How to setup Sametime for both internal and external access – without VPN

Posted by:

In a recent Sametime 8.5.2 project our customer wanted to be able to use the IBM Lotus Notes embedded Sametime Client regardless if the user where connected to the corporate network or via Internet without using VPN. Also when connected via Internet, SSO using Domino token should still work without the user having to do any reconfiguration.

So which solution did we proposed to the customer? We proposed a infrastructure with two Sametime Community Servers.

  • One Sametime Community Server installed on the internal network and one in DMZ.
  • Both servers are configure in a Domino cluster, replicating the VPUSERINFO.NSF database
  • Sametime Clients use the same FQDN (stcommunity.company.com) when accessing the server regardless if they are on the internal network or connected via Internet
  • Split DNS is used. Internal DNS points to internal Sametime Community Server, external DNS points to external Community Server
  • The Customer uses a Domino LDAP Server, internally this server will be used as Domino Token SSO server
  • Domino SSO Token server (nlogin.company.com) is configured the same way using Split DNS. Internal DNS points to internal LDAP Server, external DNS points to Community Server in DMZ

With this configuration a Sametime Client user can log in (both internally and externally) to his/her Sametime Community Server using Domino Token SSO without using VPN.

0