sthelpad

Lotus Sametime

Version 7.0for Windows, AIX, Solaris, and i5/OS

Administrators Guide

G210-2082-00

Lotus Sametime

Version 7.0for Windows, AIX, Solaris, and i5/OS

Administrators Guide

G210-2082-00

Note Before using this information and the product it supports, read the information in Notices, on page 671.

Eighth Edition (August 2005) This edition applies to version 7.0 of IBM Lotus Sametime (product number L-GHUS-5Z7NTN) and to all subsequent releases and modifications until otherwise indicated in new editions. This edition replaces G210-1821-00. Copyright International Business Machines Corporation 2005. All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM Corp.

ContentsChapter 1. Introduction to Sametime . . 1What is Sametime? . . . . . . . . . . Install Sametime on a Domino server . . . . Sametime basics . . . . . . . . . . . Collaborative activities and end-user features Sametime administration terms and features Sametime clients . . . . . . . . . . Sametime services . . . . . . . . . The Lotus Enterprise Meeting Server (EMS) . Starting and stopping the Sametime server . . Sametime on a Windows NT server . . . Starting the Sametime server . . . . . Stopping the Sametime server . . . . . Sametime on a Windows 2000 server . . . Starting the Sametime server . . . . . Stopping the Sametime server . . . . . . . . . . . . . . . . . . . . . 1 . 2 . 3 . 3 . 12 . 19 . 21 . 25 . 25 . 25 . 25 . 26 . 26 . 26 . 26 Modifying the Server document of the Sametime server . . . . . . . . . . . . . . . Adding and removing names from an Administrators Group document . . . . . . Roles in Sametime database ACLs . . . . . . . Roles in the Sametime Configuration database (stconfig.nsf) . . . . . . . . . . . . . Roles in the Domino Directory (names.nsf) . . . Roles in the Sametime Meeting Center (stconf.nsf). . . . . . . . . . . . . . Roles in the Domino Web Administration database (webadmin.nsf) . . . . . . . . . 43 44 45 45 46 46 47

Chapter 3. Using Domino DirectoriesManaging the Domino Directory . . . . . . Basic Domino Directory requirements . . . Managing multiple Domino Directories with Sametime . . . . . . . . . . . . . Directory security considerations . . . . . Using an LDAP directory instead of a Domino Directory . . . . . . . . . . . . . Managing users in the Domino Directory . . . Adding users . . . . . . . . . . . . Using Sametime self-registration . . . . . Managing Sametime users with the Sametime Administration Tool . . . . . . . . . How Sametime uses Domino Directory information Person documents . . . . . . . . . . Group documents . . . . . . . . . . The Server document . . . . . . . . . Directory views used by Sametime features . . Managing users in buddy lists and privacy lists .

49. 49 . 49 . 50 . 52 . . . . 52 53 53 54

Chapter 2. Using the Sametime Administration Tool . . . . . . . . . 27Starting the Sametime Administration Tool . . . User name and password requirements . . . Details: Starting the Sametime Administration Tool . . . . . . . . . . . . . . . Overview of the Sametime Administration Tool features . . . . . . . . . . . . . . . Server Overview. . . . . . . . . . . Message From Administrator . . . . . . Monitoring . . . . . . . . . . . . Logging . . . . . . . . . . . . . Directory . . . . . . . . . . . . . Configuration . . . . . . . . . . . Server Overview feature . . . . . . . . Message From Administrator feature . . . . Monitoring the Sametime server . . . . . Logging Sametime activity . . . . . . . Managing users and Domino Directories . . Managing users and LDAP directories . . . Configuring ports and network connectivity . Configuring Community Services . . . . . Configuring Meeting Services . . . . . . Configuring Audio/Video Services . . . . Additional administrative tasks . . . . . . . Configuring Broadcast Services . . . . . . Deploying multiple Sametime servers . . . Managing security . . . . . . . . . . Maintaining the Sametime Meeting Center . . Adding a new Sametime administrator . . . . Allowing others to access the Sametime Administration Tool . . . . . . . . . Using individual names instead of an Administrators Group . . . . . . . . . Create a Person document for the administrator Create an Administrators Group document . . Add the Administrators Group document to Sametime database ACLs . . . . . . . . Copyright IBM Corp. 2005

. 27 . 27 . 27 . . . . . . . . . . . . . . . . . . . . . . . 28 28 28 28 28 28 29 30 30 30 31 31 31 32 33 34 34 35 35 36 36 37 39

. 55 59 . 59 . 60 . 61 . 61 . 61

Chapter 4. Using LDAP Directories with Sametime . . . . . . . . . . . . . 63Using LDAP with the Sametime server . . . . How LDAP is used with Sametime . . . . . Authentication . . . . . . . . . . . Searches . . . . . . . . . . . . . Connectivity . . . . . . . . . . . . Administration and user management . . . Setting up an LDAP connection . . . . . . Selecting the appropriate LDAP options during the server installation . . . . . . . . . Alter the Directory Assistance document for the LDAP directory . . . . . . . . . . . Configure the LDAP Directory settings . . . LDAP directory settings . . . . . . . . . Connectivity . . . . . . . . . . . . Basics . . . . . . . . . . . . . . Authentication . . . . . . . . . . . Searching . . . . . . . . . . . . . Group Contents . . . . . . . . . . . Add Administrator . . . . . . . . . . Access Control . . . . . . . . . . . . . . . . . . 63 65 65 65 66 66 67

. 67 . . . . . . . . . . 68 69 72 72 73 73 73 73 73 73

. 39 . 40 40 . 41 . 41

iii

LDAP knowledge required to configure the LDAP Directory settings . . . . . . . . . 73 Configuring LDAP Connectivity settings . . . 74 Configuring the LDAP Basics settings . . . . 78 Configuring LDAP Authentication settings . . . 87 Configuring the LDAP Searching setting. . . . 89 Configuring the LDAP Group Contents setting 91 Using SSL to encrypt connections between the Sametime and LDAP servers . . . . . . . . 92 Using SSL to encrypt all data transmitted between the Sametime and LDAP servers . . . 93 Using SSL to encrypt only user passwords passing between the Sametime and LDAP servers 93 Allowing all data to pass unencrypted between the Sametime and LDAP servers . . . . . . 95 Modifying the Directory Assistance document of the LDAP server to encrypt the connection between the Sametime server and the LDAP servers . . . . . . . . . . . . . . . 96 Ensuring that the Sametime server trusts the LDAP server certificate (Windows and AIX/Solaris servers) . . . . . . . . . . 97 Ensuring that the Sametime server trusts the LDAP server certificate (i5/OS servers) . . . . 101 Adding a new administrator in the LDAP environment . . . . . . . . . . . . . . 103 Access Control Lists and LDAP User Names . . . 103 Setting up an LDAP connection after selecting the Domino directory during the server installation . . 104 Shut down the Sametime services but keep the Domino services active . . . . . . . . . 105 Set up a Directory Assistance database . . . . 105 Identify the Directory Assistance database on the Sametime server . . . . . . . . . . 106 Create a Directory Assistance document that enables the Sametime server to access the LDAP server . . . . . . . . . . . . . . . 106 Create an LDAP document in the Configuration database . . . . . . . . . . . . . . 109 Copy and rename the .DLL files, edit the Notes.ini file, or edit the Sametime.ini file . . . 110 Run the Lotus Sametime Name Conversion Utility . . . . . . . . . . . . . . . 111 Configuring the LDAP directory settings . . . 112 Restart the Sametime services on your Domino server . . . . . . . . . . . . . . . 112 Using Java classes to customizing LDAP directory searches . . . . . . . . . . . . . . . 112 Using a Java class to control directory searches for people and groups . . . . . . . . . 112 Using a Java class to control the format of user names returned in LDAP directory searches . . 116 Solving token authentication problems in mixed server and multiple LDAP directory environments . 120 Solving the token authentication problem . . . 121 Managing users in buddy lists and privacy lists in an LDAP environment . . . . . . . . . . 122

Chapter 5. Configuring Ports and Network Connectivity . . . . . . . . 123Ports used by the Sametime server . . . . . . 123

HTTP Services, Domino Services, LDAP Services, and Sametime intraserver ports . . Community Services ports . . . . . . . Meeting Services ports . . . . . . . . Broadcast Services ports . . . . . . . . Audio/Video Services ports . . . . . . Proxy support for Sametime clients . . . . . Overview of Sametime client connectivity . . . Configuring Sametime Networks and Ports settings . . . . . . . . . . . . . . HTTP Services settings . . . . . . . . Community Services Network settings . . . Meeting Services Network settings . . . . Broadcast Services Network settings . . . . Interactive Audio/Video Network settings. . Community Services connectivity and the home Sametime server . . . . . . . . . . . Sametime Connect and the home Sametime server . . . . . . . . . . . . . . Assigning users to a home Sametime server . Home Sametime servers and self-registration Home Sametime servers and instant meetings Sametime Connect client connection processes . Basic Sametime Connect client connection process . . . . . . . . . . . . . Sametime Connect client connection process using the Web browser or Java Plug-in settings Basic Sametime Connect client connection process . . . . . . . . . . . . . Sametime Connect client connection processes using the Web browser or Java Plug-in connectivity settings . . . . . . . . . Changing the default connectivity settings of the Sametime Connect for browsers client . . . . Specifying the default configuration settings of the Sametime Connect for browsers client . . Creating the ConnectivityMethod applet parameter . . . . . . . . . . . . Syntax of the ConnectivityMethod applet parameter . . . . . . . . . . . . Complete examples of the ConnectivityMethod applet parameter . . . . . . . . . . Adding the ConnectivityMethod parameter to the STSrc.nsf database . . . . . . . . Example of custom HTML code required to launch the Sametime Connect for browsers client . . . . . . . . . . . . . . Meeting Room and Broadcast client connection processes . . . . . . . . . . . . . . Meeting Room and Broadcast client connection processes using the Sun or IBM JVM 1.4.2 . . About HTTP tunneling . . . . . . . . . What is HTTP tunneling on port 80? . . . Configuring HTTP-tunneling settings on a server that uses a single IP address . . . . Configuring HTTP tunneling on a server that uses multiple IP addresses . . . . . . . Notes about client connection processes using HTTP tunneling on port 80 . . . . . . .

. . . . . . . . . . . . .

123 124 125 126 127 128 129 129 131 132 140 146 153

. 155 . 156 . 157 157 157 . 158 . 158 . 158 . 159

. 165 . 171 . 172 . 172 . 173 . 174 . 175

. 175 . 176 . 176 . 193 . 194 . 195 . 200 . 205

iv

Sametime Administrators Guide

Sametime Connect client 2.5 and 7.0 compatibility issues with HTTP tunneling on port 80 . . . . . . . . . . . . . TCP tunneling of interactive audio/video streams on port 80 . . . . . . . . . . . . . Issues associated with TCP tunneling of interactive audio/video streams . . . . . Enabling TCP tunneling of interactive audio/video streams on port 80 . . . . . Assigning IP addresses to multiple Sametime servers installed on a single server machine . . Connecting to other Sametime servers . . . . Connecting Meeting Servers . . . . . . . Using the Servers in this Community settings . Extending a Sametime server to the Internet . . Using reverse proxy or portal servers with the Sametime server . . . . . . . . . . . What is a reverse proxy server? . . . . . Requirements and limitations of Sametime 7.0 reverse proxy support . . . . . . . . Configuring mapping rules on a reverse proxy server to support Sametime . . . . . . Configuring a Sametime server to operate with a reverse proxy server . . . . . . . . Sametime client connectivity and reverse proxy servers . . . . . . . . . . . . .

. 206 . 208 . 209 . 210 . . . . . 214 214 215 215 215

. 216 . 216 . 217 . 221 . 226 . 227

Chapter 6. Configuring the Community Services . . . . . . . . 231About the Community Services . . . . . . . Community Services configuration settings . . . General settings . . . . . . . . . . . Server Features settings . . . . . . . . . Sametime Connect for browsers settings . . . Community Services connectivity settings . . . Community Services server clusters . . . . . Number of entries on each page in dialog boxes that show names in the directory . . . . . . How often to poll for new names added to the Sametime Community directory . . . . . . How often to poll for new servers added to the Sametime Community . . . . . . . . . Maximum user and server connections to the Community server . . . . . . . . . . Allow users to authenticate using either LTPA or Sametime Tokens (stauths.nsf and stautht.nsf) Display the Download Sametime Connect for the desktop link . . . . . . . . . . . Allow users to transfer files to each other . . . Allow users to send announcements . . . . . Allow Connect users to save their user name, password, and proxy information (automatic login) . . . . . . . . . . . . . . . Display the Launch Sametime Connect for browsers link . . . . . . . . . . . . Anonymous Access Settings for Community Services . . . . . . . . . . . . . . . Anonymous users can participate in meetings or enter virtual places . . . . . . . . . . 231 232 233 233 233 234 234 234 235 235 236 237 237 238 239

240 241 242 243

Users of Sametime applications can specify a display name so that they do not appear online as anonymous. . . . . . . . . . . . Directory Searching and Browsing options. . . Allowing users to control the default screen location and size of chat windows . . . . . . One-to-one chat windows and n-way chat windows . . . . . . . . . . . . . . Enabling users to select the default location and size of chat windows . . . . . . . . . . Prohibiting logins from insecure clients to the server . . . . . . . . . . . . . . . . Specifying the security level (minimum allowed client version) . . . . . . . . . . . . Allowing logins from clients that do not conform to the security level . . . . . . . Configuring the server to send instant messages to clients that do not conform to the security level . . . . . . . . . . . . . . . Specifying the name to display in the title bar of instant messages sent by the server . . . . . Chat Logging . . . . . . . . . . . . . Deploying a Community Services multiplexer on a separate machine . . . . . . . . . . . . Performance improvements with a separate multiplexer . . . . . . . . . . . . . Installing and setting up a separate Community Services multiplexer . . . . . . . . . . Community Services multiplexer preinstallation considerations . . . . . . . . . . . . Install the Community Services multiplexer . . Configure security settings in the Configuration database on the Sametime server . . . . . . Configure settings in the Sametime.ini file on the multiplexer machine . . . . . . . . . Configuring client connectivity to the Community Services multiplexer machine . . . (Optional) Dynamically load balancing client connection to the multiplexers . . . . . . . Enabling Sametime Connect for browsers to function in kiosk mode . . . . . . . . . . Enabling the kiosk mode . . . . . . . . Enabling the kiosk mode by adding an applet parameter to the HTML in the STSrc.nsf database . . . . . . . . . . . . . . Example of custom HTML code that loads the Sametime Connect for browsers client . . . . Deploying the Macintosh Sametime Connect client for the desktop . . . . . . . . . . . . . Authentication . . . . . . . . . . . . Deploying the client . . . . . . . . . . Configuring the client to connect to the Sametime server . . . . . . . . . . .

244 245 246 247 248 248 249 250

251 252 252 253 254 254 255 255 255 256 257 258 259 259

260 261 261 262 262 263

Chapter 7. Enabling the SIP GatewayUsing the SIP functionality with Sametime . . Using the SIP functionality in a Windows, AIX, or Solaris environment . . . . . . . . Using the SIP functionality in an IBM i5/OS environment . . . . . . . . . . . . Overview of SIP components . . . . . . .

265. 265 . 265 . 266 . 267

Contents

v

What are SIP and SIMPLE . . . . . . . . Sametime SIP Gateway overview . . . . . . Sametime SIP Connector overview . . . . . SIP proxies and connections . . . . . . . Setting up the SIP Gateway functionality . . . . Setting up the SIP Gateway functionality (Windows, AIX, or Solaris environment) . . . . Review the SIP Connector planning considerations (Windows/AIX/Solaris environment) . . . . . . . . . . . . Install the SIP Connector (Windows/AIX/Solaris environment) . . . . Configuring the SIP Gateway and SIP Connector parameters (Windows/AIX/Solaris environment) . . . . . . . . . . . . Setting up the SIP Gateway functionality (IBM i5/OS environment) . . . . . . . . . . . Review the SIP Connector planning considerations (IBM i5/OS environment) . . . Installing or enabling the SIP Connector (IBM i5/OS environment) . . . . . . . . . . Configuring the SIP Gateway and SIP Connector parameters (IBM i5/OS environment) . . . . Disabling the SIP Gateway functionality . . . . Encrypting SIP traffic with Transport Layer Security (TLS) . . . . . . . . . . . . . Specify the host name and port for TLS connections . . . . . . . . . . . . . Set the TLS encryption mode . . . . . . . Managing the certificates required for TLS connections (integrated SIP Connector on IBM i5/OS) . . . . . . . . . . . . . . . Managing the certificates required for TLS connections (standalone SIP Connector on Windows) . . . . . . . . . . . . . Enabling client certificate authentication for a standalone SIP Connector on a Windows machine (optional) . . . . . . . . . . . . . . . Enabling a SIP Connector to operate as a client when client certificate authentication is required. Enabling a SIP Connector to require client certificate authentication . . . . . . . . . Audio/Video connectivity with SIP . . . . . . End user experience with the SIP Gateway . . .

267 267 268 269 270 270

Enabling the Bandwidth Control MaxBandwidthAvailable. . . BandwidthUpdateInterval . . BandwidthReportInterval . .

feature . . . . . . . . .

. . . .

. . . .

. . . .

329 329 330 330

Chapter 9. Configuring the Broadcast Services . . . . . . . . . . . . . 331Broadcast Services components and clients . . Broadcast Services server components . . . Broadcast Services client . . . . . . . . Using multicast . . . . . . . . . . . . Configuring the Broadcast Services settings . . Broadcast configuration settings . . . . . Broadcast Services Connection Speed Settings and meeting performance . . . . . . . Broadcast Services performance issues . . . . . . . . . . 331 331 332 333 335 335

270 272

272 277 277 280 281 286 286 287 288

. 335 . 339

Chapter 10. Configuring the Audio/Video Services . . . . . . . . 341About the Audio/Video Services . . . . . . Audio/Video Services Connectivity settings . Client system requirements for the Audio/Video Services . . . . . . . . . . . . . . Supported sound cards and cameras . . . Sound cards . . . . . . . . . . . . Cameras . . . . . . . . . . . . . IP audio/video terminology and concepts . . . Audio/Video Services components and clients . Audio/Video Services server components . . Audio/Video Services client . . . . . . Audio/Video Services configuration settings . . Interactive Audio/Video Services settings . . Connection Speed Settings . . . . . . . Usage Limits and Denied Entry settings . . Interactive Audio/Video Network and Ports settings . . . . . . . . . . . . . Accessing the Audio/Video Services configuration settings. . . . . . . . . Interactive Audio/Video Services settings . . Connection Speed Settings for Audio/Video Services . . . . . . . . . . . . . Usage Limits and Denied Entry . . . . . Prioritizing audio/video UDP data (TOS values) Using a 360-degree video camera with Sametime Tips for using audio/video . . . . . . . . . 341 . 342 . . . . . . . . . . . . 342 343 343 343 344 346 347 349 350 350 350 351

288

291

. 351 . 351 . 351 . 355 . 365 372 373 . 374

298 299 299 301 302

Chapter 8. Configuring the Meeting Services . . . . . . . . . . . . . 305About the Meeting Services . . . . . . . . Meeting Services configuration settings . . . . . General . . . . . . . . . . . . . . Connection Speed Settings . . . . . . . . Meeting Services connectivity settings . . . . Meeting Services bandwidth control . . . . . Accessing the Meeting Services configuration settings . . . . . . . . . . . . . . General Settings for Meeting Services . . . . Managing recorded meetings (Record and Playback) . . . . . . . . . . . . . . Connection Speed Settings for Meeting Services Controlling the bandwidth usage of the Meeting Services . . . . . . . . . . . . . . . 305 306 306 306 306 306 306 307 315 324 328

Chapter 11. Monitoring the Sametime Server . . . . . . . . . . . . . . 375Accessing the Monitoring charts . . General Server Status . . . . . . Total Active Meetings . . . . Total Meeting Room Connections . Total Community Logins . . . Total Broadcast Connections . . Total Broadcast Streams . . . . Logins . . . . . . . . . . . Meetings and Participants . . . . Tools in Meetings . . . . . . . Miscellaneous . . . . . . . . Memory . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 375 375 375 376 376 377 377 378 378 379 380 380

vi


Disk Space . Web Statistics Domino HTTP Domino HTTP

. . . . . . . . Requests . Commands

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

. . . .

380 380 380 381

Chapter 12. Logging Sametime Activity . . . . . . . . . . . . . . 383Community Logins/Logouts . . . . . . . Community Login/Logout information . . . Community Statistics . . . . . . . . . . Community Statistics information . . . . Community Events . . . . . . . . . . Community Events information . . . . . Place Login Failures . . . . . . . . . . Place Login Failure information . . . . . Meeting Login Failures . . . . . . . . . Meeting Login Failures information . . . . Meeting Connections . . . . . . . . . . Meeting Connections information . . . . Server Connections . . . . . . . . . . Server Connections information . . . . . Meeting Statistics . . . . . . . . . . . Meeting Statistics information . . . . . . Meeting Events . . . . . . . . . . . . Meeting Events information . . . . . . Capacity Warnings . . . . . . . . . . Capacity Warnings information . . . . . Usage Limits in the log . . . . . . . . . Usage Limits and Denied Entries information Domino log . . . . . . . . . . . . . Content of the Domino log . . . . . . . Views in the Domino log . . . . . . . Sametime log settings . . . . . . . . . General log settings . . . . . . . . . Capacity Warnings log settings . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 383 383 384 385 385 386 386 387 388 388 389 389 390 390 390 391 391 391 393 393 394 394 394 395 395 396 396 399

Authentication by token using the Domino Single Sign-On (SSO) feature . . . . . . . Altering the Domino Web SSO configuration following the Sametime server installation . . . Manually enabling the Domino SSO feature . . Using the Sametime custom logon form for SSO Authentication by token using Secrets and Tokens databases . . . . . . . . . . . Security recommendations for self-registration . . Encryption and meeting passwords . . . . . . Using SSL with Sametime . . . . . . . . . Encrypting Web browser connections with SSL Ensuring access to Sametime servlets when Domino requires SSL for all connections . . . Encrypting connections to an LDAP server . . Setting up SSL for Sametime on Windows . . . Setting up SSL for Sametime on Solaris/AIX Ensuring Sametime servlet access when Domino requires SSL for all connections . . . . . . . Obtaining the appropriate SSL trusted root or SSL server certificate . . . . . . . . . . Import the SSL certificate into the STKeys.jks key database . . . . . . . . . . . . Configure the Sametime.ini file on the Sametime server . . . . . . . . . . . . . . .

420 421 424 427 428 430 431 432 432 432 432 433 436 440 441 444 446

Chapter 14. Deploying Multiple Lotus Sametime Servers . . . . . . . . . 449About Sametime server clusters . . . . . . . Advantages of using multiple Sametime servers Advantages of multiple home Sametime servers Advantages of a single meeting on multiple servers . . . . . . . . . . . . . . Integrating a Sametime server into an existing Sametime community . . . . . . . . . . Installing a Sametime server into an existing Sametime community . . . . . . . . . Configuring ports for server-to-server connections . . . . . . . . . . . . . Synchronizing the Sametime server with other Sametime servers . . . . . . . . . . . Extending Sametime to Internet users . . . . . Positioning a Sametime server in the network DMZ . . . . . . . . . . . . . . . Opening ports on the internal firewall . . . . Opening ports on the external firewall . . . . Screen-sharing security and Internet users . . . Extending a single Sametime community across multiple Domino domains . . . . . . . . . Example of extending a single Sametime community across two Domino domains . . . 449 449 450 450 451 452 455 456 463 464 465 468 471 472 473

Chapter 13. Managing Security . . . . 401Getting started with Sametime security . . . . . The required fully qualified server name . . . Basic password authentication and authentication by token . . . . . . . . . User requirements for basic password authentication . . . . . . . . . . . . Changing a users password . . . . . . . Anonymous access and the Sametime Meeting Center . . . . . . . . . . . . . . . Domino security and the Web browser connection Using database ACLs for identification and authentication . . . . . . . . . . . . . Using database ACLs . . . . . . . . . . Maximum Internet name & password setting Adding a name to a database Access Control List (ACL) . . . . . . . . . . . . . Database ACL settings . . . . . . . . . Anonymous access and database ACLs . . . . Basic password authentication and database ACLs . . . . . . . . . . . . . . . Authentication by token using LTPA and Sametime tokens . . . . . . . . . . . . . . . . 401 401 401 402 405 406 408 409 409 410 410 411 415 417 419

Chapter 15. Introduction to server clusters and the Enterprise Meeting Server . . . . . . . . . . . . . . 483Creating Sametime server clusters . . . . . Clustering Community Services and Meeting Services . . . . . . . . . . . . . Clustering the Community Services without clustering the Meeting Services . . . . .Contents

. 483 . 483 . 484

vii

Clustering the Meeting Services without clustering the Community Services . . . . . Clustering both the Community Services and the Meeting Services . . . . . . . . . . About clustering both the Meeting Services and the Community Services . . . . . . . . . Overview of Community Services clustering . . . Differences between the clustering and single-server approaches. . . . . . . . . Load balancing and failover in Community Services clusters . . . . . . . . . . . Overview of the Enterprise Meeting Server and Meeting Services clustering . . . . . . . . . What is the Enterprise Meeting Server? . . . . Scheduling and load balancing in the Meeting Services cluster . . . . . . . . . . . . Booking meetings in the Meeting Services cluster . . . . . . . . . . . . . . . Monitoring the health of servers in the cluster Managing meeting materials with the EMS . . User interaction with the Enterprise Meeting Server . . . . . . . . . . . . . . . Client connectivity in a Meeting Services cluster Enterprise Meeting Server security . . . . . LDAP directory access and the Enterprise Meeting Server . . . . . . . . . . . .

484 485 486 487 487 490 490 491 493 494 495 496 497 498 499 500

Chapter 17. Setting Up the Enterprise Meeting Server and a Meeting Services Cluster . . . . . . . . . . 527EMS deployment and Meeting Services cluster setup procedures . . . . . . . . . . . . EMS pre-deployment requirements and considerations . . . . . . . . . . . . . Ensuring the hardware required for an EMS deployment is available . . . . . . . . . Deploying an LDAP directory . . . . . . . Create or identify the required LDAP directory accounts . . . . . . . . . . . . . . Installing the Sametime servers . . . . . . Ensuring the software required for EMS deployment is available . . . . . . . . . Installing the J2EE infrastructure on the EMS computer . . . . . . . . . . . . . . . Setting up the required Windows administrator account . . . . . . . . . . . . . . Installing the DB2 server . . . . . . . . Installing WebSphere MQ V5.3.0.2 . . . . . Installing WebSphere MQ 5.3 CSD08 (Fix Pack 8) . . . . . . . . . . . . . . . . Installing the WebSphere Application Server V5.1, Advanced Edition . . . . . . . . . Installing the WebSphere Application Server V5.1 Fix Pack 1 . . . . . . . . . . . . Installing the WebSphere V5.1.1 Cumulative Fix 2 . . . . . . . . . . . . . . . . Setting up the JMS system queues . . . . . Ensuring WebSphere MQ supports the Double-Byte Character Set (DBCS) . . . . . Configuring WebSphere server security and LDAP directory access. . . . . . . . . . . . . Next step: . . . . . . . . . . . . . Deploying the Enterprise Meeting Server . . . . Creating and configuring three additional WebSphere Application Servers . . . . . . Installing the Enterprise Meeting Server files Creating the DB2 database . . . . . . . . Creating the WebSphere MQ queues. . . . . Defining the WebSphere Variables . . . . . Defining the JAAS Alias . . . . . . . . . Setting up the JDBC Provider Resource and creating the Data Source . . . . . . . . . Creating the JMS Connection Factory . . . . Creating the JMS Destinations . . . . . . . Ensuring UTF-8 Unicode character support for the EMS . . . . . . . . . . . . . . Deploying the STAdmin, STCenter, and STServer Enterprise Archive (EAR) files . . . Regenerating the WebServer plugin and starting the Enterprise Meeting Server Enterprise Applications . . . . . . . . . . . . . Adding Sametime servers to the EMS . . . . . Synchronizing the Single Sign-On (SSO) support for the EMS and Sametime servers . . . . . Edit the Sametime.ini file on the Sametime servers . . . . . . . . . . . . . . 528 529 530 531 532 534 536 537 538 539 540 543 544 545 546 547 549 550 553 553 553 556 556 557 558 559 559 560 561 562 563

Chapter 16. Setting up a Community Services cluster without clustering the Meeting Services . . . . . . . . 503Community Services cluster setup procedures . . Community Services clustering preparations . . Deploying an LDAP directory server . . . . Installing the Sametime servers for the Community Services cluster . . . . . . . Creating a Domino server cluster . . . . . . Setting up replication of Sametime databases Deploying separate Community Services multiplexers (optional) . . . . . . . . . Set up the load-balancing mechanism (rotating DNS or Network Dispatcher) . . . . . . . Creating a cluster document in the Configuration database (stconfig.nsf) . . . . Creating a cluster document on other Sametime servers in the community . . . . . . . . Configuring client connectivity for the Community Services cluster . . . . . . . Adding another server to the Community Services cluster . . . . . . . . . . . . . . . . Creating multiple Community Services clusters in a single Sametime community . . . . . . . . Creating multiple Community Services clusters Create the Community Services clusters . . . Copy the Cluster Information documents to all servers in the community . . . . . . . . Rotating DNS Limitations with cached DNS resolve requests . . . . . . . . . . . . Sametime Connect for the desktop . . . . . Sametime Connect for browsers . . . . . . 503 504 505 506 508 509 511 515 517 518 519 521 522 522 522 522 523 523 524

565 566 567 569

viii


Edit the MeetingServices document in the Configuration database on the Sametime server . Provide the WebSphere and EMS administrator account with Manager access to the stconfig.nsf database . . . . . . . . . . . . . . Enable the Sametime servers to store recorded meeting files on a remote server . . . . . . Start the EMS Administration Tool for the first time . . . . . . . . . . . . . . . Adding a Sametime server using the EMS Administration Tool . . . . . . . . . . Specifying Usage Limits and Denied Entry settings for the Sametime server . . . . . . Accessing the EMS user interface . . . . . . .

570

571 572 573 574 575 581

Chapter 18. Creating a Community Services cluster with the Enterprise Meeting Server . . . . . . . . . . . 583Community Services cluster setup procedures (with the EMS) . . . . . . . . . . . . Create a Domino server cluster . . . . . Set up real-time replication of Sametime databases . . . . . . . . . . . . . (Optional) Deploying separate Community Services multiplexers . . . . . . . . . Set up a load balancing mechanism . . . . Configure the Community Services clustering parameters in the DB2 database . . . . . Configure client connectivity . . . . . . . 583 . 584 . 585 . 585 . 587 . 587 . 589

Tools in Meetings . . . . . . . . . . . Using the EMS Administration Tool logging features . . . . . . . . . . . . . . . Managing the Community Statistics and Meeting Statistics logging views . . . . . . Configuring LDAP directory settings from the EMS Administration Tool . . . . . . . . . . . Configuring connectivity for Sametime servers added to the EMS . . . . . . . . . . . . Meeting Room and Broadcast client connections (Meeting Services and Broadcast Services) . . . Configuring connectivity for Meeting Services and Broadcast Services connections . . . . . Sametime Connect client connections (Community Services) . . . . . . . . . Configuring connectivity for the Community Services . . . . . . . . . . . . . . Configuring the Community Services of Sametime servers added to the EMS . . . . . . . . . Configuring the Meeting Services of Sametime servers added to the EMS . . . . . . . . . Configuring the Audio/Video Services of Sametime servers added to the EMS . . . . . . . . . Working with the Broadcast Services of Sametime servers added to the EMS . . . . . . . . .

641 641 643 647 647 647 648 649 649 649 650 651 652

Chapter 21. Using the StdebugTool.exe utility . . . . . . . 653Running the StdebugTool.exe utility . . Trace file location . . . . . . . Step-by-step example of running the StdebugTool.exe utility . . . . . . . . . . . . . . . 653 . 654 . 654

Chapter 19. Setting Up Security for the Enterprise Meeting Server . . . . 593Securing user access to the Enterprise Meeting Server . . . . . . . . . . . . . . . Understanding the Enterprise Meeting Server security roles . . . . . . . . . . . Sample security configurations . . . . . Assigning security roles to users in the LDAP directory . . . . . . . . . . . . . Encrypting EMS HTTP traffic with SSL . . . . Encrypting Web browser connections to the EMS with SSL . . . . . . . . . . . Encrypting HTTP traffic between the EMS and Sametime servers with SSL . . . . . . . . 593 . 593 . 597 . 598 . 599 . 600 . 621

Chapter 22. Using the Name Conversion Utility . . . . . . . . . 657Using the Name Conversion Utility . . . . . When to run the Name Conversion Utility . . Preparing to run the Name Conversion Utility . Managing the vpuserinfo.nsf database . . . Editing the text files that control the operation of the utility . . . . . . . . . . . . Running the Name Conversion Utility . . . . Converting buddy lists and privacy lists from the Domino directory format to the LDAP directory format . . . . . . . . . . Changing user names and group names . . Changing organizational unit names. . . . Debug and trace file information . . . . . . Known issues and limitations . . . . . . . . . . . 657 657 658 658

. 659 . 660

Chapter 20. Administering Sametime servers from the Enterprise Meeting Server . . . . . . . . . . . . . . 637Using the EMS Administration Tool to administer Sametime servers . . . . . . . . . . . Sending a message from the administrator . . Monitoring Sametime servers added to the EMS General Server Status . . . . . . . . . Logins . . . . . . . . . . . . . . Meetings and Participants . . . . . . . . 637 . 639 639 . 639 . 640 . 641

. . . . .

660 662 666 668 669

Appendix. Notices . . . . . . . . . 671Trademarks . . . . Third Party Notices . . . . . . . . . . . . . . . . . . . . 672 . 673

Index . . . . . . . . . . . . . . . 679

Contents

ix

x


Chapter 1. Introduction to SametimeThis chapter provides network administrators with an overview of the IBM Lotus Sametime server. This chapter introduces Sametime collaborative features, clients, services, applications, administrative features, and the IBM Lotus Sametime Enterprise Meeting Server (EMS) application. The EMS application is an add-on product for a Sametime deployment that must be purchased separately from the Sametime server.

What is Sametime?Sametime consists of client and server applications that enable a community of users to collaborate in real-time online meetings over an intranet or the Internet. Members of the Sametime community use collaborative activities such as presence, chat, screen sharing, a shared whiteboard, and real-time audio/video capabilities to meet, converse, and work together in instant or scheduled meetings. Sametime presence technology enables members who have logged in to the Sametime server to see all other members who are online (logged in). The names of online users display in presence lists in Sametime applications. From these presence lists, members of the community can converse through instant messaging sessions or start instant meetings that include chat, screen-sharing, whiteboard, question and answer polls, the ability to send Web pages to other users, and audio/video capabilities. While presence lists support instant awareness and instant collaboration with other online users, the Sametime Meeting Center on the Sametime server provides a central meeting place for members of the community. In the Meeting Center, users can schedule meetings to start at a particular time. Users access the Sametime Meeting Center with Web browsers at the scheduled meeting time to attend the meeting. The two primary Sametime client applications are the IBM Lotus Sametime Connect client and the Sametime Meeting Room client. The Sametime Connect client is a Windows application that contains a presence list that displays selected members of the community who are online. From Sametime Connect, a user can collaborate by sending instant messages or by starting an instant meeting with any other online member of the community. The Sametime Meeting Room client is a JavaTM applet that loads and runs in a users Web browser whenever the user attends an instant or scheduled meeting. The Sametime Meeting Room client contains components that support the full range of Sametime collaborative activities, including interactive audio and video. Sametime supports a broadcast technology that enables a large number of view-only users (or audience members) to watch a small number of users (or presenters) interact in a meeting. The broadcast technology is especially useful for meetings in which one person, or a small group of people, make presentations to a large audience. Audience members watch a broadcast meeting using a separate receive-only Java client called the Sametime Broadcast client. Each Sametime server contains an IBM Lotus DominoTM Directory that maintains information about all users and servers that comprise the Sametime community. Copyright IBM Corp. 2005

1

The Sametime server can also be configured to operate as a client to a Lightweight Directory Access Protocol (LDAP) server containing an LDAP directory. Sametime works through the interaction of its client applications with services on the Sametime server. The Sametime services include the Community Services, Meeting Services, Broadcast Services, Domino/Web Application Services, and Audio/Video Services. Managing the directory, ensuring that Sametime clients can connect to the Sametime server, configuring the Sametime services, and monitoring the server are some of the primary administrative tasks associated with the Sametime server. Sametime administrators use the Web-based Sametime Administration Tool. This tool runs in a Web browser and is available from the Administer the Server link on the Sametime server home page. The Sametime 7.0 server includes the concept of server clustering. Sametime server clusters: v Enhance server scalability and reliability to enable Sametime to meet the demands of large user populations. v Provide load balancing and failover capabilities for Sametime Community Services and Meeting Services. For more information about server clusters, see Sametime server clusters.

Install Sametime on a Domino serverA Sametime server must be installed on a Domino server. Sametime can be installed on a Domino server running on a Windows, IBM iSeriesTM, or IBM pSeriesTM server. This documentation uses the term Sametime server to refer to the server that includes both Domino and Sametime. Note: For detailed information about system requirements, installation procedures, and the version of Domino on which Sametime must be installed, see the Lotus Sametime Server 7.0 Installation Guide (stinstall.nsf or stinstall.pdf) that is shipped with the Sametime server. Separate installation guides are provided for each platform. Sametime uses the Directory, security, and replication features of Domino servers. It is best if the Sametime server is dedicated to supporting the real-time, interactive communication services of Sametime. A Sametime server should not be used for other high-demand Domino services such as mail storage and routing, application and database storage, or centralized Directory and administration services. Note: An IBM i5/OS or IBM pSeries server can run multiple partitioned servers on the same Domino system. While it is possible to add Sametime to an existing production Domino server, this configuration is not recommended. Instead, consider creating a new Domino server for running Sametime. The new Domino server can reside on the same system as your existing production server. Users must access the Sametime server with a Web browser. IBM Lotus Notes client access to the Sametime server home page (stcenter.nsf) or the Sametime Meeting Center database (stconf.nsf) is not supported. All other Sametime clients, including the Sametime Connect client, can be downloaded by end users from the Sametime server home page.

2


You can install more than one Sametime server in a Domino environment. Installing multiple Sametime servers provides several advantages related to load balancing and network usage and can enhance meeting and server performance. For more information, see Advantages of using multiple Sametime servers. If you install multiple Sametime servers, the administrator has the option of clustering the Sametime servers. Clustering Sametime servers provides failover and load balancing capabilities, and can increase the reliability and scalability of Sametime. For more information, see Creating Sametime server clusters. The Web-based Sametime Administration Tool is the recommended administration tool for the Sametime components of the Sametime server. The Sametime Administration Tool should be used for most administrative tasks. See Sametime Administration Tool for more information about tasks that are not performed with the Sametime Administration Tool.

Sametime basicsThis section introduces Sametime administrators to basic Sametime terms, concepts, and features that appear throughout this administrators guide. The terms, concepts, and features are grouped into four basic categories: v Collaborative activities and end-user features v Administration terms and features v Sametime clients v Sametime services

Collaborative activities and end-user featuresThis section provides brief descriptions of Sametime collaborative activities and end-user features that are referred to throughout this administrators guide. Sametime administrators should be familiar with these terms. To learn more about these collaborative activities and features, you can experiment with the end-user features of Sametime. Online help for many of these features is also available from the Documentation link of the Sametime server home page. The Sametime collaborative activities and end-user features include: v Presence v Chat v Meetings v Screen sharing v Shared whiteboard v Send Web Pages v Polling v Hand raise v Transfer files v Record and Playback (Recorded Meetings) v IP audio v IP video v Sametime server home page v Sametime Meeting Center v Breakout sessionsChapter 1. Introduction to Sametime

3

PresencePresence refers to the ability of a user to detect when other users are online. A user can view a presence list in a Sametime client or application that displays the names of other online users. Presence is sometimes called awareness or online awareness. A presence list (or contact list) is a starting point for immediate or instant collaboration. Presence lists in Sametime clients display the names of online users in bold green text. Instant messaging sessions and instant meetings can be started immediately from a contact list. A user simply double-clicks or right-clicks an online users name to send an instant message or start an instant meeting. Contact lists are found in all Sametime clients. The Sametime Connect client includes a contact list that can display the names of all users in the community who are online. The Sametime Meeting Room client contains a Participant List that displays the names of all users attending a particular meeting. A user logs in to the Community Services on the Sametime server to become present in the community or an online place (such as a Sametime meeting or Web site enabled with Sametime technology). The Community Services on the Sametime server support all presence functionality in Sametime.

ChatSametime supports text-based chat and instant messaging. A chat session can consist of two (or more) users exchanging instant messages. Chat or instant messaging sessions can be initiated from any contact list in a Sametime client. The Sametime Connect client includes a contact list from which instant messaging sessions can be started with any other member in the community who is online. Additional community members can be invited into instant messaging sessions to form group chat conferences. The Sametime Meeting Room client contains a public chat area (called the Meeting Room chat tool) that enables all participants in a meeting to view and enter messages. All messages entered in the public chat area can be viewed by all participants in the meeting. In addition to the Meeting Room chat tool, the Sametime Meeting Room client also includes a Participant List. The Participant List is a contact list from which one user can initiate a private chat session with another user in the meeting. The messages exchanged in the private chat session are seen by the users engaging in the chat session, but not by all participants in the meeting. The Meeting Room chat tool is the public chat tool in a meeting. The Participant List supports private chats in the meeting. All instant messaging and chat activity is supported by Community Services on the Sametime server.

MeetingsSametime meetings are either instant or scheduled. An instant meeting is started immediately from a presence list in any Sametime client. Whiteboard files cannot be saved during instant meetings. Instant meetings cannot be recorded.

4


A scheduled meeting is scheduled to start at a particular time and date. Scheduled meetings are created in advance in the Sametime Meeting Center application (stconf.nsf) on the Sametime server. Users access the Sametime Meeting Center application on the Sametime server with a Web browser at the scheduled meeting time to attend the meeting. Note: You can create a meeting in the Sametime Meeting Center and enable the meeting to Start immediately. For clarity, such a meeting is considered a scheduled meeting. Any meeting started in the Sametime Meeting Center is a scheduled meeting. Any meeting started from a contact list is an instant meeting. A collaborative session is a meeting if the Sametime Meeting Room client is launched. The Sametime Meeting Room client is launched for collaborative sessions that include any of the following activities: screen sharing, whiteboard, question and answer polling, send Web pages, Meeting Room chat, audio, and video. However, the Sametime Meeting Room client is not launched for chat-only sessions between users. A session that includes only instant messaging or a group chat conference does not require the use of the Sametime Meeting Room client. The Meeting Services and the Community Services support the starting, stopping, and creation of meetings on the Sametime server. Components of the Sametime Meeting Room clients interact with the Meeting Services, Community Services, and Audio/Video Services when participating in Sametime meetings.

Breakout sessionsUsers who are attending a meeting see a list of all meeting participants in the Participant List component of the Meeting Room client. While the meeting is in progress, a user can start a breakout session with any user displayed in the Participant List. A breakout session is an instant meeting that is started from the Participant List of a meeting that is currently active. To start a breakout session, the user selects the name of another meeting participant (or participants) from the Participant List and starts an instant meeting with that user. Other users can also be invited to this breakout session. Breakout sessions have the following characteristics: v If a breakout session will include any collaborative activities other than chat (such as whiteboard or screen sharing), the user must have permission to edit/share from the Meeting Moderator to start a breakout session. If the breakout session will use chat only, no permissions are necessary to start the breakout session. v When the user starts a breakout session, the original meeting remains open in a browser window, and the user is still a participant in the original meeting. To return to the original meeting, the user leaves the instant meeting and selects the browser window that contains the active meeting. v When a breakout session begins, it does not contain any information (such as a chat transcript or whiteboard file) from the original meeting. v If both the original meeting and the breakout session include IP audio, the users voice is heard in both meetings. Users should mute their microphones in either the original meeting or the breakout session so that their voices are heard in only one meeting at a time. Users should also mute their speakers in one of the meetings if they do not want to hear audio from both meetings at once.

Chapter 1. Introduction to Sametime

5

v If the original meeting includes IP audio and the breakout session includes IP video, the users video image is not seen in the breakout session until his or her microphone is muted in the original meeting. If a user was the last person to speak in the original meeting, the users video image continues to appear in the original meeting until someone else in the original meeting speaks.

Screen sharingScreen sharing is a Sametime collaborative activity that enables multiple users to work within a single application on one users computer. Geographically dispersed users in remote locations can collaborate within a single application to produce a document, spreadsheet, blueprint, or any other file generated from a Windows application. Screen sharing is sometimes also referred to as application sharing. In a meeting that includes screen sharing, one end user uses the screen-sharing tool in the Sametime Meeting Room client to share a screen or application on the users local computer with other meeting participants in remote locations. The other meeting participants also use the screen-sharing tools of the Sametime Meeting Room client on their local computers to view and make changes to the shared screen or application. It is not necessary for the remote users to have the application that is being shared installed on their local systems. (The remote users share a single instance of the application that is running on only one meeting participants computer.) Only one user at a time can be in control of the shared screen. Most users see the initials of the user who controls the shared screen beside the cursor. The person who is sharing the screen does not see the initials when someone else controls the shared screen. The person who is sharing the screen must view the Participant List details to confirm who controls the shared screen. The administrator controls whether this collaborative activity is available for meetings on the Sametime server from the Configuration - Meeting Services General tab of the Sametime Administration Tool. Screen sharing is supported by T.120 components of the Meeting Services on the Sametime server. For more information about using this collaborative activity in a meeting, see the Sametime end-user online help.

Shared whiteboardThe shared whiteboard is a Sametime collaborative activity that supports interactive presentations. A shared whiteboard presentation closely resembles a slide show. In a whiteboard presentation, one participant presents images in the whiteboard tool of the Sametime Meeting Room client on the participants local computer. Remote meeting participants can view the images and annotate the images using the whiteboard tools in the Sametime Meeting Room clients running on their local computers. Before images can be presented on the whiteboard, a file containing the images must be attached to the meeting. Users can attach files when creating meetings, and the Moderator can attach files before or during meetings. Files are automatically converted into the file type required for display in the whiteboard tool. In some cases, the format of a file that is added to the Attachments dialog might not be properly preserved and the file might not display correctly during a

6


whiteboard meeting. In these cases, the IBM Lotus Sametime Print Capture utility provides an alternate method of creating a whiteboard file. The Sametime Print Capture operates much like a printer driver and enables end users to print output from any Windows application to the file format required by the whiteboard. Note: Sametime servers that run on operating systems other than Windows only support whiteboard attachments created with the Sametime Print Capture utility. For more information on how to use the Sametime Print Capture utility, see the Sametime end-user help and the Sametime Print Capture help. The shared whiteboard is supported by T.120 components of the Meeting Services on the Sametime server. The administrator controls whether the shared whiteboard collaborative activity is available for meetings on the Sametime server by selecting a setting in the Configuration - Meeting Services - General tab of the Sametime Administration Tool. For more information about using the shared whiteboard collaborative activity in a meeting, see the Sametime end-user online help available from the Documentation link on the server home page. Saving the whiteboard: During a meeting, the meeting Moderator can save a whiteboard file so that others can view it when the meeting is over. For example, if someone has presented a file on the whiteboard, and several participants have annotated the file, the Moderator can save the changed file. The whiteboard file is saved on the Sametime server as an attachment to the Meeting Details document associated with the meeting. The whiteboard is saved in two file formats: RTF and SWB (Sametime whiteboard). The RTF file can be opened in most word processing or graphics applications for printing or viewing after the meeting has ended. The SWB file can be attached to future meetings and presented on the whiteboard during those meetings. If the whiteboard is saved more than once during a meeting, only the most recently saved version is available from the Meeting Details document. The most recently saved version is available in both the RTF and SWB formats. The administrator controls whether the Meeting Moderator is allowed to save the whiteboard from the Configuration - Meeting Services - General tab of the Sametime Administration Tool.

Send Web PagesSend Web Pages is a Sametime collaborative activity that enables a Meeting Moderator to send a Web page URL to all participants in a meeting, including audience members in broadcast meetings. When the Moderator sends a Web page URL to the meeting participants, a browser window opens on each participants screen and displays the Web page. If the Moderator sends an additional Web page URL to the meeting participants, the new Web page replaces the previous Web page in the Web browser window. The Send Web Pages feature enables the Moderator to ensure that all meeting participants are looking at the same Web page. However, if the Meeting Moderator or any meeting participant clicks a link or scrolls the Web page, the other meeting participants do not see this activity occurring in the Web browser window on their


7

local machines. Each participant can explore the Web page, go to a different Web page, or close the window without affecting what other participants see in their browser windows. The administrator controls whether this collaborative activity is available for meetings on the Sametime server from the Configuration - Meeting Services General settings of the Sametime Administration Tool. For more information about using the Send Web Pages feature in a meeting, see the Sametime end-user online help available from the Documentation link on the Sametime server home page.

PollingPolling is a Sametime collaborative activity that enables a Meeting Moderator to use polls (or ask questions) to gather feedback from meeting participants. For example, the Moderator might ask meeting participants to vote to approve or reject a proposal. Only the Moderator can send polls. Note: During broadcast meetings, only presenters can respond to polls, but both presenters and audience members can view poll responses shared by the Moderator. During fully-interactive Sametime meetings, all meeting participants can respond to polls and view responses shared by the Moderator. Participants responses to poll questions are tallied in the Moderators Poll Tab. The Moderator can keep the poll responses private, or share them with the other meeting participants. When sending a poll, the Moderator can also: v Share the tallied responses with other participants - Normally, the Moderator is the only person who sees poll responses. The Moderator can choose to share the tallied poll responses so that all participants see the responses in the Poll Tab of the Sametime Meeting Room client. v Allow anonymous responses - By default, the Moderator can see each participants response to poll questions. (These individual responses cannot be shared with other meeting participants.) Because people often answer more freely when they know their identity will not be revealed, the Moderator can preserve participants privacy by allowing anonymous responses to poll questions. During Broadcast meetings, only presenters can respond to polls. v Mark correct answers - The Moderator can specify correct answers for poll questions. When the Moderator shares the poll responses, participants can see if they answered the question correctly. The administrator controls whether this collaborative activity is available for meetings on the Sametime server from the Configuration - Meeting Services General tab of the Sametime Administration Tool. For more information about using this collaborative activity in a meeting, see the Sametime end-user online help available from the Documentation link on the Sametime server home page.

Hand raiseHand raise is a collaborative activity that allows users to raise a hand at any time during a meeting. When users raise their hands, a hand icon appears next to their names in the Participant List.

8


A user might raise a hand to: v Ask for permission to edit/share or permission to speak. v Respond to a question or speak during the meeting. v Attract the Moderators attention. The Moderator can lower raised hands at any time, or users can lower their own hands. Users do not need permission to edit/share or permission to speak to raise their hands.

Transfer filesTransferring files is a Sametime collaborative activity that enables users to send a file to another user via a contact list in the Sametime Meeting Room or the Sametime Connect client. Users must transfer one file at a time to one person at a time. File transfers are automatically encrypted. The administrator can enable or disable this feature. When you enable this feature, both authenticated and anonymous users can transfer files. CAUTION: To protect against viruses that might be spread through file transfers, users should have current anti-virus software. The softwares real-time protection settings should be enabled and set to scan all files. For more information about enabling, disabling, and setting size limits for file transfers, see Allow users to transfer files to each other. Note: The file transfer feature does not work with Sametime Links. For more information about Sametime Links, see the the Sametime Directory and Database Access Toolkit documentation available from IBM DeveloperWorks (http://www.ibm.com/developerworks/lotus/products/instantmessaging/. Follow the link for Toolkits and Drivers.

Record and Playback (Recorded Meetings)Sametime includes a Record and Playback feature that enables a user to record meetings. When scheduling a meeting, the user selects a check box labeled Record this meeting so that others can replay it later to record the meeting. When a user records a meeting, a Sametime Record and Playback (.RAP) file that contains a recorded version of the meeting is automatically saved as an attachment to the Meeting Details document when the meeting ends. Anyone who has access to the meeting can click a Replay the Meeting button on the Meeting Details document in the Sametime Meeting Center to play the recorded version of the meeting. When the user clicks Replay the Meeting, a modified version of the Sametime Broadcast client Java applet starts in a Web browser window on the users machine and connects to the Broadcast Gateway component of the Sametime server. The Broadcast client is modified to include controls that enable the user to stop, pause, and resume the playback of recorded meeting files. The following restrictions apply to recorded meetings: v Users cannot choose to record a meeting after the meeting begins; they must select the Record this meeting... option when scheduling the meeting. v Users can only record a scheduled meeting; it is not possible to record an instant meeting.Chapter 1. Introduction to Sametime

9

The administrator controls whether the Record and Playback feature is available for meetings on the Sametime server from the Configuration - Meeting Services General tab of the Sametime Administration Tool. If the administrator allows the Record and Playback feature to be available on the server, there are administrative tasks associated with managing the recorded meeting files. These tasks include: v Exporting (or saving) a recorded meeting v Deleting a recorded meeting v Replacing a recorded meeting with another recorded meeting file v Importing a recorded meeting file See Managing recorded meetings (Record and Playback) for more information.

IP audioInteractive IP Audio is a Sametime collaborative activity that enables multiple (two or more) users to transmit and receive audio over an IP network. In a meeting that includes interactive IP audio, the audio can operate in either the automatic microphone or the request microphone mode. The request microphone mode is the more controlled mode. Only one user can speak at a time and a user must request the microphone before speaking. The automatic microphone mode enables two users to speak simultaneously. In the automatic microphone mode, the person speaking is automatically detected by the Audio/Video Services on the Sametime server (it is not necessary to request the microphone before speaking). Automatic microphone mode offers a more natural form of conversation but provides less control. The end user uses the audio tool of the Sametime Meeting Room client when participating in a meeting that includes IP audio. This tool contains microphone and speaker volume controls and mute features, and a button that allows users to configure the audio and video preferences on their computers. For more information about the end-user aspects of the IP Audio collaborative activity, see the Sametime end-user online help. The term interactive IP audio refers to the technology that enables all participants in a meeting to both transmit and receive IP audio packets on the network. In an interactive IP audio meeting, one user transmits a stream of audio packets to the server and the server disseminates this stream to all other meeting participants. This one-to-many form of communication is sometimes called multipoint audio. The term broadcast IP audio refers to the streaming technology that enables a large group of users (or audience members) to receive the audio from a meeting but not transmit audio to other users in a meeting. IP audio is supported by the Audio/Video Services on the Sametime server. Broadcast IP audio is supported by the Audio/Video Services and the Broadcast Services on the Sametime server.

IP videoInteractive IP video is a Sametime collaborative activity that enables multiple users to transmit and receive video packets over an IP network. In a meeting that includes interactive IP video, the video follows the audio. The video component of the Sametime Meeting Room client includes a Remote and

10


Local video window. The Remote window displays images from the camera of the person who is speaking and the Local window displays the image from a users local camera. Sametime does not support video-only meetings. A meeting that includes IP video must also include IP audio. For more information about the end-user aspects of this collaborative activity, see the Sametime end-user online help. The term interactive IP video refers to the technology that enables all participants in a meeting to both transmit and receive IP video packets on the network. In an interactive IP video meeting, one user transmits a stream of video packets to the server and the server disseminates this stream to all other meeting participants. This one-to-many form of communication is sometimes called multipoint video. The term broadcast IP video refers to the streaming technology that enables a large group of users (or audience members) to receive video but not transmit it. Interactive IP video is supported by the Audio/Video Services on the Sametime server. Broadcast IP video is supported by the Audio/Video Services and the Broadcast Services on the Sametime server.

Sametime server home page (stcenter.nsf)The Sametime server home page is an HTML page that exists in the Sametime Center database (stcenter.nsf). The Sametime server home page can only be accessed by a Web browser and is the end-user entry point to the Sametime server. After installing the Sametime server on the Domino server, you must set stcenter.nsf as the Home URL for the server. To do this, open the Server document for the Domino server that includes Sametime, select the Internet Protocols tab, select the HTTP tab, and enter stcenter.nsf in the Home URL field of the Mapping section of the Server document. As the user entry point to the Sametime server, the Sametime server home page contains links to the following important Sametime entities: v Sametime Meeting Center v Sametime Connect client (includes clients that can be downloaded) v Self-registration feature v Sametime Administration Tool v End-user documentation v Sametime Developers Web site

Sametime Meeting Center (stconf.nsf)The Sametime Meeting Center is an application (a Lotus Notes database named stconf.nsf) on the Sametime server that is accessed by a Web browser. This application is a central meeting place for members of the Sametime community. From the Sametime Meeting Center, you can schedule a meeting, start a meeting immediately, attend a meeting, and view information about scheduled and finished meetings. Users access the Sametime Meeting Center database by clicking Attend a Meeting or Schedule a Meeting on the Sametime server home page. Note: All scheduled meetings in Sametime are created in the Sametime Meeting Center. A user who starts an instant meeting from a contact list does not access the Sametime Meeting Center.Chapter 1. Introduction to Sametime

11

Anonymous access is allowed to the Sametime Meeting Center database by default. With anonymous access, users are not required to authenticate when accessing the Sametime Meeting Center. For more information about the implications of anonymous access to the Sametime Meeting Center, see Anonymous Access Settings for Community Services.

Sametime administration terms and featuresThis section provides brief descriptions of general Sametime administration terms that appear throughout this administrators guide. Sametime administrators should be familiar with these terms and features. Issues and administrative procedures associated with these terms are discussed in greater detail in subsequent chapters and topics of this administrators guide. Some basic Sametime administration terms and features include: v Sametime server v Sametime Administration Tool v Community v Domino Directory v LDAP directory v Self-registration v Connectivity (firewall and proxy support) v Broadcast v Monitoring and logging v Security v SIP Gateway and SIP Connector v Reverse proxy and portal server support v Chat logging v Sametime server clusters v Name Conversion Utility v StdebugTool.exe Utility

Sametime serverThe term Sametime server is used throughout the documentation to refer to a server that has both Sametime and Domino installed.

Sametime Administration ToolThe Sametime Administration Tool is an HTML and XML based application that runs in a Web browser. You open the Sametime Administration Tool by clicking Administer the Server on the Sametime server home page. The Sametime Administration Tool is the primary administration tool for the Sametime server. For more information about the Sametime Administration Tool, see Overview of the Sametime Administration Tool features. During the Sametime installation, one user is specified as the administrator of the Sametime server. This administrator has access to the Sametime Administration Tool and all of its administrative features. The administrator specified during the installation can provide other administrators with access to the Sametime Administration Tool as needed. The Sametime Administration Tool should be used to perform all administrative procedures on the Sametime server with the following exceptions:

12


v Replication and creation of new Lotus Notes databases - If a Sametime procedure requires you to replicate a database or create a new database, you must use a Lotus Notes or Domino Administrator client. The Sametime Administration Tool does not provide the functionality required to create one-time replicas (replica stubs) or other new databases, or set up replication schedules. v Managing LDAP users - If you have configured Sametime to operate as a client to an LDAP server, you cannot use the Sametime Administration Tool to add or delete users in the LDAP directory on the LDAP server. Use the software provided with the LDAP server for management of the LDAP directory. Note: Although you cannot use the Sametime Administration Tool to manage users in an LDAP directory on a third-party server, you must use the Sametime Administration Tool to configure the Sametime server to access the LDAP directory on the third-party LDAP server. Setting up Secure Sockets Layer (SSL) on the Sametime server - If you want to configure the Sametime server so that all Web browser clients use the SSL protocol when connecting to the Sametime server, you must use a Lotus Notes client or the Domino Administrator client to set up SSL on the server. Enabling a SIP gateway and deploying a SIP Connector - If you want to allow users in your Sametime community to communicate with users in other instant messaging communities that support the SIP/SIMPLE protocol, you must use a Lotus Notes client to enable the Session Initiation Protocol (SIP) Gateway. Implementing chat logging - The chat logging feature can capture all chat conversations that occur on the Sametime server, including instant messages, chat conferences (chats involving more than two people), and Meeting Room chats. For more information about chat logging, see the Sametime Directory and Database Access Toolkit documentation available from IBM DeveloperWorks (http://www.ibm.com/developerworks/lotus/products/instantmessaging/. Follow the link for Toolkits and Drivers. Creating Community Services clusters - A Community Services cluster consists of multiple Sametime servers configured to operate together, providing failover and load balancing for the Sametime instant messaging and presence functionality. For more information see Overview of Community Services clustering. Starting or stopping Sametime services - You must use the Services settings in the Windows NT Control Panel or Windows 2000 Administrative Tools to start or stop a Sametime service.

v

v

v

v

v

CommunityThe Sametime community refers to all users that have Web browser access to a Sametime server (or servers) and all Sametime servers that support those users. The Sametime community can be maintained in the Domino Directory on the Sametime Server or in an LDAP Directory on a third-party LDAP-compliant server. Specifically, the Sametime community can be described as follows: v A shared directory, or set of directories, that lists the people and groups of the community v One or more Sametime servers that each have access to the shared directory or set of directories For information on integrating multiple Sametime servers into a single community, see Deploying multiple Sametime servers.


13

Domino DirectoryThe Sametime server uses the Domino Directory of the Domino server on which Sametime is installed. The Domino Directory is a database that serves as a central repository for information about Sametime users (or members of the Sametime community). The Domino Directory contains a separate Person document for each Sametime user. The Person document contains the User Name and Internet password required for authentication with the Sametime server. The Person document also contains a Sametime server field that is used to specify a users home Sametime server. The home Sametime server is the Sametime server a user connects to when logging in to the Community Services for presence and chat activity. The Domino Directory also contains Group documents that hold lists of users that perform similar tasks. Group documents also define the Public Groups that end users can add to the Sametime Connect client presence list. Other information stored in the Domino Directory includes server configuration information in the Server document, database configuration settings, and Access Control Lists (ACLs). Person and Group documents, and ACLs within the Domino Directory, can be accessed from the Sametime Administration Tool. Sametime administrators have the option of using the Domino Directory for user management or configuring Sametime to connect to an LDAP directory on an LDAP server for user management. To maintain current information about users, groups, and servers in the Sametime community, the Community Services must receive periodic updates from the Domino Directory. For more information about the Domino Directory, see Managing the Domino Directory.

LDAP directoryThe administrator can configure the Sametime server to connect to a Lightweight Directory Access Protocol (LDAP) server. This capability enables an administrator to integrate Sametime into an environment in which LDAP servers and LDAP directories are already deployed. When Sametime is configured to connect to an LDAP server, the Sametime server searches and authenticates user names against entries in the LDAP directory on the third-party LDAP server. The LDAP directory replaces the Domino Directory as the user repository in the community. The community is defined by the users in the LDAP directory. Sametime can access LDAP directories on multiple LDAP servers. For more information, see Using LDAP with the Sametime server.

Self-registrationThe Sametime server includes a self-registration feature. This feature allows an end user to create a Person document that contains a User Name and Internet password in the Domino Directory on the Sametime server.

14


The self-registration feature is available to end users from the Register link of the Sametime server home page. The administrator has the option of allowing or not allowing self-registration. Self-registration can reduce the workload for the administrator because it enables users to add themselves to the Domino Directory (create a Person document in the directory containing a User Name and Internet password). Allowing self-registration can involve security risks because it enables anonymous users to create records in the Domino Directory. These records permit anonymous users to authenticate with databases on the server. Self-registration is not allowed by default. Also, self-registration cannot be used if Sametime is configured to operate with an LDAP directory. For more information, see Using Sametime self-registration.

Connectivity (firewall and proxy support)To engage in collaborative activities, the Sametime clients must connect to various services on the Sametime server, as described below: v Web browsers connect to the HTTP Services on the Sametime server. v The Sametime Connect client connects to the Community Services on the Sametime server. v The Sametime Meeting Room client contains components that connect to the Meeting Services, Community Services, and Audio/Video Services. v The Sametime Broadcast client connects to the Broadcast Services on the Sametime server. The HTTP Services, Community Services, Meeting Services, Broadcast Services, and Audio/Video Services on the Sametime server listen for connections from clients on different TCP/IP ports. Because of the number of ports required to support the full range of collaborative activities, Sametime includes specially-designed connectivity features that enable Sametime clients to establish connections through firewalls and proxy servers. Generally, the Sametime connectivity features enable Sametime clients to establish connections through HTTP and SOCKS proxy servers, or by using the HTTP connection method. If necessary, Sametime can be configured to listen for HTTP connections from all clients on port 80 to enable Sametime clients behind restrictive firewalls to connect to the Sametime server. Note: The Sametime Connect client can also establish connections to the Community Services through an HTTPS proxy server. For more information about enabling Sametime clients to connect through firewalls and proxy servers, see Configuring Sametime Connectivity. For information about enabling Sametime servers to operate behind a reverse proxy server, see Using reverse proxy or portal servers with the Sametime server.

BroadcastSametime includes streaming technology that enables the server to broadcast meetings on the Internet or corporate intranet. Broadcast meetings can scale to extremely large audiences.


15

A Sametime Broadcast meeting includes two types of users: presenters and audience members. Presenters use the Sametime Meeting Room client to engage in interactive collaborative activities in a meeting. Audience members watch the actions of the presenters in a special view-only Sametime Broadcast client. The audience members can watch the meeting, but do not interact in the collaborative activities. The meeting experience for audience members in a Broadcast meeting is similar to watching television. Broadcast Services on the Sametime server transmit screen-sharing and whiteboard Real-Time Protocol (RTP) data streams to the special view-only Sametime Broadcast clients. Audio and video RTP data streams can also be broadcast on the network and received by the Broadcast clients. Audience members can watch the screen-sharing or whiteboard activity of the presenters, view poll responses shared by the Moderator, view Web pages sent by the Moderator, view Meeting Room chat entered by the presenters, hear audio discussions, and see video images from the camera of the person currently speaking. However, Audience Members cannot interact with the Presenters. The Broadcast client used by the audience members contains no interactive capabilities. The Broadcast media streams travel in only one direction, from the server to the Broadcast clients. Scalability is enhanced primarily because the Sametime server is not required to handle any incoming data from Audience Members. Broadcast meetings are very effective for company-wide presentations or any type of meeting where one person, or a small number of people, lecture or make presentations to a large audience. For more information, see About the Broadcast Services.

Monitoring and loggingThe Sametime server provides monitoring and logging features that enable you to monitor the current status of the server and record (or log) information about server events and activities. Monitoring: The Sametime server includes charts that allow you to monitor current Sametime server statistics. The monitoring charts, which are presented as tables, provide up-to-the-second information about Community Services, Meeting Services, Broadcast Services, Audio/Video Services, Web statistics, and free disk space on the server. For more information, see Using the Monitoring charts. Logging: The Sametime server logging tools include the Sametime log and the Domino log. The Sametime log records events in the Sametime log database (stlog.nsf). The Sametime Administration Tool includes logging settings that enable you to control whether activities are logged to a database or to text files and to determine which activities are logged. If you log Sametime information to a database, you can view the Sametime log from the Sametime Administration Tool. The Sametime Administration Tool also allows an administrator to launch the Domino Web Administration Tool to view the Domino log. The Domino log includes information about available memory and disk space, server performance, and databases that need maintenance. For more information, see Viewing the Sametime log .

16


SecurityThe Sametime server uses the Internet and intranet security features that are available on the Domino server on which it is installed. Generally, you use the Access Control Lists (ACLs) of databases on the Sametime server to provide users with anonymous access or basic password authentication to individual databases on the server. For example, you might want to set the ACL of the Sametime Meeting Center database (stconf.nsf) to require basic password authentication so that only authenticated users can create and attend meetings on the Sametime server. To authenticate with the Sametime server, users must have a Person document that contains a User Name and Internet password in the Domino Directory on the Sametime server. The user is prompted for these credentials when logging in to the Sametime Connect client or accessing a Sametime server database that requires basic password authentication. Note: If you have configured Sametime to connect to an LDAP server, users are authenticated using names and passwords stored in LDAP directory entries. In addition to the Domino Internet and intranet security features, the Sametime server requires authentication by token security mechanisms to ensure that Sametime clients that establish connections to the Sametime services are authenticated. These security mechanisms include the Sametime Secrets and Tokens authentication databases and the Domino Single Sign-On (SSO) authentication feature. You can also use Secure Sockets Layer (SSL) to encrypt Sametime HTTP traffic. For more information, see Working with Sametime security.

SIP gateway and SIP connectorEnabling the Session Initiation Protocol (SIP) Gateway and deploying a SIP Connector are optional procedures that you can perform if you want users in your Sametime community to share presence and instant messaging capabilities with users in other SIP-enabled communities. You can enable this functionality to allow users in your community to communicate with users in another Sametime community that contains a Sametime server with the SIP Gateway functionality enabled. Enabling the SIP Gateway functionality requires the installation of a separate component, the SIP Connector. For more information see Enabling the Session Initiation Protocol (SIP) Gateway.

Reverse proxy and portal server supportA Sametime server can be deployed behind a reverse proxy server or a portal server. When a Sametime server is deployed on an internal network behind a reverse proxy server, the reverse proxy server operates as an intermediary between the Sametime server and the Sametime clients. All Sametime data flowing between the Sametime server and its clients passes through the reverse proxy server. To accomplish its security objectives, a reverse proxy server manipulates the data that passes through it. The manipulation of Sametime data by the reverse proxy server imposes specific requirements and limitations on the use of reverse proxy servers with the Sametime server.


17

These limitations and requirements are discussed in detail in Using reverse proxy or portal servers with the Sametime server.

Sametime server clustersThe Sametime server supports Sametime server clustering. Sametime server clusters: v Enhance server scalability and reliability to enable Sametime to meet the demands of large user populations. v Provide load balancing and failover capabilities for Sametime Community Services and Meeting Services. Sametime server clustering enables you to cluster the Community Services separately from the Meeting Services. For example, if you have three Sametime servers, you can have two separate clusters: a Community Services cluster and a Meeting Services cluster. The two cluster types operate independently. The Community Services cluster provides load balancing and failover for the instant messaging and presence functionality. The Meeting Services cluster provides load balancing and failover for the Meeting Services functionality. Clustering each of the services separately provides the flexibility to manage the Sametime functionality according to the needs of your company. For example, some companies might have a greater need for Community Services functionality than Meeting Services functionality while other companies have more need for the Meeting Services functionality than the Community Services. To support flexibility in the deployment of your Sametime servers, you have three options when creating Sametime server clusters: v You can cluster the Community Services without clustering the Meeting Services v You can cluster the Meeting Services without clustering the Community Services v You can cluster both the Community Services and the Meeting Services For more information about server clusters, including detailed information about each option for clustering the servers, see Introduction to Sametime Server Clusters and the Enterprise Meeting Server.

Name Conversion UtilityThe names that appear in Sametime Connect client buddy lists and privacy lists are stored in a Domino database (vpuserinfo.nsf) on

sthelpad

Documents

Transcript of sthelpad