How to auto-configure mobile apps for IBM Connections/IBM Sametime

Posted by:

IBM is spending a lot of time and effort to develop and deliver top notch  iOS/Android apps for their social/collaboration solutions. IBM has developed mobile apps for the following products:

– IBM Connections
– IBM Sametime
– IBM Sametime Meetings

These apps can be downloaded from Apple/Google app stores. When you open one of these apps on your mobile device for the first time, you are prompted to add the hostname to the Connections/Sametime server,  the correct port, give the configuration a name and so on. This can be a little tricky for the user and can generate some unnecessary support calls to your Help-desk.

But there is a way to make this easier for the user. You can send or publish a URL, that  then clicked on will automatically configure the app with the correct server settings and so on. The user will then only need to enter her/his username and password to get connected to Connections or Sametime services. Below you have some examples on how these URLs can look like:

[Sametime Chat]
Please install IBM Sametime Meetings app and open the relevant link below to create a configuration for Greenhouse”
On Apple devices, use:
sametime://st85meetingsp.lotus.com:443/?action=AddCommunity&communityName=Greenhouse&ssl=true&authProxyReuseCredentials=true

[Sametime Meeting]
Please install IBM Sametime app and open the relevant link below to create a configuration for “Greenhouse”
On Apple devices, use:
stmeetings://greenhouse.lotus.com:443/stmeetings/configure?action=AddMeetingServer&serverName=Greenhouse&ssl=true

[IBM Connections]
Please install IBM Connections app and open the relevant link below to create a configuration for “Greenhouse Community”
For both iOS and Android devices use:
ibmscp://com.ibm.connections/launch?accountname=Greenhouse&accountserver=https://greenhouse.lotus.com/homepage

These URLs can then be sent by email to users or published on the corporate intranet (Connections of course…). The user then opens the email or intranet page on their mobile device and click on the link and the app gets auto configured 🙂

The above URLs are just a few examples on how to configure this apps. It is possible to add more logic to the URL, like users domain or even username. For more information about that, visit IBMs documentation, see below.

0

Ed Brill: The big news about Sametime “next” should be pretty exciting

Posted by:

As IBM Connect 2013 gets closer, I as a “Sametime Guy”, are looking forward to hear all about the new stuff that Sametime “Next” will bring. Reading Ed Brills blog about this 2012, he writes this about Sametime.

…In Sametime, we decided to change the game to focus on social communications. The big news about Sametime “next” should be pretty exciting when we start talking about that roadmap later this month; that team has been working hard this year to put some impressive plans in place.

I can’t wait to hear and see Sametime “Next” in Orlando! 🙂

1

How to setup Sametime for both internal and external access – without VPN

Posted by:

In a recent Sametime 8.5.2 project our customer wanted to be able to use the IBM Lotus Notes embedded Sametime Client regardless if the user where connected to the corporate network or via Internet without using VPN. Also when connected via Internet, SSO using Domino token should still work without the user having to do any reconfiguration.

So which solution did we proposed to the customer? We proposed a infrastructure with two Sametime Community Servers.

  • One Sametime Community Server installed on the internal network and one in DMZ.
  • Both servers are configure in a Domino cluster, replicating the VPUSERINFO.NSF database
  • Sametime Clients use the same FQDN (stcommunity.company.com) when accessing the server regardless if they are on the internal network or connected via Internet
  • Split DNS is used. Internal DNS points to internal Sametime Community Server, external DNS points to external Community Server
  • The Customer uses a Domino LDAP Server, internally this server will be used as Domino Token SSO server
  • Domino SSO Token server (nlogin.company.com) is configured the same way using Split DNS. Internal DNS points to internal LDAP Server, external DNS points to Community Server in DMZ

With this configuration a Sametime Client user can log in (both internally and externally) to his/her Sametime Community Server using Domino Token SSO without using VPN.

0

IBM Sametime Media Manager and the importance of the FQDN

Posted by:

To be able to deliver audio and video services with IBM Sametime 8.5.2 you have to install the Sametime Media Manager Server. The Sametime Media Manager uses the Session Initiation Protocol (SIP) to provide Sametime clients with support for peer-to-peer VoIP, video chats and for web conferencing within the meeting rooms. For security it uses by default TLS encryption to secure audio/video communication.

Then installing Sametime Media Manager you have several choices to make, should you install all three components (SIP Proxy/Register, Conference Manager and Packet Switcher) on the same server or should you install them on three different machines? Should you install it in DMZ for external access or not? One thing that is VERY important then installing, is which FQDN (Fully qualified domain name) your are going to use for Sametime Media Manager. So why is this so important? Its because of this:

The installer program for Sametime Media Manager uses the operating system machine name FQDN to create a self-sign certificate which later is used for TLS encryption!

This means that if you install Sametime Media Manager on a Windows 2008 R3 server which machine name FQDN is winsrv034.corp.company.com, the self-sign certificate will get created with that FQDN. To get audio/video to work between two Sametime clients, both clients needs to “connect” or register with the Sametime Media Manager. The Sametime client does this by asking its Sametime Community Server which FQDN to use for connecting to the Sametime Media Manager. In this case the Sametime client will use the FQDN winsrv034.corp.company.com.

OK, but what If I does not want to install Sametime Media Manager using the operating system name. Say you like to use a DNS Alias, which are quite common then installing application servers. What will happens then?

If you install Sametime Media Manager using a DNS Alias (like stmedia.company.com) the certificate used for TLS encryption of A/V will still use the FQDN winsrv034.corp.company.com . Then a Sametime client then tries to create a A/V session with another Sametime client, the A/V session will fail because the client will try to use the FQDN stmedia.company.com , but the certificate used for TLS encryption will only work if the Sametime Media Manager Server FQDN are winsrv034.corp.company.com…

This is the reason why IBM writes this in the “IBM Sametime 8.5.2 – Installation From Zero to Hero  – 8.5.2” presentation.

“…The Media Manager Server does not work when installing with a DNS alias. You
must configure the full qualified machine host name (including domain part)
and use this for the installation. This name does not need to be configured
anywhere else and the client does not see it.”

OK, so I need to install the Sametime Media Manager with its operating system FQDN. Is that so bad? No not if you are only going to use Sametime A/V on your intranet. Then it may be OK to use a OS FQDN. But if your Sametime environment also are going to be accessible from the Internet this will cause problems.

To be able to deliver Sametime A/V services between internal Sametime Servers/clients and external Sametime clients, you have to install a couple for Sametime Edge Servers in DMZ. Then you have to use a “split DNS” configuration so external clients can use the same FQDN to Sametime Servers as the internal Sametime clients. One of the Edge Servers you need to install in DMZ are the Lotus SIP Edge Proxy Server. This server must have the same FQDN as the Sametime Media Manager Server standing on the internal network!

Internal Sametime Client —> Sametime Media Manger (winsrv034.corp.company.com) —> | DMZ— Lotus SIP Edge Proxy Server (winsrv034.corp.company.com) …DMZ | <—  External Sametime Client

The above configuration demands that you put internal server names in the external DNS, and FW/DNS/network guys sometimes have a problem with that… So if you are going to deliver A/V services to Sametime clients on the internet, deciding the FQDN for the Sametime Media Manager Server when installing is VERY important.

You have to decide the following before installing Sametime Media Manager:
– Will we deliver Sametime A/V services to Sametime clients connected to the Internet?
– Is it OK to have intranet operating system machine FQDN in the external DNS?

OK, say that you answer yes on the first question and no on the second one. Well one of the solution then is to install the Sametime Media Manager with a FQDN which are OK to have in the external DNS. A FQDN like stmedia.company.com. But then you may end up having trouble with the internal server management/monitoring teams. They may have strict rules about naming internal server names. Internal sub domains and so on. So what to do?

Well you could do this:

1. Set the operation system machine names FQDN to stmedia.company.com
2. Install Sametime Media Manager using the FQDN stmedia.company.com
3. After installation and configuration of Sametime Media Manager is complete, change the operating system machine name back to what is was before

This work around has been approved by IBM and I am going the try it on one of our customers next week. 🙂

5

My experiences with IBM Sametime 8.5.x

Posted by:

For the past two years I have been working with several IBM Sametime 8.5.x installation and implementation projects:

  • Implementing a new IBM Sametime 8.5.1 infrastructure for a Swedish government agency
  • Implementing a new IBM Sametime 8.5.2 infrastructure for a manufacturing company
  • Implementing a new IBM Sametime 8.5.2 IFR1 infrastructure for an insurance company
  • Implementing a new IBM Sametime 8.5.2 IFR1 infrastructure for a communications company
  • Implementing a new IBM Sametime 8.5.2 IFR1 infrastructure for a Fortune 500 company

All of these projects have involved installing and configuring the following Sametime components. Sametime System Console, DB2,  Sametime Community Server, Sametime Proxy Server, Sametime Meeting Server and Sametime Media Manager. In one of the projects Sametime Advanced will be installed, in another project Sametime Bandwidth Manager is on the to-do list. Some of the projects are in the pilot stage, same is in production and all are introducing the features step-by-step. First chat services, second meetings services and last audio/video services.

My goal is under the next couple of months write several blog posts about my experiences with IBM Sametime 8.5.x. I will share information on how to do it and how not to do it, when it comes to installing, configuring and implementing IBM Sametime, both from a server and client perspective.

Stay tuned. 🙂

0

ID214 – Find, Reach, Collaborate – Call me with IBM Sametime Unified Telephony!

Posted by:

This was some pretty cool stuff!

I’m no Sametime guru. I just use it for chats and screen sharing basically, but I thought I would broaden my horizon.

Below is some of the features that struck me as pretty cool:

Use one number to reach you no matter on what device that’s currently most suitable.

The user can them-self determine which device is most suitable by specifying rules and setting preferred devices based on those rules. Like, call on the cellphone when in the car and call the computer when at the office.

On the same note – Incoming call notification. If it’s a sametime user you see who’s calling and may divert a call to a chat if you aren’t available.

Just like always you can see the status of the user and with SUT you see if a user is busy in a call and maybe send them an IM instead.

To create a conference call simply select the users you wish to have a conference call with and drag. Then you’re off, no need to call a certain number, using codes and what-not.

20120117-152637.jpg

0