BP501 - Building and deploying custom IBM sametime connect client installations - IBM Connect 2014
-
Upload
carl-tyler -
Category
Technology
-
view
8.926 -
download
4
description
Transcript of BP501 - Building and deploying custom IBM sametime connect client installations - IBM Connect 2014
© 2014 IBM Corporation
BP501: Building and Deploying Custom IBM Sametime Connect Client Installations
Carl Tyler, Epilio
What we’ll cover…
What’s in the IBM Sametime Installer?
Extending a default IBM Sametime Install to include Fix packs or 3rd party applications
How to predefine settings for users during installation
Managing IBM Sametime Connect Client Settings post installation
Questions (if time)
2
What’s in the Sametime Installation?
Contained in the IBM Download– sametimeclient.for.notes
• Notes Client Installer – sametimeclient.network.install
• Sametime Client installer – packaged for placing on Community Server for installation via web browser
– sametimeclient.optional.components• Office Components• SharePoint Components• Additional spell Check Languages
– sametimeclient.standalone• Standalone Sametime Client Installer
– Each contains Linux, Macintosh and Windows
3
Drill down into sametimeclient.standalone – Expand ZIP
readme_silentinstall.html
setup.bat– Can be edited and tweaked based upon whether this is a fresh installation, upgrade etc.
Documented within file.
setup.exe, setup.msi– If you want to save space, if you’re going to install with the MSI, delete the EXE and
vice-verse
Deploy folder– Contains Java Signing keys, plugin_customization.ini, install.xml
updateSite folder– Contains the features and plugins that make up the Sametime Client
silentinstall.ini
4
silentinstall.ini - Customized settings for silent install
5
Parameter Description
LAPAGREE=YES Accept License Agreement, mustbe YES for silent install
STSERVERNAME=st.acme.com Hostname of Sametime server
STCOMMUNITYNAME=Name Community Name
STSERVERPORT=1533 Sametime Server IP port number
See readme_silentinstall.html for other parameters
Extending a default IBM Sametime Install to include Fix packs or 3rd party applications Step 1 – Obtain the Update site for the plug-in
– This should contain• Site.xml• Features folder• Plugins folder
Step 2 – Copy the contents of the features and plugins folders into their equivalent folder within the expanded Sametime Installer folders
Step 3 – Update the contents of the site.xml within the expanded Sametime updatesite folder with the contents of the plugins update site site.xml file
Step 4 – Update the contents of the install.xml within the deploy folder with the contents of the vendor supplied install.xml file.
Step 5 – Sign Jars; if the jar files aren’t digitally signed, they need signing or plugin_customization.ini needs updating to allow unsigned code.
6
Step 3 More Detail – Update Site.xml
Site.xml specifies the location of the features to install, think of it as a to do list of plugins to add.
To add the plugin update site contents to the site.xml– Copy the plugin site.xml contents from between the <site> and </site> tags to the
clipboard– Paste the contents above the line </site> in the installer site.xml– Example <feature url="features/Wallpaper_1.0.4.jar" id="Wallpaper" version="1.0.4">
<category name="Epilio Wallpaper for IBM Lotus Sametime"/></feature><category-def name="Epilio Wallpaper for IBM Lotus Sametime" label="Epilio Wallpaper for IBM Lotus Sametime"/>
Some plugins may contain more features, the steps are the same.
7
Step 4 More Detail – Update install.xml
Install.xml specifies the location of features to install
To add the install.xml update site contents to the deploy install.xml– Copy the update site install.xml contents from between the <install> and </install> tags
to the clipboard– Paste the contents above the </install> in deploy install.xml– Example <installfeature id="EpilioWallpaper" required="true" mergeaction="add"><requirements>
<feature id="Wallpaper" version="1.0.4" match="compatible" download-size="700" size="700" action="install" shared="true" url="“/></requirements>
8
Step 5 - Signing Jars
If the Jar is already signed by a trusted signer, no need for these steps.
You will need the Java JDK, not just the Java runtime environment
Create a keystore and generate the key pair– "c:\java\jdk1.7.0_51\bin\keytool" -genkey -dname "cn=Carl Tyler, ou=Dev, o=Epilio, c=US" -alias "Connect2014Cert" -keypass Connect2014Pass -keystore C:\Keys\mykeystore -storepass password -keyalg "RSA" -validity 720
Check the newly created self-signed certificate/key pair– “c:\java\jdk1.7.0_51\bin\keytool" -list -v -alias "Connect2014Cert" -keystore C:\Keys\mykeystore -storepass password
9
Step 5 - Signing Jars Continued…
Sign the updatesite features JAR files (in the features folder) using the self-signed certificate/key pair
– "c:\java\jdk1.7.0_51\bin\jarsigner" -verbose -keystore C:\Keys\mykeystore -storepass password -keypass Connect2014Pass C:\st9win\updateSite\features\Wallpaper_1.0.4.jar "Connect2014Cert" -digestalg SHA1 -sigalg SHA1withRSA
Sign the updatesite plugin JAR files (in the plugins folder) using the self-signed certificate/key pair
– "c:\java\jdk1.7.0_51\bin\jarsigner" -verbose -keystore C:\Keys\mykeystore -storepass password -keypass Connect2014Pass C:\st9win\updateSite\plugins\com.epilio.plugins.Wallpaper_1.0.4.jar "Connect2014Cert" -digestalg SHA1 -sigalg SHA1withRSA
10
Step 5 - Signing Jars Continued…
Export a trust certificate that can authenticate your public key.– "c:\java\jdk1.7.0_51\bin\keytool" -export -alias "Connect2014Cert" -file SelfSignedCertforConnect2014.cer -keystore c:\Keys\mykeystore -storepass password
Add the exported trust certificate to the Sametime install kit keystore to enable trust for your public key at install
– "c:\java\jdk1.7.0_51\bin\keytool" -import -keystore "C:\st9win\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -alias "Connect2014Cert" -
file SelfSignedCertforConnect2014.cer -storepass "changeit"
List the entries in the Sametime Jar File (optional)– "c:\java\jdk1.7.0_51\bin\keytool" -list -v -keystore "C:\st9win\deploy\.keystore.JCEKS.IBM_J9_VM.install" -storetype JCEKS -storepass "changeit"
11
Step 5 – Alternative, easier, less secure approach…
Modify Sametime to trust unsigned jar files.
Modify plugin_customization.ini located in the installers deploy folder
Add/Modify the lines– # settings for enabling PKI based provisioning securitycom.ibm.rcp.security.update/VERIFICATION_LISTENER=com.ibm.rcp.security.update.DefaultVerificationListenercom.ibm.rcp.security.update/EXPIRED_SIGNATURE_POLICY=ALLOWcom.ibm.rcp.security.update/UNSIGNED_PLUGIN_POLICY=ALLOWcom.ibm.rcp.security.update/UNTRUSTED_SIGNATURE_POLICY=ALLOW
If you take this approach, be sure to remove/change these settings after install to protect the Sametime installation from rogue code
12
Alternative method to install fixpacks, 3rd party integration
Sametime is based upon Expeditor, Expeditor has command switches that can be used to install update sites.
Chain installations together, install client, then install update site, then install 3 rd party etc.
Using the following command to install update site– “[STInstallDir]\rcp\rcplauncher.exe” -nosplash -com.ibm.rcp.provisioning#provisioningCommand -provisioningOperation provision “install.xml" -application com.ibm.rcp.provisioning.application.ProvisioningApplication -provisioningStatusLog “\stInstall.log“
– Notice it points to the update sites install.xml not the site.xml
When performed, the client is not seen.
Remember to update plugin_customization.ini to allow the unsigned jars to install.
Often easier than editing/merging install.xml type documents.
13
How to predefine settings for users during installation
To preconfigure default settings for the client, you can use plugin_customization.ini, and also managed-settings.xml and managed-community-configs.xml
plugin_customization.ini file is used to setup the clients “initial” runtime behavior– Modify the copy in the “deploy” folder of the installer to define settings– Settings are read when the user's workspace is created– Define settings you couldn’t set in silentinstall.ini, example multiple communities.
The managed- settings allow items to be locked down, so the user cannot change them in the client, similar to policies, but allows them to be set before the client has connected to the Sametime Server and authenticated.
List of Customization settings:– http://epil.io/hu530
14
Example for preconfiguring two communities
#define managedIds for alternate communitiescom.ibm.collaboration.realtime.community/altCommunityConfig.managedIds=Host1,revProxy#define alternate community for altHost1 (disabled)com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.enabled=falsecom.ibm.collaboration.realtime.community/altCommunityConfig.Host1.desc=Alternate host IP1com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.targetCommunityHost=st.acme.comcom.ibm.collaboration.realtime.community/altCommunityConfig.Host1.host=192.0.2.0com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.weight=1com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.port=1544com.ibm.collaboration.realtime.community/altCommunityConfig.Host1.connectionType=direct#define alternate community for reverse proxycom.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.desc=Reverse proxy for server1com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.targetCommunityHost=st.acme.comcom.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.weight=0com.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.connectionType=reverse-proxycom.ibm.collaboration.realtime.community/altCommunityConfig.revProxy.proxyHost=http://reverseproxy.acme.com:81/server1
15
Managing IBM Sametime Connect Client Settings post installation For updating a deployed user base, rely on managed-settings.xml and managedcommunity-
configs.xml file to control settings– If local preferences are different to the server defined settings, the server provided
managed settings will win– So configure locked down settings, and leave out the settings end users are allowed to
change
Files are served up from a HTTP server, both files should be placed in the location where the Sametime policy update site points.
– Example, if the administration update site URL is http://acme.com/updates, the client looks for updated preferences in http://acme.com/updates/managed-settings.xml.
Use different policies to point to different updatesite/settings file locations
Managed settings are updated every 12 hours and whenever the Sametime Connect client is started.
16
Example managed-settings.xml to add alternative community <ManagedSettings><settingGroup name="com.ibm.collaboration.realtime.community"><setting name="altCommunityConfig.managedIds" value="Host2"/><!-- define alternate community Host2 --><setting name="altCommunityConfig.Host2.enabled" value="false"/><setting name="altCommunityConfig.Host2.desc" value="Alternate host IP1"/><setting name="altCommunityConfig.Host2.targetCommunityHost" value="st2.acme.com"/><setting name="altCommunityConfig.Host2.host" value="192.0.3.0"/><setting name="altCommunityConfig.Host2.weight" value="1"/><setting name="altCommunityConfig.Host2.port" value="1544"/> <setting name="altCommunityConfig.Host2.connectionType" value="direct"/></settingGroup></ManagedSettings>
This doesn’t replace the existing community, it adds a new alternative one.
17
Managing IBM Sametime Connect Client Settings post installation Continued… All unlocked settings can be modified by the user. Once a setting is modified by the user,
any subsequent update to the same setting will not apply unless the setting is changed to isLocked=true on the settings XML file. This behavior is consistent with settings changed with the plugin_customization.ini file. User-modified preferences take precedence over settings from the plugin_customization.ini file and settings XML file. However, if the user's workspace is cleaned, the administrator's values will apply.
Any settings or setting groups removed from the settings XML file (for example, to unmanage those settings) will remain on the client, and if the setting was previously locked, it will be automatically set to unlocked.
All unmanaged settings will automatically be managed as standard preferences.
18
Changing a Sametime Server using managed-community-configs.xml This will update the existing Sametime Server Settings, to point to a new host. <managed-communities><managed-community id="Host1" host="192.0.2.0" newHost="192.0.2.1"/><managed-community-action type="update" managed-community-id="Host1"/></managed-communities>
By default update actions result in a client restart if the host name is changed. So using this managed-community-configs.xml the client will restart.
19
Really useful web pages
List of client preferences– http://www.lotus.com/ldd/stwiki.nsf/dx/Sametime_client_preferences_st9
Automatically updating client preferences with the managed-settings.xml file– http://www.lotus.com/ldd/stwiki.nsf/dx/
Automatically_updating_client_preferences_with_the_managedsettings.xml_file_st9
Editing the plugin_customization.ini file to add custom features and change default preferences
– http://www-10.lotus.com/ldd/stwiki.nsf/dx/Editing_the_plugincustomization.ini_file_to_add_custom_features_and_change_default_preferences_st9
Configuring managed preferences providers– http://www.lotus.com/ldd/lewiki.nsf/dx/Configuring_providers_XPD623
Managed community settings– http://www.lotus.com/ldd/stwiki.nsf/dx/Managed_community_settings_sta9
20
Feel free to contact me
Carl [email protected]: @flyboytylerSkype: CarlTylerGreenhouse: [email protected]
Tel: 1-866-9Ep-ilio (937-4546)
http://www.epilio.com
21
Access Connect Online to complete your session surveys using any:– Web or mobile browser – Connect Online kiosk onsite
22
23
Acknowledgements and Disclaimers
© Copyright IBM Corporation 2014. All rights reserved.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.
Please update paragraph below for the particular product or family brand trademarks you mention such as WebSphere, DB2, Maximo, Clearcase, Lotus, etc.
IBM, the IBM logo, ibm.com, [IBM Brand, if trademarked], and [IBM Product, if trademarked] are trademarks or registered trademarks of International Business Machines Corporation in the United States, other countries, or both. If these and other IBM trademarked terms are marked on their first occurrence in this information with a trademark symbol (® or ™), these symbols indicate U.S. registered or common law trademarks owned by IBM at the time this information was published. Such trademarks may also be registered or common law trademarks in other countries. A current list of IBM trademarks is available on the Web at “Copyright and trademark information” at www.ibm.com/legal/copytrade.shtml
If you have mentioned trademarks that are not from IBM, please update and add the following lines:
[Insert any special 3rd party trademark names/attributions here]
Other company, product, or service names may be trademarks or service marks of others.
Availability. References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates.
The workshops, sessions and materials have been prepared by IBM or the session speakers and reflect their own views. They are provided for informational purposes only, and are neither intended to, nor shall have the effect of being, legal or other guidance or advice to any participant. While efforts were made to verify the completeness and accuracy of the information contained in this presentation, it is provided AS-IS without warranty of any kind, express or implied. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this presentation or any other materials. Nothing contained in this presentation is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.
All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.