Lotus Sametime Advanced 8.0.1 For IBM Lotus Sametime Standard 8.5.1 Installation and Administration Guide

Sametime Version 8.5.
Lotus Sametime Advanced 8.0.1 for IBM Lotus Sametime Standard 8.5.1 Installation and Administration Guide
V ersion 8.5.1
Sametime Version 8.5.1
Lotus Sametime Advanced 8.0.1 for IBM Lotus Sametime Standard 8.5.1 Installation and Administration Guide
V ersion 8.5.1
Note Before using this information and the product it supports, read the information in "Notices."
Edition notice This edition applies to version 8.0.1 of IBM Lotus Sametime Advanced (program number 5724J23) and to all subsequent releases and modifications until otherwise indicated in new editions. Copyright IBM Corporation 2007, 2010. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Contents
Chapter 1. Overview . . . . . . . . . 1
What is Lotus Sametime Advanced? . . . . . . 1 What's new in Lotus Sametime Advanced . . . . 2 Accessibility features for Lotus Sametime Advanced 3 PDF library . . . . . . . . . . . . . . . 4 Connecting Lotus Sametime Connect clients to the Lotus Sametime Advanced server . . . . Accessing Lotus Sametime Advanced from a browser . . . . . . . . . . . . . . Configuring SSL . . . . . . . . . . . . Configuring SSL for the Sametime Advanced Server . . . . . . . . . . . . . . . Configuring SSL for Web access to Sametime Advanced . . . . . . . . . . . . . Configuring SSL for the Sametime Client . . . Configuring Sametime Advanced for SSL communication with Event Broker . . . . . Configuring Event Broker for SSL communication with Sametime Advanced . . . Configuring SSL for broadcast communities . . Integrating SiteMinder with Lotus Sametime Advanced . . . . . . . . . . . . . . Creating configuration objects . . . . . . . Configuring domains and realms for Lotus Sametime Advanced . . . . . . . . . . Installing and configuring the SiteMinder Web Agent . . . . . . . . . . . . . . . Installing and configuring the SiteMinder TAI Enabling and testing the SiteMinder Web Agent and TAI . . . . . . . . . . . . . . Configuring logout in SiteMinder . . . . . Configuring SiteMinder for the Lotus Sametime server . . . . . . . . . . . . . . . Awareness and SiteMinder . . . . . . . . 166 172 172 172 179 181 184 185 186 188 190 191 193 194 195 196 196 200
Chapter 2. Planning. . . . . . . . . . 7
System requirements. . . . . . . . . . . Lotus Sametime Advanced installation overview . . 7 . 7
Chapter 3. Installing . . . . . . . . . 9
Installing servers . . . . . . . . . . . . . 9 Downloading Lotus Sametime Advanced files for installation . . . . . . . . . . . . . . 9 Installing Lotus Sametime Standard. . . . . . 9 Installing Lotus Sametime Advanced . . . . . 10 Installing updates for Lotus Sametime Advanced 111 Installing Lotus Sametime Advanced for Lotus Sametime clients . . . . . . . . . . . . 116 Installing the Lotus Connections hotfixes . . . 116 Installing Lotus Sametime Advanced to Lotus Sametime clients using the add-on installer . . 116 Setting up the Sametime Advanced Client feature update site on the IBM HTTP Server . . 118 Starting and stopping servers . . . . . . . . 119 Starting Windows servers automatically . . . 119 Starting Linux servers automatically . . . . . 120 Starting and stopping a DB2 server . . . . . 120 Starting and stopping DB2 Net Search Extender 121 Starting and stopping the HTTP Server . . . . 121 Starting and stopping a Sametime server . . . 122 Starting and stopping a Domino server . . . . 122 Starting and stopping Lotus Sametime Advanced and WebSphere Application Server . 123 Starting and stopping WebSphere MQ and WebSphere Event Broker . . . . . . . . 124 Starting and stopping a network deployment 124 Uninstalling . . . . . . . . . . . . . . 126 Uninstalling prerequisite components . . . . 126 Uninstalling Lotus Sametime Advanced . . . 130
Chapter 6. Administering . . . . . . 203

Controlling access in Sametime Advanced . . . Configuring the user access level to Sametime Advanced . . . . . . . . . . . . Setting up a folder hierarchy for chat rooms . Assigning creators for broadcast communities Limiting anonymous access . . . . . . Configuring licensing management . . . . . Issuing licenses to users . . . . . . . . Command line user management. . . . . Turning on workflow. . . . . . . . . . Enabling Awareness . . . . . . . . . . Changing the administrator password . . . . Updating your LDAP administrator password Updating your WAS administrator password Updating your Event Broker administrator password . . . . . . . . . . . . . Updating your DB2 administrator password . Changing SMTP user credentials after installation . . . . . . . . . . . . Integrating Lotus Sametime Advanced with Lotus Connections . . . . . . . . . . . . . Granting an administrator rights to Lotus Connections 1.0.2 communities . . . . . . 203 . 203 . 204 206 . 207 . 207 . 208 . 209 . 210 . 211 . 213 213 214 . 214 . 215 . 216 . 216 . 216
Chapter 4. Upgrading . . . . . . . . 135

Upgrading Lotus Sametime Advanced clients . . 135 Providing an update site for clients . . . . . 135 Upgrading the Lotus Sametime Advanced client to Lotus Sametime Advanced 8.5.1 . . . . . 141
Chapter 5. Configuring . . . . . . . 143

Finishing the deployment . . . . . . Supporting connections on port 80 . . Configuring an LDAP connection . . Configuring a mail server . . . . . Connecting Lotus Sametime Advanced to Sametime Standard . . . . . . .
Copyright IBM Corp. 2007, 2010
. . . . . . . . . . . . Lotus . . .
143 143 148 156 157
iii
Granting an administrator rights to Lotus Connections 2.5 communities . . . . . . Synchronizing Sametime Advanced with Lotus Connections . . . . . . . . . . . . Setting up community synchronization with HTTPS . . . . . . . . . . . . . Monitoring Sametime Advanced . . . . . . Monitoring chat room statistics . . . . . Monitoring broadcast community statistics . Archiving chat rooms . . . . . . . . . Disabling chat rooms . . . . . . . . . . Backing up user data . . . . . . . . . .
. 217 . 219 . . . . . . . 220 220 220 221 221 222 222
Tuning the Web container . Tuning security. . . . . Tuning DB2 . . . . . . . Tuning IBM HTTP Server . . Setting open file limits in Linux
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
. . . . .
227 228 228 229 230
Chapter 8. Troubleshooting . . . . . 231

Gathering logs and traces for IBM support . . Setting a diagnostic trace on a server . . . . Troubleshooting using JVM logs . . . . . . Troubleshooting a failed WebSphere Application Startup . . . . . . . . . . . . . . Troubleshooting authentication . . . . . . Troubleshooting Event Broker password changes . 231 . 232 . 232 . 233 . 234 235
Chapter 7. Tuning
. . . . . . . . . 225
. . . . . . . . . . . . . . . . . . . . 225 225 225 226
Tuning WebSphere Application Server Setting thread pool values . . . Tuning the JVM . . . . . . Tuning access to the LDAP server
Notices . . . . . . . . . . . . . . 237
Trademarks . . . . . . . . . . . . . . 239
iv
Lotus Sametime Advanced: Installation and Administration Guide
Chapter 1. Overview
Learn about a IBM Lotus Sametime Advanced deployment.
What is Lotus Sametime Advanced?

IBM Lotus Sametime Advanced works with a Lotus Sametime Standard deployment to extend the infrastructure and features. For organizations that need advanced collaboration, within specific departments or across the entire global enterprise, Lotus Sametime Advanced makes it easy to find information and share expertise, engage in ongoing conversations, share your desktop instantaneously for collaboration or help desk support, and automatically store and reuse geographic location information. v Persistent Group Chat Rooms Users can create, enter, and read/contribute to ongoing chats at any time Users can be alerted to new content, events, and people in the chat room Users can participate from the Lotus Sametime Connect client or a browser Persistent Chat Rooms can be linked to Broadcast Channels v Real-time Broadcast Channels Broadcast Announcements: real-time alerts can be sent to channel subscribers Instant Poll: subscribers can create and respond to real-time polls Skill Tap: subscribers can find and interact with experts; expert responses can be saved and retrieved Broadcast Chat: invite members of a broadcast community to an online group conversation v Location services Server-stored locations Ability to see the last time and location from which an offline colleague was last online v Instant Share: share or remotely control a computer screen with colleagues Component applications Lotus Sametime Advanced operates with several component applications, which may be installed on different computers to distribute the load: v LDAP directory An LDAP directory stores information about all of your users so that they can be authenticated at login and their data (such as buddy lists) can be properly tracked. You must have an LDAP directory installed and configured before you attempt to deploy Lotus Sametime Advanced because you will need to configure several fields and port settings either while installing Lotus Sametime Advanced, or immediately afterward (the LDAP directory is not included with Lotus Sametime Advanced software components). v Lotus Sametime Standard and Lotus Sametime Connect client Lotus Sametime Standard provides the base instant-messaging features used in the deployment; users access both Lotus Sametime Standard and Lotus Sametime Advanced by means of the Lotus Sametime Connect client (or a
browser for persistent group chat). You must have the Lotus Sametime Standard community server installed and configured before you attempt to deploy Lotus Sametime Advanced, because you will need to reference the Lotus Sametime Standard community server host name and HTTP port when installing Lotus Sametime Advanced. v DB2 relational database system Two databases are used in a Lotus Sametime Advanced deployment: one (called "STADV" in this documentation) stores data related to the function of Lotus Sametime Advanced itself; another (called "BRKRDB" in this documentation) stores messaging-related data for use by WebSphere Event Broker. You must have DB2 installed, and these databases created, before you attempt to deploy Lotus Sametime Advanced, because you will establish connections to the databases during the Lotus Sametime Advanced and the WebSphere Event Broker installations. v Websphere MQ and WebSphere Event Broker WebSphere MQ and WebSphere Event Broker work together to improve the performance and security of communications between applications; that is why they must always be installed on the same server. WebSphere MQ provides configuration and queuing support for messaging, while WebSphere Event Broker provides broadcast capabilities by means of a "message flow" whose definition tells the broker what port listen on, and what to do with incoming messages.
What's new in Lotus Sametime Advanced

Learn more about the new features in this release that allow IBM Lotus Sametime Advanced make communications in your organization simple and effective.
Passwords
In earlier versions of the Lotus Sametime Connect client, the user's password was always saved inside the client. Now, the user's password can only be retrieved if the user clicks the Save Password option at login. This affects Lotus Sametime Advanced because users need the password to log in to the Lotus Sametime Advanced server. Lotus Sametime Advanced has been changed so that it can run in two modes: password mode or token mode. If Lotus Sametime Advanced is in token mode, then instead of the user's password, an LTPA token is passed from the Lotus Sametime Connect client to the Lotus Sametime Advanced server to log in. Similarly, the token is also used by the Event Broker. If Lotus Sametime Advanced is in password mode, then Lotus Sametime Advanced works like it did in previous releases as long as users save their passwords at login.
LTPA token support

In this release, users can authenticate with the Lotus Sametime Advanced server with a LTPA token instead of a password as described in the previous section. This new feature requires that you enable single sign-on between the Lotus Sametime Community Server and the Lotus Sametime Advanced server. Token support also allows Lotus Sametime Advanced to support SPNEGO tokens. Once SPNEGO token support is configured on the Lotus Sametime Connect client, the client works seamlessly with Lotus Sametime Advanced.
Instant Share
In Lotus Sametime Standard 8.5, there is a new version instant share feature based on the Lotus Sametime Meeting Server. Now, Lotus Sametime Advanced can run an instant share session using the new Lotus Sametime Meeting Server. The instant share feature can be placed in one of two modes: meeting server mode, where it uses the new Lotus Sametime Meeting Server for the instant share session, or classic mode, where it uses the old Lotus Sametime server to run the instant share meeting.
Lotus Connections 2.5

In this release, you can synchronize Lotus Connections 2.5 communities with IBM Lotus Sametime Advanced communities.
SSL
The procedure for exporting Event Broker certificates for Lotus Sametime Connect clients has been streamlined and simplified.
Accessibility features for Lotus Sametime Advanced

Accessibility features help users who have a physical disability, such as restricted mobility or limited vision, to use information technology products successfully.
Accessibility features
IBM Lotus Sametime Advanced has the following accessibility features: v The following features are for vision-impaired users: Can be operated by using only the keyboard Communicates all information independent of color Supports interfaces commonly used by screen readers and screen magnifiers Supports the attachment of alternate output devices Provides help information in an accessible format v The following features are for users who have mobility impairments or limited use of their hands: Allows the user to request more time to complete timed responses Can be operated by using only the keyboard Supports the attachment of alternative input and output devices v The following features are for the deaf and hard of hearing users: Supports alternatives to audio information Supports adjustable volume control v The console does not flash the screen at rates that could induce epileptic seizures The help system has the following accessibility features: v Uses the accessibility support enabled by the browser that is used to display the help v Enables navigation by using the keyboard Tip: The Sametime Information Center and its related publications are accessibility-enabled. You can operate all features using the keyboard instead of the mouse.
Chapter 1. Overview
Navigating the console by using the keyboard

This product uses standard Microsoft Windows navigation keys. To move through the controls on a particular page, use the Tab key. To click a link or control on a page using the keyboard, navigate to the link or control and press Enter. To 1. 2. 3. change the navigation view using the keyboard, follow these steps. Navigate to the View selection list using the Tab key. Use the up and down arrows to change the value of the selection list. Press Enter. The tasks displayed in the navigation are changed according to your selection.
Navigating help by using the keyboard

Use the following key combinations to navigate the help system by keyboard: v To bring the Topic pane (the right hand side) into focus, press Alt+K, and then press Tab. v In the Topic pane, to go to the next link, press Tab. v To go to the previous link, press Shift+Tab. v To go directly to the Search Results view in the left hand side, press Alt+R, and then press Enter or Up arrow to enter the view. v To go directly to the Navigation (Table of Contents) view in the left hand side, press Alt+C, and then press Enter or Up arrow to enter the view. v To navigate your browser history, press Alt+Left arrow to go back. If you have navigated back to a previously view page, you can use Alt+Right arrow to navigate forward again. v To expand and collapse a node in the navigation tree, tab to the + or - image next to it to bring the image into focus, and then press the Right or Left arrows. v To go to the next frame in the help system, press F6. v To go to the previous frame in the help system, press Shift+F6. In the navigation, to move to the next topic node, press the Down arrow or Tab. v To move to the previous topic node, press the Up arrow or Shift+Tab. v To go to the next link, button, or topic node from inside a view, press Tab. v To scroll all the way up or down in a frame, press Home or End, respectively. v To print the active pane, press Ctrl+P. v To move to the search entry field, press Alt+S.
IBM and accessibility

See the IBM Accessibility Center for more information about the commitment that IBM has to accessibility.
PDF library
Help for IBM Lotus Sametime Advanced is available in a PDF format.
Title IBM Lotus Sametime Advanced 8.0.x Quick Start
Title IBM Lotus Sametime Advanced 8.0.1 for Sametime Standard 8.5.1 Installation and Administration Guide
Chapter 1. Overview
Chapter 2. Planning
Plan your IBM Lotus Sametime Advanced installation by reviewing system requirements and the products included in a deployment.
System requirements
Review hardware and software requirements for IBM Lotus Sametime Advanced and its components. Detailed hardware and software requirements for Lotus Sametime Advanced, as well as its components and related products, are maintained at the following Web address:
http://www-1.ibm.com/support/docview.wss?&uid=swg27012109
Important: Lotus Sametime Advanced will not function properly if you install it on the same computer as the Lotus Sametime server.
Lotus Sametime Advanced installation overview

See an overview of how you will install IBM Lotus Sametime Advanced and its prerequisite components.
Installation notes
v If you have already installed Lotus Sametime Advanced 8.0.1 or 8.0.1 CF1, then you can skip the "Installing servers" section of the information center, and install the updates for Lotus Sametime Advanced 8.5.1. The instructions for installing the updates are in Installing updates for Lotus Sametime Advanced on page 111 and Installing Lotus Sametime Advanced for Lotus Sametime clients on page 116. v If you are upgrading to Lotus Sametime Advanced 8.5.1, you must upgrade the server before the clients, because the clients depend on the server. v You must create a new update site for clients. Update sites for previous versions of Lotus Sametime Advanced do not work with the Sametime client for 8.5.1.Installing Lotus Sametime Advanced for Lotus Sametime clients on page 116 v There is a new requirement for LTPA token support: Single sign-on must be enabled between the Lotus Sametime Community server and the Lotus Sametime Advanced server. See Enabling Single Sign-on on page 157
Chapter 3. Installing
Install IBM Lotus Sametime Advanced and related products, start and stop servers, and uninstall components of the deployment.
About this task

Choose the appropriate task:
Installing servers
Install IBM Lotus Sametime Advanced 8.5.1 by completing the appropriate tasks for your selected deployment. All deployments require you to install prerequisite components and complete additional tasks to finish setting up the deployment.
Before you begin

Important: Lotus Sametime Advanced will not function properly if you install it on the same computer as the Lotus Sametime server.
About this task

Installing Lotus Sametime Advanced 8.5.1 consists of the following tasks, performed in the sequence shown here. Note: If you have already installed Lotus Sametime Advanced 8.0.1, you can skip this to the last step "Updating Lotus Sametime Advanced 8.5.1."
Downloading Lotus Sametime Advanced files for installation

IBM enables users to download IBM Lotus Sametime Advanced installation kits from the Passport Advantage Web site.
Before you begin

You must have a Passport Advantage account with IBM to use this facility. For more information on using Passport Advantage, see the following Web address:
http://www.ibm.com/software/howtobuy/passportadvantage/paocustomer/docs/en_US/ecare.html
About this task

The Sametime Advanced 8.0.1 Download document contains a complete listing of required and optional parts for this release. Locate the components you need in the document's listing, and download the packages labelled with the corresponding part numbers. You can view the Download document at the following Web address:
http://www.ibm.com/support/docview.wss?rs=477&uid=swg24018149
Installing Lotus Sametime Standard

Install IBM Lotus Sametime Standard, which will be managed with Lotus Sametime Advanced. You must install Lotus Sametime Standard before you
attempt to install Lotus Sametime Advanced, as you will be prompted for the Lotus Sametime Standard server's host name and HTTP port during installation of Lotus Sametime Advanced.
Procedure
1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Standard and related applications is described in the Download document posted at the following Web address: http://www.ibm.com/support/docview.wss?rs=477&uid=swg24027054. 3. Install Lotus Sametime Standard. Installing Lotus Sametime Standard is explained in the Lotus Sametime Installation and Administration help, located in the Lotus Sametime information center at:
http://publib.boulder.ibm.com/infocenter/sametime/v8r5/index.jsp
4. Make the Lotus Sametime Connect Client available on the network. Follow the instructions in the Sametime Standard Server Installation help topic Making the client installation files available to post the client files on the Sametime Standard server so users can download to their computers.
Installing Lotus Sametime Advanced

You can install IBM Lotus Sametime Advanced using a single server or a clustered deployment; the procedures are the same for both releases. A single-server deployment can consist of all prerequisite applications hosted on the same computer as Lotus Sametime Advanced, or of one computer hosting Lotus Sametime Advanced plus one or more additional computers hosting the other applications. A clustered deployment uses the IBM WebSphere Application Server network deployment to distribute and manage multiple instances of Lotus Sametime Advanced. Your deployment needs will depend on the amount of resources available and the number of users you anticipate supporting. Note: If you install Lotus Sametime Advanced using the single-server deployment, you will not be able to easily convert it to a clustered deployment later; if you anticipate an increase in capacity needs in the near future, you may want to deploy a minimally sized cluster instead. It is recommended that you initially deploy Lotus Sametime Advanced in a cluster, even if it only contains a single node, as it will be easier to later add additional nodes. Select a deployment and follow the instructions to install and configure Lotus Sametime Advanced:
Installing Lotus Sametime Advanced on a single server

Select a method for installing the IBM Lotus Sametime Advanced server software as a single-server deployment. Linux users can run a simplified install using the archive installation program, which automatically installs and configures prerequisite components, along with Lotus Sametime Advanced, on a single computer. Using the graphical installation program lets you decide which computers should host the various applications used in the deployment, but requires you to install and configure them. There are two ways to install the Lotus Sametime Advanced server software:
10
Running the archive installer on Linux: Linux users can run an archive installer to automatically install and configure IBM Lotus Sametime Advanced as a single-server deployment. This feature is available only for the Red Hat and SuSE operating systems. Before you begin The archive installer is intended for pilot and proof-of-concept use only. Installing all of these components on a single server is not recommended for a production environment because you will not be able to support a large number of users. IBM makes the archive file available to you for downloading; you then run the archive installer on Linux to install and configure Lotus Sametime Advanced, plus related applications, on a single computer. Note: This procedure assumes you have installed one of the following Linux operating systems on your computer: v Linux RHEL AS xSeries 4.0 Update 4 v SuSE Linux Enterprise Server xSeries 10.0 SP1 You will also need to ensure that python and python xml tools have been installed, as these may not be installed default in SuSE. About this task The archive install automatically installs and configures the following components in addition to the Lotus Sametime Advanced application itself: v IBM DB2 Enterprise Server Edition Attention: This installer automatically creates a two databases: CHATS is created for use with Lotus Sametime Advanced; whenever instructions or examples in this documentation refer to the database named STADV, you will work with the CHATS database instead. BRKRDB is created for use with IBM WebSphere Event Broker; if the instructions refer to the BRKRDB database, then you should use that name. If you change these database names yourself, then be sure to note down the new names and use them later. v IBM HTTP Server v IBM WebSphere MQ v IBM WebSphere Event Broker You must already have a supported LDAP directory installed, and will be required to configure it during the archive installation. Set up and run the archive installer by following these procedures: Procedure 1. (Linux RHEL only) Disable SELinux on any RedHat operating system: a. Log in as root on the Linux RedHat server where you will install Lotus Sametime Advanced. b. Open the /etc/selinux/config file for editing. c. Locate the SELINUX setting.
11
d. Change its value to either disable or permissive. e. Save and close the file. f. Restart the Linux server. 2. Log in as root on the computer where you will install Lotus Sametime Advanced. 3. Download the archive installer package to the /opt directory. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. You will need at least 15GB of free space in the directory where you store the archive installation file; the installation itself requires 6GB space. 4. Extract the archive installer using the following command:
tar -xvzpf file_name.tar.gz
5. Navigate to the directory containing the extracted archive installer:

cd /opt/Applianceware
6. Run the installation with the following command:

./install.sh
The archive installer begins: As the installer runs, you will be prompted to enter information about your deployment. 7. Type information in response to the install and configuration prompts that appear:
Option Welcome to the IBM Lotus Sametime Advanced Server install. OCO Source Materials L-GHUS-6LUKN6 (c) Copyright IBM Corp. 2008 The source code for this program is not published or otherwise divested of its trade secrets, irrespective of what has been deposited with the U.S. Copyright Office. Do you agree with the license agreement? 1) Yes 2) No Enter your choice : 1 You entered "1". Is this correct? (y/n) y Enter the fully qualified host name of this system : sales3.acme.com Type y to accept the license agreement. You cannot proceed with the install unless you accept the license agreement. In this example, the user has typed "1" and then "y" to confirm it. Type the fully qualified DNS (host_name.domain) for the current server; for example: sales3.acme.com. In this example, the user did not accept the detected host name, and specified sales3.acme.com as the host name instead. Enter the LDAP host name : ldap.acme.com You entered ldap.acme.com. Is this correct? (y/n) y Type the host name (or IP address) of your LDAP server. In this example, the user typed "ldap.acme.com" as the host name of the LDAP server, and then "y" to confirm it. Description
12
Option Enter the LDAP port number : 389 You entered "389". Is this correct? (y/n) y
Description Type the port used for access the LDAP server; for example: 389. In this example, the user typed "389" as the LDAP port, and then "y" to confirm it. Type the number that matches the LDAP product you are using. In this example, the user typed "1" to specify IBM Directory Server as the LDAP, and then "y" to confirm it. 1
What LDAP server are you using? What LDAP server are you using? 1) IBM Directory Server 2) IBM Lotus Domino 3) Sun One 4) Microsoft Active Directory Enter your LDAP server type [1-4] : You entered IBM Directory Server. Is this correct? (y/n) y
If product entered is 2) - IBM Lotus Domino, then you will be asked the following question: Is BaseDN Null 1) Yes 2) No ? 2 You entered "2". Is this correct? (y/n) y For all LDAP products (including Lotus Domino if you indicated that the Base DN in not Null), you will be asked for the LDAP's base distinguished name: Enter the LDAP BaseDN: o=ibm.com You entered o=ibm.com". Is this correct? (y/n) y What LDAP field is used during the authentication process? mail You entered "mail". Is this correct? (y/n) y
Type 1 to if the base distinguished name (Base DN) is null, or 2 if not. Note: You should type "2" for No (not null) as shown in this example, and then specify a Base DN when prompted, to avoid problems later when enabling SSO and awareness. Type the name of the field used as the Base DN in your LDAP. The Base DN (base distinguished name) indicates the level at which searches begin in the LDAP. In this example, the user typed "o=ibm.com" as the base distinguished name, and then "y" to confirm it. Type the name of the field in the LDAP directory that will be used for authentication when a user logs in. This is frequently the LDAP's mail field. To support SSL, this field must match the field used for authentication with the classic Lotus Sametime 8 server. In this example, the user typed "mail" as the field used for authentication, and then "y" to confirm it.
What LDAP field is used to identify the Display Name ? cn You entered "cn". Is this correct? (y/n) y
Type the name of the field in the LDAP directory that will be used as the Display Name. This is frequently the cn field. In this example, the user typed "cn" as the field used for authentication, and then "y" to confirm it. Type the number that matches the type of LDAP authentication you will use. In this example, the user typed "1" to indicate that anonymous access will be allowed, so users will not be required to log in.
Enter the type of access : 1) Anonymous 2) Authenticated ? 1 You entered "1". Is this correct? (y/n) y
13
Option Enter WAS Admin User ID :
Description Enter the name of a user who is not present in your LDAP directory; this user will be the primary administrator for the IBM WebSphere Application Server. In this example, the user typed "wsadmin". Type the password associated with the WebSphere Application Server administrator account. Enter the name of a user who is not present in your LDAP directory; this user will be the primary administrator for the Lotus Sametime Advanced server. In this example, the user typed "stadvadmin". Type the password associated with the Lotus Sametime Advanced administrator account. Indicate whether you want to configure the SMTP server (used for mail) during installation.
Enter WAS Admin Password :
Enter Sametime Advanced Admin User ID :
Enter Sametime Advanced Admin Password : Do you want configure SMTP : 1) Yes 2) No ? 2 You entered "2". Is this correct? (y/n) y
Type a common password to be associated Creating required accounts... with all of the service accounts listed in the Enter the desired password for prompt, and then type it again to confirm. the following accounts: mqm, mqsi, db2adm1, db2inst1, db2fenc1 Password : Retype password :
14
Option Finally, you will see a series of messages as the installation proceeds: Changing password for user mqm. passwd: all authentication tokens updated successfully. Changing password for user mqsi. passwd: all authentication tokens updated successfully. Changing password for user db2adm1. passwd: all authentication tokens updated successfully. Changing password for user db2fenc1. passwd: all authentication tokens updated successfully. Changing password for user db2inst1. passwd: all authentication tokens updated successfully. Changing password for user db2fenc1. passwd: all authentication tokens updated successfully. Installing ApplianceWare ToolKit RPMs... Installing DB2 RPMs... Installing IBM HTTP Server RPMs... Installing IBM WebSphere Application Server ... Installing Webserver Plugin .. Installing WebSphere MQ... Creating WebSphere MQ queue manager... Starting WebSphere MQ... Configuring WebSphere MQ... Installing MQ Broker... Configuring DB2... Modifying /etc/hosts... Configuring Event Broker... Installing SCCS service Starting services... Installation Complete
Description
8. After installation is complete, you must activate the DB2 license: a. Open a command prompt. b. Run the following command to launch the DB2 Command window:
DB2CMD
c. In the DB2 Command window, navigate to the directory where you extracted the archive installer; for example: /opt/ApplianceWare/CD1/ DB2Activation/db2ese_o.lic. d. Activate the DB2 license by running the following command in the DB2 window:
db2licm -a db2ese_o.lic
e. Exit the DB2 Command window by running the following command:

EXIT
9. Finally, restart the server to ensure that the Broadcast tools are properly enabled.
15
Results If the installation fails at any point, the following logs will be created: v v v v /tmp/sccsInstall.log /tmp/stadv/logs/wizard_installlog.txt /tmp/stadv/logs/wizard_install_optional.log /opt/IBM/WebSphere/STAdvServer/logs/installlog.txt
Review the logs and correct any problems before uninstalling and beginning again. Installing Lotus Sametime Advanced on any supported platform: Run the IBM Lotus Sametime Advanced graphical installation program on any supported operating system to install and configure the application. This version of the installation program requires you to install and configure IBM WebSphere MQ and WebSphere Event Broker as part of your deployment. Before you begin Before proceeding, make sure you have installed and configured the following prerequisite applications: v IBM Lotus Sametime Standard v IBM DB2 Workgroup Server Edition In addition, you must already have a supported LDAP directory installed; you will be given the choice of configuring it during the installation or after installation completes. About this task To install Lotus Sametime Advanced on any supported platform, complete the following procedures in the sequence shown: Installing prerequisite components: Choose how to install prerequisite components. The prereqs installer runs on Microsoft Windows only to install and configure the components on a single computer, and is recommended only for pilots and demonstrations. You can install the individual components using one or more computers and any supported platforms, and customize the configuration and deployment. Before you begin Choose a method for installing the prerequisite components: Running the prerequisite installer on Windows: If you are installing IBM Lotus Sametime Advanced, you can use the prerequisite installer to quickly install the prerequisite components (IBM DB2 Enterprise Server Edition, IBM DB2 Net Search Extender, IBM WebSphere MQ, and IBM WebSphere Event Broker) on a single computer. This type of deployment is intended for pilots and demos only, and should not be used in a production environment.
16
Before you begin The prerequisite installer is intended for pilot and proof-of-concept use only. Installing all of these components on a single server is not recommended for a production environment because you will not be able to support a large number of users. Attention: The prerequisite installer installs versions of DB2, WebSphere MQ, and WebSphere Event Broker for use with release 8.0 of Lotus Sametime Advanced. About this task The prerequisite installer runs only on a Microsoft Windows server, installing the prerequisite components on a single computer using a default configuration. When you run the prerequisite installer, it completes the following operations in the sequence shown : 1. Installs DB2 Enterprise Server Edition 2. Installs DB2 Net Search Extender 3. Creates the Net Search Extender text search service 4. Creates and initializes the databases for Lotus Sametime Advanced and WebSphere Event Broker 5. Installs the Eclipse platform required by WebSphere MQ 6. Installs WebSphere MQ (application and fix pack) 7. Installs WebSphere Event Broker 8. Configures WebSphere Event Broker by running the configureEB script Run the prerequisite installer by completing the steps below: Procedure 1. Log in to your computer as the system administrator. 2. Download the prerequisite installer file, called STA8_PI.exe. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address:
www.ibm.com/support/docview.wss?rs=477&uid=swg24018149
3. Run the prerequisite installer with the following command:

STA8_PI.exe
Note: The actual file name for this part may be different on the CD than on Passport Advantage; the Download document lists the part number that is used as a file name on Passport Advantage. The prerequisite installer is a self-extracting zip; running STA8_PI.exe extracts all of the files needed for installing prerequisite components and then launches the installation program. 4. At the "WinZip - Self-Extractor" screen, click Setup. Once the files have been extracted, the installation program begins automatically, displaying its own screens (the extractor's dialog may still be visible, do not close it as it will continue running to remove temporary files after the installation is complete). 5. At the "Welcome" screen, click Next.
17
6. At the "Software License Agreement" screen, click I accept the terms of the license agreement, and then click Next. 7. At the "Specify your preferences for IBM DB2" screen, enter the following information, and then click Next:
Option Installation directory Description Accept the default location, type a new location, or click Browse to locate and select a directory. Type a user name for a new DB2 administrator; this account will be created during installation and assigned DB2 administrative privileges. Type a password to be assigned to the new DB2 administrator account. Retype the password to confirm it.
User ID
Password Confirm password
8. At the "Specify names to be used for the Sametime Advanced databases" screen, type names for the two databases that will be created during installation, and then click Next:
Option IBM Lotus Sametime Advanced Description Type a name consisting of up to 8 characters. The examples in this documentation use STADV for this database's name. Attention: Do not use the same name as the host name for this computer, as that would create conflicts. IBM WebSphere Event Broker Type a name consisting of up to 8 characters. The examples in this documentation use BRKRDB for this database's name.
9. At the "Click Next to install IBM WebSphere MQ" screen, you can accept the default location, type a new location, or click Browse to locate and select a directory before clicking Next. 10. At the "Click Next to install IBM WebSphere Event Broker" screen, you can accept the default location, type a new location, or click Browse to locate and select a directory before clicking Next. 11. At the "Enter the following values for use in configuring Event Broker" screen, enter the following information, and then click Next:
Option Fully qualified host name or IP address of this server Description Type either the fully qualified domain name (for example, stadv.acme.com) or the IP address of the computer where you are installing the prerequisite components. Type the Windows system administrator's user name. Type the password associated with that user name.
Existing Administrative User ID Administrative User Password
18
12. At the "The following products will be installed" screen, review the list of products and installation paths, and then confirm it by clicking Next to begin the installation. 13. At the "Installation of Lotus Sametime Advanced prerequisites is now complete" screen, click Finish to exit the installation program. The "WinZip Self-Extractor" removes temporary files; wait until that screen disappears to be sure the program has finished. 14. Now activate your DB2 license: a. Open a command prompt. b. Run the following command to launch the DB2 Command window:
DB2CMD
c. In the DB2 Command window, navigate to the folder where you chose to install the DB2 server in step 7, and then navigate to that folder's activation subfolder. During installation, a DB2 licensing file called db2ese_o.lic was stored in the activation subfolder; for example, C:\Program Files\IBM\SQLLIB\ activation. d. Run the following command in the DB2 environment:
Sample output
LIC1402I License added successfully. LIC1426I This product is now licensed for use as specified in the License Agreement and License Information documents pertaining to the licensed copy of this product. USE OF THE PRODUCT CONSTITUTES ACCEPTANCE OF THE TERMS OF THE IBM LICENSE AGREEMENT AND LICENSE INFORMATION DOCUMENTS, LOCATED IN THE FOLLOWING DIRECTORY: "C:\PROGRA~1\IBM\SQLLIB\license\en"

EXIT
What to do next The prerequisite components you just installed are intended for use with Lotus Sametime Advanced 8.0. Next, upgrade IBM WebSphere Event Broker to accommodate Lotus Sametime Advanced 8.0.1 by following these steps: 1. Download the WebSphere Event Broker update program as follows: a. Log in to Microsoft Windows as the system administrator. b. Download the update_stadv801_Eb.bat script from the SupportingFiles\EB-V60-image directory. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address:
2. Add the commons-httpclient-contrib-3.1.jar file to the CLASSPATH statement in the .profile of the user account that will start and stop the broker services (this enables that user to properly start the message flow and access the broker database): The CLASSPATH statement was formatted for readability here, but you should type it as one line. The new file appears at the end of the CLASSPATH statement:
existing_classpath_values ;%MQSIINSTALLPATH%\classes\AddBroker.jar ;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar
19
;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar
where %MQSIINSTALLPATH% is the absolute path to your WebSphere Event Broker install location; for example:
C:\Program Files\IBM\MQSI\6.0
3. Open the Broker Command Console and then stop the broker by running the following command (substitute the name of your own broker):
mqsistop BRKR_SCCS
Note: You must stop the broker before attempting to run the upgrade script in the next step. 4. Still in the Broker Command Console, navigate to the directory where you downloaded the upgrade script (for example: SupportingFiles\EB-v60-image\) and run the broker update script: Note: The command below has been formatted to fit for readability but you must type it all on a single line.
update_stadv801_EB.bat -stadvserver host_name - userid service_user_id -mqsiinstallpath EventBroker_installation_path
where: v -stadvserver host_name indicates the host name of the Lotus Sametime Advanced server. v -userid service_user_id indicates the ID used when you created the Broker Service. v -mqsiinstallpath EventBroker_installation_path indicates the path where you installed WebSphere Event Broker. For example:
update_stadv801_EB.bat -stadvserver sales3.acme.com -userid administrator -mqsiinstallpath C:\Program Files\IBM\MQSI\6.0
The script updates files as necessary and then restarts the broker. If the broker fails to start, you can start it manually as described in the topic, "Starting and Stopping WebSphere MQ and WebSphere Event Broker." 5. Restart the broker services as follows (substitute the name of your own broker in these commands): a. Stop the broker with the following command:
mqsistop BRKR_SCCS
b. Start the broker with the following command:

mqsistart BRKR_SCCS
c. Close the Broker Command Console. 6. Now verify that you have the right fix-pack level of WebSphere Event Broker: a. Open the Message Broker Command Console. b. Run the following command:
mqsiservice - v
This command displays information about your installation, including the fix pack; look for a line that specifies the product version. This example shows the correct product and fix pack:
BIP8996I: Version: 6003
c. If you do not have the correct fix pack (6.0.0.3) installed, you can download it from the following Web address:
20
http://www-1.ibm.com/support/docview.wss?uid=swg24013951
d. Now install the fix pack as explained in the Release Notes document posted on the same page. Now your prerequisite components are ready for use with Lotus Sametime Advanced 8.0.1. Installing prerequisite components on any supported platform: Before you begin installing IBM Lotus Sametime Advanced, you must install the IBM DB2 database management system and an IBM Lotus Sametime Standard server. Before you begin You will need these prerequisite components for any type of deployment; you will need one instance of each, although you may additionally need to install the IBM DB2 Client application on computers that require access to the database server. Installing the DB2 database management system: IBM DB2 is a database management system that stores information used by IBM Lotus Sametime Advanced. About this task Installing DB2 involves the following tasks: Installing DB2 Enterprise Server Edition: Install the IBM DB2 server software. Before you begin For IBM Lotus Sametime Advanced, you need to install IBM DB2 Enterprise Server Edition. About this task Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate DB2 package for your operating system, and extract the files. Note: You must also download the DB2 license file db2ese_o.lic, which you activate after installing the DB2 server; this file is stored with the DB2 package. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Install the DB2 server as explained in the DB2 information center at the following Web address:
http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp
In the information center, search for the following text to locate installation instructions: "Installing DB2 Servers".
21
4. Accept the default values and settings during DB2 installation. Note: When you create the DB2 administrative user account, the password that you assign to the account must satisfy your server operating system's requirements as well as any additional requirements imposed by your company. For information, see the Password Rules topic in the DB2 information center. 5. After installation is complete, you must activate the DB2 license: a. Open a command prompt. b. Run the following command to launch the DB2 Command window:
DB2CMD
c. In the DB2 Command window, navigate to the folder where you downloaded the DB2 license file. d. Run the following command in the DB2 environment:
Sample output for Windows


EXIT
Installing DB2 Net Search Extender: Install IBM DB2 Net Search Extender to support text retrieval by concurrent IBM Lotus Sametime Advanced users. Before you begin Make sure you have a DB2 server installed before you begin. About this task Install DB2 Net Search Extended on the DB2 server by following these steps: Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate DB2 Net Search Extender package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document atwww.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 3. Install DB2 Net Search Extender as explained in the DB2 information center at
publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp
In the information center, search for the following text to locate installation instructions: "Installing Net Search Extender". 4. Accept the default values and settings while installing Net Search Extender.
22
5. When installation is finished, start Net Search Extender by running the following command in the DB2 environment:
db2text start
What to do next Attention: DB2 Net Search Extender must be running to support Lotus Sametime Advanced operations. If you stop this service for any reason, be sure to restart it. To remove the need for manual restarts, you may want to set this service to start automatically: v AIX, Linux, Solaris: Add the text indexing service startup to the database startup script. v Windows: Set the "DB2EXT" service to "Automatic" in the Windows Services control panel. Creating the WebSphere Event Broker database: Use IBM DB2 to create a database for storing IBM WebSphere Event Broker data. Before you begin The WebSphere Event Broker database contains Broker-specific system configuration information that is added or modified whenever a broker is created or configured. You can define your own names for this database using 8 characters or less; in the examples presented in this documentation, the Event Broker database is named "BRKRDB". Procedure 1. Log in to the DB2 server as the DB2 Administrator (or as a user in the DB2ADMNS group). 2. Open a DB2 command window. For example, in Windows, click Start Programs IBM DB2 DB2COPY1 (default) Command Line Tools Command Window . 3. Run the following command to create the WebSphere Event Broker database (called "BRKRDB" in this documentation):
DB2 CREATE DATABASE database_name USING CODESET UTF-8 TERRITORY US
For example:
DB2 CREATE DATABASE BRKRDB USING CODESET UTF-8 TERRITORY US
Sample Output: DB20000I The CREATE DATABASE command completed successfully. Creating the Lotus Sametime Advanced database: Use IBM DB2 to create a database for storing IBM Lotus Sametime Advanced data. Before you begin The Lotus Sametime Advanced database requires a DB2 database to store information. In the examples presented in this documentation, the Lotus Sametime Advanced database is named STADV.
23
About this task Create the database directly on the DB2 server using the provided script. Procedure 1. Download the appropriate versions of the scripts for your operating system to the DB2 server. The scripts are stored in the \SupportingFile\DB2-image\db2-scripts directory within the Lotus Sametime Advanced software download; be sure to take all of the files for your operating system. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document atwww.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 2. Verify that you are working in DB2 as the DB2 Administrator (or as a user in the DB2ADMNS group). 3. (AIX, Linux, Solaris) Assign execute privileges to the createDb.sh file by running the following command:
chmod +x createDb.sh
4. In the DB2 environment, create the database by running the script as follows: AIX, Linux, Solaris
./createDb.sh database_name
Windows
createDb.bat database_name
where database_name is the name of the Lotus Sametime Advanced database (in this documentation, examples will use "STADV" as that database's name). For example:
./createDb.sh STADV
Attention: Do not use the same name as the host name for this computer, as that would create conflicts. This script creates the new database and sets up the schema and tables needed for Lotus Sametime Advanced. Creating text indexes for searching the Lotus Sametime Advanced database: Create indexes in an IBM DB2 database hosted on either Microsoft Windows or Linux. Before you begin You must have installed the IBM DB2 server software and DB2 Net Search Extender, then started those applications, created a database, and set up the database schema. The DB2 command window should still be open from the previous task (open it if necessary). About this task Note: If the indexes should become corrupted, you can safely rerun the dbtext script at any time without losing any existing data. Procedure 1. Download the appropriate version of the dbtext script for your operating system to the DB2 server.
24
This script is stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document at www.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 2. In the DB2 Command Window, run the following command to create the text indexes: AIX, Linux, Solaris
./dbtext.sh database_name
Windows
dbtext.bat database_name
where database_name is the name of the Lotus Sametime Advanced database ("STADV" in this documentation). If you see an error stating that "DB2TEXT" is not a recognized command, make sure that DB2 Net Search Extender has been installed and is running. 3. Once the script successfully completes, you can disconnect from the database with the following command:
DB2 DISCONNECT STADV
Sample output
DB20000I EXIT The SQL DISCONNECT command completed successfully.
4. Now type the following command in the DB2 Command Window: 5. Close the DB2 Command Window. Installing the DB2 client: If an application requires access to a remote IBM DB2 database, install the DB2 Client application and then catalog the remote database. Before you begin IBM WebSphere MQ and WebSphere Event Broker require a connection to the database used for storing messaging information (called "BRKRDB" in this documentation). If the BRKRDB database is on a remote server, you must install the DB2 client on the server hosting WebSphere MQ and WebSphere Event Broker, and then catalog the database from the client to ensure access. The Lotus Sametime Advanced server does not require the DB2 client, even when DB2 is hosted on a separate computer (because the use of JDBC type 4 drivers removes the need for a DB2 client to access the remote DB2 server). Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Install the DB2 client as explained in the DB2 information center at the following Web address:
25
In the information center, search for the following text to locate installation instructions: "Installing DB2 clients". 4. Accept default values and settings during installation. 5. When the installation is complete, catalog the DB2 database by running the following commands in the DB2 Command Window:
db2 catalog tcpip node node_name remote server_dns_name server server_port db2 catalog database database_name at node node_name
where: v node_name is any eight-character name you want to assign to the node, as in: myDB2svr (simply make up a name) v server_dns_name is the fully qualified domain name of the remote database server, as in: db2server.acme.com v server_port is the port on which DB2 is installed; this is normally port 50000 (Microsoft Windows) or 50001 (IBM AIX, Linux, and Sun Solaris) v database_name is the name of the database to be used for WebSphere Event Broker (BRKRDB in this documentation). Example:
db2 catalog tcpip node DBSRV remote sales.acme.com server 50000 db2 catalog db BRKRDB at node DBSRV
Note: If you catalog the database using an alias, that name must match the database name already used on the DB2 server. In the examples in this documentation, the database name is BRKRDB, so the alias name would also be BRKRDB. Installing WebSphere MQ: IBM WebSphere MQ provides messaging across multiple platforms, allowing independent applications on a distributed system to communicate with each other. Before you begin WebSphere MQ enables information packaged as messages to flow between different business applications. There are two ways in which WebSphere MQ can act on messages: v Message routing performs a defined set of operations on a message, applying them in a prescribed sequence, to route them from sender to recipient. v Message transformation modifies messages by changing, combining, adding, or removing data; for example to change the format to accommodate the recipient's requirements. About this task If you already installed WebSphere MQ, you do not have to install it again for a new Lotus Sametime Advanced deployment. If you uninstalled Lotus Sametime Advanced and are installing a newer version, you should have removed the broker services already and can simply configure them anew. Installing WebSphere MQ involves the following tasks: Installing the WebSphere MQ application: Install the IBM WebSphere MQ application to support messaging in your deployment.
26
About this task The procedure for installing the WebSphere MQ application varies with the operating system: Installing the WebSphere MQ application on AIX: Install the IBM WebSphere MQ application on IBM AIX. Before you begin You can install WebSphere MQ on the same computer that will host IBM Lotus Sametime Advanced, or on a different one; however, WebSphere MQ must be hosted on the same computer as WebSphere Event Broker, which you will install in a later task. About this task For information on installing WebSphere MQ, see the WebSphere MQ for AIX Quick Beginnings Guide at:
publibfp.boulder.ibm.com/epubs/pdf/amqaac08.pdf
The guide explains how to use SMIT or SMITTY (smitty install_latest) to install the following WebSphere MQ components v v v v v mqm.base.runtime mqm.base.samples mqm.base.sdk mqm.java.rte mqm.keyman.rte
v mqm.man.en_US.data v mqm.msg.en_US v mqm.server.rte The localized components may vary. Installing the WebSphere MQ application on Linux and Solaris: Install the IBM WebSphere MQ application on Linux or Solaris. Before you begin You can install WebSphere MQ on the same computer that will host IBM Lotus Sametime Advanced, or on a different one; however, WebSphere MQ must be hosted on the same computer as WebSphere Event Broker, which you will install in a later task. For additional information on installing WebSphere MQ, see the WebSphere Message Broker information center at:
http://publib.boulder.ibm.com/infocenter/wmqv6/v6r0/index.jsp
Search for the following text: "Installing a WebSphere MQ server".
27
About this task You can install WebSphere MQ on the same computer as IBM Lotus Sametime Advanced, or on a different machine. When you run the WebSphere MQ installer, it first verifies that its own prerequisite components are already installed on the server; if the requirements have not been met, you must install the components before you can install WebSphere MQ. Tip: For additional information on preparing the server and installing WebSphere MQ, review the "Quick Beginnings for operating_system > Server > Preparing to install" topic in the WebSphere MQ information center. Procedure 1. Log in to your computer as root. 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. Note: You will download the fix pack directly from the IBM Web site in the next task. 3. Set up user permissions for the broker services by doing the following: a. b. c. d. Create the mqsi user. Create the mqbrkrs group. Create the mqm group. Add the mqsi and root users to the mqbrkrs and mqm groups.
e. Add the local DB2 user account to the mqm and mqbrkrs groups. 4. Navigate to the directory where you stored the installation files. 5. Begin the installation by running the following command: ./mqlicense.sh . 6. At the "Software License Agreement" screen, read the license agreement and click Accept. 7. Install WebSphere MQ: AIX, Linux a. Run the following command to install the MQSeries Runtime application:
rpm -ivh MQSeriesRuntime-6.0.0-0.i386.rpm
b. Run the following command to install the MQSeries Java application:

rpm -ivh MQSeriesJava-6.0.0-0.i386.rpm
c. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setup the Default Configuration, click Next to skip that task and finish the installation without setting up the default configuration. Solaris a. Run the following command to install the MQ application:
pkgadd -d.
b. When presented with a list of available packages, type the number representing "mqm" package. c. When presented with the list of components, type the number representing MQ Series application, then type a comma as a separator before typing the number of the MQ Java application.
28
d. Type "y" if you are prompted with any questions. e. When you see the message indicating that installation is complete, type "q" to exit the installation program. Installing the WebSphere MQ application on Windows: Install the IBM WebSphere MQ application on Microsoft Windows. Before you begin You can install WebSphere MQ on the same computer that will host IBM Lotus Sametime Advanced, or on a different one; however, WebSphere MQ must be hosted on the same computer as WebSphere Event Broker, which you will install in a later task. For additional information on installing WebSphere MQ, see the WebSphere Message Broker information center at:
About this task You can install WebSphere MQ on the same computer as IBM Lotus Sametime Advanced, or on a different machine. If you take the defaults then typically, MQ installs to a path like this:
C:\Program Files\IBM\WebSphere MQ\Java\lib
When you run the WebSphere MQ installer, it first verifies that its own prerequisite components are already installed on the server; if the requirements have not been met, you must install the components before you can install WebSphere MQ. Tip: For additional information on preparing the server and installing WebSphere MQ, review the "Windows Quick Beginnings > Installing the WebSphere MQ Server > Preparing for server installation" topic in the WebSphere MQ information center. Procedure 1. Log in to your computer as the Microsoft Windows administrator. Attention: Logging in with an account other than the Administrator will prevent the mqsi user from being added to the Administrators groups, which will cause the configureEB script to fail in a later step. 2. Set up user permissions for the broker services by doing the following: a. Create the mqsi user. b. Add the mqsi user to the Windows "Administrators" group . c. Create the mqbrkrs group. d. Create the mqm group. e. Add the mqsi and Windows Administrator users to the mqbrkrs and mqm groups. f. Add the local DB2 user account to the mqm and mqbrkrs groups. 3. Download the appropriate installation package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.
29
Note: You will download the fix pack directly from the IBM Web site in the next task. 4. Navigate to the directory where you extracted the file and begin the installation by running the following command:
Setup.exe
5. At the "Welcome to the WebSphere MQ Launchpad" screen, click the Software Requirements button on the left. This initiates a check for any applications that must be in place before you can install WebSphere MQ. In particular, this will check for the existence of WebSphere Eclipse Platform and, if that application is not already installed, will give you a chance to install it now. 6. At the "Software Requirements for WebSphere MQ on Windows" screen, check the status of WebSphere Eclipse Platform. 7. Do one of the following: v If the requirements have all been satisfied, skip to Step 9. v Otherwise, continue to Step 8 and proceed from there. 8. If WebSphere Eclipse Platform is not already available on this computer, install it now as follows: a. Click the + next to "WebSphere Eclipse Platform Version 3.0.1" to display installation information. b. Click the Network button, then click Open and select setup.exe to begin installing WebSphere Eclipse Platform. c. At the "Select Setup Language" screen, select a language and click OK. The "WebSphere Eclipse Platform" splash screen displays as the installation process begins. d. At the "Welcome to the Installation Wizard for WebSphere Eclipse Platform" screen, click Next. e. At the "License Agreement" screen, click the option to accept the agreement, and then click Next. f. At the "Destination Folder" screen, accept the default destination for WebSphere Eclipse Platform files, and click Next. To select a different destination, click the Change button; when your destination is correctly specified, click Next. g. At the "Ready to Install WebSphere Eclipse Platform" screen, click Install. h. At the "Installing WebSphere Eclipse Platform" screen, wait for the installation process to complete. i. At the "Installation Wizard Completed Successfully" screen, click Finish. WebSphere Eclipse Platform is now installed on the server, and you are ready to install WebSphere MQ. j. Click the Refresh button to repeat the requirements check for WebSphere MQ. 9. When the "Software Requirements for WebSphere MQ on Windows" screen shows that all requirements have been satisfied, click the WebSphere MQ Installation button and install WebSphere MQ as follows: a. At the "WebSphere MQ Installation" screen, select a language, and then click 'Launch IBM WebSphere Installer. b. At the "License Agreement" screen, click the option to accept the agreement, and then click Next. c. At the "Setup Type" screen, click Typical to select a typical installation, and then click Next.
30
d. At the "Ready to Install WebSphere MQ" screen, review your settings; when you are ready to proceed, click Install. e. At the "Installing WebSphere MQ" screen, wait while the installer copies files and installs WebSphere MQ. f. At the "Installation Wizard Completed Successfully" screen, click Finish to exit the installation wizard. Once the basic WebSphere MQ installation is finished, the Prepare WebSphere MQ Wizard launches automatically. 10. Run the Prepare WebSphere MQ Wizard as follows: a. At the "Welcome to the Prepare WebSphere MQ Wizard" screen, click Next. b. At the "WebSphere MQ Network Configuration" screen, wait for configuration to complete, and then click Next. c. You will asked whether there is a Windows domain controller in the network. v If there is not, click No and skip to step 10e. v If there is a domain controller, click Yes and proceed to step 10d for another step. d. If the Windows administrator account that you logged in with belongs to a domain (DOMAIN/USER), then you may see a screen like this, prompting for additional information about the domain account. Unless the domain has imposed restrictions on local user accounts, you can simply click Cancel at this point, and consider your WebSphere MQ installation complete. Clicking the More Information button provides the following details to help you determine how to respond and complete this screen. When WebSphere MQ is running, it must check that only authorized users can access queue managers or queues. Whenever any user attempts such access, WebSphere MQ uses its own local account to query information about the user. Domain controllers that are running Windows 2000 Server, Windows 2003 Server, or later, can be set up in such a way that WebSphere MQ cannot use local accounts to check that users defined on those domains are authorized to access queue managers or queues. In this case, you must provide WebSphere MQ with a special domain user account to use. If you are unsure whether this case applies to you, you should consult your domain administrator. If a special domain user account is required, send the "Configuring Windows Accounts" page to your domain administrator, and ask for one of the special accounts it describes. Enter the account details into the Prepare WebSphere MQ Wizard. This wizard runs automatically at the end of installation; the wizard can also be run at any time from the Start menu. Restriction: If the special domain user account is required but you carry on anyway and configure WebSphere MQ without it, many or all parts of WebSphere MQ will not work, depending upon the particular user accounts involved. In particular, if you are currently logged on with a domain user account, you might not be able to complete the Default Configuration, and the Postcard and API Exerciser might not work. e. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setup the Default Configuration, click Next to skip that task and finish the installation without setting up the default configuration. At this point, the WebSphere MQ application is installed, and you are ready to install the accompanying fix pack in the next task.
31
Installing the WebSphere MQ fix pack: After installing the IBM WebSphere MQ application, install the fix pack to ensure the product is up-to-date. Before you begin After installing IBM WebSphere MQ, check the Lotus Sametime system requirements at the following Web address, and determine whether you need to install a fix pack:
www.ibm.com/support/docview.wss?&uid=swg27010738
Note: You must install the base application before you can update it with a fix pack. About this task The procedure for installing the WebSphere MQ fix pack varies with the operating system: Installing the WebSphere MQ fix pack on Linux and Solaris: Install the IBM WebSphere MQ fix pack to update the application to the necessary level for use IBM Lotus Sametime Advanced. Before you begin Make sure that the WebSphere MQ application has already been installed on the server. You do not have to configure WebSphere MQ before installing the fix pack. About this task Install the WebSphere MQ fix pack on the same computer where you installed the WebSphere MQ application. Procedure 1. Download the latest fix pack from the IBM site as follows: a. Open a browser and navigate to the following Web address to download the fix pack:
www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980
b. Scroll to the "Download package" table at the bottom of the page and select the appropriate fix pack for your operating system. c. At the "Terms and Conditions" screen, click I agree. You will now be redirected automatically to the IBM Support site, where you can download the fix pack. d. Sign in as prompted to access the download site. e. Review the Business Control, Privacy, and License; then click the I agree box. f. Now click I confirm at the bottom of the page. g. Select a download method and language, and download the fix pack. 2. Now install the fix pack as follows: a. Navigate to the directory where you stored the fix pack. b. Perform the product update by running the following command:
32
AIX, Linux
rpm -ivh MQSeriesRuntime-6.0.2-3.i386.rpm MQSeriesServer-fixpack_version.i386.rpm
Solaris
pkgadd -d fixpack_file_name.img
What to do next You do not need to configure WebSphere MQ right now because it will be configured for you when you run the script that configures WebSphere Event Broker in a later task. Installing the WebSphere MQ fix pack on Windows: Install the IBM WebSphere MQ fix pack to update the application to the necessary level for use IBM Lotus Sametime Advanced. About this task Install the WebSphere MQ fix pack on the same computer where you installed the WebSphere MQ application. Procedure 1. Download the latest fix pack from the IBM site as follows: a. Open a browser and navigate to the following Web address to download the fix pack:
http://www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980
b. Scroll to the "Download package" table at the bottom of the page and select the appropriate fix pack for your operating system. c. At the "Terms and Conditions" screen, click I agree. You will now be redirected automatically to the IBM Support site, where you can download the fix pack. d. Sign in as prompted to access the download site. e. Review the Business Control, Privacy, and License; then click the I agree box. f. Now click I confirm at the bottom of the page. g. Select a download method and language, and download the fix pack. 2. Now install the fix pack as follows: a. Navigate to the folder where you stored the fix pack. b. Start the fix pack installation by running the following file: WebSphereMQMDV_FPversion_EnUs.exe. c. At the "Welcome to the InstallShield Wizard for WebSphere MQ" screen, click Next. d. At the "Remove Installation Files" screen, click the first option (upack the files to a temporary location and then remove them after installation is complete), and then click Next. e. At the "Extracting Files" screen, wait. Wait some more. When the Next button is enabled, click it. f. Wait some more while the installer progresses through a series of screens such as the "Checking files" screen. g. At the "Click Install to begin installation" screen, you can accept the default installation location, or optionally select a new location. Then click Install.
33
h. Next, a series of screens appears while the fix pack installation process runs. Wait some more; do not click anything on these screens. i. At the "Fix Pack installation is complete" screen, click Finish. What to do next You do not need to configure WebSphere MQ right now because it will be configured for you when you run the script that configures WebSphere Event Broker in a later task. Installing WebSphere Event Broker: IBM WebSphere Event Broker extends the reach, scope, and scale of the WebSphere MQ infrastructure, enabling the secure and seamless interaction of enterprise applications with thousands of users. The centralized administration of distributed brokers provided by WebSphere Event Broker improves the flexibility, security, and routing of messaging. About this task You can install WebSphere Event Broker on the same computer as IBM Lotus Sametime Advanced, or on a different machine. Note that WebSphere Event Broker must be hosted on the same computer as WebSphere MQ so that the two applications can work together. Installing WebSphere Event Broker consists of the following tasks: Installing the WebSphere Event Broker application: IBM WebSphere Event Broker extends the reach, scope, and scale of the WebSphere MQ infrastructure, enabling the secure and seamless interaction of enterprise applications with thousands of users. The centralized administration of distributed brokers provided by WebSphere Event Broker improves the flexibility, security, and routing of messaging. About this task A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker, and the two applications must be installed on the same computer. This deployment can support only one broker for Lotus Sametime Advanced, which specifically looks for the broker on port 1506. In addition, these components require access to the DB2 database; if the database is hosted on a different computer, you must install the DB2 client application on the same computer as WebSphere MQ and WebSphere Event Broker. If you already installed WebSphere Event Broker, you do not have to install it again for a new Lotus Sametime Advanced deployment. If you uninstalled Lotus Sametime Advanced and are installing a newer version, you should have removed the broker services already and can simply configure them anew. The procedure for installing WebSphere Event Broker varies with the operating system on which it will be hosted: Installing the WebSphere Event Broker application on AIX, Linux, Solaris:
34
Install the IBM WebSphere Event Broker application on IBM AIX, Linux, or Solaris. Before you begin There are two prerequisites for installing WebSphere Event Broker: v You must install WebSphere Event Broker on the same computer where you install IBM WebSphere MQ; this is required for these components to function properly. v If you are not installing WebSphere Event Broker directly on the DB2 server, you must install a copy of the DB2 client on this computer, and then catalog the database that you created for WebSphere Event Broker (called "BRKRDB" in this documentation) from the DB2 client. About this task For additional information on installing WebSphere Event Broker, see the WebSphere Message Broker information center at:
http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp
Follow these steps to install WebSphere Event Broker: Procedure 1. Download and extract the WebSphere Event Broker installation program as follows: a. Log in to the server as root. b. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. Install WebSphere Event Broker as follows: a. Start the WebSphere Event Broker installer by navigating to the directory where you extracted the file and running the appropriate setup command: v AIX: ./setupaix v Linux: ./setuplinuxia32 v Solaris: ./setupsolaris The installation program begins by displaying the WebSphere Event Broker splash screen. b. At the "Welcome to the InstallShield Wizard for IBM WebSphere Event Broker" screen, click Next. c. At the "Software License Agreement" screen, click the option to accept the agreement, and then click Next. d. At the "Choose the setup type that best suits your needs" screen, click Typical, and then click Next. e. At the "IBM WebSphere Event Broker will be installed in the following location" screen, click Next. f. At the "Installing IBM WebSphere Event Broker" screen, please wait. g. At the "Would you like to launch a command console after the install wizard finishes?" screen, click the Yes option if you want to automatically launch the command console; then click Next.
35
h. At the "InstallShield Wizard has successfully installed WebSphere Event Broker" screen, click Finish. 3. Now verify that you have the right fix-pack level of WebSphere Event Broker: a. Open the Message Broker Command Console b. (Solaris only) Run the following set up command: AIX and Linux users should skip this step.
. /opt/IBM/mqsi/6.0/bin/mqsiprofile
c. Run the following command to display the MQ version:

mqsiservice - v
d. If you do not have the correct fix pack installed, you can download it from the IBM Web Site using the same method as you did for WebSphere MQ earlier. Download the Fix Pack (6.0.0.3) from the following Web address:
e. Now install the fix pack as explained in the Release Notes document posted on the same page. Installing the WebSphere Event Broker application on Windows: Install the IBM WebSphere Event Broker application on Microsoft Windows. Before you begin There are two prerequisites for installing WebSphere Event Broker: v You must install WebSphere Event Broker on the same computer where you install IBM WebSphere MQ; this is required for these components to function properly. v If you are not installing WebSphere Event Broker directly on the DB2 server, you must install a copy of the DB2 client on this computer, and then catalog the database that you created for WebSphere Event Broker (called "BRKRDB" in this documentation) from the DB2 client. About this task For additional information on installing WebSphere Event Broker, see the WebSphere Message Broker information center at:
Follow these steps to install WebSphere Event Broker: Procedure 1. Download and extract and the WebSphere Event Broker installation program as follows: a. Log in to Microsoft Windows as the system administrator. Attention: Logging in with an account other than the Administrator will prevent the mqsi user from being added to the Administrators groups, which will cause the configureEB script to fail in a later step.
36
b. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. Install WebSphere Event Broker as follows: a. Start the WebSphere Event Broker installer by navigating to the directory where you extracted the file and running the following command:
Setup.exe
The installation program begins by displaying the WebSphere Event Broker splash screen. b. At the "Welcome to the InstallShield Wizard for IBM WebSphere Event Broker" screen, click Next. c. At the "Software License Agreement" screen, click the option to accept the agreement, and then click Next. d. At the "Choose the setup type that best suits your needs" screen, click Typical, and then click Next. e. At the "IBM WebSphere Event Broker will be installed in the following location" screen, click Next. f. At the "Installing IBM WebSphere Event Broker" screen, please wait. g. At the "Would you like to launch a command console after the install wizard finishes?" screen, click the Yes option if you want to automatically launch the command console; then click Next. h. At the "InstallShield Wizard has successfully installed WebSphere Event Broker" screen, click Finish. 3. Now verify that you have the right fix-pack level of WebSphere Event Broker: a. Open the Message Broker Command Console b. Run the following command:
mqsiservice - v
d. Now install the fix pack as explained in the Release Notes document posted on the same page. Configuring WebSphere Event Broker: Configure IBM WebSphere Event Broker for your single-server IBM Lotus Sametime Advanced deployment. Before you begin Make sure you have installed the WebSphere Event Broker application before you attempt to configure it.
37
About this task The procedure for configuring WebSphere Event Broker varies with the operating system on which it is hosted: Configuring WebSphere Event Broker on AIX, Linux, Solaris: Configuring IBM WebSphere Event Broker for IBM Lotus Sametime Advanced by copying jar files to the classpath and then running a predefined script. About this task Configure WebSphere Event Broker on the computer where you installed it by logging in as a system administrator and completing the following procedures: Adding jar files to the classpath on AIX, Linux, Solaris: Copy required jar files to the classpath so they can be referenced during configuration of IBM WebSphere Event Broker on AIX, Linux, or Solaris. About this task Follow these steps to add supporting jar files to the system classpath. All of the jar files need to be available on the system classpath so that the event broker can be successfully configured for the real-time message flow on your server. In addition, the SametimePlusExits.jar file must be available on the system classpath to prevent runtime errors when the event broker is started. Procedure Add the following statements to the .profile of the user account that will start and stop the broker services (this adds jars to the classpath and enables that user to properly start the message flow and access the broker database): AIX, Linux Note: The CLASSPATH statement was formatted for readability here, but you must type it as a single line.
export CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/AddBroker.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-codec-1.3.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-3.1.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-logging-1.1.jar if [ -f /home/db2inst1/sqllib/db2profile ]; then . /home/db2inst1/sqllib/db2profile fi
where mqsi_install_path is the absolute path to your WebSphere Event Broker install location; for example: Solaris
CLASSPATH=mqsi_install_path/classes/SametimePlusExits.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/AddBroker.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-codec-1.3.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-3.1.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-logging-1.1.jar
38
export CLASSPATH if [ -f /home/db2inst1/sqllib/db2profile ]; then . /home/db2inst1/sqllib/db2profile fi
where mqsi_install_path is the absolute path to your WebSphere Event Broker install location; for example:
/opt/ibm/mqsi/6.0
Running the configureEB script on AIX, Linux, Solaris: Configure IBM WebSphere Event Broker services on Microsoft Windows by running the provided script. Before you begin After installing WebSphere Event Broker, run the configureEB.sh configuration script for your operating system. About this task The configureEB script completes the following tasks: v Removes any stuck deployment requests on the configuration manager v Deletes the configuration manager v v v v v Deletes the event broker Removes the listener Removes the queue manager Creates the queue manager Creates the listener
v Creates the event broker v Creates the configuration manager v Configures broker security v v v v Runs the AddBroker configuration Deploys the BAR file Starts the message flow Starts the queue manager, the broker services, and the configuration manager
Procedure 1. Download the configureEB.sh script to the server. This script is stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. If a message queue is running (sccs.queue.manager or anything configured to use port 1414), end it (or delete it) before proceeding. 3. Run the configuration script with the following command (type the entire command on one line):
ConfigureEB.sh -hostname host _name -userid admin_name -userpassword admin_password -dbusername database_username -dbpassword database_password -dbname database_name -dbinstallpath sqllib_directory -stadvserver sametime_advanced_server
39
where: v host_name is the fully qualified host name or IP address of the current server (where WebSphere Event Broker is installed) v admin_name is the local system account ('mqsi' in this documentation) that will be used to run the event broker and configuration manager's services. It is assumed this user is a member of the 'mqbrkrs' group. v admin_password is the password for the admin_name account v database_username is the user ID of an IBM DB2 database administrator who can access the database used by WebSphere Event Broker v database_password is the password for the database_username account v database_name is the name of the DB2 database used for storing WebSphere Event Broker data (in this documentation, BRKRDB) v sqllib_directory is the full path to the sqllib directory (where the DB2 server or client is installed) v sametime_advanced_server is the host name of the server where Lotus Sametime Advanced is installed For example (remember to type the entire command on one line):
ConfigureEB.sh -hostname myhost.acme.com -userid mqsi -userpassword p@ssword -dbusername db2admin -dbpassword passw0rd -dbname BRKRDB -dbinstallpath /home/db2inst1/sqllib -stadvserver sales3.acme.com
4. Increase the limit on the number of files that can be open at the same time: v AIX Edit the /etc/system/limit file and add the following settings:
root: nofiles=10000 mqm: nofiles=10000 mqsi: nofiles=10000
v Linux Edit the /etc/security/limits.conf file and add the following settings:
mqm mqm mqsi mqsi root root soft hard soft hard soft hard nofile nofile nofile nofile nofile nofile 50000 50000 50000 50000 50000 50000
v Solaris Edit the /etc/system file and add the following settings:
set rlim_fd_max = 10000 set rlim_fd_cur=10000
5. Restart the server. Parameters for the configureEB script on AIX, Linux, Solaris: The configureEB.sh script uses both required and optional parameters. You can display the list of arguments for the script by running the following command on an IBM AIX, Linux, or Solaris server:
ConfigureEB.sh -help
40
System output
################ REQUIRED COMMANDS ################ -hostname : -userid : The resolvable hostname or IP address for this system The local system account mqsi that will be used to run the event broker and configuration managers services. It is assumed that user mqsi is a member of the mqbrkrs group. -userpassword : The password for the -userid account. -dbusername : The name of the DB2 database administrator who can access the database used by the event broker. -dbpassword : The password for the -dbusername account. -dbname : The name of the database used by event broker. -dbinstallpath : The absolute path to the DB2 instance owners sqllib directory. Example: /home/db2inst1/sqllib -stadvserver : The hostname of the Sametime Advanced server the event broker will connect to. ################ OPTIONAL COMMANDS ################ It is recommended that the default values be used for the following. If for some reason the default settings are causing problems, the settings can be modified using the below flags: -silent : -javahome : Do not prompt for user input. If java is not on your classpath, use this flag to tell the script where java can be found on your system. -listenerport : The port used when defining the listener on the queue manager, default is 1414. -qmgrname : The name of the queue manager to create, default is sccs.queue.manager -brokername : The name of the event broker instance to create, default is BRKR_SCCS -configmgrname : The name of the configuration manager instance to create, default is CMGR_SCCS -executiongroup : The name of the execution group to create on the broker, default is default
Note: In the script, the event broker is configured to listen on port 1506; this port is not provided as a parameter because it cannot be changed:
#Set the Event Broker server port here com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506
Configuring WebSphere Event Broker on Windows: Configuring IBM WebSphere Event Broker for IBM Lotus Sametime Advanced by copying jar files to the classpath and then running a predefined script. About this task Configure WebSphere Event Broker on the computer where you installed it by logging in as a system administrator and completing the following procedures: Adding jar files to the classpath on Windows: Copy required jar files to the classpath so they can be referenced during configuration of IBM WebSphere Event Broker on Microsoft Windows.
41
About this task Follow these steps to add supporting jar files to the system classpath. All of the jar files need to be available on the system classpath so that the event broker can be successfully configured for the real-time message flow on your server. In addition, the SametimePlusExits.jar file must be available on the system classpath to prevent runtime errors when the event broker is started. Procedure 1. Log on to the server as the Windows system administrator. 2. Add the following files to the CLASSPATH, keeping the statement on one line: List of files: v SametimePlusExits.jar v AddBroker.jar v commons-codec-1.3.jar v commons-httpclient-3.1.jar v commons-httpclient-contrib-3.1.jar v commons-logging-1.1.jar How they look on the CLASSPATH (this was formatted for readability, your CLASSPATH statement must be formatted as one line):
existing_classpath_values ;%MQSIINSTALLPATH%\classes\AddBroker.jar ;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar ;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar
Note: These jar files do not exist in the classes directory yet, when you run the configureEB.bat script in the next task; the files will be copied to your server for use during configuration. 3. Restart the server so these changes take effect before you configure WebSphere Event Broker. Running the configureEB script on Windows: Configure IBM WebSphere Event Broker services on Microsoft Windows by running the provided script. Before you begin After installing WebSphere Event Broker and adding the jar files to the CLASSPATH statement, run the configureEB.bat configuration script. About this task The script completes the following tasks: v Removes any stuck deployment requests on the configuration manager v Deletes the configuration manager v Deletes the event broker
42
v v v v v v v v v v v
Removes the listener Removes the queue manager Creates the queue manager Creates the listener (on port 1414 by default) Creates the event broker Creates the configuration manager Configures broker security Runs the AddBroker configuration Deploys the BAR file Starts the message flow Starts the queue manager, the broker services, and the configuration manager
Procedure 1. Download the configureEB.bat script to the server. This script is stored in the \SupportingFiles\EB-V60-image directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. Open the configureEB.bat file with a text editor. a. Find the following line: b. Replace it with this line: c. Save the configureEB.bat file. 3. If a message queue is running (sccs.queue.manager or anything configured to use port 1414), end it (or delete it) before proceeding. 4. Add the mqsi user to the Administrators Group of the server. a. Click Start Settings Control Panel Users and Passwords. b. In the Users and Passwords dialog box, click Add. c. In the Add New User dialog box, type the user name and domain user ('mqsi' in this documentation), or browse the network for the user, then click Next. d. Select the level of access for the mqsi user. For Administrator access, select Other, then select Administrator from the drop-down menu and click Finish. The mqsi user with local Administrator access appears in the list. 5. Open a command prompt, navigate to the directory where you downloaded the script, and run the following command (type the entire command on one line):
ConfigureEB.bat -hostname host_name -userid user_name -userpassword user_password -dbinstallpath "sqllib_directory" -dbusername database_username -dbpassword database_password -dbname database_name -mqsiinstallpath "MQSI_install_path" -stadvserver sametime_advanced_server
call mqsideploy -m -i %HOSTNAME% -q %QUEUEMGRNAME% -p %LISTENERPORT% -b %EBRKRNAME% -e %EXE
call mqsideploy -m -i %HOSTNAME% -q %QUEUEMGRNAME% -p %LISTENERPORT% -b %EBRKRNAME% -e %EXE
where: v host_name is the fully qualified host name or IP address of the current server (where WebSphere Event Broker is installed) v user_name is the user ID of the local system account (or domain account) that will be used to run the broker services in Windows (user 'mqsi' in this documentation)
43
v user_password is the password for the admin_name account v sqllib_directory is the full path to the "C:\Program Files\IBM\SQLLIB" directory (where the DB2 server or client is installed) enclosed in quotation marks as shown v database_username is the user ID of an IBM DB2 database administrator who can access the database used by WebSphere Event Broker v database_password is the password for the database_username account v database_name is the name of the DB2 database used for storing WebSphere Event Broker data (in this documentation, BRKRDB) v MQSI_install_path is the path to the root of the WebSphere Event Broker installation (by default, "C:\Program Files\IBM\MQSI\6.0" enclosed in quotation marks as shown v sametime_advanced_server is the host name of the server where Lotus Sametime Advanced is installed This script starts the queue manager, the broker services, and the configuration manager. Example For example (remember to type the entire command on one line):
ConfigureEB.bat -hostname sales3.acme.com -userid mqsi -userpassword p@ssword -dbinstallpath "C:\Program Files\IBM\SQLLIB" -dbusername db2admin -dbpassword passw0rd -dbname BRKRDB -mqsiinstallpath "C:\Program Files\IBM\MQSI\6.0" -stadvserver sales3.acme.com
Parameters for the configureEB script on Windows: The configureEB.bat script uses both required and optional parameters. When working on a Microsoft Windows server, you can display the list of arguments by running the following command:
ConfigureEB.bat -help
System output
################ REQUIRED COMMANDS ################ -hostname : -userid : The resolvable hostname or IP address for this system The local system account (or domain account) that will be used to run the event broker (user mqsi) and configuration managers windows services. -userpassword : The password for the -userid account. -dbinstallpath : The long path name to the directory where DB2 is intalled. Default: C:\Program Files\IBM\SQLLIB -dbusername : The name of the DB2 database administrator who can access the database used by the event broker. -dbpassword : The password for the -dbusername account. -dbname : The name of the database used by event broker. -mqsiinstallpath : The long path name to the directory where MQSI components are installed. Default is C:\Program Files\IBM\MQSI\6.0 -stadvserver : The resolvable hostname of the Sametime Advanced server ################ OPTIONAL COMMANDS ################
44
It is recommended that the default values be used for the following. If for some reason the default settings are causing problems, the settings can be modified using the below flags: -silent : -javahome : Do not prompt for user input If java is not on your classpath, use this flag to tell the script where java can be found on your system. -listenerport : The port used when defining the listener on the queue manager, default is 1414. -qmgrname : The name of the queue manager to create, default is sccs.queue.manager -brokername : The name of the event broker instance to create, default is BRKR_SCCS -configmgrname : The name of the configuration manager instance to create, default is CMGR_SCCS -executiongroup : The name of the execution group to create on the broker, default is default
Note: In the script, the event broker is configured to listen on port 1506; this port is not provided as a parameter because it cannot be changed in the current release:
#Set the Event Broker server port here com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506
Installing the Lotus Sametime Advanced application: Install, configure, and verify IBM Lotus Sametime Advanced on a single server. Before you begin Installing and configuring Lotus Sametime Advanced requires completing the following tasks: Choosing a method for installing the Lotus Sametime Advanced application: There are several ways you can install the IBM Lotus Sametime Advanced application. Before you begin Choose a method for installing the Lotus Sametime Advanced application software on a single server: Running the graphical installer for Lotus Sametime Advanced: After you have installed all the prerequisite components, install the IBM Lotus Sametime Advanced application using the graphical interface. Running the graphical installation program: Before you begin Verify that you have installed and configured the following components before you begin installing Lotus Sametime Advanced: v A supported LDAP directory (see the IBM Lotus Sametime Advanced Requirements for the list of supported products) v IBM Lotus Sametime Standard v IBM DB2 Workgroup Server Edition v IBM WebSphere MQ v IBM WebSphere Event Broker
45
About this task Follow these steps to install Lotus Sametime Advanced using the "Single server (Primary node for Network Deployment)" option. Procedure 1. (Linux RHEL only) Disable SELinux on any RedHat operating system: a. Log in as root on the Linux RedHat server where you will install Lotus Sametime Advanced. b. Open the /etc/selinux/config file for editing. c. Locate the SELINUX setting. d. Change its value to either disable or permissive. e. Save and close the file. f. Restart the Linux server. 2. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 3. Download the appropriate packages for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. You will need to download packages for the following products onto this server: v WebSphere Application Server 6.1.0.13 v Lotus Sametime Advanced 4. Extract the files for WebSphere Application Server so they can be used by the Lotus Sametime Advanced installer. 5. Navigate to the folder where you stored the downloaded files for Lotus Sametime Advanced and start the installation program by running one of the following commands: v AIX, Linux, Solaris
./install.sh
v Windows
install.bat
6. At the "Select a language" prompt, select English and then click OK. 7. At the "Welcome" screen, click Next. 8. At the "license agreement" screen, click the I accept both the IBM and the non-IBM terms option, and then click Next. 9. At the "type of installation" screen, select Single server (Primary node for Network Deployment) and then click Next. 10. At the "root path to the installation files for WebSphere Application Server" screen, enter the path to the folder where you extracted the IBM WebSphere Application Server files, and then click Next. 11. At the "To install WebSphere Application Server in this location" screen, enter the path to where you want to install WebSphere Application Server, and click Next. 12. At the "Create the administrative user ID and password for the WebSphere Application Server" screen, enter the WebSphere Application Server administrator name and password.
46
The WebSphere Application Server administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as wasadmin. 13. At the "Create the administrative user ID and password for the Web based administration of the Sametime Advanced Server" screen, enter the Lotus Sametime Advanced Administrator user name and password. The Lotus Sametime Advanced Administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as stadvadmin. This user can be switched to an LDAP-based user ID after installation is finished. 14. At the "Enter the properties for this instance of Sametime Advanced Server" screen, the Cell, Node, and Host name fields are pre-populated; make changes as appropriate. 15. At the "To install Sametime Advanced server in this location" screen, provide a location for the configuration and log files needed for the Lotus Sametime Advanced server installation. The files in this folder are related to installation and configuration, and will not affect the functioning of the server once the installation is finished. 16. At the "DB2 properties" screen, provide the following properties for the IBM DB2 server:
Option Host name Port Database Name Description Host name of the database server Port on which the database server is listening; this is normally port 50000. Name of the IBM DB2 database that you created for Lotus Sametime Advanced (for example, STADV ) The DB2 Administrator user name used to connect to the database The password for the DB2 Administrator account.
Application user ID Application Password
17. At the "Sametime Server Properties" screen, provide the host name and the HTTP port on the Lotus Sametime Standard server, from which you can download the files required for supporting the awareness feature (the default is port 80). Note: If you leave these fields empty, your Lotus Sametime Advanced deployment will be configured without a Lotus Sametime Standard server and will not have access to certain features. 18. At the "SMTP Messaging Server" screen, click the checkbox if you want to use an SMTP server with Lotus Sametime Advanced (for example, for notifications to members of a Persistent Chat Room), and then click Next. If you do not want to configure the SMTP settings now, leave the checkbox unselected and click Next. The Lotus Sametime Advanced Server will still be functional. 19. At the "SMTP Messaging Server Properties" screen, provide the following SMTP server properties:
Option Host name Description The host name of the SMTP transport server.
47
Option User name, Password
Description The user name and password are only needed if your SMTP server requires them for authentication before sending e-mail. If necessary, you can change these values later using the Integrated Solutions Console. (Optional) Type the e-mail address to be used as the "From" address when sending notifications. If your SMTP server is configured to use SSL for outgoing messages, click Yes (port 465 is used by default for encrypted traffic); otherwise click No (port 25 is used by default for unencrypted traffic).
E-mail address
Do you want to encrypt outgoing traffic using SSL?
20. At the "IBM WebSphere Messaging Broker Properties" screen, provide the fully qualified hostname of the WebSphere Message Broker Server, and then click Next. 21. At the "LDAP Configuration" screen, select whether to configure Lotus Sametime Advanced to work with your LDAP directory now, or after the installation is finished, and then click Next: v Configure LDAP Now: continue with step 21. v Configure LDAP after the installation: skip to step 24. 22. Do one of the following: Note: Lotus Sametime Advanced must use the same LDAP server/directory as the Lotus Sametime Standard server. v If an LDAP directory is found, the "LDAP Server Connection" screen allows you to either select that LDAP or specify another before clicking Next: v If no LDAP directory was found, the "LDAP Server Connection" screen instead allows you to provide the LDAP server Host name and Port before clicking Next. 23. Choose the type of binding to use with your LDAP server and, if necessary, provide credentials for authenticated binding (the Bind distinguished name and the associated password); then click Next. The type of binding used to connect to your LDAP server is determined by the settings in the LDAP directory. If anonymous access is allowed, you see the "LDAP Anonymous Bind Allowed" screen.If anonymous access is not allowed, the "LDAP Authenticated Bind Required" screen appears. 24. At the "LDAP Settings for People and Group Entries" screen, fill in information about the LDAP fields used for authentication:
Option Detected root DN Description If a root distinguished name is detected, it will be displayed here and you can either select it, or enter a different value in the next field.
48
Option Base distinguished name
Description If you selected a detected root DN, leave this field blank; otherwise, type the name of the field used as the Base DN in your LDAP. The Base DN (base distinguished name) indicates the level at which searches begin in the LDAP. Note: If you use IBM Lotus Domino as your LDAP directory, you should specify a base distinguished name now to avoid problems later when enabling SSO and awareness. Type the name of the field in the LDAP directory that will be used for authentication when a user logs in. This is frequently the LDAP's mail field. Only one attribute should be entered in the Log in field when you install a Lotus Sametime Advanced server. Type the name of the field in the LDAP directory that will be used as the Display Name. This is frequently the cn field.
Log in
Display name
25. At the "The IBM Lotus Sametime Advanced Server is ready to install" screen, review the settings, then click Install to start the installation. Results Note: If the installation was not successful, look at the two installation logs for more information about what occurred during the installation attempt. Fix the problem, then try installing again. v ST_Advanced_Install_Location/logs/installlog.txt v Temp/stadv/logs/wizard_installlog.txt You will need to find the default Temp location for your operating system. For example, for Windows, it is
C:\Documents and Settings\Administrator\Local Settings\Temp
Installing Lotus Sametime Advanced from the console on any supported platform: Use the console to install and configure IBM Lotus Sametime Advanced. About this task Follow these steps to install Lotus Sametime Advanced as a single-server deployment from the console:. Procedure 1. (Linux RHEL only) Disable SELinux on any RedHat operating system: a. Log in as root on the Linux RedHat server where you will install Lotus Sametime Advanced. b. Open the /etc/selinux/config file for editing. c. Locate the SELINUX setting. d. Change its value to either disable or permissive. e. Save and close the file.
49
f. Restart the Linux server. 2. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 3. Navigate to the folder where you stored downloaded files for Lotus Sametime Advanced, and start the installation program by running one of the following commands: v AIX, Linux, Solaris
./install.sh -console
v Windows
install.bat -console
The console installer begins. As the installer runs, you will be prompted to enter information about your deployment, as explained in the remaining steps. 4. At the "Select a language" prompt, type the number that represents the language you want the console installer to use (for example, type "1" for English), and then press Enter. Note: Always press the Enter key after typing a value. Pressing Enter without typing a value accepts the default value indicated in [ ] At the "license agreement" screen, type "1" to accept the agreement and begin the installation. You cannot proceed with the installation until you accept license agreement. At the "type of installation" screen, indicate the type of installation you want by typing the corresponding number. At the "Enter the root path to the installation files for WebSphere Application Server." screen, enter the path to the folder where you extracted the IBM WebSphere Application Server files. At the "To install WebSphere Application Server in this location" screen, type "1" to accept that location. At the "Create the administrative user ID and password for the WebSphere Application Server" screen, do the following: a. Type the WebSphere Application Server administrator name. The WebSphere Application Server administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as wasadmin. b. Type the password for the administrator account. c. Confirm the password by typing it again. d. Indicate whether to use this same account for Web-based administration of the Lotus Sametime Advanced server by typing "Yes" or "No". The default value is "No". e. Type "1" to proceed to the next screen. If you typed "Yes" to use the same account, skip to step 12; if you typed "No" then proceed with step 11. 10. At the "Create the administrative user ID and password for the Web based administration of the Sametime Advanced Server" screen, do the following: a. Type the Lotus Sametime Advanced Administrator user name. The Lotus Sametime Advanced Administrator user will be created inside the WebSphere Application Server file-based repository. The user name can
5.
6. 7.
8. 9.
50
be a common name, such as stadvadmin. This user can be switched to an LDAP-based user ID after installation is finished. b. Type the password for the administrator account. c. Confirm the password by typing it again. d. Type "1" to proceed to the next screen. 11. At the "Enter the properties for this instance of Sametime Advanced Server" screen, the Cell, Node, and Host name fields are pre-populated; make changes as appropriate before typing "1" to proceed to the next screen. 12. At the "To install Sametime Advanced server in this location" screen, edit the location if needed before typing "1" to accept the location and proceed to the next screen. The files in this folder are related to installation and configuration, and will not affect the functioning of the server once the installation is finished. 13. At the "DB2 properties" screen, provide the following properties for the IBM DB2 server and then type "1" to proceed to the next screen:
14. At the Specify the Sametime server hostname and port" screen, type the host name and the HTTP port (on the Lotus Sametime Standard server) from which you can download the files required for supporting the awareness feature (the default is port 80), and then type "1" to proceed to the next screen. Note: If you leave these fields empty, your Lotus Sametime Advanced deployment will be configured without a Lotus Sametime Standard server and will not have access to certain features. 15. At the "SMTP Messaging Server" screen, type "1" if you want to use an SMTP server with Lotus Sametime Advanced (for example, for notifications to members of a Persistent Chat Room); otherwise type "0" (your deployment will still function) to skip this step. 16. At the "SMTP Messaging Server Properties" screen, provide the following SMTP server properties before typing "1" to proceed to the next screen:
Option Host name User ID, Password Description The host name of the SMTP transport server. The user name and password are only needed if your SMTP server requires them for authentication before sending e-mail. If necessary, you can change these values later using the Integrated Solutions Console.
51
Option Do you want to encrypt outgoing traffic using SSL?
Description If your SMTP server is configured to use SSL for outgoing messages, type "2" (Yes) ; otherwise type "1" (No); the default value us No. Type the port number to use for SMTP traffic: port 465 is used by default for encrypted traffic (if you chose to use SSL); port 25 is used by default for unencrypted traffic. (Optional) Type the e-mail address to be used as the "From" address when sending notifications.
Port
SMTP e-mail address
17. At the "IBM WebSphere Messaging Broker Properties" screen, type the fully qualified host name of the WebSphere Message Broker Server, and then type "1" to proceed to the next screen. 18. At the "Configure LDAP Now" (LDAP configuration) screen, type "1" to configure Lotus Sametime Advanced to work with your LDAP directory now, or "2" to configure it after the installation is finished, and then type "1" to proceed to the next screen. v If you chose to Configure LDAP Now: continue with step 20. v If instead you chose to Configure LDAP after the installation: skip to step 23. 19. At the "LDAP Server Connection" screen, type the host name and port for the LDAP server, and then type "1" to proceed to the next screen, If the LDAP server was detected, the existing values are supplies for you; accept them or modify them now. Note: Lotus Sametime Advanced must use the same LDAP server/directory as the Lotus Sametime Standard server. The type of binding used to connect to your LDAP server is determined by the settings in the LDAP directory. If anonymous access is allowed, you see the "LDAP Anonymous Bind Allowed" screen; otherwise the "LDAP Authenticated Bind Required" screen appears. 20. Do one of the following: v If the "Anonymous Access Allowed" screen appears, choose whether to accept it by typing "1" to allow Anonymous access or "2" to require Authenticated access; then type "1" to proceed to the next screen. v If the "Authenticated Access Required" screen appears, type the credentials to be used for authenticated binding (the Bind distinguished name and the associated password), then type "1" to proceed to the next screen. 21. At the "Choose one of the detected root distinguished names" screen, type the number corresponding to the correct root DN, and then type "1" to proceed to the next screen. 22. At the "Login field" screen, do the following: a. Type the name of the field in the LDAP directory that will be used for authentication when a user logs in. This is frequently the LDAP's "mail" field. If your deployment's Lotus Sametime Standard server requires users to log in, this field must match that setting (found in the stconfig.nsf database).
52
b. Type the name of the field in the LDAP directory that will be used as the Display Name. This is frequently the "cn" field. c. Type "1" to proceed to the next screen. 23. At the summary screen, verify your settings and then type "1" to proceed with the installation. Results Note: If the installation was not successful, look at the two installation logs for more information about what occurred during the installation attempt. Fix the problem, then try installing again. v ST_Advanced_Install_Location/logs/installlog.txt v Temp/stadv/logs/wizard_installlog.txt You will need to find the default Temp location for your operating system. For example, for Windows, it is
Installing Lotus Sametime Advanced silently on any supported platform: Install and complete basic configuration for IBM Lotus Sametime Advanced silently. Before you begin Verify that you have installed and configured the following components before you begin installing Lotus Sametime Advanced: v A supported LDAP directory (see the IBM Lotus Sametime Advanced Requirements for the list of supported products) v IBM Lotus Sametime Standard v IBM DB2 Workgroup Server Edition v IBM WebSphere MQ v IBM WebSphere Event Broker About this task Follow these steps to install Lotus Sametime Advanced silently using the response file to provide installation parameters: Procedure 1. (Linux RHEL only) Disable SELinux on any RedHat operating system: a. Log in as root on the Linux RedHat server where you will install Lotus Sametime Advanced. b. c. d. e. f. Open the /etc/selinux/config file for editing. Locate the SELINUX setting. Change its value to either disable or permissive. Save and close the file. Restart the Linux server.
2. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris).
53
3. Download the appropriate packages for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. In addition to the silent-install's response file STAdvanced_Install.rsp, you will need to download packages for the following products onto this server: v WebSphere Application Server 6.1.0.13 v Lotus Sametime Advanced 4. Extract the files for WebSphere Application Server so they can be used by the Lotus Sametime Advanced installer. 5. Navigate to the dist directory below the directory where you stored the downloaded files for Lotus Sametime Advanced and modify the STAdvanced_Install.rsp response file as follows: v Each parameter is preceded with a comment section that provides examples to follow; for each parameter, edit the uncommented statement to enter your response value. For example:
############################################################ # # Has the license been accepted # # The license must be accepted before installation so this # value must be true for the install to be successful. # Example: -V licenseAccepted=true # -V licenseAccepted=true
v Be careful with values containing special symbols such as = and @ For example, the LDAPBindDN and BaseDN. fields contain both of these symbols and use the format: LDAPBindDN="cn@root" and BaseDN=" dc@acem,dc@com" 6. Start the silent install program by running one of the following commands, specifying the absolute path to the response file as well as the "-silent" argument: v AIX, Linux, Solaris
./install.sh STAdv_download_folder/STAdvanced_Install.rsp -silent
For example:
-options /opt/CD1/dist/STAdvanced_Install.rsp -silent
v Windows
install.bat -options STAdv_download_folder\STAdvanced_Install.rsp -silent
For example:
install.bat -options C:\CD1dist\STAdvanced_Install.rsp -silent
Results Note: If the installation was not successful, look at the two installation logs for more information about what occurred during the installation attempt. Fix the problem, then try installing again. v ST_Advanced_Install_Location/logs/installlog.txt v Temp/stadv/logs/wizard_installlog.txt
54
You will need to find the default Temp location for your operating system. For example, for Windows, it is
Verifying the Lotus Sametime Advanced installation: Verify that your IBM Lotus Sametime Advanced application, as well as its required components, has been successfully installed. About this task The procedure for verifying the installation varies depending on the operating system that hosts Lotus Sametime Advanced: Verifying the Lotus Sametime Advanced installation on AIX, Linux, Solaris: Verify that your IBM Lotus Sametime Advanced application has been successfully installed on IBM AIX, Linux, or Solaris. About this task Verify the installation by connecting to Lotus Sametime Advanced from a browser. Procedure On any computer in the deployment, open a browser and verify that Lotus Sametime Advanced is running by logging in with a user account from the LDAP directory. The Web address will resemble the one below, but the host name and port will depend upon your own deployment:
http://hostname_or_IPaddress:9080/stadvanced
For example:
http://stadv.acme.com:9080/stadvanced
Verifying the Lotus Sametime Advanced installation on Windows: Verify that your IBM Lotus Sametime Advanced application, as well as its required components, has been successfully installed on Microsoft Windows. About this task Verify the installation by making sure that IBM WebSphere MQ, WebSphere Event Broker, IBM DB2, and Lotus Sametime Advanced are all running: Procedure 1. On the server hosting WebSphere MQ and WebSphere Event Broker, click Start Control Panel Administrative Tools Services and use the Windows Services console to verify that the following services are running: v IBM MQSeries v IBM WebSphere Message Broker component BRKR_SCCS v IBM WebSphere Message Broker component CMGR_SCCS
55
You can start and stop individual services in this console by right-clicking "Started" (or "Stopped") in the "Status" column, and then selecting Start or Stop from the menu. 2. Open MQ Explorer by clicking Start All Programs IBM WebSphere MQ WebSphere MQ Explorer, and verify that the queue manager (such as sccs.queue.manager) is started. You can start and stop the queue manager in this console by right-clicking its name, and then selecting Start or Stop from the menu. 3. On the DB2 server, click Start Control Panel Administrative Tools Services and use the Windows Services console to verify that the DB2 services are running. Note: Remember that the DB2 Net Search Extender (DB2EXT) must also be running. 4. Still on the DB2 server, click Start All Programs IBM DB2 DB2COPY1 (default) General Administration Tools Control Center to open the DB2 Control Center so you can check (and manage) the DB2 database, and work with its tables and schemas. 5. On any computer in the deployment, open a browser and verify that Lotus Sametime Advanced is running by logging in with a user account from the LDAP directory. The Web address will resemble the one below, but the host name and port will depend upon your own deployment:
For example:
Installing Lotus Sametime Advanced in a cluster

Installing IBM Lotus Sametime Advanced as a clustered deployment involves setting up an IBM WebSphere Application Server network deployment to distribute the workload and a WebSphere MQ cluster to support the additional messaging involved. Complete the tasks below to create the WebSphere Application Server network deployment, and then create the WebSphere MQ cluster: Installing the DB2 database management system: IBM DB2 is a database management system that stores information used by IBM Lotus Sametime Advanced. About this task Installing DB2 involves the following tasks: Installing DB2 Enterprise Server Edition: Install the IBM DB2 server software. Before you begin For IBM Lotus Sametime Advanced, you need to install IBM DB2 Enterprise Server Edition.
56
About this task Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate DB2 package for your operating system, and extract the files. Note: You must also download the DB2 license file db2ese_o.lic, which you activate after installing the DB2 server; this file is stored with the DB2 package. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Install the DB2 server as explained in the DB2 information center at the following Web address:
In the information center, search for the following text to locate installation instructions: "Installing DB2 Servers". 4. Accept the default values and settings during DB2 installation. Note: When you create the DB2 administrative user account, the password that you assign to the account must satisfy your server operating system's requirements as well as any additional requirements imposed by your company. For information, see the Password Rules topic in the DB2 information center. 5. After installation is complete, you must activate the DB2 license: a. Open a command prompt. b. Run the following command to launch the DB2 Command window:
DB2CMD
c. In the DB2 Command window, navigate to the folder where you downloaded the DB2 license file. d. Run the following command in the DB2 environment:
Sample output for Windows


EXIT
Installing DB2 Net Search Extender: Install IBM DB2 Net Search Extender to support text retrieval by concurrent IBM Lotus Sametime Advanced users. Before you begin Make sure you have a DB2 server installed before you begin.
57
About this task Install DB2 Net Search Extended on the DB2 server by following these steps: Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate DB2 Net Search Extender package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document atwww.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 3. Install DB2 Net Search Extender as explained in the DB2 information center at
publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp
In the information center, search for the following text to locate installation instructions: "Installing Net Search Extender". 4. Accept the default values and settings while installing Net Search Extender. 5. When installation is finished, start Net Search Extender by running the following command in the DB2 environment:
db2text start
What to do next Attention: DB2 Net Search Extender must be running to support Lotus Sametime Advanced operations. If you stop this service for any reason, be sure to restart it. To remove the need for manual restarts, you may want to set this service to start automatically: v AIX, Linux, Solaris: Add the text indexing service startup to the database startup script. v Windows: Set the "DB2EXT" service to "Automatic" in the Windows Services control panel. Creating the WebSphere Event Broker database: Use IBM DB2 to create a database for storing IBM WebSphere Event Broker data. Before you begin The WebSphere Event Broker database contains Broker-specific system configuration information that is added or modified whenever a broker is created or configured. You can define your own names for this database using 8 characters or less; in the examples presented in this documentation, the Event Broker database is named "BRKRDB". Procedure 1. Log in to the DB2 server as the DB2 Administrator (or as a user in the DB2ADMNS group). 2. Open a DB2 command window. For example, in Windows, click Start Programs IBM DB2 DB2COPY1 (default) Command Line Tools Command Window .
58
3. Run the following command to create the WebSphere Event Broker database (called "BRKRDB" in this documentation):
DB2 CREATE DATABASE database_name USING CODESET UTF-8 TERRITORY US
For example:
DB2 CREATE DATABASE BRKRDB USING CODESET UTF-8 TERRITORY US
Sample Output: DB20000I The CREATE DATABASE command completed successfully. Creating the Lotus Sametime Advanced database: Use IBM DB2 to create a database for storing IBM Lotus Sametime Advanced data. Before you begin The Lotus Sametime Advanced database requires a DB2 database to store information. In the examples presented in this documentation, the Lotus Sametime Advanced database is named STADV. About this task Create the database directly on the DB2 server using the provided script. Procedure 1. Download the appropriate versions of the scripts for your operating system to the DB2 server. The scripts are stored in the \SupportingFile\DB2-image\db2-scripts directory within the Lotus Sametime Advanced software download; be sure to take all of the files for your operating system. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document atwww.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 2. Verify that you are working in DB2 as the DB2 Administrator (or as a user in the DB2ADMNS group). 3. (AIX, Linux, Solaris) Assign execute privileges to the createDb.sh file by running the following command:
chmod +x createDb.sh
4. In the DB2 environment, create the database by running the script as follows: AIX, Linux, Solaris
./createDb.sh database_name
Windows
createDb.bat database_name
where database_name is the name of the Lotus Sametime Advanced database (in this documentation, examples will use "STADV" as that database's name). For example:
./createDb.sh STADV
Attention: Do not use the same name as the host name for this computer, as that would create conflicts. This script creates the new database and sets up the schema and tables needed for Lotus Sametime Advanced. Creating text indexes for searching the Lotus Sametime Advanced database:
59
Create indexes in an IBM DB2 database hosted on either Microsoft Windows or Linux. Before you begin You must have installed the IBM DB2 server software and DB2 Net Search Extender, then started those applications, created a database, and set up the database schema. The DB2 command window should still be open from the previous task (open it if necessary). About this task Note: If the indexes should become corrupted, you can safely rerun the dbtext script at any time without losing any existing data. Procedure 1. Download the appropriate version of the dbtext script for your operating system to the DB2 server. This script is stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document at www.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. 2. In the DB2 Command Window, run the following command to create the text indexes: AIX, Linux, Solaris
./dbtext.sh database_name
Windows
dbtext.bat database_name
where database_name is the name of the Lotus Sametime Advanced database ("STADV" in this documentation). If you see an error stating that "DB2TEXT" is not a recognized command, make sure that DB2 Net Search Extender has been installed and is running. 3. Once the script successfully completes, you can disconnect from the database with the following command:
DB2 DISCONNECT STADV
Sample output
DB20000I EXIT The SQL DISCONNECT command completed successfully.
4. Now type the following command in the DB2 Command Window: 5. Close the DB2 Command Window. Installing the DB2 client: If an application requires access to a remote IBM DB2 database, install the DB2 Client application and then catalog the remote database. Before you begin IBM WebSphere MQ and WebSphere Event Broker require a connection to the database used for storing messaging information (called "BRKRDB" in this documentation). If the BRKRDB database is on a remote server, you must install
60
the DB2 client on the server hosting WebSphere MQ and WebSphere Event Broker, and then catalog the database from the client to ensure access. The Lotus Sametime Advanced server does not require the DB2 client, even when DB2 is hosted on a separate computer (because the use of JDBC type 4 drivers removes the need for a DB2 client to access the remote DB2 server). Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Install the DB2 client as explained in the DB2 information center at the following Web address:
Note: If you catalog the database using an alias, that name must match the database name already used on the DB2 server. In the examples in this documentation, the database name is BRKRDB, so the alias name would also be BRKRDB. Clustering WebSphere MQ and WebSphere Event Broker: Set up a clustered deployment of IBM WebSphere MQ and WebSphere Event Broker servers to improve the performance and security of messaging within an IBM Lotus Sametime Advanced clustered deployment. Before you begin A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker,
61
which is why they must be installed on the same server. Each of these servers can support only one broker for Lotus Sametime Advanced, which looks for the broker on a particular port (1506). A broker can support messaging for roughly 10-15 thousand users; if you foresee a larger number of users, you will probably want to deploy multiple WebSphere MQ/WebSphere Event Broker servers and then cluster them for efficiency. A traditional WebSphere MQ network uses distributed queues, where every queue manager is independent and queues are not shared. One queue manager can only send a message to another if a specific channel has been created between them. A WebSphere MQ cluster enables the queue managers to share queues and communicate directly, without the need for specific channel definitions between each pair of queue managers. In addition to clustering the queue managers (provided by WebSphere MQ), you can gather the brokers (provided by WebSphere Event Broker) into a different type of cluster, called a collective. The brokers within a collective are interconnected, share a single DB2 database (called "BRKRDB in this documentation), and are controlled by a single configuration manager. Using a collective improves messaging performance in several ways: v A message from a particular client is routed directly to the target broker, taking the shortest path and bypassing intermediate brokers. v A client can connect to the nearest broker within the collective instead of being assigned to a broker that may actually be located farther away. v The connections between the brokers in a collective are automatically tested for validity when the collective is created, which ensures that messages are always transported to their destinations and do not circle endlessly. About this task Clustering WebSphere MQ and WebSphere Event Broker involves the following tasks: Installing component applications: The first task in clustering IBM WebSphere MQ servers and creating a broker collective is to install the component applications on every server in the cluster. Before you begin Install the following component applications on every server that will be a part of the WebSphere MQ cluster: v IBM DB2 client v WebSphere MQ v WebSphere Event Broker Note: Each server within the cluster requires a copy of the DB2 client application so that the broker services can access data stored in the database you created earlier. About this task To ensure that each server has all the necessary components set up before you configure the servers as a cluster, complete the following installation tasks (in the
62
sequence shown) on every server in the WebSphere MQ cluster: Installing the DB2 client: If an application requires access to a remote IBM DB2 database, install the DB2 Client application and then catalog the remote database. Before you begin IBM WebSphere MQ and WebSphere Event Broker require a connection to the database used for storing messaging information (called "BRKRDB" in this documentation). If the BRKRDB database is on a remote server, you must install the DB2 client on the server hosting WebSphere MQ and WebSphere Event Broker, and then catalog the database from the client to ensure access. The Lotus Sametime Advanced server does not require the DB2 client, even when DB2 is hosted on a separate computer (because the use of JDBC type 4 drivers removes the need for a DB2 client to access the remote DB2 server). Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Install the DB2 client as explained in the DB2 information center at the following Web address:
63
Note: If you catalog the database using an alias, that name must match the database name already used on the DB2 server. In the examples in this documentation, the database name is BRKRDB, so the alias name would also be BRKRDB. Installing WebSphere MQ: IBM WebSphere MQ provides messaging across multiple platforms, allowing independent applications on a distributed system to communicate with each other. Before you begin WebSphere MQ enables information packaged as messages to flow between different business applications. There are two ways in which WebSphere MQ can act on messages: v Message routing performs a defined set of operations on a message, applying them in a prescribed sequence, to route them from sender to recipient. v Message transformation modifies messages by changing, combining, adding, or removing data; for example to change the format to accommodate the recipient's requirements. About this task If you already installed WebSphere MQ, you do not have to install it again for a new Lotus Sametime Advanced deployment. If you uninstalled Lotus Sametime Advanced and are installing a newer version, you should have removed the broker services already and can simply configure them anew. Installing WebSphere MQ involves the following tasks: Installing the WebSphere MQ application: Install the IBM WebSphere MQ application to support messaging in your deployment. About this task The procedure for installing the WebSphere MQ application varies with the operating system: Installing the WebSphere MQ application on Linux and Solaris: Install the IBM WebSphere MQ application on Linux or Solaris. Before you begin You can install WebSphere MQ on the same computer that will host IBM Lotus Sametime Advanced, or on a different one; however, WebSphere MQ must be hosted on the same computer as WebSphere Event Broker, which you will install in a later task. For additional information on installing WebSphere MQ, see the WebSphere Message Broker information center at:
Search for the following text: "Installing a WebSphere MQ server".
64
About this task You can install WebSphere MQ on the same computer as IBM Lotus Sametime Advanced, or on a different machine. When you run the WebSphere MQ installer, it first verifies that its own prerequisite components are already installed on the server; if the requirements have not been met, you must install the components before you can install WebSphere MQ. Tip: For additional information on preparing the server and installing WebSphere MQ, review the "Quick Beginnings for operating_system > Server > Preparing to install" topic in the WebSphere MQ information center. Procedure 1. Log in to your computer as root. 2. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. Note: You will download the fix pack directly from the IBM Web site in the next task. 3. Set up user permissions for the broker services by doing the following: a. b. c. d. Create the mqsi user. Create the mqbrkrs group. Create the mqm group. Add the mqsi and root users to the mqbrkrs and mqm groups.
e. Add the local DB2 user account to the mqm and mqbrkrs groups. 4. Navigate to the directory where you stored the installation files. 5. Begin the installation by running the following command: ./mqlicense.sh . 6. At the "Software License Agreement" screen, read the license agreement and click Accept. 7. Install WebSphere MQ: AIX, Linux a. Run the following command to install the MQSeries Runtime application:
rpm -ivh MQSeriesRuntime-6.0.0-0.i386.rpm
b. Run the following command to install the MQSeries Java application:

rpm -ivh MQSeriesJava-6.0.0-0.i386.rpm
c. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setup the Default Configuration, click Next to skip that task and finish the installation without setting up the default configuration. Solaris a. Run the following command to install the MQ application:
pkgadd -d.
b. When presented with a list of available packages, type the number representing "mqm" package. c. When presented with the list of components, type the number representing MQ Series application, then type a comma as a separator before typing the number of the MQ Java application.
65
d. Type "y" if you are prompted with any questions. e. When you see the message indicating that installation is complete, type "q" to exit the installation program. Installing the WebSphere MQ application on Windows: Install the IBM WebSphere MQ application on Microsoft Windows. Before you begin You can install WebSphere MQ on the same computer that will host IBM Lotus Sametime Advanced, or on a different one; however, WebSphere MQ must be hosted on the same computer as WebSphere Event Broker, which you will install in a later task. For additional information on installing WebSphere MQ, see the WebSphere Message Broker information center at:
About this task You can install WebSphere MQ on the same computer as IBM Lotus Sametime Advanced, or on a different machine. If you take the defaults then typically, MQ installs to a path like this:
When you run the WebSphere MQ installer, it first verifies that its own prerequisite components are already installed on the server; if the requirements have not been met, you must install the components before you can install WebSphere MQ. Tip: For additional information on preparing the server and installing WebSphere MQ, review the "Windows Quick Beginnings > Installing the WebSphere MQ Server > Preparing for server installation" topic in the WebSphere MQ information center. Procedure 1. Log in to your computer as the Microsoft Windows administrator. Attention: Logging in with an account other than the Administrator will prevent the mqsi user from being added to the Administrators groups, which will cause the configureEB script to fail in a later step. 2. Set up user permissions for the broker services by doing the following: a. Create the mqsi user. b. Add the mqsi user to the Windows "Administrators" group . c. Create the mqbrkrs group. d. Create the mqm group. e. Add the mqsi and Windows Administrator users to the mqbrkrs and mqm groups. f. Add the local DB2 user account to the mqm and mqbrkrs groups. 3. Download the appropriate installation package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149.
66
Note: You will download the fix pack directly from the IBM Web site in the next task. 4. Navigate to the directory where you extracted the file and begin the installation by running the following command:
Setup.exe
5. At the "Welcome to the WebSphere MQ Launchpad" screen, click the Software Requirements button on the left. This initiates a check for any applications that must be in place before you can install WebSphere MQ. In particular, this will check for the existence of WebSphere Eclipse Platform and, if that application is not already installed, will give you a chance to install it now. 6. At the "Software Requirements for WebSphere MQ on Windows" screen, check the status of WebSphere Eclipse Platform. 7. Do one of the following: v If the requirements have all been satisfied, skip to Step 9. v Otherwise, continue to Step 8 and proceed from there. 8. If WebSphere Eclipse Platform is not already available on this computer, install it now as follows: a. Click the + next to "WebSphere Eclipse Platform Version 3.0.1" to display installation information. b. Click the Network button, then click Open and select setup.exe to begin installing WebSphere Eclipse Platform. c. At the "Select Setup Language" screen, select a language and click OK. The "WebSphere Eclipse Platform" splash screen displays as the installation process begins. d. At the "Welcome to the Installation Wizard for WebSphere Eclipse Platform" screen, click Next. e. At the "License Agreement" screen, click the option to accept the agreement, and then click Next. f. At the "Destination Folder" screen, accept the default destination for WebSphere Eclipse Platform files, and click Next. To select a different destination, click the Change button; when your destination is correctly specified, click Next. g. At the "Ready to Install WebSphere Eclipse Platform" screen, click Install. h. At the "Installing WebSphere Eclipse Platform" screen, wait for the installation process to complete. i. At the "Installation Wizard Completed Successfully" screen, click Finish. WebSphere Eclipse Platform is now installed on the server, and you are ready to install WebSphere MQ. j. Click the Refresh button to repeat the requirements check for WebSphere MQ. 9. When the "Software Requirements for WebSphere MQ on Windows" screen shows that all requirements have been satisfied, click the WebSphere MQ Installation button and install WebSphere MQ as follows: a. At the "WebSphere MQ Installation" screen, select a language, and then click 'Launch IBM WebSphere Installer. b. At the "License Agreement" screen, click the option to accept the agreement, and then click Next. c. At the "Setup Type" screen, click Typical to select a typical installation, and then click Next.
67
d. At the "Ready to Install WebSphere MQ" screen, review your settings; when you are ready to proceed, click Install. e. At the "Installing WebSphere MQ" screen, wait while the installer copies files and installs WebSphere MQ. f. At the "Installation Wizard Completed Successfully" screen, click Finish to exit the installation wizard. Once the basic WebSphere MQ installation is finished, the Prepare WebSphere MQ Wizard launches automatically. 10. Run the Prepare WebSphere MQ Wizard as follows: a. At the "Welcome to the Prepare WebSphere MQ Wizard" screen, click Next. b. At the "WebSphere MQ Network Configuration" screen, wait for configuration to complete, and then click Next. c. You will asked whether there is a Windows domain controller in the network. v If there is not, click No and skip to step 10e. v If there is a domain controller, click Yes and proceed to step 10d for another step. d. If the Windows administrator account that you logged in with belongs to a domain (DOMAIN/USER), then you may see a screen like this, prompting for additional information about the domain account. Unless the domain has imposed restrictions on local user accounts, you can simply click Cancel at this point, and consider your WebSphere MQ installation complete. Clicking the More Information button provides the following details to help you determine how to respond and complete this screen. When WebSphere MQ is running, it must check that only authorized users can access queue managers or queues. Whenever any user attempts such access, WebSphere MQ uses its own local account to query information about the user. Domain controllers that are running Windows 2000 Server, Windows 2003 Server, or later, can be set up in such a way that WebSphere MQ cannot use local accounts to check that users defined on those domains are authorized to access queue managers or queues. In this case, you must provide WebSphere MQ with a special domain user account to use. If you are unsure whether this case applies to you, you should consult your domain administrator. If a special domain user account is required, send the "Configuring Windows Accounts" page to your domain administrator, and ask for one of the special accounts it describes. Enter the account details into the Prepare WebSphere MQ Wizard. This wizard runs automatically at the end of installation; the wizard can also be run at any time from the Start menu. Restriction: If the special domain user account is required but you carry on anyway and configure WebSphere MQ without it, many or all parts of WebSphere MQ will not work, depending upon the particular user accounts involved. In particular, if you are currently logged on with a domain user account, you might not be able to complete the Default Configuration, and the Postcard and API Exerciser might not work. e. If the "Prepare WebSphere MQ Wizard" screen prompts whether to Setup the Default Configuration, click Next to skip that task and finish the installation without setting up the default configuration. At this point, the WebSphere MQ application is installed, and you are ready to install the accompanying fix pack in the next task.
68
Installing the WebSphere MQ fix pack: After installing the IBM WebSphere MQ application, install the fix pack to ensure the product is up-to-date. Before you begin After installing IBM WebSphere MQ, check the Lotus Sametime system requirements at the following Web address, and determine whether you need to install a fix pack:
www.ibm.com/support/docview.wss?&uid=swg27010738
Note: You must install the base application before you can update it with a fix pack. About this task The procedure for installing the WebSphere MQ fix pack varies with the operating system: Installing the WebSphere MQ fix pack on Linux and Solaris: Install the IBM WebSphere MQ fix pack to update the application to the necessary level for use IBM Lotus Sametime Advanced. Before you begin Make sure that the WebSphere MQ application has already been installed on the server. You do not have to configure WebSphere MQ before installing the fix pack. About this task Install the WebSphere MQ fix pack on the same computer where you installed the WebSphere MQ application. Procedure 1. Download the latest fix pack from the IBM site as follows: a. Open a browser and navigate to the following Web address to download the fix pack:
www-1.ibm.com/support/docview.wss?rs=171&uid=swg24017980
b. Scroll to the "Download package" table at the bottom of the page and select the appropriate fix pack for your operating system. c. At the "Terms and Conditions" screen, click I agree. You will now be redirected automatically to the IBM Support site, where you can download the fix pack. d. Sign in as prompted to access the download site. e. Review the Business Control, Privacy, and License; then click the I agree box. f. Now click I confirm at the bottom of the page. g. Select a download method and language, and download the fix pack. 2. Now install the fix pack as follows: a. Navigate to the directory where you stored the fix pack. b. Perform the product update by running the following command:
69
AIX, Linux
rpm -ivh MQSeriesRuntime-6.0.2-3.i386.rpm MQSeriesServer-fixpack_version.i386.rpm
Solaris
pkgadd -d fixpack_file_name.img
What to do next You do not need to configure WebSphere MQ right now because it will be configured for you when you run the script that configures WebSphere Event Broker in a later task. Installing the WebSphere MQ fix pack on Windows: Install the IBM WebSphere MQ fix pack to update the application to the necessary level for use IBM Lotus Sametime Advanced. About this task Install the WebSphere MQ fix pack on the same computer where you installed the WebSphere MQ application. Procedure 1. Download the latest fix pack from the IBM site as follows: a. Open a browser and navigate to the following Web address to download the fix pack:
b. Scroll to the "Download package" table at the bottom of the page and select the appropriate fix pack for your operating system. c. At the "Terms and Conditions" screen, click I agree. You will now be redirected automatically to the IBM Support site, where you can download the fix pack. d. Sign in as prompted to access the download site. e. Review the Business Control, Privacy, and License; then click the I agree box. f. Now click I confirm at the bottom of the page. g. Select a download method and language, and download the fix pack. 2. Now install the fix pack as follows: a. Navigate to the folder where you stored the fix pack. b. Start the fix pack installation by running the following file: WebSphereMQMDV_FPversion_EnUs.exe. c. At the "Welcome to the InstallShield Wizard for WebSphere MQ" screen, click Next. d. At the "Remove Installation Files" screen, click the first option (upack the files to a temporary location and then remove them after installation is complete), and then click Next. e. At the "Extracting Files" screen, wait. Wait some more. When the Next button is enabled, click it. f. Wait some more while the installer progresses through a series of screens such as the "Checking files" screen. g. At the "Click Install to begin installation" screen, you can accept the default installation location, or optionally select a new location. Then click Install.
70
h. Next, a series of screens appears while the fix pack installation process runs. Wait some more; do not click anything on these screens. i. At the "Fix Pack installation is complete" screen, click Finish. What to do next You do not need to configure WebSphere MQ right now because it will be configured for you when you run the script that configures WebSphere Event Broker in a later task. Installing the WebSphere Event Broker application: IBM WebSphere Event Broker extends the reach, scope, and scale of the WebSphere MQ infrastructure, enabling the secure and seamless interaction of enterprise applications with thousands of users. The centralized administration of distributed brokers provided by WebSphere Event Broker improves the flexibility, security, and routing of messaging. About this task A Lotus Sametime Advanced deployment requires a one-to-one relationship between installations of WebSphere Message Broker and WebSphere Event Broker, and the two applications must be installed on the same computer. This deployment can support only one broker for Lotus Sametime Advanced, which specifically looks for the broker on port 1506. In addition, these components require access to the DB2 database; if the database is hosted on a different computer, you must install the DB2 client application on the same computer as WebSphere MQ and WebSphere Event Broker. If you already installed WebSphere Event Broker, you do not have to install it again for a new Lotus Sametime Advanced deployment. If you uninstalled Lotus Sametime Advanced and are installing a newer version, you should have removed the broker services already and can simply configure them anew. The procedure for installing WebSphere Event Broker varies with the operating system on which it will be hosted: Installing WebSphere Event Broker on AIX, Linux, Solaris: Install the IBM WebSphere Event Broker application on IBM AIX, Linux, or Solaris. About this task The procedure for installing WebSphere Event Broker for use on a clustered server includes two tasks, which you perform in the sequence shown: Installing the WebSphere Event Broker application on AIX, Linux, Solaris: Install the IBM WebSphere Event Broker application on IBM AIX, Linux, or Solaris. Before you begin There are two prerequisites for installing WebSphere Event Broker:
71
v You must install WebSphere Event Broker on the same computer where you install IBM WebSphere MQ; this is required for these components to function properly. v If you are not installing WebSphere Event Broker directly on the DB2 server, you must install a copy of the DB2 client on this computer, and then catalog the database that you created for WebSphere Event Broker (called "BRKRDB" in this documentation) from the DB2 client. About this task For additional information on installing WebSphere Event Broker, see the WebSphere Message Broker information center at:
Follow these steps to install WebSphere Event Broker: Procedure 1. Download and extract the WebSphere Event Broker installation program as follows: a. Log in to the server as root. b. Download the appropriate package for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. Install WebSphere Event Broker as follows: a. Start the WebSphere Event Broker installer by navigating to the directory where you extracted the file and running the appropriate setup command: v AIX: ./setupaix v Linux: ./setuplinuxia32 v Solaris: ./setupsolaris The installation program begins by displaying the WebSphere Event Broker splash screen. b. At the "Welcome to the InstallShield Wizard for IBM WebSphere Event Broker" screen, click Next. c. At the "Software License Agreement" screen, click the option to accept the agreement, and then click Next. d. At the "Choose the setup type that best suits your needs" screen, click Typical, and then click Next. e. At the "IBM WebSphere Event Broker will be installed in the following location" screen, click Next. f. At the "Installing IBM WebSphere Event Broker" screen, please wait. g. At the "Would you like to launch a command console after the install wizard finishes?" screen, click the Yes option if you want to automatically launch the command console; then click Next. h. At the "InstallShield Wizard has successfully installed WebSphere Event Broker" screen, click Finish. 3. Now verify that you have the right fix-pack level of WebSphere Event Broker: a. Open the Message Broker Command Console b. (Solaris only) Run the following set up command:
72
AIX and Linux users should skip this step.

. /opt/IBM/mqsi/6.0/bin/mqsiprofile
c. Run the following command to display the MQ version:

mqsiservice - v
d. If you do not have the correct fix pack installed, you can download it from the IBM Web Site using the same method as you did for WebSphere MQ earlier. Download the Fix Pack (6.0.0.3) from the following Web address:
e. Now install the fix pack as explained in the Release Notes document posted on the same page. Adding jar files to the classpath on AIX, Linux, Solaris: Copy required jar files to the classpath so they can be referenced during configuration of IBM WebSphere Event Broker on AIX, Linux, or Solaris. About this task Follow these steps to add supporting jar files to the system classpath. All of the jar files need to be available on the system classpath so that the event broker can be successfully configured for the real-time message flow on your server. In addition, the SametimePlusExits.jar file must be available on the system classpath to prevent runtime errors when the event broker is started. Procedure Add the following statements to the .profile of the user account that will start and stop the broker services (this adds jars to the classpath and enables that user to properly start the message flow and access the broker database): AIX, Linux Note: The CLASSPATH statement was formatted for readability here, but you must type it as a single line.
export CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/AddBroker.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-codec-1.3.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-3.1.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar ;CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-logging-1.1.jar if [ -f /home/db2inst1/sqllib/db2profile ]; then . /home/db2inst1/sqllib/db2profile fi
where mqsi_install_path is the absolute path to your WebSphere Event Broker install location; for example: Solaris
CLASSPATH=mqsi_install_path/classes/SametimePlusExits.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/AddBroker.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/SametimePlusExits.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-codec-1.3.jar
73
CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-3.1.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-httpclient-contrib-3.1.jar CLASSPATH=$CLASSPATH:mqsi_install_path/classes/commons-logging-1.1.jar export CLASSPATH if [ -f /home/db2inst1/sqllib/db2profile ]; then . /home/db2inst1/sqllib/db2profile fi
where mqsi_install_path is the absolute path to your WebSphere Event Broker install location; for example:
/opt/ibm/mqsi/6.0
Installing WebSphere Event Broker on Windows: Install the IBM WebSphere Event Broker application on Microsoft Windows. About this task The procedure for installing WebSphere Event Broker for use on a clustered server includes two tasks, which you perform in the sequence shown: Installing the WebSphere Event Broker application on Windows: Install the IBM WebSphere Event Broker application on Microsoft Windows. Before you begin There are two prerequisites for installing WebSphere Event Broker: v You must install WebSphere Event Broker on the same computer where you install IBM WebSphere MQ; this is required for these components to function properly. v If you are not installing WebSphere Event Broker directly on the DB2 server, you must install a copy of the DB2 client on this computer, and then catalog the database that you created for WebSphere Event Broker (called "BRKRDB" in this documentation) from the DB2 client. About this task For additional information on installing WebSphere Event Broker, see the WebSphere Message Broker information center at:
Follow these steps to install WebSphere Event Broker: Procedure 1. Download and extract and the WebSphere Event Broker installation program as follows: a. Log in to Microsoft Windows as the system administrator. Attention: Logging in with an account other than the Administrator will prevent the mqsi user from being added to the Administrators groups, which will cause the configureEB script to fail in a later step. b. Download the appropriate package for your operating system, and extract the files.
74
Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 2. Install WebSphere Event Broker as follows: a. Start the WebSphere Event Broker installer by navigating to the directory where you extracted the file and running the following command:
Setup.exe
The installation program begins by displaying the WebSphere Event Broker splash screen. b. At the "Welcome to the InstallShield Wizard for IBM WebSphere Event Broker" screen, click Next. c. At the "Software License Agreement" screen, click the option to accept the agreement, and then click Next. d. At the "Choose the setup type that best suits your needs" screen, click Typical, and then click Next. e. At the "IBM WebSphere Event Broker will be installed in the following location" screen, click Next. f. At the "Installing IBM WebSphere Event Broker" screen, please wait. g. At the "Would you like to launch a command console after the install wizard finishes?" screen, click the Yes option if you want to automatically launch the command console; then click Next. h. At the "InstallShield Wizard has successfully installed WebSphere Event Broker" screen, click Finish. 3. Now verify that you have the right fix-pack level of WebSphere Event Broker: a. Open the Message Broker Command Console b. Run the following command:
mqsiservice - v
d. Now install the fix pack as explained in the Release Notes document posted on the same page. Adding jar files to the classpath on Windows: Copy required jar files to the classpath so they can be referenced during configuration of IBM WebSphere Event Broker on Microsoft Windows. About this task Follow these steps to add supporting jar files to the system classpath. All of the jar files need to be available on the system classpath so that the event broker can be successfully configured for the real-time message flow on your server. In addition, the SametimePlusExits.jar file must be available on the system classpath to prevent runtime errors when the event broker is started.
75
Procedure 1. Log on to the server as the Windows system administrator. 2. Add the following files to the CLASSPATH, keeping the statement on one line: List of files: v SametimePlusExits.jar v AddBroker.jar v commons-codec-1.3.jar v commons-httpclient-3.1.jar v commons-httpclient-contrib-3.1.jar v commons-logging-1.1.jar How they look on the CLASSPATH (this was formatted for readability, your CLASSPATH statement must be formatted as one line):
existing_classpath_values ;%MQSIINSTALLPATH%\classes\AddBroker.jar ;%MQSIINSTALLPATH%\classes\SametimePlusExits.jar ;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar
Note: These jar files do not exist in the classes directory yet, when you run the configureEB.bat script in the next task; the files will be copied to your server for use during configuration. 3. Restart the server so these changes take effect before you configure WebSphere Event Broker. Creating a data source for the broker: If you are using Microsoft Windows 2003, then configuring IBM WebSphere Event Broker for use in a cluster involves defining a data source for a broker. About this task Follow these steps to create a data source. Note: This task is needed only on Windows 2003 server. If you are using a different operating system, skip this task. Procedure 1. Open the ODBC Tool by clicking Start Programs Administrative Tools DataSources (ODBC). 2. Click the System DSN - System Data Sources tab. 3. Click Add. 4. In the "Create New Data Source" dialog box, select IBM DB2 ODBC Driver -DB2COPY1 and then click Finish. 5. In the CLI/ODBC Settings dialog box, fill in values for the new data source, and then click OK:
76
Option Data Source Name Description Databases User ID and Password
Description BRKRDB MQSIBKDB DB2 ODBC Database STADV User name and password for the database, such as db2admin and passw0rd.
6. Still in the CLI/ODBC Settings dialog box, click Connect to test the connection. 7. When you have finished, close all of the ODBC dialog boxes. Setting up a MQ cluster and Event Broker collective: After installing IBM WebSphere MQ and WebSphere Event Broker on two or more servers, configure them as a WebSphere MQ cluster and then create a broker collective to improve messaging efficiency. A WebSphere MQ cluster consists of two or more servers, each hosting an instance of WebSphere MQ and an instance of WebSphere Event Broker. To avoid confusion with topics discussing WebSphere Application Server network deployment clusters, the topics on configuring a WebSphere MQ cluster use these terms to describe the servers that you will cluster: v Initial server: This is the server that will host the broker collective's configuration manager; you will create the WebSphere MQ cluster on this server and then add servers to the cluster. v Additional server: This represents any servers added to the cluster, regardless of how many there are. The tasks that apply to "Additional server" must be completed on every additional server, in the same sequence shown in the documentation. There can be only one Initial server, but there may be as many Additional servers as required; each Additional server must be installed on a separate computer because the broker uses port 1506. Important: Decide in advance how many servers will comprise the WebSphere MQ cluster, because you must complete certain tasks on each Additional server before proceeding to the next task on the Initial server. In addition, you cannot add servers to the cluster after you have created the broker collective in Step 6 below. General setup: Before configuring the MQ Cluster and Event Broker collective, you must complete some prerequisite database and server setup tasks. Procedure 1. Create the broker database. See Creating the WebSphere Event Broker database on page 23 for more detailed information. On the remote DB2 server, create the broker database: a. Open a DB2 command window. b. Create the broker database by entering the following line, replacing Broker_Database_Name with a database name, such as BRKRDB:
DB2 CREATE DATABASE Broker_Database_Name USING CODESET UTF-8 TERRITORY US
77
Note: If a previous broker database exists, you can remove it by entering DB2 DROP DATABASE Broker_Database_Name. 2. On each server (initial and additional), install the following: v The DB2 client. For more information, see Installing the DB2 client on page 25. After you install the DB2 client, remember to catalog the Broker database. v WebSphere MQ and any relevant fixpacks (as for a single node Event Broker install) v Event Broker (as for a single node Event Broker install) 3. On each server (initial and additional), perform the following configuration steps: v Configure the ODBC data source (Windows). a. In the Windows Start menu, select Start > Run... b. In the Run dialog, type odbcad32.exe. c. In the ODBC Data Source Administrator dialog, select the System DSN tab, then click Add. d. In the Create New Data Source dialog, select the IBM DB2 ODBC DRIVER - DB2COPY1 driver. Note the "DB2COPY1" part of the driver name may be different depending on how your installation was performed. e. In the ODBC IBM DB2 Driver - Add dialog, enter the following information: Data source name - The name which you cataloged the remote Broker database in the local DB2 client. Most likely, it is BRKRDB. Database alias - Leave this as is. Description - Free description text. You can enter, for example, ST Adv Event Broker Database. f. Click OK. g. In the ODBC Data Source Administrator dialog, you should see the newly created data source listed as a system DSN. Select it and click Configure... h. In the CLI/ODBC Settings dialog, enter the following information: User ID - The name of a user with access to the broker database (for example, db2admin). Password - The password of the user with access to the broker database (for example, db2password). Save password - Select this checkbox. i. Click Connect. A confirmation message displays. j. Click OK, and then OK again in the ODBC Data Source Administrator dialog v Configure the ODBC data source (Linux, Unix). a. Create a backup copy of /var/mqsi/odbc/.odbc.ini by copying it to .odbc.ini.orig. b. Edit .odbi.ini to contain:
[ODBC Data Sources] BRKPERF=IBM DB2 ODBC DRIVER [BRKPERF] Driver=/opt/ibm/db2/V9.1/lib32/libdb2.so Description=Event Broker DB2 ODBC Database Database=BRKPERF
78
[ODBC] Trace=0 Tracefile=/tmp/advanced/odbctrace.out TraceDll=/opt/ibm/mqsi/6.0/merant/lib/odbctrac.so InstallDir=/opt/ibm/mqsi/6.0/merant UseCursorLib=0 IANAAppCodePage=4 UNICODE=UTF-8
c. Change BRKPERF to reflect your database name. d. Change the Driver to be correct for your platform: AIX: <DBINSTALLPATH>/lib32/libdb2.a Solaris, Linux: <DBINSTALLPATH>/lib32/libdb2.so e. Check to see that the other path references are correct for your deployment. v Copy the required JAR files on the server and set the class path. a. Locate the \SupportingFiles\EB-V60-image\st-adv-jars-EB directory within the Lotus Sametime Advanced software download. b. Copy the following JAR files from this location to the \6.0\classes directory underneath the WebSphere Event Broker installation directory. commons-codec-1.3.jar commons-httpclient-3.1.jar commons-httpclient-contrib-3.1.jar commons-logging-1.1.jar c. On the Windows platform only, add the JAR files to the system class path. For information, refer to Adding jar files to the classpath on Windows on page 41. v Copy the required JAR files on the server and set the class path. a. Locate the STAdvanced_8.5/broker-config/ directory within the Lotus Sametime Advanced for Lotus Sametime 8.5 software download. b. Copy the following JAR files from this location to the \6.0\classes directory underneath the WebSphere Event Broker installation directory. AddBroker.jar SametimePlusExits.jar c. On the Windows platform only, add the JAR files to the system class path. For information, refer to Adding jar files to the classpath on Windows on page 41. v Copy the exitSetting.ini file. a. Locate the STAdvanced_8.5/broker-config/ directory within the Lotus Sametime Advanced for Lotus Sametime 8.5 software download. b. Copy the exitSetting.ini files from this location to the \6.0\bin directory underneath the WebSphere Event Broker installation directory. c. Open the file in its new location using a text editor and change the following entries: servletURL - Change the host and port for this entry to the host and port where the Sametime Advanced server will be accessible. jsecurityURL - Change the host and port for this entry to the host and port where the Sametime Advanced server will be accessible. d. Save the changes to the file and close it. v Copy the BAR file on the server.
79
a. Locate the \SupportingFiles\EB-V60-image\st-adv-jars-EB directory within the Lotus Sametime Advanced software download. b. Copy the realtime1506.bar files from this location to the \6.0 directory underneath the WebSphere Event Broker installation directory. MQ Cluster and Event Broker Collective setup: Configure an IBM WebSphere MQ cluster and a WebSphere Event Broker collective. Before you begin The following instructions distinguish two types of servers: v The initial server hosting the configuration manager and the initial broker v The additional server(s) hosting additional brokers There can be only one initial server, but there may be as many additional servers as required. The instructions assume that each broker run on a different machine. It is not possible to run two brokers (for Lotus Sametime Advanced) on the same machine, as the 1506 port number is hard coded in the BAR file. As there are a number of instances (one per server) of certain items (such as brokers), the following conventions are used:
Table 1. Broker naming conventions used in this topic Name HOSTNAMEn BRKR_SCCSn INTER_BROKER_PORTn Description The host name or IP address of server #n. The name of the broker on server #n. The inter broker communication port for broker #n. The name of the queue manager on server #n. Example broker2.mydomain.com BRKR_SCCS1 Typical value is 1507
SCCS.QUEUEn.MANAGER
SCCS.QUEUE2.MANAGER
The initial server is assumed to be server #1. The following commands must be typed into an Event (Message) Broker Command Console. It is recommended you disable firewalls on all servers running Event Broker while you are doing the setup. Once the setup is complete, you can enable them again. Important: The following instructions contain a number of steps. Each step involves running a number of commands on the different servers making up the broker collective. It is important to run the requested commands on all requested servers before moving on to the next step (rather than running all the steps on server 1, then running all the steps on server 2, and so on). Failure to complete each set of commands on the requested server as instructed will result in the collective not working properly.
80
Procedure 1. Create the queue manager and listener. On each server, run the following commands:
crtmqm -q SCCS.QUEUEn.MANAGER strmqm SCCS.QUEUEn.MANAGER runmqsc DEFINE LISTENER(LISTENER.TCP) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) START LISTENER(LISTENER.TCP) DEFINE CHANNEL (SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN) END
For example, on server #2 (similarly on the other server), you will run:
crtmqm -q SCCS.QUEUE2.MANAGER strmqm SCCS.QUEUE2.MANAGER runmqsc DEFINE LISTENER(LISTENER.TCP) TRPTYPE(TCP) PORT(1414) CONTROL(QMGR) START LISTENER(LISTENER.TCP) DEFINE CHANNEL (SYSTEM.ADMIN.SVRCONN) CHLTYPE(SVRCONN) END
2. Configure the queue manager on the initial server for clustering. On the initial server only, run the following command:
runmqsc ALTER QMGR REPOS(STAMQCLUSTER) END
3. Create the cluster receiver channel. On each server, run the following commands (enter the DEFINE command on a single line, even if it displays here on two lines):
runmqsc DEFINE CHANNEL(SCCS.QUEUEn.MANAGER) CHLTYPE(CLUSRCVR) TRPTYPE(TCP) CONNAME(HOST_NAMEn(1414) CLUSTER(STAMQCLUSTER) DESCR(CLUSRCV) END
Example For example, if you have three servers, you will run the following on server #1...
runmqsc DEFINE CHANNEL(SCCS.QUEUE1.MANAGER) CHLTYPE(CLUSRCVR) TRPTYPE(TCP) CONNAME(broker1.mydomain. CLUSTER(STAMQCLUSTER) DESCR(CLUSRCV) END
...on server #2:
...and on server #3:
4. Create the cluster sender channels. Note: The sender and receiver channels at both end of a connection (between the initial and an additional server) must have the same name. a. On the initial server, run the following commands once for every additional server: Note: Enter the DEFINE command on a single line, even if it displays here on two lines.
81
runmqsc DEFINE CHANNEL(ADDITIONAL_QMn) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME(ADDITIONAL_QM_HOSTNAME CLUSTER(STAMQCLUSTER) DESCR(CLUSSDR) END
where:
Name ADDITIONAL_QMn Description The name of the Queue Manager on the additional server #n The host name of the additional server #n Example SCCS.QUEUE3.MANAGER
ADDITIONAL_QM_HOSTNAMEn
broker3.mydomain.com
b. On each additional server, run the following command: Note: Enter the DEFINE command on a single line, even if it displays here on two lines.
runmqsc DEFINE CHANNEL(INITIAL_QM) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME(INITIAL_QM_HOSTNAME(1414) CLUSTER(STAMQCLUSTER) DESCR(CLUSSDR) END
where:
Name INITIAL_QM INITIAL_QM_HOSTNAME Description Example
The name of the Queue SCCS.QUEUE1.MANAGER Manager on the initial server The host name of the initial server broker1.mydomain.com
For example, if you have 3 servers called broker1, broker2, and broker3, where broker1 is the initial server and broker2 and broker3 are additional servers, you will run the following commands: On server broker1 (the initial server):
runmqsc DEFINE CHANNEL(SCCS.QUEUE2.MANAGER) CHLTYPE(CLUSSDR) TRPTYPE(TCP) CONNAME(broker2.mydomain.com( CLUSTER(STAMQCLUSTER) DESCR(CLUSSDR) END
On server broker2 (the first additional server):
On server broker3 (the second additional server):
5. Create a configuration manager. On the initial server only, run the following command (type the command as a single line, even if it displays as two lines here):
82
mqsicreateconfigmgr CONFIG_MANAGER_NAME -i SERVICE_USER_ID -a SERVICE_USER_PWD -q SCCS.QUEUE1.MANAGER -w WORK_DIR
Where:
Name CONFIG_MANAGER_NAME SERVICE_USER_ID SERVICE_USER_PWD WORK_DIR Description The configuration manager name The service user ID The service user password The working directory for the config manager Example CMGR_SCCS mqsi password C:\Progra~1\IBM\MQSI\6.0\ wrkdir
Service user ID notes: v This can be specified in any valid user name syntax for the platform. If you use the unqualified form for this user ID (user name) on Windows systems, the operating system searches for the user ID throughout its domain, starting with the local system. This search might take some time to complete. v The ServiceUserID specified must be a member (either direct or indirect) of the local group mqbrkrs, and must be authorized to access the home directory (where WebSphere Message Broker has been installed), and the working directory (if specified by the -w flag). v This user ID must also be a member (either direct or indirect) of the local group mqm or of the local Windows Administrators group. For example, on server #1 (and never on the other servers), you will run: After creating the configuration manager, it should be started using the command:
mqsistart CMGR_SCCS
mqsicreateconfigmgr CMGR_SCCS -i mqsi -a password -q SCCS.QUEUE1.MANAGER -w C:\Progra~1\IBM\M
6. Create the brokers. On each servers, run the following command once (type the command as a single line, even if it displays as two lines here):
mqsicreatebroker BRKR_SCCSn -i SERVICE_USER_ID -a SERVICE_USER_PWD -q SCCS.QUEUEn.MANAGER -n BROKER_DB_NAME -u BROKER_DB_USER -p BROKER_DB_PWD
Where...
Name BRKR_SCCSn Description Example
The broker name. It must be BRKR_SCCS1 unique among all the created brokers. The service user ID The service user password The queue manager name created on this server at step 1 The broker database name The broker database user name The broker database user password mqsi password SCCS.QUEUE1.MANAGER
SERVICE_USER_ID SERVICE_USER_PWD SCCS.QUEUEn.MANAGER
BROKER_DB_NAME BROKER_DB_USER BROKER_DB_PWD
BRKRDB db2admin db2password
83
For example, on server #2 (and similarly on the other servers), run:

mqsicreatebroker BRKR_SCCS2 -i mqsi -a password -q SCCS.QUEUE2.MANAGER -n BRKRDB -u db2admin -p
7. Add the brokers to the configuration. On each server, run the following command (type the command as a single line, even if it displays as two lines here):
java mqsi.AddBroker -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn -k SCCS.QUEUEn.MANAGER
Note: The -i and -q parameters refer to the host name and queue manager holding the configuration manager (the initial server). For example, if you have three servers, you will run the following commands on server #2 (and similarly on the server #3):
java mqsi.AddBroker -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS2 -k SCCS.QUEUE2.MANAGER
When the command runs, you will see a message detailing results.
If the broker addition failed, you cannot proceed until you have successfully added the broker to the topology. Look for the message stating "Adding broker to topology......." and check the status ("ok" or "failed").
If the addition of the default execution group fails, you might still be able to proceed because you will add it explicitly in a later step. Look for the message stating "Adding default execution group to topology......" and check the status (ok" or "failed").
8. Start the brokers. On each server, run the following command to start the broker:
mqsistart BRKR_SCCS<n>
For example, on server #2 (and similarly on the other servers), run:

mqsistart BRKR_SCCS2
84
9. Create a default execution group. On each server, run the following command (type the command as a single line, even if it displays as two lines here):
mqsicreateexecutiongroup -b BRKR_SCCSn -e default -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -w 600
Where the -i and -q parameters refer to the host name and queue manager holding the configuration manager. For example, on server two, the command would be:
mqsicreateexecutiongroup -b BRKR_SCCS2 -e default -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -w 600
If you see a message stating that the command failed because the default execution group already exists, you can ignore it and continue to the next step.
10. Deploy the topology. On the initial server only, run the following commands:
mqsideploy -l -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -w 300
Where the -i and -q parameters refer to the host name and queue manager holding the configuration manager (the initial server). For example, if you have three servers, you will run the following commands on server 1 (on no commands on any other servers):
mqsideploy -l -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -w 300
11. Deploy the BAR file. On each server, run the following command (type the command as a single line, even if it displays as two lines here):
mqsideploy -m -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn -e default -a BAR_FILE_PATH -w 300
Where BAR_FILE_PATH is the path for the message flow BAR file on this server. For example, C:\Progra~1\IBM\MQSI\6.0\realtime1506.bar. Note: The -i and -q parameters refer to the host name and queue manager holding the configuration manager (the initial server). For example, if you have three servers, you will run the following on server #1:
mqsideploy -m -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1 -e default -a C:\Progra~1\IBM\MQSI\6.0\realtime1506.bar -w 300
...the following on server #2:

...and the following on server #3:

12. Set the inter broker connectivity parameters.
85
On each server, run the following commands (type each command as a single line, even if it displays as two lines here):
java mqsi.SetInterBrokerParam -i HOSTNAME1 -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCSn -h HOSTNAMEn -o INTER_BROKER_PORTn mqsichangeproperties BRKR_SCCSn -e default -o DynamicSubscriptionEngine -n interbrokerHost -v HOSTNAMEn mqsichangeproperties BRKR_SCCSn -e default -o DynamicSubscriptionEngine -n interbrokerPort -v INTER_BROKER_PORTn
Where INTER_BROKER_PORTn is the inter broker communication port for broker #n; for example, port1507. The inter broker port must be a free TCP/IP port on the server where the broker is running. The -i and -q parameters of the mqsi.SetInterBrokerParam command refer to the host name and queue manager holding the configuration manager. For example, if you have three servers, you will run the following commands on server #1...
java mqsi.SetInterBrokerParam -i server1.mydomain.com -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCC -h server1.mydomain.com -o 1507 mqsichangeproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine -n interbrokerHost -v server1.mydomain.com mqsichangeproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine -n interbrokerPort -v 1507
...the following commands on server #2:
...and the following commands on server #3:
13. Create the collective. On the initial server only, run the following command (type the command as a single line, even if it displays as two lines here):
java mqsi.CreateCollective -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1 -b BRKR_SCCS2 ... -b BRKR_SCCSn
Note: The -b BRKR_SCCSn option must be repeated for every broker to be included in the collective. The '...' is not part of the command. If you have three servers, you will run the following command on server #1 (and no commands on any other server):
java mqsi.CreateCollective -p 1414 -q SCCS.QUEUE1.MANAGER -b BRKR_SCCS1 -b BRKR_SCCS2 -b BRKR_SCCS3
14. Stop the configuration manager. On the initial server only, run the following command:
mqsistop CONFIG_MANAGER_NAME
Where CONFIG_MANAGER_NAME is the configuration manager name. For example, CMGR_SCCS. 15. Set the broker security. On each of the servers, run the following commands:
86
mqsistop BRKR_SCCSn mqsiservice BRKR_SCCSn -r PubSubAccessControl=yes mqsiservice BRKR_SCCSn -r PubSubAuthorizationService=com.ibm.orgcollab.wbi.exits.rest.RestImp mqsiservice BRKR_SCCSn -r PubSubPrincipalDirectory=com.ibm.orgcollab.wbi.exits.rest.RestImpl mqsistart BRKR_SCCSn
For example, if you have three servers you will run the following commands on server #2 (and similarly on all other servers):
mqsistop BRKR_SCCS2 mqsiservice BRKR_SCCS2 -r PubSubAccessControl=yes mqsiservice BRKR_SCCS2 -r PubSubAuthorizationService=com.ibm.orgcollab.wbi.exits.rest.RestImp mqsiservice BRKR_SCCS2 -r PubSubPrincipalDirectory=com.ibm.orgcollab.wbi.exits.rest.RestImpl mqsistart BRKR_SCCS2
16. Start the configuration manager. On the initial server only, run the following command:
mqsistart CONFIG_MANAGER_NAME
Where CONFIG_MANAGER_NAME is the configuration manager name. For example, CMGR_SCCS. Authenticating the inter-broker connection: When the collective starts, a connection is established between the brokers in the collective (using the inter-broker port). This connection is authenticated by passing the broker ID to the ST Adv security exit of the other broker. By default, this ID is set in the broker to 'Broker'. If this ID is set to something different, the Security exit must be notified by setting an additional property in the exitSettins.ini file:
brokerID=<BROKER_ID>
Where <BROKER_ID> is the new broker ID. You can check the broker ID value by opening an Event Broker Command Console and entering the following command:
mqsireportproperties <BRKR_NAME> -e default -o DynamicSubscriptionEngine -n myBrokerUid
Where <BRKR_NAME> is the broker name. Example

mqsireportproperties BRKR_SCCS1 -e default -o DynamicSubscriptionEngine -n myBrokerUid StaBroker01 BIP8071I: Successful command completion.
In this case, the ID of broker BRKR_SCCS1 (StaBroker01) will be sent to the security exit on the other broker (BRKR_SCCS2) for authentication. The exitSetting.ini file on BRKR_SCCS2 should be updated with an entry reading:
brokerID=StaBroker01
If you are having trouble with the collective and you suspect the problem is coming from the authentication not working, enable the DummyTrue exit instead of the rest.RestImpl. With the DummyTrue exit, authentication requests always succeed regardless of what the ID of the brokers are. On the other hand, if your collective already starts with the DummyTrue exit, the problem is coming from the inter-broker authentication.
87
Verifying the configuration: Once the collective is configured, you should verify it is working correctly. If the collective is set up properly, you should see the following message in the system log once all the brokers in the collective start:
(<BROKER_NAME>.default) Broker-Broker connection on socket <BROKER_IP>:<INTER_BROKER_PORT> with bro
If this message does not display, it is likely your collective is not set up properly. Once the collective is set up you can verify it is working correctly by connecting one client to a broker in the collective, and a second client to another broker. Messages published on one broker should be broadcast on the other. Enabling load balancing for the cluster with a round robin DNS: Enable load balancing for the IBM WebSphere MQ cluster by setting up a round robin DNS. Load balancing allows a client to point to multiple brokers within the collective rather than being limited to a single broker. Before you begin A round robin DNS distributes load by directing queries to different members of the cluster in sequence. After you set up the round robin DNS, the IBM Lotus Sametime Advanced plug-ins use this DNS server to connect to the broker collective so that broker requests are load-balanced among the Broker nodes that make up the collective. The mechanism for setting up a round robin DNS is determined by the network and operating systems that comprise your deployment. Clustering Lotus Sametime Advanced and WebSphere Application Server: Create a cluster of IBM Lotus Sametime Advanced servers using an IBM WebSphere Application Server network deployment. Before you begin A WebSphere Application Server network deployment is the only configuration suitable for an enterprise-level deployment of Lotus Sametime Advanced because it is scalable and eliminates single points of failure. Each instance of Lotus Sametime Advance is installed with WebSphere Application Server, and is managed through the network deployment as a "cell". A network deployment cell consists of a Primary node, one or more Secondary nodes, and a Deployment Manager that manages the all of nodes (servers) within the cell as a single domain. Typically, a network deployment contains one node per physical computer. This is not a requirement; nodes are logical groupings of application servers, so you can have more than one node installed on a physical system. For performance reasons, most installations have only one cluster member per node, since each cluster member creates its own JVM footprint. In a network deployment, all nodes are federated into the Deployment Manager's "cell". This allows the Deployment Manager to fulfill its purpose in life: manage the deployment by administering the cell into which the nodes are installed. The Primary node is basically the same thing as a single-server installation; it contains
88
all the applications and WebSphere Application Server components that are required to run Lotus Sametime Advanced. When you install the Primary node, you create a server "template". This template is then cloned for use with all Secondary nodes across the cluster. The Secondary nodes are WebSphere Application Server placeholders that can run additional cluster members (servers created as clones of the Primary node). When you install a Secondary node for Lotus Sametime Advanced, the installation creates a node and a default server instance, as well as some node-level WebSphere Application Server attributes such as data sources, WebSphere variables, and shared library definitions. A network deployment of Lotus Sametime Advanced can contain up to 254 Secondary nodes, or as few as one. About this task Clustering with a WebSphere Application Server network deployment involves the following tasks, which should be completed in the sequence shown: Installing the Deployment Manager: Run the installation program to deploy the IBM Lotus Sametime Advanced application on your computer using the "Deployment Manager" option. Before you begin The Deployment Manager administers the cluster where you deploy Lotus Sametime Advanced. The Deployment Manager servers as a central point of administration, handling the configuration of all cluster-level configurations, including (but not limited to) JDBC providers and data sources (the connections to the remote database), WebSphere Application Server variables, applications, application servers, clusters, IBM HTTP server configuration management, security configurations (LDAP, SSL, SSO), and various other components necessary to run an enterprise-level application. When you deploy a cluster, you install the Deployment Manager first, and then add other servers, called "nodes," to it. In addition to deploying WebSphere Application Server and Lotus Sametime Advanced, installing the Deployment Manager installs the WebSphere shared binaries, the deployment manager profile used by Lotus Sametime Advanced, some of the Lotus Sametime Advanced configuration, and the user directory configuration (LDAP, local file system, and remote database user repositories). About this task Follow these steps to install Lotus Sametime Advanced: Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate packages for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. You will need to download packages for the following products onto this server:
89
v WebSphere Application Server 6.1.0.13 v Lotus Sametime Advanced 3. Extract the files for WebSphere Application Server so they can be used by the Lotus Sametime Advanced installer. 4. Navigate to the folder where you stored the downloaded files for Lotus Sametime Advanced and start the installation program by running one of the following commands: v AIX, Linux, Solaris
./install.sh
v Windows
install.bat
5. At the "Select a language" prompt, select English and then click OK. 6. At the "Welcome" screen, click Next. 7. At the "license agreement" screen, click the Accept option, and then click Next. 8. At the "type of installation" screen, select Deployment Manager and then click Next. 9. At the "root path to the installation files for WebSphere Application Server" screen, enter the path to the folder where you extracted the IBM WebSphere Application Server files, and then click Next. 10. At the "To install WebSphere Application Server in this location" screen, enter the path to where you want to install WebSphere Application Server, and click Next. 11. At the "Create the administrative user ID and password for the WebSphere Application Server" screen, enter the WebSphere Application Server administrator name and password. The WebSphere Application Server administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as wasadmin. 12. At the "Create the administrative user ID and password for the Web based administration of the Sametime Advanced Server" screen, enter the Lotus Sametime Administrator user name and password. The Lotus Sametime Administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as stadvadmin. This user can be switched to an LDAP-based user ID after installation is finished. 13. At the "Enter the properties for this instance of Sametime Advanced Server" screen, the Cell, node, and Host name fields are pre-populated; make changes as appropriate for your Deployment Manager. 14. At the "To install Sametime Advanced server in this location" screen, provide a location for the configuration and log files needed for the Lotus Sametime Advanced server installation. The files in this folder are related to installation and configuration, and will not affect the functioning of the server once the installation is finished. 15. At the "DB2 properties" screen, provide the following properties for the IBM DB2 server:
Option Host name Description Host name of the database server
90
Option Port
Description Port on which the database server is listening; this is normally port 50000 (Microsoft Windows) or 50001 (IBM AIX, Linux, and Sun Solaris) Name of the IBM DB2 database that you created for Lotus Sametime Advanced (STADV in this documentation ) The DB2 Administrator user name used to connect to the database The password for the DB2 Administrator account.
Database Name
16. At the "LDAP Configuration" screen, select whether to configure Lotus Sametime Advanced to work with your LDAP directory now, or after the installation is finished, and then click Next: v Configure LDAP Now: continue with step 17. v Configure LDAP after the installation: skip to step 19. 17. Do one of the following: Note: Lotus Sametime Advanced must use the same LDAP server/directory as the classic Lotus Sametime 8 server. v If an LDAP directory is found, the "LDAP Server Connection" screen allows you to either select that LDAP or specify another before clicking Next: v If no LDAP directory was found, the "LDAP Server Connection" screen instead allows you to provide the LDAP server Host name and Port before clicking Next. 18. At the "LDAP Settings for People and Group Entries" screen, fill in information about the LDAP fields used for authentication:
Option Detected root DN Description If a root distinguished name is detected, it will be displayed here and you can either select it, or enter a different value in the next field. If you selected a detected root DN, leave this field blank; otherwise, type the name of the field used as the Base DN in your LDAP. The Base DN (base distinguished name) indicates the level at which searches begin in the LDAP. Note: If you use IBM Lotus Domino as your LDAP directory, you should specify a base distinguished name now to avoid problems later when enabling SSO and awareness. Type the name of the field in the LDAP directory that will be used for authentication when a user logs in. This is frequently the LDAP's mail field. Note: If your deployment's Lotus Sametime Standard server requires users to log in, this field must match that setting (found in the stconfig.nsf database).
Base distinguished name
Log in
91
Option Display name
Description Type the name of the field in the LDAP directory that will be used as the Display Name. This is frequently the cn field.
Installing the Primary node: Install the Primary node for an IBM WebSphere Application Server network deployment with IBM Lotus Sametime Advanced Before you begin The Primary node is the first node in the cluster, and serves as a template for installing the other nodes into the cluster. The Primary node is responsible for configuring the DB2 database (STADV in this documentation) that contains Lotus Sametime Advanced data. When you install the Primary node, it additionally installs the WebSphere Application Server's shared binaries (if the primary node shares the same hardware as the Deployment Manager, this step is skipped), creates an application server profile to be used by Lotus Sametime Advanced, configures WebSphere Application Server for Lotus Sametime Advanced, and sets up LDAP security. Running the graphical installation program: Before you begin Verify that you have installed and configured the following components before you begin installing Lotus Sametime Advanced: v A supported LDAP directory (see the IBM Lotus Sametime Advanced Requirements for the list of supported products) v IBM Lotus Sametime Standard v IBM DB2 Workgroup Server Edition v IBM WebSphere MQ v IBM WebSphere Event Broker About this task Follow these steps to install Lotus Sametime Advanced using the "Single server (Primary node for Network Deployment)" option.
92
Procedure 1. (Linux RHEL only) Disable SELinux on any RedHat operating system: a. Log in as root on the Linux RedHat server where you will install Lotus Sametime Advanced. b. Open the /etc/selinux/config file for editing. c. Locate the SELINUX setting. d. Change its value to either disable or permissive. e. Save and close the file. f. Restart the Linux server. 2. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 3. Download the appropriate packages for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. You will need to download packages for the following products onto this server: v WebSphere Application Server 6.1.0.13 v Lotus Sametime Advanced 4. Extract the files for WebSphere Application Server so they can be used by the Lotus Sametime Advanced installer. 5. Navigate to the folder where you stored the downloaded files for Lotus Sametime Advanced and start the installation program by running one of the following commands: v AIX, Linux, Solaris
./install.sh
v Windows
install.bat
6. At the "Select a language" prompt, select English and then click OK. 7. At the "Welcome" screen, click Next. 8. At the "license agreement" screen, click the I accept both the IBM and the non-IBM terms option, and then click Next. 9. At the "type of installation" screen, select Single server (Primary node for Network Deployment) and then click Next. 10. At the "root path to the installation files for WebSphere Application Server" screen, enter the path to the folder where you extracted the IBM WebSphere Application Server files, and then click Next. 11. At the "To install WebSphere Application Server in this location" screen, enter the path to where you want to install WebSphere Application Server, and click Next. 12. At the "Create the administrative user ID and password for the WebSphere Application Server" screen, enter the WebSphere Application Server administrator name and password. The WebSphere Application Server administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as wasadmin.
93
13. At the "Create the administrative user ID and password for the Web based administration of the Sametime Advanced Server" screen, enter the Lotus Sametime Advanced Administrator user name and password. The Lotus Sametime Advanced Administrator user will be created inside the WebSphere Application Server file-based repository. The user name can be a common name, such as stadvadmin. This user can be switched to an LDAP-based user ID after installation is finished. 14. At the "Enter the properties for this instance of Sametime Advanced Server" screen, the Cell, Node, and Host name fields are pre-populated; make changes as appropriate. 15. At the "To install Sametime Advanced server in this location" screen, provide a location for the configuration and log files needed for the Lotus Sametime Advanced server installation. The files in this folder are related to installation and configuration, and will not affect the functioning of the server once the installation is finished. 16. At the "DB2 properties" screen, provide the following properties for the IBM DB2 server:
17. At the "Sametime Server Properties" screen, provide the host name and the HTTP port on the Lotus Sametime Standard server, from which you can download the files required for supporting the awareness feature (the default is port 80). Note: If you leave these fields empty, your Lotus Sametime Advanced deployment will be configured without a Lotus Sametime Standard server and will not have access to certain features. 18. At the "SMTP Messaging Server" screen, click the checkbox if you want to use an SMTP server with Lotus Sametime Advanced (for example, for notifications to members of a Persistent Chat Room), and then click Next. If you do not want to configure the SMTP settings now, leave the checkbox unselected and click Next. The Lotus Sametime Advanced Server will still be functional. 19. At the "SMTP Messaging Server Properties" screen, provide the following SMTP server properties:
Option Host name Description The host name of the SMTP transport server.
94
Option User name, Password
Description The user name and password are only needed if your SMTP server requires them for authentication before sending e-mail. If necessary, you can change these values later using the Integrated Solutions Console. (Optional) Type the e-mail address to be used as the "From" address when sending notifications. If your SMTP server is configured to use SSL for outgoing messages, click Yes (port 465 is used by default for encrypted traffic); otherwise click No (port 25 is used by default for unencrypted traffic).
E-mail address
Do you want to encrypt outgoing traffic using SSL?
20. At the "IBM WebSphere Messaging Broker Properties" screen, provide the fully qualified hostname of the WebSphere Message Broker Server, and then click Next. 21. At the "LDAP Configuration" screen, select whether to configure Lotus Sametime Advanced to work with your LDAP directory now, or after the installation is finished, and then click Next: v Configure LDAP Now: continue with step 21. v Configure LDAP after the installation: skip to step 24. 22. Do one of the following: Note: Lotus Sametime Advanced must use the same LDAP server/directory as the Lotus Sametime Standard server. v If an LDAP directory is found, the "LDAP Server Connection" screen allows you to either select that LDAP or specify another before clicking Next: v If no LDAP directory was found, the "LDAP Server Connection" screen instead allows you to provide the LDAP server Host name and Port before clicking Next. 23. Choose the type of binding to use with your LDAP server and, if necessary, provide credentials for authenticated binding (the Bind distinguished name and the associated password); then click Next. The type of binding used to connect to your LDAP server is determined by the settings in the LDAP directory. If anonymous access is allowed, you see the "LDAP Anonymous Bind Allowed" screen.If anonymous access is not allowed, the "LDAP Authenticated Bind Required" screen appears. 24. At the "LDAP Settings for People and Group Entries" screen, fill in information about the LDAP fields used for authentication:
Option Detected root DN Description If a root distinguished name is detected, it will be displayed here and you can either select it, or enter a different value in the next field.
95
Option Base distinguished name
Description If you selected a detected root DN, leave this field blank; otherwise, type the name of the field used as the Base DN in your LDAP. The Base DN (base distinguished name) indicates the level at which searches begin in the LDAP. Note: If you use IBM Lotus Domino as your LDAP directory, you should specify a base distinguished name now to avoid problems later when enabling SSO and awareness. Type the name of the field in the LDAP directory that will be used for authentication when a user logs in. This is frequently the LDAP's mail field. Only one attribute should be entered in the Log in field when you install a Lotus Sametime Advanced server. Type the name of the field in the LDAP directory that will be used as the Display Name. This is frequently the cn field.
Log in
Display name
Federating the Primary node: Add the Primary node to the cell controlled by the Deployment Manager. This task backs up the original configuration on the Primary node, and adds all the Primary node's components to the Deployment Manager's cell. This allows a central point of administration for the network deployment by using the Deployment Manager's Integrated Solutions Console. You will not be able log into the Primary node's own Integrated Solutions Console after this step but will instead be required to use the Deployment Manager. Before you begin The Deployment Manager must be installed and running. About this task When you federate, the Integrated Solutions Console of the Primary node is disabled because you will be using the Integrated Solutions Console from the
96
Deployment Manager. The Primary node inherits all of the cell-level configuration data from the Deployment Manager. Any information you can see through the Deployment Manager's Integrated Solutions Console is now stored on the Primary node, so it is accessible from any application. Because the LDAP configuration and your credentials as the WebSphere Application Server administrative user in the Deployment Manager are defined at the cell level, this data overwrites the security settings of the Primary node: the Deployment Manager's settings now apply to the Primary node as well. If you remove the Primary node from the cell, its original security configuration is restored. After you have federated the Primary node, you can run a real environment and configure your Lotus Sametime communities just as you would in a single-server environment. What is lacking is failover and load balancing capabilities. To add those features, you need to add a Secondary node, and create a cluster, as described in later tasks. Procedure 1. Synchronize the system clocks on the Deployment Manager and the Primary node, and make sure they are set for the same timezone. 2. On the Deployment Manager, ping the Primary node to make sure the host name is resolvable and a valid connection exists. 3. On the Primary node, ping the Deployment Manager to make sure that host name is also resolvable. 4. Still on the Primary node, open a command window and navigate to the \bin directory under the WebSphere Application Server root installation. For example, on Windows:
C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\bin
5. Run the following command to federate the Primary node to the Deployment Manager: Note: Type the command all on one line. AIX, Linux, Solari
./addnode.sh DM_server_host_name DM_SOAP_port -username WAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM -includeapps
Windows
addnode.bat DM_server_host_name DM_SOAP_port -username WWAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM -includeapps
where: v DM_server_host_name is the resolvable host name of the Deployment Manager v DM_SOAP_port is the port that the Deployment Manager's SOAP port is listening on (typically this is 8879) v WAS_Admin_Username_on_DM is the user ID of the WebSphere Application Server administrator account on the Deployment Manager v WAS_Admin_password_on_DM is the password associated with that WebSphere Application Server administrator account System output The final line of the system output should indicate success; for example:
ADMU0003I: Primary_node_name has been successfully federated.
6. To verify that the Primary node has joined the Deployment Manager's cell, move to the Deployment Manager and log into the Integrated Solutions
97
Console using your WebSphere Application Server administrative user ID and password, and then click Servers Application servers. Make sure you can see the Primary node's information. Installing a Secondary node: Run the installation program to deploy the IBM Lotus Sametime Advanced application on your computer using the "Secondary node" option. Before you begin The Secondary nodes are used to run the Lotus Sametime Advanced applications in a distributed environment, allowing you to deploy the product in a manner that takes advantage of load balancing and fail-over features provided in a network deployment. For Lotus Sametime Advanced, the Secondary node installer will install a basic WebSphere Application Server environment with its components defined at the node level for running Lotus Sametime Advanced as a cluster member. The majority of the components required for running Lotus Sametime Advanced are installed on the Primary node, so when you use the Primary node as a template for the Secondary nodes in the cluster, each Secondary node inherits a copy of those components. Some components, such as the path to a resource provider driver file, need to be defined differently on each node since they may exist in different locations or have system-specific values. These components are configured during the installation of the Secondary node; this step should be completed on every Secondary node. About this task Follow these steps to install Lotus Sametime Advanced: Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate packages for your operating system, and extract the files. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address:
You will need to download packages for the following products onto this server: v WebSphere Application Server 6.1.0.13 v Lotus Sametime Advanced 3. Extract the files for WebSphere Application Server so they can be used by the Lotus Sametime Advanced installer. 4. Navigate to the folder where you stored the downloaded files for Lotus Sametime Advanced and start the installation program by running one of the following commands: v AIX, Linux, Solaris
./install.sh
v Windows
install.bat
5. At the "Select a language" prompt, select English and then click OK. 6. At the "Welcome" screen, click Next.
98
7. At the "license agreement" screen, click the Accept option, and then click Next. 8. At the "type of installation" screen, select Secondary node and then click Next. 9. At the "root path to the installation files for WebSphere Application Server" screen, enter the path to the folder where you extracted the IBM WebSphere Application Server files, and then click Next. 10. At the "To install WebSphere Application Server in this location" screen, enter the path to where you want to install WebSphere Application Server, and click Next. 11. At the "Enter the properties for this instance of Sametime Advanced Server" screen, the Cell, node, and Host name fields are pre-populated; make changes as appropriate. 12. At the "To install Sametime Advanced server in this location" screen, provide a location for the configuration and log files needed for the Lotus Sametime Advanced server installation. The files in this folder are related to installation and configuration, and will not affect the functioning of the server once the installation is finished. 13. At the "The IBM Lotus Sametime Advanced Server is ready to install" screen, review the settings, then click Install to start the installation. Note: If the installation was not successful, look at the two installation logs for more information about what occurred during the installation attempt. Fix the problem, then try installing again. v ST_Advanced_Install_Location/logs/installlog.txt v Temp/stadv/logs/wizard_installlog.txt You will need to find the default Temp location for your operating system. For example, for Windows, it is
14. Finally, update the virtual host "default_host" alias to reflect the port on which WebSphere Application Server is listening (port 9081): a. Open the Integrated Solutions Console (the WebSphere administrative console) on the new node. b. Click Environment Virtual Hosts default_host Host Aliases. c. Set the port to 9081. d. Save your changes. Federating a Secondary node: Federate a Secondary node to a cell within an IBM WebSphere Application Server network deployment. Before you begin The Deployment Manager must be installed and running. Federating a Secondary node is a similar process to federating the Primary node: Procedure 1. Synchronize the system clocks on the Secondary Node to match the Primary Node, and make sure they are set to the same timezone.
99
Although general clustering guidelines instruct you to set the node clocks to within a few minutes of each other, Lotus Sametime Advanced requires them to match; otherwise users may see odd results while chatting. 2. On the Deployment Manager, ping the Secondary node to make sure the host name is resolvable and a valid connection exists. 3. On the Secondary node, ping the Deployment Manager to make sure that host name is also resolvable. 4. Still on the Secondary node, open a command window and navigate to the \bin directory under the WebSphere Application Server root installation. For example, on Windows:
C:\Program Files\IBM\WebSphere\AppServer\bin
5. Run the following command to federate the Secondary node to the Deployment Manager: Note: Type the command all on one line. AIX, Linux, Solari
./addnode.sh DM_server_host_name DM_SOAP_port -username WAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM
Windows
addnode.bat DM_server_host_name DM_SOAP_port -username WWAS_Admin_Username_on_DM -password WAS_Admin_password_on_DM
where: v DM_server_host_name is the resolvable host name of the Deployment Manager v DM_SOAP_port is the port that the Deployment Manager's SOAP port is listening on (typically this is 8879) v WAS_Admin_Username_on_DM is the user ID of the WebSphere Application Server administrator account on the Deployment Manager v WAS_Admin_password_on_DM is the password associated with that WebSphere Application Server administrator account System output The final line of the system output should indicate success; for example:
ADMU0003I: Secondary_node_name has been successfully federated.
6. To verify that the Secondary node has joined the Deployment Manager's cell, move to the Deployment Manager and log into the Integrated Solutions Console using your WebSphere Application Server administrative user ID and password, and then click Servers Application servers. Make sure you can see the Secondary node's information. 7. For each additional Secondary node, repeat the preceding steps. 8. After you have finished federating Secondary nodes, move to the Deployment Manager and restart it by typing the following commands: (Wait for the first command to finish before starting the Deployment Manager:
stopManager
Wait for the first command to finish before running the second:
startManager
Configuring the cluster:
100
Configuring the network deployment as a cluster converts the applications that are (by default) running on "server1" of the Primary node to run at the cluster level, taking advantage of the enterprise-level features of IBM WebSphere, such as load balancing and failover. Before you begin To configure the cluster, you will use the Primary node's server1 (WebSphere Application Server) instance as a template to define the Secondary nodes as cluster members. Every Secondary node added to the cluster will receive a copy of all of the components that are currently configured on the Primary node's application server and the application modules will be configured to run at the cluster level. This task will leave the Primary node's server intact, but it is not going to be a useful server anymore after this step. If you attempt to server1 after this process is complete, it will fail to start instead, you should only start the Secondary nodes that have been added to the cluster. About this task Complete the tasks below in the sequence shown: Defining the cluster members: Define each Secondary node as a member of the IBM WebSphere Application Server network deployment cluster, using the Primary node as a template. This ensures that the each Secondary node receives a copy of all of the components that are currently configured on the Primary node's application server, and that the application modules can be configured to run at the cluster level in the next task. Procedure 1. Make sure the Deployment Manager is running and use it to log into the Integrated Solutions Console using a WebSphere Application Server administrative account. 2. In the console, navigate to the Cluster Members as follows: a. Expand Servers and click on Clusters. b. Locate the cluster called STAdvancedCluster and click on it. c. Under "Additional Properties", click the Cluster Members link. 3. Create first cluster member Define the Primary node as the first member of the cluster: a. Click New. b. Fill in the following fields using information for the Primary node:
Member Name Select Node Weight Generate Unique HTTP ports Type a name for the Primary node; for example: STPrimaryClusterMember. Select the Primary node from the list. Leave the node's weight set at "2". Leave this setting selected.
101
Select basis for first cluster member
Select Create the member using an application server template Now you need to specify the application server being used as the template for this cluster select the server1 instance on the Primary node. The instance displays as "cellName\nodeName\server1" so look for the one that uses the cell name and node name that you provided when running the Lotus Sametime Advanced installer on the Primary node.
c. Click Next. 4. Create additional cluster members Define a Secondary node as an additional member of the cluster: Note: You will need to complete this step for every Secondary node. If you wish, you can add Secondary nodes to the cluster later by returning to this screen and filling it in for each additional Secondary node. a. Fill in the following fields using information for the current Secondary node:
Member Name Type a unique name for the current Secondary node; for example: STSecondaryClusterMember1. Select this Secondary node from the list. Leave the node's weight set at "2". Leave this setting selected.
Select Node Weight Generate Unique HTTP ports
b. Click Add Member. 5. After until all your Secondary node cluster members have been defined (they will appear in the table at the bottom of the page), click Next. 6. Review your settings, and then click Finish. 7. Verify that the cluster was created successfully by returning to the "Cluster Members" screen and making sure all your cluster members are listed: a. Expand Servers and click on Clusters. b. Locate the cluster called STAdvancedCluster and click on it. c. Under "Additional Properties", click the Cluster Members link. When all of your cluster members appear in the list, your cluster has been created successfully. Modifying application modules to run at the cluster level: Modify the application modules hosted on the Primary node's "server1" to run on the cluster. This task moves the application modules to the cluster scope, so that an instance of the application is running on all cluster members. This is accomplished by "pushing" the applications to each of the Secondary nodes. Procedure 1. Make sure the Deployment Manager is running and use it to log into the Integrated Solutions Console using an IBM WebSphere Application Server administrative account.
102
2. In the console, expand Applications and click on Enterprise Applications. 3. In the list of "Enterprise Applications", select an application by clicking it, and complete the following steps for each application: You will modify these applications: v Location Service v Lotus Sametime Advanced Application v Was-at Service a. In the application-specific screen that appears next, locate the "Modules" section on the right, and click the Manage Modules link. b. In the "Manage Modules" screen, locate the list of modules in the lower half of the page, and click the Select box next to each of the application's modules. c. Now move to the Clusters and Servers list in upper half of the page, and click the name of your cluster (for example, "STAdvanced_Cluster") to set the scope to the cluster. d. Click Apply, and verify that the selected cluster name appears in the "Server" column of the modules table in the lower half of the screen. e. Click OK to confirm the setting. f. Repeat this process for each of the applications listed at the beginning of this step. 4. Set security for inbound communications in the cluster: a. Still in the Integrated Services Console, locate and click Security Secure administration, applications and infrastructure. b. In the "Secure administration, applications and infrastructure" screen, locate RMI/IIOP security on the right and click to expand it. c. Click the CSIv2 inbound authentication link. d. In the "CSIv2 inbound authentication" screen, click the Identity Assertion box. e. In the Trusted Identities field, type the list of all cluster members, separating names with the | character. For example:
STPrimaryClusterMember|STSecondaryClusterMember1|STSecondaryClusterMember2
f. Click Apply so your changes will take effect immediately. 5. Now set security for outbound communications in the cluster: a. Still in the Integrated Services Console, locate and click Security Secure administration, applications and infrastructure. b. In the same "RMI/IIOP security" section, click the CSIv2 outbound authentication link. c. In the "CSIv2 outbound authentication" screen, click the Identity Assertion box. d. Under "Identity Assertion", click Use server trusted identity (this applies to the cluster members you listed when you set up inbound security). e. Click Apply. f. Click Save to save your changes. 6. Now synchronize the nodes: a. In the Integrated Services Console, expand System Administrationand click on Nodes. b. In the "Nodes" table, click the checkbox next to every node in your cluster (you want to select all nodes).
103
c. Click the Synchronize button. d. Allow several minutes for replication to complete before proceeding to the next step. 7. Restart the cluster by restarting the node agents and the Deployment Manager: a. Still in the Integrated Services Console on the Deployment Manager, click System Administration node agents . b. Select all node agents, and then click Restart. c. Now open a command window and navigate to the WAS_Install_Directory\bin directory. For example, on Windows:
d. Stop the Deployment Manager with the following command, providing a user name and password with WebSphere Application Server administrative access: AIX, Linux, Solaris
./stopManager.sh -username wasadmin_name -password password
Windows
stopManager.bat
e. Now Start the Deployment Manager with the following command, again providing a user name and password with WebSphere Application Server administrative access: AIX, Linux, Solaris
./startManager.sh wasadmin_name -password password
Windows
startManager.bat
Installing the scheduler into the cluster: Create a scheduler on the every Secondary node in the network deployment cluster. Procedure 1. On the Deployment Manager, open the Integrated Services Console and log in with a WebSphere Application Server administrator account. 2. Click Resources Schedulers. 3. Do the following for every Secondary node in the cluster: a. Select the scope of the secondary node. b. Select the scheduler (Default Sched) in that scope. c. Change the Table Prefix for the current Secondary node. Be sure to give each Secondary node a unique Table Prefix. For example, for the first Secondary node, use SCHED_SEC1; for the second, use SCHED_SEC2. and so on. d. Click Apply, and then click Save. 4. Click the Scheduler check box in the same Secondary node scope. 5. Click the Create Table button. Setting up service integration for the cluster: Use the Integrated Solutions Console to set up service integration buses, topic spaces, and queues for the nodes in the cluster.
104
About this task Complete the following tasks in the sequence shown to ensure they are processed properly: Creating buses for the cluster: Create service integration buses to support messaging-based applications in the cluster. Before you begin You will create three service integration buses to support messaging among the cluster members in the network deployment, and then add all of the cluster members to each bus: v orgcollab_service_bus v rtc4web_cluster_service_bus v rtc4web_node_service_bus About this task Use the Integrated Solutions Console on the Deployment Manager to complete this task (log in as a WebSphere Application Server administrative user). Procedure 1. Create the orgcollab_service_bus bus: a. Click Service integration Buses. b. In the "Buses" screen, click the New button. c. In the "Create a new bus" screen, enter orgcollab_service_bus as the bus name. d. Deselect the Bus security option. e. Click Next. f. In the "Confirm create of new bus" screen, click Finish. g. Repeat for the remaining buses. 2. Create the rtc4web_cluster_service_bus bus: a. Click Service integration Buses. b. In the "Buses" screen, click the New button. c. In the "Create a new bus" screen, enter rtc4web_cluster_service_bus as the bus name. d. Deselect the Bus security option. e. Click Next. f. In the "Confirm create of new bus" screen, click Finish. g. Repeat for the remaining buses. 3. Create the rtc4web_node_service_bus bus: a. Click Service integration Buses. b. In the "Buses" screen, click the New button. c. In the "Create a new bus" screen, enter rtc4web_node_service_bus as the bus name. d. Deselect the Bus security option. e. Click Next.
105
f. In the "Confirm create of new bus" screen, click Finish. g. Repeat for the remaining buses. 4. Add the cluster members to the each bus: a. In the "Buses" screen, click the link representing a new bus. b. In the "bus_name" screen, locate the "Topology" section on the right, and click Bus members. c. In the "Bus members" table, click the Add button. d. In the "Select Server, cluster, or WebSphere MQ server" screen, click Server, select the names of your cluster's members (for example, STPrimaryClusterMember, STSecondaryClusterMember1, and STSecondaryClusterMember2), and then click Next. e. In the "Select the type of message store" screen, click File Store, and then click Next. f. In the "Provide the message store properties" screen, click, accept the default settings and click Next. g. In the confirmation screen, click Finish. h. Repeat for the remaining buses. 5. Restart the cluster by restarting the node agents and the Deployment Manager: a. Still in the Integrated Services Console on the Deployment Manager, click System Administration node agents . b. Select all node agents, and then click Restart. c. Now open a command window and navigate to the WAS_Install_Directory\bin directory. For example, on Windows:
Windows
stopManager.bat
Windows
startManager.bat
Creating topic spaces for the cluster: Create default topic spaces for the service integration buses. About this task Use the Integrated Solutions Console on the Deployment Manager to complete this task (log in as a WebSphere Application Server administrative user). Remember, the bus names are as follows: v orgcollab_service_bus
106
v rtc4web_cluster_service_bus v rtc4web_node_service_bus Procedure 1. Add the Destination type Topic space using "Default.Topic.Space" for all the buses: a. Open the Integrated Solutions Console on the Deployment Manager and log in as a WebSphere Application Server administrative user. b. Click Service integration Buses. c. In the "Buses" screen, click the link representing a new bus. d. In the "bus_name" screen, locate the "Destination resources section (below "Topology"), and click Destinations. e. In the "Destinations" table, click the New button. f. In the "Create new destinations" screen, click Topic space, and then click Next. g. In the "Create new topic space" screen, provide a name for the topic space (for example, Default.Topic.Space), and then click Next. h. In the confirmation screen, click Finish. i. Click Apply. j. Click Save to save your changes. k. Repeat for the remaining buses; you must complete this step for all three buses. 2. Add the Destination type Topic space using "Default.Topic.Space.noden" only for thertc4web_node_service_bus: a. Open the Integrated Solutions Console on the Deployment Manager and log in as a WebSphere Application Server administrative user. b. Click Service integration Buses. c. In the "Buses" screen, click the rtc4web_node_service_bus link. d. In the "bus_name" screen, locate the "Destination resources section (below "Topology"), and click Destinations. e. In the "Destinations" table, click the New button. f. In the "Create new destinations" screen, click Topic space, and then click Next. g. In the "Create new topic space" screen, provide a unique name for the topic space on a Secondary node (for example, Default.Topic.Space.node2), and then click Next. You will do this for every Secondary node, so remember to keep the names unique, for example, by numbering. In the confirmation screen, click Finish. Click Apply. Click Save to save your changes. Repeat for the remaining Secondary nodes, so that you create this topic space on each of them, but only for the rtc4web_node_service_bus.
h. i. j. k.
Creating queues for the cluster: Create queues for the Primary node and for all Secondary nodes within the cluster.
107
About this task Use the Integrated Solutions Console on the Deployment Manager to complete this task (log in as a WebSphere Application Server administrative user). Procedure 1. Add the Destination type Queue for the Primary node using "orgcollab_batchQ" only for the orgcollab_service_bus: a. In the "Buses" screen, click the orgcollab_service_bus link. b. c. d. e. In the "orgcollab_service_bus" screen, click Destinations. In the "Destinations" table, click the New button. In the "Create new destinations" screen, click Queue, and then click Next. In the "Create new queue" screen, provide a name for the topic space (for example, orgcollab_batchQ), and then click Next.
f. Select the Primary node from the list of bus members, and then click Next. g. In the confirmation screen, click Finish. h. Click Apply. i. Click Save to save your changes. 2. Add the Destination type Queue for each Secondary node using "orgcollab_batchQ_noden" only for the orgcollab_service_bus: a. Return to the "orgcollab_service_bus > Destinations" table, and click the New button. b. In the "Create new destinations" screen, click Queue, and then click Next. c. In the "Create new queue" screen, provide a name for the topic space (for example, orgcollab_batchQ_node2), and then click Next. You will do this for every Secondary node, so remember to keep the queue names unique, for example, by numbering. d. Select a Secondary node from the list of bus members, and then click Next. e. f. g. h. In the confirmation screen, click Finish. Click Apply. Click Save to save your changes. Repeat for the remaining Secondary nodes, so that you create a queue on each of them, but only for the orgcollab_service_bus.
Modifying queues for Secondary nodes: Modify the queues for the Secondary nodes within the cluster. About this task Use the Integrated Solutions Console on the Deployment Manager to complete this task (log in as a WebSphere Application Server administrative user). Procedure Modify the Queues setting as follows: 1. Click Resources JMS Queues. 2. In the "Queues" screen, locate the secondary node scope in the Scope list, and click it.
108
The node displays with the name you provided for it when installed Lotus Sametime Advanced; for example, node=STSecondaryClusterMember1, server=server1. 3. In the queues table, click the orgcollab_batchQ link. 4. In the "General Properties" screen, locate the "Connections" section, open the Queue Names list, and click orgcollab_batchQ_noden to select it. 5. Click Apply. 6. Click Save to save your changes. 7. Repeat for the remaining Secondary nodes and their corresponding queues. Modifying topic spaces for Secondary nodes: Modify the topic spaces for the Secondary nodes within the cluster. About this task Use the Integrated Solutions Console on the Deployment Manager to complete this task (log in as a WebSphere Application Server administrative user). Procedure 1. Modify the Topics setting as follows: a. Now click Resources JMS Topics. b. In the "Topics" screen, locate the secondary node scope in the Scope list, and click it. The node displays with the name you provided for it when installed Lotus Sametime Advanced; for example, node=STSecondaryClusterMember1, server=server1. c. In the topics table, click the rtc4web_node_topic link. d. In the "General Properties" screen, locate the "Connections" section, open the Topic Space Names list, and click Default.Topic.Space.nodento select it. e. f. g. h. i. Click Apply. Click Save to save your changes. Click Apply. Click Save to save your changes. Repeat for the remaining Secondary nodes and their corresponding topic spaces.
2. Restart the cluster by restarting the node agents and the Deployment Manager: a. Still in the Integrated Services Console on the Deployment Manager, click System Administration node agents . b. Select all node agents, and then click Restart. c. Now open a command window and navigate to the WAS_Install_Directory\bin directory. For example, on Windows:
Windows
109
stopManager.bat
Windows
startManager.bat
Starting the network deployment for the first time: When starting a network deployment cluster for the first time, you must start the Deployment Manager, node agents for the Primary node and all Secondary nodes, and then all of the IBM Lotus Sametime Advanced servers. About this task In the steps that follow, you start the Deployment Manager in a command window so that you can log in to the Integrated Solutions Console and complete the remaining steps. After the Deployment Manager is started, you can view the Integrated Solutions Console pages. However, you cannot view the Lotus Sametime Advanced administration pages until you start at least one node agent and the Lotus Sametime Advanced server hosted on that node. Procedure 1. Log in to the Deployment Manager node as a user with WebSphere Application Server administrative privileges. 2. Open a command window and navigate to the WAS_Install_Directory\bin directory. For example, on Microsoft Windows:
3. If not already started, start the Deployment Manager with the following command: AIX, Linux, Solaris
./startManager.sh
Windows
startManager.bat
4. Log in to one of the nodes. 5. Open a command window and navigate to the \bin directory under the WebSphere Application Server installation root. For example, on Microsoft Windows:
6. Start the node agent with the following command: AIX, Linux, Solaris
./startnode.sh
Windows
startnode.bat
7. Log in to the other nodes, and repeat steps 4 through 6 to start the node agent on each node.
110
Installing updates for Lotus Sametime Advanced

Install the updates for IBM Lotus Sametime Advanced.
Before you begin

Before you install the updates, you must be logged in as an Administrator on the local machine.
Downloading the installation package

Download and extract files for installing IBM Lotus Sametime 8.5.1.
About this task

You can download CZEX7ML.zip
Procedure
1. Go to Fix Central and download the CZEX7ML.zip file.
http://www.ibm.com/support/fixcentral/
2. Extract the CZEX7ML.zip file into a folder on your hard drive. You can only extract this file in a Windows operating system. For example: \tmp\advanced\. The folder contains the following folders and files: v JRE_HOME\ v LA_HOME\ v LAP_HOME\ v extract.bat v extract.jar v STAdvanced_8.5.zip v STAdvanced85Install-readme.html 3. Extract the installation files from STAdvanced_8.5.zip. The files inside the zip file are encrypted. To decrypt and extract the files you must run extract.bat and accept the license agreement. a. In the root of the zip file, execute extract.bat . This will launch the License Agreement application. b. Click Accept. The Sametime Advanced installation files are extracted to a STAdvanced_8.5 folder. c. The STAdvanced_8.5 folder will contain the following folders and files: v broker-config v db2scripts v v v v v ears optionalLibraries swgtag updateSite stadv_version.properties
v STAdvanced85-readme.html A list of all the contents of the STAdvanced_8.5 folder follows:

* * * * * STAdvanced_8.5/broker-config/AddBroker-8.0.1.jar STAdvanced_8.5/broker-config/ADV_staeb.class STAdvanced_8.5/broker-config/exitSetting.ini STAdvanced_8.5/broker-config/SametimePlusExits-8.0.1.jar STAdvanced_8.5/db2scripts/clearAllUsersFromChat.bat
111
* * * * * * * * * * * * * *
STAdvanced_8.5/db2scripts/clearAllUsersFromChat.sh STAdvanced_8.5/ears/NLS5EAR-8.0.1.ear STAdvanced_8.5/ears/orgcollab.ear-8.0.1.ear STAdvanced_8.5/ears/WALS5EAR-8.0.1.ear STAdvanced_8.5/optionalLibraries/rtc/com.ibm.jse.util-8.0.1.jar STAdvanced_8.5/optionalLibraries/rtc/ocpersistence-8.0.1.jar STAdvanced_8.5/optionalLibraries/rtc/orgcollab.access-8.0.1.jar STAdvanced_8.5/optionalLibraries/rtc/orgcollab.utils-8.0.1.jar STAdvanced_8.5/optionalLibraries/rtc/persistence-8.0.1.jar STAdvanced_8.5/optionalLibraries/rtc/polledcontainers-8.0.1.jar STAdvanced_8.5/swtag/Lotus_Sametime_Advanced.8.5.0.swtag STAdvanced_8.5/updateSite/sametime.advanced.85.add-on.win.<timestamp>.zip STAdvanced_8.5/stadv_version.properties STAdvanced_8.5/STAdvanced85-readme.html
Adding an object cache on the WebSphere Application Server

Add an object cache on the WebSphere Application Server, which is installed on the same computer as IBM Lotus Sametime Advanced.
Procedure
1. Log in to the Integrated Services Console on the computer hosting WebSphere Application Server using an account with administrative access. 2. Click on Resources Cache Instances Object cache instances. a. Select the scope to Node, Server. b. Click New c. Enter bcskeys in the Name field. d. Enter service/cache/bcskeys in the JNDI name field. e. Click OK, and then click Save. 3. Restart the WebSphere Application Server.
Updating Lotus Sametime Advanced Application EAR on the WebSphere Application Server
Install the IBM WebSphere Application Server (server1) on the same computer as Lotus Sametime Advanced. Update the orgcollab.ear-8.0.1.ear file on this server.
Procedure
1. Log in to the Integrated Services Console on the computer hosting WebSphere Application Server using an account with administrative access. 2. Click on Applications Enterprise Applications. 3. Select Lotus Sametime Advanced Application, and then click Update. a. Select Replace the entire Application. b. Browse to the local file system path and locate the replacement EAR file (ears\orgcollab.ear-8.0.1.ear), and then select it. c. Click Next. You do not have to specify a context root. d. Accept the default settings, and click Next. e. In the Map modules to Servers page, select the servers from the Clusters and servers list, select all modules, and then click Apply. f. Click Next, and then click Finish. The Lotus Sametime Advanced Application is updated. 4. Save these changes. 5. Check the status of the application on the Applications Enterprise Applications page to make sure it is running.
112
Updating Was-At_Service EAR on the WebSphere Application Server

Update the WALS5EAR-8.0.1.ear file on the IBM WebSphere Application Server (server1). This server is installed on the same computer as Lotus Sametime Advanced
Before you begin

You need to do this first.
About this task

The stage needs to be set just so.
Procedure
1. Log in to the Integrated Services Console on the computer hosting WebSphere Application Server using an account with administrative access. 2. Click on Applications Enterprise Applications. 3. Select Was-At_Service, and then click Update. a. Select Replace the entire Application. b. Browse to the local file system path and locate the replacement EAR file (ears\WALS5EAR-8.0.1.ear), and then select it. c. Click Next. You do not have to specify a context root. d. Accept the default settings, and click Next. e. In the Map modules to Servers page, select the servers from the Clusters and servers list, select all modules, and then click Apply. f. Click Next, and then click Finish. The Was-At_Service is updated. 4. Save these changes. 5. Check the status of the application on the Applications Enterprise Applications page to make sure it is running.
Updating Location_Service EAR on the WebSphere Application Server

Update the NLS5EAR-8.0.1.ear file on the IBM WebSphere Application Server (server1). This server is installed on the same computer as Lotus Sametime Advanced
Procedure
1. Log in to the Integrated Services Console on the computer hosting WebSphere Application Server using an account with administrative access. 2. Click on Applications Enterprise Applications. 3. Select Location_Service , and then click Update. a. Select Replace the entire Application. b. Browse to the local file system path and locate the replacement EAR file (ears\NLS5EAR-8.0.1.ear), and then select it. c. Click Next. You do not have to specify a context root. d. Accept the default settings, and click Next. e. In the Map modules to Servers page, select the servers from the Clusters and servers list, select all modules, and then click Apply.
113
f. Click Next, and then click Finish. The Location_Service is updated. 4. Save these changes. 5. Check the status of the application on the Applications Enterprise Applications page to make sure it is running.
Replacing the Shared Lib jars on the WebSphere Application Server

Replace the Shared Lib jars (ocpersistence.jar, polledcontainers.jar, and so on.) on the computer hosting IBM Lotus Sametime Advanced and the WebSphere Application Server
Procedure
1. Stop the WebSphere Application Server by running this command from the Windows Command Console::
stopServer server1
2. Locate the com.ibm.jse.util-8.0.1.jar, ocpersistence-8.0.1.jar, through the polledcontainers-8.0.1.jar files in the optionalLibraries\rtc folder in the WebSphere Application Server installation path. For example, on Windows:
C:\WebSphere\AppServer\optionalLibraries\rtc
On Linux:
/opt/IBM/WebSphere/AppServer/optionalLibraries/rtc
3. Backup and rename the six jar files that you are going to replace: com.ibm.jse.util-8.0.1.jar, ocpersistence-8.0.1.jar, orgcollab.access8.0.1.jar, orgcollab.utils-8.0.1.jar, persistence-8.0.1.jar, and polledcontainers-8.0.1.jar jars into that folder. Back up the existing jars by renaming them. For example, ocpersistence.bak, polledcontainers.bak. Note: When you rename the jar files, be sure that you rename the file extension from .jar to .bak. 4. Copy the new com.ibm.jse.util-8.0.1.jar, ocpersistence-8.0.1.jar, orgcollab.access-8.0.1.jar, orgcollab.utils-8.0.1.jar, persistence-8.0.1.jar, and polledcontainers-8.0.1.jar files into that folder. 5. Restart WebSphere Application Server by running the following command:
startServer server1
For detailed information on starting and stopping WebSphere Application Server, refer to Restarting WebSphere Application Server in the WebSphere Application Server information center.
Adding SWG inventory tagging for Sametime Advanced to the WebSphere Application Server
Place a SWG tagging file on the computer hosting IBM Lotus Sametime Advanced and WebSphere Application Server
Procedure
1. On the WebSphere Application Server, locate the install_root folder for Lotus Sametime Advanced. The Lotus Sametime Advanced install root is the STAdvServer folder located in the same directory level as the WebSphere Application Server installation path (for example \WebSphere\AppServer\). . On
114
Windows, if the Websphere Application Server installation path is located at C:\WebSphere\AppServer\, then the Lotus Sametime Advanced install root is C:\WebSphere\STAdvServer\. 2. Create a install_root\properties\version folder. For example, on Windows: C:\WebSphere\STAdvServer\properties\version. 3. Copy the Lotus_Sametime_Advanced.8.5.1.swtag tag file into that folder. Louts Sametime Advanced is now setup to be used by a Tivoli management tool for inventory and support. Lotus Sametime Advanced can now be used by a Tivoli management tool for inventory and support.
Replacing the AddBroker.jar, SametimePlusExits.jar, and exitSetting.ini on the Event Broker

Replace two JAR files on the computer hosting WebSphere Event Broker.
About this task

Note: The new version of AddBroker.jar is only used for a cluster installation.
Procedure
1. On the Event Broker server, locate the AddBroker.jar, SametimePlusExits.jar, and exitSetting.ini. On Windows, the jars are located in the classes folder and the .ini file is located in the bin folder in the Event Broker installation path:
C:\Program Files\IBM\MQSI\6.0\classes
and
C:\Program Files\IBM\MQSI\6.0\bin
On Linux, the jars are located in the classes folder and the .ini file is located in the var/mqsi folder in the Event Broker installation path:
/opt/IBM/mqsi/6.0/classes /var/mqsi
2. Back up the existing files by renaming them. For example, AddBroker.bak, SametimePlusExits.bak, exitSetting.bak. 3. Rename AddBroker-8.0.1.jar to AddBroker.jar and SametimePlusExits8.0.1.jar to SametimePlusExits.jar. 4. Copy the new AddBroker.jar and SametimePlusExits.jar into the classes folder, and copy the exitSetting.ini into the bin folder. 5. Update the exitSetting.ini as required. Save your changes to file when completed. a. Locate the following lines in exitSetting.ini. If the Sametime Advanced server is not on the same machine as the Event Broker server, then replace localhost with your Sametime Advanced server address.
servletURL=http://localhost:9080/cas/oc jsecurityURL=http://localhost:9080/stadvanced/j_security_check
b. Add the following lines to exitSetting.ini. Update the domain property based on the configuration of your deployment. If the Lotus Sametime Advanced server is not on the same machine as the Event Broker server, then replace localhost with your Lotus Sametime Advanced server address.
domain=lotus.com protectedUrl=http://localhost:9080/stadvanced/controller/logon successUrl=/stadvanced/
6. Restart WebSphere Event Broker:

115
a. Open the Message Broker Command Console. Windows Go to Start Programs IBM WebSphere Message Brokers Command Console . Linux Switching to the mqsi user is the equivalent of running the command console. Switch to the mqsi user, which is normally named mqsi by typing su - mqsi into the linux shell. b. Stop WebSphere Event Broker by running this command:
mqsistop BRKR_SCCS
c. Start WebSphere Event Broker by running this command:

mqsistart BRKR_SCCS
For detailed information on starting and stopping WebSphere Event Broker, refer to Starting and Stopping WebSphere MQ and WebSphere Event Broker in the Lotus Sametime information center.
Installing Lotus Sametime Advanced for Lotus Sametime clients

IBM Lotus Sametime Advanced 8.5.1 contains features that must be installed to IBM Lotus Sametime clients.
About this task

There are two methods to do this. One way is to use the installer and the other way is to set up an HTTP update site.
Installing the Lotus Connections hotfixes

The IBM Lotus Sametime Advanced update has an option to install a cumulative hotfix from Lotus Connections 2.5.
Procedure
Optional: Visit Fix Central to download the Lotus Connections 2.5 hotfix. The APAR is LO48499. This hotfix is only required if you plan to synchronize communities between Lotus Sametime Advanced and Lotus Connections 2.5.
Installing Lotus Sametime Advanced to Lotus Sametime clients using the add-on installer
You can use the add-on installer to install IBM Lotus Sametime Advanced 8.5.1 features on Lotus Sametime clients.
Procedure
1. Unpack the installation kit archive to a temporary directory.
Table 2. Operating system Windows Installation kit archive STAdvanced_8.5.1\updateSite\ sametime.advanced.addon.win.timestamp.zip
116
Table 2. (continued) Operating system Macintosh Installation kit archive STAdvanced_8.5.1/updateSite/ sametime.advanced.addon.mac.timestamp.zip STAdvanced_8.5.1/updateSite/sametimeadvanced-8.5.1-1.i586.rpm STAdvanced_8.5.1/updateSite/sametimeadvanced-8.5.1-1.i586.deb
Linux (SuSE/RedHat) Linux (Ubuntu)
2. In the installation kit, locate the plugin_customization.ini file, stored within the deploy directory. The plugin_customization.ini is in the path where you unpacked the installation kit. For example, in Windows: C:\temp\ sametime.8.5.add-on.window.timestamp.zip\sametime.8.5.addon.window.timestamp\deploy. a. Edit the file with the default settings you want for the client. Modify the required fields that do not start with the number sign #. Note: You must modify these common fields: sametimeAdvancedServerName, sametimeAdvancedServerPort, sametimeCommunityServer, broadcastToolsServerName, and broadcastToolsServerPort. Note that broadcastToolsServerPort is always set to 1506.
#Set the Lotus Sametime Advanced broadcast server host name com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=youradvancedserver.com #Set the Lotus Sametime Advanced broadcast server port com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=9080 or 80(depending on your #Set the Lotus Sametime Advanced broadcast server community host name com.ibm.collaboration.realtime.bcs/sametimeCommunityServer=yourbroadcastserver.com #Set the WebSphere Event Broker server host name com.ibm.collaboration.realtime.bcs/broadcastToolsServerName= #Set the WebSphere Event Broker server port here com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=1506 #Use SSL while connecting to the server? Set to true to use HTTPS; #False to use plain HTTP com.ibm.collaboration.realtime.bcs/useHTTPS=false #Connection type to connect to the Lotus Sametime Advanced server. #Set to one of the following -# 0 = Direct connection to the server # 1 = Connect via reverse proxy com.ibm.collaboration.realtime.bcs/advancedServerConnectionType= #Connection type to connect to the broadcast tools server. #Set to one of the following values -#1 = Direct connection to the server #2 = Use SSL (HTTPS) #3 = Use reverse proxies com.ibm.collaboration.realtime.bcs/broadcastServerConnectionType= #Set to true if using a HTTP forward proxy; otherwise, set to false. com.ibm.collaboration.realtime.bcs/useHttpProxy= #Proxy IP or host name if using a HTTP proxy; Leave blank otherwise com.ibm.collaboration.realtime.bcs/proxyHost= #HTTP proxy port to connect to com.ibm.collaboration.realtime.bcs/proxyPort= #User name if the HTTP proxy requires authentication. Leave blank otherwise. com.ibm.collaboration.realtime.bcs/proxyUserName= #Set the reverse proxy base URL to use if connecting via a reverse proxy. #Leave blank otherwise. #For example: http://mycompany.com/mycontext com.ibm.collaboration.realtime.bcs/reverseProxyBaseURL= #Set the reverse proxy user name if the proxy is authenticating.
117
#Leave blank if not using reverse proxies com.ibm.collaboration.realtime.bcs/reverseProxyUserName= com.ibm.collaboration.realtime.bcs/jmsProtocol=disthub com.ibm.collaboration.realtime.bcs/groupServicePath=/cas/services/GroupMemberService com.ibm.collaboration.realtime.bcs/skilltapServicePath=/skilltapws/servlet/rpcrouter com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000 com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=true com.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=false com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false #Set to "email" to use the Lotus Sametime IDs email directory field com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType= #Using token login by default com.ibm.collaboration.realtime.bcs/loginAuthUrl=/token_check.jsp com.ibm.collaboration.realtime.bcs/loginSuccessUrl=/stadvanced/ com.ibm.collaboration.realtime.bcs/useTokens=true
b. Save and close the file. 3. Exit the Lotus Sametime Connect client if it is running. 4. In the root of the installation kit, launch setup.exe. The installation starts and prompts you for more actions.
Setting up the Sametime Advanced Client feature update site on the IBM HTTP Server
You can set up the IBM Lotus Sametime Advanced client feature update site for installing IBM Lotus Sametime Advanced 8.5.1 features on Lotus Sametime clients.
About this task

Earlier versions of the Lotus Sametime Advanced update site are not compatible with Lotus Sametime 8.5.1. Clients require the updated version of the Lotus Sametime Advanced update site, and only Lotus Sametime 8.5.1 clients can use this update site. The update site for Lotus Sametime 8.5.1 requires the Lotus Sametime Advanced 8.5.1 server.
Procedure
1. Copy the updateSite\sametime.advanced.add-on.win.timestamp.zip file to a local folder on the computer hosting IBM HTTP Server (for example, C:\stadv-client). 2. Extract the contents of sametime.advanced.add-on.win.timestamp.zip to sametime.advanced.add-on.win.timestamp.zip. 3. Set up a new update site (for example, http://server/updatesite/): a. Navigate to the http document root folder for HTTP Server. Typically, the folder is located in Program Files\IBM\HTTPServer\htdocs\locale; for example, on Windows: C:\Program Files\IBM\HTTPServer\htdocs\en_US b. Create a subfolder named updatesite. c. In this new folder, copy the contents of sametime.advanced.addon.win.timestamp.zip\updateSite\. For more information on creating an update site for Lotus Sametime clients, see Providing an update site for clients on page 135.
118
Starting and stopping servers

An IBM Lotus Sametime Advanced deployment is made of up several component servers that can be started and stopped independently.
About this task

The steps for starting and stopping servers vary with the applications hosted on each:
Starting Windows servers automatically

IBM Lotus Sametime Advanced, IBM WebSphere Application Server, WebSphere MQ, and WebSphere Event Broker can be configured to start automatically when the operating system is started.
About this task

In a large enterprise, these services are distributed across multiple machines, so you will need to configure the automatic start on the individual machines.
Procedure
1. WAS service does not exist by default. The WAS as a Windows service needs to be created. Follow these steps: a. Modify IBM\was\AppServer\profiles\ST_Advanced_Profile\properties\ soap.client.props file so you can stop Lotus Sametime Advanced without specifying a user name and password. For example:
#-----------------------------------------------------------------------------# SOAP Client Security Enablement # # - security enabled status ( false[default], true ) #-----------------------------------------------------------------------------com.ibm.SOAP.securityEnabled=true com.ibm.SOAP.loginUserid=wasadmin com.ibm.SOAP.loginPassword=mypassword #------------------------------------------------------------------------------
b. Configure WAS to start as a service. User ID must have local security rights. Use the following syntax:
WASService.exe -add "service_name" -serverName server -profilePath server_profile_directory [-wasHome install_root] [-configRoot configuration_repository_directory] [-startArgs additional_start_arguments] [-stopArgs additional_stop_arguments] [-userid user_id -password password] [-logFile service_log_file] [-logRoot server_log_directory] [-restart true | -restart false] [-startType automatic | manual | disabled]
For example:
D:\IBM\WAS\AppServer\bin>WASService -add "SametimeAdvanced" -serverName server1 -profilePath "d:\ibm\was\AppServer\profiles\ST_Advanced_Profile" -startType automatic
You get the following results:
119
Adding Service: SametimeAdvanced Config Root: d:\ibm\was\AppServer\profiles\ST_Advanced_Profile\config Server Name: server1 Profile Path: d:\ibm\was\AppServer\profiles\ST_Advanced_Profile Was Home: D:\IBM\WAS\AppServer\ Start Args: Restart: 1 IBM WebSphere Application Server V6.1 - SametimeAdvanced service successfully added.
2. 3. 4. 5.
Click Start Control Panel. Double-click Administrative Tools Double-click Services For each of the following services: IBM MQ Series IBM WebSphere Message Broker component BRKR_SCCS IBM WebSphere Message Broker component CMGR_SCCS IBM WebSphere Application Server V6,1 - <node-name>. The DB2 service needs to be started first if its on the same server. v IBM HTTP Server 6.1 a. Double-click the service name. v v v v b. Select Automatic as the Startup type. c. Click OK.
Starting Linux servers automatically

IBM Lotus Sametime Advanced, IBM WebSphere Application Server, WebSphere MQ, and WebSphere Event Broker can be configured to start automatically when the operating system is started.
About this task

For Linux servers running a Red Hat or SuSE operating system, you can edit your boot files to start a service automatically. The Red Hat boot file is named rc.local, and the SuSE boot file is named boot.local. Typically, these files are in the /etc/ directory. For example, the following commands in a boot.local file automatically start the Lotus Sametime Advanced, WebSphere MQ, and WebSphere EB servers (which are assumed to reside on a single computer in this example):
su su su su -l root -c /opt/WebSphere/AppServer/profiles/STAdvanced_Profile/bin/startServer.sh server1 - mqsi -c "/opt/mqm/bin/strmqm sccs.queue.manager" - mqsi -c "mqsistart broker_name" - mqsi -c "mqsistart config_manager"
where: v broker_name is the name of the broker service; for example: BRKR_SCCS v config_manager is the name of the configuration manager; for example: CMGR_SCCS
Starting and stopping a DB2 server

IBM DB2 provides a Control Center where you can manage server instances and related applications.
120
About this task

You can start and stop a DB2 instance using the Control Center on the computer hosting the DB2 server:
Procedure
1. Start the DB2 Control Center. v IBM AIX, Linux, Solaris: open the IBM DB2 folder on the desktop and click Control Center v Microsoft Windows: click Start Programs IBM DB2 General Administration Tools Control Center 2. From the object tree in DB2, click on a system to display the available instances. 3. Highlight the instance for which you want to start or stop. 4. Right-click on the instance, and select the appropriate command: v Start v Stop, then click OK to confirm You can also start and stop the DB2 instance from a DB2 command environment with the following commands: v db2start v db2stop
Starting and stopping DB2 Net Search Extender

IBM DB2 provides a Control Center where you can manage server instances and related applications.
About this task

Start and stop DB2 Net Search Extender services using the Control Center on the computer hosting the DB2 server:
Procedure
1. From the object tree in DB2, click on a system to display the available instances. 2. Highlight the instance for which you want to start or stop Net Search Extender. 3. Right-click on the instance, and select the appropriate command: v Start Net Search Extender Instance Services v Stop Net Search Extender Instance Services You can also start and stop Net Search Extender from a DB2 command environment with the following commands: v db2text start v db2text stop
Starting and stopping the HTTP Server

You can start and stop the IBM HTTP Server on any operating system using the Integrated Solutions Console.
Before you begin

The Integrated Solutions Console is provided with IBM WebSphere Application Server and provides access to WebSphere-hosted services including IBM HTTP Server.
121
Procedure
1. Launch the Integrated Solutions Console by opening a Web browser and navigating to: http://stadv.acme.com:9060/ibm/console For example:
http://stadv.acme.com:9060/ibm/console
2. On the left, click Servers Web servers. 3. In the Web Servers window, click the link that represents your HTTP Server. 4. Click the button corresponding to the action you want: v Click Start to start HTTP Server. v Click Stop to stop HTTP Server.
Starting and stopping a Sametime server

IBM Lotus Domino and IBM Lotus Sametime are hosted on the same computer.
About this task

You can start and stop Lotus Sametime using the Lotus Domino console on the same computer, regardless of the operating system on which they are hosted. Starting Lotus Sametime 1. Open the Lotus Domino server console. 2. Type the following command:
Load STADDIN
Stopping Lotus Sametime 1. Open the Lotus Domino server console. 2. Type the following command:
Tell STADDIN Quit
Starting and stopping a Domino server

Although Lotus Domino and Lotus Sametime Standard are hosted on the same computer, you can start and stop them separately.
About this task

Do not enter keystrokes or click the mouse while the Lotus Domino server is starting or shutting down. Starting Lotus Domino v IBM AIX, Linux, Solaris: Type the path to the directory where you installed Lotus Domino, and end it with the server command. For example, if you installed Lotus Domino in the /opt directory; you would use this command to start the server:
/opt/ibm/lotus/bin/server
v Microsoft Windows: Click Start Programs Lotus Applications Lotus Domino Server. Stopping Lotus Domino
122
On any operating system, stop the Lotus Domino server directly from the Domino console by running the exit command or the quit command. It may take ten seconds or more for the server to shut down.
Starting and stopping Lotus Sametime Advanced and WebSphere Application Server
Lotus Sametime Advanced and IBM WebSphere Application Server are hosted on the same computer and are started and stopped as one using the server called "server1".
About this task

Batch files to start and stop the server are located in the WAS_Install_Directory\ profiles\ST_Advanced_Profile\bin directory; for example:
When starting and stopping this server, provide the user name and password of a WebSphere Application Server administrator, and type the entire command on one line.
Batch file commands for starting and stopping Lotus Sametime Advanced and WebSphere Application Server IBM AIX, Linux, Solaris Start Microsoft Windows
./startServer.sh server1 startServer.bat server1 -username wasadmin_name -username wasadmin_name -password password -password password ./stopServer.sh server1 stopServer.bat server1 -username wasadmin_name -username wasadmin_name -password password -password password
Stop
Starting and stopping WebSphere MQ and WebSphere Event Broker

IBM WebSphere MQ and WebSphere Event Broker are hosted on the same computer.
About this task

The commands for starting and stopping broker (and related) services vary with the operating system on which WebSphere MQ and WebSphere Event Broker are hosted. Run these commands from the Message Broker Command Console, typing each command on one line. In the following commands: v queue_manager_name is the name assigned to the queue manager, for example: sccs.queue.manager v broker_name is the name of the message broker, for example: BRKR_SCCS v config_manager_name is the name of the configuration manager, for example: CMGR_SCCS
123
Commands for starting and stopping WebSphere MQ and WebSphere Event Broker services Microsoft Windows (log in IBM AIX, Linux, Solaris (log the Windows system in as root) administrator) Start WebSphere MQ Start WebSphere Event Broker strmqm queue_manager_name mqsistart broker_name mqsistart config_manager_name endmqm queue_manager_name mqsistop broker_name mqsistop config_manager_name strmqm queue_manager_name mqsistart broker_name mqsistart config_manager_name endmqm queue_manager_name mqsistop broker_name mqsistop config_manager_name
Stop WebSphere MQ Stop WebSphere Event Broker
Starting and stopping a network deployment

Start and stop the servers and node agents in an IBM WebSphere Application Server network deployment of IBM Lotus Sametime Advanced.
About this task

In a network deployment, the node agents are started and stopped separately from the Lotus Sametime Advanced server instances hosted on the nodes:
Starting and stopping the Deployment Manager

Start and stop the Deployment Manager in a IBM WebSphere Application Server network deployment.
About this task

Batch files to start and stop the Deployment Manager are located in the WAS_Install_Directory\bin directory; for example, on Windows:
Batch file commands for starting ad stopping the Deployment Manager IBM AIX, Linux, Solaris ./startManager.sh ./stopManager.sh -username wasadmin_name -password password Microsoft Windows startManager.bat stopManager.bat -username wasadmin_name -password password
Starting and stopping a node agent

Start and stop the node agents in a IBM WebSphere Application Server network deployment.
124
Before you begin

Typically, you stop and start node a node agent by logging onto a node and running the stop node or start node command. However, for convenience, you can restart all node agents from the Deployment Manager node by using the Integrated Solutions Console only if the node agents are running. If they are stopped, you must start the node agents from nodes themselves.
About this task

Batch files to start and stop the node agent are located in the WAS_Install_Directory\bin directory; for example, on Windows:
Batch file commands for starting and stopping the node agent IBM AIX, Linux, Solaris ./startNode.sh ./stopNode.sh Microsoft Windows startNode.bat stopNode.bat
To quickly restart node agents that are already running:
Procedure
1. Make sure the Deployment Manager is running and log into the Integrated Solutions Console on the Deployment Manager node. 2. Click System Administration Node agents . 3. Select all node agents, and then click Restart.
Starting and stopping application servers

The applications in a WebSphere Application Server network deployment are installed on a server instance on each node. Starting and stopping an application is different from starting and stopping the node agent.
About this task

You can start and stop the application server on a node without affecting the node agent.
Procedure
1. Log into the Integrated Solutions Console on the Deployment Manager server as a user with WebSphere Application Server administrative privileges. 2. Click Servers Application Servers . 3. If you want to stop a server, select the application server's checkbox and click Stop. 4. If you want to start a server, select the application server's checkbox and click Start.
125
Uninstalling
Before you can install a newer version of IBM Lotus Sametime Advanced, you must uninstall the currently deployed version.
About this task

Complete these tasks to uninstall Lotus Sametime Advanced:
Uninstalling prerequisite components

To completely remove an IBM Lotus Sametime Advanced deployment, you must uninstall the prerequisite components as well.
Before you begin

Use the Web addresses below to locate information on uninstalling the prerequisite components that you deployed with Lotus Sametime Advanced. Each component is documented in an IBM information center that contains one or more topics related to uninstalling applications. Navigate to the Web address for a specific information center, and then use the Search feature to locate topics on uninstalling.
About this task

Web addresses for IBM information centers documenting prerequisite components Prerequisite component IBM DB2 Workgroup Server Edition Information Center location http:// publib.boulder.ibm.com /infocenter/db2luw/v9 /index.jsp http:// publib.boulder.ibm.com /infocenter/db2luw/v9 /index.jsp http:// publib.boulder.ibm.com /infocenter/wasinfo /v6r0/index.jsp http:// publib.boulder.ibm.com /infocenter/sametime /v8r0/index.jsp http:// publib.boulder.ibm.com /infocenter/wmbhelp /v6r0m0/index.jsp http:// publib.boulder.ibm.com /infocenter/wmqv6 /v6r0/index.jsp Search for this text "Uninstalling your DB2 product (Windows)" "Uninstalling your DB2 product (Linux and UNIX)" "Uninstalling Net Search Extender"
IBM DB2 Net Search Extender
IBM HTTP Server
"Uninstalling IBM HTTP Server"
IBM Lotus Sametime 8
"Uninstalling a Sametime server"
IBM WebSphere Event Broker
"Uninstalling"
IBM WebSphere MQ
"Uninstalling WebSphere MQ"
Note: If you intend to install another release of IBM Lotus Sametime Advanced, you do not have to uninstall DB2, WebSphere MQ, and WebSphere Event Broker. Just remove the broker services and then reconfigure them for the new installation.
126
Removing broker services on AIX, Linux, Solaris

In some situations, you may want to remove broker services from a server where you install IBM WebSphere MQ and WebSphere Event Broker. Removing broker services involves deleting the queue manager, the configuration manager, the broker itself, and the database tables used for storing associated information.
Before you begin

There are several situations in which you may want to remove the broker services from a Linux deployment; for example: v When you want to replace the WebSphere Event Broker configuration (possibly to use different ports for the listeners) v When you are uninstalling WebSphere MQ and WebSphere Event Broker, and you want to be sure you are leaving a clean configuration
Procedure
1. Log on to the server hosting WebSphere MQ and WebSphere Event Broker as root. 2. Remove the broker services as follows: a. Open the Message Broker Command Console.. b. Navigate to the directory where you installed WebSphere Event Broker. c. Stop the message broker with the following command:
su - mqsi -c "mqsistop broker_name"
For example:
su - mqsi -c "mqsistop BRKR_SCCS"
d. Delete the message broker with the following command:

mqsideletebroker broker_name
For example:
mqsideletebroker BRKR_SCCS
e. Stop the configuration manager with the following command:

su - mqsi -c "mqsistop config_manager_name"
For example:
su - mqsi -c "mqsistop CMGR_SCCS"
f. Now delete the configuration manager with the following command:

mqsideleteconfigmgr config_manager_name -n
For example:
mqsideleteconfigmgr CMGR_SCCS -n
You will see a confirmation:

BIP8071I: Successful command completion.
You can verify that the broker has been removed by ensuring that it no longer appears in the results when you run the following command:
mqsilist
3. Remove the queue manager as follows: a. Open a terminal and navigate to the root of the WebSphere MQ installation. a. Stop the queue manager with the following command:
su - mqsi -c "/opt/mqm/bin/endmqm queue_manager_name"
For example,
127
su - mqsi -c "/opt/mqm/bin/endmqm sccs.queue.manager"
You will see a confirmation message:

Quiesce request accepted. The queue manager will stop when all outstanding work is complete.
b. Delete the queue manager with the following command:

dltmqm queue_name
For example:
dltmqm sccs.queue.manager

WebSphere MQ queue manager sccs.queue.manager deleted.
4. Still on the same server, remove the data source for WebSphere Event Broker as follows: a. Open the ODBC Tool by clicking Start Programs Administrative Tools DataSources (ODBC). b. Click the System DSN - System Data Sources tab. c. Select the datasource that you created for WebSphere Event Broker, and then click Remove. 5. On the IBM DB2 server, open a DB2 Command Window and drop the database that stores WebSphere Event Broker data. Note: Make sure the database is not in use; all users must be disconnected from the database before the database can be dropped. For example, if your database is called BRKRDB:
DB2 DROP DATABASE BRKRDB
Removing broker services on Windows

In some situations, you may want to remove broker services from a server where you install IBM WebSphere MQ and WebSphere Event Broker. Removing broker services involves deleting the queue manager, the configuration manager, the broker itself, and the database tables used for storing associated information.
Before you begin

There are several situations in which you may want to remove the broker services from a Microsoft Windows deployment; for example: v When you want to replace the WebSphere Event Broker configuration (possibly to use different ports for the listeners) v When you are uninstalling WebSphere MQ and WebSphere Event Broker, and you want to be sure you are leaving a clean configuration
Procedure
1. Log on to the server hosting WebSphere MQ and WebSphere Event Broker as the Windows system administrator. 2. Remove the broker services as follows: a. Open the Message Broker Command Console by clicking Start Programs IBM Websphere Message Broker 6.0 Command Console. b. Navigate to the directory where you installed WebSphere Event Broker. For example:
\Program Files\IBM\MQSI\6.0
128
c. Stop the message broker with the following command:

- mqsistop broker_name
For example:
- mqsistop BRKR_SCCS
d. Delete the message broker with the following command:

mqsideletebroker broker_name
For example:
mqsideletebroker BRKR_SCCS
e. Stop the configuration manager with the following command:

- mqsistop config_manager_name
For example:
- mqsistop CMGR_SCCS
f. Now delete the configuration manager with the following command:

mqsideleteconfigmgr config_manager_name -n
For example:
mqsideleteconfigmgr CMGR_SCCS -n
You will see a confirmation:

BIP8071I: Successful command completion.
You can verify that the broker has been removed by ensuring that it no longer appears in the results when you run the following command:
mqsilist
3. Next, remove the queue manager as follows: a. Open a command prompt and navigate to the root of the WebSphere MQ installation. For example:
b. Stop the queue manager with the following command:

endmqm queue_manager_name
For example,
endmqm sccs.queue.manager

Quiesce request accepted. The queue manager will stop when all outstanding work is complete.
c. Delete the queue manager with the following command:

dltmqm queue_name
For example:
dltmqm sccs.queue.manager

WebSphere MQ queue manager sccs.queue.manager deleted.
4. Still on the same server, remove the data source for WebSphere Event Broker as follows: a. Open the ODBC Tool by clicking Start Programs Administrative Tools DataSources (ODBC). b. Click the System DSN - System Data Sources tab. c. Select the datasource that you created for WebSphere Event Broker, and then click Remove.
129
5. Now move to the IBM DB2 server, open a DB2 Command Window and drop the database that stores WebSphere Event Broker data. Note: Make sure the database is not in use; all users must be disconnected from the database before the database can be dropped. For example, if your database is called BRKRDB:
DB2 DROP DATABASE BRKRDB
Uninstalling Lotus Sametime Advanced

Remove IBM Lotus Sametime Advanced and IBM WebSphere Application Server from your computer.
About this task

The procedure for uninstalling Lotus Sametime Advanced and IBM WebSphere Application Server vary, depending on the operating system that hosts your installation and the type of uninstall you want to run:
Results Uninstalling a Lotus Sametime Advanced archive installation on Linux

Uninstall a version of IBM Lotus Sametime Advanced (and IBM WebSphere Application Server) that was originally installed using the archive installation program on a Linux server.
Before you begin

If you have previously run the archive installer on your computer, you must uninstall it and remove associated directories before deploying a new version of Lotus Sametime Advanced.
About this task

Follow the steps below to uninstall the archive.
Procedure
1. Log in to the computer as root. 2. Stop IBM WebSphere Application Server by running the following command:
./stopServer.sh server1
Verify that the server has stopped before proceeding to the next step:
ps -ef | grep java
3. Do one of the following: v Navigate to the following directory: /opt/IBM/WebSphere/STAdvServer/ v Mount the ApplianceWare DVD and then navigate to the following directory: cd /Applianceware/uninstall 4. Run the uninstall program:
./uninstall.sh
The uninstallation logs will be created and stored in the /tmp/ sccsUnInstall.log file. 5. Clean out the following files and directories using the following command:
130
rm -rf directory_or_file
For example:
rm -rf /opt/.ibm
v v v v
/opt/IBM /opt/.ibm /opt/IBMIHS /root/InstallShield
v /root/vpd.properties v /sbin/insserv v /tmp/db2* v /tmp/stadv 6. Restart the computer.
Uninstalling Lotus Sametime Advanced from the console on any supported platform
Use the console to uninstall IBM Lotus Sametime Advanced on any supported platform.
About this task

Follow these steps to uninstall Lotus Sametime Advanced; IBM WebSphere Application Server is removed at the same time.
Procedure
1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bin directory. 3. Delete the following file:
WAS_Install_Dir/profiles/ST_Advanced_Profile/logs/server1/server1.pid
4. Stop WebSphere Application server by running one of the following commands: v AIX, Linux, Solaris
v Windows
stopServer.bat server1
5. Delete the following file:

6. Now navigate to the StAdv_Install_Dir/_uninst directory and start the uninstall program by running one of the following commands: v AIX, Linux, Solaris
./uninstall.bin -console
v Windows
uninstall.exe -console
7. At the "Select a language" prompt, type the number that represents the language you want the console uninstaller to use (for example, type "1" for English), and then press Enter. 8. At the "Welcome" screen, type "1" to select the uninstall option. 9. Finally, type the number indicating the "uninstall" option to uninstall Lotus Sametime Advanced.
131
Uninstalling Lotus Sametime Advanced with the graphical uninstaller on AIX, Linux, Solaris
Uninstall the version of IBM Lotus Sametime Advanced (and IBM WebSphere Application Server) that was originally installed using the graphical interface on a Linux server.
About this task

Follow these steps to uninstall Lotus Sametime Advanced; WebSphere Application Server is removed at the same time.
Procedure
1. Log in to your computer as root. 2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bin directory. 3. Stop WebSphere Application server by running the following command:
4. Now navigate to the StAdv_Install_Dir/_uninst directory. 5. Start the Uninstall program by running the following command:
./uninstaller.bin
6. When the Uninstall program starts, select a language. 7. On the Welcome screen, click Next. 8. Click Uninstall to begin uninstalling files. 9. If you encounter problems during the uninstall process, follow these steps to manually remove any remaining files: a. Navigate to the folder where you installed WebSphere Application Server. b. Navigate to the /uninstall subfolder, and run uninstaller.bin (WebSphere Application Server's own uninstall program). c. Delete the following file:
d. Delete the following directory:

/root/InstallShield/Universal/common/Gen2/_vpddb
10. Restart the computer.
Results
Note: If the uninstall operation was not successful, look at the two uninstall logs for more information about what occurred: v ST_Advanced_Install_Dir/logs/uninstall.log v ST_Advanced_Install_Dir/logs/uninstall_optional.log
Uninstalling Lotus Sametime Advanced with the graphical uninstaller on Windows

Uninstall IBM Lotus Sametime Advanced and IBM WebSphere Application Server from a Microsoft Windows server.
About this task

Follow these steps to uninstall Lotus Sametime Advanced; WebSphere Application Server is removed at the same time.
132
Procedure
1. Log in to your computer as the system administrator. 2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir\bin directory. 3. Stop WebSphere Application server by running the following command:
4. Click Start Control Panel Add/Remove Programs IBM Sametime Advanced Server Change/Remove. 5. When the Uninstall program starts, select a language. 6. On the Welcome screen, click Next. 7. Click Uninstall to begin uninstalling files. 8. If you encountered problems during the uninstall process, follow these steps to manually remove any remaining files: a. Open Windows Explorer and navigate to the folder where you installed WebSphere Application Server. b. Navigate to the \uninstall subfolder, and double-click uninstaller.exe to run the WebSphere Application Server's own uninstall program. Note: You may find that some folders cannot be deleted automatically because the paths are too long; the next step explains how to delete those folders manually; for example, you may need to delete the following file:
WAS_Install_Dir\profiles\ST_Advanced_Profile\logs\server1\server1.pid
c. Now delete the following folder:

C:\Program Files\Common Files\InstallShield\Universal\common\Gen2\_vpddb
9. If you encountered problems deleting directories with long paths, you can remove folders manually by navigating partway to them and deleting the paths incrementally. For example, you can delete these two exceptionally long paths by following the steps below (notice that the beginning of these paths are the same until they diverge below the \cells folder):
C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\ config\cells \SalesTeamCell\applications\Lotus Sametime Advanced Application.ear\ deployments\Lotus Sametime Advanced Application\skilltap.ws.war\WEB-INF\ classes\WebContent\wsdl\com
and
C:\Program Files\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\ config\cells \SalesTeamCell\applications\Lotus Sametime Advanced Application.ear\ deployments\Lotus Sametime Advanced Application\community.management. webservices.war\WEB-INF\wsdl
a. Move the %WAS_HOME%\profiles\ST_Advanced_Profile\config\cells folder to the C: drive. b. Delete the folder C:\cells. c. Then delete the folder %WAS_HOME%\profiles\ST_Advanced_Profile\config. 10. Restart the computer.
Results
Note: If the uninstall operation was not successful, look at the two uninstall logs for more information about what occurred: v ST_Advanced_Install_Location\logs\uninstall.log
133
v ST_Advanced_Install_Location\logs\uninstall_optional.log
Uninstalling Lotus Sametime Advanced silently on any supported platform

Uninstall IBM Lotus Sametime Advanced silently on any supported platform.
About this task

Follow these steps to uninstall Lotus Sametime Advanced; IBM WebSphere Application Server is removed at the same time.
Procedure
1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. On the Lotus Sametime Advanced server, navigate to the WAS_Install_Dir/bin directory. 3. Stop WebSphere Application server by running one of the following commands: v AIX, Linux, Solaris
v Windows
4. Delete the following file:

5. Now navigate to the StAdv_Install_Dir/_uninst directory and start the uninstall program by running one of the following commands: v AIX, Linux, Solaris
./uninstall.bin -silent
v Windows
uninstall.exe -silent
The silent uninstallation begins immediately.
Uninstalling Lotus Sametime Advanced from the Lotus Sametime Connect client
Users can uninstall the IBM Lotus Sametime Advanced plug-ins from their IBM Lotus Sametime Connect clients.
Procedure
1. From the Start menu, click Control Panel. 2. Click Add or Remove Programs. 3. Select IBM Lotus Sametime Advanced 8.5 from the list of currently installed programs. 4. Click Remove.
134
Chapter 4. Upgrading
Upgrade the servers in an IBM Lotus Sametime Advanced deployment.
About this task

The upgrade procedure varies according to the type of deployment:
Upgrading Lotus Sametime Advanced clients

After you upgrade IBM Lotus Sametime Advanced, upgrade the clients so they can access new features.
Before you begin

Users can access Lotus Sametime Advanced features using either the Lotus Sametime Connect client, or the Lotus Notes client. Existing users can access new features through an update site that you set up on a server. New users can install the Lotus Sametime Advanced client along with the Lotus Sametime Connect client or Lotus Notes client.
About this task

The tasks below provide instructions for distributing the newest Lotus Sametime Advanced client features to all of these users. Note: You can upgrade the base Lotus Sametime Connect client, and then an upgrade of Lotus Sametime Advanced. You also have the option of uninstalling Advanced first. Either way, upgrading Lotus Sametime Advanced and installing Lotus Sametime Advanced are basically the same.
Providing an update site for clients

Provide an update site on the HTTP server that allows Lotus Sametime Connect clients to install plugins and features for Lotus Sametime Advanced.
Before you begin

Note: If you used the archive installation program on Linux, the update site was set up for you during installation and you can skip this task. Before beginning this task, make sure you have installed and configured the following applications and their prerequisite components: v Lotus Sametime Standard v Lotus Sametime Advanced v IBM HTTP Server
Procedure
1. Make sure you have downloaded the appropriate files to the computer where you will install the Lotus Sametime Advanced Client Update site.
135
Downloading files for Lotus Sametime Advanced and related applications is described in the Download document at www.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. The Sametime Advanced Client plugins are packaged with the Sametime Advanced Server, in the AdvUpdateSite directory. 2. Copy sametime.advanced.update.site.zip to a local folder on the computer that will host the update site. 3. Navigate to the http document root folder for IBM HTTP Server. Typically, the folder is located in the Program Files\IBM\HTTPServer\htdocs\ locale folder; for example, on Windows:
C:\Program Files\IBM\HTTPServer\htdocs\en_US
If you do not know the folder's name or location, check the httpd.conf file located inC:\Program Files\IBM\HTTPServer\conf. 4. Create a subfolder called updatesite. 5. In this new folder, unzip sametime.advanced.update.site.zip. Now that the update site is posted, you should test it with the following steps. 6. Check the folder structure on your HTTP server: a. The update folders should be located under the http document root folder. For example:
C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\
b. The updatesite folder should contain the following: v site.xml v plugins v features 7. Start the HTTP server and use a Web browser to connect to the update URL: http://server_host/updatesite/site.xml. For example:
http://stadv.acme.com/updatesite/site.xml
Make sure the contents of the site.xml file are displayed.
What to do next
After you have verified the update site, you must edit the plugin_customization.ini file with the IBM Lotus Sametime Advanced default settings for Lotus Sametime Connect client preferences. See the next topic.
Setting up Sametime default client preferences for Sametime Advanced

The plugin_customization.ini configuration file lets you customize the IBM Lotus Sametime Advanced default settings for Lotus Sametime Connect client preferences. You can set the Lotus Sametime Advanced server names and port numbers for all your users in this file. You can also use this to deploy clients to have consistent behavior so that all users have a similar experience with Lotus Sametime Advanced. This method does not force the settings to stick; it simply sets the default setting.
About this task

You create the plugin_customization.ini file with the default preferences that you want. The feature should then be posted on a Lotus Sametime Advanced update
136
site for the Lotus Sametime clients to download. When a new client logs in, it finds the new customization feature and downloads it. The client restarts and reads the new preferences. The client never downloads the feature again since it has already been installed. Every time the client starts, the plugin_customization.ini preferences are read. The following steps explain how to create the plugin_customization.ini file.
Procedure
1. Create a file named plugin_customization.ini with the default settings that you want for the client. Note: Note: The following common fields must be modified: sametimeAdvancedServerName, sametimeAdvancedServerPort, sametimeCommunityServer, broadcastToolsServerName, and broadcastToolsServerPort. broadcastToolsServerPort is always set to 1506. Here is an example of the settings:
#Set the Lotus Sametime Advanced broadcast server host name com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=sales3.acme.com #Set the Lotus Sametime Advanced broadcast server port com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=1234 #Set the Lotus Sametime Advanced broadcast server community host name com.ibm.collaboration.realtime.bcs/sametimeCommunityServer= #Set the WebSphere Event Broker server host name com.ibm.collaboration.realtime.bcs/broadcastToolsServerName=test.mul.ie.ibm.com #Set the WebSphere Event Broker server port here com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=4321 #Use SSL while connecting to the server? Set to true to use HTTPS; #False to use plain HTTP com.ibm.collaboration.realtime.bcs/useHTTPS=false #Connection type to connect to the Lotus Sametime Advanced server. #Set to one of the following -# 0 = Direct connection to the server # 1 = Connect via reverse proxy com.ibm.collaboration.realtime.bcs/advancedServerConnectionType= #Connection type to connect to the broadcast tools server. #Set to one of the following values -#1 = Direct connection to the server #2 = Use SSL (HTTPS) #3 = Use reverse proxies com.ibm.collaboration.realtime.bcs/broadcastServerConnectionType= #Set to true if using a HTTP forward proxy; otherwise, set to false. com.ibm.collaboration.realtime.bcs/useHttpProxy= #Proxy IP or host name if using a HTTP proxy; Leave blank otherwise com.ibm.collaboration.realtime.bcs/proxyHost= #HTTP proxy port to connect to com.ibm.collaboration.realtime.bcs/proxyPort= #User name if the HTTP proxy requires authentication. Leave blank otherwise. com.ibm.collaboration.realtime.bcs/proxyUserName= #Set the reverse proxy base URL to use if connecting via a reverse proxy. #Leave blank otherwise. #For example: http://mycompany.com/mycontext com.ibm.collaboration.realtime.bcs/reverseProxyBaseURL= #Set the reverse proxy user name if the proxy is authenticating. #Leave blank if not using reverse proxies com.ibm.collaboration.realtime.bcs/reverseProxyUserName= com.ibm.collaboration.realtime.bcs/jmsProtocol=disthub com.ibm.collaboration.realtime.bcs/groupServicePath=/cas/services/GroupMemberService com.ibm.collaboration.realtime.bcs/skilltapServicePath=/skilltapws/servlet/rpcrouter com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000 com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=true
137
com.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=false com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false com.ibm.collaboration.realtime.community/loginTokenRefreshInterval=86100000 #Set to "email" to use the Lotus Sametime IDs email directory field com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType= #Using token login by default com.ibm.collaboration.realtime.bcs/loginAuthUrl=/token_check.jsp com.ibm.collaboration.realtime.bcs/loginSuccessUrl=/stadvanced/ com.ibm.collaboration.realtime.bcs/useTokens=true
2. Save and close the file. 3. Post the updated plugin_customization.ini in the root location of the update site URL set in the Sametime Instant Messaging policy. If the policy value is http://server.com, then add it here: http://server.com/ plugin_customization.ini. Once the policy is configured, the plugin_customizatoin.ini is automatically pushed to the clients. The plugin_customization.ini is discovered and provisioned along with any other updates from the update site URL. For more information on configuring Sametime Connect Client user preferences, see Methods to configure Sametime Connect Client 8 user preferences. Lotus Sametime Advanced client preferences: The following table contains the IBM Lotus Sametime Advanced preferences for the Lotus Sametime Connect client that are set by administrators in the plugin_customization.ini file.
Entry Description
com.ibm.collaboration.realtime.bcs/ Required. Fully qualified IBM WebSphere Application sametimeAdvancedServerName= Server host name, for example: sales.acme.com (resides on the same computer as Lotus Sametime Advanced). com.ibm.collaboration.realtime.bcs/ Required. Lotus Sametime Advanced server port sametimeAdvancedServerPort= number. com.ibm.collaboration.realtime.bcs/ Required. Default Lotus Sametime community host sametimeCommunityServer name. This is the server users log in to for awareness and chat. com.ibm.collaboration.realtime.bcs/ Required. Fully qualified WebSphere Event Broker broadcastToolsServerName= server host name. com.ibm.collaboration.realtime.bcs/ Required. WebSphere Event Broker server port broadcastToolsServerPort= number com.ibm.collaboration.realtime.bcs/ If you are using SSL while connecting to the server, useHTTPS=false set to true. If you are using HTTP set to false. com.ibm.collaboration.realtime.bcs/ Connection type to connect to the Lotus Sametime advancedServerConnectionType= Advanced server. Set to 0 for a direct connection to the server. Set to 1 to connect through a reverse proxy.
138
Entry
Description
com.ibm.collaboration.realtime.bcs/ Connection type to connect to the Broadcast tools broadcastServerConnectionType= server. Set to 1 for a direct connection to the server. Set to 2 to connect using SSL (HTTPS) Set to 3 to use reverse proxies. com.ibm.collaboration.realtime.bcs/ Set to true if you are using an HTTP forward proxy, useHttpProxy= otherwise set it to false. com.ibm.collaboration.realtime.bcs/ Enter the proxy IP address or host name if you are proxyHost= using a HTTP proxy, otherwise leave it blank. com.ibm.collaboration.realtime.bcs/ Enter the HTTP proxy port to which you are proxyPort= connecting. com.ibm.collaboration.realtime.bcs/ Enter the user name if the HTTP proxy requires one proxyUserName= for authentication, otherwise leave it blank. com.ibm.collaboration.realtime.bcs/ Enter the reverse proxy base URL to use if connecting reverseProxyBaseURL= through a reverse proxy. For example: http://mycompany.com/mycontext. Leave blank otherwise. com.ibm.collaboration.realtime.bcs/ Enter the reverse proxy user name if the proxy is reverseProxyUserName= authenticating. Leave blank if you are not using reverse proxies. com.ibm.collaboration.realtime.bcs/ Internal protocol for connecting to WebSphere Event jmsProtocol=disthub Broker. Enter disthub (no SSL) or disthubs (with SSL). com.ibm.collaboration.realtime.bcs/ Time allowed in milliseconds for awareness names to liveNameResolveTimeout=10000 resolve. com.ibm.collaboration.realtime.bcs/ Prohibits licensing to users and groups with wildcard noWildcardSubscriptions=true characters in their names. com.ibm.collaboration.realtime.bcs/ Alert users when a new open community is created. notifyNewOpenCommunities=true com.ibm.collaboration.realtime.bcs/ Alert users when a new moderated community is notifyNewModeratedCommunities=true created. com.ibm.collaboration.realtime.bcs/ Alert users when a new private community is created. notifyNewPrivateCommunities=true com.ibm.collaboration.realtime.bcs/ Blocks broadcasts when user has set client to "Do not blockBroadcastOnDoNotDisturb=true disturb". com.ibm.collaboration.realtime.bcs/ Blocks broadcast when user is in a meeting. blockBroadcastOnInMeeting=false com.ibm.collaboration.realtime.bcs/ Alert users when a chat room has a new member. notifyChatRoomAddMember=true com.ibm.collaboration.realtime.bcs/block chat room notifications when user has set Blocks ChatRoomNotifyOnDoNotDisturb=true to "Do not disturb". client com.ibm.collaboration.realtime.bcs/block chat room notifications when user is in a Blocks ChatRoomNotifyOnInMeeting=false meeting. com.ibm.collaboration.realtime.bcs/ Set to "email" to use the Sametime ID's email broadcastServerUserIdType=email directory field. You need to use the same property value to log in to both the Sametime client and Sametime Advanced. com.ibm.collaboration.realtime.bcs/ Determines whether or not the client uses LTPA token useTokens=true at login. If it is set to false, then users must save their passwords when they log in.
139
Entry
Description
com.ibm.collaboration.realtime.community/loginTokenRefreshInterval=86100000 LTPA token timeout in seconds. IBM recommends 86100000 (23 hours and 55 minutes). com.ibm.collaboration.realtime.instantshare/ instantshare plug-in to use the application Set the appsharePreference=1 sharing component of either the Lotus Sametime Meeting Server or the Lotus Sametime Classic meeting service: v 1 - Try the Lotus Sametime Meeting Server application sharing component, and if it fails try the Lotus Sametime Classic meeting service application sharing component (default). v 2 - Use only the Lotus Sametime Meeting Server application sharing component. v 3 - Use only the Lotus Sametime Classic meeting service application sharing component. com.ibm.collaboration.realtime.instantShare/useTokens=true Set to "true" only if InstantShare is configured to use an alternate server and LTPA token is required at login.
Setting Sametime policies for your update site

When you set up your IBM Lotus Sametime Advanced update site, you need to specify policies on the Sametime Standard server for how users will get the Lotus Sametime Advanced plug-ins as well as updates.
Before you begin

Before you begin, you should have installed the HTTP server and set up an update site on the server.
About this task

There are two methods for pushing updates to users: v Automatic Updates: Administrators can provision new or updated Lotus Sametime Advanced plug-ins to their clients in a "push" mode so that all clients use the same set of features. The push method enables the client to receive updates automatically whenever he or she logs in to Lotus Sametime Connect. v Optional Updates: Administrators can also provide new Lotus Sametime Advanced features to their clients as an option. With the optional method, the user is notified that updates are available when logging in to the Lotus Sametime Connect client. The user selects which updates to install, if any.
Procedure
1. Log in to the Integrated Solutions Console. 2. Click Sametime System Console. 3. Click Manage Policies. 4. Click Instant Messaging. 5. Select a policy name from the list, and click Edit. Choose a policy that is available to Lotus Sametime Advanced users. You can also create a policy exclusively for Lotus Sametime Advanced users. You might want to do this if Advanced users are a subset of Sametime users or if you plan an maintaining separate update sites on the Sametime and Sametime advanced servers.
140
6. If you want to set up automatic updates, then add the update site URL to the Sametime update site URL field. If you already have an existing update site in the URL, for example for Sametime Standard users, then you can add an additional URL for Sametime Advanced separated by a semicolon or a comma.
http://<sametime_host_name>/updatesite, http://<stadvanced_host_name>/updatesite
7. If you want to set up an optional updates, then add the update site URL in the Sametime optional plug-in site URLs field.
http://<stadvanced_host_name>/updatesite
8. Click Done.
Upgrading the Lotus Sametime Advanced client to Lotus Sametime Advanced 8.5.1
Upgrade the IBM Lotus Sametime Advanced 8.0.1 client to Lotus Sametime Advanced 8.5.1.
About this task

Follow these steps to upgrade:
Procedure
1. Upgrade to the new Lotus Sametime client. See Installing the new Lotus Sametime client 2. Installing Lotus Sametime Advanced for Lotus Sametime clients on page 116
141
142
Chapter 5. Configuring
Configure connections and security in an IBM Lotus Sametime Advanced deployment.
About this task

Complete the configuration tasks in the order shown here:
Finishing the deployment

After you have installed your prerequisite components and IBM Lotus Sametime Advanced, complete your deployment by configuring your LDAP directory, installing IBM HTTP Server as your Web server, connecting to an IBM Lotus Sametime Server, and setting up clients.
About this task

Finish deploying Lotus Sametime Advanced by completing these tasks:
Supporting connections on port 80

Configure either a proxy server or an HTTP server to support connections between clients and the IBM Lotus Sametime Advanced server over port 80.
About this task

For performance reasons, the IBM HTTP server has a limit of around 2000 concurrent connections; this may be insufficient when you are supporting persistent chats with Lotus Sametime Advanced. For deployments involving more than 2000 simultaneous users, it is recommended that you use a WebSphere Application Server Proxy server instead of an HTTP server.
Installing a WebSphere Application Server proxy server

An IBM WebSphere Application Server proxy server operates with WebSphere Application Server to provide Web access for concurrent users in a large deployment. This is recommended over using IBM HTTP server because IBM Lotus Sametime Advanced persistent chats will use up many of the 2000 connections supported by HTTP server and be insufficient for your user base.
Before you begin

For performance reasons, the IBM HTTP server has a limit of around 2000 concurrent connections; this may be insufficient when you are supporting persistent chats with Lotus Sametime Advanced. For deployments involving more than 2000 simultaneous users, it is recommended that you use a WebSphere Application Server proxy server instead of an HTTP server. It is recommended that you deploy Lotus Sametime Advanced in a cluster, even if it only contains a single node, as it will be easier to later add additional nodes. If you did not set up a single-node cluster, you can still configure a proxy server provided a deployment manager is managing the node with a single server; you will simply configure the proxy server to direct traffic to that server. Note that the
143
proxy server is similar to other nodes in a cluster in that it is difficult to install one node inside the DMZ while other nodes are not. Because of this, the proxy will need to be in the same zone as the cluster's other nodes. Verify that the following requirements are satisfied: v The Lotus Sametime Advanced WebSphere cluster is fully configured and operational v The WebSphere Application Server Network Deployment software is installed on the node that will run the proxy server v v v v That target note is in the same zone as the cluster's other nodes The node agent is running on that target node Lotus Sametime Advanced is running on that target node The IBM HTTP server is not running on that target node
About this task

Follow these steps to configure the WebSphere Application Server proxy server:
Procedure
1. On the target node, log in to the Integrated Solutions Console as a WebSphere Application Server administrator. 2. Click Proxy Servers New, and select the node from the list. 3. Type a name for the new proxy server and click Next. 4. On the "Support Protocols" page, leave HTTP and SIP selected, leave Generate unique ports selected; click Next. 5. On the "Template" page, leave http_sip_proxy_server selected; click Next. 6. Verify that the proxy server is functioning by using a browser to access the Sametime Advanced application with the URL: http://proxy_server_name/ stadvanced. 7. To install an update site, either deploy an HTTP server on a different node, or install a WebSphere Application Server update site application on the cluster.
Installing HTTP Server to support connections on port 80

IBM HTTP Server operates with IBM WebSphere Application Server to provide Web access for IBM Lotus Sametime Advanced.
Before you begin

For performance reasons, the IBM HTTP server has a limit of around 2000 concurrent connections; this may be insufficient when you are supporting persistent chats with Lotus Sametime Advanced. For deployments involving more than 2000 simultaneous users, it is recommended that you use a WebSphere Application Server Proxy server instead of an HTTP server.
About this task

You install and configure IBM HTTP Server in two stages as described below: Installing the IBM HTTP Server application: IBM Lotus Sametime Advanced uses IBM HTTP Server to provide an update site where Lotus Sametime clients can access plug-ins and features for Lotus Sametime Advanced.
144
Before you begin For additional information on installing IBM HTTP Server, see the "IBM HTTP Server for WebSphere Application Server" help in the IBM WebSphere Application Server information center at:
http://publib.boulder.ibm.com/infocenter/wasinfo/v6r0/index.jsp
About this task Follow these steps to install IBM HTTP Server on the Lotus Sametime Advanced computer. Procedure 1. Log in to your computer as the system administrator (Microsoft Windows) or as root (IBM AIX, Linux, Solaris). 2. Download the appropriate Edge Components package for your operating system and extract the files. The Edge Components package contains an installer for installing the IBM HTTP Server. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 3. Navigate to the directory where you stored the downloaded file. 4. Run the HTTP Server installation program with the following command: AIX, Linux, Solaris
./install
Windows
install.exe
5. At the "Welcome" screen, click Next. 6. At the "Software License Agreement" screen, accept the license agreement and click Next. 7. At the "System prerequisites check" screen, make sure your server has passed the check, and click Next. If your server did not pass, you must install the missing prerequisites before you can install HTTP server. 8. At the "Enter the install location" screen, browse the directory where you want to install HTTP server, and then click Next. 9. At the "Port Values Assignment" screen, accept the default port settings by clicking Next. 10. (Windows) At the "Windows Service Definition" screen, do one of the following before clicking Next: v Accept the default settings to install as a service, and enter the Windows system administrator's user name and password. v Click "Log on as a local system account". Note: If your company's security policy does not allow for services to run as the local system user, change the log-on properties of the Windows services to an account that is authorized to run these services. 11. At the "HTTP Administration Server Authentication" screen, provide the appropriate user name and password for IBM HTTP Administration Server.
145
You will be prompted for these credentials during the configuration task; for example, you might enter httpadmin as the user name and passw0rd as the password. 12. (AIX, Linux, Solaris) At the "Set up HTTP Administration Server" screen, provide the operating system user and group information that you want the administration server to run as, and then click Next. This will create a new user and group on the system. 13. At the "IBM HTTP Server Plug-in for WebSphere Application Server" screen, do the following: a. Click Install the IBM HTTP Server Plug-in for WebSphere Application Server. b. Enter a unique name for the Web server definition; the suggested name for your Lotus Sametime Advanced deployment is stadvhttp. You will be prompted for this name when configuring the HTTP Server in the next task. c. Enter your fully qualified host name for the Application Server. d. Click Next. 14. At the "Installation Summary" screen, review the settings and then click Next; then wait for the installation to complete. 15. At the "Success" screen, click Finish. Configuring WebSphere Application Server for use with HTTP Server: Configure IBM WebSphere Application Server to interact with IBM HTTP Server. About this task Follow these steps to configure the IBM WebSphere Application Server with HTTP Server. You will work on the server where you installed IBM Lotus Sametime Advanced and IBM WebSphere Application server. Procedure 1. On the Lotus Sametime Advanced server, log in to the Integrated Solutions Console using a WebSphere Application Server administrator account: The Web address resembles this but depends on your host name and port:
http://hostname_or_IPaddress:9060/ibm/console
For example:
2. Click Servers Web servers New and use the Create new Web server definition wizard to create the Web server definition. 3. Enter the Web server properties: a. Server name: stadvhttp This is the name you assigned to the Web Server in when you installed the HTTP Server application. b. Type: IBM HTTP Server c. Host name: the fully qualified name name of the server where IBM HTTP server is installed d. Platform: operating_system e. Click Next f. Web server template: IHS
146
g. Click Next h. Enter properties for new Web server: accept default settings and provide the credentials for the IBM HTTP Administrative Server (which you created when you installed IBM HTTP Server). For example, you may have entered httpadmin as the user name and passw0rd as the password when you installed HTTP server. i. Click Next j. Confirm the creation of the new Web server and click Finish. 4. Save your changes. 5. Restart the WebSphere Application Server. 6. If your HTTP server is hosted on a separate computer from WebSphere Application Server, do the following: a. Manually copy the plugin-cfg.xml file to your HTTP server. You can find this file on the server where WebSphere Application Server is installed, in the IBM\HTTPServer\Plugins\config\stadvhttp directory; for example, on Windows:
C:\Program Files\IBM\HTTPServer\ Plugins\config\stadvhttp\plugin-cfg.xml
b. On the HTTP server, update the httpd.conf file to reflect the location where you just placed that plugin-cfg.xml file. In the httpd.conf files, locate the statement beginning with: WebSpherePluginConfig and modify it to indicate the correct path; for example, on Windows:
WebSpherePluginConfig "C:\Program Files\IBM\HTTPServer\ Plugins\config\stadvhttp\plugin-cfg.xml"
Type the statement all on one line. c. Restart the Web server. 7. Verify that you can use the Integrated Solutions Console to start and stop HTTP Server: a. On the left, click Servers Web servers. b. In the Web Servers window, click the link that represents your HTTP Server. c. Click the button corresponding to the action you want: Start or Stop. 8. Still in the console, verify the configuration change as follows: a. Click Servers Web servers (on the navigation list) to display the list of available Web servers. b. In the Web servers table, click the link representing your IBM HTTP Server installation. The server's page has two tabs, Runtime and Configuration. c. Click the Configuration tab. d. On the "Configuration" page, click Configuration File (on the right, below the "Additional Properties" heading) to display the contents of the httpd.conf file. e. Verify that you can see the following change in the httpd.conf file:
LoadModule was_ap20_module "C:\Program Files\IBM\HTTPServer\ Plugins\bin\mod_was_ap20_http.dll" WebSpherePluginConfig "C:\Program Files\IBM\HTTPServer\ Plugins\config\stadvhttp\plugin-cfg.xml"
f. Click Cancel to close the Configuration page.
147
Configuring an LDAP connection

IBM Lotus Sametime Advanced works with a variety of LDAP directories for user management. You can configure the connection between Lotus Sametime Advanced and your LDAP directory with, or without, SSL enabled.
Before you begin

Make sure you have a supported LDAP directory installed. If you already configured the LDAP connection while installing Lotus Sametime Advanced, skip this task. Otherwise, configure the connection now using one of the following options:
Configuring the LDAP connection without SSL

If you chose not to configure your LDAP connection while installing IBM Lotus Sametime Advanced, you must do it now.
Before you begin

This procedure describes how to configure a connection to an LDAP directory without using SSL (secure socket layer). Note: Lotus Sametime Advanced must use the same LDAP server/directory as the Lotus Sametime Standard server.
About this task

If you configured your LDAP connection during Lotus Sametime Advanced installation, these steps were completed for you as part of that process and you can skip this task. Otherwise, make sure that both the LDAP server and the Lotus Sametime Advance are running.
Procedure
1. On the Lotus Sametime Advanced server, enter your LDAP settings in the orgCollab.properties file: a. On the Lotus Sametime Advanced server, navigate to the SametimeAdvServer\STAdvanced\orgCollab\orgCollab folder within your Lotus Sametime Advanced installation. For example: IBM AIX, Linux, Solaris
/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer STAdvanced/orgCollab/orgCollab/orgCollab.properties
Microsoft Windows
C:\Program Files\IBM\WebSphere\STAdvServer\ SametimeAdvServer\STAdvanced\orgCollab\orgCollab
b. Edit the orgCollab.properties file and locate the "LDAP Configuration" section, which begins with this header:
################################################### # # Please modify following properties if you are configuring LDAP later # (with or without SSL enablement) # ###################################################
c. Enter the following values in the "LDAP Configuration" section:
148
LDAP settings in the orgCollab.properties file when you do not use SSL Entry orgCollab. LDAPServerType= Description The type of LDAP server to be used for WebSphere; possible values are: v SECUREWAY v IDS4 v IDS51 v IDS52 v IDS6 v ZOSDS v DOMINO5 v DOMINO6 v DOMINO65 v DOMINO7 v NDS v SUNONE v AD2000 v AD2003 v ADAM v CUSTOM orgCollab.HostName= Specify the LDAP host name and orgCollab.HostName=bluepages. ibm.com orgCollab.LDAP_port= port to enable Sametime orgCollab.LDAP_port=389 Advanced Server to connect to LDAP. orgCollab. isAnonymousBind= Select authenticated access if you orgCollab.isAnonymousBind=true want to provide an authentication identify, or choose or anonymous access only. For Authenticated Access orgCollab.isAnonymousBind=false orgCollab.loginProperties= Determine the value of the mail Attribute of the person entry that defines the internal ID of a Sametime user field in the Lotus Sametime Standard STConfig.nsf file. If it has a value, then match it in orgCollab.loginProperties. If it is empty, do not change it, and then specify an LDAP attribute in orgCollab.loginProperties that it is appropriate for logging in to Lotus Sametime Advanced at your site. Example orgCollab.LDAPServerType=IDS6
orgCollab. loginProperties=
d. Save and close the orgCollab.properties file. 2. Navigate to the \bin directory within your IBM WebSphere Application Server installation. v AIX, Linux, Solaris Open a terminal and navigate to:
/opt/IBM/WebSphere/AppServer/bin
v Windows Open a command prompt and navigate to:

149
3. Run the following command (type it all on one line): v AIX, Linux, Solaris
wsadmin.sh -lang jython -user user_name -password password -f "STAdv_install_location\ConfigLDAPLater.py" "STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"
v Windows
wsadmin.bat -lang jython -user user_name -password password -f "STAdv_install_location\ConfigLDAPLater.py" "STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"
where: v user_name and password are the WebSphere Application Server administrator's user name and password. v STAdv_install_location is the path where you installed Lotus Sametime Advanced on this computer. v %Base_DN% is the LDAP Base Distinguished Name. Use "Base_DN=" for an empty Base DN value. v %LDAP_Bind_DN% is the LDAP bind distinguished name. Usee "BIND_DN=" for Anonymous access to the LDAP. v %LDAP_Bind_Pwd% is the LDAP bind password. Use "BIND_PWD=" for Anonymous access to the LDAP. For example (remember that you must type it all on one line): AIX, Linux, Solaris
wsadmin.sh -lang jython -user wasadmin -password mypassw0rd -f "/opt/IBM/WebSphere/STAdvServer/ConfigLDAPLater.py" "/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"
Windows
wsadmin.bat -lang jython -user wasadmin -password mypassw0rd -f "C:\Program Files\IBM\WebSphere\STAdvServer\ConfigLDAPLater.py" "C:\Program Files\IBM\WebSphere\STAdvServe\SametimeAdvServer\ STAdvanced\orgCollab\orgCollab\orgCollab.properties" "BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"
4. Add attributes to the "wimconfig.xml" file as follows: a. Navigate to the following directory:
WAS_install_location\profiles\profile_name\config\cells\cell_name\wim\config
b. Make a backup copy of the wimconfig.xml file. c. Now open the wimconfig.xml for editing. d. In the file, search for the following statements:
<config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password" />
e. Add the following statements right below the ones you located:
<config:attributes name="EMAIL_FIELD" propertyName="mail"/> <config:attributes name="LOGIN_FIELD" propertyName="loginField"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="DISPLAY_NAME" propertyName="displayName"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes>
150
where v EMAIL_FIELD should have the value "mail" v LOGIN_FIELD is the name of the login field required by the ldap search base (for example, "mail" or "cn") v DISPLAY_NAME is the name of the display field of the LDAP's search base (for example, "cn") Here's an example of the new section with those values filled in:
<config:attributes name="mail" propertyName="mail"/> <config:attributes name="mail" propertyName="loginField"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="cn" propertyName="displayName"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes>
f. Save and close the file. 5. Still in the WebSphere Application Server installation's \bin directory, stop and start WebSphere Application Server: This stops and restarts both WebSphere Application server and Lotus Sametime Advanced: v AIX, Linux, Solaris
./stopServer.sh server1 ./startServer.sh server1
v Windows
stopServer.bat server1 startServer.bat server1
6. Now open the WebSphere Administrative console by clicking Start All Programs IBM WebSphere Application Server Network Deployment V6.1 Profiles ST_Advanced_Profile Administrative console. 7. In the console, click Security Secure administration, applications, and infrastructure Federated repositories and verify that the "LDAP1" repository has been created. 8. Verify that your LDAP connection is working by pointing a browser at http://server_name:9080/stadvanced and logging in to Lotus Sametime Advanced with a user account from the LDAP directory.
Configuring the LDAP connection with SSL

If you chose not to configure your LDAP connection while installing IBM Lotus Sametime Advanced, you must do it now. This section describes how to configure an LDAP connection with Secure Sockets Layer (SSL).
Before you begin

Before you begin, set up an LDAP server with SSL. Note: Lotus Sametime Advanced must use the same LDAP server/directory as the Lotus Sametime Standard server.
About this task Procedure

1. Copy the SSL certificate (certificate_name.arm) from the LDAP server to the \profiles\Default_profile\etc\ directory within your IBM WebSphere Application Server installation.
151
For example: v IBM AIX, Linux, Solaris: Copy this file:

/opt/IBM/ldap/LDAP_cert_name.arm
To this directory:
/opt/IBM/WebSphere/AppServer/profiles/default_profile/etc/ LDAP_cert_name.arm
v Microsoft Windows Copy this file:

C:\IBM\ldap\LDAP_cert_name.arm
To this directory:
C:\Program Files\IBM\WebSphere\AppServer\profiles\default_profile \etc\LDAP_cert_name.arm
2. Navigate to the WebSphere Application Server installation's \bin directory, and stop the WebSphere Application Server (this also stops Lotus Sametime Advanced): v Windows
v AIX, Linux, Solaris:

3. Now open the WebSphere Administrative console by clicking Start All Programs IBM WebSphere Application Server Network Deployment V6.1 Profiles ST_Advanced_Profile Administrative console. 4. In the console, click Security SSL certificate and key management Key stores and certificates NodeDefaultTrustStore Signer certificates. . 5. Click Add, and enter the following information:
Option Alias File name Description Type the name you prefer for the trust certificate. Type the name of the *.arm file which is copied into \AppServer\profiles\default_profile\etc\
6. Click OK, and then click Save. 7. In the WebSphere Application Server installation's \bin directory, and start WebSphere Application Server: v Windows
startServer.bat server1
v AIX, Linux, Solaris:

./startServer.sh server1
8. On the Lotus Sametime Advanced server, enter your LDAP settings in the orgCollab.properties file: a. On the Lotus Sametime Advanced server, navigate to the SametimeAdvServer\STAdvanced\orgCollab\orgCollab folder within your Lotus Sametime Advanced installation. AIX, Linux, Solaris
/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer STAdvanced/orgCollab/orgCollab/orgCollab.properties
Windows
152
C:\Program Files\IBM\WebSphere\STAdvServer\ SametimeAdvServer\STAdvanced\orgCollab\orgCollab
b. Edit the orgCollab.properties file and locate the "LDAP Configuration" section, which begins with this header:
################################################### # # Please modify following properties if you are configuring LDAP later # (with or without SSL enablement) # ###################################################
c. Enter the following values in the "LDAP Configuration" section:

LDAP settings in the orgCollab.properties file when you use SSL Entry orgCollab. LDAPServerType= Description The type of LDAP server to be used for WebSphere; possible values are: v SECUREWAY v IDS4 v IDS51 v IDS52 v IDS6 v ZOSDS v DOMINO5 v DOMINO6 v DOMINO65 v DOMINO7 v NDS v SUNONE v AD2000 v AD2003 v ADAM v CUSTOM orgCollab.HostName= Specify the LDAP host name and orgCollab.HostName= acme.com orgCollab.LDAP_port= port to enable Sametime orgCollab.LDAP_port=389 Advanced Server to connect to LDAP. orgCollab. isAnonymousBind= Select authenticated access if you orgCollab.isAnonymousBind=true want to provide an authentication identify, or choose or anonymous access only. For Authenticated Access orgCollab.isAnonymousBind=false Example orgCollab.LDAPServerType=IDS6
153
LDAP settings in the orgCollab.properties file when you use SSL Entry orgCollab. loginProperties= Description Example
orgCollab.loginProperties=mail Determine the value of the Attribute of the person entry that defines the internal ID of a Sametime user field in the Lotus Sametime Standard STConfig.nsf file. If it has a value, then match it in orgCollab.loginProperties. If it is empty, do not change it, and then specify an LDAP attribute in orgCollab.loginProperties that it is appropriate for logging in to Lotus Sametime Advanced at your site. Set this variable to true if the LDAP server has SSL enabled. orgCollab.sslenabled=true
orcCollab. sslenabled=
d. Save and close the orgCollab.properties file. 9. Navigate to the \bin directory within your IBM WebSphere Application Server installation. v AIX, Linux, Solaris Open a terminal and navigate to:
/opt/IBM/WebSphere/AppServer/bin
v Windows Open a command prompt and navigate to:

10. Run the following command (type it all on one line): v AIX, Linux, Solaris
wsadmin.sh -lang jython -user user_name -password password -f "STAdv_install_location\ConfigLDAPLater.py" "STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=<%BASEDN%>" "BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"
v Windows
wsadmin.bat -lang jython -user user_name -password password -f "STAdv_install_location\ConfigLDAPLater.py" "STAdv_install_location/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=%Base_DN%" "BIND_DN=%LDAP_Bind_DN%" "BIND_PWD=%LDAP_Bind_Pwd%"
Where: v user_name and password are the WebSphere Application Server administrator's user name and password. v STAdv_install_location is the path where you installed Lotus Sametime Advanced on this computer. v %Base_DN% is the LDAP Base Distinguished Name. Use "Base_DN=" for an empty Base DN value. v %LDAP_Bind_DN% is the LDAP bind distinguished name. Usee "BIND_DN=" for Anonymous access to the LDAP. v %LDAP_Bind_Pwd% is the LDAP bind password. Use "BIND_PWD=" for Anonymous access to the LDAP. For example (remember, it must all be typed on one line):
154
v AIX, Linux, Solaris

wsadmin.sh -lang jython -user wasadmin -password mypassw0rd -f "/opt/IBM/WebSphere/STAdvServer/ConfigLDAPLater.py" "/opt/IBM/WebSphere/STAdvServer/SametimeAdvServer/STAdvanced/orgCollab/ orgCollab/orgCollab.properties" "BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"
v Windows
wsadmin.bat -lang jython -user wasadmin -password mypassw0rd -f "C:\Program Files\IBM\WebSphere\STAdvServer\ConfigLDAPLater.py" "C:\Program Files\IBM\WebSphere\STAdvServe\SametimeAdvServer\ STAdvanced\orgCollab\orgCollab\orgCollab.properties" "BASE_DN=dc-acme,dc=com" "BIND_DN=cn=root" "BIND_PWD=passw0rd"
11. Add attributes to the "wimconfig.xml" file as follows: a. Navigate to the following directory:
WAS_install_location\profiles\profile_name\config\cells\cell_name\wim\config
b. Make a backup copy of the wimconfig.xml file. c. Now open the wimconfig.xml for editing. d. In the file, search for the following statements:
<config:attributeConfiguration> <config:attributes name="userPassword" propertyName="password" />
e. Add the following statements right below the ones you located:
<config:attributes name="EMAIL_FIELD" propertyName="mail"/> <config:attributes name="LOGIN_FIELD" propertyName="loginField"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="DISPLAY_NAME" propertyName="displayName"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes>
where v EMAIL_FIELD should have the value "mail" v LOGIN_FIELD is the name of the login field required by the ldap search base (for example, "mail" or "cn") v DISPLAY_NAME is the name of the display field of the LDAP's search base (for example, "cn") Here's an example of the new statements with those values filled in:
<config:attributes name="mail" propertyName="mail"/> <config:attributes name="mail" propertyName="loginField"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes> <config:attributes name="cn" propertyName="displayName"> <config:entityTypes>PersonAccount</config:entityTypes> </config:attributes>
f. Save and close the file. 12. Still in the WebSphere Application Server installation's \bin directory, stop and start WebSphere Application Server: This stops and restarts both WebSphere Application server and Lotus Sametime Advanced: v Windows
stopServer.bat server1 startServer.bat server1
v AIX, Linux, Solaris

./stopServer.sh server1 ./startServer.sh server1
155
13. Now open the WebSphere Administrative console by clicking Start All Programs IBM WebSphere Application Server Network Deployment V6.1 Profiles ST_Advanced_Profile Administrative console. 14. In the console, click Security Secure administration, applications, and infrastructure Federated repositories and verify that the "LDAP1" repository has been created. 15. Verify that your LDAP connection is working by pointing a browser at http://server_name:9080/stadvanced and logging in to Lotus Sametime Advanced with a user account from the LDAP directory.
Enabling group search for an LDAP directory

If you plan on issuing licenses to groups of users, you should update the wimconfig.xml file. Updating this file lets you use IBM Lotus Sametime Advanced to search for groups in your LDAP directory.
Procedure
1. Use a text editor to open the wimconfig.xml file here: was_home\profiles\ profile\config\cells\cell_node\wim\config\wimconfig.xml. 2. The following code sample is an example of a basic wimconfig.xml file that has been re-configured to search for groups. The appropriate values that have been modified are shown in italics. Update these values with the object class name as defined within your LDAP directory.
<config:ldapEntityTypes name="Group"> <config:objectClasses>groupOfUniqueNames</config:objectClasses> </config:ldapEntityTypes> <config:groupConfiguration> <config:memberAttributes dummyMember="uid=dummy" name="uniquemember" objectClass="groupOfUniqueNames" scope="direct"/> </config:groupConfiguration>
Configuring a mail server

Configure a mail server for use with an IBM Lotus Sametime Advanced deployment.
About this task

Follow these steps to configure a mail server for the Lotus Sametime Advanced deployment:
Procedure
1. Log in to the Integrated Solutions Console as an IBM WebSphere Application Server administrator. v In a single-server deployment, log in from the Lotus Sametime Advanced server. v In a clustered deployment, log in from the cluster's Deployment Manager. 2. Click Resources Mail Mail Sessions. 3. In the "Mail Sessions" screen, expand the Scope section and select a scope: v In a single-server deployment the scope is a server, so select your server from the list (for example: Node=node_name, Server=server1). v In a clustered deployment the scope is a cluster, so select your cluster from the list. 4. In the table, click the New button to create a new mail session.
156
5. Fill out the new mail session form as follows: On this form, some fields have information supplied already, which you can accept or modify; you must provide values for the following fields:
Option Name JNDI Name Mail transport host Description Type a name for the mail server; for example: Sametime Mail Notifier Provide an associated JNDI name; use: mail/sametime/notifier Provide the fully qualified host name of your SMTP server; for example: sales.acme.com Select the mail transport protocol; in this example, it would be SMTP You can optionally supply a user name and password for the SMTP server; this is only necessary when your SMTP server requires them for authentication before sending e-mail. Mail from Type the e-mail address to be used as the "From" address when sending notifications.
Mail transport protocol
6. Click OK to save your settings.
Connecting Lotus Sametime Advanced to Lotus Sametime Standard

Establish a connection between the IBM Lotus Sametime Advanced and Lotus Sametime servers.
Before you begin

After you have installed your Lotus Sametime Advanced and Lotus Sametime servers, you must establish a connection between them. This connection enables the Single Sign-On (SSO) . You must configure single sign-on between the IBM WebSphere component of the Lotus Sametime Advanced server and the IBM Lotus Domino component of the Lotus Sametime Community server.
Enabling Single Sign-on

Enable single sign-on between IBM Lotus Sametime Advanced and IBM Lotus Sametime Standard servers.
Before you begin

"Single sign-on" (SSO) is a method of access control that allows a user to authenticate with one server and, by means of a shared key, access related servers without having to authenticate again. Lotus Sametime Advanced uses the single sign-on feature. Note: The Lotus Sametime Advanced and Lotus Sametime Standard servers must reside in the same domain and share a common LDAP directory to support single sign-on. When you configure single sign-on, you create a key in the IBM WebSphere Application Server component on the Lotus Sametime Advanced server, and then
157
export the key. Next, you import that key to the IBM Lotus Domino component of the Lotus Sametime Community server to complete the single sign-on enablement. For more information on enabling single sign-on, visit the Websphere Portal information center at the following Web address and search on "Configuring IBM Lotus Domino Enterprise Server mail and application servers and WebSphere Portal to work together":
http://publib.boulder.ibm.com/infocenter/wpdoc/v510/index.jsp
Enable single sign-on by completing the following tasks: Configuring SSO for the nodes in a cluster: If you install multiple IBM Lotus Sametime Advanced servers and cluster them with a network deployment, you should enable single sign-on (SSO) on each node in the cluster. This prevents authentication problems when users are automatically switched to a different node due to load-balancing or fail-over issues. About this task You will use the cluster's deployment manager to enable single sign-on for the IBM WebSphere Application Server component of all nodes. Procedure 1. Log in to the WebSphere Administrative console on the cell's deployment manager using WebSphere administrator credentials. 2. Click Security Secure administration, applications, and infrastructure, expand Web Security in the "Authentication: area, and then open single sign-on (SSO). 3. In the Domain Name field, type the domain name (for example, .acme.com) of the nodes in the cluster. Include a leading dot (.) as shown in the example. 4. Save the changes, synchronize the nodes, and restart the servers in this cluster. Configuring SSO for Lotus Sametime Advanced: Enable single sign-on and configure its properties on the IBM Lotus Sametime Advanced server. Before you begin Be sure that both machines have the same time zone and time. About this task Enable single sign-on with the following steps: Procedure 1. On the Lotus Sametime Advanced server, log in to the Integrated Solutions Console using a WebSphere Application Server administrator account. The Web address resembles this but depends on your host name and port:
For example:
2. Enable the single sign-on feature:
158
a. Click Security Secure administration, applications, and infrastructure Web security (Under Authentication) single sign-on (SSO). b. Edit the configuration properties as needed, selecting the following settings:
Enabled Requires SSL Interoperability Mode Web inbound security attribute propagation Domain name Select this setting. Clear this setting if it has been selected. Select this setting. Select this setting. Type the name of a domain that both the Lotus Sametime Advanced and the Lotus Sametime Standard servers belong to; for example: .acme.com. You will enter this value again when you enable SSO on the Lotus Sametime Standard server.
c. Click Apply, and then when the "Changes have been made to your local configuration" message appears, click Save. 3. Restart the WebSphere Application Server on this computer: a. Navigate to the \profiles\ST_Advanced_Profile\bin directory in the WebSphere Application Server installation path. For example, on Windows:
b. Stop WebSphere Application Server and Lotus Sametime Advanced by running the following command: AIX, Linux, Solaris
./stopServer.sh server1 -username wasadmin_name -password password
Windows
stopServer.bat server1 -username wasadmin_name -password password
c. Now start WebSphere Application Server and Lotus Sametime Advanced by running the following command: AIX, Linux, Solaris
./startpServer.sh server1 -username wasadmin_name -password password
Windows
startServer.bat server1 -username wasadmin_name -password password
4. Now create an LTPA key and export it as follows: a. Click Secure administration, applications, and infrastructure authentication mechanisms and expiration. b. Now fill in the configuration settings, and assign a password and a file name to the key::
Authentication cache timeout Type values for the minutes and seconds representing the amount of time before authentication information expires Type the number of minutes before forwarded credentials will expire
Timeout value for forwarded credentials between servers
159
Password Confirm password
Type, and then confirm, a password to be associated with the LTPA key. Attention: When you create the password, be sure to note it down you will need it when you import the LTPA key to the Lotus Sametime Standard server.
Fully qualified key file name
Type the path to the file plus the file's name; for example: c:\temp\acme.cer.
c. Click Export keys. d. Click OK, and then click Save. 5. Edit the exitSetting.ini file on the WebSphere Event Broker. a. Locate the exitSetting.ini file in the \6.0\bin directory underneath the WebSphere Event Broker installation directory. b. Add the following lines.
domain=my_domain_.com protectedUrl=http://localhost:9080/stadvanced/controller/logon successUrl=/stadvanced/
Where my_domain_.com and localhost:9080 are specific to your deployment. 6. Add or set the following LTPA properties to your plugin_customization.ini file.
com.ibm.collaboration.realtime.bcs/useTokens=true com.ibm.collaboration.realtime.instantShare/useTokens=true com.ibm.collaboration.realtime.community/loginTokenRefreshInterval=86100000
See Setting up Sametime default client preferences for Sametime Advanced on page 136 for more information on working with the plugin_customization.ini file. What to do next Next you will enable SSO on the Lotus Sametime Standard server and import this LTPA key. Configuring SSO for Lotus Sametime Standard: Enable single sign-on (SSO) and configure its properties for IBM Lotus Sametime before importing the LTPA key. Before you begin You will move to the Lotus Sametime Community server for this task. Procedure 1. First, manually copy the key file you created on the Lotus Sametime Advanced server to the Lotus Sametime Community server; for example: c:\temp\ames.cer. 2. On the Lotus Sametime Standard server, start the IBM Lotus Domino Administrator application: a. Navigate to the directory where Lotus Domino is installed; for example, on Windows: C:\Program Files\IBM\Lotus\Domino. b. Open the IBM Lotus Domino administrator. 3. Enable the single sign-on feature by completing these steps:
160
a. In the Lotus Domino Administrator, click the name of the current server (in the listing on the left). b. Click the Files tab. c. Open the file names.nsf (this is the Domino Directory for the current server). d. Click Configuration Web Web Configurations. e. Open * - Web SSO Configurations. You will see one SSO document. If you open it, you may encounter an error message stating that portions of the document cannot be accessed disregard the error. f. Whether or not you received an error message, delete this SSO document. g. Now open the Server document by clicking the Configuration tab, and then clicking Server Current Server Document. h. Click Create Web SSO Configuration. i. Enter the following information for the SSO configuration, and leave the document open.
Configuration name Organization Name DNS domain Use LtpaToken as the configuration name (case sensitive, no spaces). Leave this field blank; this document will appear in the "Web Configurations" view. Type the name of a domain that both the Lotus Sametime Advanced and the Lotus Sametime servers belong to; for example: acme.com. Use the value you entered while enabling SSO on the Lotus Sametime Advanced server. Click the current Lotus Domino server's name to select it. IBM recommends that the token timeout value should be 1440 minutes (24 hours).
Domino Server Name Token timeout
4. Now import the LTPA key that you created on the Lotus Sametime Advanced server as follows: a. At the top of the document, click Keys Import WebSphere LTPA keys. b. Type in the exact file location of the key file you created on the Lotus Sametime Advanced server. c. Enter the password you created on the Lotus Sametime Advanced server when you enabled single sign-on. d. Click OK. The message Successfully imported WebSphere LTPA keys appears after the key has been imported. e. With the Server document still open, verify that the "LDAP realm" value is SCCS. f. Click Save & Close. g. Restart the Lotus Domino server to put your changes into effect. h. Verify that all the Lotus Sametime Standard services have been started by checking Windows services. 5. Verify that the SSO Configuration document was saved correctly:
161
a. In the Lotus Domino Administrator, click the name of the current server (in the listing on the left). b. Click the Files tab. c. Open the file names.nsf (this is the Domino Directory for the current server). d. Click Configuration Web Web Configurations. e. Open * - Web SSO Configurations. f. Verify that your settings appear (or make changes as needed). g. Verify that the "WebSphere" section at the end of the document is populated correctly and make any necessary changes h. Click Save & Close. 6. Configure the Lotus Sametime Community Server so it accepts authentication tokens generated only by SSO (LTPA tokens). This setting must be addressed for each server within a Lotus Sametime Community Server cluster. a. Log in to the Integrated Solutions Console. b. Click Sametime System Console Sametime Servers Sametime Community Servers. c. In the Sametime Community Servers list, click the deployment name of the server with the LTPA token that you want to change. d. Click the Community Services tab. e. Scroll down and click LTPA only. f. Click OK. g. Restart the Lotus Sametime Community Server for settings to take effect. Verifying that SSO is working: Test to ensure that single sign-on has been enabled between IBM Lotus Sametime Advanced and Lotus Sametime. Before you begin Log in to the Lotus Sametime Advanced server and then access the Lotus Sametime server to verify that you do not have to authenticate a second time; this ensures that single sign-on is working properly. Procedure 1. Start the Lotus Sametime Advanced server, if it is not already running. 2. Start the Lotus Sametime server, if it is not already running. 3. Open a browser, navigate to Lotus Sametime Advanced, and log in as an administrator. The Web address for Lotus Sametime Advanced looks like this, but will depend upon your own installation:
For example:
4. Next, navigate to your Lotus Sametime server's Meeting Center. The Web address for the Lotus Sametime Meeting Center looks like this, but will depend upon your own installation:
http://sametime_server.domain/stcenter.nsf
For example:
162
http://sametime.acme.com/stcenter.nsf
5. Click Attend a Meeting. 6. Check the login information on the left panel. If SSO is working, you will not be challenged to authenticate. 7. Close the Lotus Sametime Meeting Center. What to do next If you were required to log in before opening the Meeting Center, your single sign-on configuration is not working. For more information on configuring SSO for IBM products, see the IBM tech note at the following Web address:
Enabling Awareness
Enable the awareness feature in IBM Lotus Sametime Advanced so that Lotus Sametime users can be detected when they are online.
Before you begin

After you have installed your Lotus Sametime Advanced and Lotus SametimeStandard servers, you must establish a connection between them.
About this task

You establish this connection by filling in "Server Integration" fields on the Lotus Sametime Advanced server.
Procedure
1. Open the Lotus Sametime Advanced server's Administration tab by pointing a browser at the following Web address:
For example:
Note: The Web address will resemble the one shown above, but will depend upon your own deployment. 2. Log in to Lotus Sametime Advanced using the administrator account that you created during installation (for example, "stadvadmin"). 3. Click the Administration tab. 4. On the left, click Administration Settings. 5. Now click the Server Integration tab. 6. Enter the Lotus Sametime Standard server's Host name and HTTP port in the designated fields. The HTTP port is typically port 80; however, if you have configured the server to only use SSL, this value will be different (generally port 443). If you do use SSL here, be sure to complete Step 9 below to enable SSL on the port used for supporting the awareness feature in Lotus Sametime Advanced. 7. Click Save. 8. Activate your new settings by logging out and then restarting the browser before you log in again. 9. Determine whether you need to run the updateSTSettings script to modify database settings.
163
You will need to run this script if either (or both) of the following conditions is true for your Lotus Sametime Standard server: v SSL is enabled on the classic server's HTTP port (the port you specified in Step 6) v Tunneling is enabled on the classic server If neither condition is true, you have finished enabling awareness; skip the rest of the steps in this procedure. Next, you should set up a Lotus Sametime Connect client and log in with it to verify that awareness is working. If one (or both) of the conditions is true, proceed to the next step and update database settings for Lotus Sametime Advanced. 10. Download the appropriate version of the updateSTSettings script for your operating system to a server that has access to the Lotus Sametime Advanced database (the database called "STADV" in this documentation, but if you ran the archive installer on Linux it defaulted to "CHATS"). This script is stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 11. On the machine that has the DB2 client installed or on a DB2 server, open a DB2 Command prompt and connect to the database:
db2 connect to database user db2admin_user using password
12. Run the updateSTSettings script as follows: v AIX, Linux, Solaris

./updateSTSettings.sh database db2admin_user password stlinks_port web_ssl_enabled applet_ssl_enabled
v Windows
updateSTSettings.bat database db2admin_user password stlinks_port web_ssl_enabled applet_ssl_enabled
where: v database is the name of your Lotus Sametime Advanced database (STADV in this documentation, but if you ran the archive installer on Linux it defaulted to "CHATS"). v db2admin_user is the name of a user with DB2 Administrator privileges. v password is the password for the DB2 Administrator account. v stlinks_port is the port being used for awareness on the Lotus Sametime Standard server (normally "8082"). If your classic server has tunneling enabled, set this port to "80" to support that feature. v web_ssl_enable indicates whether Web-based connections to Lotus Sametime Advanced should use SSL ("true" or "false"). If your classic server has SSL enabled, set this value to "true" when you run the script. v applet_ssl_enable indicates whether the Community connection from Lotus Sametime Standard to Lotus Sametime Advanced over port 8082 should use SSL ("true" or "false"). If you set this value to "true" when you run the script, you will need to make additional changes to the classic Lotus Sametime Standard server to support the new setting. For example, enable SSL on Windows by setting the web_ssl_enable to "true":
164
updateSTSettings.bat STADV db2admin passw0rd 8082 true false
Enable tunneling on Windows by setting the stlinks_port to "80":

updateSTSettings.bat STADV db2admin passw0rd 80 false false
If you want to enable both features, you can set both parameters at the same time (you do not have to run the script twice) on Windows:
Enabling SSO and Awareness for a native Lotus Domino Directory

If your deployment uses a native IBM Lotus Domino Directory for addressing, you must complete an additional task to enabling Awareness and Single Sign-On between an IBM Lotus Sametime Advanced server and a Lotus Sametime Standard server.
Before you begin

When using a Lotus Sametime Advanced Server with a Lotus Sametime Standard server that is configured to use a native Lotus Domino Directory, enabling the Awareness and Single Sign-On features requires the following tasks: 1. Complete the steps to "Enable Single Sign-On" and "Enable Awareness" as described in the preceding topics in this section. 2. Follow the instructions in the IBM Tech Note titled "How to configure awareness when using a native Domino Directory with Sametime Advanced" to apply the Lotus Sametime Standard server patch. This Tech Note is available at the following Web address:
3. If you already configured your Lotus Domino directory on the Lotus Sametime Advanced server without specifying a base distinguished name suffix (such as c=US or c=UK) for searching, you must define a new Java Authentication and Authorization Service (JAAS) login module that is used by system resources for authentication, principal mapping, and credential mapping by completing the steps below.
About this task

Do the following on the server where you installed Lotus Sametime Advanced:
Procedure
1. Launch the Integrated Solutions Console by opening a Web browser and navigating to: http://stadv.acme.com:9060/ibm/console. 2. Click Security > Secure administration, applications, and infrastructure. 3. Under Java Authentication and Authorization Service, click System logins. 4. Click RMI_INBOUND 5. Under Additional Properties, click JAAS Login Modules. 6. Click New. 7. 8. 9. 10. Type com.ibm.stadv.domino.login.STAdvDominoLogin in the Class Name field. Click Apply, and then click Save. Click Set Order to change the processing order of the login modules. Select com.ibm.stadv.domino.login.STAdvDominoLogin and move it up to number 1.
11. Click Apply, and then click Save.

165
12. Repeat steps 4 through 11 for the WEB_INBOUND System login.
Connecting Lotus Sametime Connect clients to the Lotus Sametime Advanced server
To ensure that IBM Lotus Sametime Connect clients can access the Lotus Sametime Advanced server, you must configure clients with the correct server and port information. You do this by "pushing" the information from the server's update site.
Before you begin About this task

The update site includes plugins for the Lotus Sametime Advanced application. Any Lotus Sametime user can find out about the update site and install the plugins. Only users with a license to use Lotus Sametime Advanced can actually get the plugins to work. After users have downloaded and installed Lotus Sametime Advanced, they might need to access an update site to install: v A new feature that you have purchased or developed yourself using the IBM Lotus Sametime Advanced Software Development Kit. v An update that IBM has provided for an existing feature.
Providing an update site for clients

Provide an update site on the HTTP server that allows Lotus Sametime Connect clients to install plugins and features for Lotus Sametime Advanced.
Before you begin

Note: If you used the archive installation program on Linux, the update site was set up for you during installation and you can skip this task. Before beginning this task, make sure you have installed and configured the following applications and their prerequisite components: v Lotus Sametime Standard v Lotus Sametime Advanced v IBM HTTP Server
Procedure
1. Make sure you have downloaded the appropriate files to the computer where you will install the Lotus Sametime Advanced Client Update site. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document at www.ibm.com/support/ docview.wss?rs=477&uid=swg24018149. The Sametime Advanced Client plugins are packaged with the Sametime Advanced Server, in the AdvUpdateSite directory. 2. Copy sametime.advanced.update.site.zip to a local folder on the computer that will host the update site. 3. Navigate to the http document root folder for IBM HTTP Server. Typically, the folder is located in the Program Files\IBM\HTTPServer\htdocs\ locale folder; for example, on Windows:
C:\Program Files\IBM\HTTPServer\htdocs\en_US
166
If you do not know the folder's name or location, check the httpd.conf file located inC:\Program Files\IBM\HTTPServer\conf. 4. Create a subfolder called updatesite. 5. In this new folder, unzip sametime.advanced.update.site.zip. Now that the update site is posted, you should test it with the following steps. 6. Check the folder structure on your HTTP server: a. The update folders should be located under the http document root folder. For example:
C:\Program Files\IBM\HTTPServer\htdocs\en_US\updatesite\
b. The updatesite folder should contain the following: v site.xml v plugins v features 7. Start the HTTP server and use a Web browser to connect to the update URL: http://server_host/updatesite/site.xml. For example:
http://stadv.acme.com/updatesite/site.xml
Make sure the contents of the site.xml file are displayed.
What to do next
After you have verified the update site, you must edit the plugin_customization.ini file with the IBM Lotus Sametime Advanced default settings for Lotus Sametime Connect client preferences. See the next topic. Setting up Sametime default client preferences for Sametime Advanced: The plugin_customization.ini configuration file lets you customize the IBM Lotus Sametime Advanced default settings for Lotus Sametime Connect client preferences. You can set the Lotus Sametime Advanced server names and port numbers for all your users in this file. You can also use this to deploy clients to have consistent behavior so that all users have a similar experience with Lotus Sametime Advanced. This method does not force the settings to stick; it simply sets the default setting. About this task You create the plugin_customization.ini file with the default preferences that you want. The feature should then be posted on a Lotus Sametime Advanced update site for the Lotus Sametime clients to download. When a new client logs in, it finds the new customization feature and downloads it. The client restarts and reads the new preferences. The client never downloads the feature again since it has already been installed. Every time the client starts, the plugin_customization.ini preferences are read. The following steps explain how to create the plugin_customization.ini file. Procedure 1. Create a file named plugin_customization.ini with the default settings that you want for the client.
167
Note: Note: The following common fields must be modified: sametimeAdvancedServerName, sametimeAdvancedServerPort, sametimeCommunityServer, broadcastToolsServerName, and broadcastToolsServerPort. broadcastToolsServerPort is always set to 1506. Here is an example of the settings:
#Set the Lotus Sametime Advanced broadcast server host name com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerName=sales3.acme.com #Set the Lotus Sametime Advanced broadcast server port com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerPort=1234 #Set the Lotus Sametime Advanced broadcast server community host name com.ibm.collaboration.realtime.bcs/sametimeCommunityServer= #Set the WebSphere Event Broker server host name com.ibm.collaboration.realtime.bcs/broadcastToolsServerName=test.mul.ie.ibm.com #Set the WebSphere Event Broker server port here com.ibm.collaboration.realtime.bcs/broadcastToolsServerPort=4321 #Use SSL while connecting to the server? Set to true to use HTTPS; #False to use plain HTTP com.ibm.collaboration.realtime.bcs/useHTTPS=false #Connection type to connect to the Lotus Sametime Advanced server. #Set to one of the following -# 0 = Direct connection to the server # 1 = Connect via reverse proxy com.ibm.collaboration.realtime.bcs/advancedServerConnectionType= #Connection type to connect to the broadcast tools server. #Set to one of the following values -#1 = Direct connection to the server #2 = Use SSL (HTTPS) #3 = Use reverse proxies com.ibm.collaboration.realtime.bcs/broadcastServerConnectionType= #Set to true if using a HTTP forward proxy; otherwise, set to false. com.ibm.collaboration.realtime.bcs/useHttpProxy= #Proxy IP or host name if using a HTTP proxy; Leave blank otherwise com.ibm.collaboration.realtime.bcs/proxyHost= #HTTP proxy port to connect to com.ibm.collaboration.realtime.bcs/proxyPort= #User name if the HTTP proxy requires authentication. Leave blank otherwise. com.ibm.collaboration.realtime.bcs/proxyUserName= #Set the reverse proxy base URL to use if connecting via a reverse proxy. #Leave blank otherwise. #For example: http://mycompany.com/mycontext com.ibm.collaboration.realtime.bcs/reverseProxyBaseURL= #Set the reverse proxy user name if the proxy is authenticating. #Leave blank if not using reverse proxies com.ibm.collaboration.realtime.bcs/reverseProxyUserName= com.ibm.collaboration.realtime.bcs/jmsProtocol=disthub com.ibm.collaboration.realtime.bcs/groupServicePath=/cas/services/GroupMemberService com.ibm.collaboration.realtime.bcs/skilltapServicePath=/skilltapws/servlet/rpcrouter com.ibm.collaboration.realtime.bcs/liveNameResolveTimeout=10000 com.ibm.collaboration.realtime.bcs/noWildcardSubscriptions=true com.ibm.collaboration.realtime.bcs/notifyNewOpenCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewModeratedCommunities=true com.ibm.collaboration.realtime.bcs/notifyNewPrivateCommunities=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockBroadcastOnInMeeting=false com.ibm.collaboration.realtime.bcs/notifyChatRoomAddMember=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnDoNotDisturb=true com.ibm.collaboration.realtime.bcs/blockChatRoomNotifyOnInMeeting=false com.ibm.collaboration.realtime.community/loginTokenRefreshInterval=86100000 #Set to "email" to use the Lotus Sametime IDs email directory field com.ibm.collaboration.realtime.bcs/sametimeAdvancedServerUserIdType= #Using token login by default
168
com.ibm.collaboration.realtime.bcs/loginAuthUrl=/token_check.jsp com.ibm.collaboration.realtime.bcs/loginSuccessUrl=/stadvanced/ com.ibm.collaboration.realtime.bcs/useTokens=true
2. Save and close the file. 3. Post the updated plugin_customization.ini in the root location of the update site URL set in the Sametime Instant Messaging policy. If the policy value is http://server.com, then add it here: http://server.com/ plugin_customization.ini. Once the policy is configured, the plugin_customizatoin.ini is automatically pushed to the clients. The plugin_customization.ini is discovered and provisioned along with any other updates from the update site URL. For more information on configuring Sametime Connect Client user preferences, see Methods to configure Sametime Connect Client 8 user preferences. Lotus Sametime Advanced client preferences: The following table contains the IBM Lotus Sametime Advanced preferences for the Lotus Sametime Connect client that are set by administrators in the plugin_customization.ini file.
Entry Description
com.ibm.collaboration.realtime.bcs/ Required. Fully qualified IBM WebSphere Application sametimeAdvancedServerName= Server host name, for example: sales.acme.com (resides on the same computer as Lotus Sametime Advanced). com.ibm.collaboration.realtime.bcs/ Required. Lotus Sametime Advanced server port sametimeAdvancedServerPort= number. com.ibm.collaboration.realtime.bcs/ Required. Default Lotus Sametime community host sametimeCommunityServer name. This is the server users log in to for awareness and chat. com.ibm.collaboration.realtime.bcs/ Required. Fully qualified WebSphere Event Broker broadcastToolsServerName= server host name. com.ibm.collaboration.realtime.bcs/ Required. WebSphere Event Broker server port broadcastToolsServerPort= number com.ibm.collaboration.realtime.bcs/ If you are using SSL while connecting to the server, useHTTPS=false set to true. If you are using HTTP set to false. com.ibm.collaboration.realtime.bcs/ Connection type to connect to the Lotus Sametime advancedServerConnectionType= Advanced server. Set to 0 for a direct connection to the server. Set to 1 to connect through a reverse proxy. com.ibm.collaboration.realtime.bcs/ Connection type to connect to the Broadcast tools broadcastServerConnectionType= server. Set to 1 for a direct connection to the server. Set to 2 to connect using SSL (HTTPS) Set to 3 to use reverse proxies. com.ibm.collaboration.realtime.bcs/ Set to true if you are using an HTTP forward proxy, useHttpProxy= otherwise set it to false. com.ibm.collaboration.realtime.bcs/ Enter the proxy IP address or host name if you are proxyHost= using a HTTP proxy, otherwise leave it blank. com.ibm.collaboration.realtime.bcs/ Enter the HTTP proxy port to which you are proxyPort= connecting. com.ibm.collaboration.realtime.bcs/ Enter the user name if the HTTP proxy requires one proxyUserName= for authentication, otherwise leave it blank.
169
Entry
Description
com.ibm.collaboration.realtime.bcs/ Enter the reverse proxy base URL to use if connecting reverseProxyBaseURL= through a reverse proxy. For example: http://mycompany.com/mycontext. Leave blank otherwise. com.ibm.collaboration.realtime.bcs/ Enter the reverse proxy user name if the proxy is reverseProxyUserName= authenticating. Leave blank if you are not using reverse proxies. com.ibm.collaboration.realtime.bcs/ Internal protocol for connecting to WebSphere Event jmsProtocol=disthub Broker. Enter disthub (no SSL) or disthubs (with SSL). com.ibm.collaboration.realtime.bcs/ Time allowed in milliseconds for awareness names to liveNameResolveTimeout=10000 resolve. com.ibm.collaboration.realtime.bcs/ Prohibits licensing to users and groups with wildcard noWildcardSubscriptions=true characters in their names. com.ibm.collaboration.realtime.bcs/ Alert users when a new open community is created. notifyNewOpenCommunities=true com.ibm.collaboration.realtime.bcs/ Alert users when a new moderated community is notifyNewModeratedCommunities=true created. com.ibm.collaboration.realtime.bcs/ Alert users when a new private community is created. notifyNewPrivateCommunities=true com.ibm.collaboration.realtime.bcs/ Blocks broadcasts when user has set client to "Do not blockBroadcastOnDoNotDisturb=true disturb". com.ibm.collaboration.realtime.bcs/ Blocks broadcast when user is in a meeting. blockBroadcastOnInMeeting=false com.ibm.collaboration.realtime.bcs/ Alert users when a chat room has a new member. notifyChatRoomAddMember=true com.ibm.collaboration.realtime.bcs/block chat room notifications when user has set Blocks ChatRoomNotifyOnDoNotDisturb=true to "Do not disturb". client com.ibm.collaboration.realtime.bcs/block chat room notifications when user is in a Blocks ChatRoomNotifyOnInMeeting=false meeting. com.ibm.collaboration.realtime.bcs/ Set to "email" to use the Sametime ID's email broadcastServerUserIdType=email directory field. You need to use the same property value to log in to both the Sametime client and Sametime Advanced. com.ibm.collaboration.realtime.bcs/ Determines whether or not the client uses LTPA token useTokens=true at login. If it is set to false, then users must save their passwords when they log in. com.ibm.collaboration.realtime.community/loginTokenRefreshInterval=86100000 LTPA token timeout in seconds. IBM recommends 86100000 (23 hours and 55 minutes).
170
Entry
Description
com.ibm.collaboration.realtime.instantshare/ instantshare plug-in to use the application Set the appsharePreference=1 sharing component of either the Lotus Sametime Meeting Server or the Lotus Sametime Classic meeting service: v 1 - Try the Lotus Sametime Meeting Server application sharing component, and if it fails try the Lotus Sametime Classic meeting service application sharing component (default). v 2 - Use only the Lotus Sametime Meeting Server application sharing component. v 3 - Use only the Lotus Sametime Classic meeting service application sharing component. com.ibm.collaboration.realtime.instantShare/useTokens=true Set to "true" only if InstantShare is configured to use an alternate server and LTPA token is required at login.
Setting Sametime policies for your update site: When you set up your IBM Lotus Sametime Advanced update site, you need to specify policies on the Sametime Standard server for how users will get the Lotus Sametime Advanced plug-ins as well as updates. Before you begin Before you begin, you should have installed the HTTP server and set up an update site on the server. About this task There are two methods for pushing updates to users: v Automatic Updates: Administrators can provision new or updated Lotus Sametime Advanced plug-ins to their clients in a "push" mode so that all clients use the same set of features. The push method enables the client to receive updates automatically whenever he or she logs in to Lotus Sametime Connect. v Optional Updates: Administrators can also provide new Lotus Sametime Advanced features to their clients as an option. With the optional method, the user is notified that updates are available when logging in to the Lotus Sametime Connect client. The user selects which updates to install, if any. Procedure 1. Log in to the Integrated Solutions Console. 2. Click Sametime System Console. 3. Click Manage Policies. 4. Click Instant Messaging. 5. Select a policy name from the list, and click Edit. Choose a policy that is available to Lotus Sametime Advanced users. You can also create a policy exclusively for Lotus Sametime Advanced users. You might want to do this if Advanced users are a subset of Sametime users or if you plan an maintaining separate update sites on the Sametime and Sametime advanced servers.
171
6. If you want to set up automatic updates, then add the update site URL to the Sametime update site URL field. If you already have an existing update site in the URL, for example for Sametime Standard users, then you can add an additional URL for Sametime Advanced separated by a semicolon or a comma.
http://<sametime_host_name>/updatesite, http://<stadvanced_host_name>/updatesite
7. If you want to set up an optional updates, then add the update site URL in the Sametime optional plug-in site URLs field.
http://<stadvanced_host_name>/updatesite
8. Click Done.
Accessing Lotus Sametime Advanced from a browser

If you need to access your IBM Lotus Sametime Advanced server for administrative purposes, you can use any browser in the deployment.
About this task

The Web addresses that you use will resemble the ones shown below, but the host name and ports will depend upon your own deployment.
Procedure
1. Access the Lotus Sametime Advanced server with the following Web address, so you can use the Administrative interface:
For example:
2. Access the Integrated Solutions Console (ISC) for IBM WebSphere Application Server with the following URL:
For example:
Configuring SSL
This section provides steps for setting up Secure Sockets Layer (SSL) for IBM Lotus Sametime Advanced.
About this task

SSL provides encrypted communications for Lotus Sametime Advanced communities. The foundation technology for SSL is public key cryptography, which guarantees that when an entity encrypts data using its private key, only entities with the corresponding public key can decrypt that data. Because Lotus Sametime Advanced is a collection of enterprise services there is no central location for SSL configuration. Each of these service components must be addressed for SSL configuration. The following topics contain instructions for implementing SSL authentication.
Configuring SSL for the Sametime Advanced Server

These procedures describe how to set up Secure Sockets Layer (SSL) on a IBM Lotus Sametime Advanced server.
172
Before you begin

Before you begin, install and connect Lotus Sametime Advanced to an LDAP directory.
About this task

To have a secure network connection, create a key for secure network communications and receive a certificate from a certificate authority (CA) that is designated as a trusted CA on your server. WebSphere Application Server uses the certificates that reside in keystores to establish trust for a SSL connection. WebSphere Application Server creates the key.p12 default keystore file and the trust.p12 default truststore file during profile creation. A default, self-signed certificate is also created in the key.p12 file at this time. Note: If you use a certificate other than the default self-signed certificate provided, ensure that the SSL certificate contains the Basic Constraints extension. Do not use a non-SSLv3-compliant self-signed CA. WebSphere Application Server 6.1 uses the IBM JDK 1.5.0 JSSE2 which checks for the presence of the Basic Constraints extension. If the extension is not set, WebSphere Application Server assumes that the CA is not a valid CA but a user certificate, which in returns doesn't allow to validate a server certificate as valid, because the issuing CA is not found. The following procedures describe how to request a Certificate Authority-signed certificate, receive the request, then extract the certificate to the keystore. For complete details for setting up SSL in WebSphere Application Server, see the WebSphere Application Server information center.
Purchasing a certificate from a Certificate Authority

Purchase a Certificate Authority-signed certificate for secure connections in IBM Lotus Sametime Advanced.
About this task

The server certificate installed on the Sametime Advanced must conform to RFC 3280 certificate standards. When requesting a certificate, check with the vendor to make sure that the certificate supports both TLS Web Server Authentication and TLS Web Client Authentication. Some certificate authorities provide certificates that support server authentication only or client authentication only. Certificates must include both server and client authentication EKU flags. The certificates meet these standards. It is your responsibility to make sure that the certificate supports both.
Procedure
1. Review the list of Certificate Authorities. 2. Purchase a certificate that supports both client and server authentication.
Defining the SSL configuration

Complete these steps to create a new SSL configuration.
About this task

Secure Sockets Layer (SSL) configurations contain the attributes that you need to control the behavior of client and server SSL endpoints. You create a single SSL
173
configuration to be used on the inbound and outbound trees in the configuration topology.
Procedure
1. Using the Integrated Solutions Console, click Security SSL certificate and key management Manage endpoint security configurations. 2. Select a node link on the Inbound tree because you are defining an SSL configuration for one IBM Lotus Sametime node. The scope must be associated with an SSL configuration because it represents the default SSL configuration for the inbound or outbound connection. 3. Click SSL configurations under Related Items. 4. Click New to display the SSL configuration panel. 5. Type a unique configuration name and click Apply. 6. From the Trust store name drop-down list, select NodeDefaultTrustStore. A truststore name refers to a specific truststore that holds signer certificates that validate the trust of certificates sent by remote connections during an SSL handshake. 7. Select a Keystore name from the Keystore name drop-down list. Select NodeDefaultKeyStore. A keystore contains the personal certificates that represent a signer identity and the private key that WebSphere Application Server uses to encrypt and sign data. 8. Click OK, and then click Save to save the new SSL configuration.
Requesting a certificate signed by a Certificate Authority

To ensure Secure Sockets Layer (SSL) communication, servers require a personal certificate that is signed by a certificate authority (CA). You must first create a personal certificate request to obtain a certificate that is signed by a CA.
Before you begin

The keystore that contains a personal certificate request must already exist. In WebSphere Application Server, the keystore file key.p12 exists.
About this task

Complete the following tasks in the IBM WebSphere Integrated Solutions Console.
Procedure
1. Click Security SSL certificate and key management Related items Key stores and certificates NodeDefaultKeyStore. 2. Under "Additional Properties," click Personal certificate requests. 3. Click New. 4. In the File for certificate request field, type the full path where the certificate request is to be stored, plus a file name. For example: c:\servercertreq.arm (for a Windows machine). 5. Type an alias name in the Key label field. The alias is the name you use to identify the certificate request in the keystore. 6. Type a common name (CN) value. The CN must be the publicly resolvable, fully qualified, DNS host name of your IBM Lotus Sametime Advanced server, and must match the domain name of your community. For example, if your Sametime Advanced
174
7. 8. 9. 10. 11. 12. 13.
community is us.acme.com, then the domain for the CN of the SSL certificate that you create for your community must be us.acme.com. Type an organization name in the Organization field. This value is the "organization" value in the certificate's distinguished name. In the Organization unit field, type the "organization unit" portion of the distinguished name. In the Locality field, type the "locality" portion of the distinguished name. In the State or Province field, type the "state" portion of the distinguished name. In the Zip Code field, type the "zip code" portion of the distinguished name. In the Country or region drop down list, select the two-letter "country code" portion of the distinguished name. Click Apply and Save. The certificate request is created in the specified file location in the keystore. The request functions as a temporary placeholder for the signed certificate until you manually receive the certificate in the keystore.
Note: Key store tools (such as iKeyman and keyTool) cannot receive signed certificates that are generated by certificate requests from WebSphere Application Server. Similarly, WebSphere Application Server cannot accept certificates that are generated by certificate requests from other keystore utilities. 14. Send the certification request arm file to a Certificate Authority for signing. 15. Make a backup copy of your keystore file. Make this backup before receiving the CA-signed certificate into the keystore. The default password for the keystore is WebAS. The Integrated Solutions Console has the path information for the keystore's location. Make a backup copy of your keystore file. Make this backup before receiving the CA-signed certificate into the keystore. The default password for the keystore is WebAS. The Integrated Solutions Console has the path information for the keystore's location. The path to the NodeDefaultKeyStore is listed in the Integrated Solutions Console as:
sametime_adv_profile\config\cells\cell_name\nodes\node_name\key.p12
What to do next
Now you can receive the CA-signed certificate into the keystore to complete the process of generating a signed certificate for your server.
Importing intermediate CA certificates into the keystore

IBM WebSphere Application Server creates a certificate chain when the signed certificate is received. The chain is constructed from the signer certificates that are in the keystore at the time the certificate is received. Therefore, it is important to import all intermediate certificates as signer certificates into the keystore before receiving the Certificate Authority-signed certificate. When you purchase a server certificate for IBM Lotus Sametime Advanced, the certificate is issued by a Certificate Authority (CA). The CA can either be a root CA or an intermediary CA.
About this task

If your server certificate is issued by an intermediary CA, then complete the steps that follow, otherwise skip these steps.
175
Procedure
1. Before you import an intermediate CA, first determine if your server's certificate was issued by an intermediary CA: a. Save the signed certificate to a text file with a .cer extension. For example: signed-certificate.cer. Include the Begin Certificate and End Certificate lines when you save the file. For example:
-----BEGIN CERTIFICATE----ZZZZ3zCCAkigAwIBAgIDB5iRMA0GCSqGSIb3DQEBBQUAME4xCzAJBgNVBAYTAlVT MRAwDgZZZZQKEwdFcXVpZmF4MS0wKwYDVQQLEyRFcXVpZmF4IFNlY3VyZSBDZXJ0 aWZpY2F0ZSBBdXRZZZZpdHkwHhcNMDcwNjE4MTkwNDI3WhcNMDgwNjE4MTkwNDI3 WjBqMQswCQYDVQQGEwJVUZZZZwGA1UECBMFVGV4YXMxDzANBgNVBAcTBkF1fc3Rp bjEMMAoGA1UEChMDSUJNMRAwDgYDVQQLEwdzdXBwb3J0MRowGAYDVQQDExFydGNn YXRlLmxvdHVzLmNvbTCBnzANBZZZZiG9w0BAQEFAAOBjQAwgYkCgYEAlb7fl36ti obgdUzUYoFuJhRVZqItvBskeVFSOqDuQ4TwOAvaPTySx3z7ddFHSHwoFVOVIkU2g OPiRcPY8oYlZ5R7Bq1fI/t5MFUTJhYw7k6z95jfIufzai2Bn3e+jzm7ivJ5dckEZ Gm3ajjYQgwjCJBfOh7P9fE13dWJSZZZZzWcCAwEAAaOBrjCBqzAOBgNVHQ8BAf8E BAMCBPAwHQYDVR0OBBYEFMHrh2oiTGbcBH759lnRZZZZn+NSMDoGA1UdHwQzMDEw L6AtoCuGKWh0dHA6Ly9jcmwuZ2VvdHJ1c3QuY29tL2NybHMvc2VjdXJlY2EuY3Js MB8GA1UdIwQYMBaAFEjmaPkr0rKV10fYIyAQTzOYkJ/ZZZZGA1UdJQQWMBQGCCsG AQUFBwMBBggrBgEFBQcDAjANBZZZZkiG9w0BAQUFAAOBgQBKq8lUVj/DOPuNL/Nn IGlrr1ot8VoZS7wZZZZlgeQLOmnZjIdRkbaoH04N3W3qZsQVs2/h4JZJj3mKVjjX FeRVHFFyGZZZZ4hHWH+Zqf/PJwjhVPKEwsiKFaAGJS5VzP3btMG8tGan02zZUE4L wPZZZZpMmvPI3U12W+76bqyvVg== -----END CERTIFICATE-----
b. Double-click on the new file that you created and a Certificate dialog box opens. c. Click on the Certification Path tab. d. Look at the tree-like structure representing the full certificate chain. The top of the chain is referred to as the root Certificate Authority (CA). The bottom of the chain represents your server's certificate. If your server is not listed one-level below the root CA, then your certificate was issued by an intermediary CA. However, if your server is listed one-level below the root CA, then the certificate was issued by the root CA. e. If the server certificate is not issued by an intermediary CA, stop here. 2. Once you determine that the certificate is an intermediate certificate, you must export the certificate from the chain into its own certificate file: a. Double-click the server's certificate (i.e. server.cer) file and a Certificate dialog box opens. b. Click Certification Path tab. c. Highlight an entry of the certificate chain. d. Click View Certificate. In the Certificate dialog window, click the Details tab. Click Copy to File... In the Certificate Export Wizard that appears, click Next. Select Base-64 encoded X.509 (.CER), and click Next. Type in a unique name for the certificate you are exporting and click Next. For example, "VS-intermediary-CA" for VeriSigns intermediary certificate authority. j. Click Finish. k. Click OK in the dialog box that displays the following message: The export was successful. l. Repeat the preceding sub steps for each intermediate certificate in the chain. Note that there is no need to repeat these steps for the bottom entry of the e. f. g. h. i.
176
chain because the servers certificate already exists. When you are done, you will have a certificate file (.cer) for each entry of the chain. In our example, there are three certificate files:
Certificate type Root Intermediary Server Name VeriSign Class 3 Public Primary CA VeriSign Class 3 Secure Server CA sametime_advanced_server Certificate file name VS-root-CA.cer VS-intermediary-CA.cer sametime_advanced_servercer
3. Finally, import the intermediary CA certificate into the keystore by completing the following steps: a. Using the Integrated Solutions Console, click Security SSL Certificate and key management. b. Click Key stores and certificates. c. Click NodeDefaultKeyStore. d. Click Signer certificates. e. Click Add. f. In the Alias field, type a short descriptive name for the certificate. For example, "Verisign Intermediary CA." g. In the File name field, type the path to the certificate file of the intermediary CA. For example, C:\certs\VS-intermediary-CA.cer. h. Accept the default file data type. i. Click Apply and Save. j. Repeat the preceding steps for each intermediary CA that is part of the certificate chain. In most cases, only one intermediary CA exists.
Receiving a signed certificate issued by a Certificate Authority

When a certificate authority (CA) receives a certificate request, it issues a new certificate that functions as a temporary placeholder for a CA-issued certificate. A keystore receives the certificate from the CA and generates a CA-signed personal certificate that WebSphere Application Server can use for Secure Sockets Layer (SSL) security.
Before you begin

The keystore must contain the certificate request that was created and sent to the CA. Also, the keystore must be able to access the certificate that is returned by the CA.
About this task

IBM WebSphere Application Server can receive only those certificates that are generated by a WebSphere Application Server certificate request. It cannot receive certificates that are created with certificate requests from other keystore tools, such as iKeyman and keyTool. Note: WebSphere Application Server creates the certificate chain when the signed certificate is received. The chain is constructed from the signer certificates that are in the keystore at the time the certificate is received. Be sure to import all intermediate certificates as signer certificates into the keystore before receiving the CA-signed certificate.
177
Procedure
1. In the Integrated Solutions Console, click Security SSL certificate and key management Manage endpoint security configurations and trust zones. 2. Select the node on the Inbound tree. 3. Click Manage certificates. 4. Click Receive a certificate from a certificate authority. 5. Type the full path and name of the certificate file. 6. Select the default data type from the list. 7. Click Apply and Save.
What to do next
The keystore contains a new personal certificate that is issued by a CA. The SSL configuration is ready to use the new CA-signed personal certificate.
Extracting the certificate

Once a keystore has been configured by creating a certificate request and importing the reply, the IBM WebSphere Application Server can extract the signer or public key from the certificate so you can send it to a third party if necessary.
Before you begin

The keystore that contains a personal certificate must already exist.
Procedure
1. Click Security SSL certificate and key management Manage endpoint security configurations. 2. Select your IBM Lotus Sametime Advanced server node on the Outbound tree. 3. Click Manage certificates. 4. Select the certificate that was just imported and click Extract in the upper right corner. 5. Type the full path for the certificate file name. The signer certificate is written to this certificate file. For example, in Windows:
c:\certificates\local_cert.arm
6. Select the default data type from the list. 7. Click Apply and Save. The signer portion of the personal certificate is stored in the arm file that is provided. Now you are ready to add a third party certificate to a keystore.
What to do next
If the third party with whom you are going to share SSL security does have a shared CA that verifies your identity, you can send your public key in an email to the third party. They can then add your certificate to their trusted key store.
Adding a third party certificate to a keystore

Signer certificates establish the trust relationship in SSL communication. You can extract the signer part of a personal certificate from a keystore, and then you can add the signer certificate to other keystores.
178
Before you begin

Extract the certificate first before performing these steps.
Procedure
1. Click Security SSL Certificate and key management Key stores and certificates NodeDefaultTrustStore Signer Certificate . 2. Click Add. 3. Type an alias to identify the Certificate Authority in the Alias field. 4. Type in the full path to the file name containing the Certificate Authority's public key. For example:
c:\certificates\acme_external_community.arm
5.
Select the data type and click OK.
What to do next
When these steps are completed, the signer from the certificate file is stored in the keystore. You can see the signer in the keystore files list of signer certificates. Use the keystore to establish trust relationships for the SSL configurations.
Setting up Sametime Advanced to use a new certificate

Set up the IBM Lotus Sametime Advanced server to use the defined SSL configuration with the new certificate.
Before you begin

You must add a new certificate to the key store before you can perform these steps.
Procedure
1. Click Security SSL certificate and key management Manage endpoint security configurations. 2. Expand the Inbound node, and then expand Nodes. 3. Select the SSL Configuration name from the drop down list that you specified when you defined the SSL configuration. 4. Click Update certificate alias list. 5. Select the certificate alias from the Certificate alias in key store drop down that you specified when you received the certificates from the CA. 6. Click Apply and then Save. 7. Repeat the preceding steps on the Outbound node of the local topology tree. 8. Restart the Lotus Sametime Advanced server.
Configuring SSL for Web access to Sametime Advanced

The IBM HTTP Server works with the IBM WebSphere Application Server to provide Web access for IBM Lotus Sametime Advanced.
About this task

Sametime Advanced allows users to choose a direct communication between their Web browsers and the Sametime Advanced server or through the IBM HTTP server. Both types of communications can be configured to use SSL.
179
Accessing Lotus Sametime Advanced from a browser without an IBM HTTP Server There is no configuration required, so you can access the IBM Lotus Sametime Advanced server using this type of URL:
https://<hostname_or_IPaddress>:9443/stadvanced
For example:
https://stadv.acme.com:9443/stadvanced
Configuring SSL to access Lotus Sametime Advanced from a browser with an IBM HTTP server
Procedure
1. Use a text editor to open the following file: 2. In the httpd.conf file, find the directory in which the plugin-cfg.xml file is stored by searching for the WebSpherePluginConfig line. It should look like this:
WebSpherePluginConfig "C:\Program Files\IBM\HTTPServer\Plugins\config\stadvhttp\plugin-cfg.xml"
<IBM HTTP Installed directory>\conf\httpd.conf. For example: C:\Program Files\IBM\HTTPServer\con
3. Open the plugin-cfg.xml file, find the directory in which the key database file (*.kdb) is stored by searching for the term "keyring". For example:
<Property Name="keyring" Value=C:\Program Files\IBM\HTTPServer\Plugins\config\stadvhttp\plugin-ke
Note: You will need to use this location later. 4. In the httpd.conf file, add the following lines at the bottom of the file:
# loads IHS proxy and SSL modules LoadModule proxy_module modules/mod_proxy.so LoadModule proxy_http_module modules/mod_proxy_http.so LoadModule ibm_ssl_module modules/mod_ibm_ssl.so # HTTPS <ifModule mod_ibm_ssl.c> Listen 0.0.0.0:443 <VirtualHost *:443> CustomLog logs/access-443.log common ErrorLog logs/error-443.log
Keyfile "<The location and the file name you noted in step 3>" (For example: Keyfile "C:\Progra SSLStashfile "<The location you noted in step 3>/plugin-#key.sth" (For example: SSLStashfile "C SSLEnable </VirtualHost> </ifModule>
5. Save and close the file. 6. Add the extracted Lotus Sametime Advanced certificate to your key database file using iKeyMan a. Copy c:\certificates\local_cert.arm which you extracted in "Extracting the certificate" to your IBM HTTP Server machine. b. Open a command prompt window and navigate to the IBM HTTP Server installed directory, for example, C:\Program Files\IBM\HTTPServer c. Navigate to the bin directory and type iKeyMan. d. Select Key Database File from the main menu, then select Open and then select a key database type of CMS.
180
e. Specify the filename and location you found previously. For example: plugin-key.kdb and C:\Program Files\IBM\HTTPServer\Plugins\config\ stadvhttp\plugin-key.kdb. f. Click OK, and then enter the password. Note: If you have not given this file another password, the default password from the IBM WebSphere Application Server is WebAS (case sensitive). Select it, then Open, and click OK. Supply a name if you are prompted. g. Click the Personal Certificates drop down menu and then select Signer Certificates.
h. Click Add. i. Browse to the file you copied in step 6a (local_cert.arm), j. Click Key Database File Save As and replace IBM/HTTPServer/Plugins/ config/stadvhttp/plugin-key.kdb. k. Enter the password WebAS. l. Select Key Database File Exit. 7. Restart the IBM HTTP Server in Windows services. 8. Open a browser, type the following URL to test your SSL Connection:
https://<your Sametime Advanced host name:443>/stadvanced/
Configuring SSL for the Sametime Client

You can configure the IBM Lotus Sametime Connect client to communicate with IBM Lotus Sametime Advanced with SSL either with or without using an IBM HTTP Server.
Configuring SSL for the Sametime client without an IBM HTTP Server
Follow these steps to configure the IBM Lotus Sametime Connect client to communicate with IBM Lotus Sametime Advanced without using the IBM HTTP Server. Setting client preferences to use SSL without HTTP server: The IBM Lotus Sametime Connect client must be configured with the appropriate port numbers and connection protocol if you want to use Lotus Sametime Advanced features with an SSL connection. SSL is typically set up correctly by an administrator, but an end user can also configure the client by following these instructions. Procedure 1. In Lotus Sametime Connect, click File Preferences. 2. Click Chat Rooms and Broadcast Tools Sametime Advanced Server. a. Click Direct Connection. b. Type the fully qualified host name of your Lotus Sametime Advanced server in the Host server field. c. Type 9443 in the Port field. d. Next to Protocol, click HTTPS. 3. Click OK.
181
Configuring SSL for the Sametime client using an IBM HTTP Server
Follow these steps to configure the IBM Lotus Sametime Connect client to communicate with IBM Lotus Sametime Advanced using SSL with the IBM HTTP server Purchasing a certificate from a Certificate Authority: Purchase a Certificate Authority-signed certificate for secure connections in IBM Lotus Sametime Advanced. About this task The server certificate installed on the Sametime Advanced must conform to RFC 3280 certificate standards. When requesting a certificate, check with the vendor to make sure that the certificate supports both TLS Web Server Authentication and TLS Web Client Authentication. Some certificate authorities provide certificates that support server authentication only or client authentication only. Certificates must include both server and client authentication EKU flags. The certificates meet these standards. It is your responsibility to make sure that the certificate supports both. Procedure 1. Review the Certificate Authorities. 2. Purchase a certificate that supports both client and server authentication. Requesting a certificate signed by a Certificate Authority: Follow these steps to request a signed certificate. Procedure 1. Open a command prompt window and navigate to IBM HTTP Server installed directory, for example, C:\Program Files\IBM\HTTPServer. 2. Navigate to the bin directory, and type iKeyMan. 3. Select Key Database File from the main menu, then select New. 4. In the New dialog box, click the CMS for Key database type. . 5. Enter a file name and a location, and click OK. 6. In the Password Prompt dialog box, enter your correct password, and click OK. 7. Click New on the right side menu bar. 8. In the New Key and Certificate Request dialog box, enter an alias name in the Key label field. The alias is the name you use to identify the certificate request in the keystore. 9. Enter a common name (CN) value. The CN value must be the publicly resolvable, fully qualified, DNS host name of your IBM Lotus Sametime Advanced server, and must match the domain name of your community. For example, if your Sametime Advanced community is us.acme.com, then the domain for the CN of the SSL certificate that you create for your community must be us.acme.com. 10. You can enter values for the optional fields. 11. In the Enter the name of a file in which to store the certificate request field, type the full path where the certificate request is to be stored, plus a file name. For example: c:\servercertreq.arm (for a Windows machine).
182
12. Click OK. 13. Send the certification request arm file to a Certificate Authority for signing. 14. Make a backup copy of your keystore file. Receiving a signed certificate issued by a Certificate Authority: A keystore receives the certificate from the CA and generates a CA-signed personal certificate that IBM HTTP server can use for Secure Sockets Layer (SSL) security. About this task The keystore must contain the certificate request that was created and sent to the CA. Also, the keystore must be able to access the certificate that is returned by the CA. To receive the CA-signed certificate into a key database: Procedure 1. Open a command prompt window and navigate to IBM HTTP Server installed directory, for example, C:\Program Files\IBM\HTTPServer 2. Change to the bin directory and type iKeyMan. 3. Select Key Database File from the main menu, then select Open. 4. In the Open dialog box, select CMS for Key database type, enter your key database name you created, or click on key.kdb if you are using the default. Click OK. 5. In the Password Prompt dialog box, enter your correct password, then click OK. 6. Select Personal Certificates in the Key Database content frame, then click Receive. 7. In the Receive Certificate from a File dialog box, enter the name of a valid Base64-encoded file in the Certificate file name text field. Click OK. 8. Restart IBM HTTP Server. The keystore contains a new personal certificate that is issued by a CA. The SSL configuration is ready to use the new CA-signed personal certificate. Extracting the certificate: Procedure 1. Open a command prompt window and navigate to IBM HTTP Server installed directory, for example, C:\Program Files\IBM\HTTPServer 2. Change to the bin directory and type iKeyMan. 3. Select Key Database File from the main menu, then select Open. 4. In the Open dialog box, select CMS for Key database type, enter your key database name that you created or click on key.kdb if you are using the default. Click OK. 5. In the Password Prompt dialog box, enter your correct password, then click OK. 6. Select Personal Certificates in the Key Database content frame, then click Extract Certificate. 7. In the Extract Certificate to a file dialog, select Base64-encoded ASCII data for Data type. 8. Type a file name for the certificate file name. The signer certificate is written to this certificate file. For example, in Windows: c:\certificates\local_cert.arm.
183
9. Type a location for the file, and click OK. 10. Select Key Database File from the main menu, then select Exit. Setting client preferences to use SSL: The IBM Lotus Sametime Connect client must be configured with the appropriate port numbers and connection protocol if you want to use Lotus Sametime Advanced features with an SSL connection with an HTTP server. SSL is typically set up correctly by an administrator, but an end user can also configure the client by following these instructions. Procedure 1. In Lotus Sametime Connect, click File Preferences. 2. Click Chat Rooms and Broadcast Tools Sametime Advanced Server. a. Click Direct Connection. b. Type the fully qualified host name of your Lotus Sametime Advanced server in the Host server field. c. Type 443 in the Port field. d. Next to Protocol, click HTTPS. 3. Click OK.
Configuring Sametime Advanced for SSL communication with Event Broker

Follow these steps to configure the IBM Lotus Sametime Advanced server for SSL communication with the IBM WebSphere Event Broker.
Procedure
1. Configure the Lotus Sametime Advanced server to use SSL encryption when communicating with the Event Broker: a. On the Lotus Sametime Advanced server, log in to the Integrated Solutions Console using a WebSphere Application Server administrator account. The Web address is formatted like this:
For example:
b. Click Resources JMS Connection factories Broker TCF. c. In the Connection factories page, select CERTIFICATE for the field Direct Broker authorization type, and click OK. d. Click Save e. Restart the Lotus Sametime Advanced server. 2. Import the Event Broker certificate into the Lotus Sametime Advanced server: On the Event Broker server, you extracted the certificate to a file in step 1 of ,Exporting the broker's certificate and configuring SSL for clients on page 188. Now import it into the Lotus Sametime Advanced server: a. On the Lotus Sametime Advanced server, log in to the WebSphere Application Server Integrated Solutions Console. b. Click Security SSL Certificate and key management. c. Under "Related Items", click Key store and certificates, and then click NodeDefaultTrustStore.
184
d. Under "Additional Properties", click Signer Certificates, and then click Add. e. Type an alias for the certificate. f. Type the path of the file where the certificate is saved, and then click OK. g. Save the changes. 3. Import the WebSphere Application Server SSL certificate into the Lotus Sametime Advanced server: You extracted the certificate to a file in,Extracting the certificate on page 178. Now import it into the Lotus Sametime Advanced server: a. On the Lotus Sametime Advanced server, log in to the WebSphere Application Server Integrated Solutions Console. b. Click Security SSL Certificate and key management. c. Under "Related Items", click Key store and certificates, and then click NodeDefaultTrustStore. d. Under "Additional Properties", click Signer Certificates, and then click Add. e. Type an alias for the certificate. f. Type the path of the file where the certificate is saved, and then click OK. g. Save the changes. 4. Add the Event Broker client jar to the boot classpath of the WebSphere Application Server: a. From WebSphere Application Server Integrated Solutions Console, click Servers Application Servers server1 Java and Process Management Process Definition Java Virtual Machine. b. In the Boot Classpath field, add a full path reference to the CL3Export.jar, which should be found in WebSphere/AppServer/lib/WMQ/java/lib.
Configuring Event Broker for SSL communication with Sametime Advanced

Configure the IBM WebSphere Event Broker for SSL communication with the IBM Lotus Sametime Advanced server by importing the certificate into the Event Broker's keystore.
Procedure
1. Copy c:\certificates\local_cert.arm which you extracted in "Extracting the certificate" to your Event Broker machine. 2. To import the certificate into the Event Broker's JRE, enter the following command from the Event Broker command line:
keytool -import -keystore "<JRE_path>\lib\security\cacerts" -alias <alias> -file <file>
Where: v <JRE_path> is the JRE path, which typically is C:\Program Files\IBM\MQSI\6.0\jre v <alias> is the Alias field that you specified in step 3f in the topic "Importing intermediate CA certificates into the keystore." v <file> is the file from step 1 3. Use a text editor to open Event_Broker_installed_directory\MQSI\6.0\bin\ exitSetting.ini, for example: C:\Program Files\IBM\MQSI\6.0\bin\ exitSetting.ini (Windows), or /var/mqsi/exitSetting.ini(AIX, Linux, or Solaris). 4. Change servletURL=http://server_name:9080/cas/oc to servletURL=https:// server_name:9443/cas/oc.
185
5. Change jsecurityURL=http://server_name:9080/stadvanced/j_security_check to jsecurityURL=https://server_name:9443/stadvanced/j_security_check 6. Change protectedUrl=http://server_name:9080/stadvanced/controller/logon to protectedUrl=https://server_nameom:9443/stadvanced/controller/logon.
Configuring SSL for broadcast communities

You have the option of implementing SSL authentication services for broadcast communities.
About this task

When you install the IBM WebSphere Event Broker, the IBM WebSphere Message Broker also gets installed as a component of the Event Broker. To implement SSL authentication for Lotus Sametime Advanced broadcast communities, you must configure the Message Broker for SSL. The following topics contain instructions for implementing SSL authentication for broadcast communities. For more information see "Implementing SSL authentication" in the WebSphere Message Broker information center at http://publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp.
Creating a keystore file

The keystore file is a key database file that contains both public keys and private keys. Public keys are stored as signer certificates while private keys are stored in the personal certificates. A Secure Sockets Layer (SSL) configuration references keystore configurations during runtime.
About this task

IBM WebSphere Message Broker includes a Java Runtime Environment (JRE) that supplies a keystore manipulation program, which is called keytool. Follow these steps to use keytool to create a new keystore file. Note: Another way to create a new keystore file, is by using the iKeyman certificate management tool. For information on using iKeyman, see "Certificate management using iKeyman" in the WebSphere Application Server information center at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp.
Procedure
1. Select Start IBM WebSphere Message Broker 6.0 Command Console to open the command console. 2. In the command console, type the following command:
keytool
This command displays the help options and therefore validates that the command is working. 3. Type the following command:
keytool -genkey -keyalg RSA -keystore .keystore -alias brokerssl -storepass password
v keyalg - The algorithm used in generating the key. If the server is using a DSA key, and the client is using a SSL_DHE_RSA_WITH_AES_128_CBC_SHA cipher, you need to use an RSA key on the server.
186
v password - The password used for the keystore. You will need to use this password again when you create a password in the next topic "Configuring the broker to use the keystore." v .keystore - The name of the keystore file. Name this file ".keystore" as in the sample command above. It is created in the WebSphere Message Broker home directory (c:\Program Files\IBM\MQSI\6.0\). v brokerssl - The alias is an identifier for the SSL key. The alias is used when you export the certificate for importing into a client's cacerts file. Note: To import a certificate generated by a certificate authority use the -import option instead of the -genkey option. The keytool prompts you for some details that are used to generate certificates. Your details are added to a keystore, if it already exists, or a keystore is created. These values can be set to any values that are required but the properties on the broker must be changed to reflect these values. The -genkey option generates all the certificate files that are required to get HTTPS working but they are not official certificates. You must purchase a real certificate from a certificate authority. Consult your system administrator to find out your company policy for certificate creation. 4. Press Enter when you are prompted for a password. By default, the Enter key signifies the same password for the keystore.
Configuring the broker to use the keystore

The IBM WebSphere Message Broker requires you to set several properties to use a keystore.
Before you begin

Before you begin, verify that the WebSphere Message Broker is running.
About this task

In the previous topic, "Creating a keystore file," you created a keystore file, but so far, the Message Broker does not have any information about the keystore. You need to provide this information so that the Message Broker can find your keystore file and learn the password for it. All of these properties can be set using the mqsichangeproperties command.
Procedure
1. Create a password file using the password that you created for your keystore in the previous topic, "Creating a keystore file." a. Using a text editor, create a file with a single line containing a password for your keystore. b. Save the file as .keypass in the c:\Program Files\IBM\MQSI\6.0\ directory. 2. Select Start IBM WebSphere Message Broker 6.0 Command Console to open the command console. 3. Set the authentication protocol method to SP. SP allows both S (SSL) and P (Cleartext passwords) in that order. Type the following command:
mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine -n clientAuthProtocols -v SP
Where broker service is the name of the broker. This parameter must be the first parameter. For example:
mqsichangeproperties BRKR_SCCS -n clientAuthProtocols -v SP -e default -o DynamicSubscriptionEngine
187
4. To set the name of the keystore file that you are using, enter the following command:
mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine -n sslKeyringFile -v "c:\Program Files\IBM\MQSI\6.0\.keystore"
5. To set the name of the password file that you are using, enter the following command:
mqsichangeproperties broker service -e default -o DynamicSubscriptionEngine -n sslPassphraseFile -v "c:\Program Files\IBM\MQSI\6.0\.keypass"
6. Stop and restart WebSphere Message Broker.
Exporting the broker's certificate and configuring SSL for clients

After you enable SSL on the Event Broker, you must export the broker's certificate so that the IBM Lotus Sametime Advanced server can use it for SSL communication with the Event Broker.
Procedure
1. On the Event Broker server, choose Start IBM WebSphere Message Broker 6.0 Command Console to open the command console.
keytool -export -keystore "c:\Program Files\IBM\MQSI\6.0\.keystore" -alias brokerssl -file "c:\key.cer"
v .keystore - The name of the keystore file. This file, named ".keystore", was created when you created your keystore. It is created in the WebSphere Message Broker home directory c:\Program Files\IBM\MQSI\6.0\. v brokerssl - The alias is an identifier for the SSL key. The alias, "brokerssl" was created when you created your keystore. The alias is used when you export the certificate for importing into a client's cacerts file. v c:\key.cer - The file name for your exported certificate. When you are prompted, enter the password that you specified when you created the keystore. 2. In Lotus Sametime Connect, click File Preferences. 3. Click Chat Rooms and Broadcast Tools Broadcast Tools Server. a. Click Direct Connection with SSL. b. Type the fully qualified host name of your WebSphere Event Broker server in the Host server field. c. Type 1506 in the Port field. This is the default for an SSL connection. d. Click OK. After logging in, users receive a certificate security alert window prompting them to accept the certificate. Users should accept it with the permanent option.
Integrating SiteMinder with Lotus Sametime Advanced

This section describes how to configure CA eTrust SiteMinder 6 for authentication with IBM Lotus Sametime Advanced.
Before you begin

Note: IBM recommends that you use the latest available version of the CA eTrust SiteMinder, as well as the latest available hot fix that is certified by Computer Associates to work with the version of the HTTP server that you are using. Use this documentation as a guide, but you will probably need to refer to the SiteMinder documentation, too.
188
SiteMinder uses agents to intercept HTTP requests in Lotus Sametime Advanced, and then forwards them to the SiteMinder Policy Server for authentication. There are two types of SiteMinder agents used when you configure SiteMinder to work with Lotus Sametime Advanced. v Siteminder Web Agent - Installed on the Lotus Sametime Advanced HTTP server and the Lotus Sametime 8 server Web agents control access to Web content and deliver a users security credentials directly to any Web application being accessed by the user. By placing an agent in a Web server that is hosting protected Web content or applications, administrators can coordinate security across a heterogeneous environment of systems and create a single sign-on domain for all users. For Web servers, the Web Agent integrates through each Web servers extension API. It intercepts all requests for resources (URLs) and determines whether each resource is protected by SiteMinder. If the resource is not SiteMinder protected, the request is passed through to the Web server for regular processing. If it is protected by SiteMinder, the Web agent interacts with the policy server to authenticate the user and to determine if access to the specific resource is allowed. v Application Server Agents - Installed on the IBM WebSphere Application Server To secure more finely-grained objects such as servlets, JSPs, or EJB components, which could comprise a full-fledged distributed application, SiteMinder provides a family of SiteMinder application server agents (ASAs). ASAs are plug-ins that communicate with the SiteMinder Policy Server to extend single sign-on (SSO) across the enterprise, including J2EE application server-based applications. ASAs also enable SiteMinder to centralize security policy management by externalizing J2EE authorization policies through standard interfaces such as those based on JSR 115.
About this task

Similar to other WebSphere Application Server environment configurations, you need to configure the following objects in SiteMinder to successfully protect your Lotus Sametime environment: v An agent for the SiteMinder Web Agent v An agent for the SiteMinder TAI v An Agent Conf Object for the SiteMinder Web Agent v An Agent Conf Object for the SiteMinder TAI v v v v v v v A Host Conf Object for the SiteMinder Web Agent A Host Conf Object for the SiteMinder TAI A User Directory Definition for SiteMinder to use to validate user credentials An Authentication Scheme A domain for the Web Agent in your Lotus Sametime environment A domain for the TAI in your Lotus Sametime environment Realm definitions for both domains
v Rules for the realms responses, if required, for the rules that you have defined v A policy or policies for the domains To configure SiteMinder to work with your Lotus Sametime Advanced server, complete the following integration steps:
189
Creating configuration objects

Follow these steps to create configuration objects for your IBM Lotus Sametime Advanced environment on the CA eTrust SiteMinder Policy server.
Procedure
1. Open the SiteMinder Policy Server console. 2. To create the Web Agent objects, follow these steps. a. Click the System tab. b. Under System Configuration, right-click the Agents icon. c. In the SiteMinder Agent Dialog, type a unique value not used previously for an existing agent in the *Name field. d. Optional: Type a description such as "Sametime Advanced Web Agent." e. Under Agent Type, select SiteMinder, and then select Web Agent from the drop-down list. f. Click OK. 3. For Apache-based products, IBM recommends that you create a duplicate of the existing ApacheDefaultSettings Agent Conf Object on the SiteMinder Policy Server and modify the duplicate as appropriate. To create an Agent Conf object for your HTTP Server: a. Under System Configuration, click the Agent Conf Objects icon. b. Right-click the ApacheDefaultSettings Agent Conf object in the Agent Conf Object List on the right side of the console, and select Duplicate Configuration Object. c. In the SiteMinder Agent Configuration Object Dialog, type a unique value not used previously for an existing agent in the *Name field. d. Optional: Type a description such as "Sametime Advanced Web Agent." e. In the Configuration Values list, set the following parameters to the values indicated or to the appropriate values for your server. Clicking each parameter, and select the Edit: v v v v v DefaultAgentName - Name given to agent created in step c. AllowLocalConfig - Yes CssChecking - No BadUrlChars - remove // and /.,%00-%1f,%7f-%ff,%25 from the default list of Bad Url Characters
If you are going to change the Logout button, you also need to set the LogOffURI parameter as described in "Configuring SiteMinder to use the Lotus Sametime Log out link to perform Full Logoff." All other parameters can be left at their default settings.. f. Click OK. 4. IBM recommends that you create a duplicate of the existing DefaultHostSettings Host Conf Object on the SiteMinder Policy Server and modify the duplicate as appropriate. To create a Host Conf object for your HTTP Server: a. Under System Configuration, click the Host Conf Objects icon. b. Right-click the DefaultHostSettings object in the Host Conf Object List on the right side of the console, and select Duplicate Configuration Object. c. In the SiteMinder Host Configuration Object Dialog, type a unique value in the *Name field. d. Optional: Type a description such as "Sametime Advanced Host."
190
e. In the Configuration Values list, edit the #Policy Server value by removing the # from in front of the parameter name and enter the IP address of your SiteMinder Policy Server in the appropriate place in the value field. f. Click OK. 5. Repeat the previous three steps for the Trust Association Interceptor (TAI) Agent: create an Agent, an Agent Configuration object, and a Host-Configuration Object for the TAI Agent to use. 6. SiteMinder uses LDAP to authenticate users. You must create a user directory on the SiteMinder Policy Server, so that the policy that you set up for your Lotus Sametime Advanced server can access the appropriate LDAP server to authenticate your Lotus Sametime Advanced users. This must be the same LDAP server that has been configured with your Lotus Sametime Advanced server. To create a user directory: a. Under System Configuration, right-click the User Directories icon. b. Click Create User Directory. c. In the SiteMinder User Directory Dialog, type a unique value in the *Name field. d. e. f. g. Optional: Type a description. Select LDAP from the *Namespace drop-down list. Type the fully qualified host name of your LDAP server in the *Server field. Complete the LDAP Search and LDAP User DN Lookup fields as appropriate for your LDAP users.
Note: Depending on your LDAP server configuration, you might need to add required credentials on the Credentials and Connection tab so that the SiteMinder Policy Server can bind with your LDAP server. Refer to the eTrust SiteMinder documentation for details. h. Click OK.
Configuring domains and realms for Lotus Sametime Advanced

Follow these steps to configure the domains and realms for your IBM Lotus Sametime Advanced environment on the CA eTrust SiteMinder Policy Server.
Procedure
1. Open the SiteMinder Policy Server console. 2. Define a domain for the Web Agent in your Lotus Sametime Advanced environment: a. Right-click Domains under System Configuration, and choose Create Domain. b. In the SiteMinder Domain Dialog, type a unique value in the *Name field, for example, Sametime_WA. c. Optional: Type a description. d. In the drop-down list at the bottom of the dialog, select the user directory to use in this domain. e. Click << Add to add it to the User Directories Tab. f. Click OK. 3. Define a domain for the TAI in your Lotus Sametime Advanced environment: a. Click Create Domain.
191
b. In the SiteMinder Domain Dialog, type a unique value in the *Name field, for example, Sametime_TAI. c. Optional: Type a description. d. Click OK. 4. Define the realm definition for the Web Agent domain that you created in step 2: a. Click the Domains tab. b. Right-click the domain you created, and click Create Realm. c. In the SiteMinder Realm Dialog, type a unique value in the *Name field, for example, Sametime_WA. d. Optional: Type a description. e. Click the Resource tab. In the Agent field, type the name of the agent that you created for the Web Agent in this environment. You can also select it using Lookup. g. Type the Resource Filter as / h. Under Default Resource Protection, select Protected. Leave all the other fields on the Resource, Session and Advanced tabs as their default values. i. Click OK. j. f. 5. Define the realm definition for the TAI domain that you created in step 3: a. Right-click the domain you created, and click Create Realm. b. In the SiteMinder Realm Dialog, type a unique value in the *Name field, for example, SM TAI Validation. c. Optional: Type a description for the realm. d. Click the Resource tab. e. In the Agent field, type the name of the agent that you created for the TAI in this environment. You can also select it using Lookup. f. Type the Resource Filter as /siteminderassertion. g. From the Authentication Scheme drop-down list, select the scheme that you will use for this environment. h. Under Default Resource Protection, select Protected. Leave all the other fields on the Resource, Session and Advanced tabs as their default values. i. Click OK. 6. Define rules for the realm that you created for the Web Agent domain. a. Right-click the realm that was created for the Web Agent domain (for example Sametime_WA), and select Create Rule under Realm. b. Use the SiteMinder Rule dialog to create the following rules: GetPostPut rule properties v *Name - GetPostPut Rule v Realm - For example, Sametime_WA v Resource: - * v Web Agent actions - Get,Post,Put v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled OnAuthAccept rule properties v *Name - OnAuth v Realm - For example, Sametime_WA
192
v Resource: - * v Authentication events - OnAuthAccept v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled 7. Define a policy to control the webagent domain. a. Under the domain that was previously created, right-click on policies, and select Create Policy. b. In the SiteMinder Policy Dialog, type a unique value in the *Name field, for example, STADVWAPolicy. c. Optional: Type a description. d. Click Add/Remove, and from the dialog that follows add in the users, groups, and organizations that you will allow access to your Lotus Sametime Advanced Server. e. Click the Rules tab. f. Click Add/Remove Rules, and add the GetPostPut and OnAuth rules you created in step 6. g. Click OK.
Installing and configuring the SiteMinder Web Agent

IBM recommends that you install the latest available version of the CA eTrust SiteMinder Web Agent as well as the latest available hot fix that is certified by Computer Associates to work with the version of the HTTP server that you are using.
Before you begin

Before you begin, you must download the Siteminder V6-QMR5 W32 Web Agent installation files from the SiteMinder support site at .http://support.netegrity.com.
About this task

Refer to the SiteMinder platform support matrices for more details. These matrices can be obtained from the SiteMinder support site. You can also refer to the SiteMinder WebAgent Installation Guide for details about configuring the Web Agent to work with the HTTP server that you are using. The application agent for IBM Lotus Sametime Advanced should be v6.0 CR005 or later to ensure support of IBM WebSphere Application Server 6.1. Note: To install the SiteMinder Web Agent on platforms other than Microsoft Windows, you can use the relevant Win32 instructions as a reference document. The same configuration information needs to be provided, regardless of platform. There are also additional instructions included with the Web Agent installation files that indicate platform-specific steps that are required for installing and configuring the Web Agent on a specific platform. Follow these steps to install and configure the Win32 6x Web Agent for your HTTP server.
Procedure
1. If necessary, extract all the files from the ZIP file provided by SiteMinder. 2. Start the Web Agent executable. The format is nete-wa-6qmrX-platform.exe. For example:
193
nete-wa-6qmr5-win32.exe
3. 4. 5. 6. 7. 8. 9. 10. 11.
The CA SiteMinder Web Agent Introduction screen appears. Click Next. On the License Agreement screen, scroll down and select I accept the terms of the License Agreement, and click Next. Click Next on the Important Information screen. On the Choose Install Location screen, accept the default location for installing the Web Agent or click Choose to select a different location, then click Next. Click Next on the Choose Shortcut Folder screen. Click Install on the Pre-Installation Summary screen. On the Install Complete screen, accept the defaults selection and click Done. Your system restarts. Click Start Programs Siteminder Web Agent Configuration Wizard to start the Web Agent Configuration Wizard. On the Host Registration screen, select Yes, I would like to do Host Registration now, but do not select the Enable PKCS11 DLL Cryptographic Hardware check box. Click Next.
12. On the Admin Registration screen, type the SiteMinder administrator name and password provided by your SiteMinder contact. Do not select the Enable Shared Secret Rollover check box. Click Next. 13. On the Trusted Host Name and Configuration Object screen, type the trusted hostname and Host Conf Object provided by your SiteMinder contact. Click Next. 14. On the Policy Server IP Address screen, type the SiteMinder Policy Server IP address provided by your SiteMinder contact and click Add. Click Next. 15. On the Host Configuration file location screen, accept the default file name and location and click Next. 16. On the Select Web Server(s) screen, select the check box next to the http server that you wish to configure with the Web Agent, and then click Next. 17. On the Agent Configuration Object screen, enter the Agent Conf Object provided by the SiteMinder contact and click Next. 18. On the Web Server Configuration Summary screen, click Install. The Web Agent configuration process starts, and then the Configuration Complete screen appears. 19. Click Done to complete the configuration process. Note: You can ignore messages indicating that some warnings occurred during the installation. These warnings appear by default and do not affect the functionality of the Web Agent.
What to do next
There are additional steps that must be completed to enable the Web Agent to function properly for your server. Follow the additional instructions that are provided by your SiteMinder contact in order to complete this setup.
Installing and configuring the SiteMinder TAI

IBM recommends that you install the latest available version of the CA eTrust SiteMinder Trust Association Interceptor (TAI) as well as the latest available hot fix
194
that is certified by Computer Associates to work with the version of the IBM WebSphere Application server that you are using.
About this task

Refer to the SiteMinder platform support matrices for more details. These matrices can be obtained from the SiteMinder support site. After TAI installation perform the following configuration steps:
Procedure
1. Copy the smagent.properties file from the TAI installation \conf folder to the WebSphere Application Server profile properties folder. For example:
c:\program files\IBM\websphere\appserver\ST_Advanced_Profile\properties
2. Verify that your system path includes a path to the TAI bin directory, typically c:\smwasasa\bin. 3. Start the IBM Lotus Sametime Advanced Server and the Integrated Solutions Console. 4. In the Integrated Solutions Console, select Security Secure administration, applications, and infrastructure Web Security. 5. Click Trust Association. 6. 7. 8. 9. 10. Select the Enable Trust Association check box, and click Apply Click Interceptors. Delete any interceptors that you do not require. On the Interceptors page, click New. In the Interceptor Classname field, type the following SiteMinder TAI class name and click Apply:
com.netegrity.siteminder.websphere.auth.SmTrustAssociationInterceptor
11. Click Save on the next two screens. 12. Log out of the Integrated Solutions Console.
Enabling and testing the SiteMinder Web Agent and TAI

Follow these steps to enable the CA eTrust SiteMinder Web Agent and Trust Association Interceptor (TAI) for your IBM Lotus Sametime Advanced deployment. You also need to test that the integration is working.
Procedure
1. In the local Web Agent configuration file (WebAgent.conf) of the SiteMinder Web Agent that has been configured with your HTTP server, set the EnableWebAgent parameter to YES. 2. In the local Web Agent configuration file (typically c:\smwasasa\conf\ ASAAgent-Assertion.conf ) of the eTrust SiteMinder TAI that has been configured with your server, set the EnableWebAgent parameter to YES 3. Restart your HTTP and Lotus Sametime Advanced Servers. 4. To test that your integration is working, enter the url for your deployment of Lotus Sametime Advanced into a browser. For example:
http://host_name/stadvanced
Verify that eTrust SiteMinder authentication is invoked. When valid user credentials are entered, the user should be successfully logged into Lotus Sametime Advanced. The user should not be prompted for authentication credentials by Lotus Sametime Advanced.
195
If you are directed to the Lotus Sametime Advanced login screen then there is a problem with the TAI configuration, and you must revisit the setup to determine the cause.
Configuring logout in SiteMinder

The IBM Lotus Sametime Advanced log out link in the user interface is not configurable for logging out from CA eTrust SiteMinder.
About this task

You have two options to log out from SiteMinder. v Restart the browser to clean all SiteMinder cookies, or v Configure SiteMinder with a link, which when accessed within the same browser session, logs out the user. To configure SiteMinder with a link, complete the following steps:
Procedure
1. Create a file named Logout.html on your HTTP server. The file can have no content or have something simple such as "Logged Out of SiteMinder." 2. Add the following parameter to the SiteMinder Web Agent Webagent.conf file, or, if the local configuration is not enabled, set it in the appropriate Agent Configuration Object on the SiteMinder Policy Server.
LogOffURI="PathtoLogout.html"
3. Restart the HTTP Server.
Configuring SiteMinder for the Lotus Sametime server

This section describes how to configure CA eTrust SiteMinder for the IBM Lotus Sametime 8 server.
About this task

You installed the Lotus Sametime 8 server as part of the process for installing IBM Lotus Sametime Advanced. The Lotus Sametime 8 server is managed with the Lotus Sametime Advanced server. When you configure SiteMinder to work the Lotus Sametime 8 server, you create a new agent object, agent configuration object, Host configuration object, realm, and sub-realms. You should use the same user directory and domain that you created when you configured SiteMinder for Lotus Sametime Advanced. See Configuring the domains and realms for your Sametime Advanced environment.
Creating configuration objects for Sametime

Follow these steps to create configuration objects for IBM Lotus Sametime 8 on the CA eTrust SiteMinder Policy server.
Before you begin

Open the SiteMinder Policy Server console.
Procedure
1. To create an Agent object, follow these steps. a. Click the System tab. b. Under System Configuration, right-click the Agents icon.
196
c. In the SiteMinder Agent Dialog, type a unique value not used previously for an existing agent in the *Name field. d. Optional: Type a description such as "Sametime Agent." e. Under Agent Type, select SiteMinder. and select Web Agent from the drop-down list. f. Click OK. 2. Create a duplicate of the existing DominoDefaultSettings Agent Conf object on the SiteMinder Policy Server and modify the duplicate as appropriate. To create an Agent Conf object for your HTTP Server: a. Under System Configuration, click the Agent Conf Objects icon. b. Right-click the DominoDefaultSettings Agent Conf object in the Agent Conf Object list on the right side of the console, and select Duplicate Configuration Object. c. In the SiteMinder Agent Configuration Object dialog, type a unique value not used previously for an existing agent in the *Name field. d. Optional: Type a description such as "Domino Configuration Agent." e. In the Configuration Values list, set the following parameters to the values indicated or to the appropriate values for your server. Clicking each parameter, and select the Edit: v DefaultAgentName - Name given to agent created in step c. v AllowLocalConfig - Yes v CssChecking - No v BadUrlChars - remove // and /.,%00-%1f,%7f-%ff,%25 from the default list of Bad Url Characters v SkipDominoAuth - No. All other parameters can be left at their default settings.. f. Click OK. 3. IBM recommends that you create a duplicate of the existing DefaultHostSettings Host Conf Object on the SiteMinder Policy Server and modify the duplicate as appropriate. To create a Host Conf object for your HTTP Server: a. Under System Configuration, click the Host Conf Objects icon. b. Right-click the DefaultHostSettings object in the Host Conf Object List on the right side of the console, and select Duplicate Configuration Object. c. In the SiteMinder Host Configuration Object dialog, type a unique value in the *Name field. d. Optional: Type a description such as "Sametime Advanced Host." e. In the Configuration Values list, edit the #Policy Server value by removing the # from in front of the parameter name and entering the IP address of your SiteMinder Policy Server in the appropriate place in the value field. f. Click OK.
Configuring realms for Lotus Sametime

Follow these steps to configure the realms for IBM Lotus Sametime 8 on the CA eTrust SiteMinder Policy Server.
About this task

You should use the same user directory and Web Agent domain that you created when you configured SiteMinder for Lotus Sametime Advanced. See Configuring the domains and realms for your Sametime Advanced environment.
197
Procedure
1. Open the SiteMinder Policy Server console. 2. Define the realm definition for the Web Agent domain: a. Click the Domains tab in the left side of the SiteMinder Policy Console. b. Right-click the Web Agent domain that you previously created. c. Click Create Realm. d. In the SiteMinder Realm Dialog, type a unique value in the *Name field, for example, Sametime. e. Optional: Type a description. f. Click the Resource tab. g. In the Agent field, type the name of the agent that you created for the Web Agent for Lotus Sametime 8. You can also select it using Lookup. h. Type the Resource Filter as / i. In Authentication Scheme drop-down list, select Basic. j. Under Default Resource Protection, select Protected. Leave all the other fields on the Resource, Session and Advanced tabs as their default values. k. Click OK. 3. Create sub-realms under the realm you just created. a. Click the Domains tab in the left side of the SiteMinder Policy Console.. b. Right-click the realm that you created in step 2. c. Click Create Realm. d. Create the following sub-realms for your configuration, with the values indicated in each dialog:
Name ST Test ST AdminConfig ST AdminPage ST Src ST Domino ST Applets ST Applet IMI Sametime ST MMAPI ST Admin CGI ST UserInfoServlet Resource Filter stlinks servlet/auth/scs servlet/auth/admin stsrc.nsf/join STDomino.nsf sametime/applets Sametime/Applet sametime/ hostAddress.xml servlet/auth/mmapi cgi-bin/ StAdminAct.exe servlet/ UserInfoServlet Authentication Scheme Basic Basic Basic Basic Basic Basic Basic Basic Basic Basic Basic Default Resource Protection Unprotected Unprotected Protected Protected Unprotected Unprotected Unprotected Unprotected Unprotected Unprotected Unprotected
4. Create rules for the protected realm (Sametime)and the two protected sub-realms (ST AdminPage and ST Src). a. Right-click the realm that was created for the Web Agent domain (for example Sametime), and select Create Rule under Realm. b. Use the SiteMinder Rule dialog to create the following rules named Rule 1 and Rule 2:
198
Rule 1 properties v *Name - GetPost Rule v Realm - Sametime v Resource: * v Web Agent actions - Get,Post, v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled Rule 2 properties v *Name - OnAuthAccept v Realm - Sametime v Resource: * v Authentication events - OnAuthAccept v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled c. Right-click the ST AdminPage sub-realm , and select Create Rule under Realm. d. Use the SiteMinder Rule dialog to create the following rule named Rule 1: Rule 1 properties v *Name - GetPost Rule v Realm - Sametime.ST AdminPage v Resource: * v Web Agent actions - Get,Post, v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled e. Right-click the ST Src sub-realm , and select Create Rule under Realm. f. Use the SiteMinder Rule dialog to create the following rules named Rule 1 and Rule 2: Rule 1 properties v *Name - GetPost Rule v Realm - Sametime.ST Src v Resource: * v Web Agent actions - Get,Post, v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled Rule 2 properties v *Name - OnAuthAccept v Realm - Sametime.ST Src v Resource: * v Authentication events - OnAuthAccept v When this Rule fires - Allow Access v Enable or Disable this Rule - Enabled 5. Add the rules to the SiteMinder policy that you created for Lotus Sametime Advanced. a. Double-click the policy you created for Lotus Sametime Advanced, for example, STADVWAPolicy.
199
b. Click the Rules tab, and then click Add/Remove Rules. Add all the rules you created previously for the realm and sub-realms to the current members list. Click OK.
Installing and configuring the SiteMinder Web Agent Add the DSAPI filter file name to the Domino Directory
Your IBM Lotus Sametime server will run on a Lotus Domino server. When you integrate IBM Lotus Sametime with CA eTrust SiteMinder, the SiteMinder Web Agent is implemented as a Domino Web Server Application Programming Interface (DSAPI) filter file.
About this task

Follow these steps to add the DSAPI filter file name to the Domino Directory.
Procedure
1. Open the Domino Directory (names.nsf) on the Domino server. 2. Edit the server document for the Domino server as follows: a. Click the Internet Protocols tab, then click the HTTP tab. In the DSAPI filter file names field, type the full path and name of the SiteMinder Web Agent (typically c:\Program Files\Netegrity\Siteminder Web Agent\bin\dominowebagent.dll) b. Click the Domino Web Engine tab, then set the Session authentication field to Disabled. 3. Save and close the server document.
Enabling SiteMinder for Lotus Sametime

Follow these steps to enable the CA eTrust SiteMinder Web Agent for the IBM Lotus Sametime server.
Procedure
1. Locate the local Web Agent configuration file for the SiteMinder Web Agent that has been configured with your HTTP server. For example:
C:\Program Files\IBM\HTTPServer\conf\WebAgent.conf
2. Use a text editor to open the file and set the EnableWebAgent parameter to YES. 3. Restart your HTTP and Lotus Domino Servers. When you start or stop the Domino server, you are starting and stopping the Lotus Sametime server as well.
Awareness and SiteMinder

CA eTrust SiteMinder cookies are not compatible with Sametime Links. Sametime Links enables awareness in IBM Lotus Sametime Advanced through the Lotus Sametime 8 server. To display awareness in the Lotus Sametime Advanced user interface on the Web, you must perform the following tasks. v Enable IBM WebSphere LtpaToken (Single Sign-on) v Export the keys v Import the keys into the Web SSO configuration document on the Lotus Sametime 8 server With this solution, both the LtpaToken and SiteMinder cookies are in use. The SiteMinder tokens are used for SSO and authentication into the Lotus Sametime environment, and the LtpaToken is used by Lotus Sametime Advanced to provide
200
awareness for your environment. For other possible solutions using SiteMinder cookies contact IBM support and consider opening a case against the SiteMinder SDK (https://support.netegrity.com). The instructions for enabling LtpaToken, exporting keys, and importing them into Lotus Sametime are in the Enabling Single Sign-on and Enabling Awareness topics. SiteMinder automatically logs users into the Lotus Sametime Advanced server when the context root "stadvanced" is accessed. In order to log in to Lotus Sametime, you must explicitly access the host_name/stadvanced/logon.jsp URL and select the check box for Log in to Sametime instant messaging.
201
202
Chapter 6. Administering
Set up and begin using IBM Lotus Sametime Advanced to let users create and use persistent chat rooms and broadcast communities. After installing the Lotus Sametime Advanced, you can manage user access, enable workflow, set anonymous access, and integrate Lotus Sametime Advanced servers with other products.
Controlling access in Sametime Advanced

You can control access in IBM Lotus Sametime Advanced at the application level or at the feature level.
About this task

You control access at the application level by editing the security role to user/group mappings in the Integrated Solutions Console. This is where you grant administrator privileges to other users, assign workflow approvers, and assign broadcast community creators. IBM does not recommend changing the authenticated user or the all user mappings. You control access at the feature level by editing role settings in the broadcast communities, chat rooms, and folders. v Broadcast communities. Access to broadcast communities is determined by membership role and by broadcast type: public, private, restricted recipient, or restricted publisher. v Chat rooms. Access to chat rooms is determined by assigning roles to folders in the chat room folder hierarchy and by chat room owner/creaters. See the following topics for instructions on controlling access in Sametime Advanced.
Procedure
Configuring the user access level to Sametime Advanced

Access to IBM Lotus Sametime Advanced is determined by user roles.
About this task

When you install Lotus Sametime Advanced, default access levels or roles are assigned to users and groups. You can change these assignments to fit the needs of your organization. Follow these instructions to change role assignments.
Procedure
1. In the WebSphere Integrated Solutions Console, click Applications Enterprise Applications. 2. Click Lotus Sametime Advanced application. 3. Under Detail Properties, click Security role to user/group mapping. 4. Use the following list to determine how you want to assign users to roles.
203
v AllUsers - Any user assigned to this role has access to non-authenticated areas of the application - All Chat Rooms and Search tabs. This role is assigned to Everyone by default and should not be changed. v AllAuthenticatedUsers - Authenticated users are users that have been authenticated with the LDAP directory. Authenticated users have access to All Chat Rooms, My Chat Rooms, Broadcast Communities, and Search tabs. This role is assigned to All authenticated by default and should not be changed. v CommunityCreators - Broadcast communities can be created by any user assigned to this role. v WorkflowApprovers - Users who can approve or deny chat rooms and communities waiting for approval. If workflow has been enabled, then once a community or chat room has been created, it has to be approved for use. v AdminUser - These users are administrators and have access to the entire system. They have full access to manage (create/edit/delete/archive) any folder or chat room in Sametime Advanced. 5. Assign a role to a user by following these steps. In this procedure, an administrator is added to Lotus Sametime Advanced by assigning a user to the AdminUser role. a. Under the Select column, select the check box next to the AdminUser role. b. Click Look up users. Note: To assign a group, click Look up groups c. In Search String, type the name of the user you want to assign the administrator role. d. Select a name in the Available box, and then click the right arrow button to add the name to the Selected box. e. Click OK. The user name is added to the Mapped users box next to the AdminUser role. f. Click OK.
Setting up a folder hierarchy for chat rooms

You need to create a folder hierarchy for chat rooms and grant access to other users.

When IBM Lotus Sametime Advanced is installed, a single root folder named "Chat Rooms" is created on the All Chat Rooms page. This folder cannot be renamed or removed. Initially, all users have permission to create and edit new folders and chat rooms in this folder. You can limit users' ability to create new folders and chat rooms by designating specific users as managers of the Chat Rooms folder. Managers of a folder automatically are granted manager permissions in all subfolders.
Procedure
1. 2. 3. 4. Log in to Lotus Sametime Advanced as an administrator. Click the All Chat Rooms tab. Next to the Chat Rooms folder (the root folder), click Edit. Click the Managers tab.
204
5. 6. 7. 8. 9.
Select the Users specified below have manager access to this folder check box. Click Edit. Use the Edit Users dialog to search for, add, and remove users. Repeat the previous three steps for Authors and Readers. Click Save.
What to do next
After you have designated managers, you and the other managers can create new folders and subfolders to build a hierarchy of folders for your organization.
Folder and chat room roles

The following table describes the roles associated with folders and chat rooms.
Role Administrator Description This super user can manage the complete folder hierarchy v Create, edit, delete, archive, restore, enable, disable all chat rooms. v View all archived chat rooms. v Create, edit, delete all global folders v Move chat rooms from one global folder to another. v Cannot delete the root Chat Rooms folder. Folder Manager: This user can do anything an Administrator can do, except only in the folder where he is a manager. v Can enter any chat room in a folder he manages. v Create, edit, delete, archive, restore, enable, disable all chat rooms under the folders he manages. v View all archived chat rooms under the folders he manages. v Create, edit, delete all global folders under the folders he manages. v Edit or delete the immediate folder. v Move chat rooms from one global folder to another. He must have writing access to the two folders. Folder Author v Can enter those chat rooms he created, but not others in the folder. v Create, edit, delete, enable, or disable chat rooms that he created in the folder where he is an author. v May not edit or delete the immediate folder where he is an author. For example, if I am writer for Folder A1, then I can't edit or delete A1. v Move chat rooms from one global folder to another. He must have authoring access to the two folders. Folder Reader v Can enter a chat room if he is the owner, or an invitee, or if the chat room has open access to him. v Can view the folder and only view chat rooms which have open access, or he is a member of the folder. Chat Room Owner v Can enter chat room that he owns. v Edit, delete, enable, or disable the chat room v When choosing chat room owners, if the owner has no writing access to the folder that the chat room resides in, then system gives the owner writing access automatically. The owner will have writing access to the folder, but no access to other chat rooms in the folder, only the ones he creates. The owner will be only a reader of the parent folders above.
205
Role Chat Room Invitee
Description v Can enter chat room. v Cannot edit, delete, archive, restore, enable or disable the chat room. v After the chat room is created, he is a reader to all the folders he can navigate to in the chat room.
Unauthenticated This user has not logged in. User v Can view All Chat Rooms and Search tabs; cannot view the other tabs. v Can only view folders which allow unauthenticated access. v Can join chat rooms that are not limited to invitees, or logged in users. v Can enter chat room details page.
Assigning creators for broadcast communities

Administrators can create and manage broadcast communities. Before other users can create or manage a broadcast community, they must be assigned the CommunityCreators role.
About this task

Assign or change CommunityCreators in the IBM WebSphere Integrated Solutions Console.
Procedure
1. From Integrated Solutions Console, click Servers Application Servers stadvanced_server_name. 2. Under Applications on the Configuration tab, click Installed applications. 3. Click Lotus Sametime Advanced application. 4. Under Detail Properties, click Security role to user/group mapping. 5. In the Mapped Users and Mapped Groups column of the CommunityCreators row, enter the users that you want to grant permission to create broadcast communities. 6. Optional: If you have written the code to enable the workflow community API, then a designated workflow approver must be assigned the WorkflowApprovers role. In the Mapped Users and Mapped Groups column of the WorkflowApprovers row, enter the users that you want to grant permission to approve community creation. This setting also lets them approve chat room creation. You can find information on writing the workflow API calls in the IBM Lotus Sametime Advanced Software Development Kit at IBM developerWorks at http://www.ibm.com/developerworks/lotus/downloads/toolkits.html. 7. Click OK.
Broadcast community types and roles

Different types of broadcast communities have different roles. These roles determine what you can do in the community.
Community type Open Any authenticated Sametime Advanced user can join. Roles Manager - Can edit or delete a broadcast community. Can edit the manager list.
206
Community type Private You must be a community member to participate in this community. Restricted recipients
Roles Manager - Can edit or delete a broadcast community. Can edit the manager list. Member - Can join the community and can send and receive broadcasts. Manager - Can edit or delete a broadcast community. Can edit the manager list.
Any authenticated Sametime Advanced user can send a broadcast. You must be a Recipient - Can join the community and can community member to receive a broadcast.. receive broadcasts. Restricted publishers Manager - Can edit or delete a broadcast community. Can edit the manager list.
Any authenticated Sametime Advanced user. You must be a community member to send Publisher - Can join the community and can a broadcast. send broadcasts.
Limiting anonymous access

You can limit anonymous access to IBM Lotus Sametime Advanced.
About this task

By default, users can access chat rooms without logging in first, but they cannot access broadcast communities. Once users have logged in to Lotus Sametime Advanced they can access all the features that their licenses allow, including broadcast communities. If you want to prevent these anonymous users from accessing any Lotus Sametime Advanced features, follow these instructions.
Procedure
1. Log in to Lotus Sametime Advanced as an administrator. 2. Click the Administration tab. 3. Click Administration Settings. 4. Click the General tab. 5. Under Anonymous Access, clear the Allow anonymous access check box. 6. Click Save.
What to do next
Since anonymous users are not issued licenses, they are not counted in the number of licenses issued figure in the Counts page of the License Management view.
Configuring licensing management

You can configure settings related to license management.
About this task

v Limit the number of licenses supported v Count the licenses that are already in use and how many are still available. v Automatically issue licenses at login.
207
Follow these steps to configure licensing.
Procedure
Log in to IBM Lotus Sametime Advanced as an administrator. Click the Administration tab. Click License Management. Click the Settings tab. Type the number of licenses that you want to allocate in the Allocated licenses box. This setting overrides the default number of licenses, which is 1000. 6. If you would like to limit unlicensed users' ability to use Lotus Sametime Advanced, select Enable license counting. When a valid user that has not been issued a license logs in, the user receives a message that a license is required. The user cannot use any features in Lotus Sametime Advanced. 7. If you enabled license counting in the previous step and you would like to allow users to automatically receive a license when they login, select Enable automatic licensing. 8. Click Save. 1. 2. 3. 4. 5.
Results
To monitor the number of licenses, click the Count tab.
Issuing licenses to users

Users' access to features in IBM Lotus Sametime Advanced is controlled by the license issued to them.
About this task

A license is persistent and assigned to a specific user. The user is not allocated a limited time or session-based license from a pool of available licences.
Procedure
1. Log in to Lotus Sametime Advanced as an administrator. 2. In Lotus Sametime Advanced, click the Administration tab. 3. Click License Management. 4. Click the Users tab. 5. Click Issue. 6. If you want to select users from your directory, select Search names. a. Choose whether you want to search for users or groups in the Search by box b. Type the name or first character of the user or group in the Search for box, and click Search. c. Select the users and groups in the results and click theAdd, Remove, and Remove All buttons to compose a list in the Select users to issue licenses box. 7. If you want to issue licenses to a list of users in a file, select Locate file with unique login identifiers or e-mail addresses. The unique login identifier is the login attribute which you specifid during the installation. The default attribute is Mail; CN or UID are also allowable in this field. a. Type the file name in the Browse box
208
b. Click Browse and use your operating system's browse dialog to locate the file. Each line in the file must contain a user's email address or unique login identifier. For example:
kelly_hardart@my_domain.com ted_amado@my_domain.com minh_li@my_domain.com
8. Click Next The Assigning Users progress dialog displays. 9. When the Assign Users success dialog displays, click OK.
Results
If you issued licenses to a list of users in a file, the results appear in the View results of last file used to issue assign licenses link. Theses results contain either a success message, or a message indicating the number of users that could not be found and issued licenses.
What to do next
To revoke a license, follow the first three steps of the previous procedure and then follow these steps: 1. Select the checkbox next to the licensed user's name. 2. Click Revoke.
Command line user management

You can manage users in IBM Lotus Sametime Advanced by running the stlicadmin command line tool. The tool has commands for adding and removing users.
Purpose
The tool has commands for adding and removing users. The stlicadmin command is available in the AppServer/bin directory.
Syntax
v Windows stlicadmin.bat {--add | --delete} {--user Uid | --group Gid | --batch Fname} v UNIX ./stlicadmin.sh {--add | --delete} {--user Uid | --group Gid | --batch Fname}
Commands
add delete Add a new user or group of users Delete a user or group of users
209
Parameters
Parameter user Syntax -u Value UserName Description The user being referenced. Required unless -b or -g is specified. The UserName parameter is specified as the e-mail address. An LDAP group. Required unless -u or -b is specified. Batch mode. Specify a file containing a list of users, required unless -u or -g is specified. The server that hosts the license service The port of the server to be connected Administrator user ID to log in to the server
group
-g
GroupName
batch
-b
FileName
host port
-h -p
HostName PortNumber
adminId
adminId
adminUserName
adminIdPwd
adminIdPwd
adminUserIdPassword Adminsitrator's password
Turning on workflow
IBM Lotus Sametime Advanced supports workflow APIs for approving chat room and broadcast community creation.

When you turn on workflow APIs, and a user creates a chat room or a broadcast community, it is not automatically created, but it is placed in a queue. A designated workflow approver must monitor the queue, and then approve or deny the request to create a chat room or community. Queue monitoring and chat room and community approval can only be done by writing your own code using the workflow APIs. You can find information on using the workflow API calls in the IBM Lotus Sametime Advanced Software Development Kit at IBM developerWorks at http://www.ibm.com/developerworks/lotus/downloads/toolkits.html. Follow these instructions for turning on workflow APIs.
Procedure
1. Log in to Lotus Sametime Advanced as an administrator. 2. Click the Administration tab. 3. Click Administration Settings.
210
4. Click the General tab. 5. Select one or both of the following check boxes: v Enable chat room workflow API v Enable community workflow API 6. Click Save.
What to do next
Assign or change workflow approvers in the WebSphere Integrated Solutions Console. Go to Servers Application servers server_name Installed applications Lotus Sametime Advanced Application Security role to user/group mapping.
Enabling Awareness
Enable the awareness feature in IBM Lotus Sametime Advanced so that Lotus Sametime users can be detected when they are online.
Before you begin

After you have installed your Lotus Sametime Advanced and Lotus SametimeStandard servers, you must establish a connection between them.
About this task

You establish this connection by filling in "Server Integration" fields on the Lotus Sametime Advanced server.
Procedure
1. Open the Lotus Sametime Advanced server's Administration tab by pointing a browser at the following Web address:
For example:
Note: The Web address will resemble the one shown above, but will depend upon your own deployment. 2. Log in to Lotus Sametime Advanced using the administrator account that you created during installation (for example, "stadvadmin"). 3. Click the Administration tab. 4. On the left, click Administration Settings. 5. Now click the Server Integration tab. 6. Enter the Lotus Sametime Standard server's Host name and HTTP port in the designated fields. The HTTP port is typically port 80; however, if you have configured the server to only use SSL, this value will be different (generally port 443). If you do use SSL here, be sure to complete Step 9 below to enable SSL on the port used for supporting the awareness feature in Lotus Sametime Advanced. 7. Click Save. 8. Activate your new settings by logging out and then restarting the browser before you log in again.
211
9. Determine whether you need to run the updateSTSettings script to modify database settings. You will need to run this script if either (or both) of the following conditions is true for your Lotus Sametime Standard server: v SSL is enabled on the classic server's HTTP port (the port you specified in Step 6) v Tunneling is enabled on the classic server If neither condition is true, you have finished enabling awareness; skip the rest of the steps in this procedure. Next, you should set up a Lotus Sametime Connect client and log in with it to verify that awareness is working. If one (or both) of the conditions is true, proceed to the next step and update database settings for Lotus Sametime Advanced. 10. Download the appropriate version of the updateSTSettings script for your operating system to a server that has access to the Lotus Sametime Advanced database (the database called "STADV" in this documentation, but if you ran the archive installer on Linux it defaulted to "CHATS"). This script is stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download. Downloading files for Lotus Sametime Advanced and related applications is described in the Download document posted at the following Web address: www.ibm.com/support/docview.wss?rs=477&uid=swg24018149. 11. On the machine that has the DB2 client installed or on a DB2 server, open a DB2 Command prompt and connect to the database:
db2 connect to database user db2admin_user using password
12. Run the updateSTSettings script as follows: v AIX, Linux, Solaris

./updateSTSettings.sh database db2admin_user password stlinks_port web_ssl_enabled applet_ssl_enabled
v Windows
updateSTSettings.bat database db2admin_user password stlinks_port web_ssl_enabled applet_ssl_enabled
where: v database is the name of your Lotus Sametime Advanced database (STADV in this documentation, but if you ran the archive installer on Linux it defaulted to "CHATS"). v db2admin_user is the name of a user with DB2 Administrator privileges. v password is the password for the DB2 Administrator account. v stlinks_port is the port being used for awareness on the Lotus Sametime Standard server (normally "8082"). If your classic server has tunneling enabled, set this port to "80" to support that feature. v web_ssl_enable indicates whether Web-based connections to Lotus Sametime Advanced should use SSL ("true" or "false"). If your classic server has SSL enabled, set this value to "true" when you run the script. v applet_ssl_enable indicates whether the Community connection from Lotus Sametime Standard to Lotus Sametime Advanced over port 8082 should use SSL ("true" or "false").
212
If you set this value to "true" when you run the script, you will need to make additional changes to the classic Lotus Sametime Standard server to support the new setting. For example, enable SSL on Windows by setting the web_ssl_enable to "true":
Enable tunneling on Windows by setting the stlinks_port to "80":

updateSTSettings.bat STADV db2admin passw0rd 80 false false
If you want to enable both features, you can set both parameters at the same time (you do not have to run the script twice) on Windows:
Changing the administrator password

If you change your administrator password in LDAP, the IBM WebSphere Application Server, the IBM WebSphere Event Broker, or IBM DB2, you must update your security credentials in IBM Lotus Sametime Advanced.
Before you begin

For more information on changing passwords see "Changing the password for a repository under a federated repositories configuration" and "IdMgrRepositoryConfig command group for the AdminTask object" at http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/index.jsp.
Updating your LDAP administrator password

If you change the LDAP bind distinguished name DN or bind password of an LDAP repository, you cannot start the IBM Lotus Sametime Advanced server anymore because your security credentials no longer match. You must use the IBM WebSphere Application Server wsadmin command line utility to change the password of the repository to match the password in LDAP.
Before you begin

Before you begin, use an LDAP tool to change the password of the LDAP repository. Some LDAP repositories require a stop and start of the LDAP server to change the password.
About this task

Change the password for a repository using the dynamic updateIdMgrLDAPBindInfo command. Use the following steps to change the LDAP bind distinguished name (DN) or bind password of an LDAP repository.
Procedure
1. Start the wsadmin command line utility. The wsadmin command is found in the install_dir/bin directory. The wsadmin command session must remain running. 2. From the wsadmin prompt, enter the updateIdMgrLDAPBindInfo command to update the LDAP password under the federated repository. The change is also reflected in the wimconfig.xml file.
$AdminTask updateIdMgrLDAPBindInfo {-id repository_ID -bindPassword mypassword -bindDN LDAP_bind_DN}
Where:
213
v id - The unique identifier of the repository. For example IDS52. v bindPassword - The LDAP server binding password. v bindDN - The binding distinguished name for the LDAP server. Note that if you include this parameter, the bindPassword is required. 3. From the wsadmin prompt, save your changes to the master configuration. The following command is used to save the master configuration.
$AdminConfig save
4. Restart the WebSphere Application Server.
Updating your WAS administrator password

If you change your administrator password in the IBM WebSphere Application Server, you cannot start the IBM Lotus Sametime Advanced server anymore because your security credentials no longer match. Since the primary administrator identity is stored in a file repository, you can run a wsadmin command to update its properties.
Procedure
1. Start the wsadmin command line utility. The wsadmin command is found in the install_dir/bin directory. The wsadmin command session must remain running. 2. Optional: If you do not know the uid of the administrator, search for it using the administrator's common name:
$AdminTask searchUsers { -cn <"WAS Admin_name"> }
Where: cn - Specifies the new first name or given name, of the user. This parameter maps to the cn property in virtual member manager. This returns the uid that you will need to update the administrator's password. 3. From the wsadmin prompt, enter the updateUser command to update the WebSphere Application Server password under the federated repository.
$AdminTask updateUser {-uniqueName -password <newpassword>} uid=<WASAdmin>,o=default
Where: v uniqueName - Specifies the unique name value for the user for which you want to modify the properties. This parameter maps to the uniqueName property in virtual member manager. v uid - Specifies the unique ID value for the user. This parameter maps to the uid property in virtual member manager. v password - Specifies the new password for the user. This parameter maps to the password property in virtual member manager. 4. From the wsadmin prompt, save your changes to the master configuration by typing the following command:
$AdminConfig save
5. Restart the WebSphere Application Server.
Updating your Event Broker administrator password

If you change your administrator password in IBM WebSphere Event Broker, you must update your password in the IBM WebSphere Application Server. If you do not update your password, IBM Lotus Sametime Advanced stops working.
214
Procedure
1. In the WebSphere Integrated Solutions Console, click Security Secure administration, applications, and infrastructure. 2. Under Authentication, click Java Authentication and Authorization Service J2C authentication data. 3. Click your Event Broker administrator alias. This is the same user as the one in the Event Broker for "Component-managed/container-managed authentication" alias. 4. Under General Properties, type your new password. 5. Click Apply and then click OK.
Updating your DB2 administrator password

If you change your administrator password in IBM DB2, you must update your password in the IBM WebSphere Application Server. If you do not update your password, IBM Lotus Sametime Advanced stops working.
Procedure
1. Disable security with the following steps: a. Locate the security.xml file. The security.xml file is stored in the following location:
WAS_root/profiles\ST_Advanced_Profile/config/cells/cell_name/security.xml
For example, on a Microsoft Windows server:

C:\WebSphere\AppServer\profiles\ST_Advanced_Profile\ config\cells\test03Cell\security.xml
b. Modify the first line and set enabled="false" as shown:

<security:Security xmi:version="2.0" ... useDomainQualifiedUserNames="false" enabled="false" cacheTimeout="600" ...>
c. Save and close the file. d. Restart WebSphere Application Server. 2. In a. b. c. d. the WebSphere Integrated Solutions Console, do the following: Click Resources JDBC Data sources Click SametimeDataSource. Under Related Items, click JAAS - J2C authentication data Click your DB2 administrator alias.
e. Under General Properties, type your new password. f. Click Apply and then click OK. 3. From the wsadmin prompt, use the updateIdMgrDBRepository command to update the password in the wimconfig.xml file: a. Navigate to the install_dir/bin directory. b. Start the wsadmin command-line utility by running the following command:
wsadmin -conntype none
The wsadmin command is located in the install_dir/bin directory. c. From the wsadmin prompt, type the following command on a single line to update the password:
$AdminTask updateIdMgrDBRepository {-id repository_ID -dbAdminPassword new_password}
Where: v repository_ID is the unique identifier of the repository.

215
v new_password is the new database administrator password for direct access mode. d. From the wsadmin prompt, save your changes to the master configuration by typing the following command:
$AdminConfig save
4. Enable security again with the following steps: a. Edit the security.xml file again and reset the enabled flag to "true":
<security:Security xmi:version="2.0" ... useDomainQualifiedUserNames="false" enabled="true" cacheTimeout="600" ...>
b. Save and close the file. 5. Restart the WebSphere Application Server.
Changing SMTP user credentials after installation

You can change SMTP user credentials in the IBM WebSphere Integrated Solutions Console after you have installed IBM Lotus Sametime Advanced.
About this task

If you enabled an SMTP Messaging server when you installed Lotus Sametime Advanced, you provided an authorized SMTP user name and password. You can change these user credentials after you install.
Procedure
1. Log in the WebSphere Integrated Solutions Console. 2. Click Resources Mail Mail sessions . 3. Under Mail Sessions, click Sametime Mail Notifier. 4. Type the new SMTP authorized user credentials in the Mail transport user ID and Mail transport password fields. 5. Click Apply, and the click OK.
Integrating Lotus Sametime Advanced with Lotus Connections

You can integrate your IBM Lotus Connections communities into IBM Lotus Sametime Advanced. Integrating Lotus Connections with Lotus Sametime Advanced, provides users with a unified list of Lotus Connections communities and broadcast communities on the Broadcast Communities tab in Lotus Sametime Advanced.
Granting an administrator rights to Lotus Connections 1.0.2 communities

Before you can integrate your IBM Lotus Sametime Advanced communities with IBM Lotus Connections 1.02 communities, you need to grant superuser access to a Lotus Sametime Advanced administrator in Lotus Connections. You do this by adding a grant access statement to the community.policy file.
Procedure
1. You need to determine your realm name. a. In the Integrated Solutions Console, click Security Secure administration, applications, and infrastructure. b. Select Federated Repositories, and then click Configure.
216
c. On the main Federated repositories page note the realm name for your Lotus Connections server. 2. Determine the location of the community.policy file. a. In the Integrated Solutions Console, click, Servers Application Servers b. Click Lotus_Connections_server_name. c. Under Server Infrastructure, click Java & Process Management Process Definition. d. Click Java Virtual Machine. e. Under Additional Properties, click Custom Properties. The communities.policy file location is contained in the 'java.security.auth.policy' custom property. 3. Open the communities.policy file from the location you determined in the previous step with a text editor. 4. Add a new grant statement like the one in the following example:
grant Principal com.yourcompany.ws.security.common.auth.WSPrincipalImpl "<YOUR_REALM_NAME>/<YOUR_ADMINISTRATIVE_USER_LOGIN_ID>"{ permission com.yourcompany.tango.auth.permission.CommunityManagementPermission "*"; permission com.yourcompany.auth.permission.CommunityMembershipPermission "*"; permission com.yourcompany.tango.auth.permission.CommunityAccessPermission "*"; permission com.yourcompany.tango.auth.permission.CommunityReferencePermission "*"; };
v YOUR_REALM_NAME was determined in step 1. v YOUR_ADMINISTRATIVE_USER_LOGIN_ID should be the same as the one in Lotus Connections administrative settings of the Server Integration view of the Administration page in Lotus Sametime Advanced. The login id is case sensitive, and it should be exactly the same as in LDAP. 5. Save the communities.policy file.
Granting an administrator rights to Lotus Connections 2.5 communities

To grant an administrator rights to IBM Lotus Connections 2.5 communities, you need to create a superuser who has access to all communities, public and restricted.
Before you begin

You need to do this first.
About this task

With additional configuration on the Lotus Connections server, you can create a superuser who can see all communities, public and restricted. For Lotus Sametime integration, you need to create a user of this type, and add their login and password credentials to the Lotus Sametime Advanced server so that you can connect on their behalf to list all of the communities.
Procedure
1. To determine the user realm for the new administrative user, do the following: a. In the IBM WebSphere Application Server Integrated Solutions Console, select Security Secure Administration, applications and infrastructure Federated Repositories.
217
b. Click Configure. c. On the main Federated repositories page, note the value for the realm name for your application server. 2. Open a command window and start the wsadmin command line tool. See Starting the wsadmin client in the Lotus Connections 2.5 information center:
http://publib.boulder.ibm.com/infocenter/ltscnnct/v2r0/index.jsp
3. Use one of the following commands to access the Communities configuration files: v Stand-alone deployment:
execfile("communitiesAdmin.py")
v Network deployment:
execfile("<$WAS_HOME>/profiles/<DMGR>/config/bin_lc_admin/communitiesAdmin.py")
4. Check out the Communities policy configuration file using the following command:
CommunitiesConfigService.checkOutPolicyConfig("<working_directory>", "<cell_name>")
where: v <working_directory> is the temporary working directory to which the configuration XML and XSD files are copied. The files are kept in this working directory while you make changes to them. v <cell_name> is the name of the WebSphere Application Server cell hosting the Lotus Connections feature. This argument is required even in stand-alone deployments. This argument is also case-sensitive, so type it with care. For example:
CommunitiesConfigService.checkOutPolicyConfig("/temp", "foo01Cell01")
5. From the temporary directory to which you just checked out the Lotus Connections configuration files, open the communities-policy.xml file in a text editor. 6. To add an administrative user with rights to access all Lotus Connections communities, add the following grant statement to the file:
<comm:grant> <comm:principal class="com.ibm.ws.security.common.auth.WSPrincipalImpl" name="<YOUR_REALM_NAM <comm:permission class="com.ibm.tango.auth.permission.CommunityManagementPermission" communit <comm:permission class="com.ibm.tango.auth.permission.CommunityMembershipPermission" communit <comm:permission class="com.ibm.tango.auth.permission.CommunityAccessPermission" communityTyp <comm:permission class="com.ibm.tango.auth.permission.CommunityReferencePermission" community <comm:permission class="com.ibm.tango.auth.permission.CommunityBroadcastPermission" community </comm:grant>
where: v <YOUR_REALM_NAME> is the realm name you identified in step 1. v <YOUR_LOGIN_ID> is the login ID of the user who you want to set up as the administrator for communities. 7. Save your changes to the communities-policy.xml file. 8. Check in the updated file using the following wsadmin client command:
CommunitiesConfigService.checkInPolicyConfig("<working_directory>", "<cell_name>")
9. To exit the wsadmin client, type exit at the prompt. 10. Stop and restart the server hosting the Communities feature.
218
Results
When the user specified in the policy file logs in to Communities, they should now be able to view and edit all communities and community resources.
Synchronizing Sametime Advanced with Lotus Connections

You can synchronize IBM Lotus Connections communities with IBM Lotus Sametime communities just once, or set up automatic daily synchronization.
Before you begin

Lotus Connections 2.5 and 2.5.0.1 require fixes for communities synchronization. v Lotus Connections 2.5 fix v Lotus Connections 2.5.0.1 fix
About this task

Integration and synchronization is "one-way": from Lotus Connections to Lotus Sametime Advanced. Therefore, users can see their Lotus Connections communities in Lotus Sametime Advanced, but they do not see broadcast communities in Lotus Connections. These communities cannot be edited in Lotus Sametime Advanced; they can only be edited in Lotus Connections. Synchronization does not support HTTP redirection. If the Lotus Connections server is configured to redirect from one port to another, for example from HTTP to HTTPS, then synchronization fails. You must be an administrator for both Lotus Sametime Advanced and Lotus Connections before you can synchronize the communities. Before you begin, you must grant a Lotus Sametime Advanced administrator access rights to Lotus Connections communities in the community.policy file. See the previous topic for more information. This administrator must also be a member of the LDAP directory.
Procedure
1. Log in to Lotus Sametime Advanced as an administrator. 2. Click the Administration tab. 3. Click Administration Settings. 4. Click the Server Integration tab. 5. Click Lotus Connections. Select the protocol type. Type the fully qualified host name in Host name. Type the port number in Port. Enter the administrator user name and password. This is the administrator ID that was granted superuser rights to access Lotus Connections communities in the Lotus Connections community.policy file. See the previous topic, "Granting an administrator rights to access Connections communities." 10. If you want to automate community synchronization so that it happens daily, select Enable daily community synchronization. The servers will synchronize daily at 2 AM in the time zone of the Sametime Advanced server. 6. 7. 8. 9. 11. If you want to synchronize immediately, click Synchronize Now.
219
Setting up community synchronization with HTTPS

Since IBM Lotus Connections authentication uses HTTPS, you need to follow these instructions to set up synchronization between Lotus Sametime Advanced and Lotus Connections communities.
Procedure
1. Log in to the IBM WebSphere Application Server Integrated Solutions Console of the Lotus Connections server. 2. Click Security SSL Certificate and key management. 3. Under Related Items, click Key store and certificates. 4. Click NodeDefaultTrustStore. 5. Under Additional Properties, click Signer Certificates. 6. In the table, select the certificate that has a "default" alias issued to CN=connections_server_host,O=...., and then click Extract. 7. Enter a file name, and click OK. Note: This file name is saved to the file system of the Lotus Connections server. 8. Log out of the Integrated Solutions Console of the Lotus Connections server. 9. Copy the file containing the certificate from the Lotus Connections server file system to the Lotus Sametime Advanced server file system. 10. Log in to the WebSphere Application Server Integrated Solutions Console of the Lotus Sametime Advanced server. 11. Click Security SSL Certificate and key management. 12. Under Related Items, click Key store and certificates. 13. Click NodeDefaultTrustStore. 14. Under Additional Properties, click Signer Certificates. 15. Click Add. 16. 17. 18. 19. Enter an alias for the certificate such as Connection Server Certificate. Enter the path of the file where the certificate is saved. Click OK. Save the changes.
Monitoring Sametime Advanced

You can monitor chat room, community, and license usage.
About this task

The following topics describe how you can monitor statistics in chat rooms and broadcast communities. In addition, if you want to monitor IBM Lotus Sametime Advanced at a more detailed level, you can write instructions using the monitoring API calls defined in the IBM Lotus Sametime Advanced Software Development Kit. You can find the SDK on IBM developerWorks at http://www.ibm.com/developerworks/ lotus/downloads/toolkits.html.
Monitoring chat room statistics

You can view statistics for all chat rooms in the folder hierarchy.
220
About this task

Lotus Sametime Advanced users can only view chat room statistics for the communities where they have manager or author access. Administrators, folder managers, chat room owners, and chat room creators can view statistics for all chat rooms. View statistics by the following views: v Summary - Statistics are summarized by chat room, participant, and folder. v Usage - Chat rooms are listed alphabetically. The number of entries, active participants, and last logins are listed for each chat room. v Owners - Owners are listed by the chat room owner's user ID. The number of chat rooms owned, entries, and bookmarks are listed for each chat room owner. Follow these steps to view chat room statistics:
Procedure
1. In Lotus Sametime Advanced, click the All Chat Rooms tab. 2. Click Chat Room Statistics. 3. Click the tab for how you want to display statistics.
Monitoring broadcast community statistics

You can monitor the number of broadcast communities and the number by type of broadcast community: open, private, restricted recipient, and restricted publisher. Only administrators and community creators can view broadcast community statistics. Users will see items on this page to which they have author access.
About this task

Follow these steps to view broadcast community statistics:
Procedure
1. In Lotus Sametime Advanced, click the Broadcast communitiestab. 2. Click Communities Statistics.
Archiving chat rooms

Administrators, folder managers, and chat room owners can archive chat rooms. Archiving the chat room will place it in the archive view and remove it from other views for all participants.
About this task

When a chat room is archived, it is moved from the Chat Rooms view of the All Chat Rooms tab and placed in the Archived Chat Rooms view. Only administrators, folder managers, and chat room owners with archived chat rooms can see or access the Archived Chat room view. Other users can no longer enter or even see the chat room. If the chat room was in a user's My Chat Rooms tab, then it is removed from that view after it have been archived. If you would rather temporarily suspend participation and end access to a chat room without removing it from the Chat Rooms view, you should disable it instead of archiving it. Follow these steps to archive a chat room.
221
Procedure
1. 2. 3. 4. In IBM Lotus Sametime Advanced, click All Chat Rooms. Click the name of the chat room that you want to archive. Click More Actions Archive. When the confirmation message appears, click OK.
Results
The chat room is moved to the Archived Chat Rooms view.
Disabling chat rooms

Administrators, folder managers, folder authors, and chat room owners can disable chat rooms. Disabling the chat room prevents users from entering it, posting new content or reading the chat history.
About this task

If you would rather prevent users from entering a chat room as well as automatically removing it from the All Chat Rooms view so that users can no longer see it, you should archive the chat room instead of disabling it. Follow these steps to disable a chat room.
Procedure
1. In IBM Lotus Sametime Advanced, click All Chat Rooms. 2. Click the name of the chat room that you want to archive. 3. Click More Actions Disable. 4. When the confirmation message appears, click OK.
Backing up user data

All IBM Lotus Sametime Advanced user data is stored in an IBM DB2 database, and can be backed up using the DB2 backup commands.

The default Lotus Sametime Advanced configuration requires that DB2 be shut down for backup. This is because by default, DB2 is configured to reuse the recovery logs. If you want online backup, the database can be configured to archive the recovery logs. In that case, the database is backed up, and all archived recovery logs are backed up. The recovery logs that have been backed up must also be periodically removed. If the database runs out of space to archive the recovery logs, the database will stop accepting changes until space is available. Database backup and recovery is fully outlined in the DB2 information center. See "Developing a backup and recovery strategy" at http://publib.boulder.ibm.com/ infocenter/db2luw/v9/index.jsp. The only special backup consideration for Lotus Sametime Advanced is that because the full text indexes are maintained outside of the database tablespaces, after a restore operation the dbtext.sh or dbtext.bat scripts should be run to drop
222
and recreate the text indexes to match the restored data in the database. You can find these scripts at CD1/SupportingFiles/DB2.
223
224
Chapter 7. Tuning
Complete the following tuning procedures to enhance performance.
Tuning WebSphere Application Server

When you installed the Lotus Sametime Advanced server software, the IBM WebSphere Application Server was installed automatically. Complete the following tuning procedures to enhance performance of the WebSphere Application Server. Some procedures must be repeated on each server in a cluster.
Setting thread pool values

Set the thread pool values for a IBM Lotus Sametime Advanced server to improve performance. By using a thread pool, server components can reuse existing threads, which helps improve performance by reducing the overhead of creating new threads at run time.
Procedure
1. From Integrated Solutions Console, click Servers Application Servers stadvanced_server_name, and then under Additional Properties, click Thread Pools. 2. Click New, and then type a name of your choice, such as STADVPool, in the Name field. 3. Type 30 in the Minimum Size field. 4. Type 30 in the Maximum Size field. 5. Keep the default value of 5000 for thread inactivity. 6. Click OK, and click Save to save changes to the master configuration. 7. If Sametime Advanced is clustered, repeat the preceding steps for each node of the cluster.
Tuning the JVM

The IBM WebSphere Application Server is a Java based process and requires a Java virtual machine (JVM) environment to run and support IBM Lotus Sametime Advanced. You can tune the Java runtime environment for performance by turning on verbose garbage collection and setting the heap size.
About this task

Note: The following instructions contain settings that were tested in IBM labs. These are just a starting point. Since your deployment might have a configuration unique to your site, these settings might require more adjustment.
Procedure
1. From Integrated Solutions Console, click Servers Application Servers stadvanced_server_name. 2. Under Server Infrastructure, click Java and Process management Process Definition. 3. Under Additional Properties, click Java Virtual Machine. 4. Select the Verbose garbage collection check box.
225
5. In the Generic JVM arguments field, type the following values:

-Xgcpolicy:gencon -Xms640m -Xmx1024m -Xmn512m -Xmos128m -Xmox512m
Note: Solaris does not support this setting. 6. Click OK, and click Save to save changes to the master configuration. 7. If Lotus Sametime Advanced is clustered, repeat the preceding steps for each node of the cluster.
Tuning access to the LDAP server

Set the context pool parameters to improve the performance of concurrent access to an LDAP server.
About this task

The context pool is used in virtual member manager to improve the performance of concurrent access to an LDAP server. Set the context pool parameters in the wimconfig.xml file. Note: The following instructions contain settings that were tested in IBM labs. These are just a starting point. Since your deployment might have a configuration unique to your site, these settings might require more adjustment.
Procedure
1. Use a text editor to open the wimconfig.xml file.
C:\ProgramFiles\IBM\WebSphere\AppServer\profiles\ST_Advanced_Profile\config \cells\machineNameCell\wim\config\wimconfig.xml
2. Set the following parameters:

Parameter maxPoolSize="200" Description Specifies the maximum number of live connections. If there is no available connection in the pool when the request is submitted, the request waits the number of milliseconds specified in poolTimeOut. After this amount of time has passed, if no connection is available and the current number of live connections is less than the maxPoolSize, a new connection is created. If the total number of live connections is equal to or larger than maxPoolSize, an exception is thrown.
226
Parameter poolWaitTime="5000"
Description Specifies the number of seconds a connection can exist in the connection pool. When requesting a connection from the pool, if this connection already exists in the pool for more than the time defined by poolWaitTime, this connection is closed and a new connection is created for the request. After the connection is used it is returned to the pool. If this parameter is set to 0, a new connection is created for each request and no connection are put into the pool for reuse. If this parameter is set to -1 or any negative number, the connection does not expire and is reused until the connection is turned off (for example by a firewall or a socket timeout). The default value is -1.
prefPoolSize="20"
Specifies the preferred number of context instances that the context pool will maintain. Context instances that are in use and those that are idle contribute to this number. When there is a request for the use of a pooled context instance and the pool size is less than the preferred size, the context pool creates and uses a new pooled context instance regardless of whether an idle connection is available. When a request finishes with a pooled context instance and the pool size is greater than the preferred size, the context pool closes and removes the pooled context instance from the pool. The valid range for this parameter is from 0 to 100. Setting the value of this parameter to 0 means that there is no preferred size and a request for a pooled context instance results in a newly created context instance only if no idle ones are available. The default value is 3.
3. Save the file.
Tuning the Web container

You can set the time that the HTTP transport channel allows a socket to remain idle between requests.
About this task

The IBM WebSphere Application Server Web container manages all HTTP requests to servlets, JavaServer Pages and Web services. Requests flow through a transport chain to the Web container. WebSphere Application Server will close a given client connection after a number of requests or a timeout period. You can set a value for persistent timeouts to specify the amount of time, in seconds, that the HTTP transport channel allows a socket to remain idle between requests.
Chapter 7. Tuning
227
Note: The following instructions contain settings that were tested in IBM labs. These are just a starting point. Since your deployment might have a configuration unique to your site, these settings might require more adjustment.
Procedure
1. From Integrated Solutions Console, click Servers Application Servers stadvanced_server_name Web container transport chains WCInboundDefault HTTP inbound channel (HTTP_2). 2. Under General Properties, type 60 in the Persistent timeout field. 3. Click OK.
Tuning security
Enabling security decreases performance. Authentication information persists in the system for a limited amount of time before it expires and must be refreshed. Use the following procedure to tune performance without compromising your security settings.
About this task Procedure

1. From Integrated Solutions Console, click Security Secure administration, applications, and infrastructure. 2. Under Authentication, click Authentication mechanisms and expiration. 3. Under Authentication expiration, increase the value in the Timeout value for forwarded credentials between servers . 4. Click Apply, and then click OK.
Tuning DB2
IBM DB2 is a database management system that stores information used by IBM Lotus Sametime Advanced. A database that has the potential to grow large will require some ongoing tuning by a database administrator.
About this task

The full text indexing required by Lotus Sametime Advanced adds some additional considerations. The text indexing service must be started and stopped when the database is started and stopped. The command to start the database instance on all platforms is:
db2start
The command to start the NSE service is:

db2text start
To stop the database instance, run:

db2stop
To stop the NSE service, run:

db2text stop
Note: DB2 scripts are stored in the \SupportingFiles directory within the Lotus Sametime Advanced software download.
228
Periodically, as the dataset grows, the database administrator should reorganize the objects that need attention, and update the statistics so that the DB2 optimizer can make optimal plans for accessing the data. There is an example script provided that can do this named stadv_reorg.sql. This file will reorganize the indexes that are most likely to require it and will update the statistics in the catalog. This script or one like it should be run periodically when the system is lightly loaded, as it will lock the tables as it runs. The commands to run this script are:
db2 connect to <dbname> db2 tf stadv_reorg.sql
The database administrator should monitor the DMS tablespaces and add additional storage as needed. The default tablespace creation scripts allow the tablespaces to automatically grow to a set size. This set size can be changed, or additional files can be added to the tablespace as needed. After the tablespace has enough data to be representative of a complete dataset, the database administrator might want to enable compression for the PERSISTENTCHATTEXT table. There is an example script provided for doing this. The commands to run this script are:
db2 connect to <dbname> db2 tf enable_compression.sql
On a large dataset, this might take significant time to compress all of the table data. This will not compress the data in the text indexes, which will still take significant storage. The database administrator may wish to do additional maintenance on the full text indexes that are maintained outside of the database. The text indexes can be altered after they are created to modify the frequency of updates. Incremental commits can be configured if the update transactions become too large, and the indexes can be reorganized. See the NSE documentation for more information: http://publib.boulder.ibm.com/infocenter/db2luw/v9/index.jsp. If for any reason, a text index becomes corrupted, re-running dbtext.bat or dbtext.sh will drop all text indexes and recreate them. An additional consideration is that dropping a database does not automatically drop the text indexes. If the database administrator decides to drop a database that contains text indexes, he should run the script dropdbtext.bat or dropdbtext.sh to drop the text indexes first. If the indexes are not dropped, entries for them should be cleaned out of the DB2 ctedem.dat file. Full documentation about this is in the NSE documentation.
Tuning IBM HTTP Server

IBM HTTP Server operates with IBM WebSphere Application Server to provide Web access for IBM Lotus Sametime Advanced.
About this task

Monitoring the CPU utilization and checking the IBM HTTP Server error_log and http_plugin.log files can help you diagnose Web server performance problems. Web servers allocate a thread to handle each client connection. Ensuring that enough threads are available for the maximum number of concurrent client connections helps prevent this tier from being a bottleneck. Check the error_log file to see if there are any warnings about having reached the maximum number of clients.
Chapter 7. Tuning
229
The settings for the Web server can be tuned by making changes to the httpd.conf file on the Web server system. Using the Integrated Solutions Console, go to Servers Web Servers web_server_name Configuration file.
Setting open file limits in Linux

If you have a high volume of users logged in to IBM Lotus Sametime Advanced running on a Linux server, you might encounter too many files exception messages.
About this task

After 1000 or more users log in, the following exception starts appearing in the SystemOut.log, and no more users can log in:
[3/3/08 11:09:46:701 EST] 0000109d exception E com.ibm.ws.wim.adapter.ldap. LdapConnection getDirContext CWWIM4520E The javax.naming.CommunicationException: pir02pc27.westford5.notesdev.ibm.com:389 [Root exception is java.net .SocketException:Too many open files] naming exception occurred during processing. [3/3/08 11:09:46:738 EST] 0000109d exception E com.ibm.ws.wim.adapter.ldap. LdapConnection getDirContext com.ibm.websphere.wim.exception.WIMSystemException: CWWIM4520E The javax.naming.CommunicationException: pir02pc27.westford5. notesdev.ibm.com:389 [Root exception is java.net.SocketException: Too many open files] naming exception occurred during processing.
This problem is caused when a high number of concurrent users get a connection to the Lotus Sametime Advanced server. Java opens many files and Lotus Sametime Advanced uses a lot of file descriptors. Eventually, the server runs out of file descriptors. You can fix this by editing the file descriptor limit in the limits configuration file in Linux.
Procedure
1. Use a text editor and open /etc/security/limits.conf. 2. Add the following lines to set these limits for all users.
* * soft hard nofile nofile 65535 65535
3. Save the file. 4. Stop and restart the machine running the server.
230
Chapter 8. Troubleshooting
Use the following topics to troubleshoot problems.
Other sources of information

Use the following links to find other hints and tips when troubleshooting Lotus Sametime Advanced: v Lotus Sametime wiki:
www-10.lotus.com/ldd/stwiki.nsf/dx/Sametime_Advanced_Troubleshooting_Guide
v Tech Notes for Lotus Sametime Advanced:

www.ibm.com/support/search.wss?q=Sametime%20Advanced&rs=477&tc=SSKTXQ&dc=DB520&dtm
Gathering logs and traces for IBM support

Use the IBM Websphere Collector tool to gather logs and traces that IBM Customer Support can use when troubleshooting your problem.
About this task

The collector tool gathers information about your WebSphere Application Server installation and packages it in a Java archive (JAR) file that you can send to IBM Customer Support to assist in determining and analyzing your problem. Information in the JAR file includes logs, property files, configuration files, operating system and Java data, and the presence and level of each software prerequisite.
Procedure
1. Use the IBM Websphere Collector tool to gather logs and traces from all of the environment machines. For information on using the Websphere Collector tool, see the WebSphere information center at the following Web address (formatted here for readability): http://publib.boulder.ibm.com/infocenter/wasinfo/v6r1/topic/ com.ibm.websphere.nd.doc/info/ae/ae/ttrb_runct.html 2. Run the collector on each of the computers in the Lotus Sametime Advanced deployment. Notes v On each machine, run collector once for each of the WebSphere Application Server profiles. The profiles are stored in the \profiles directory; for example on Microsoft Windows:
C:\Program Files\ibm\WebSphere\AppServer\profiles
v The collector resides in the \bin directory below the profile; for example:
C:\Program Files\ibm\WebSphere\AppServer\profiles\ST_Advanced_Profile\bin\collector.bat
The output from each execution of the collector is placed in your current working directory, and includes the name of the profile on which it was run using the format:
myHostName-MyCellName-MyNodeName-ST_Advanced_Profile-WASenv.jar
231
Note: The generated files will include all log files located in the "logs" directory under the profile directory. To reduce the log size, you might choose to delete all of the existing log files, recreate the problem, and only then gather the logs. 3. Submit the collector generated log files to IBM support.
Setting a diagnostic trace on a server

You can specify how the server handles Lotus Sametime Advanced log records. You can also specify a log detail level for components and groups of components.
Procedure
1. Log in to the Integrated Solutions Console as a WebSphere administrator at http://yourserver.company.com:9060/admin). Note: The port might be 9061 instead of 9060. 2. Click Troubleshooting --> Logs and Trace. 3. Click the Sametime Advanced server that you want to trace. 4. Under General Properties, click Change Log Detail Levels. 5. Select the Runtime tab. 6. Use the following table to determine what type of logging that you want to enable. The table lists the components that you would typically choose. This list of components is not complete. Other components might be chosen depending on the issue being tracked.
Type of logging Persistence General Administration page logging Chat Community Skill tap LDAP Choose this detail level com.ibm.sametime.persistence.* com.ibm.rtc.servlet.* com.ibm.rtc.polled.* com.ibm.collaboration.services.* com.ibm.collaboration.realtime.bcs.skilltap.services. SkilltapAccess com.ibm.collaboration.services.beans.*
7. From the context menu, select All Messages and Traces. You should now see text similar to the following example in the log detail level field: *=info: com.ibm.sametime.persistence.*=all 8. Select Save runtime changes to configuration as well. 9. Click OK, and then Save. 10. Monitor the log file in installation_directory\trace.log
Results
Troubleshooting using JVM logs

To start troubleshooting a problem, check the JVM log files first. These log files collect output for the System.out and System.err output streams for the application server process. One log file is specified for the SystemOut.log output stream and one file specified for the SystemErr.log output stream.
232
About this task

An application can write print data to the JVM logs either directly in the form of System.out.print() or System.err.print() method calls or by calling a JVM function, such as Exception.printStackTrace(). In addition, the System.out JVM log contains system message events written by the WebSphere Application Server. In the case of a IBM WebSphere Application Server Network Deployment configuration, JVM logs are also created for the deployment manager and each node manager, since they also represent JVMs. v SystemOut.log is more useful monitoring the health of the running application server but can help in determining a problem, although it's better to use the IBM Service log and the advanced capabilities of the Log Analyzer to determine a problem. v SystemErr.log contains exception stack trace information that is useful when performing problem analysis. The JVM log files are self-managing to the extent that they can be configured not to grow beyond a certain size. Also, you can set how many historical, or archived, files to keep and which of the log files to rollover or archive based by time or size or both.
Procedure
1. In the Integrated Solutions Console, click Troubleshooting --> Logs and Trace. 2. Click the Sametime Advanced server name. 3. Under General Properties, click JVM Logs. Note: Any configuration changes to the JVM logs that are made to a running Sametime Advanced server do not take effect until you restart the server. Any log and trace settings that you change in the Runtime tab take effect without restarting, but do not take effect once you restart unless you also made those changes in the Configuration tab. 4. To configure or change a log setting, use the settings on the Configuration tab. 5. To view the output of the logs, click the Runtime tab, then click View.
Results
Troubleshooting a failed WebSphere Application Startup

In the event that a change is made to a WebSphere Application Server component of IBM Lotus Sametime Advanced, WebSphere Application Server could fail to start.
Procedure
1. Use a text editor to open the WebSphere Application Server file here: <was_home>\Appserver\profiles\<st_adv_profile>\config\cells\<cellName>\ nodes\<node name>\servers\<st_adv_server>\server.xml. 2. In the server.xml file, search for jvmEntries. For example:
<jvmEntries xmi:id="JavaVirtualMachine_1190064977109" verboseModeClass="false" verboseModeGarbageCollection="false" verboseModeJNI="false" initialHeapSize="1024" maximumHeapSize="1280" runHProf="false" debugMode="false" debugArgs="-Djava.compiler=NONE -Xdebug -Xnoagent
233
-Xrunjdwp:transport=dt_socket,server=y,suspend=n,address=7777" genericJvmArguments="-Xgcpolicy:gencon -Xgc:scvNoAdaptiveTenure, scvTenureAge=8,stdGlobalCompactToSatisfyAllocate -Xmn256m" disableJIT="false"/>
If the JVM arguments are incorrect, you must modify the genericJvmArguments attribute of the jvmEntries element of server.xml. You could leave it blank, to eliminate all errors, or try modifying the value of the attribute until it is correct. Two value here are the heap sizes. These values are set when you set the JVM garbage collection policy. But you can set them set them in the server.xml as well. These values are the initialHeapSize with a recommended value of 1024, and maximumHeapSize, set to a recommended value of 1280. 3. Save the file and restart the server.
Troubleshooting authentication
If users are having difficulties authenticating, check their browser settings for cookies and language.
About this task

v Authenticated users cannot enter chat rooms unless they accept cookies. If a user logs in to IBM Lotus Sametime Advanced and cannot enter a chat room where the user is listed as a member, the user should be sure that the browser is accepting cookies. v Users might have be unable to authenticate if their user IDs and passwords contain characters that are not part of the character set of the language that their browsers use. Follow these instructions to enable cookies and set the language for your browser:
Procedure
1. Open your browser. 2. If you are using Microsoft Internet Explorer, follow these steps: a. Click Tools Internet Options. b. Click the Privacy tab. c. Move the slider to an appropriate selection for your site that accepts cookies. d. Click the General tab. e. Click Languages. f. Use the Remove and Add controls to set your browser to the language whose character set you use in your ID and password. g. Click OK. 3. If you are using Mozilla Firefox, follow these steps: a. Click Tools Options. b. Click the Privacy button. c. Under Cookies, select Accept cookies from sites. d. e. f. g. Click the Advanced button. Click the General tab. Click the Choose button. Select the language whose character set you use in your ID and password.
234
h. Click OK. 4. Click OK.
Troubleshooting Event Broker password changes

If you have changed the password that is used either as the password for the ServiceUserId or DataSourceUserId for any of the IBM WebSphere Event Broker components, for example a remote DB2 server, you might find these components have access problems.
About this task

The ServiceUserID is the user ID under which the broker runs; the DataSourceUserID is the user ID with which the databases containing broker tables and user data are to be accessed. You must re-configure the Event Broker and the Configuration Manager to reflect password changes for these users. The Configuration Manager is the central runtime component that manages the components and resources that constitute the broker domain. Use the mqsichangebroker command for changing the password on the Event Broker, and the mqsichangeconfigmgr command for changing the password on the Configuration Manager. For more information on passwords and using these commands, see "Have you recently changed a password?" in the Event Broker information center at:
publib.boulder.ibm.com/infocenter/wmbhelp/v6r0m0/index.jsp
Procedure
1. Stop the Event Broker. 2. Open a command line on the Event Broker server. 3. Type the following command:
mqsichangebroker broker_name -a new_service_user_id_password -p db_user_id_password
If you are only changing one password, for example, the DataSourceUserID password, you can use the same command:
mqsichangebroker broker_name -p db_user_id_password
4. Restart the Event Broker for the changes to take effect. 5. Stop the Configuration Manager. 6. Open a command line on the Event Broker server. 7. Type the following command:
mqsichangeconfigmgr configuration_manager_name -a <new_service_user_id_password
8. Restart the Configuration Manager for the changes to take effect.
235
236
Notices
This information was developed for products and services offered in the U.S.A. IBM may not offer the products, services, or features discussed in this document in other countries. Consult your local IBM representative for information on the products and services currently available in your area. Any reference to an IBM product, program, or service is not intended to state or imply that only that IBM product, program, or service may be used. Any functionally equivalent product, program, or service that does not infringe any IBM intellectual property right may be used instead. However, it is the user's responsibility to evaluate and verify the operation of any non-IBM product, program, or service. IBM may have patents or pending patent applications covering subject matter described in this document. The furnishing of this document does not grant you any license to these patents. You can send license inquiries, in writing, to: IBM Director of Licensing IBM Corporation North Castle Drive Armonk, NY 10504-1785 U.S.A. For license inquiries regarding double-byte (DBCS) information, contact the IBM Intellectual Property Department in your country or send inquiries, in writing, to: Intellectual Property Licensing Legal and Intellectual Property Law IBM Japan Ltd. 1623-14, Shimotsuruma, Yamato-shi Kanagawa 242-8502 Japan The following paragraph does not apply to the United Kingdom or any other country where such provisions are inconsistent with local law: INTERNATIONAL BUSINESS MACHINES CORPORATION PROVIDES THIS PUBLICATION AS IS WITHOUT WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF NON-INFRINGEMENT, MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE. Some states do not allow disclaimer of express or implied warranties in certain transactions, therefore, this statement may not apply to you. This information could include technical inaccuracies or typographical errors. Changes are periodically made to the information herein; these changes will be incorporated in new editions of the publication. IBM may make improvements and/or changes in the product(s) and/or the program(s) described in this publication at any time without notice. Any references in this information to non-IBM Web sites are provided for convenience only and do not in any manner serve as an endorsement of those Web sites. The materials at those Web sites are not part of the materials for this IBM product and use of those Web sites is at your own risk.
237
IBM may use or distribute any of the information you supply in any way it believes appropriate without incurring any obligation to you. Licensees of this program who wish to have information about it for the purpose of enabling: (i) the exchange of information between independently created programs and other programs (including this one) and (ii) the mutual use of the information which has been exchanged, should contact: IBM Corporation 5 Technology Park Drive Westford Technology Park Westford, MA 01886U.S.A. Such information may be available, subject to appropriate terms and conditions, including in some cases, payment of a fee. The licensed program described in this information and all licensed material available for it are provided by IBM under terms of the IBM Customer Agreement, IBM International Program License Agreement, or any equivalent agreement between us. Any performance data contained herein was determined in a controlled environment. Therefore, the results obtained in other operating environments may vary significantly. Some measurements may have been made on development-level systems and there is no guarantee that these measurements will be the same on generally available systems. Furthermore, some measurements may have been estimated through extrapolation. Actual results may vary. Users of this document should verify the applicable data for their specific environment. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. All statements regarding IBM's future direction or intent are subject to change or withdrawal without notice, and represent goals and objectives only. All IBM prices shown are IBM's suggested retail prices, are current and are subject to change without notice. Dealer prices may vary. This information is for planning purposes only. The information herein is subject to change before the products described become available. This information contains examples of data and reports used in daily business operations. To illustrate them as completely as possible, the examples include the names of individuals, companies, brands, and products. All of these names are fictitious and any similarity to the names and addresses used by an actual business enterprise is entirely coincidental. COPYRIGHT LICENSE: This information contains sample application programs in source language, which illustrate programming techniques on various operating platforms. You may copy, modify, and distribute these sample programs in any form without payment to
238
IBM, for the purposes of developing, using, marketing or distributing application programs conforming to the application programming interface for the operating platform for which the sample programs are written. These examples have not been thoroughly tested under all conditions. IBM, therefore, cannot guarantee or imply reliability, serviceability, or function of these programs. The sample programs are provided "AS IS", without warranty of any kind. IBM shall not be liable for any damages arising out of your use of the sample programs. Each copy or any portion of these sample programs or any derivative work, must include a copyright notice as follows: (your company name) (year). Portions of this code are derived from IBM Corp. Sample Programs. Copyright IBM Corp. _enter the year or years_. All rights reserved. If you are viewing this information softcopy, the photographs and color illustrations may not appear.
Trademarks
These terms are trademarks of International Business Machines Corporation in the United States, other countries, or both: IBM AIX DB2 DB2 Universal Database Domino Domino Domino Designer Domino Directory i5/OS Lotus Lotus Notes Notes OS/400 Sametime WebSphere AOL is a registered trademark of AOL LLC in the United States, other countries, or both. AOL Instant Messenger is a trademark of AOL LLC in the United States, other countries, or both. Google Talk is a trademark of Google, Inc, in the United States, other countries, or both. Yahoo! is a registered trademark of Yahoo, Inc. in the United States, other countries, or both. Yahoo! Messenger is a trademark of Yahoo, Inc. in the United States, other countries, or both. Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.
Notices
239
Microsoft, and Windows are registered trademarks of Microsoft Corporation in the United States, other countries, or both. Intel and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States, other countries, or both. Linux is a trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.
240
Printed in USA

Lotus Sametime Advanced 8.0.1 For IBM Lotus Sametime Standard 8.5.1 Installation and Administration Guide

Uploaded by

Document Information

Original Description:

Original Title

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Lotus Sametime Advanced 8.0.1 For IBM Lotus Sametime Standard 8.5.1 Installation and Administration Guide

Uploaded by

Copyright:

Available Formats

Sametime Version 8.5.

Sametime Version 8.5.1

Chapter 6. Administering . . . . . . 203

Chapter 4. Upgrading . . . . . . . . 135

Chapter 5. Configuring . . . . . . . 143

143 143 148 156 157

. 217 . 219 . . . . . . . 220 220 220 221 221 222 222

227 228 228 229 230

Chapter 8. Troubleshooting . . . . . 231

Lotus Sametime Advanced: Installation and Administration Guide

What is Lotus Sametime Advanced?

What's new in Lotus Sametime Advanced

LTPA token support

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Connections 2.5

Accessibility features for Lotus Sametime Advanced

Navigating the console by using the keyboard

Navigating help by using the keyboard

IBM and accessibility

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced installation overview

Copyright IBM Corp. 2007, 2010

Lotus Sametime Advanced: Installation and Administration Guide

About this task

Before you begin

About this task

Downloading Lotus Sametime Advanced files for installation

Before you begin

About this task

Installing Lotus Sametime Standard

Copyright IBM Corp. 2007, 2010

Installing Lotus Sametime Advanced

Installing Lotus Sametime Advanced on a single server

Lotus Sametime Advanced: Installation and Administration Guide

5. Navigate to the directory containing the extracted archive installer:

6. Run the installation with the following command:

Lotus Sametime Advanced: Installation and Administration Guide

Option Enter WAS Admin User ID :

Enter WAS Admin Password :

Enter Sametime Advanced Admin User ID :

Lotus Sametime Advanced: Installation and Administration Guide

e. Exit the DB2 Command window by running the following command:

Lotus Sametime Advanced: Installation and Administration Guide

3. Run the prerequisite installer with the following command:

Password Confirm password

Existing Administrative User ID Administrative User Password

Lotus Sametime Advanced: Installation and Administration Guide

e. Exit the DB2 Command window by running the following command:

;%MQSIINSTALLPATH%\classes\commons-codec-1.3.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-3.1.jar ;%MQSIINSTALLPATH%\classes\commons-logging-1.1.jar ;%MQSIINSTALLPATH%\classes\commons-httpclient-contrib-3.1.jar

b. Start the broker with the following command:

Lotus Sametime Advanced: Installation and Administration Guide

Sample output for Windows

e. Exit the DB2 Command window by running the following command:

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced: Installation and Administration Guide

Search for the following text: "Installing a WebSphere MQ server".

b. Run the following command to install the MQSeries Java application:

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced: Installation and Administration Guide

Lotus Sametime Advanced: Installation and Administration Guide