check the login information on the left panel.

If SSO is working, you will not be challenged to authenticate.

7. Close the Lotus Sametime Meeting Center.




What to do next

If you were required to log in before opening the Meeting Center, your singlesign-on configuration is not working. For more information on configuring SSO forIBM products, see the IBM tech note at the following Web address:


Enabling AwarenessEnable the awareness feature in IBM Lotus Sametime Advanced so that LotusSametime users can be detected when they are online.

Before you begin

After you have installed your Lotus Sametime Advanced and LotusSametimeStandard servers, you must establish a connection between them.

About this task

You establish this connection by filling in "Server Integration" fields on the LotusSametime Advanced server.

1. Open the Lotus Sametime Advanced server's Administration tab by pointing a browser at the following Web address:


For example:


Note: The Web address will resemble the one shown above, but will dependupon your own deployment.

2. Log in to Lotus Sametime Advanced using the administrator account that youcreated during installation (for example, "stadvadmin").

3. Click the Administration tab.

4. On the left, click Administration Settings.

5. Now click the Server Integration tab.

6. Enter the Lotus Sametime Standard server's Host name and HTTP port in thedesignated fields.

The HTTP port is typically port 80; however, if you have configured the serverto only use SSL, this value will be different (generally port 443). If you do useSSL here, be sure to complete Step 9 below to enable SSL on the port used forsupporting the awareness feature in Lotus Sametime Advanced.

7. Click Save.

8. Activate your new settings by logging out and then restarting the browser before you log in again.

9. Determine whether you need to run the updateSTSettings script to modifydatabase settings.

You will need to run this script if either (or both) of the following conditionsis true for your Lotus Sametime Standard server:

v SSL is enabled on the classic server's HTTP port (the port you specified inStep 6)

v Tunneling is enabled on the classic server

If neither condition is true, you have finished enabling awareness; skip therest of the steps in this procedure. Next, you should set up a Lotus SametimeConnect client and log in with it to verify that awareness is working.




If one (or both) of the conditions is true, proceed to the next step and updatedatabase settings for Lotus Sametime Advanced.

10. Download the appropriate version of the updateSTSettings script for youroperating system to a server that has access to the Lotus Sametime Advanceddatabase (the database called "STADV" in this documentation, but if you ranthe archive installer on Linux it defaulted to "CHATS").



11. On the machine that has the DB2 client installed or on a DB2 server, open aDB2 Command prompt and connect to the database:

db2 connect to database user db2admin_user using password

12. Run the updateSTSettings script as follows:


./updateSTSettings.sh database db2admin_user passwordstlinks_port web_ssl_enabled applet_ssl_enabled

v Windows

updateSTSettings.bat database db2admin_user passwordstlinks_port web_ssl_enabled applet_ssl_enabled

where:

v database is the name of your Lotus Sametime Advanced database (STADV inthis documentation, but if you ran the archive installer on Linux itdefaulted to "CHATS").

v db2admin_user is the name of a user with DB2 Administrator privileges.

v password is the password for the DB2 Administrator account.

v stlinks_port is the port being used for awareness on the Lotus SametimeStandard server (normally "8082").

If your classic server has tunneling enabled, set this port to "80" to supportthat feature.

v web_ssl_enable indicates whether Web-based connections to Lotus SametimeAdvanced should use SSL ("true" or "false").

If your classic server has SSL enabled, set this value to "true" when you runthe script.

v applet_ssl_enable indicates whether the Community connection from LotusSametime Standard to Lotus Sametime Advanced over port 8082 should useSSL ("true" or "false").

If you set this value to "true" when you run the script, you will need tomake additional changes to the classic Lotus Sametime Standard server tosupport the new setting.

For example, enable SSL on Windows by setting the web_ssl_enable to "true":

updateSTSettings.bat STADV db2admin passw0rd 8082 true false

Enable tunneling on Windows by setting the stlinks_port to "80":

updateSTSettings.bat STADV db2admin passw0rd 80 false false

If you want to enable both features, you can set both parameters at the sametime (you do not have to run the script twice) on Windows:





Enabling SSO and Awareness for a native Lotus DominoDirectoryIf your deployment uses a native IBM Lotus Domino Directory for addressing, youmust complete an additional task to enabling Awareness and Single Sign-On

between an IBM Lotus Sametime Advanced server and a Lotus Sametime Standardserver.

Before you begin

When using a Lotus Sametime Advanced Server with a Lotus Sametime Standardserver that is configured to use a native Lotus Domino Directory, enabling theAwareness and Single Sign-On features requires the following tasks:

1. Complete the steps to "Enable Single Sign-On" and "Enable Awareness" asdescribed in the preceding topics in this section.

2. Follow the instructions in the IBM Tech Note titled "How to configureawareness when using a native Domino Directory with Sametime Advanced" toapply the Lotus Sametime Standard server patch. This Tech Note is available atthe following Web address:


3. If you already configured your Lotus Domino directory on the Lotus SametimeAdvanced server without specifying a base distinguished name suffix (such asc=US or c=UK) for searching, you must define a new Java™ Authentication andAuthorization Service (JAAS) login module that is used by system resources forauthentication, principal mapping, and credential mapping by completing thesteps below.

About this task

Do the following on the server where you installed Lotus Sametime Advanced:

1. Launch the Integrated Solutions Console by opening a Web browser andnavigating to: http://stadv.acme.com:9060/ibm/console.

2. Click Security > Secure administration, applications, and infrastructure.3. Under Java Authentication and Authorization Service, click System logins.

4. Click RMI_INBOUND

5. Under Additional Properties, click JAAS Login Modules.

6. Click New.

7. Type com.ibm.stadv.domino.login.STAdvDominoLogin in the Class Name field.

8. Click Apply, and then click Save.

9. Click Set Order to change the processing order of the login modules.

10. Select com.ibm.stadv.domino.login.STAdvDominoLogin and move it up tonumber 1.

11. Click Apply, and then click Save.12. Repeat steps 4 through 11 for the WEB_INBOUND System login.

Connecting Lotus Sametime Connect clients to the LotusSametime Advanced server

To ensure that IBM Lotus Sametime Connect clients can access the Lotus SametimeAdvanced server, you must configure clients with the correct server and portinformation. You do this by "pushing" the information from the server's updatesite.




Before you begin

About this task

The update site includes plugins for the Lotus Sametime Advanced application.Any Lotus Sametime user can find out about the update site and install theplugins. Only users with a license to use Lotus Sametime Advanced can actually

get the plugins to work. After users have downloaded and installed LotusSametime Advanced, they might need to access an update site to install:

v A new feature that you have purchased or developed yourself using the IBMLotus Sametime Advanced Software Development Kit.

v An update that IBM has provided for an existing feature.

Providing an update site for clientsProvide an update site on the HTTP server that allows Lotus Sametime Connectclients to install plugins and features for Lotus Sametime Advanced.

Before you begin

Note: If you used the archive installation program on Linux, the update site wasset up for you during installation and you can skip this task.

Before beginning this task, make sure you have installed and configured thefollowing applications and their prerequisite components:

v Lotus Sametime Standard


v IBM HTTP Server

1. Make sure you have downloaded the appropriate files to the computer whereyou will install the Lotus Sametime Advanced Client Update site.

Downloading files for Lotus Sametime Advanced and related applications isdescribed in the Download document at www.ibm.com/support/

docview.wss?rs=477&uid=swg24018149.

The Sametime Advanced Client plugins are packaged with the SametimeAdvanced Server, in the AdvUpdateSite directory.

2. Copy sametime.advanced.update.site.zip to a local folder on the computerthat will host the update site.

3. Navigate to the http document root folder for IBM HTTP Server.

Typically, the folder is located in the Program Files\IBM\HTTPServer\htdocs\locale folder; for example, on Windows:

C:\Program Files\IBM\HTTPServer\htdocs\en_US

If you do not know the folder's name or location, check the httpd.conf filelocated inC:\Program Files\IBM\HTTPServer\conf.

4. Create a subfolder called updatesite.5. In this new folder, unzip sametime.advanced.update.site.zip.

Now that the update site is posted, you should test it with the following steps.

6. Check the folder structure on your HTTP server:

a. The update folders should be located under the http document root folder.

For example:

C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\

b. The updatesite folder should contain the following:

v site.xml









v plugins

v features

7. Start the HTTP server and use a Web browser to connect to the update URL:http://server_host/updatesite/site.xml.

For example:

http://stadv.acme.com/updatesite/site.xml

Make sure the contents of the site.xml file are displayed.

What to do next

After you have verified the update site, you must edit the plugin_customization.inifile with the IBM Lotus Sametime Advanced default settings for Lotus SametimeConnect client preferences. See the next topic.

Setting up Sametime default client preferences for Sametime Advanced:

The plugin_customization.ini configuration file lets you customize the IBM LotusSametime Advanced default settings for Lotus Sametime Connect client

preferences. You can set the Lotus Sametime Advanced server names and portnumbers for all your users in this file. You can also use this to deploy clients tohave consistent behavior so that all users have a similar experience with LotusSametime Advanced. This method does not force the settings to stick; it simply setsthe default setting.

About this task

You edit the plugin_customization.ini file incom.ibm.collaboration.realtime.advanced.preferences.feature with the defaultpreferences that you want. The feature should then be posted on a Lotus SametimeAdvanced update site for the Lotus Sametime clients to download. When a newclient logs in, it finds the new customization feature and downloads it, and mergesthe contents of the plugin_customization.ini with the existing one. The clientrestarts and reads the new preferences. The client never downloads the featureagain since it has already been installed. Every time the client starts, theplugin_customization.ini preferences are read.

The following steps explain how to update the plugin_customization.ini file.

1. On your HTTP server, unzip the feature jar file.

For example:

C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\features\com.ibm.collaboration.realtime.advanced.preferences.feature_8.0.0.time_stamp.jar

2. Modify or replace the plugin_customization.ini file so that it contains theSametime Advanced server host names, port numbers, and any other pluginpreferences that you want. A preference has to be entered into the file with thefull path: plugin_id/ propertyName = propertyValue .

Note: The code below has been formatted for readability. For descriptions of the following preferences, click the topic, "Sametime Advanced clientpreferences" after the last step in this procedure.For example:

#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=

stv_server.mycompany.com#Set the Advanced broadcast server port




com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=80#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=

server.mycompany.com#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=

eb_server.mycompany.com#Set the Event Broker server port here

com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506#Use SSL while connecting to the server? Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false

3. Repackage the feature. Make sure the version in the feature.xml and site.xmlreference the correct version of the file. If this is not the first time provisioningthis feature, increment the feature version of the jar file. For example:

<site><feature url="features/com.ibm.collaboration.realtime.advanced.preferences.

feature_8.0.0.time_stamp.jar"id="com.ibm.collaboration.realtime.advanced.preferences.feature"version="8.0.0"><category name="Other" />

</feature>

<category-def name="Other" label="Other" /></site>

4. On the IBM HTTP server, navigate to your update site folder, for example:

C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite

5. Copy your jar file to the update site.

Lotus Sametime Advanced client preferences:

The following table contains the IBM Lotus Sametime Advanced preferences forthe Lotus Sametime Connect client that are set by administrators in theplugin_customization.ini file.

Entry Description

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=

Required. Fully qualified IBM WebSphere ApplicationServer host name, for example: sales.acme.com(resides on the same computer as Lotus SametimeAdvanced).

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=

Required. Lotus Sametime Advanced server portnumber.

com.ibm.collaboration.realtime.bcs/sametimeCommunityServer

Required. Default Lotus Sametime community hostname. This is the server users log in to for awarenessand chat.

com.ibm.collaboration.realtime.bcs/ broadcastToolsServerName=

Required. Fully qualified WebSphere Event Brokerserver host name.

com.ibm.collaboration.realtime.bcs/ broadcastToolsServerPort=

Required. WebSphere Event Broker server portnumber

com.ibm.collaboration.realtime.bcs/useHTTPS=false

If you are using SSL while connecting to the server,set to true. If you are using HTTP set to false.

com.ibm.collaboration.realtime.bcs/advancedServerConnectionType=

Connection type to connect to the Lotus SametimeAdvanced server. Set to 0 for a direct connection tothe server. Set to 1 to connect through a reverse proxy.




Entry Description

com.ibm.collaboration.realtime.bcs/ broadcastServerConnectionType=

Connection type to connect to the Broadcast toolsserver. Set to 1 for a direct connection to the server.Set to 2 to connect using SSL (HTTPS) Set to 3 to usereverse proxies.

com.ibm.collaboration.realtime.bcs/useHttpProxy=

Set to true if you are using an HTTP forward proxy,otherwise set it to false.

com.ibm.collaboration.realtime.bcs/proxyHost=

Enter the proxy IP address or host name if you areusing a HTTP proxy, otherwise leave it blank.

com.ibm.collaboration.realtime.bcs/proxyPort=

Enter the HTTP proxy port to which you areconnecting.


Enter the user name if the HTTP proxy requires onefor authentication, otherwise leave it blank.

com.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=

Enter the reverse proxy base URL to use if connectingthrough a reverse proxy. For example:http://mycompany.com/mycontext. Leave blankotherwise.

com.ibm.collaboration.realtime.bcs/reverseProxyUserName=

Enter the reverse proxy user name if the proxy isauthenticating. Leave blank if you are not usingreverse proxies.

com.ibm.collaboration.realtime.bcs/ jmsProtocol=disthub

Internal protocol for connecting to WebSphere EventBroker. Enter disthub (no SSL) or disthubs (with SSL).

com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000

Time allowed in milliseconds for awareness names toresolve.

com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=true

Prohibits licensing to users and groups with wildcardcharacters in their names.

com.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=true

Alert users when a new open community is created.

com.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=trueAlert users when a new moderated community iscreated.

com.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=true

Alert users when a new private community is created.

com.ibm.collaboration.realtime.bcs/ blockBroadcastOnDoNotDisturb=true

Blocks broadcasts when user has set client to "Do notdisturb".

com.ibm.collaboration.realtime.bcs/ blockBroadcastOnInMeeting=false

Blocks broadcast when user is in a meeting.

com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true

Alert users when a chat room has a new member.

com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=true

Blocks chat room notifications when user has setclient to "Do not disturb".

com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false

Blocks chat room notifications when user is in ameeting.

com.ibm.collaboration.realtime.bcs/ broadcastServerUserIdType=email

Set to "email" to use the Sametime ID's emaildirectory field. You need to use the same propertyvalue to log in to both the Sametime client andSametime Advanced.

Setting Sametime policies for your update site:




When you set up your IBM Lotus Sametime Advanced update site, you need tospecify policies on the Sametime Standard server for how users will get the LotusSametime Advanced plugins as well as updates.

Before you begin

Before you begin, you should have installed the HTTP server and set up an update

site on the server.

About this task

There are two methods for pushing updates to users:

v Automatic Updates: Administrators can provision new or updated LotusSametime Advanced plugins to their clients in a "push" mode so that all clientsuse the same set of features. The push method enables the client to receiveupdates automatically whenever he or she logs in to Lotus Sametime Connect.

v Optional Updates: Administrators can also provide new Lotus SametimeAdvanced features to their clients as an option. With the optional method, theuser is notified that updates are available when logging in to the Lotus

Sametime Connect client. The user selects which updates to install, if any.1. Log in to Lotus Sametime at http://<sametime_host_name>/stcenter.nsf.

2. Under Administration tools, click Administer the server.

3. Click Policies.

4. Click a policy that is available to Lotus Sametime Advanced users. You can alsocreate a policy exclusively for Lotus Sametime Advanced users. You mightwant to do this if Advanced users are a subset of Sametime users or if you planan maintaining separate update sites on the Sametime and Sametime advancedservers.

5. If you want to set up automatic updates, then add the update site URL to theSametime update site URL field. If you already have an existing update site inthe URL, for example for Sametime Standard users, then you can add anadditional URL for Sametime Advanced separated by a semicolon or a comma.

http://<sametime_host_name>/updatesite,http://<stadvanced_host_name>/updatesite

6. If you want to set up an optional updates, then add the update site URL in theSametime optional add-on site URLs field.

http://<stadvanced_host_name>/updatesite

7. Click OK.

Installing client softwareTo complete your IBM Lotus Sametime Advanced deployment, install theappropriate client software on each end-user computer.

Before you begin

There are two types of client you may want to install:

v Lotus Sametime Connect client

This client runs as an application on the end-user's computer to access LotusSametime Standard features. After you set up the Lotus Sametime Advancedupdate site, users can install new features available with Lotus SametimeAdvanced and use them within the Lotus Sametime Connect client.




If users have not installed the Connect client yet, you can modify the installationkit and insert the Lotus Sametime Advanced client right into it, so that users caninstall both clients at once.

v Lotus Sametime Advanced embedded client for Lotus Notes users

This client can be installed as an addition to the Lotus Notes client, allowingusers to access Lotus Sametime Advanced features from within the Lotus Notes

user interface.

About this task

Select the topic that reflects the type of client you wish to deploy to your users:

Distributing the Lotus Sametime Advanced client to Lotus Sametime Connectusers:

The IBM Lotus Sametime Advanced client works with the Lotus Sametime Connectclient to provide additional features to Lotus Sametime users.

Before you begin

Before distributing the Lotus Sametime Connect client to users, you can add theLotus Sametime Advanced client into the installation kit to ensure users haveaccess to features of both products.

Note: Adding the Lotus Sametime Advanced client into the Connect client'sinstallation kit uses difference procedures for Lotus Sametime 8 and LotusSametime 8.0.1, so be sure to follow the correct set of instructions for this task:

Adding the Lotus Sametime Advanced client to the Lotus Sametime Connect clientinstallation kit:

If users have not installed the IBM Lotus Sametime Connect client yet, you can

modify the installation kit and insert the Lotus Sametime Advanced client rightinto it, so that users can install both clients at once.

Before you begin

Note: Adding the Lotus Sametime Advanced client into the Lotus SametimeConnect client's installation kit uses difference procedures for different releases of Lotus Sametime Connect, so be use the correct set of instructions for this task:

Lotus Sametime Connect 8.0 client installation kit: adding in the Lotus Sametime Advanced 8.0 client:

If your deployment still uses IBM Lotus Sametime release 8.0, use the instructions

in this topic to distribute the IBM Lotus Sametime Advanced 8.0 client them byinserting it directly into the Lotus Sametime Connect client installation kit. Thismethod requires the user to run the Lotus Sametime Connect client installation,and the Lotus Sametime Advanced client is installed at the same time.

About this task

Add the Lotus Sametime Advanced 8.0 client to the Lotus Sametime 8.0 Connectclient installation kit by completing the following steps:





a. Install Lotus Sametime Standard 8.0 using the following command:


b. Install Lotus Sametime Advanced 8.0 using the following command:


2. Add the Lotus Sametime Advanced client plugin features to the installmanifest.


b. Search this file for the feature whose ID is com.ibm.swt.xulrunner.feature,and change the version tag on this feature to 3.2.0.v200803071645.

c. Add the following plugin features, included in the Lotus SametimeAdvanced 8.0 client plugin update site, to the bottom of the install.xml filedirectly after the last </installfeature> closing tag:




<feature id="com.ibm.rtc.web.utils.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>


<feature id="com.ibm.collaboration.realtime.chat.feature.patch.advanced"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.broadcast.feature"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>

<feature id="com.ibm.collaboration.realtime.rtcadapter.feature.patch"version="8.0.0.20080322-1214" match="compatible" download-size="3" size="3" action="install" shared="false"/>


<feature id="com.ibm.collaboration.realtime.location.patch.advanced"version="8.0.0.20080322-1214" match="compatible" download-size="3"size="3" action="install" shared="false"/>


3. Add the Lotus Sametime Advanced 8.0 features to the install updateSite.

a. Copy the "features" from the Lotus Sametime Advanced 8.0 client pluginupdate site into the "features" directory inside the install_pkg_root/updateSite folder.

b. Copy the "plugins" from the Lotus Sametime Advanced 8.0 client plugin

update site into the "plugins" directory inside the install_pkg_root/updateSite folder.

c. Add each feature element from the Lotus Sametime Advanced 8.0 clientplugin update site's site.xml file to the install_pkg_root/updateSite/site.xml file, after the last </feature> tag:


<featureurl="features/com.ibm.collaboration.realtime.

core.advanced.feature_8.0.0.20080322-1214.jar"id="com.ibm.collaboration.realtime.core.advanced.feature"




version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><feature

url="features/com.ibm.rtc.web.utils.feature_8.0.0.20080322-1214.jar"

id="com.ibm.rtc.web.utils.feature"version="8.0.0.20080322-1214">

<category name="platform"/></feature><feature

url="features/com.ibm.collaboration.realtime.chatrooms.feature_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><feature

url="features/com.ibm.collaboration.realtime.chat.feature.patch.advanced_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.chat.feature.patch.advanced"version="8.0.0.20080322-1214">




</feature><feature

url="features/com.ibm.collaboration.realtime.rtcadapter.feature.patch_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.rtcadapter.feature.patch"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature><feature



</feature><feature

url="features/com.ibm.collaboration.realtime.location.patch.advanced_8.0.0.20080322-1214.jar"

id="com.ibm.collaboration.realtime.location.patch.advanced"version="8.0.0.20080322-1214"><category name="sametimeAdvanced"/>

</feature>


d. Locate the tag whose ID is com.ibm.swt.xulrunner.feature; change the"url" tag on this feature to be features/com.ibm.swt.xulrunner.feature_3.2.0.v200803071645.jar and the "version"tag on this feature to be 3.2.0.v200803071645.



#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=#Set the Advanced broadcast server port




com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=#Use SSL while connecting to the server? Set to true to use HTTPS;

#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --# 0 = Direct connection to the server# 1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=#Connection type to connect to the broadcast tools server.#Set to one of the following values --#1 = Direct connection to the server#2 = Use SSL (HTTPS)#3 = Use reverse proxiescom.ibm.collaboration.realtime.bcs/broadcastServerConnectionType=

#Set to true if using a HTTP forward proxy;false, otherwise.com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy; Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication.#Leave blank otherwise.com.ibm.collaboration.realtime.bcs/proxyUserName=

#Set the reverse proxy base URL to use if connecting via a reverse proxy.#Leave blank otherwise.#Eg. http://mycompany.com/mycontextcom.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=#Set the reverse proxy user name if the proxy is authenticating.#Leave blank if not using reverse proxiescom.ibm.collaboration.realtime.bcs/reverseProxyUserName=

com.ibm.collaboration.realtime.bcs/jmsProtocol=disthubcom.ibm.collaboration.realtime.bcs/groupServicePath=

/cas/services/GroupMemberServicecom.ibm.collaboration.realtime.bcs/skilltapServicePath=

/skilltapws/servlet/rpcroutercom.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=truecom.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=falsecom.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false

#Set to "email" to use the Sametime Id's email directory fieldcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType=

Note: The following two statements from the example above were split to fiton the page; you should enter them each as one statement:v com.ibm.collaboration.realtime.bcs/groupServicePath=

/cas/services/GroupMemberServicev com.ibm.collaboration.realtime.bcs/skilltapServicePath=

/skilltapws/servlet/rpcrouter

Lotus Sametime Connect 8.0.1 client installation kit: adding in the Lotus Sametime Advanced 8.0.1 client:




Distribute the IBM Lotus Sametime Advanced 8.0.1 client to Lotus Sametime 8.0.1Connect users by inserting it directly into the Lotus Sametime Connect clientinstallation kit. This method requires the user to run the Lotus Sametime Connectclient installation, and the Lotus Sametime Advanced client is installed at the sametime.

About this task

Add the Lotus Sametime Advanced 8.0.1 client to the Lotus Sametime 8.0.1Connect client installation kit by completing the following steps:


a. Install Lotus Sametime Standard 8.0.1 using the following command:


b. Install Lotus Sametime Advanced 8.0.1 using the following command:


2. Add the Lotus Sametime Advanced 8.0.1 client plugin features to the installmanifest.


b. Locate each of the IDs listed in the table, and update the corresponding"version" tag to match the one provided in the table:

ID Version

com.ibm.swt.xulrunner.feature 3.2.0.v200805151900

com.ibm.collaboration.realtime.browser.xul.feature 8.0.1.20080606-2005

com.ibm.collaboration.realtime.browser.feature 8.0.1.20080606-2005

com.ibm.collaboration.realtime.location.feature 8.0.1.20080606-2005

com.ibm.rtc.web.utils.feature 8.0.1.20080606-2005

c. Add the following plugin features, included in the Lotus Sametime

Advanced 8.0.1 client plugin update site, to the bottom of the install.xmlfile directly after the last </installfeature> closing tag:





<feature id="com.ibm.collaboration.realtime.broadcast.feature"version="8.0.1.20080606-2005" match="compatible" download-size="3"

size="3" action="install" shared="false"/><feature id="com.ibm.collaboration.realtime.instantshare.feature"version="8.0.1.20080606-2005" match="compatible" download-size="3"size="3" action="install" shared="false"/>


3. Add the Lotus Sametime Advanced 8.0.1 features to the install updateSite.

a. Copy the "features" from the Lotus Sametime Advanced 8.0.1 client pluginupdate site into the "features" directory within the install_pkg_root/updateSite folder.




b. Copy the "plugins" from the Lotus Sametime Advanced 8.0.1 client pluginupdate site into the "plugins" directory within the install_pkg_root/updateSite folder.

c. Add each feature element from the Lotus Sametime Advanced 8.0.1 clientplugin update site's site.xml file to the install_pkg_root/updateSite/site.xml file, after the last </feature> tag:


<featureurl="features/com.ibm.collaboration.realtime.core.advanced.

feature_8.0.1.20080606-2005.jar"id="com.ibm.collaboration.realtime.core.advanced.feature"version="8.0.1.20080606-2005"><category name="sametimeAdvanced"/>

</feature><feature url="features/com.ibm.collaboration.realtime.chatrooms.

feature_8.0.1.20080606-2005.jar"id="com.ibm.collaboration.realtime.chatrooms.feature"version="8.0.1.20080606-2005"><category name="sametimeAdvanced"/>

</feature>

<featureurl="features/com.ibm.collaboration.realtime.broadcast.feature_8.0.1.20080606-2005.jar"


</feature><feature



</feature>


d. Locate each of the IDs listed in the table within the install_pkg_root/updateSite/site.xml file, and update the corresponding "url" and "version"tags to match those provided in the table:

ID URL Version

com.ibm.swt.xulrunner.feature

features/com.ibm.swt.xulrunner.feature_3.2.0.v200805151900.jar

3.2.0.v200805151900

com.ibm.collaboration.realtime.browser.xul.feature

features/com.ibm.collaboration.realtime.browser.xul.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.collaboration.realtime.browser.feature

features/com.ibm.collaboration.

realtime.browser.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.collaboration.realtime.location.feature

features/com.ibm.collaboration.realtime.location.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005

com.ibm.rtc.web.utils.feature

features/com.ibm.rtc.web.utils.feature_8.0.1.20080606-2005.jar

8.0.1.20080606-2005






#Set the Advanced broadcast server host namecom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=#Set the Advanced broadcast server portcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=

#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=#Use SSL while connecting to the server?#Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --#0 = Direct connection to the server#1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=


#Set to true if using a HTTP forward proxy;false, otherwise.com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy;#Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication.#Leave blank otherwise.


Downloading and Installing the Lotus Sametime Connect Client:

IBM Lotus Sametime users communicate with the server and each other using theLotus Sametime Connect Client software.

Before you begin

Users can download and install the Lotus Sametime Connect client themselvesfrom the Lotus Sametime Welcome page, using the procedures listed here. Youmay want to distribute these instructions for downloading and installing the LotusSametime Connect client to your end users.

About this task

To install the Lotus Sametime connect client files from your server, follow thesesteps:

1. Using a Web browser, open the Sametime Welcome page (stcenter.nsf) on yourSametime server.

For example, if your Sametime server host name is stserver.com, you open:

http://stserver.com/stcenter.nsf




2. Click Download Lotus Sametime Connect Client. The "Welcome to the IBMLotus Sametime Connect Client Download Site" page appears.

3. Click Install Now.

Once all files have been downloaded, the actual client installation begins:

v On Microsoft Windows and Apple Mac, the client installer will display.Follow the instructions in the installer and enter the required information to

complete the installation.v On Linux, the RPM installer will run automatically.

Note: If there are problems running the client installer, or if you want to installat a later time, click Save on the "Welcome to the IBM Lotus Sametime ConnectClient Download Site" page. This will bring you to a downloads page whereyou can select the operating system of the installer you wish to save. Thedownloads page includes instructions for downloading the installer for lateruse.

4. Download plugins for Lotus Sametime Advanced.

Connect to the update site that was set up during IBM HTTP Serverconfiguration and download the Sametime Advanced Client features. For

example:http://stadvdev.lotus.com/updatesite/site.xml

What to do next

Now you can use the Lotus Sametime Connect client and experience the newfeatures provided by Lotus Sametime Advanced.

Distributing the Lotus Sametime Advanced embedded client to Lotus Notesusers:

The IBM Lotus Sametime Advanced embedded client works with IBM Lotus Notesusers to provide Lotus Sametime Advanced features within the Lotus Notes

environment.

Before you begin

There are two ways to distribute the Lotus Sametime Advanced embedded clientto Lotus Notes users: you can add the embedded client to the Lotus Notes clientinstallation program so the user can choose it as an option during Lotus Notesinstallation, or you can use IBM Lotus Expeditor to provision Lotus Notes with theembedded client so that you can add the embedded client to existing Lotus Notesclients.

About this task

Select the method that best suits your needs:

Adding the Lotus Sametime Advanced client to the Lotus Notes client installation kit:

Distribute the Lotus Sametime Advanced embedded client to Lotus Notes users byinserting the embedded client directly into the Lotus Notes client installation kit.This method requires the user to run the Lotus Notes client installation, and offersthem the option of installing the Lotus Sametime Advanced client at the sametime.




Before you begin

For more information on modifying the Lotus Notes client installation kit, searchon "Customizing the Notes install kit" in the Lotus Domino 8 Administrationinformation center.

About this task

Add the Lotus Sametime Advanced embedded client to the Lotus Notesinstallation kit by completing the following steps:

1. Place a copy of the Lotus Sametime Advanced Update site in the root directoryof the Lotus Notes installation kit.

2. Modify the installation kit's deploy\plugin_customization.ini file.

This is the base version of the plugin_customization.ini file included in theLotus Notes client installation. Append the settings below to this file,modifying them as needed to match the settings used in your organization. Forexample, you will want to include the host name of the Lotus SametimeAdvanced server as well as MQ Broker details.

#Set the Advanced broadcast server host name

com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=sales3.acme.com#Set the Advanced broadcast server portcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=1234#Set the Advanced broadcast server community host namecom.ibm.collaboration.realtime.bcs/sametimeCommunityServer=#Set the Event Broker server host namecom.ibm.collaboration.realtime.bcs/broadcastToolsServerName=test.mul.ie.ibm.com#Set the Event Broker server port herecom.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=4321#Use SSL while connecting to the server? Set to true to use HTTPS;#False to use plain HTTPcom.ibm.collaboration.realtime.bcs/useHTTPS=false#Connection type to connect to the ST Advanced server.#Set to one of the following --# 0 = Direct connection to the server

# 1 = Connect via reverse proxycom.ibm.collaboration.realtime.bcs/advancedServerConnectionType=#Connection type to connect to the broadcast tools server.#Set to one of the following values --#1 = Direct connection to the server#2 = Use SSL (HTTPS)#3 = Use reverse proxiescom.ibm.collaboration.realtime.bcs/broadcastServerConnectionType=

#Set to true if using a HTTP forward proxy;false, otherwise.com.ibm.collaboration.realtime.bcs/useHttpProxy=#Proxy IP or host name if using a HTTP proxy; Leave blank otherwisecom.ibm.collaboration.realtime.bcs/proxyHost=#HTTP proxy port to connect tocom.ibm.collaboration.realtime.bcs/proxyPort=#User name if the HTTP proxy requires authentication. Leave blank otherwise.com.ibm.collaboration.realtime.bcs/proxyUserName=

#Set the reverse proxy base URL to use if connecting via a reverse proxy.#Leave blank otherwise.#Eg. http://mycompany.com/mycontextcom.ibm.collaboration.realtime.bcs/reverseProxyBaseURL=#Set the reverse proxy user name if the proxy is authenticating.#Leave blank if not using reverse proxiescom.ibm.collaboration.realtime.bcs/reverseProxyUserName=com.ibm.collaboration.realtime.bcs/jmsProtocol=disthubcom.ibm.collaboration.realtime.bcs/groupServicePath=/cas/services/GroupMemberServicecom.ibm.collaboration.realtime.bcs/skilltapServicePath=/skilltapws/servlet/rpcrouter






com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=truecom.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=truecom.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=falsecom.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true

com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=truecom.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false#Set to "email" to use the Sametime Id's email directory fieldcom.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType=

3. Modify the installation kit's deploy\install.xml file to include Lotus SametimeAdvanced.

The install.xml file defines what actually gets installed when the installationprogram runs; add in the reference to Lotus Sametime Advanced bycustomizing the code below and appending it to the "install" node of theinstall.xml file.


<installfeature default="false" description="Sametime Advanced 8.0.1" id="STAdvanced"name="Sametime 8.0.1 Advanced" required="false" show="true" version="build_version">

<requirements><feature url="jar:${installer.root}/update_sitefile.zip!/"


<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.core.advanced.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.chatrooms.feature"

version="build_version" match="perfect" shared="true"/><feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.instantshare.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.location.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.broadcast.feature"version="build_version" match="perfect" shared="true"/>

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.collaboration.realtime.browser.xul.feature"version="build_version" match="perfect" shared="true"/>


Modify the following attributes for your deployment:a. In the following statement, replace build_version with the actual version

being installed:

<installfeature default="false" description="Sametime Advanced"id="STAdvanced" name="Sametime 8.0 Advanced" required="false" show="true" version="build_version"

b. For every feature element, modify the url attribute with the path to thesource of the Lotus Sametime Advanced update site.

<feature url="jar:${installer.root}/update_sitefile.zip!/"id="com.ibm.rcp.xulrunner.runtime.feature"version="3.2.0.v200803071645" match="perfect" shared="true"/>

"jar:${installer.root}/update_sitefile.zip!/"


"jar:${installer.root}/sametime.advanced.embedded.update.site.20080515-1743.signed.zi

c. For every feature element, modify the version="8.0.1.x" attribute with theactual version of the ID contained within the site.xml file for Lotus

Sametime Advanced.The site.xml is contained within the update.zip file; the version attribute isthe same and can be copied from thesite.xml file.

4. Linux only: In the install.xml file, comment out the following feature

Note: This feature is contained within the "Platform.XPD.linux" feature.

com.ibm.rcp.xulrunner.runtime.feature

This example shows the com.ibm.rcp.xulrunner.runtime.feature featurecommented out:



Results

During installation of the Lotus Notes client, the user will be offered the choice of additionally installing the Lotus Sametime Advanced embedded client.

Provisioning the Lotus Sametime Advanced client for existing Lotus Notes clients:

Distribute the IBM Lotus Sametime Advanced embedded client by provisioning itfor existing IBM Lotus Notes users. This method assumes that the user has alreadyinstalled the Lotus Notes client, and uses IBM Lotus Expeditor to enableprovisioning.

About this task

Provision the Lotus Sametime Advanced embedded client for the Lotus Notesinstallation kit by completing the following steps:

1. Download the appropriate provision-advanced provisioning script for youroperating system (.sh or .bat) to the computer where you will set upprovisioning.


2. Create an installation manifest file using the template below.

The manifest defines what will be installed to the Lotus Notes clients; add inthe reference to Lotus Sametime Advanced by customizing the code below andsaving the file in XML format; for example, using by naming the filestadvanced_manifest.xml.


Windows

Use the following template:





id="com.ibm.rcp.xulrunner.runtime.feature"version="build_version" match="perfect" shared="true"/><feature url="jar:file:path-to-update-site.zip!/"

id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>








</install></object-data></domain-object></ibm-portal-composite>

Linux

Use the following template:<?xml version="1.0" encoding="UTF-8"?><ibm-portal-composite><domain-object name="com.ibm.rcp.installmanifest"><object-data><install>



<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.rtc.web.utils.feature.patch"version="build_version" match="perfect" shared="true"/>

<feature url="jar:file:path-to-update-site.zip!/"

id="com.ibm.collaboration.realtime.core.advanced.feature"version="build_version" match="perfect" shared="true"/>




<feature url="jar:file:path-to-update-site.zip!/"id="com.ibm.collaboration.realtime.broadcast.feature"




d. (Linux only) Activate the Lotus Sametime Advanced features by runningthe following script:

Note: The user should be logged in as usual, you do not need to log in asroot to run the script.

./user-provision.sh Notes_install_path

For example:

./user-provision.sh /opt/ibm/lotus/notes

If Lotus Notes is open, the Lotus Notes splash screen appears while thechange is taking place, then Lotus Notes restarts. If Lotus Notes is closed,the splash screen is followed by a progress meter, which disappears oncethe update is complete.

The next time the user launches Lotus Notes, the Lotus Sametime Advancedembedded client will be available for use.

e. Repeat for each Lotus Notes user.

Accessing Lotus Sametime Advanced from a browserIf you need to access your IBM Lotus Sametime Advanced server for

administrative purposes, you can use any browser in the deployment.

About this task

The Web addresses that you use will resemble the ones shown below, but the hostname and ports will depend upon your own deployment.

1. Access the Lotus Sametime Advanced server with the following Web address,so you can use the Administrative interface:


For example:


2. Access the Integrated Solutions Console (ISC) for IBM WebSphere ApplicationServer with the following URL:


For example:


Configuring SSL

This section provides steps for setting up Secure Sockets Layer (SSL) for IBM LotusSametime Advanced.

About this task

SSL provides encrypted communications for Lotus Sametime Advancedcommunities. The foundation technology for SSL is public key cryptography, whichguarantees that when an entity encrypts data using its private key, only entitieswith the corresponding public key can decrypt that data. Because Lotus SametimeAdvanced is a collection of enterprise services there is no central location for SSLconfiguration. Each of these service components must be addressed for SSLconfiguration.

The following topics contain instructions for implementing SSL authentication.




Configuring SSL for the Sametime Advanced ServerThese procedures describe how to set up Secure Sockets Layer (SSL) on a IBMLotus Sametime Advanced server.

Before you begin

Before you begin, install and connect Lotus Sametime Advanced to an LDAPdirectory.

About this task

To have a secure network connection, create a key for secure networkcommunications and receive a certificate from a certificate authority (CA) that isdesignated as a trusted CA on your server.

WebSphere Application Server uses the certificates that reside in keystores toestablish trust for a SSL connection. WebSphere Application Server creates thekey.p12 default keystore file and the trust.p12 default truststore file during profilecreation. A default, self-signed certificate is also created in the key.p12 file at this

time.

Note: If you use a certificate other than the default self-signed certificate provided,ensure that the SSL certificate contains the Basic Constraints extension. Do not usea non-SSLv3-compliant self-signed CA. WebSphere Application Server 6.1 uses theIBM JDK 1.5.0 JSSE2 which checks for the presence of the Basic Constraintsextension. If the extension is not set, WebSphere Application Server assumes thatthe CA is not a valid CA but a user certificate, which in returns doesn't allow tovalidate a server certificate as valid, because the issuing CA is not found.

The following procedures describe how to request a Certificate Authority-signedcertificate, receive the request, then extract the certificate to the keystore.

For complete details for setting up SSL in WebSphere Application Server, see theWebSphere Application Server information center.

Purchasing a certificate from a Certificate AuthorityPurchase a Certificate Authority-signed certificate for secure connections in IBMLotus Sametime Advanced.

About this task

The server certificate installed on the Sametime Advanced must conform to RFC3280 certificate standards. When requesting a certificate, check with the vendor tomake sure that the certificate supports both TLS Web Server Authentication andTLS Web Client Authentication. Some certificate authorities provide certificates that

support server authentication only or client authentication only. Certificates mustinclude both server and client authentication EKU flags. The certificates meet thesestandards. It is your responsibility to make sure that the certificate supports both.

1. Review the list of Certificate Authorities.

2. Purchase a certificate that supports both client and server authentication.

Defining the SSL configurationComplete these steps to create a new SSL configuration.


http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.doc/info/welcome_nd.html

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.doc/info/welcome_nd.html



About this task

Secure Sockets Layer (SSL) configurations contain the attributes that you need tocontrol the behavior of client and server SSL endpoints. You create a single SSLconfiguration to be used on the inbound and outbound trees in the configurationtopology.

1. Using the Integrated Solutions Console, click Security → SSL certificate andkey management → Manage endpoint security configurations.

2. Select a node link on the Inbound tree because you are defining an SSLconfiguration for one IBM Lotus Sametime node. The scope must be associatedwith an SSL configuration because it represents the default SSL configurationfor the inbound or outbound connection.

3. Click SSL configurations under Related Items.

4. Click New to display the SSL configuration panel.

5. Type a unique configuration name and click Apply.

6. From the Trust store name drop-down list, select NodeDefaultTrustStore . Atruststore name refers to a specific truststore that holds signer certificates thatvalidate the trust of certificates sent by remote connections during an SSL

handshake.7. Select a Keystore name from the Keystore name drop-down list. Select

NodeDefaultKeyStore. A keystore contains the personal certificates thatrepresent a signer identity and the private key that WebSphere ApplicationServer uses to encrypt and sign data.

8. Click OK, and then click Save to save the new SSL configuration.

Requesting a certificate signed by a Certificate AuthorityTo ensure Secure Sockets Layer (SSL) communication, servers require a personalcertificate that is signed by a certificate authority (CA). You must first create apersonal certificate request to obtain a certificate that is signed by a CA.

Before you begin

The keystore that contains a personal certificate request must already exist. InWebSphere Application Server, the keystore file key.p12 exists.

About this task

Complete the following tasks in the IBM WebSphere Integrated Solutions Console.

1. Click Security → SSL certificate and key management → Related items → Keystores and certificates → NodeDefaultKeyStore.

2. Under "Additional Properties," click Personal certificate requests.

3. Click New.

4. In the File for certificate request field, type the full path where the certificaterequest is to be stored, plus a file name.

For example: c:\servercertreq.arm (for a Windows machine).

5. Type an alias name in the Key label field.

The alias is the name you use to identify the certificate request in the keystore.

6. Type a common name (CN) value.

The CN must be the publicly resolvable, fully qualified, DNS host name of your IBM Lotus Sametime Advanced server, and must match the domainname of your community. For example, if your Sametime Advanced




community is us.acme.com, then the domain for the CN of the SSL certificatethat you create for your community must be us.acme.com.

7. Type an organization name in the Organization field.

This value is the "organization" value in the certificate's distinguished name.

8. In the Organization unit field, type the "organization unit" portion of thedistinguished name.

9. In the Locality field, type the "locality" portion of the distinguished name.10. In the State or Province field, type the "state" portion of the distinguished

name.

11. In the Zip Code field, type the "zip code" portion of the distinguished name.

12. In the Country or region drop down list, select the two-letter "country code"portion of the distinguished name.

13. Click Apply and Save.

The certificate request is created in the specified file location in the keystore.The request functions as a temporary placeholder for the signed certificateuntil you manually receive the certificate in the keystore.

Note: Key store tools (such as iKeyman and keyTool) cannot receive signedcertificates that are generated by certificate requests from WebSphereApplication Server. Similarly, WebSphere Application Server cannot acceptcertificates that are generated by certificate requests from other keystoreutilities.

14. Send the certification request arm file to a Certificate Authority for signing.

15. Make a backup copy of your keystore file. Make this backup before receivingthe CA-signed certificate into the keystore. The default password for thekeystore is WebAS. The Integrated Solutions Console has the path informationfor the keystore's location.

Make a backup copy of your keystore file. Make this backup before receivingthe CA-signed certificate into the keystore. The default password for the

keystore is WebAS. The Integrated Solutions Console has the path informationfor the keystore's location.

The path to the NodeDefaultKeyStore is listed in the Integrated SolutionsConsole as:

sametime_adv_profile\config\cells\cell_name\nodes\node_name\key.p12

What to do next

Now you can receive the CA-signed certificate into the keystore to complete theprocess of generating a signed certificate for your server.

Importing intermediate CA certificates into the keystoreIBM WebSphere Application Server creates a certificate chain when the signed

certificate is received. The chain is constructed from the signer certificates that arein the keystore at the time the certificate is received. Therefore, it is important toimport all intermediate certificates as signer certificates into the keystore beforereceiving the Certificate Authority-signed certificate. When you purchase a servercertificate for IBM Lotus Sametime Advanced, the certificate is issued by aCertificate Authority (CA). The CA can either be a root CA or an intermediary CA.

About this task

If your server certificate is issued by an intermediary CA, then complete the stepsthat follow, otherwise skip these steps.




1. Before you import an intermediate CA, first determine if your server'scertificate was issued by an intermediary CA:

a. Save the signed certificate to a text file with a .cer extension. For example:signed-certificate.cer. Include the Begin Certificate and EndCertificate lines when you save the file. For example:

-----BEGIN CERTIFICATE-----ZZZZ3zCCAkigAwIBAgIDB5iRMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT

MRAwDgZZZZQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0aWZpY2F0ZSBBdXRZZZZpdHkwHhcNMDcwNjE4MTkwNDI3WhcNMDgwNjE4MTkwNDI3WjBqMQswCQYDVQQGEwJVUZZZZwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1fc3RpbjEMMAoGA1UEChMDSUJNMRAwDgYDVQQLEwdzdXBwb3J0MRowGAYDVQQDExFydGNnYXRlLmxvdHVzLmNvbTCBnzANBZZZZiG9w0BAQEFAAOBjQAwgYkCgYEAlb7fl36tiobgdUzUYoFuJhRVZqItvBskeVFSOqDuQ4TwOAvaPTySx3z7ddFHSHwoFVOVIkU2gOPiRcPY8oYlZ5R7Bq1fI/t5MFUTJhYw7k6z95jfIufzai2Bn3e+jzm7ivJ5dckEZGm3ajjYQgwjCJBfOh7P9fE13dWJSZZZZzWcCAwEAAaOBrjCBqzAOBgNVHQ8BAf8EBAMCBPAwHQYDVR0OBBYEFMHrh2oiTGbcBH759lnRZZZZn+NSMDoGA1UdHwQzMDEwL6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3JsMB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/ZZZZGA1UdJQQWMBQGCCsGAQUFBwMBBggrBgEFBQcDAjANBZZZZkiG9w0BAQUFAAOBgQBKq8lUVj/DOPuNL/NnIGlrr1ot8VoZS7wZZZZlgeQLOmnZjIdRkbaoH04N3W3qZsQVs2/h4JZJj3mKVjjXFeRVHFFyGZZZZ4hHWH+Zqf/PJwjhVPKEwsiKFaAGJS5VzP3btMG8tGan02zZUE4LwPZZZZpMmvPI3U12W+76bqyvVg==

-----END CERTIFICATE-----b. Double-click on the new file that you created and a Certificate dialog box

opens.

c. Click on the Certification Path tab.

d. Look at the tree-like structure representing the full certificate chain. The topof the chain is referred to as the root Certificate Authority (CA). The bottomof the chain represents your server's certificate. If your server is not listedone-level below the root CA, then your certificate was issued by anintermediary CA. However, if your server is listed one-level below the rootCA, then the certificate was issued by the root CA.

e. If the server certificate is not issued by an intermediary CA, stop here.

2. Once you determine that the certificate is an intermediate certificate, you mustexport the certificate from the chain into its own certificate file:

a. Double-click the server's certificate (i.e. server.cer) file and a Certificatedialog box opens.

b. Click Certification Path tab.

c. Highlight an entry of the certificate chain.

d. Click View Certificate.

e. In the Certificate dialog window, click the Details tab.

f. Click Copy to File...

g. In the Certificate Export Wizard that appears, click Next.

h. Select Base-64 encoded X.509 (.CER), and click Next.

i. Type in a unique name for the certificate you are exporting and click Next.For example, "VS-intermediary-CA" for VeriSign’s intermediary certificateauthority.

j. Click Finish.

k. Click OK in the dialog box that displays the following message: The exportwas successful.

l. Repeat the preceding sub steps for each intermediate certificate in the chain.Note that there is no need to repeat these steps for the bottom entry of the




chain because the server’s certificate already exists. When you are done, youwill have a certificate file (.cer) for each entry of the chain. In our example,there are three certificate files:

Certificate type Name Certificate file name

Root VeriSign Class 3 PublicPrimary CA

VS-root-CA.cer

Intermediary VeriSign Class 3 SecureServer CA

VS-intermediary-CA.cer

Server sametime_advanced_server sametime_advanced_servercer

3. Finally, import the intermediary CA certificate into the keystore by completingthe following steps:

a. Using the Integrated Solutions Console, click Security → SSL Certificate andkey management.

b. Click Key stores and certificates.

c. Click NodeDefaultKeyStore.

d. Click Signer certificates.

e. Click Add.

f. In the Alias field, type a short descriptive name for the certificate. Forexample, "Verisign Intermediary CA."

g. In the File name field, type the path to the certificate file of theintermediary CA. For example, C:\certs\VS-intermediary-CA.cer.

h. Accept the default file data type.

i. Click Apply and Save.

j. Repeat the preceding steps for each intermediary CA that is part of thecertificate chain. In most cases, only one intermediary CA exists.

Receiving a signed certificate issued by a Certificate Authority

When a certificate authority (CA) receives a certificate request, it issues a newcertificate that functions as a temporary placeholder for a CA-issued certificate. Akeystore receives the certificate from the CA and generates a CA-signed personalcertificate that WebSphere Application Server can use for Secure Sockets Layer(SSL) security.

Before you begin

The keystore must contain the certificate request that was created and sent to theCA. Also, the keystore must be able to access the certificate that is returned by theCA.

About this task

IBM WebSphere Application Server can receive only those certificates that aregenerated by a WebSphere Application Server certificate request. It cannot receivecertificates that are created with certificate requests from other keystore tools, suchas iKeyman and keyTool.

Note: WebSphere Application Server creates the certificate chain when the signedcertificate is received. The chain is constructed from the signer certificates that arein the keystore at the time the certificate is received. Be sure to import allintermediate certificates as signer certificates into the keystore before receiving theCA-signed certificate.




1. In the Integrated Solutions Console, click Security → SSL certificate and keymanagement → Manage endpoint security configurations and trust zones.

2. Select the node on the Inbound tree.

3. Click Manage certificates.

4. Click Receive a certificate from a certificate authority.

5. Type the full path and name of the certificate file.

6. Select the default data type from the list.

7. Click Apply and Save.

What to do next

The keystore contains a new personal certificate that is issued by a CA. The SSLconfiguration is ready to use the new CA-signed personal certificate.

Extracting the certificateOnce a keystore has been configured by creating a certificate request andimporting the reply, the IBM WebSphere Application Server can extract the signeror public key from the certificate so you can send it to a third party if necessary.

Before you begin

The keystore that contains a personal certificate must already exist.

1. Click Security → SSL certificate and key management → Manage endpointsecurity configurations.

2. Select your IBM Lotus Sametime Advanced server node on the Outbound tree.

3. Click Manage certificates.

4. Select the certificate that was just imported and click Extract in the upper rightcorner.

5. Type the full path for the certificate file name. The signer certificate is writtento this certificate file. For example, in Windows:

c:\certificates\local_cert.arm

6. Select the default data type from the list.

7. Click Apply and Save. The signer portion of the personal certificate is stored inthe arm file that is provided. Now you are ready to add a third party certificateto a keystore.

What to do next

If the third party with whom you are going to share SSL security does have ashared CA that verifies your identity, you can send your public key in an email tothe third party. They can then add your certificate to their trusted key store.

Adding a third party certificate to a keystoreSigner certificates establish the trust relationship in SSL communication. You canextract the signer part of a personal certificate from a keystore, and then you canadd the signer certificate to other keystores.

Before you begin

Extract the certificate first before performing these steps.

1. Click Security → SSL Certificate and key management → Key stores andcertificates → NodeDefaultTrustStore → Signer Certificate .




2. Click Add.

3. Type an alias to identify the Certificate Authority in the Alias field.

4. Type in the full path to the file name containing the Certificate Authority'spublic key. For example:

c:\certificates\acme_external_community.arm

5. Select the data type and click OK.

What to do next

When these steps are completed, the signer from the certificate file is stored in thekeystore. You can see the signer in the keystore files list of signer certificates. Usethe keystore to establish trust relationships for the SSL configurations.

Setting up Sametime Advanced to use a new certificateSet up the IBM Lotus Sametime Advanced server to use the defined SSLconfiguration with the new certificate.

Before you begin

You must add a new certificate to the key store before you can perform these steps.1. Click Security → SSL certificate and key management → Manage endpoint

security configurations.

2. Expand the Inbound node, and then expand Nodes.

3. Select the SSL Configuration name from the drop down list that you specifiedwhen you defined the SSL configuration.

4. Click Update certificate alias list.

5. Select the certificate alias from the Certificate alias in key store drop downthat you specified when you received the certificates from the CA.

6. Click Apply and then Save.

7. Repeat the preceding steps on the Outbound node of the local topology tree.

8. Restart the Lotus Sametime Advanced server.

Configuring SSL for Web access to Sametime AdvancedThe IBM HTTP Server works with the IBM WebSphere Application Server toprovide Web access for IBM Lotus Sametime Advanced.

About this task

Sametime Advanced allows users to choose a direct communication between theirWeb browsers and the Sametime Advanced server or through the IBM HTTPserver. Both types of communications can be configured to use SSL.

Accessing Lotus Sametime Advanced from a browser without an IBM HTTPServer

There is no configuration required, so you can access the IBM Lotus SametimeAdvanced server using this type of URL:

https://<hostname_or_IPaddress>:9443/stadvanced

For example:

https://stadv.acme.com:9443/stadvanced




Configuring SSL to access Lotus Sametime Advanced from a browser with anIBM HTTP server

1. Use a text editor to open the following file:

<IBM HTTP Installed directory>\conf\httpd.conf. For example: C:\Program Files\IBM\HTT

2. In the httpd.conf file, find the directory in which the plugin-cfg.xml file isstored by searching for the WebSpherePluginConfig line. It should look like

this:WebSpherePluginConfig "C:\Program Files\IBM\HTTPServer\Plugins\config\stadvhttp\plugin

3. Open the plugin-cfg.xml file, find the directory in which the key database file(*.kdb) is stored by searching for the term "keyring". For example:

<Property Name="keyring" Value=C:\Program Files\IBM\HTTPServer\Plugins\config\stadvhtt

Note: You will need to use this location later.

4. In the httpd.conf file, add the following lines at the bottom of the file:

# loads IHS proxy and SSL modulesLoadModule proxy_module modules/mod_proxy.soLoadModule proxy_http_module modules/mod_proxy_http.soLoadModule ibm_ssl_module modules/mod_ibm_ssl.so

# HTTPS<ifModule mod_ibm_ssl.c>

Listen 0.0.0.0:443

<VirtualHost *:443>CustomLog logs/access-443.log commonErrorLog logs/error-443.log

Keyfile "<The location and the file name you noted in step 3>" (For example: KeyfileSSLStashfile "<The location you noted in step 3>/plugin-#key.sth" (For example: SSLSSSLEnable

</VirtualHost></ifModule>

5. Save and close the file.

6. Add the extracted Lotus Sametime Advanced certificate to your key databasefile using iKeyMan

a. Copy c:\certificates\local_cert.arm which you extracted in "Extracting thecertificate" to your IBM HTTP Server machine.

b. Open a command prompt window and navigate to the IBM HTTP Serverinstalled directory, for example, C:\Program Files\IBM\HTTPServer

c. Navigate to the bin directory and type iKeyMan.

d. Select Key Database File from the main menu, then select Open and thenselect a key database type of CMS.

e. Specify the filename and location you found previously. For example:plugin-key.kdb and C:\Program Files\IBM\HTTPServer\Plugins\config\

stadvhttp\plugin-key.kdb.

f. Click OK, and then enter the password. Note: If you have not given this fileanother password, the default password from the IBM WebSphereApplication Server is WebAS (case sensitive). Select it, then Open, and clickOK. Supply a name if you are prompted.

g. Click the Personal Certificates drop down menu and then select SignerCertificates.

h. Click Add.

i. Browse to the file you copied in step 6a (local_cert.arm),




j. Click Key Database File → Save As and replace IBM/HTTPServer/Plugins/config/stadvhttp/plugin-key.kdb.

k. Enter the password WebAS.

l. Select Key Database File → Exit.

7. Restart the IBM HTTP Server in Windows services.

8. Open a browser, type the following URL to test your SSL Connection:

https://<your Sametime Advanced host name:443>/stadvanced/

Configuring SSL for the Sametime ClientYou can configure the IBM Lotus Sametime Connect client to communicate withIBM Lotus Sametime Advanced with SSL either with or without using an IBMHTTP Server.

Configuring SSL for the Sametime client without an IBM HTTPServerFollow these steps to configure the IBM Lotus Sametime Connect client tocommunicate with IBM Lotus Sametime Advanced without using the IBM HTTPServer.

Importing the certificate into the Sametime Client keystore:

Import the certificate into the IBM Lotus Sametime client's JRE.

1. Copy c:\certificates\local_cert.arm which you extracted in "Extracting thecertificate" to your Sametime Client machine.

2. To import the certificate into the client's JRE, enter the following commandfrom the client's command line:

keytool -import -keystore "<JRE_path>\lib\security\cacerts"-alias <alias> -file <file>

Where:

v <JRE_path> is the JRE path, which typically is C:\Program

Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_<version>\jre

v <alias> is the Alias field that you specified in step 3f in the topic "Importingintermediate CA certificates into the keystore."

v <file> is the file from step 1.

Setting client preferences to use SSL without HTTP server:

The IBM Lotus Sametime Connect client must be configured with the appropriateport numbers and connection protocol if you want to use Lotus SametimeAdvanced features with an SSL connection. SSL is typically set up correctly by anadministrator, but an end user can also configure the client by following these

instructions.1. In Lotus Sametime Connect, click File → Preferences.

2. Click Chat Rooms and Broadcast Tools → Sametime Advanced Server.

a. Click Direct Connection.

b. Type the fully qualified host name of your Lotus Sametime Advancedserver in the Host server field.

c. Type 9443 in the Port field.

d. Next to Protocol, click HTTPS.

3. Click OK.




Configuring SSL for the Sametime client using an IBM HTTPServerFollow these steps to configure the IBM Lotus Sametime Connect client tocommunicate with IBM Lotus Sametime Advanced using SSL with the IBM HTTPserver

Purchasing a certificate from a Certificate Authority:

Purchase a Certificate Authority-signed certificate for secure connections in IBMLotus Sametime Advanced.

About this task

The server certificate installed on the Sametime Advanced must conform to RFC3280 certificate standards. When requesting a certificate, check with the vendor tomake sure that the certificate supports both TLS Web Server Authentication andTLS Web Client Authentication. Some certificate authorities provide certificates thatsupport server authentication only or client authentication only. Certificates mustinclude both server and client authentication EKU flags. The certificates meet thesestandards. It is your responsibility to make sure that the certificate supports both.

1. Review the Certificate Authorities.

2. Purchase a certificate that supports both client and server authentication.

Requesting a certificate signed by a Certificate Authority:

Follow these steps to request a signed certificate.

1. Open a command prompt window and navigate to IBM HTTP Server installeddirectory, for example, C:\Program Files\IBM\HTTPServer.

2. Navigate to the bin directory, and type iKeyMan.

3. Select Key Database File from the main menu, then select New.

4. In the New dialog box, click the CMS for Key database type. .

5. Enter a file name and a location, and click OK.

6. In the Password Prompt dialog box, enter your correct password, and clickOK.

7. Click New on the right side menu bar.

8. In the New Key and Certificate Request dialog box, enter an alias name in theKey label field. The alias is the name you use to identify the certificaterequest in the keystore.

9. Enter a common name (CN) value. The CN value must be the publiclyresolvable, fully qualified, DNS host name of your IBM Lotus SametimeAdvanced server, and must match the domain name of your community. Forexample, if your Sametime Advanced community is us.acme.com, then the

domain for the CN of the SSL certificate that you create for your communitymust be us.acme.com.

10. You can enter values for the optional fields.

11. In the Enter the name of a file in which to store the certificate request field,type the full path where the certificate request is to be stored, plus a file name.For example: c:\servercertreq.arm (for a Windows machine).

12. Click OK.

13. Send the certification request arm file to a Certificate Authority for signing.

14. Make a backup copy of your keystore file.




Receiving a signed certificate issued by a Certificate Authority:

A keystore receives the certificate from the CA and generates a CA-signed personalcertificate that IBM HTTP server can use for Secure Sockets Layer (SSL) security.

About this task

The keystore must contain the certificate request that was created and sent to theCA. Also, the keystore must be able to access the certificate that is returned by theCA. To receive the CA-signed certificate into a key database:

1. Open a command prompt window and navigate to IBM HTTP Server installeddirectory, for example, C:\Program Files\IBM\HTTPServer

2. Change to the bin directory and type iKeyMan.

3. Select Key Database File from the main menu, then select Open.

4. In the Open dialog box, select CMS for Key database type, enter your keydatabase name you created, or click on key.kdb if you are using the default.Click OK.

5. In the Password Prompt dialog box, enter your correct password, then click

OK.6. Select Personal Certificates in the Key Database content frame, then click

Receive.

7. In the Receive Certificate from a File dialog box, enter the name of a validBase64-encoded file in the Certificate file name text field. Click OK.

8. Restart IBM HTTP Server.

The keystore contains a new personal certificate that is issued by a CA. TheSSL configuration is ready to use the new CA-signed personal certificate.

Extracting the certificate:

1. Open a command prompt window and navigate to IBM HTTP Server installeddirectory, for example, C:\Program Files\IBM\HTTPServer

2. Change to the bin directory and type iKeyMan.

3. Select Key Database File from the main menu, then select Open.

4. In the Open dialog box, select CMS for Key database type, enter your keydatabase name that you created or click on key.kdb if you are using thedefault. Click OK.

5. In the Password Prompt dialog box, enter your correct password, then clickOK.

6. Select Personal Certificates in the Key Database content frame, then clickExtract Certificate.

7. In the Extract Certificate to a file dialog, select Base64-encoded ASCII datafor Data type.

8. Type a file name for the certificate file name. The signer certificate is writtento this certificate file. For example, in Windows: c:\certificates\local_cert.arm.

9. Type a location for the file, and click OK.

10. Select Key Database File from the main menu, then select Exit.

Importing the certificate into the Sametime Client keystore:

Import the certificate into the IBM Lotus Sametime client's JRE.

1. Copy c:\certificates\local_cert.arm which you extracted in "Extracting thecertificate" to your Sametime Client machine.




2. To import the certificate into the client's JRE, enter the following commandfrom the client's command line:


Where:

v <JRE_path> is the JRE path, which typically is C:\Program

Files\IBM\Lotus\Sametime Connect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_<version>\jre


v <file> is the file from step 1.

Setting client preferences to use SSL:

The IBM Lotus Sametime Connect client must be configured with the appropriateport numbers and connection protocol if you want to use Lotus SametimeAdvanced features with an SSL connection with an HTTP server. SSL is typicallyset up correctly by an administrator, but an end user can also configure the client

by following these instructions.

1. In Lotus Sametime Connect, click File → Preferences.

2. Click Chat Rooms and Broadcast Tools → Sametime Advanced Server.

a. Click Direct Connection.

b. Type the fully qualified host name of your Lotus Sametime Advancedserver in the Host server field.

c. Type 443 in the Port field.

d. Next to Protocol, click HTTPS.

3. Click OK.

Configuring Sametime Advanced for SSL communication with

Event BrokerFollow these steps to configure the IBM Lotus Sametime Advanced server for SSLcommunication with the IBM WebSphere Event Broker.

1. Configure the Lotus Sametime Advanced server to use SSL encryption whencommunicating with the Event Broker:

a. On the Lotus Sametime Advanced server, log in to the Integrated SolutionsConsole using a WebSphere Application Server administrator account. TheWeb address is formatted like this:


For example:


b. Click Resources → JMS → Connection factories → Broker TCF.

c. In the Connection factories page, select CERTIFICATE for the field DirectBroker authorization type, and click OK.

d. Click Save

e. Restart the Lotus Sametime Advanced server.

2. Import the Event Broker certificate into the Lotus Sametime Advanced server:

On the Event Boker server, you extracted the certificate to a file in step 1 of ,“Importing self-signed certificates” on page 209. Now import it into the LotusSametime Advanced server:




a. On the Lotus Sametime Advanced server, log in to the WebSphereApplication Server Integrated Solutions Console.

b. Click Security → SSL Certificate and key management.

c. Under "Related Items", click Key store and certificates, and then clickNodeDefaultTrustStore .

d. Under "Additional Properties", click Signer Certificates, and then click Add.

e. Type an alias for the certificate.f. Type the path of the file where the certificate is saved, and then click OK.

g. Save the changes.

3. Import the WebSphere Application Server SSL certificate into the LotusSametime Advanced server:

You extracted the certificate to a file in,“Extracting the certificate” on page 199.Now import it into the Lotus Sametime Advanced server:

a. On the Lotus Sametime Advanced server, log in to the WebSphereApplication Server Integrated Solutions Console.

b. Click Security → SSL Certificate and key management.

c. Under "Related Items", click Key store and certificates, and then click

NodeDefaultTrustStore .d. Under "Additional Properties", click Signer Certificates, and then click Add.

e. Type an alias for the certificate.

f. Type the path of the file where the certificate is saved, and then click OK.

g. Save the changes.

4. Add the Event Broker client jar to the boot classpath of the WebSphereApplication Server:

a. From WebSphere Application Server Integrated Solutions Console, clickServers → Application Servers → server1 → Java and Process Management →Process Definition → Java Virtual Machine.

b. In the Boot Classpath field, add a full path reference to the CL3Export.jar,

which should be found in WebSphere/AppServer/lib/WMQ/java/lib.

Configuring Event Broker for SSL communication withSametime Advanced

Configure the IBM WebSphere Event Broker for SSL communication with the IBMLotus Sametime Advanced server by importing the certificate into the EventBroker's keystore.

1. Copy c:\certificates\local_cert.arm which you extracted in "Extracting thecertificate" to your Event Broker machine.

2. To import the certificate into the Event Broker's JRE, enter the followingcommand from the Event Broker command line:


Where:

v <JRE_path> is the JRE path, which typically is C:\ProgramFiles\IBM\MQSI\6.0\jre


v <file> is the file from step 1




3. Use a text editor to open Event_Broker_installed_directory\MQSI\6.0\bin\exitSetting.ini, for example: C:\Program Files\IBM\MQSI\6.0\bin\exitSetting.ini (Windows), or /var/mqsi/exitSetting.ini(AIX, Linux, or Solaris).

4. Change servletURL=http://server_name:9080/cas/oc to servletURL=https://server_name:9443/cas/oc.

5. Change jsecurityURL=http://server_name:9080/stadvanced/j_security_check

to jsecurityURL=https://server_name:9443/stadvanced/j_security_check

Configuring SSL for broadcast communitiesYou have the option of implementing SSL authentication services for broadcastcommunities.

About this task

When you install the IBM WebSphere Event Broker, the IBM WebSphere MessageBroker also gets installed as a component of the Event Broker. To implement SSLauthentication for Lotus Sametime Advanced broadcast communities, you mustconfigure the Message Broker for SSL.

The following topics contain instructions for implementing SSL authentication for broadcast communities. For more information see "Implementing SSLauthentication" in the WebSphere Message Broker information center athttp://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp.

Creating a keystore fileThe keystore file is a key database file that contains both public keys and privatekeys. Public keys are stored as signer certificates while private keys are stored inthe personal certificates. A Secure Sockets Layer (SSL) configuration referenceskeystore configurations during runtime.

About this task

IBM WebSphere Message Broker includes a Java Runtime Environment (JRE) thatsupplies a keystore manipulation program, which is called keytool. Follow thesesteps to use keytool to create a new keystore file.

Note: Another way to create a new keystore file, is by using the iKeymancertificate management tool. For information on using iKeyman, see "Certificatemanagement using iKeyman" in the WebSphere Application Server informationcenter at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp.

1. Select Start → IBM WebSphere Message Broker 6.0 → Command Console toopen the command console.

2. In the command console, type the following command:

keytool

This command displays the help options and therefore validates that thecommand is working.


keytool -genkey -keyalg RSA -keystore .keystore -alias brokerssl-storepass password

v keyalg - The algorithm used in generating the key. If the server is using aDSA key, and the client is using aSSL_DHE_RSA_WITH_AES_128_CBC_SHA cipher, you need to use an RSAkey on the server.




v password - The password used for the keystore. You will need to use thispassword again when you create a password in the next topic "Configuringthe broker to use the keystore."

v .keystore - The name of the keystore file. Name this file ".keystore" as in thesample command above. It is created in the WebSphere Message Brokerhome directory (c:\Program Files\IBM\MQSI\6.0\).

v

brokerssl - The alias is an identifier for the SSL key. The alias is used whenyou export the certificate for importing into a client's cacerts file.

Note: To import a certificate generated by a certificate authority use the-import option instead of the -genkey option.The keytool prompts you for some details that are used to generate certificates.Your details are added to a keystore, if it already exists, or a keystore is created.These values can be set to any values that are required but the properties onthe broker must be changed to reflect these values. The -genkey optiongenerates all the certificate files that are required to get HTTPS working butthey are not official certificates. You must purchase a real certificate from acertificate authority. Consult your system administrator to find out yourcompany policy for certificate creation.

4. Press Enter when you are prompted for a password. By default, the Enter keysignifies the same password for the keystore.

Configuring the broker to use the keystoreThe IBM WebSphere Message Broker requires you to set several properties to use akeystore.

Before you begin

Before you begin, verify that the WebSphere Message Broker is running.

About this task

In the previous topic, "Creating a keystore file," you created a keystore file, but sofar, the Message Broker does not have any information about the keystore. Youneed to provide this information so that the Message Broker can find your keystorefile and learn the password for it. All of these properties can be set using themqsichangeproperties command.

1. Create a password file using the password that you created for your keystore inthe previous topic, "Creating a keystore file."

a. Using a text editor, create a file with a single line containing a password foryour keystore.

b. Save the file as .keypass in the c:\Program Files\IBM\MQSI\6.0\ directory.

2. Select Start → IBM WebSphere Message Broker 6.0 → Command Console toopen the command console.

3. Set the authentication protocol method to SP. SP allows both S (SSL) and P(Cleartext passwords) in that order. Type the following command:

mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine-n clientAuthProtocols -v SP

Where broker service is the name of the broker. This parameter must be the firstparameter. For example:

mqsichangeproperties BRKR_SCCS -e default -o DynamicSubscriptionEngine-n clientAuthProtocols -v SP

4. To set the name of the keystore file that you are using, enter the followingcommand:




mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine-n sslKeyringFile -v "c:\Program Files\IBM\MQSI\6.0\.keystore"

5. To set the name of the password file that you are using, enter the followingcommand:

mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine-n sslPassphraseFile -v "c:\Program Files\IBM\MQSI\6.0\.keypass"

6. Stop and restart WebSphere Message Broker.

Importing self-signed certificatesImporting a certificate is only required for self-signed or unknown CA certificates.This is uncommon and only expected for test environments. A cacerts master fileshould be configured and copied to other clients to avoid updating the cacerts fileon every client.

About this task

The Java Runtime Environment (JRE) has a file named cacerts in the JRE's libfolder that contains a list of Trusted CA's that the JRE uses to negotiate secureconnections. Self-signed or unknown CA certificates have to be explicitly importedto the cacerts file in order for IBM Lotus Sametime Advanced to successfullyconnect using HTTPS. In order to do so, the certificate must be exported by theIBM WebSphere Event Broker machine (the system accepting the HTTPSconnection) and imported to the client's Lotus Sametime JRE.

Note: The following instructions use the keytool manipulation program providedin the JRE. Another way to import a self-signed certificate, is by using the iKeymancertificate management tool. For information on using iKeyman, see "Certificatemanagement using iKeyman" in the WebSphere Application Server informationcenter at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp.

1. On the Event Broker server, choose Start → IBM WebSphere Message Broker6.0 → Command Console to open the command console.

keytool -export -keystore "c:\Program Files\IBM\MQSI\6.0\.keystore" -alias brokerssl -

"c:\key.cer"v .keystore - The name of the keystore file. This file, named ".keystore", was

created when you created your keystore. It is created in the WebSphereMessage Broker home directory c:\Program Files\IBM\MQSI\6.0\.

v brokerssl - The alias is an identifier for the SSL key. The alias, "brokerssl" wascreated when you created your keystore. The alias is used when you exportthe certificate for importing into a client's cacerts file.

v c:\key.cer - The file name for your exported certificate.

When you are prompted, enter the password that you specified when youcreated the keystore.

2. Copy the c:\key.cer file and distribute it to the appropriate clients. The file

should be copied to the c:\ directory of the clients.3. To import the certificate into the client's JRE, enter the following command

from the client's command line:

<JRE-path>\bin\keytool -import -keystore "<JRE_path>\lib\security\cacerts"-alias brokerssl -file "c:\key.cer"

v JRE_path - The JRE path typically is C:\Program Files\IBM\Lotus\SametimeConnect\rcp\eclipse\plugins\com.ibm.rcp.jcl.desktop.win32.x86_version\jre

v c:\key.cer - The certificate that is being imported into the client keystore.




4. When you are prompted for the password of the client keystore, enter thefollowing:

changeit

This is the default password on every JRE's cacerts file.

5. When your prompted to trust the certificate, enter:

yes

A message indicating that the certificate was accepted appears.

6. Log in to the IBM Lotus Sametime Connect client.

7. In Lotus Sametime Connect, click File → Preferences.

8. Click Chat Rooms and Broadcast Tools Broadcast Tools Server.

a. Click Direct Connection with SSL.

b. Type the fully qualified host name of your WebSphere Event Broker serverin the Host server field.

c. Type 1506 in the Port field. This is the default for an SSL connection.

d. Click OK.

Integrating SiteMinder with Lotus Sametime AdvancedThis section describes how to configure CA eTrust SiteMinder 6 for authenticationwith IBM Lotus Sametime Advanced.

Before you begin

Note: IBM recommends that you use the latest available version of the CA eTrustSiteMinder, as well as the latest available hot fix that is certified by ComputerAssociates to work with the version of the HTTP server that you are using. Usethis documentation as a guide, but you will probably need to refer to theSiteMinder documentation, too.

SiteMinder uses agents to intercept HTTP requests in Lotus Sametime Advanced,and then forwards them to the SiteMinder Policy Server for authentication. Thereare two types of SiteMinder agents used when you configure SiteMinder to workwith Lotus Sametime Advanced.

v Siteminder Web Agent - Installed on the Lotus Sametime Advanced HTTPserver and the Lotus Sametime 8 server

Web agents control access to Web content and deliver a user’s securitycredentials directly to any Web application being accessed by the user. Byplacing an agent in a Web server that is hosting protected Web content orapplications, administrators can coordinate security across a heterogeneousenvironment of systems and create a single sign-on domain for all users. ForWeb servers, the Web Agent integrates through each Web server’s extension API.

It intercepts all requests for resources (URLs) and determines whether eachresource is protected by SiteMinder. If the resource is not SiteMinder protected,the request is passed through to the Web server for regular processing. If it isprotected by SiteMinder, the Web agent interacts with the policy server toauthenticate the user and to determine if access to the specific resource isallowed.

v Application Server Agents - Installed on the IBM WebSphere ApplicationServer

To secure more finely-grained objects such as servlets, JSPs, or EJB components,which could comprise a full-fledged distributed application, SiteMinder provides




a family of SiteMinder application server agents (ASAs). ASAs are plug-ins thatcommunicate with the SiteMinder Policy Server to extend single sign-on (SSO)across the enterprise, including J2EE application server-based applications. ASAsalso enable SiteMinder to centralize security policy management by externalizing

J2EE authorization policies through standard interfaces such as those based on JSR 115.

About this task

Similar to other WebSphere Application Server environment configurations, youneed to configure the following objects in SiteMinder to successfully protect yourLotus Sametime environment:

v An agent for the SiteMinder Web Agent

v An agent for the SiteMinder TAI

v An Agent Conf Object for the SiteMinder Web Agent

v An Agent Conf Object for the SiteMinder TAI

v A Host Conf Object for the SiteMinder Web Agent

v A Host Conf Object for the SiteMinder TAI

v A User Directory Definition for SiteMinder to use to validate user credentialsv An Authentication Scheme

v A domain for the Web Agent in your Lotus Sametime environment

v A domain for the TAI in your Lotus Sametime environment

v Realm definitions for both domains

v Rules for the realms responses, if required, for the rules that you have defined

v A policy or policies for the domains

To configure SiteMinder to work with your Lotus Sametime Advanced server,complete the following integration steps:

Creating configuration objectsFollow these steps to create configuration objects for your IBM Lotus SametimeAdvanced environment on the CA eTrust SiteMinder Policy server.

1. Open the SiteMinder Policy Server console.

2. To create the Web Agent objects, follow these steps.

a. Click the System tab.

b. Under System Configuration, right-click the Agents icon.

c. In the SiteMinder Agent Dialog, type a unique value not used previouslyfor an existing agent in the *Name field.

d. Optional: Type a description such as "Sametime Advanced Web Agent."

e. Under Agent Type, select SiteMinder, and then select Web Agent from thedrop-down list.

f. Click OK.

3. For Apache-based products, IBM recommends that you create a duplicate of theexisting ApacheDefaultSettings Agent Conf Object on the SiteMinder PolicyServer and modify the duplicate as appropriate. To create an Agent Conf objectfor your HTTP Server:

a. Under System Configuration, click the Agent Conf Objects icon.




b. Right-click the ApacheDefaultSettings Agent Conf object in the Agent Conf Object List on the right side of the console, and select DuplicateConfiguration Object.

c. In the SiteMinder Agent Configuration Object Dialog, type a unique valuenot used previously for an existing agent in the *Name field.

d. Optional: Type a description such as "Sametime Advanced Web Agent."

e. In the Configuration Values list, set the following parameters to the valuesindicated or to the appropriate values for your server. Clicking eachparameter, and select the Edit:

v DefaultAgentName - Name given to agent created in step c.

v AllowLocalConfig - Yes

v CssChecking - No

v BadUrlChars - remove // and /.,%00-%1f,%7f-%ff,%25 from the defaultlist of Bad Url Characters

v If you are going to change the Logout button, you also need to set theLogOffURI parameter as described in "Configuring SiteMinder to use theLotus Sametime Log out link to perform Full Logoff." All otherparameters can be left at their default settings..

f. Click OK.

4. IBM recommends that you create a duplicate of the existingDefaultHostSettings Host Conf Object on the SiteMinder Policy Server andmodify the duplicate as appropriate. To create a Host Conf object for yourHTTP Server:

a. Under System Configuration, click the Host Conf Objects icon.

b. Right-click the DefaultHostSettings object in the Host Conf Object List onthe right side of the console, and select Duplicate Configuration Object.

c. In the SiteMinder Host Configuration Object Dialog, type a unique value inthe *Name field.

d. Optional: Type a description such as "Sametime Advanced Host."

e. In the Configuration Values list, edit the #Policy Server value by removingthe # from in front of the parameter name and enter the IP address of yourSiteMinder Policy Server in the appropriate place in the value field.

f. Click OK.

5. Repeat the previous three steps for the Trust Association Interceptor (TAI)Agent: create an Agent, an Agent Configuration object, and aHost-Configuration Object for the TAI Agent to use.

6. SiteMinder uses LDAP to authenticate users. You must create a user directoryon the SiteMinder Policy Server, so that the policy that you set up for yourLotus Sametime Advanced server can access the appropriate LDAP server toauthenticate your Lotus Sametime Advanced users. This must be the sameLDAP server that has been configured with your Lotus Sametime Advancedserver. To create a user directory:

a. Under System Configuration, right-click the User Directories icon.

b. Click Create User Directory.

c. In the SiteMinder User Directory Dialog, type a unique value in the *Namefield.

d. Optional: Type a description.

e. Select LDAP from the *Namespace drop-down list.

f. Type the fully qualified host name of your LDAP server in the *Server field.




g. Complete the LDAP Search and LDAP User DN Lookup fields asappropriate for your LDAP users.

Note: Depending on your LDAP server configuration, you might need toadd required credentials on the Credentials and Connection tab so that theSiteMinder Policy Server can bind with your LDAP server. Refer to theeTrust SiteMinder documentation for details.

h. Click OK.

Configuring domains and realms for Lotus SametimeAdvanced

Follow these steps to configure the domains and realms for your IBM LotusSametime Advanced environment on the CA eTrust SiteMinder Policy Server.


2. Define a domain for the Web Agent in your Lotus Sametime Advancedenvironment:

a. Right-click Domains under System Configuration, and choose CreateDomain.

b. In the SiteMinder Domain Dialog, type a unique value in the *Name field,for example, Sametime_WA.

c. Optional: Type a description.

d. In the drop-down list at the bottom of the dialog, select the user directoryto use in this domain.

e. Click << Add to add it to the User Directories Tab.

f. Click OK.

3. Define a domain for the TAI in your Lotus Sametime Advanced environment:

a. Click Create Domain.

b. In the SiteMinder Domain Dialog, type a unique value in the *Name field,for example, Sametime_TAI.


d. Click OK.

4. Define the realm definition for the Web Agent domain that you created in step2:

a. Click the Domains tab.

b. Right-click the domain you created, and click Create Realm.

c. In the SiteMinder Realm Dialog, type a unique value in the *Name field, forexample, Sametime_WA.

d. Optional: Type a description.

e. Click the Resource tab.

f. In the Agent field, type the name of the agent that you created for the WebAgent in this environment. You can also select it using Lookup.

g. Type the Resource Filter as /

h. Under Default Resource Protection, select Protected. Leave all the otherfields on the Resource, Session and Advanced tabs as their default values.

i. Click OK.

j.

5. Define the realm definition for the TAI domain that you created in step 3:

a. Right-click the domain you created, and click Create Realm.




b. In the SiteMinder Realm Dialog, type a unique value in the *Name field, forexample, SM TAI Validation.

c. Optional: Type a description for the realm.

d. Click the Resource tab.

e. In the Agent field, type the name of the agent that you created for the TAIin this environment. You can also select it using Lookup.

f. Type the Resource Filter as /siteminderassertion.g. From the Authentication Scheme drop-down list, select the scheme that

you will use for this environment.

h. Under Default Resource Protection, select Protected. Leave all the otherfields on the Resource, Session and Advanced tabs as their default values.

i. Click OK.

6. Define rules for the realm that you created for the Web Agent domain.

a. Right-click the realm that was created for the Web Agent domain (forexample Sametime_WA), and select Create Rule under Realm.

b. Use the SiteMinder Rule dialog to create the following rules:

GetPostPut rule properties

v *Name - GetPostPut Rule

v Realm - For example, Sametime_WA

v Resource: - *

v Web Agent actions - Get,Post,Put

v When this Rule fires - Allow Access

v Enable or Disable this Rule - Enabled

OnAuthAccept rule properties

v *Name - OnAuth

v Realm - For example, Sametime_WA

v Resource: - *

v Authentication events - OnAuthAcceptv When this Rule fires - Allow Access


7. Define a policy to control the webagent domain.

a. Under the domain that was previously created, right-click on policies, andselect Create Policy.

b. In the SiteMinder Policy Dialog, type a unique value in the *Name field, forexample, STADVWAPolicy.


d. Click Add/Remove, and from the dialog that follows add in the users,groups, and organizations that you will allow access to your Lotus

Sametime Advanced Server.e. Click the Rules tab.

f. Click Add/Remove Rules, and add the GetPostPut and OnAuth rules youcreated in step 6.

g. Click OK.




Installing and configuring the SiteMinder Web AgentIBM recommends that you install the latest available version of the CA eTrustSiteMinder Web Agent as well as the latest available hot fix that is certified byComputer Associates to work with the version of the HTTP server that you areusing.

Before you beginBefore you begin, you must download the Siteminder V6-QMR5 W32 Web Agentinstallation files from the SiteMinder support site at .http://support.netegrity.com.

About this task

Refer to the SiteMinder platform support matrices for more details. These matricescan be obtained from the SiteMinder support site. You can also refer to theSiteMinder WebAgent Installation Guide for details about configuring the Web Agentto work with the HTTP server that you are using. The application agent for IBMLotus Sametime Advanced should be v6.0 CR005 or later to ensure support of IBMWebSphere Application Server 6.1.

Note: To install the SiteMinder Web Agent on platforms other than MicrosoftWindows, you can use the relevant Win32 instructions as a reference document.The same configuration information needs to be provided, regardless of platform.There are also additional instructions included with the Web Agent installationfiles that indicate platform-specific steps that are required for installing andconfiguring the Web Agent on a specific platform.

Follow these steps to install and configure the Win32 6x Web Agent for your HTTPserver.

1. If necessary, extract all the files from the ZIP file provided by SiteMinder.

2. Start the Web Agent executable. The format is nete-wa-6qmr X-platform.exe.

For example:nete-wa-6qmr5-win32.exe

The CA SiteMinder Web Agent Introduction screen appears.

3. Click Next.

4. On the License Agreement screen, scroll down and select I accept the terms ofthe License Agreement, and click Next.

5. Click Next on the Important Information screen.

6. On the Choose Install Location screen, accept the default location for installingthe Web Agent or click Choose to select a different location, then click Next.

7. Click Next on the Choose Shortcut Folder screen.

8. Click Install on the Pre-Installation Summary screen.

9. On the Install Complete screen, accept the defaults selection and click Done.Your system restarts.

10. Click Start → Programs → Siteminder → Web Agent Configuration Wizard tostart the Web Agent Configuration Wizard.

11. On the Host Registration screen, select Yes, I would like to do HostRegistration now, but do not select the Enable PKCS11 DLL CryptographicHardware check box. Click Next.




12. On the Admin Registration screen, type the SiteMinder administrator nameand password provided by your SiteMinder contact. Do not select the EnableShared Secret Rollover check box. Click Next.

13. On the Trusted Host Name and Configuration Object screen, type the trustedhostname and Host Conf Object provided by your SiteMinder contact. ClickNext.

14. On the Policy Server IP Address screen, type the SiteMinder Policy Server IPaddress provided by your SiteMinder contact and click Add. Click Next.

15. On the Host Configuration file location screen, accept the default file nameand location and click Next.

16. On the Select Web Server(s) screen, select the check box next to the http serverthat you wish to configure with the Web Agent, and then click Next.

17. On the Agent Configuration Object screen, enter the Agent Conf Objectprovided by the SiteMinder contact and click Next.

18. On the Web Server Configuration Summary screen, click Install. The WebAgent configuration process starts, and then the Configuration Completescreen appears.

19. Click Done to complete the configuration process.

Note: You can ignore messages indicating that some warnings occurredduring the installation. These warnings appear by default and do not affectthe functionality of the Web Agent.

What to do next

There are additional steps that must be completed to enable the Web Agent tofunction properly for your server. Follow the additional instructions that areprovided by your SiteMinder contact in order to complete this setup.

Installing and configuring the SiteMinder TAI

IBM recommends that you install the latest available version of the CA eTrustSiteMinder Trust Association Interceptor (TAI) as well as the latest available hot fixthat is certified by Computer Associates to work with the version of the IBMWebSphere Application server that you are using.

About this task

Refer to the SiteMinder platform support matrices for more details. These matricescan be obtained from the SiteMinder support site. After TAI installation performthe following configuration steps:

1. Copy the smagent.properties file from the TAI installation \conf folder to theWebSphere Application Server profile properties folder. For example:

c:\program files\IBM\websphere\appserver\ST_Advanced_Profile\properties

2. Verify that your system path includes a path to the TAI bin directory, typicallyc:\smwasasa\bin.

3. Start the IBM Lotus Sametime Advanced Server and the Integrated SolutionsConsole.

4. In the Integrated Solutions Console, select Security → Secure administration,applications, and infrastructure → Web Security.

5. Click Trust Association.

6. Select the Enable Trust Association check box, and click Apply

7. Click Interceptors.




8. Delete any interceptors that you do not require.

9. On the Interceptors page, click New.

10. In the Interceptor Classname field, type the following SiteMinder TAI classname and click Apply:

com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor

11. Click Save on the next two screens.

12. Log out of the Integrated Solutions Console.

Enabling and testing the SiteMinder Web Agent and TAIFollow these steps to enable the CA eTrust SiteMinder Web Agent and TrustAssociation Interceptor (TAI) for your IBM Lotus Sametime Advanced deployment.You also need to test that the integration is working.

1. In the local Web Agent configuration file (WebAgent.conf) of the SiteMinderWeb Agent that has been configured with your HTTP server, set theEnableWebAgent parameter to YES.

2. In the local Web Agent configuration file (typically c:\smwasasa\conf\ASAAgent-Assertion.conf ) of the eTrust SiteMinder TAI that has beenconfigured with your server, set the EnableWebAgent parameter to YES

3. Restart your HTTP and Lotus Sametime Advanced Servers.

4. To test that your integration is working, enter the url for your deployment of Lotus Sametime Advanced into a browser. For example:

http://host_name/stadvanced

Verify that eTrust SiteMinder authentication is invoked. When valid usercredentials are entered, the user should be successfully logged into LotusSametime Advanced. The user should not be prompted for authenticationcredentials by Lotus Sametime Advanced.

If you are directed to the Lotus Sametime Advanced login screen then there is aproblem with the TAI configuration, and you must revisit the setup to

determine the cause.

Configuring logout in SiteMinderThe IBM Lotus Sametime Advanced log out link in the user interface is notconfigurable for logging out from CA eTrust SiteMinder.

About this task

You have two options to log out from SiteMinder.

v Restart the browser to clean all SiteMinder cookies, or

v Configure SiteMinder with a link, which when accessed within the same browser session, logs out the user.

To configure SiteMinder with a link, complete the following steps:

1. Create a file named Logout.html on your HTTP server. The file can have nocontent or have something simple such as "Logged Out of SiteMinder."

2. Add the following parameter to the SiteMinder Web Agent Webagent.conf file,or, if the local configuration is not enabled, set it in the appropriate AgentConfiguration Object on the SiteMinder Policy Server.

LogOffURI="PathtoLogout.html"

3. Restart the HTTP Server.




Configuring SiteMinder for the Lotus Sametime serverThis section describes how to configure CA eTrust SiteMinder for the IBM LotusSametime 8 server.

About this task

You installed the Lotus Sametime 8 server as part of the process for installing IBMLotus Sametime Advanced. The Lotus Sametime 8 server is managed with theLotus Sametime Advanced server. When you configure SiteMinder to work theLotus Sametime 8 server, you create a new agent object, agent configuration object,Host configuration object, realm, and sub-realms. You should use the same userdirectory and domain that you created when you configured SiteMinder for LotusSametime Advanced. See Configuring the domains and realms for your SametimeAdvanced environment.

Creating configuration objects for SametimeFollow these steps to create configuration objects for IBM Lotus Sametime 8 on theCA eTrust SiteMinder Policy server.

Before you begin

Open the SiteMinder Policy Server console.

1. To create an Agent object, follow these steps.

a. Click the System tab.

b. Under System Configuration, right-click the Agents icon.

c. In the SiteMinder Agent Dialog, type a unique value not used previouslyfor an existing agent in the *Name field.

d. Optional: Type a description such as "Sametime Agent."

e. Under Agent Type, select SiteMinder. and select Web Agent from thedrop-down list.

f. Click OK.2. Create a duplicate of the existing DominoDefaultSettings Agent Conf object on

the SiteMinder Policy Server and modify the duplicate as appropriate. To createan Agent Conf object for your HTTP Server:

a. Under System Configuration, click the Agent Conf Objects icon.

b. Right-click the DominoDefaultSettings Agent Conf object in the AgentConf Object list on the right side of the console, and select DuplicateConfiguration Object.

c. In the SiteMinder Agent Configuration Object dialog, type a unique valuenot used previously for an existing agent in the *Name field.

d. Optional: Type a description such as "Domino Configuration Agent."

e. In the Configuration Values list, set the following parameters to the valuesindicated or to the appropriate values for your server. Clicking eachparameter, and select the Edit:

v DefaultAgentName - Name given to agent created in step c.

v AllowLocalConfig - Yes

v CssChecking - No

v BadUrlChars - remove // and /.,%00-%1f,%7f-%ff,%25 from the defaultlist of Bad Url Characters

v SkipDominoAuth - No. All other parameters can be left at their defaultsettings..




f. Click OK.

3. IBM recommends that you create a duplicate of the existingDefaultHostSettings Host Conf Object on the SiteMinder Policy Server andmodify the duplicate as appropriate. To create a Host Conf object for yourHTTP Server:

a. Under System Configuration, click the Host Conf Objects icon.

b. Right-click the DefaultHostSettings object in the Host Conf Object List onthe right side of the console, and select Duplicate Configuration Object.

c. In the SiteMinder Host Configuration Object dialog, type a unique value inthe *Name field.

d. Optional: Type a description such as "Sametime Advanced Host."

e. In the Configuration Values list, edit the #Policy Server value by removingthe # from in front of the parameter name and entering the IP address of your SiteMinder Policy Server in the appropriate place in the value field.

f. Click OK.

Configuring realms for Lotus SametimeFollow these steps to configure the realms for IBM Lotus Sametime 8 on the CA

eTrust SiteMinder Policy Server.

About this task

You should use the same user directory and Web Agent domain that you createdwhen you configured SiteMinder for Lotus Sametime Advanced. See Configuringthe domains and realms for your Sametime Advanced environment.


2. Define the realm definition for the Web Agent domain:

a. Click the Domains tab in the left side of the SiteMinder Policy Console.

b. Right-click the Web Agent domain that you previously created.

c. Click Create Realm.

d. In the SiteMinder Realm Dialog, type a unique value in the *Name field, forexample, Sametime.

e. Optional: Type a description.

f. Click the Resource tab.

g. In the Agent field, type the name of the agent that you created for the WebAgent for Lotus Sametime 8. You can also select it using Lookup.

h. Type the Resource Filter as /

i. In Authentication Scheme drop-down list, select Basic.

j. Under Default Resource Protection, select Protected. Leave all the otherfields on the Resource, Session and Advanced tabs as their default values.

k. Click OK.3. Create sub-realms under the realm you just created.

a. Click the Domains tab in the left side of the SiteMinder Policy Console..

b. Right-click the realm that you created in step 2.

c. Click Create Realm.

d. Create the following sub-realms for your configuration, with the valuesindicated in each dialog:




Name Resource FilterAuthenticationScheme

Default ResourceProtection

ST Test stlinks Basic Unprotected

ST AdminConfig servlet/auth/scs Basic Unprotected

ST AdminPage servlet/auth/admin Basic Protected

ST Src stsrc.nsf/join Basic ProtectedST Domino STDomino.nsf Basic Unprotected

ST Applets sametime/applets Basic Unprotected

ST Applet Sametime/Applet Basic Unprotected

IMI Sametime sametime/hostAddress.xml

Basic Unprotected

ST MMAPI servlet/auth/mmapi Basic Unprotected

ST Admin CGI cgi-bin/StAdminAct.exe

Basic Unprotected

ST UserInfoServlet servlet/UserInfoServlet

Basic Unprotected

4. Create rules for the protected realm (Sametime)and the two protectedsub-realms (ST AdminPage and ST Src).

a. Right-click the realm that was created for the Web Agent domain (forexample Sametime), and select Create Rule under Realm.

b. Use the SiteMinder Rule dialog to create the following rules named Rule 1and Rule 2:

Rule 1 properties

v *Name - GetPost Rule

v Realm - Sametime

v Resource: *

v Web Agent actions - Get,Post,v When this Rule fires - Allow Access


Rule 2 properties

v *Name - OnAuthAccept

v Realm - Sametime

v Resource: *

v Authentication events - OnAuthAccept



c. Right-click the ST AdminPage sub-realm , and select Create Rule underRealm.

d. Use the SiteMinder Rule dialog to create the following rule named Rule 1:

Rule 1 properties


v Realm - Sametime.ST AdminPage

v Resource: *

v Web Agent actions - Get,Post,






e. Right-click the ST Src sub-realm , and select Create Rule under Realm.

f. Use the SiteMinder Rule dialog to create the following rules named Rule 1and Rule 2:

Rule 1 properties


v Realm - Sametime.ST Src

v Resource: *

v Web Agent actions - Get,Post,



Rule 2 properties

v *Name - OnAuthAccept

v Realm - Sametime.ST Src

v Resource: *

v Authentication events - OnAuthAccept

v When this Rule fires - Allow Accessv Enable or Disable this Rule - Enabled

5. Add the rules to the SiteMinder policy that you created for Lotus SametimeAdvanced.

a. Double-click the policy you created for Lotus Sametime Advanced, forexample, STADVWAPolicy.

b. Click the Rules tab, and then click Add/Remove Rules. Add all the rulesyou created previously for the realm and sub-realms to the current memberslist. Click OK.

Installing and configuring the SiteMinder Web Agent

Add the DSAPI filter file name to the Domino DirectoryYour IBM Lotus Sametime server will run on a Lotus Domino server. When youintegrate IBM Lotus Sametime with CA eTrust SiteMinder, the SiteMinder WebAgent is implemented as a Domino Web Server Application Programming Interface(DSAPI) filter file.

About this task

Follow these steps to add the DSAPI filter file name to the Domino Directory.

1. Open the Domino Directory (names.nsf) on the Domino server.

2. Edit the server document for the Domino server as follows:

a. Click the Internet Protocols tab, then click the HTTP tab. In the DSAPI

filter file names field, type the full path and name of the SiteMinder WebAgent (typically c:\Program Files\Netegrity\Siteminder WebAgent\bin\dominowebagent.dll)

b. Click the Domino Web Engine tab, then set the Session authentication fieldto Disabled.

3. Save and close the server document.

Enabling SiteMinder for Lotus SametimeFollow these steps to enable the CA eTrust SiteMinder Web Agent for the IBMLotus Sametime server.




1. Locate the local Web Agent configuration file for the SiteMinder Web Agentthat has been configured with your HTTP server. For example:

C:\Program Files\IBM\HTTPServer\conf\WebAgent.conf

2. Use a text editor to open the file and set the EnableWebAgent parameter to YES.

3. Restart your HTTP and Lotus Domino Servers. When you start or stop theDomino server, you are starting and stopping the Lotus Sametime server as

well.

Awareness and SiteMinderCA eTrust SiteMinder cookies are not compatible with Sametime Links. SametimeLinks enables awareness in IBM Lotus Sametime Advanced through the LotusSametime 8 server. To display awareness in the Lotus Sametime Advanced userinterface on the Web, you must perform the following tasks.

v Enable IBM WebSphere LtpaToken (Single Sign-on)

v Export the keys

v Import the keys into the Web SSO configuration document on the LotusSametime 8 server

With this solution, both the LtpaToken and SiteMinder cookies are in use. TheSiteMinder tokens are used for SSO and authentication into the Lotus Sametimeenvironment, and the LtpaToken is used by Lotus Sametime Advanced to provideawareness for your environment. For other possible solutions using SiteMindercookies contact IBM support and consider opening a case against the SiteMinderSDK (https://support.netegrity.com).

The instructions for enabling LtpaToken, exporting keys, and importing them intoLotus Sametime are in the Enabling Single Sign-on and Enabling Awareness topics.

SiteMinder automatically logs users into the Lotus Sametime Advanced serverwhen the context root "stadvanced" is accessed. In order to log in to LotusSametime, you must explicitly access the host_name/stadvanced/logon.jsp URL andselect the check box for Log in to Sametime instant messaging.




Chapter 6. Administering

Set up and begin using IBM Lotus Sametime Advanced to let users create and usepersistent chat rooms and broadcast communities. After installing the Lotus

Sametime Advanced, you can manage user access, enable workflow, setanonymous access, and integrate Lotus Sametime Advanced servers with otherproducts.

Controlling access in Sametime Advanced

You can control access in IBM Lotus Sametime Advanced at the application levelor at the feature level.

About this task

You control access at the application level by editing the security role to

user/group mappings in the Integrated Solutions Console. This is where you grantadministrator privileges to other users, assign workflow approvers, and assign broadcast community creators. IBM does not recommend changing theauthenticated user or the all user mappings.

You control access at the feature level by editing role settings in the broadcastcommunities, chat rooms, and folders.

v Broadcast communities. Access to broadcast communities is determined bymembership role and by broadcast type: public, private, restricted recipient, orrestricted publisher.

v Chat rooms. Access to chat rooms is determined by assigning roles to folders inthe chat room folder hierarchy and by chat room owner/creaters.

See the following topics for instructions on controlling access in SametimeAdvanced.

Configuring the user access level to Sametime AdvancedAccess to IBM Lotus Sametime Advanced is determined by user roles.

About this task

When you install Lotus Sametime Advanced, default access levels or roles areassigned to users and groups. You can change these assignments to fit the needs of your organization.

Follow these instructions to change role assignments.1. In the WebSphere Integrated Solutions Console, click Applications → Enterprise

Applications.

2. Click Lotus Sametime Advanced application.

3. Under Detail Properties, click Security role to user/group mapping.

4. Use the following list to determine how you want to assign users to roles.

v AllUsers - Any user assigned to this role has access to non-authenticatedareas of the application - All Chat Rooms and Search tabs. This role isassigned to Everyone by default and should not be changed.




v AllAuthenticatedUsers - Authenticated users are users that have beenauthenticated with the LDAP directory. Authenticated users have access toAll Chat Rooms, My Chat Rooms, Broadcast Communities, and Search tabs.This role is assigned to All authenticated by default and should not bechanged.

v CommunityCreators - Broadcast communities can be created by any userassigned to this role.

v WorkflowApprovers - Users who can approve or deny chat rooms andcommunities waiting for approval. If workflow has been enabled, then oncea community or chat room has been created, it has to be approved for use.

v AdminUser - These users are administrators and have access to the entiresystem. They have full access to manage (create/edit/delete/archive) anyfolder or chat room in Sametime Advanced.

5. Assign a role to a user by following these steps. In this procedure, anadministrator is added to Lotus Sametime Advanced by assigning a user to theAdminUser role.

a. Under the Select column, select the check box next to the AdminUser role.

b. Click Look up users.

Note: To assign a group, click Look up groups

c. In Search String, type the name of the user you want to assign theadministrator role.

d. Select a name in the Available box, and then click the right arrow button toadd the name to the Selected box.

e. Click OK. The user name is added to the Mapped users box next to theAdminUser role.

f. Click OK.

Setting up a folder hierarchy for chat rooms

You need to create a folder hierarchy for chat rooms and grant access to otherusers.

Before you begin

About this task

When IBM Lotus Sametime Advanced is installed, a single root folder named"Chat Rooms" is created on the All Chat Rooms page. This folder cannot berenamed or removed. Initially, all users have permission to create and edit newfolders and chat rooms in this folder. You can limit users' ability to create newfolders and chat rooms by designating specific users as managers of the ChatRooms folder. Managers of a folder automatically are granted manager permissions

in all subfolders.1. Log in to Lotus Sametime Advanced as an administrator.

2. Click the All Chat Rooms tab.

3. Next to the Chat Rooms folder (the root folder), click Edit.

4. Click the Managers tab.

5. Select the Users specified below have manager access to this folder check box.

6. Click Edit.

7. Use the Edit Users dialog to search for, add, and remove users.

8. Repeat the previous three steps for Authors and Readers.




9. Click Save.

What to do next

After you have designated managers, you and the other managers can create newfolders and subfolders to build a hierarchy of folders for your organization.

Folder and chat room rolesThe following table describes the roles associated with folders and chat rooms.

Role Description

Administrator This super user can manage the complete folder hierarchy

v Create, edit, delete, archive, restore, enable, disable all chat rooms.

v View all archived chat rooms.

v Create, edit, delete all global folders

v Move chat rooms from one global folder to another.

v Cannot delete the root Chat Rooms folder.

FolderManager:

This user can do anything an Administrator can do, except only in thefolder where he is a manager.

v Can enter any chat room in a folder he manages.

v Create, edit, delete, archive, restore, enable, disable all chat roomsunder the folders he manages.

v View all archived chat rooms under the folders he manages.

v Create, edit, delete all global folders under the folders he manages.

v Edit or delete the immediate folder.

v Move chat rooms from one global folder to another. He must havewriting access to the two folders.

Folder Authorv Can enter those chat rooms he created, but not others in the folder.

v Create, edit, delete, enable, or disable chat rooms that he created in thefolder where he is an author.

v May not edit or delete the immediate folder where he is an author. Forexample, if I am writer for Folder A1, then I can't edit or delete A1.

v Move chat rooms from one global folder to another. He must haveauthoring access to the two folders.

Folder Readerv Can enter a chat room if he is the owner, or an invitee, or if the chat

room has open access to him.

v Can view the folder and only view chat rooms which have openaccess, or he is a member of the folder.

Chat RoomOwner

v Can enter chat room that he owns.

v Edit, delete, enable, or disable the chat room

v When choosing chat room owners, if the owner has no writing access

to the folder that the chat room resides in, then system gives theowner writing access automatically. The owner will have writingaccess to the folder, but no access to other chat rooms in the folder,only the ones he creates. The owner will be only a reader of the parentfolders above.

Chat RoomInvitee

v Can enter chat room.

v Cannot edit, delete, archive, restore, enable or disable the chat room.

v After the chat room is created, he is a reader to all the folders he cannavigate to in the chat room.

Chapter 6. Administering 225



Role Description

UnauthenticatedUser

This user has not logged in.

v Can view All Chat Rooms and Search tabs; cannot view the other tabs.

v Can only view folders which allow unauthenticated access.

v Can join chat rooms that are not limited to invitees, or logged in users.

v Can enter chat room details page.

Assigning creators for broadcast communitiesAdministrators can create and manage broadcast communities. Before other userscan create or manage a broadcast community, they must be assigned theCommunityCreators role.

About this task

Assign or change CommunityCreators in the IBM WebSphere Integrated SolutionsConsole.

1. From Integrated Solutions Console, click Servers → Application Servers →stadvanced_server_name.

2. Under Applications on the Configuration tab, click Installed applications.

3. Click Lotus Sametime Advanced application.

4. Under Detail Properties, click Security role to user/group mapping.

5. In the Mapped Users and Mapped Groups column of the CommunityCreatorsrow, enter the users that you want to grant permission to create broadcastcommunities.

6. Optional: If you have written the code to enable the workflow community API,then a designated workflow approver must be assigned theWorkflowApprovers role. In the Mapped Users and Mapped Groups column of the WorkflowApprovers row, enter the users that you want to grant permission

to approve community creation. This setting also lets them approve chat roomcreation. You can find information on writing the workflow API calls in theIBM Lotus Sametime Advanced Software Development Kit at IBM developerWorks®

at http://www.ibm.com/developerworks/lotus/downloads/toolkits.html.

7. Click OK.

Broadcast community types and rolesDifferent types of broadcast communities have different roles. These rolesdetermine what you can do in the community.

Community type Roles

Open

Any authenticated Sametime Advanced usercan join.

Manager - Can edit or delete a broadcastcommunity. Can edit the manager list.

Private

You must be a community member toparticipate in this community.


Member - Can join the community and cansend and receive broadcasts.




Community type Roles

Restricted recipients

Any authenticated Sametime Advanced usercan send a broadcast. You must be acommunity member to receive a broadcast..


Recipient - Can join the community and canreceive broadcasts.

Restricted publishers

Any authenticated Sametime Advanced user.You must be a community member to senda broadcast.


Publisher - Can join the community and cansend broadcasts.

Limiting anonymous accessYou can limit anonymous access to IBM Lotus Sametime Advanced.

About this task

By default, users can access chat rooms without logging in first, but they cannot

access broadcast communities. Once users have logged in to Lotus SametimeAdvanced they can access all the features that their licenses allow, including broadcast communities.

If you want to prevent these anonymous users from accessing any Lotus SametimeAdvanced features, follow these instructions.

1. Log in to Lotus Sametime Advanced as an administrator.


3. Click Administration Settings.

4. Click the General tab.

5. Under Anonymous Access, clear the Allow anonymous access check box.

6. Click Save.

What to do next

Since anonymous users are not issued licenses, they are not counted in the numberof licenses issued figure in the Counts page of the License Management view.

Configuring licensing management

You can configure settings related to license management.

About this task

v Limit the number of licenses supported

v Count the licenses that are already in use and how many are still available.

v Automatically issue licenses at login.

Follow these steps to configure licensing.

1. Log in to IBM Lotus Sametime Advanced as an administrator.


3. Click License Management.

4. Click the Settings tab.




5. Type the number of licenses that you want to allocate in the Allocated licenses box. This setting overrides the default number of licenses, which is 1000.

6. If you would like to limit unlicensed users' ability to use Lotus SametimeAdvanced, select Enable license counting. When a valid user that has not beenissued a license logs in, the user receives a message that a license is required.The user cannot use any features in Lotus Sametime Advanced.

7. If you enabled license counting in the previous step and you would like toallow users to automatically receive a license when they login, select Enableautomatic licensing.

8. Click Save.

Results

To monitor the number of licenses, click the Count tab.

Issuing licenses to usersUsers' access to features in IBM Lotus Sametime Advanced is controlled by thelicense issued to them.

About this task

A license is persistent and assigned to a specific user. The user is not allocated alimited time or session-based license from a pool of available licences.


2. In Lotus Sametime Advanced, click the Administration tab.

3. Click License Management.

4. Click the Users tab.

5. Click Issue.

6. If you want to select users from your directory, select Search names.

a.Choose whether you want to search for users or groups in the Search by box

b. Type the name or first character of the user or group in the Search for box,and click Search.

c. Select the users and groups in the results and click theAdd, Remove, andRemove All buttons to compose a list in the Select users to issue licenses

box.

7. If you want to issue licenses to a list of users in a file, select Locate file withunique login identifiers or e-mail addresses. The unique login identifier is thelogin attribute which you specifid during the installation. The default attributeis Mail; CN or UID are also allowable in this field.

a. Type the file name in the Browse box

b. Click Browse and use your operating system's browse dialog to locate thefile.

Each line in the file must contain a user's email address or unique loginidentifier. For example:

kelly_hardart@my_domain.comted_amado@my_domain.comminh_li@my_domain.com

8. Click Next The Assigning Users progress dialog displays.

9. When the Assign Users success dialog displays, click OK.




Results

If you issued licenses to a list of users in a file, the results appear in the Viewresults of last file used to issue assign licenses link. Theses results contain eithera success message, or a message indicating the number of users that could not befound and issued licenses.

What to do next

To revoke a license, follow the first three steps of the previous procedure and thenfollow these steps:

1. Select the checkbox next to the licensed user's name.

2. Click Revoke.

Command line user managementYou can manage users in IBM Lotus Sametime Advanced by running thestlicadmin command line tool. The tool has commands for adding and removingusers.

Purpose

The tool has commands for adding and removing users. The stlicadmin commandis available in the AppServer/bin directory.

Syntax

v Windows

stlicadmin.bat {--add | --delete} {--user Uid | --group Gid | --batchFname}

v UNIX

./stlicadmin.sh {--add | --delete} {--user Uid | --group Gid | --batch

Fname}

Commands

add Add a new user or group of users

delete Delete a user or group of users

Parameters

Parameter Syntax Value Description

user -u UserName The user beingreferenced. Requiredunless -b or -g isspecified. TheUserName parameteris specified as thee-mail address.

group -g GroupName An LDAP group.Required unless -u or-b is specified.




Parameter Syntax Value Description

batch -b FileName Batch mode. Specifya file containing a listof users, requiredunless -u or -g isspecified.

host -h HostName The server that hoststhe license service

port -p PortNumber The port of theserver to beconnected

adminId adminId adminUserName Administrator userID to log in to theserver

adminIdPwd adminIdPwd adminUserIdPassword Adminsitrator'spassword

Turning on workflowIBM Lotus Sametime Advanced supports workflow APIs for approving chat roomand broadcast community creation.

Before you begin

About this task

When you turn on workflow APIs, and a user creates a chat room or a broadcastcommunity, it is not automatically created, but it is placed in a queue. Adesignated workflow approver must monitor the queue, and then approve or denythe request to create a chat room or community. Queue monitoring and chat room

and community approval can only be done by writing your own code using theworkflow APIs. You can find information on using the workflow API calls in theIBM Lotus Sametime Advanced Software Development Kit at IBM developerWorks athttp://www.ibm.com/developerworks/lotus/downloads/toolkits.html.

Follow these instructions for turning on workflow APIs.




4. Click the General tab.

5. Select one or both of the following check boxes:

v Enable chat room workflow API

v Enable community workflow API

6. Click Save.

What to do next

Assign or change workflow approvers in the WebSphere Integrated SolutionsConsole. Go to Servers → Application servers → server_name → Installedapplications → Lotus Sametime Advanced Application → Security role touser/group mapping.




Enabling Awareness

Enable the awareness feature in IBM Lotus Sametime Advanced so that LotusSametime users can be detected when they are online.

Before you begin

After you have installed your Lotus Sametime Advanced and LotusSametimeStandard servers, you must establish a connection between them.

About this task

You establish this connection by filling in "Server Integration" fields on the LotusSametime Advanced server.

1. Open the Lotus Sametime Advanced server's Administration tab by pointing a browser at the following Web address:


For example:


Note: The Web address will resemble the one shown above, but will dependupon your own deployment.

2. Log in to Lotus Sametime Advanced using the administrator account that youcreated during installation (for example, "stadvadmin").


4. On the left, click Administration Settings.

5. Now click the Server Integration tab.

6. Enter the Lotus Sametime Standard server's Host name and HTTP port in thedesignated fields.

The HTTP port is typically port 80; however, if you have configured the server

to only use SSL, this value will be different (generally port 443). If you do useSSL here, be sure to complete Step 9 below to enable SSL on the port used forsupporting the awareness feature in Lotus Sametime Advanced.

7. Click Save.

8. Activate your new settings by logging out and then restarting the browser before you log in again.

9. Determine whether you need to run the updateSTSettings script to modifydatabase settings.

You will need to run this script if either (or both) of the following conditionsis true for your Lotus Sametime Standard server:

v SSL is enabled on the classic server's HTTP port (the port you specified inStep 6)

v Tunneling is enabled on the classic server

If neither condition is true, you have finished enabling awareness; skip therest of the steps in this procedure. Next, you should set up a Lotus SametimeConnect client and log in with it to verify that awareness is working.

If one (or both) of the conditions is true, proceed to the next step and updatedatabase settings for Lotus Sametime Advanced.

10. Download the appropriate version of the updateSTSettings script for youroperating system to a server that has access to the Lotus Sametime Advanced




database (the database called "STADV" in this documentation, but if you ranthe archive installer on Linux it defaulted to "CHATS").



www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.11. On the machine that has the DB2 client installed or on a DB2 server, open a

DB2 Command prompt and connect to the database:

db2 connect to database user db2admin_user using password

12. Run the updateSTSettings script as follows:


./updateSTSettings.sh database db2admin_user passwordstlinks_port web_ssl_enabled applet_ssl_enabled

v Windows

updateSTSettings.bat database db2admin_user passwordstlinks_port web_ssl_enabled applet_ssl_enabled

where:

v database is the name of your Lotus Sametime Advanced database (STADV inthis documentation, but if you ran the archive installer on Linux itdefaulted to "CHATS").

v db2admin_user is the name of a user with DB2 Administrator privileges.

v password is the password for the DB2 Administrator account.

v stlinks_port is the port being used for awareness on the Lotus SametimeStandard server (normally "8082").

If your classic server has tunneling enabled, set this port to "80" to supportthat feature.

v web_ssl_enable indicates whether Web-based connections to Lotus SametimeAdvanced should use SSL ("true" or "false").

If your classic server has SSL enabled, set this value to "true" when you runthe script.

v applet_ssl_enable indicates whether the Community connection from LotusSametime Standard to Lotus Sametime Advanced over port 8082 should useSSL ("true" or "false").

If you set this value to "true" when you run the script, you will need tomake additional changes to the classic Lotus Sametime Standard server tosupport the new setting.

For example, enable SSL on Windows by setting the web_ssl_enable to "true":


Enable tunneling on Windows by setting the stlinks_port to "80":

updateSTSettings.bat STADV db2admin passw0rd 80 false falseIf you want to enable both features, you can set both parameters at the sametime (you do not have to run the script twice) on Windows:


Changing the administrator password

If you change your administrator password in LDAP, the IBM WebSphereApplication Server, the IBM WebSphere Event Broker, or IBM DB2, you mustupdate your security credentials in IBM Lotus Sametime Advanced.




Before you begin

For more information on changing passwords see "Changing the password for arepository under a federated repositories configuration" and"IdMgrRepositoryConfig command group for the AdminTask object" athttp://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp.

Updating your LDAP administrator passwordIf you change the LDAP bind distinguished name DN or bind password of anLDAP repository, you cannot start the IBM Lotus Sametime Advanced serveranymore because your security credentials no longer match. You must use the IBMWebSphere Application Server wsadmin command line utility to change thepassword of the repository to match the password in LDAP.

Before you begin

Before you begin, use an LDAP tool to change the password of the LDAPrepository. Some LDAP repositories require a stop and start of the LDAP server tochange the password.

About this task

Change the password for a repository using the dynamicupdateIdMgrLDAPBindInfo command. Use the following steps to change theLDAP bind distinguished name (DN) or bind password of an LDAP repository.

1. Start the wsadmin command line utility. The wsadmin command is found inthe install_dir/bin directory. The wsadmin command session must remainrunning.

2. From the wsadmin prompt, enter the updateIdMgrLDAPBindInfo command toupdate the LDAP password under the federated repository. The change is alsoreflected in the wimconfig.xml file.

$AdminTask updateIdMgrLDAPBindInfo {-id repository_ID -bindPassword mypassword -bindDN LDAP_bind_DN}

Where:

v id - The unique identifier of the repository. For example IDS52.

v bindPassword - The LDAP server binding password.

v bindDN - The binding distinguished name for the LDAP server. Note that if you include this parameter, the bindPassword is required.

3. From the wsadmin prompt, save your changes to the master configuration. Thefollowing command is used to save the master configuration.

$AdminConfig save

4. Restart the WebSphere Application Server.

Updating your WAS administrator passwordIf you change your administrator password in the IBM WebSphere ApplicationServer, you cannot start the IBM Lotus Sametime Advanced server anymore

because your security credentials no longer match. Since the primary administratoridentity is stored in a file repository, you can run a wsadmin command to updateits properties.

1. Start the wsadmin command line utility. The wsadmin command is found inthe install_dir/bin directory. The wsadmin command session must remainrunning.






2. Optional: If you do not know the uid of the administrator, search for it usingthe administrator's common name:

$AdminTask searchUsers { -cn <"WAS Admin_name"> }

Where: cn - Specifies the new first name or given name, of the user. Thisparameter maps to the cn property in virtual member manager.

This returns the uid that you will need to update the administrator's password.

3. From the wsadmin prompt, enter the updateUser command to update theWebSphere Application Server password under the federated repository.

$AdminTask updateUser {-uniqueName uid=<WASAdmin>,o=default-password <newpassword>}

Where:

v uniqueName - Specifies the unique name value for the user for which youwant to modify the properties. This parameter maps to the uniqueNameproperty in virtual member manager.

v uid - Specifies the unique ID value for the user. This parameter maps to theuid property in virtual member manager.

v password - Specifies the new password for the user. This parameter maps tothe password property in virtual member manager.

4. From the wsadmin prompt, save your changes to the master configuration bytyping the following command:

$AdminConfig save


Updating your Event Broker administrator passwordIf you change your administrator password in IBM WebSphere Event Broker, youmust update your password in the IBM WebSphere Application Server. If you donot update your password, IBM Lotus Sametime Advanced stops working.

1. In the WebSphere Integrated Solutions Console, click Security → Secureadministration, applications, and infrastructure.

2. Under Authentication, click Java Authentication and Authorization Service J2C authentication data.

3. Click your Event Broker administrator alias. This is the same user as the one inthe Event Broker for "Component-managed/container-managed authentication"alias.

4. Under General Properties, type your new password.

5. Click Apply and then click OK.

Updating your DB2 administrator passwordIf you change your administrator password in IBM DB2, you must update yourpassword in the IBM WebSphere Application Server. If you do not update your

password, IBM Lotus Sametime Advanced stops working.1. Disable security with the following steps:

a. Locate the security.xml file.

The security.xml file is stored in the following location:

WAS_root/profiles\ST_Advanced_Profile/config/cells/cell_name/security.xml

For example, on a Microsoft Windows server:

C:\WebSphere\AppServer\profiles\ST_Advanced_Profile\config\cells\test03Cell\security.xml

b. Modify the first line and set enabled="false" as shown:




<security:Security xmi:version="2.0" ... useDomainQualifiedUserNames="false"enabled="false" cacheTimeout="600" ...>

c. Save and close the file.

d. Restart WebSphere Application Server.

2. In the WebSphere Integrated Solutions Console, do the following:

a. Click Resources → JDBC → Data sources

b. Click SametimeDataSource.c. Under Related Items, click JAAS - J2C authentication data

d. Click your DB2 administrator alias.

e. Under General Properties, type your new password.

f. Click Apply and then click OK.

3. From the wsadmin prompt, use the updateIdMgrDBRepository command toupdate the password in the wimconfig.xml file:

a. Navigate to the install_dir/bin directory.

b. Start the wsadmin command-line utility by running the following command:

wsadmin -conntype none

The wsadmin command is located in the install_dir/bin directory.

c. From the wsadmin prompt, type the following command on a single line toupdate the password:

$AdminTask updateIdMgrDBRepository {-id repository_ID -dbAdminPasswordnew_password}

Where:

v repository_ID is the unique identifier of the repository.

v new_password is the new database administrator password for directaccess mode.

d. From the wsadmin prompt, save your changes to the master configuration bytyping the following command:

$AdminConfig save

4. Enable security again with the following steps:

a. Edit the security.xml file again and reset the enabled flag to "true":

<security:Security xmi:version="2.0" ... useDomainQualifiedUserNames="false"enabled="true" cacheTimeout="600" ...>

b. Save and close the file.


Changing SMTP user credentials after installationYou can change SMTP user credentials in the IBM WebSphere Integrated SolutionsConsole after you have installed IBM Lotus Sametime Advanced.

About this task

If you enabled an SMTP Messaging server when you installed Lotus SametimeAdvanced, you provided an authorized SMTP user name and password. You canchange these user credentials after you install.

1. Log in the WebSphere Integrated Solutions Console.

2. Click Resources → Mail → Mail sessions .

3. Under Mail Sessions, click Sametime Mail Notifier.

4. Type the new SMTP authorized user credentials in the Mail transport user IDand Mail transport password fields.




5. Click Apply, and the click OK.

Integrating Lotus Sametime Advanced with Lotus Connections

You can integrate your IBM Lotus Connections communities into IBM LotusSametime Advanced. Integrating Lotus Connections with Lotus SametimeAdvanced, provides users with a unified list of Lotus Connections communities

and broadcast communities on the Broadcast Communities tab in Lotus SametimeAdvanced.

Granting an administrator rights to Connections communitiesBefore you can integrate your IBM Lotus Sametime Advanced communities withIBM Lotus Connections communities, you need to grant superuser access to aLotus Sametime Advanced administrator in Lotus Connections. You do this byadding a grant access statement to the community.policy file.

Before you begin

About this task

1. You need to determine your realm name.a. In the Integrated Solutions Console, click Security → Secure administration,

applications, and infrastructure.

b. Select Federated Repositories, and then click Configure.

c. On the main Federated repositories page note the realm name for yourLotus Connections server.

2. Determine the location of the community.policy file.

a. In the Integrated Solutions Console, click, Servers → Application Servers

b. Click Lotus_Connections_server_name.

c. Under Server Infrastructure, click Java & Process Management → ProcessDefinition.

d. Click Java Virtual Machine.

e. Under Additional Properties, click Custom Properties. Thecommunities.policy file location is contained in the 'java.security.auth.policy'custom property.

3. Open the communities.policy file from the location you determined in theprevious step with a text editor.

4. Add a new grant statement like the one in the following example:

grant Principal com.yourcompany.ws.security.common.auth.WSPrincipalImpl"<YOUR_REALM_NAME>/<YOUR_ADMINISTRATIVE_USER_LOGIN_ID>"{permission com.yourcompany.tango.auth.permission.CommunityManagementPermission "*";permission com.yourcompany.auth.permission.CommunityMembershipPermission "*";permission com.yourcompany.tango.auth.permission.CommunityAccessPermission "*";

permission com.yourcompany.tango.auth.permission.CommunityReferencePermission "*";};

v YOUR_REALM_NAME was determined in step 1.

v YOUR_ADMINISTRATIVE_USER_LOGIN_ID should be the same as the onein Lotus Connections administrative settings of the Server Integration viewof the Administration page in Lotus Sametime Advanced.

The login id is case sensitive, and it should be exactly the same as in LDAP.

5. Save the communities.policy file.




Synchronizing Sametime Advanced with Lotus ConnectionsYou can synchronize IBM Lotus Connections communities with IBM LotusSametime communities just once, or set up automatic daily synchronization.

About this task

Integration and synchronization is "one-way": from Lotus Connections to LotusSametime Advanced. Therefore, users can see their Lotus Connections communitiesin Lotus Sametime Advanced, but they do not see broadcast communities in LotusConnections. These communities cannot be edited in Lotus Sametime Advanced;they can only be edited in Lotus Connections.

Synchronization does not support HTTP redirection. If the Lotus Connectionsserver is configured to redirect from one port to another, for example from HTTPto HTTPS, then synchronization will fail.

You must be an administrator for both Lotus Sametime Advanced and LotusConnections before you can synchronize the communities. Before you begin, youmust grant a Lotus Sametime Advanced administrator access rights to Lotus

Connections communities in the community.policy file. See the previous topic formore information. This administrator must also be a member of the LDAPdirectory.




4. Click the Server Integration tab.

5. Click Lotus Connections.

6. Select the protocol type.

7. Type the fully qualified host name in Host name.

8. Type the port number in Port.

9. Enter the administrator user name and password. This is the administrator IDthat was granted superuser rights to access Lotus Connections communities inthe Lotus Connections community.policy file. See the previous topic, "Grantingan administrator rights to access Connections communities."

10. If you want to automate community synchronization so that it happens daily,select Enable daily community synchronization. The servers will synchronizedaily at 2 AM in the time zone of the Sametime Advanced server.

11. If you want to synchronize immediately, click Synchronize Now.

Setting up community synchronization with HTTPSIf you want to synchronize IBM Lotus Connections communities with IBM Lotus

Sametime Advanced communities over an HTTPS connection, you need to followthese additional instructions.

1. Log in to the IBM WebSphere Application Server Integrated Solutions Consoleof the Lotus Connections server.

2. Click Security SSL Certificate and key management.

3. Under Related Items, click Key store and certificates.

4. Click NodeDefaultTrustStore .

5. Under Additional Properties, click Signer Certificates.

6. In the table, select the certificate that has a "default" alias issued toCN=connections_server_host ,O=...., and then click Extract.




7. Enter a file name, and click OK.

Note: This file name is saved to the file system of the Lotus Connectionsserver.

8. Log out of the Integrated Solutions Console of the Lotus Connections server.

9. Copy the file containing the certificate from the Lotus Connections server file

system to the Lotus Sametime Advanced server file system.10. Log in to the WebSphere Application Server Integrated Solutions Console of

the Lotus Sametime Advanced server.

11. Click Security SSL Certificate and key management.

12. Under Related Items, click Key store and certificates.

13. Click NodeDefaultTrustStore .

14. Under Additional Properties, click Signer Certificates.

15. Click Add.

16. Enter an alias for the certificate such as Connection Server Certificate.

17. Enter the path of the file where the certificate is saved.

18. Click OK.

19. Save the changes.

Monitoring Sametime Advanced

You can monitor chat room, community, and license usage.

About this task

The following topics describe how you can monitor statistics in chat rooms and broadcast communities. In addition, if you want to monitor IBM Lotus SametimeAdvanced at a more detailed level, you can write instructions using the monitoringAPI calls defined in the IBM Lotus Sametime Advanced Software Development Kit. You

can find the SDK on IBM developerWorks at http://www.ibm.com/developerworks/lotus/downloads/toolkits.html.

Monitoring chat room statisticsYou can view statistics for all chat rooms in the folder hierarchy.

About this task

Lotus Sametime Advanced users can only view chat room statistics for thecommunities where they have manager or author access. Administrators, foldermanagers, chat room owners, and chat room creators can view statistics for all chatrooms. View statistics by the following views:

v

Summary - Statistics are summarized by chat room, participant, and folder.v Usage - Chat rooms are listed alphabetically. The number of entries, active

participants, and last logins are listed for each chat room.

v Owners - Owners are listed by the chat room owner's user ID. The number of chat rooms owned, entries, and bookmarks are listed for each chat room owner.

Follow these steps to view chat room statistics:

1. In Lotus Sametime Advanced, click the All Chat Rooms tab.

2. Click Chat Room Statistics.

3. Click the tab for how you want to display statistics.




Monitoring broadcast community statisticsYou can monitor the number of broadcast communities and the number by type of

broadcast community: open, private, restricted recipient, and restricted publisher.Only administrators and community creators can view broadcast communitystatistics. Users will see items on this page to which they have author access.

About this task Follow these steps to view broadcast community statistics:

1. In Lotus Sametime Advanced, click the Broadcast communitiestab.

2. Click Communities Statistics.

Archiving chat rooms

Administrators, folder managers, and chat room owners can archive chat rooms.Archiving the chat room will place it in the archive view and remove it from otherviews for all participants.

About this task

When a chat room is archived, it is moved from the Chat Rooms view of the AllChat Rooms tab and placed in the Archived Chat Rooms view. Onlyadministrators, folder managers, and chat room owners with archived chat roomscan see or access the Archived Chat room view. Other users can no longer enter oreven see the chat room. If the chat room was in a user's My Chat Rooms tab, thenit is removed from that view after it have been archived.

If you would rather temporarily suspend participation and end access to a chatroom without removing it from the Chat Rooms view, you should disable itinstead of archiving it.

Follow these steps to archive a chat room.1. In IBM Lotus Sametime Advanced, click All Chat Rooms.

2. Click the name of the chat room that you want to archive.

3. Click More Actions → Archive.

4. When the confirmation message appears, click OK.

Results

The chat room is moved to the Archived Chat Rooms view.

Disabling chat rooms

Administrators, folder managers, folder authors, and chat room owners can disablechat rooms. Disabling the chat room prevents users from entering it, posting newcontent or reading the chat history.

About this task

If you would rather prevent users from entering a chat room as well asautomatically removing it from the All Chat Rooms view so that users can nolonger see it, you should archive the chat room instead of disabling it.

Follow these steps to disable a chat room.




1. In IBM Lotus Sametime Advanced, click All Chat Rooms.

2. Click the name of the chat room that you want to archive.

3. Click More Actions → Disable.

4. When the confirmation message appears, click OK.

Backing up user data

All IBM Lotus Sametime Advanced user data is stored in an IBM DB2 database,and can be backed up using the DB2 backup commands.

Before you begin

About this task

The default Lotus Sametime Advanced configuration requires that DB2 be shutdown for backup. This is because by default, DB2 is configured to reuse therecovery logs. If you want online backup, the database can be configured toarchive the recovery logs. In that case, the database is backed up, and all archivedrecovery logs are backed up. The recovery logs that have been backed up must

also be periodically removed. If the database runs out of space to archive therecovery logs, the database will stop accepting changes until space is available.

Database backup and recovery is fully outlined in the DB2 information center. See"Developing a backup and recovery strategy" at http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp.

The only special backup consideration for Lotus Sametime Advanced is that because the full text indexes are maintained outside of the database tablespaces,after a restore operation the dbtext.sh or dbtext.bat scripts should be run to dropand recreate the text indexes to match the restored data in the database. You canfind these scripts at CD1/SupportingFiles/DB2.




Chapter 7. Tuning

Complete the following tuning procedures to enhance performance.

Tuning WebSphere Application Server

When you installed the Lotus Sametime Advanced server software, the IBMWebSphere Application Server was installed automatically. Complete the followingtuning procedures to enhance performance of the WebSphere Application Server.Some procedures must be repeated on each server in a cluster.

Setting thread pool valuesSet the thread pool values for a IBM Lotus Sametime Advanced server to improveperformance. By using a thread pool, server components can reuse existingthreads, which helps improve performance by reducing the overhead of creatingnew threads at run time.

1. From Integrated Solutions Console, click Servers → Application Servers →stadvanced_server_name, and then under Additional Properties, click ThreadPools.

2. Click New, and then type a name of your choice, such as STADVPool, in theName field.

3. Type 30 in the Minimum Size field.

4. Type 30 in the Maximum Size field.

5. Keep the default value of 5000 for thread inactivity.

6. Click OK, and click Save to save changes to the master configuration.

7. If Sametime Advanced is clustered, repeat the preceding steps for each node of the cluster.

Tuning the JVMThe IBM WebSphere Application Server is a Java based process and requires a Javavirtual machine (JVM) environment to run and support IBM Lotus SametimeAdvanced. You can tune the Java runtime environment for performance by turningon verbose garbage collection and setting the heap size.

About this task

Note: The following instructions contain settings that were tested in IBM labs.These are just a starting point. Since your deployment might have a configurationunique to your site, these settings might require more adjustment.

1. From Integrated Solutions Console, click Servers → Application Servers →stadvanced_server_name.

2. Under Server Infrastructure, click Java and Process management → ProcessDefinition.

3. Under Additional Properties, click Java Virtual Machine.

4. Select the Verbose garbage collection check box.

5. In the Generic JVM argumentsfield, type the following values:

-Xgcpolicy:gencon -Xms640m -Xmx1024m -Xmn512m -Xmos128m -Xmox512m

Note: Solaris does not support this setting.




6. Click OK, and click Save to save changes to the master configuration.

7. If Lotus Sametime Advanced is clustered, repeat the preceding steps for eachnode of the cluster.

Tuning access to the LDAP serverSet the context pool parameters to improve the performance of concurrent access to

an LDAP server.

About this task

The context pool is used in virtual member manager to improve the performanceof concurrent access to an LDAP server. Set the context pool parameters in thewimconfig.xml file.


1. Use a text editor to open the wimconfig.xml file.

C:\ProgramFiles\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\config\cells\machineNameCell\wim\config\wimconfig.xml

2. Set the following parameters:

Parameter Description

maxPoolSize="200" Specifies the maximum number of liveconnections. If there is no availableconnection in the pool when the request issubmitted, the request waits the number of milliseconds specified in poolTimeOut. Afterthis amount of time has passed, if noconnection is available and the currentnumber of live connections is less than themaxPoolSize, a new connection is created. If

the total number of live connections is equalto or larger than maxPoolSize, an exceptionis thrown.

poolWaitTime="5000" Specifies the number of seconds aconnection can exist in the connection pool.When requesting a connection from thepool, if this connection already exists in thepool for more than the time defined bypoolWaitTime, this connection is closed anda new connection is created for the request.After the connection is used it is returned tothe pool.

If this parameter is set to 0, a newconnection is created for each request andno connection are put into the pool forreuse. If this parameter is set to -1 or anynegative number, the connection does notexpire and is reused until the connection isturned off (for example by a firewall or asocket timeout). The default value is -1.




Parameter Description

prefPoolSize="20" Specifies the preferred number of contextinstances that the context pool will maintain.Context instances that are in use and thosethat are idle contribute to this number.When there is a request for the use of apooled context instance and the pool size is

less than the preferred size, the context poolcreates and uses a new pooled contextinstance regardless of whether an idleconnection is available. When a requestfinishes with a pooled context instance andthe pool size is greater than the preferredsize, the context pool closes and removes thepooled context instance from the pool.

The valid range for this parameter is from 0to 100. Setting the value of this parameter to0 means that there is no preferred size and arequest for a pooled context instance resultsin a newly created context instance only if

no idle ones are available. The default valueis 3.

3. Save the file.

Tuning the Web containerYou can set the time that the HTTP transport channel allows a socket to remainidle between requests.

About this task

The IBM WebSphere Application Server Web container manages all HTTP requests

to servlets, JavaServer Pages and Web services. Requests flow through a transportchain to the Web container. WebSphere Application Server will close a given clientconnection after a number of requests or a timeout period. You can set a value forpersistent timeouts to specify the amount of time, in seconds, that the HTTPtransport channel allows a socket to remain idle between requests.


1. From Integrated Solutions Console, click Servers → Application Servers →stadvanced_server_name → Web container transport chains →WCInboundDefault → HTTP inbound channel (HTTP_2).

2. Under General Properties, type 60 in the Persistent timeout field.3. Click OK.

Tuning securityEnabling security decreases performance. Authentication information persists in thesystem for a limited amount of time before it expires and must be refreshed. Usethe following procedure to tune performance without compromising your securitysettings.

Chapter 7. Tuning 243



About this task

1. From Integrated Solutions Console, click Security → Secure administration,applications, and infrastructure.

2. Under Authentication, click Authentication mechanisms and expiration.

3. Under Authentication expiration, increase the value in the Timeout value forforwarded credentials between servers .

4. Click Apply, and then click OK.

Tuning DB2

IBM DB2 is a database management system that stores information used by IBMLotus Sametime Advanced. A database that has the potential to grow large willrequire some ongoing tuning by a database administrator.

About this task

The full text indexing required by Lotus Sametime Advanced adds some additionalconsiderations. The text indexing service must be started and stopped when thedatabase is started and stopped. The command to start the database instance on allplatforms is:

db2start

The command to start the NSE service is:

db2text start

To stop the database instance, run:

db2stop

To stop the NSE service, run:

db2text stop

Note: DB2 scripts are stored in the \SupportingFiles directory within the LotusSametime Advanced software download.

Periodically, as the dataset grows, the database administrator should reorganize theobjects that need attention, and update the statistics so that the DB2 optimizer canmake optimal plans for accessing the data. There is an example script providedthat can do this named stadv_reorg.sql. This file will reorganize the indexes thatare most likely to require it and will update the statistics in the catalog. This scriptor one like it should be run periodically when the system is lightly loaded, as itwill lock the tables as it runs. The commands to run this script are:

db2 connect to <dbname>db2 –tf stadv_reorg.sql

The database administrator should monitor the DMS tablespaces and addadditional storage as needed. The default tablespace creation scripts allow thetablespaces to automatically grow to a set size. This set size can be changed, oradditional files can be added to the tablespace as needed. After the tablespace hasenough data to be representative of a complete dataset, the database administratormight want to enable compression for the PERSISTENTCHATTEXT table. There isan example script provided for doing this. The commands to run this script are:

db2 connect to <dbname>db2 –tf enable_compression.sql




On a large dataset, this might take significant time to compress all of the tabledata. This will not compress the data in the text indexes, which will still takesignificant storage.

The database administrator may wish to do additional maintenance on the full textindexes that are maintained outside of the database. The text indexes can bealtered after they are created to modify the frequency of updates. Incremental

commits can be configured if the update transactions become too large, and theindexes can be reorganized. See the NSE documentation for more information:http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp. If for any reason,a text index becomes corrupted, re-running dbtext.bat or dbtext.sh will drop alltext indexes and recreate them.

An additional consideration is that dropping a database does not automaticallydrop the text indexes. If the database administrator decides to drop a database thatcontains text indexes, he should run the script dropdbtext.bat or dropdbtext.sh todrop the text indexes first. If the indexes are not dropped, entries for them should

be cleaned out of the DB2 ctedem.dat file. Full documentation about this is in theNSE documentation.

Tuning IBM HTTP Server

IBM HTTP Server operates with IBM WebSphere Application Server to provideWeb access for IBM Lotus Sametime Advanced.

About this task

Monitoring the CPU utilization and checking the IBM HTTP Server error_log andhttp_plugin.log files can help you diagnose Web server performance problems.Web servers allocate a thread to handle each client connection. Ensuring thatenough threads are available for the maximum number of concurrent clientconnections helps prevent this tier from being a bottleneck. Check the error_log file

to see if there are any warnings about having reached the maximum number of clients.

The settings for the Web server can be tuned by making changes to the httpd.conf file on the Web server system. Using the Integrated Solutions Console, go toServers → Web Servers → web_server_name → Configuration file.

Setting open file limits in Linux

If you have a high volume of users logged in to IBM Lotus Sametime Advancedrunning on a Linux server, you might encounter too many files exceptionmessages.

About this task

After 1000 or more users log in, the following exception starts appearing in theSystemOut.log, and no more users can log in:

[3/3/08 11:09:46:701 EST] 0000109d exception E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext CWWIM4520E The 'javax.naming.CommunicationException:pir02pc27.westford5.notesdev.ibm.com:389 [Root exception is java.net.SocketException:Too many open files]' naming exception occurred during

processing.[3/3/08 11:09:46:738 EST] 0000109d exception E com.ibm.ws.wim.adapter.ldap.LdapConnection getDirContext com.ibm.websphere.wim.exception.WIMSystemException:

Chapter 7. Tuning 245



CWWIM4520E The 'javax.naming.CommunicationException: pir02pc27.westford5.notesdev.ibm.com:389 [Root exception is java.net.SocketException:Too many open files]' naming exception occurred during processing.

This problem is caused when a high number of concurrent users get a connectionto the Lotus Sametime Advanced server. Java opens many files and LotusSametime Advanced uses a lot of file descriptors. Eventually, the server runs out of

file descriptors. You can fix this by editing the file descriptor limit in the limitsconfiguration file in Linux.

1. Use a text editor and open /etc/security/limits.conf.

2. Add the following lines to set these limits for all users.

* soft nofile 65535* hard nofile 65535

3. Save the file.

4. Stop and restart the machine running the server.




Chapter 8. Troubleshooting

Use the following topics to troubleshoot problems.

Other sources of information

Use the following links to find other hints and tips when troubleshooting LotusSametime Advanced:

v Lotus Sametime wiki:

www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Advanced_Troubleshooting_Guide

v Tech Notes for Lotus Sametime Advanced:

www.ibm.com/support/search.wss?q=Sametime%20Advanced&rs=477&tc=SSKTXQ&dc=DB520&dtm

Gathering logs and traces for IBM support

Use the IBM Websphere Collector tool to gather logs and traces that IBM CustomerSupport can use when troubleshooting your problem.

About this task

The collector tool gathers information about your WebSphere Application Serverinstallation and packages it in a Java archive (JAR) file that you can send to IBMCustomer Support to assist in determining and analyzing your problem.Information in the JAR file includes logs, property files, configuration files,operating system and Java data, and the presence and level of each softwareprerequisite.

1. Use the IBM Websphere Collector tool to gather logs and traces from all of theenvironment machines.

For information on using the Websphere Collector tool, see the WebSphereinformation center at the following Web address (formatted here forreadability):

http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/com.ibm.websphere.nd.doc/info/ae/ae/ttrb_runct.html

2. Run the collector on each of the computers in the Lotus Sametime Advanceddeployment.

Notes

v On each machine, run collector once for each of the WebSphere ApplicationServer profiles.

The profiles are stored in the \profiles directory; for example on Microsoft

Windows:C:\Program Files\ibm\WebSphere\AppServer\profiles

v The collector resides in the \bin directory below the profile; for example:

C:\Program Files\ibm\WebSphere\AppServer\profiles\ST_Advanced_Profile\bin\collector

The output from each execution of the collector is placed in your currentworking directory, and includes the name of the profile on which it was runusing the format:

myHostName-MyCellName-MyNodeName-ST_Advanced_Profile-WASenv.jar


http://www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Advanced_Troubleshooting_Guide

http://www.ibm.com/support/search.wss?q=Sametime%20Advanced&rs=477&tc=SSKTXQ&dc=DB520&dtm





http://www.ibm.com/support/search.wss?q=Sametime%20Advanced&rs=477&tc=SSKTXQ&dc=DB520&dtm

http://www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Advanced_Troubleshooting_Guide



Note: The generated files will include all log files located in the "logs" directoryunder the profile directory. To reduce the log size, you might choose to deleteall of the existing log files, recreate the problem, and only then gather the logs.

3. Submit the collector generated log files to IBM support.

Setting a diagnostic trace on a server

You can specify how the server handles Lotus Sametime Advanced log records.You can also specify a log detail level for components and groups of components.

1. Log in to the Integrated Solutions Console as a WebSphere administrator athttp:// yourserver.company.com:9060/admin).

Note: The port might be 9061 instead of 9060.

2. Click Troubleshooting --> Logs and Trace.

3. Click the Sametime Advanced server that you want to trace.

4. Under General Properties, click Change Log Detail Levels.

5. Select the Runtime tab.

6. Use the following table to determine what type of logging that you want to

enable. The table lists the components that you would typically choose. Thislist of components is not complete. Other components might be chosendepending on the issue being tracked.

Type of logging Choose this detail level

Persistence com.ibm.sametime.persistence.*

General Administrationpage logging

com.ibm.rtc.servlet.*

Chat com.ibm.rtc.polled.*

Community com.ibm.collaboration.services.*

Skill tap com.ibm.collaboration.realtime.bcs.skilltap.services.

SkilltapAccessLDAP com.ibm.collaboration.services.beans.*

7. From the context menu, select All Messages and Traces. You should now seetext similar to the following example in the log detail level field: *=info:com.ibm.sametime.persistence.*=all

8. Select Save runtime changes to configuration as well.

9. Click OK, and then Save.

10. Monitor the log file in installation_directory\trace.log

Results

Troubleshooting using JVM logs

To start troubleshooting a problem, check the JVM log files first. These log filescollect output for the System.out and System.err output streams for the applicationserver process. One log file is specified for the SystemOut.log output stream andone file specified for the SystemErr.log output stream.

About this task

An application can write print data to the JVM logs either directly in the form of System.out.print() or System.err.print() method calls or by calling a JVM function,




such as Exception.printStackTrace(). In addition, the System.out JVM log containssystem message events written by the WebSphere Application Server. In the case of a IBM WebSphere Application Server Network Deployment configuration, JVMlogs are also created for the deployment manager and each node manager, sincethey also represent JVMs.

v SystemOut.log is more useful monitoring the health of the running applicationserver but can help in determining a problem, although it's better to use the IBMService log and the advanced capabilities of the Log Analyzer to determine aproblem.

v SystemErr.log contains exception stack trace information that is useful whenperforming problem analysis.

The JVM log files are self-managing to the extent that they can be configured notto grow beyond a certain size. Also, you can set how many historical, or archived,files to keep and which of the log files to rollover or archive based by time or sizeor both.

1. In the Integrated Solutions Console, click Troubleshooting --> Logs and Trace.

2. Click the Sametime Advanced server name.

3. Under General Properties, click JVM Logs.

Note: Any configuration changes to the JVM logs that are made to a runningSametime Advanced server do not take effect until you restart the server. Anylog and trace settings that you change in the Runtime tab take effect withoutrestarting, but do not take effect once you restart – unless you also made thosechanges in the Configuration tab.

4. To configure or change a log setting, use the settings on the Configuration tab.

5. To view the output of the logs, click the Runtime tab, then click View.

Results

Troubleshooting a failed WebSphere Application StartupIn the event that a change is made to a WebSphere Application Server componentof IBM Lotus Sametime Advanced, WebSphere Application Server could fail tostart.

1. Use a text editor to open the WebSphere Application Server file here:<was_home>\Appserver\profiles\<st_adv_profile>\config\cells\<cellName>\nodes\<node name>\servers\<st_adv_server>\server.xml.

2. In the server.xml file, search for jvmEntries. For example:

<jvmEntries xmi:id="JavaVirtualMachine_1190064977109"verboseModeClass="false" verboseModeGarbageCollection="false"verboseModeJNI="false" initialHeapSize="1024"maximumHeapSize="1280" runHProf="false" debugMode="false"

debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777"genericJvmArguments="-Xgcpolicy:gencon -Xgc:scvNoAdaptiveTenure,scvTenureAge=8,stdGlobalCompactToSatisfyAllocate -Xmn256m"disableJIT="false"/>

If the JVM arguments are incorrect, you must modify thegenericJvmArguments attribute of the jvmEntries element of server.xml. Youcould leave it blank, to eliminate all errors, or try modifying the value of theattribute until it is correct. Two value here are the heap sizes. These values areset when you set the JVM garbage collection policy. But you can set them set

Chapter 8. Troubleshooting 249



them in the server.xml as well. These values are the initialHeapSize with arecommended value of 1024, and maximumHeapSize, set to a recommendedvalue of 1280.

3. Save the file and restart the server.

Troubleshooting authentication

If users are having difficulties authenticating, check their browser settings forcookies and language.

About this task

v Authenticated users cannot enter chat rooms unless they accept cookies. If a userlogs in to IBM Lotus Sametime Advanced and cannot enter a chat room wherethe user is listed as a member, the user should be sure that the browser isaccepting cookies.

v Users might have be unable to authenticate if their user IDs and passwordscontain characters that are not part of the character set of the language that their

browsers use.

Follow these instructions to enable cookies and set the language for your browser:1. Open your browser.

2. If you are using Microsoft Internet Explorer, follow these steps:

a. Click Tools → Internet Options.

b. Click the Privacy tab.

c. Move the slider to an appropriate selection for your site that acceptscookies.

d. Click the General tab.

e. Click Languages.

f. Use the Remove and Add controls to set your browser to the languagewhose character set you use in your ID and password.

g. Click OK.

3. If you are using Mozilla Firefox, follow these steps:

a. Click Tools → Options.

b. Click the Privacy button.

c. Under Cookies, select Accept cookies from sites.

d. Click the Advanced button.

e. Click the General tab.

f. Click the Choose button.

g. Select the language whose character set you use in your ID and password.

h. Click OK.

4. Click OK.

Troubleshooting Event Broker password changes

If you have changed the password that is used either as the password for theServiceUserId or DataSourceUserId for any of the IBM WebSphere Event Brokercomponents, for example a remote DB2 server, you might find these componentshave access problems.




About this task

The ServiceUserID is the user ID under which the broker runs; theDataSourceUserID is the user ID with which the databases containing broker tablesand user data are to be accessed. You must re-configure the Event Broker and theConfiguration Manager to reflect password changes for these users. TheConfiguration Manager is the central runtime component that manages the

components and resources that constitute the broker domain.

Use the mqsichangebroker command for changing the password on the EventBroker, and the mqsichangeconfigmgr command for changing the password on theConfiguration Manager. For more information on passwords and using thesecommands, see "Have you recently changed a password?" in the Event Brokerinformation center at:

publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp

1. Stop the Event Broker.

2. Open a command line on the Event Broker server.


mqsichangebroker broker_name -a new_service_user_id_password -p db_user_id_password

If you are only changing one password, for example, the DataSourceUserIDpassword, you can use the same command:

mqsichangebroker broker_name -p db_user_id_password

4. Restart the Event Broker for the changes to take effect.

5. Stop the Configuration Manager.

6. Open a command line on the Event Broker server.


mqsichangeconfigmgr configuration_manager_name -a <new_service_user_id_password

8. Restart the Configuration Manager for the changes to take effect.

Chapter 8. Troubleshooting 251





Notices

This information was developed for products and services offered in the U.S.A.

IBM may not offer the products, services, or features discussed in this document inother countries. Consult your local IBM representative for information on theproducts and services currently available in your area. Any reference to an IBMproduct, program, or service is not intended to state or imply that only that IBMproduct, program, or service may be used. Any functionally equivalent product,program, or service that does not infringe any IBM intellectual property right may

be used instead. However, it is the user's responsibility to evaluate and verify theoperation of any non-IBM product, program, or service.

IBM may have patents or pending patent applications covering subject matterdescribed in this document. The furnishing of this document does not grant youany license to these patents. You can send license inquiries, in writing, to:

IBM Director of LicensingIBM CorporationNorth Castle DriveArmonk, NY 10504-1785U.S.A.

For license inquiries regarding double-byte (DBCS) information, contact the IBMIntellectual Property Department in your country or send inquiries, in writing, to:

Intellectual Property LicensingLegal and Intellectual Property LawIBM Japan Ltd.

1623-14, Shimotsuruma, Yamato-shiKanagawa 242-8502 Japan

The following paragraph does not apply to the United Kingdom or any othercountry where such provisions are inconsistent with local law:INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THISPUBLICATION “AS IS” WITHOUT WARRANTY OF ANY KIND, EITHEREXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIEDWARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESSFOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express orimplied warranties in certain transactions, therefore, this statement may not applyto you.

This information could include technical inaccuracies or typographical errors.Changes are periodically made to the information herein; these changes will beincorporated in new editions of the publication. IBM may make improvementsand/or changes in the product(s) and/or the program(s) described in thispublication at any time without notice.

Any references in this information to non-IBM Web sites are provided forconvenience only and do not in any manner serve as an endorsement of those Websites. The materials at those Web sites are not part of the materials for this IBMproduct and use of those Web sites is at your own risk.




IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you.

Licensees of this program who wish to have information about it for the purposeof enabling: (i) the exchange of information between independently createdprograms and other programs (including this one) and (ii) the mutual use of theinformation which has been exchanged, should contact:

IBM Corporation5 Technology Park DriveWestford Technology ParkWestford, MA 01886.

Such information may be available, subject to appropriate terms and conditions,including in some cases, payment of a fee.

The licensed program described in this information and all licensed materialavailable for it are provided by IBM under terms of the IBM Customer Agreement,IBM International Program License Agreement, or any equivalent agreement

between us.

Any performance data contained herein was determined in a controlledenvironment. Therefore, the results obtained in other operating environments mayvary significantly. Some measurements may have been made on development-levelsystems and there is no guarantee that these measurements will be the same ongenerally available systems. Furthermore, some measurements may have beenestimated through extrapolation. Actual results may vary. Users of this documentshould verify the applicable data for their specific environment.

Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources.IBM has not tested those products and cannot confirm the accuracy of

performance, compatibility or any other claims related to non-IBM products.Questions on the capabilities of non-IBM products should be addressed to thesuppliers of those products.

All statements regarding IBM's future direction or intent are subject to change orwithdrawal without notice, and represent goals and objectives only.

All IBM prices shown are IBM's suggested retail prices, are current and are subjectto change without notice. Dealer prices may vary.

This information is for planning purposes only. The information herein is subject tochange before the products described become available.

This information contains examples of data and reports used in daily businessoperations. To illustrate them as completely as possible, the examples include thenames of individuals, companies, brands, and products. All of these names arefictitious and any similarity to the names and addresses used by an actual businessenterprise is entirely coincidental.

COPYRIGHT LICENSE:

This information contains sample application programs in source language, whichillustrate programming techniques on various operating platforms. You may copy,modify, and distribute these sample programs in any form without payment to




IBM, for the purposes of developing, using, marketing or distributing applicationprograms conforming to the application programming interface for the operatingplatform for which the sample programs are written. These examples have not

been thoroughly tested under all conditions. IBM, therefore, cannot guarantee orimply reliability, serviceability, or function of these programs. The sampleprograms are provided "AS IS", without warranty of any kind. IBM shall not beliable for any damages arising out of your use of the sample programs.

Each copy or any portion of these sample programs or any derivative work, mustinclude a copyright notice as follows:

© (your company name) (year). Portions of this code are derived from IBM Corp.Sample Programs. © Copyright IBM Corp. _enter the year or years_. All rightsreserved.

If you are viewing this information softcopy, the photographs and colorillustrations may not appear.

Trademarks

These terms are trademarks of International Business Machines Corporation in theUnited States, other countries, or both:

IBMAIXDB2DB2 Universal Database DominoDominoDomino DesignerDomino Directoryi5/OSLotus

Lotus NotesNotesOS/400SametimeWebSphere

AOL is a registered trademark of AOL LLC in the United States, other countries, or both.

AOL Instant Messenger is a trademark of AOL LLC in the United States, othercountries, or both.

Google Talk is a trademark of Google, Inc, in the United States, other countries, or

both.

Yahoo! is a registered trademark of Yahoo, Inc. in the United States, othercountries, or both.

Yahoo! Messenger is a trademark of Yahoo, Inc. in the United States, othercountries, or both.

Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in theUnited States, other countries, or both.

Notices 255



Microsoft, and Windows are registered trademarks of Microsoft Corporation in theUnited States, other countries, or both.

Intel and Pentium are trademarks or registered trademarks of Intel Corporation orits subsidiaries in the United States, other countries, or both.

Linux is a trademark of Linus Torvalds in the United States, other countries, or

both.

Other company, product, or service names may be trademarks or service marks of others.
