IBM Lotusphere 2012 Show301: Leveraging the Sametime Proxy to support Mobile users and Web...

© 2012 IBM Corporation

SHOW301 Leveraging the Sametime Proxy to support Mobile users and Web applications

Tony Payne | Software Engineer | IBMWilliam Holmes | Software Engineer | IBM

2 | © 2012 IBM Corporation

IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s sole discretion.

Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.

The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract. The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.

| © 2012 IBM Corporation

Agenda – Server Deployment and Configuration

■ PreRequisites - ─ Software and Hardware Requirements

─ LDAP

─ DB2

─ Community Server

– Must have at least one registered with the SSC.

– STProxy → Community Connections

─ LDAP considerations

─ Single Sign On Configuration

■ Planning The deployment─ Deployment types

– Cell, PN, SN

– Clustering

─ Network Port Diagrams

– Single vs Clustered approach

–

■

■


Agenda – Server Deployment and Configuration■ Installation Walkthru

─ Sametime System Console

– Upgrade to IFR1

─ Sametime Proxy Guided Activity

– Upgrade to IFR1

■ Post Installation Configuration─ Trusted IPs

─ Configuring Single Sign On

─ Sametime Proxy Database Deployment for Mobile

─ DataSource Configuration

─ Sametime Proxy Configuration for Mobile Devices

■


Agenda – Mobile Devices and Application Development■ The Mobile client

─ iOS

─ Android

─

■ The Web client

─

■ Creating your own web applications

─

■ Troubleshooting

─ Mobile client

─ Web client

─


IBM Sametime 8.5.2 Prerequisites

■ IBM Sametime 8.5.2 System Console Server requires─ IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)

─ IBM DB2 9.7 or 9.5 FP1

─ LDAP directory server (Supported IBM® Lotus® Domino® Directory LDAP, Microsoft® Active Directory, IBM Tivoli® Directory Server, SunOne® iPlanet®, Novell® eDirectory®)

■ IBM Sametime 8.5.2 Sametime Community Server requires─ IBM Lotus Domino 8.5.1 or 8.5.2 (32 Bit Version only)

─ LDAP directory server

■ IBM Sametime 8.5.2 Proxy Server requires─ IBM WebSphere Application Server 7.0.0.15 (provided automatically via Install)

─ IBM Sametime Community Server (Version >= 7.5.1)


IBM Sametime 8.5.2 Software Requirements■ Client

─ Windows XP (SP2), XP Tablet, Vista and Windows 7 – 32 and 64 bit

─ MAC OS X 10.6.2 x86-64 and future OS fix packs

─ RHEL 5.0 Update 4 Desktop Edition x86-32 and future OS fix packs

─ SLED 10.0 SP3 and 11.0 SP1 32 and 64 bit and future OS fix packs

─ Ubuntu 10.04 LTS x85-32 and future OS fix packs

■ Server─ Windows Server 2003/2008 - 32 and 64 bit (including R2)

─ Linux (RHEL, SLES) - 32 and 64 bit

─ AIX 5.3/6.1

─ i5/OS 5.4, 6.1

─ Solaris 10

─ ESX and ESXi 4.0, MS Hyper-V R2

■ Browsers─ Microsoft® Internet Explorer 6.x, 7.x, 8.0 (Windows)

─ Firefox 3.5 and 3.6 (Windows, Mac, Linux)

─ Safari 5.0 (Mac)

■ Other─ Domino 8.5.1/8.5.2 for Community Server / 'Classic' meetings


IBM Sametime 8.5.2 Hardware Requirements■ Server 1

─ IBM DB2 Server,

─ IBM Sametime 8.5.2 System Console,

─ IBM Sametime 8.5.2 Proxy Server,

– Quad CPU, 8GB RAM or more, 100GB disk space or more, 64 Bit OS

– 1 GBit Network Interface with 2 IP addresses and 2 additional DNS Alias entries.

■

■ Server 2─ IBM Sametime 8.5.2 Community Server

– Single CPU, 2GB RAM or more, 10GB disk space or more, 32 or 64 Bit OS

– 1 GBit Network Interface


Other Requirements■ Make sure that all servers you want to use can be resolved in DNS.■

■ If DNS is not available then list all full qualified server names and IP addresses from all servers in the hosts file and publish this file to all servers.

■

■ If you use Windows 2008 as Operating System, then you need to start all installations and configurations in “Administrative mode“.

■

■ You need a LDAP Server hosting your user base. This can be a Domino LDAP or Microsoft Active Directory or any other supported V3 LDAP.


Required Files■ For a Windows installation you need to download these files from Passport

Advantage:─ Sametime 8.5.2

CZYG1ML.zip IBM DB2 9.7 32Bit Limited Use for Sametime

CZYF2ML.zip IBM Sametime System Console Server

CZYD7ML.zip IBM Sametime Community Server Standard

CZYE6ML.zip IBM Sametime Proxy Server

─ IFR 1 Upgrades

CI3Y8ML.zip IBM Sametime System Console Server

CI3Y9ML.zip IBM Sametime Community Server Standard

CI3YCML.zip IBM Sametime Proxy Server

■ Create a directory, for example “C:\Install”, on the servers where you want to install. Then unpack the downloaded files into this directory. Just unpack the files required for your deployment architecture on the particular server.

■ Even if you are installing on a 64Bit OS (Windows 2008 R2 64Bit) use the 32Bit DB2 and NSE. It just works and makes the installation easier.


Sametime Proxy Deployment – A few definitions■ What is a CELL

─ A Websphere Cell is comprised of a Deployment Manager and any number of physical 'Nodes'

─ A 'Node' is defined as a physical host running an instance of Websphere Software and is comprised of

– A Node Agent

– Any number of Websphere Servers

─ A 'Primary Node' serves as a template for 'Secondary' nodes, and is a logical definition within the Sametime Deployment Planning stages

■ The Deployment Manager is responsible for maintaining the configuration of its nodes in a central location.

■ In most Sametime Deployments, the Sametime System Console serves as the Deployment Manager

─ Centralized administration of all Websphere and Sametime Components

─ A Sametime Deployment can also be comprised of Multiple Websphere CELLs depending on your specific deployment requirements.

─

─

■

─


Sametime Proxy Deployment – Pilot Environment

9080/9443 1516

Sametime Community Server

Sametime System ConsoleDB2

LDAP

50000 389/636

9080/9443

DMGR

Sametime Proxy Server

PN


Sametime Proxy Deployment – Clustered Environment

9080/9443 1516

Sametime Proxy Cluster

Sametime Community Cluster

Sametime System Console

DB2

LDAP

50000 389/636

80/443

9080/9443

PN

SN

DMGR

Load Balancer


Sametime Proxy Deployment – Connectivity model■ Connects to the Configured hostname to retrieve configuration

─ Can change the address to a loadbalanced address after installation

■ Connects to all listed Sametime Servers in the environment─ Use the 'cluster list' to limit this connectivity if desired

■

■ When a user logs in─ The username is first resolved, this allows for the Sametime Proxy to direct the user's login to

the appropriate Home Sametime Server if configured

─ If no Home Sametime Server is configured, the user is logged into the next available server

■

■ ALL connections from Sametime Proxy to Sametime Community is on 1516■

■ ALL Sametime Proxy nodes must be listed in ALL Sametime Community Server trusted IP list

─

─


Upgrade the System Console to 8.5.2 IFR1■ Protips -

─ ShutDown Services

─ Follow instructions from TN -

– http://www-10.lotus.com/ldd/stwiki.nsf/dx/Updating_Sametime_servers_to_Interim_Feature_Release_1_st852ifr1

– http://www-10.lotus.com/ldd/stwiki.nsf/dx/Installing_Sametime_8.5.2_Interim_Feature_Release_1_on_the_Sametime_System_Console_st852ifr1

─ http://www-01.ibm.com/support/docview.wss?uid=swg21574839

■


Upgrading the Sametime System Console to IFR1■ Installation Files – Click update ...

ProTip – Make sure Websphere Serversare shutdown before clicking update!


Upgrading the Sametime System Console to IFR1■ Workbench Loads ...


Upgrading the Sametime System Console to IFR1■ Click Update ...


Upgrading the Sametime System Console to IFR1■ Select Package to update -Click Next ...


Upgrading the Sametime System Console to IFR1■ Shows what you're about to update to – click Next ...


Upgrading the Sametime System Console to IFR1■ Validating prerequisites ...


Upgrading the Sametime System Console to IFR1■ Make sure all processes are stopped, click Next ...


Upgrading the Sametime System Console to IFR1■ Click Update ...


Upgrading the Sametime System Console to IFR1■ Update begins ...


Upgrading the Sametime System Console to IFR1■ Update continues ...


Upgrading the Sametime System Console to IFR1■ Update Success ! Click Finish


Verifying the IFR1 Installation■ Access the Integrated Solutions Console –

https://<hostname>:8701/ibm/console and authenticate.


Upgrade the Sametime Proxy Primary Node to IFR1■ Shut down the Services FIRST -


Upgrade the Sametime Proxy Primary Node to IFR1■ From the Installation Media, click update ...


Upgrade the Sametime Proxy Primary Node to IFR1■ The workbench loads ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Click Update ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Click Next ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Confirm you updating the Sametime Proxy Server to IFR1, click Next ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Make sure the processes are stopped, click Next ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Click Update ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Update begins ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Update continues ...


Upgrade the Sametime Proxy Primary Node to IFR1■ Update Finished, Success! Click Finish.


Verify the Sametime Proxy Upgrade■ Version is now 8.5.2 IFR 1


Verify the Sametime Proxy Installation■ Make sure the server is running and the ports it is listening on ...


Verify the Sametime Proxy Installation


Configuration Time■

■ Add Sametime Proxy Servers to Community Trusted IPs■ Configure Single Sign On■ Create Sametime Proxy Database for iPhone■ Create JNDI datasource references■ Configure Connectivity to Apple Services■

■


Add the Sametime Proxy Servers to the Sametime Community Server Trusted IPs

■ The community server accepts connections from the Sametime Media Manager, the Sametime Gateway, the Sametime Community Multiplexer, and the Sametime Proxy Server, as well as other servers that are listed in the Community Services page. To ensure that the Sametime Community Server trusts these components when they establish a connection, you must add the trusted server's IP address to the community server.

■ If you are installing a cluster of media manager servers, gateway servers, or proxy servers, be sure to complete include the IP address of the primary node as well as every secondary node in the cluster (you do not need to include the deployment manager).

■ You do not need to add the system console's IP address ■ This task must be completed separately for each server within a community

server cluster, as well as for multiple non-clustered community servers.■



■ Log in to the Integrated Solutions Console.─ Click Sametime System Console -> Sametime Servers -> Sametime Community Servers.

─ In the Sametime Community Servers list, click the deployment name of the server with the list of trusted IP addresses that you want to change.

─ Click the Connectivity tab.

─ Under Trusted Servers, enter the IP address of the server that must connect to the Sametime Community Server in the New IP Address field, and click Add.

■ Note:─ If you have a cluster, type the IP addresses of the primary node and all secondary nodes,

separating each address with a comma. Do not include the IP address of the deployment manager.

─ For the media manager, enter the Conference Manager server IP address.

─ To delete an IP address from the list, select it and click Delete Selected.

■ Click OK.■ Restart the community server for the change to take effect.■



■ Access the Sametime Community Servers and select the Community Server ...



■ At the bottom of the form find the section labeled “Trusted Servers”─ Enter the IP address of the Sametime Proxy Nodes(s) and click “Add”

─

─

─

─

─

─

─

─

─

─

─

─ After adding all trusted IP addresses – click “OK”

■ Repeat for All Community Servers■ Restart the Community Server(s) for the change to take effect.■


Configure Single Sign On■ The Sametime Community Server installation creates a Domino® SSO key. You

must replace the Domino SSO key with a WebSphere LTPA key to allow the Sametime Community server running on Domino and the other servers running on WebSphere Application Server to have an identical key for token validation and generation.

■ If Sametime servers running on WebSphere Application Server are managed by different Sametime System Console, you must export the LTPA key from one of the servers (the Media Manager SIP Proxy and Registrar, Meeting Server, or Advanced server).


Configure Single Sign On - Websphere■ Log in to the Integrated Solutions Console for the Sametime server.

─ Click Security -> Global Security -> WEB and SIP Security -> Single Sign-on (SSO).

– Make sure that the Domain name matches the Sametime Server domain.

– Note: Verify that Interoperability Mode is selected.

─ Click OK and save the master configuration.

─ Click Security -> Global Security.

– Under Authentication, click LTPA.

– In the LTPA timeout section, set the timeout value to a value larger than the default to minimize the potential for an LTPA token to expire during an active meeting. A value that covers a period somewhat longer than a typical work day, such as 600 minutes, is recommended.

– Under Cross Cell single sign-on, enter a Password, confirm the password, and specify a file name to store the key. Click Export keys.

─ Make a note of the location of the file created. You need to know its location when you import the file to the Sametime Community Server.

■ Navigate to the directory where you exported the LTPA key.■ Copy the LTPA key to a location where you can access the file from the

Sametime Community Server.■ If you make any changes here, restart ALL servers in the CELL


Configure Single Sign On - Websphere■ Click Security→Global Security→WEB and SIP Security→Single Sign-on (SSO).


Configure Single Sign On - Websphere– Make sure that the Domain name matches the Sametime Server domain.– Note: Verify that Interoperability Mode is selected.


Configure Single Sign On - Websphere

─ Click Security → Global Security → Under Authentication, click LTPA.


Configure Single Sign On - Websphere■ Set the LTPA timeout to

your desired value─ Click “Apply” to make

changes

■ Only click “Generate Keys” if you really need to do so

─ Requires restart to apply before you can export

■ Import keys requires restart■ Export keys does not


Configure Single Sign On – Domino ■ Import the LTPA keys used by Sametime servers in the same DNS domain.

─ Open the names.nsf file on the Domino server for the Sametime Community Server.

─ Click Configuration -> Web Web Configurations view.

─ Open the Web SSO Configuration for LtpaToken document.

─ Click Edit SSO Configuration.

─ Click Keys -> Import WebSphere LTPA keys.

─ Type in the exact file location of the key file you exported from the Saemtime System Console

─ Enter the password you set on the key file when you exported it

─ Click OK.

■ The message "Successfully imported WebSphere LTPA keys" appears after the key has been imported.


Configure Single Sign On – Domino ■ The Web SSO Configuration Document


Configure Single Sign On – Domino ■ Click Edit ...


Configure Single Sign On – Domino ■ Click Import Websphere LTPA Keys ...


Configure Single Sign On – Domino ■ Click OK ...


Configure Single Sign On – Domino ■ Provide path to LTPA keys you exported from Websphere, click OK ...


Configure Single Sign On – Domino ■ Provide Password to key file, click OK ...


Configure Single Sign On – Domino ■ Success Message, click OK ...


Configure Single Sign On – Domino ■ Note the New

Websphere Section■ Make sure all Domino

Community servers are listed in the Participating Servers field


Configure Single Sign On – Domino ■ In the Token Format field of the WebSphere Information section, select the LTPA

token formats to be supported by Domino.─ LtpaToken - LTPAv1 only

─ LtpaToken2 - LTPAv2 only

─ LtpaToken and LtpaToken2 - both LTPAv1 and LTPAv2 formats are supported

■ With this last option selected, both tokens are created, but the token returned to the client is determined by the TOKEN_TYPE_TO_RETURN flag under the AuthToken section of sametime.ini. The default value is LTPA, which returns the LTPAv1 token. Changing the value to LTPA2 results in the LTPAv2 token being returned instead.

■ Click Save and Close.


Configure Single Sign On – Sametime Community Server

■ Configure the Sametime Community Server so that LtpaToken gets set by the Sametime Proxy web client instead of the Sametime token:

─ Log in to the Sametime System Console as the Sametime administrator.

─ Click Sametime Servers -> Sametime Community Servers.

─ In the list of Community Servers, click the name of a Sametime Community Server to open its Configuration page.

─ Click the Community Services tab.

─ Under the "General" section, select the authentication type that users can use while logging into the community server:

– LTPA only.

─ This is the default setting – but always a good idea to verify

■ Restart the Lotus Domino server to put your changes into effect.


Configure Single Sign On – Sametime Community■ Access the Sametime Community Servers and select the Community Server ...


Configure Single Sign On – Sametime Community ■ Verify that LTPA only is selected – Click OK to apply any changes...


Creating a Proxy Server database to support iPhone ■ On the DB2® server, log in to the system as the DB2 administrator created

during DB2 installation.─ From the folder where you extracted STProxyHotFix.zip, copy the DatabaseScripts folder to a

local directory.

■ Open a command prompt and navigate to the folder where you copied the DatabaseScripts folder.

■ Create the database by entering one of the following commands from the DatabaseScripts folder. Wait until you see confirmation that the database has been created and the command has finished.

─ AIX®, Linux™, or Solaris

– ./createProxyDB.sh STPROXY dbadmin

─ Windows™

– createProxyDB.bat STPROXY dbadmin

─ Replace STPROXY in the command if you want to choose a different database name. Names can be from 1 - 8 characters, but cannot contain special or multibyte characters.

─ Replace dbadmin with the DB2 Application User ID you created when you installed DB2. This user has database administration authority.

─ When naming DB2 objects, follow the rules for your operating system.

■ Close the command window.


Creating a Proxy Server database to support iPhone ■ Find the Database Scripts directory and copy it to the DB2 server ...


Creating a Proxy Server database to support iPhone


Verify the Sametime Proxy Database was created■ Open the DB2 control center.

─ AIX, Linux, or Solaris

– Open the IBM® DB2 folder on the desktop and click Control Center.

─ Windows

– Click Start -> Programs -> IBM DB2 -> General Administration Tools -> Control Center.

■ Find the database name to verify that the new database was created.


Verify the Sametime Proxy Database was created


Creating the STProxy Datasources■ Verify that the Deployment Manager and node agent have been started.■ On the server being updated, copy proxyDbSetup.py from the DatabaseScripts

folder to was_install_root\STPServerCell.■ In a text editor, open the proxy.properties file stored in

was_install_root\STPServerPN_or_SN\SametimeProxyServerOffering\SametimeServer\STProxy\proxy\.

■ Edit the following values:─ proxy.DbAppUser

─ proxy.DbAppUserPassword

─ proxy.DataBaseServerName

─ proxy.DataBaseServerPort

─ proxy.DbName

■ From the cell directory, run the following command:─ ..\AppServer\profiles\proxyProfileName/bin wsadmin.bat -lang jython -user wasUser -password

wasPwd -f "script_location/proxyDBSetup.py" "was_install_root\STPServerPN\SametimeProxyServerOffering\SametimeServer\STProxy\proxy\proxy.properties"

■ After the script completes, verify the JNDI resources


Creating the STProxy Datasources■ On the server being updated, copy proxyDbSetup.py from the DatabaseScripts

folder to was_install_root\STPServerCell.


Creating the STProxy Datasources■ In a text editor, open the proxy.properties file stored in

C:\IBM\Websphere\STPServerPN\SametimeProxyServerOffering\SametimeServer\STProxy\proxy\.

■ Edit the following values:─ proxy.DbAppUser

─ proxy.DbAppUserPassword

─ proxy.DataBaseServerName

─ proxy.DataBaseServerPort

─ proxy.DbName

■


Creating the STProxy Datasources■ From the \AppServer\profiles\proxyProfileName\bin directory, run the following

command:─ wsadmin.bat -lang jython -user wasadmin -password password -f

"c:\ibm\websphere\STPServerPN\proxyDBSetup.py" "c:\ibm\websphere\STPServerPN\SametimeProxyServerOffering\SametimeServer\STProxy\proxy\proxy.properties"


Verifying the STProxy Datasources■ Log in to the Integrated Solutions Console.■ Click Resources -> JDBC -> Data sources and review the data source named

─ STProxyDataSource.

■ The servers must be restarted before you will be able to successfully test the connection


Verifying the STProxy Datasources■ Click Resources → JDBC → Data sources → STProxyDataSource


Verifying the STProxy Datasources


Verifying the STProxy Datasources■ Clicking the Test Connection -


Configure the Connections to Apple Services■ Log in to the Integrated Solutions Console.

─ Click Sametime System Console -> Sametime Servers -> Sametime Proxy Server.

─ In the Sametime Proxy Servers list, click the Edit next to the deployment name of the server with the connection information that you want to change.

─ The settings to review or change are under Mobile device settings.

■ If you select Disable PUSH notification, iPhone users are logged out rather than paused. Unviewed messages are not held for them in the Sametime Proxy Server database.

■ If you select Allow sending photos from a mobile device, iPhone and Android users are permitted to send photos.

■ Sending photos is allowed by default, but you can clear the setting if company policy or server load prohibit sending photos.


Sametime Proxy Deployment – Apple Services

9080/9443 1516


Sametime System ConsoleDB2

LDAP

50000 389/636

9080/9443

DMGR


PN

feedback.push.apple.com

gateway.push.apple.com

2195

2196


Sametime Proxy Deployment – Clustered Environment

9080/9443 1516

Sametime Proxy Cluster

Sametime Community Cluster

Sametime System Console

DB2

LDAP

50000 389/636

80/443

9080/9443

PN

SN

DMGR

Load Balancer

2195

2196

feedback.push.apple.com

gateway.push.apple.com


Configure the Connection to Apple Notification Server■ The Apple notification server host name and port are used by the Sametime

Proxy Server to send Sametime instant messages, meeting invitations, and announcements to iPhone users.

■ When a user pauses receipt of messages, the Sametime Proxy Server database holds messages until the user views the messages or the mobile device's pause time expires.

■ The default settings for connecting to the service are shown below.─ Apple notification server hostname:

– gateway.push.apple.com

─ Apple notification server port:

– 2195

■


Configure the Connection to Apple Feedback Service■ The Apple feedback service keeps track of which iPhone mobile devices are still

valid and sends the information to the Sametime Proxy Server. The default settings are shown below.

─ Apple feedback service host:

– feedback.push.apple.com

─ Apple feedback service port:

– 2196

■

■


Configure the Connections to Apple Services■ Access the Sametime Proxy Servers and select the Proxy Server ...


Configure the Connections to Apple Services■ Default Settings

─ If you make any changes, Click OK and restart the Sametime Proxy Server(s) to apply


Configure the Connections to Apple Services■ If you do not have the Sametime System Console

─ You can manually edit the stproxyconfig.xml file

─ This file is located in the Deployment Managers profile config tree, under the cells/<cellname>/nodes/<nodename>/servers/<servername> directory

─ Always make this change in the dmgr profile and synchronize and restart to apply

■ Default Settings■


Mobile Devices, the Web and Application Development



─ Setup

– iOS

– Android

─

■ The Web client

─


─

■ Troubleshooting

─ Mobile client

─ Web client

─


Sametime Clients■ Sametime clients are available for

─ Rich client platforms

– Windows, Mac, Linux

─

─ MIDP-based devices

– Blackberry, Nokia S60

─

─ Smart phones/tablets

– IOS 4 and later

– Android 2.2 and later

─

─ Web clients

– Desktop browsers - Windows, Mac, Linux

– Smart phones/tablets – iOS, Android


Smart Phone Native Client■ Android and iOS clients are very similar■ Setup follows common sequence:

─ Download the app

─ Specify the community

─ Provide the userID and password

─ Optional reverse proxy

─ Troubleshooting settings


iPhone Native Client – Downloading the app■ Download

─ Directly on the client

─ In iTunes


iPhone Native Client – Initial setup


iPhone Native Client – Sametime Proxy■ Server Community

─ A name you can remember

■ Host Server─ The Sametime Proxy Server address

■ Port─ Defaults to 9080

■ Secure connection─ Set to ON for SSL

─ Remember to change port (9443)


iPhone Native Client - Login■ User ID

─ Your Sametime login name

■ Password─ Leave blank to force entry each time

■ Remember password─ Do you really want to do this?

─ Also applies to the reverse proxy


iPhone Native Client - Firewall■ Direct connection

─ Rare – used in-house only

■

■ Authenticating Proxy─ Reverse proxy

─ Used to allow external access

─

■ For photo images, set the port■


iPhone Native Client – Firewall login■ Reuse Credentials

─ Same username/password as login

■

■ Otherwise─ Provide proxy username & password


Android Native Client – Download the app■ Navigate to the download page on your Sametime Proxy server

─ http://<servername>:9080/stmobile/Sametime.html


Android Native Client – Sametime Proxy Settings


Android Native Client - Settings


Android Native Client – Initial login■ If you haven't already specified the server ....■

■

■

■

■

■

■

■

■

■

■

■ Otherwise, normal login



─ Setup

– iOS

– Android

─

■ The Web client

─


─

■ Troubleshooting

─ Mobile client

─ Web client

─


The Web Client■ Delivered from the Sametime Proxy Server■ Consists of

─ A stand-alone browser client

─ A set of JavaScript APIs to enhance custom applications


The Web Client – Browser support■ Fully tested on a limited set of browsers

─ Microsoft® Internet Explorer 6.x, 7.x, 8.0 (Windows)

─ Firefox 3.5 and 3.6 (Windows, Mac, Linux)

─ Safari 5.0 (Mac)

─

■ However, we have done informal testing on─ Microsoft® Internet Explorer 9 (in compatibility mode)

─ Firefox 4, 5, 6, 7, 8 and 9

─ Chrome 12, 13, 14, 15 and 16

─

■ Also mobile browser support─ IOS

─ Android

─ Other smartphones & tablets

– May need to force use of iphone_index.jsp

– http://<servername>:9080/stwebclient/iphone_index.jsp

─


The Web Client – Important aspects■ Zero footprint

─ No install – DHTML is delivered from the Sametime Proxy server

─

■ It is a web application─ No persistence: cannot save buddylist, chats, preferences, etc.

─ Cannot detect platform changes: no automatic status change

─ Navigating to another page stops connection,

– Note: this is not detected for 90 seconds

─ No state saved: refreshing a chat window loses the chat content


The Web Client■ The start page …■

■

■

■

■

■

■

■

■

■

■

■ … and the login page



─ Setup

– iOS

– Android

─

■ The Web client

─


─

■ Troubleshooting

─ Mobile client

─ Web client

─


Sametime Proxy architecture


RESTGET

POSTPUT

DELETE

HTTP REQUESTS

APIs RTC4WEB(Long Poll)

COMMUNICATIONLAYER

HUB


Client


The REST API■ Recommended interface for native mobile applications

─ The API calls are documented in the SDK document

─ The API can also be traced using browser

─

■ Requires two threads─ One thread makes requests of the STProxy servlet

– Typically no data returned, only HTTP status (usually 200)

─ One thread is a long-poll, i.e. continuous GET to RTC servlet

– Times out after 30s – simply restart the GET

– Data returned must be processed

• May contain multiple data items

• Once data processed or handed off to another thread, restart the GET

■


REST - Information■ API has complex requirements for

─ Login requires 3 API calls

– POST /webapi/connect

– POST /rtcweb/user

– GET /rtcweb/

–

─ Logout requires 3 API calls

– PUT /rtcweb

– DELETE /rtcweb

– DELETE /stwebapi

–

─ HTTP headers & tokens

– Used to ensure correct login

– Used to assist security


REST Login: 1 - The login■ First login using the connect API

─ POST http://<ProxyServer>:<port>/stwebapi/connect


REST Login: 1 - The login■ A set of cookies are returned – note the sid value

─ See p11 of SDK documentation

■

■

■

■

■

■

■

■ Data are returned as JSON


REST Login: 2 – Register to the long poll■ Next, register with the long poll channel

─ POST http://<ProxyServer>:<port>/stwebapi/RTCServlet/<sid>/user


REST Login: 2 – Register to the long poll■ One extra cookie■

■

■

■

■

■

■

■ Data returned as JSON – note the nonce value


REST Login: 3 – Start the long poll■ Start a new thread to process long poll responses■ Add the nonce value to the HTTP headers for all subsequent requests■

■

■

■

■

■

■ In the new thread start the long poll GET with a timeout of 30 seconds─ GET http://<ProxyServer>:<port>/stwebapi/RTCServlet/format=json

● &dojo.preventCache=9999999

■


REST Long Poll■ If the long poll GET times out, simply restart it■ If data are returned, they will be in JSON format as:■

■

■

■

■ The data should be processed as appropriate and the long poll restarted


REST - Logout■ To suspend processing

─ Suspends processing

─ Prevents loss of messages

─ User still appears online

– PUT http://<ProxyServer>:<Port>/stwebapi/RTCServlet/<sid>/endUpdate

■

■

■

■

■ You have 90s to restart the poll before the server decides you have logged out


REST - Logout■ A hard logout terminates the session

─ Stop updates as before

─ Stop the long poll

– DELETE http://<ProxyServer>:<Port>/stwebapi/RTCServlet/<sid>/user

–

–

–

–

–

─ Stop the Sametime Proxy session

– DELETE http://<ProxyServer>:<Port>/stwebapi/user/connect

─


REST – Typical exchange■ Retrieving contact list

─ Make REST call to

– http://<ProxyServer>:<Port>/stwebapi/buddylist

─ Response is empty

─ HTTP status is 200

■


REST – Typical exchange■ Response arrives along the long poll channel■


REST – Typical exchange■ Potentially multiple messages in each response


REST - Summary■ Be careful with login & logout■ Two threads used

─ One to manage the application

─ One to manage the long poll

■ The long poll─ Has 30s timeout

─ Can return multiple data items in a single response – no guarantee of order

─ Each data item contains header + value

─ Each value contains action + data

■ Documentation─ See Chapter 6 and Appendix A of SDK documentation

─ See also Chapter 3 for long poll responses

─

–

■


Base Components■ JavaScript encapsulation of REST API■

■ Simplifies access to Sametime Proxy funcitons─ Hides complexity of cross-domain requests

─ Hides complexity of long-poll management

─ Hides complexity of processing responses

─ Hides complexity of making requests

■

■ Does not require use of any UI framework─ Does not provide any UI


Base Components - General■ Set up configuration flags

─ var stproxyConfig = {

– server: "http://<ProxyServer>:<Port>",

– tunnelURI: "http://<ApplicationServer>/path/tunnel.html",

– isConnectClient: false

─ };

─ var djConfig {

– isDebug: true // Optional debugging flag

─ }

–

■ Include JavaScript─ <script type="text/javascript" src="http://<ProxyServer>:<Port>/stbaseapi/latest/baseComps.js"></script>

─

■ Using /latest/ forces a redirect to ensure latest version of JS is loaded

─ Can potentially impact performance

─

■


Base Components – Login & Logout // Error callback - generic function function generalErrorHandler(reason, error) { alert("Error: " + reason + ": " + error); }

// Logged out function loggedout() { alert("OK, I have successfully logged out"); }

// Successful login function loggedInOK() { alert("I have successfully logged in"); // Log the user out immediately stproxy.login.logout(true, loggedout, generalErrorHandler); }

// When stproxy is ready, log in stproxy.addOnLoad( function(){ stproxy.login.loginByPassword(userID, password, stproxy.awareness.AVAILABLE, "I'm available", loggedInOK, generalErrorHandler); });


Base Components + Livename Model■ Enable presence awareness in non-Dojo environment■ Use livename model to globally manage the user status

─ One model per user, shared across all livename instances for that user

─ Hook into onUpdate method to manage status updates

─

<span id="lname"> <img id="statImg" src="" style="width:9px;height:9px;"></img> <span id="uName" style="font-size:12px;font-weight:bold"></span> </div>


Base Components + Livename Model statusText = [ "Offline", "Available", "Away", "Do not disturb", "", "In meeting" ]; statusIcon = [];

function loggedInOK() { var model = stproxy.getLiveNameModel("heather.reeds", {"isInBuddyList":false, "forceWatchlist":true}); var nameElem = document.getElementById("uName"); nameElem.innerHTML = model.id;

statusIcon[0] = stproxy.uiControl.iconPaths.iconOffline; statusIcon[1] = stproxy.uiControl.iconPaths.iconAvailable; statusIcon[2] = stproxy.uiControl.iconPaths.iconAway; statusIcon[3] = stproxy.uiControl.iconPaths.iconDnd; statusIcon[4] = stproxy.uiControl.iconPaths.iconOffline; statusIcon[5] = stproxy.uiControl.iconPaths.iconInMeeting;

stproxy.hitch.connect(model, "onUpdate", function() { var elemText = document.getElementById("lname"); elemText.title = statusText[model.status]; var elemIcon = document.getElementById("statImg"); elemIcon.src = statusIcon[model.status]; }); }


Chat Model■ The chat model is created to manage any single chat■ It has no UI associated with it■ A chat model is created for 1-to-1 and n-way chats

─ stproxy.getChatModel

─ stproxy.getGroupChatModel

■ No default UI provided


Demo

Base Components


Base Components - Summary■ The Base Components give access to the full range of Sametime functions■ There is no default UI provided■ Presence awareness easy to manage■ Documentation

─ See Chapter 3 of SDK documentation

─ Livename Model – pp 45-46 of SDK documentation

─ Chat Model – pp 46-51 of SDK documentation


UI Components■ JavaScript solution based on Dojo Toolkit v1.5.1■ Leverages Base components + Livename & Chat models■ Broad range of widgets

─ Full web client

─ Buddylist

─ LiveName

─ Awareness

─ QuickFind

─ Chat

─ Group Chat

─ UserInfo

─ Business Card

■ Static widgets using HTML declarations■ Dynamic widgets using JavaScript


UI Components - General■ Set up configuration flags as before, with additional Dojo flags

─ Same stproxyConfig object as for Base Components

─ Same login & logout as for Base Components

─ Use Dojo config settings:

– var djConfig = {

• parseOnLoad: true

– };

─

■ Include stylesheet─ http://<ProxyServer>:<Port>/stwebclient/latest/dojo.blue/sametime/

themes/WebClientAll.css

─

■ Include JavaScript─ http://<ProxyServer>:<Port>/stwebclient/latest/dojo.blue/dojo/dojo.js

─ http://<ProxyServer>:<Port>/stbaseapi/latest/baseComps.js

─ http://<ProxyServer>:<Port>/stwebclient/latest/widgets.js

■


UI Components - General■ Each widget can be instantiated:

─ Declaratively

– <span dojoType=”sametime.<WidgetName>” <param>=”value”></span>

─ Programatically

– var widget = new sametime.<WidgetName>(args[, domNode]);

– where args has the format

• { “arg1”: “value1”, “arg2”: “value2” …}

– and the optional domNode can be

• Omitted or null

• The ID of an existing DOM node as a string

• An expression that returs a DOM node– dojo.byId(“elemID”)– dojo.doc.createElement(“div”)

– The widget's DOM node can be accessed

• dojo.byId(“myElement”).appendChild(widget.domNode)

–


UI Components – Livenames■ Declarative

─ Useful for know lists of users, or static names in a page

─ <span dojoType=”sametime.LiveName” userId=”heather.reeds”></div>

■

■ Dynamic─ General usage

– var lname = new sametime.LiveName(args[, DOMNode]);

─

─ Most common argument is

– userId – the resolvable user ID

─

─ More argument options introduced in v8.5.2 IFR1


UI Components - Livename arguments■ disableClicks – disable all menus & actions by clicking (FALSE)■ disableRightClick – disables the context menu (FALSE)■ leftClickToOpen – allows left click to also open the context menu (FALSE)■ disableDoubleClick – disables double-click to start a chat (FALSE)■ disableOneClick – disables single click to start a chat (TRUE)■ disableHoverBizCard – disables display of the business card on hover (FALSE)■ hideDisplayName – makes the livename minimal (FALSE)■ isAnonymous – use when creating a guest livename (FALSE)■ statusMessageNodes – array of DOM nodes in which to display the user's status

(empty)■


Demo

UI Components


UI Components - Summary■ UI Components based on Dojo

─ Can leverage Dojo extensibility

■ Simple─ If your app is complex, you're doing it wrong

■ Flexible and extensible─ All UI Components are programmable and extensible and skinnable



─ Setup

– iOS

– Android

─

■ The Web client

─


─

■ Troubleshooting

─ Mobile client

─ Web client

─


Troubleshooting■ Sometimes something goes wrong which the user can't resolve■ This requires more detailed information, i.e. logs■ If the user collects the information, the process must be reasonably simple■ Collecting a report follows a few simple steps

─ Start the client

─ Enable logging

─ Reproduce the problem being analysed

─ Capture the log

■ There are three main sources of logs─ The client

─ The Sametime Proxy server

─ The Sametime Community server


Troubleshooting - iPhone Native Client■ Open settings for Sametime■

■

■

■

■

■

■

-------------------------------->


Troubleshooting - iPhone Native Client■ Click on “Troubleshooting”■

■

■

■

■

■

■

■

■

■

■

■

-------------------------------->


Troubleshooting - iPhone Native Client■ Enable Logging


Troubleshooting - iPhone Native Client■ After session, send the logs


Troubleshooting - iPhone Native Client■ Send the E-mail


Troubleshooting - Android Native Client■ Click on “Troubleshooting”■

■

■

■

■

■

-------------------------------->


Troubleshooting - Android Native Client■ Enable logging


Troubleshooting - Android Native Client■ After session, send the logs


Troubleshooting - Web client■ Gathering information about the web client is more difficult

─ Each browser has its own mechanism to allow tracing

–

─ External tools can also be used

– Fiddler – from fiddler2.com

– Wireshark – requires network expertise


Troubleshooting – Internet Explorer■ IE9 has excellent tools for debugging

─ F12 - Developer Tools – capture in the “Network” tab


Troubleshooting - Firefox■ Firefox has a number of useful plugins■ Firebug is probably the most popular


Troubleshooting - Firefox■ HttpFox traces the HTTP traffic■


Troubleshooting - Safari■ Start the Web Inspector tool


Troubleshooting - Safari■ Produce a network trace

─ Right-click and select “Copy all as HAR” & paste into file or E-mail


Troubleshooting - Chrome■ Very similar to Safari■


Troubleshooting - Fiddler■ Free tool - download from fiddler2.com■ Very functional■ Windows only!■

■


Troubleshooting - WireShark■ Complex but extremely powerful tool■ Logs EVERYTHING - need to filter messages of interest■


Troubleshooting – Sametime Proxy Server■ Setting trace log levels on Sametime Proxy Server

─ Open the Integrate Solutions Console on the Sametime Proxy Server

https://mystp.ibm.com:9043/ibm/console

─ Go to “Troubleshooting” and select “Logs and trace”.


Troubleshooting – Sametime Proxy Server■ Select the server, and then choose "Change Log Detail Levels" and click the

"Runtime" tab:


Troubleshooting – Sametime Proxy Server■ Tracing information has the format:

─ <package1>=<trace-level

1>:<package

2>=<trace-level

2>:<package

3>=<trace-level

3> …

─

■ Trace levels are:─ info, fine, finer, finest or all

─

■ The important packages are:─ com.ibm.rtc.stproxy.* Sametime Proxy functions

─ com.ibm.collaboration.realtime.* Core Service components

─ com.lotus.sametime.* Sametime Toolkit components

─ com.ibm.rtc.RTCServlet.* Long poll – shows data from server to the client.

─ This is very verbose!!!


Troubleshooting – Sametime Proxy server■ Specify your tracing settings, and save to the server:■


Troubleshooting – Sametime Proxy server■ When you have reproduced the problem, gather the logs from

─ <Websphere_Home>/profiles/<profile>/logs

─ e.g. C:\Program Files\IBM\WebSphere\AppServer\profiles\AppSrv01\logs


Any questions?

?


Other sessions■ AD205 – IBM Sametime in IBM Connections, IBM Websphere Portal, and more

─ Monday 01:00 PM – 02:00 PM

■ AD206 – The upcoming IBM Sametime Meetings Server Remote Client SDK─ Wednesday 03:00 PM – 04:00 PM

■ BP209 – Doctors have scalpels, carpenters have hammers, IBM Sametime Developers have SDKs

─ Thursday 08:30 AM – 09:30 AM

■ BOF122 – IBM Sametime Web Integration


Legal disclaimer© IBM Corporation 2012. All Rights Reserved.

The information contained in this publication is provided for informational purposes only. While efforts were made to verify the completeness and accuracy of the information contained in this publication, it is provided AS IS without warranty of any kind, express or implied. In addition, this information is based on IBM’s current product plans and strategy, which are subject to change by IBM without notice. IBM shall not be responsible for any damages arising out of the use of, or otherwise related to, this publication or any other materials. Nothing contained in this publication is intended to, nor shall have the effect of, creating any warranties or representations from IBM or its suppliers or licensors, or altering the terms and conditions of the applicable license agreement governing the use of IBM software.

References in this presentation to IBM products, programs, or services do not imply that they will be available in all countries in which IBM operates. Product release dates and/or capabilities referenced in this presentation may change at any time at IBM’s sole discretion based on market opportunities or other factors, and are not intended to be a commitment to future product or feature availability in any way. Nothing contained in these materials is intended to, nor shall have the effect of, stating or implying that any activities undertaken by you will result in any specific sales, revenue growth or other results.

If the text contains performance statistics or references to benchmarks, insert the following language; otherwise delete: Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user's job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.

If the text includes any customer examples, please confirm we have prior written approval from such customer and insert the following language; otherwise delete: All customer examples described are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual environmental costs and performance characteristics may vary by customer.

Please review text for proper trademark attribution of IBM products. At first use, each product name must be the full name and include appropriate trademark symbols (e.g., IBM Lotus® Sametime® Unyte™). Subsequent references can drop “IBM” but should include the proper branding (e.g., Lotus Sametime Gateway, or WebSphere Application Server). Please refer to http://www.ibm.com/legal/copytrade.shtml for guidance on which trademarks require the ® or ™ symbol. Do not use abbreviations for IBM product names in your presentation. All product names must be used as adjectives rather than nouns. Please list all of the trademarks that you use in your presentation as follows; delete any not included in your presentation. IBM, the IBM logo, Lotus, Lotus Notes, Notes, Domino, Quickr, Sametime, WebSphere, UC2, PartnerWorld and Lotusphere are trademarks of International Business Machines Corporation in the United States, other countries, or both. Unyte is a trademark of WebDialogs, Inc., in the United States, other countries, or both.

If you reference Adobe® in the text, please mark the first use and include the following; otherwise delete: Adobe, the Adobe logo, PostScript, and the PostScript logo are either registered trademarks or trademarks of Adobe Systems Incorporated in the United States, and/or other countries.

If you reference Java™ in the text, please mark the first use and include the following; otherwise delete: Java and all Java-based trademarks are trademarks of Sun Microsystems, Inc. in the United States, other countries, or both.

If you reference Microsoft® and/or Windows® in the text, please mark the first use and include the following, as applicable; otherwise delete: Microsoft and Windows are trademarks of Microsoft Corporation in the United States, other countries, or both.

If you reference Intel® and/or any of the following Intel products in the text, please mark the first use and include those that you use as follows; otherwise delete: Intel, Intel Centrino, Celeron, Intel Xeon, Intel SpeedStep, Itanium, and Pentium are trademarks or registered trademarks of Intel Corporation or its subsidiaries in the United States and other countries.

If you reference UNIX® in the text, please mark the first use and include the following; otherwise delete: UNIX is a registered trademark of The Open Group in the United States and other countries.

If you reference Linux® in your presentation, please mark the first use and include the following; otherwise delete: Linux is a registered trademark of Linus Torvalds in the United States, other countries, or both. Other company, product, or service names may be trademarks or service marks of others.

If the text/graphics include screenshots, no actual IBM employee names may be used (even your own), if your screenshots include fictitious company names (e.g., Renovations, Zeta Bank, Acme) please update and insert the following; otherwise delete: All references to [insert fictitious company name] refer to a fictitious company and are used for illustration purposes only.

IBM Lotusphere 2012 Show301: Leveraging the Sametime Proxy to support Mobile users and Web...

Documents

Transcript of IBM Lotusphere 2012 Show301: Leveraging the Sametime Proxy to support Mobile users and Web...