Chapter 1
Introduction to Instant Messaging

This chapter explains the Sun™ ONE Instant Messaging components, architecture, and configuration information.

The chapter contains the following sections:

Sun ONE Instant Messaging Components
Sun ONE Instant Messaging Deployment Configurations
Configuration Files and Directory Structure
Using SSL in Sun ONE Instant Messaging
Sun ONE Instant Messaging Access Control
Using the Command-Line with Sun ONE Instant Messaging

---

Sun ONE Instant Messaging Components

Instant Messaging server enables web clients to participate in real-time messaging and automatically distribute information. Sun ONE Instant Messaging allows users to participate in instant messaging and chat sessions, send alert messages to each other, and share group news instantly. It is suitable for both intranets and the Internet.

Instant Messaging can be deployed in any one of the following methods:

As part of the Sun ONE Portal Server environment, Sun ONE Instant Messenger is made available to end users from the Sun ONE Portal Server desktop on the Solaris platform only.
As a standalone server.

The Instant Messaging components are the same, whether you install and configure Instant Messaging with Sun ONE Portal Server, or as a standalone server. The Instant Messaging components are:

Sun ONE Instant Messenger Resources. Also referred as the messenger client. This is a java-based instant messaging client that is invoked through the web, using the Java^TM Web Start or the Java Plug-in.
Instant Messaging Server. The Instant Messaging server serves the presence information to the messenger clients, allows users to establish instant messaging sessions, and enforces policies. The Instant Messaging server is also referred as the server.
Instant Messaging Multiplexor. A scalability component that consolidates multiple messenger connections into one Transmission Control Protocol (TCP) and connects to the server. The Instant Messaging multiplexor is also referred as the multiplexor.
Sun ONE Identity Server Instant Messaging Service Definition. This component can be installed only if the Identity Server or the Identity Server SDK is installed in the system
Sun ONE Portal Server IM Channel and Archive. This component can be installed only if the Portal Server is installed on the system. This component consist of the Instant Messaging Portal channel on the Portal Server Desktop.

The other software components installed separately from Sun ONE Instant Messaging are:

(Optional) Sun ONE Portal Server: Sun ONE Portal Server is installed for portal deployments.
Web server: Portal deployments use the web server that ships with Sun ONE Portal Server. The standalone deployments need to install a web server, such as Sun ONE Web Server Enterprise Edition. In both cases, the Instant Messenger resources must reside on the web server host machine.
LDAP directory server: Instant Messaging uses an LDAP server, such as Sun ONE Directory Server, for user authentication and user search. In a portal deployment, the LDAP server used by the Portal Server is used by the Instant Messaging server to search users.
SMTP server: Sun ONE Messaging Server or some other SMTP server is used to forward instant messages for users who are offline.
(Optional) Sun ONE Identity Server: Sun ONE Identity Server is installed for adding Instant Messaging service.

Standalone Deployment Overview

Figure 1-1 illustrates the interaction of the software components in a standalone configuration of Instant Messaging.

Figure 1-1  The software components in a standalone deployment.

An Instant Messaging standalone deployment works as follows:

The user accesses the Sun ONE Instant Messenger applet URL from a browser
The browser invokes Java Web Start or the Java Plug-in. Java Web Start or the Java plug-in downloads the necessary Sun ONE Instant Messenger resource files and starts the Instant Messenger.
The login window is displayed and the user enters the LDAP user name and password. This data is sent to the multiplexor.
The multiplexor routes the data received from the messenger to the backend Instant Messaging server.
The Sun ONE Instant Messaging server communicates with the LDAP server to authenticate the user.

When the user authentication is complete, the Sun ONE Instant Messaging main window is displayed with the contact list for the user. The user can now start and participate in instant messaging sessions with the other users.

An SMTP server, forwards the alerts as e-mails to the users when notified by the server that the users are offline.

Note	The users should set their preferences to have alert forwarded as e-mail when they are offline.

Portal Deployment Overview

Figure 1-2 illustrates the collaboration of Sun ONE Portal Server and Instant Messaging software components.

Figure 1-2  The software components in a portal deployment.

Instant Messaging in a portal deployment works as follows:

The user logs in to the Sun ONE Portal Server by entering the URL in a web browser.
The Sun ONE Portal Server software authenticates the user with the configured authentication mechanism.
The Sun ONE Portal Server downloads the Sun ONE Portal Server Desktop for the user.
The user can access the contact list information from the Instant Messaging Contact List channel.
The existing Sun ONE Portal Server session ID is used to set up a session with the Instant Messaging multiplexor. The launch servlet gets the user details from Sun ONE Portal Server.

Note	The user need not re-authenticate to Instant Messaging as the portal authentication token is used to log the user into Instant Messaging.

When the user clicks the Sun ONE Instant Messenger link on the Sun ONE Portal Server Desktop, the Sun ONE Instant Messaging main window is displayed with the list of available contacts for the user. The user can now start and participate in the instant messaging sessions with the other users.
Sun ONE Instant Messenger connects to the multiplexor.
An SMTP server, forwards the alerts as e-mails to the users when notified by the server that the users are offline. The users should set their preferences to have alert forwarded as e-mail when they are offline.

For more information on deploying Sun ONE Instant Messaging in the portal environment, see the Sun ONE Instant Messaging Deployment Guide.

Sun ONE Instant Messenger

The Java-based Sun ONE Instant Messenger is Instant Messaging’s client that can be configured to be a browser-based applet using Java Plug-in, or an application independent of a browser using Java Web Start.

To run the Sun ONE Instant Messenger client on Solaris, you must use Java Web Start. On Microsoft Windows you can run Instant Messenger as an applet or a Java Web Start application. It is recommended to run Sun ONE Instant Messenger as a Java Web Start application.

For more information on customizing Sun ONE Instant Messenger, see Managing Instant Messenger.

Sun ONE Instant Messenger provides the following modes of communication:

Chat - Sun ONE Instant Messenger’s version of instant messaging conferences is called chat. Chat is a real-time conversation capability that enables users to complete projects, answer customer queries, and complete other time-critical assignments. Chat sessions are held either in chat rooms created on a need basis, or in pre-established conference rooms.
Alerts - Alerts enable information delivery and response to users through the Instant Messenger interface. Alerts can deliver time-critical information to the user. The sender of the alert message is notified when the message is delivered, and read by the recipient. If the alert message requires a response, choose the Chat option from the Tools menu to chat with the sender.
Poll - The polling function enables you to poll users for their response to a question. You can send a question and possible answers to poll recipients, and the recipients can respond with their selected answer. When recipients respond to your poll, you can view their answers in a Status window. The summary of results can also be viewed in the status window.
News Channels - News channels are forums for posting and sharing information. The users can subscribe to news channels of interest to see updates using the URL of the news channels or view the news channel updates through static messages. Administrators control news channel access by assigning users to the channels they need, and deciding who can see or post information to the channels.

Note	The instant messages can contain embedded URLs, such as http://stocks.yahoo.com?id=sunw. If you are using proxy servers, it might be necessary to have clients using Java Web Start modify their proxy configuration for resolving such URLs. For more information on configuring the proxy settings manually, see Modifying Instant Messenger Proxy Settings.

Sun ONE Portal Server

Sun ONE Instant Messenger installed on the Portal Server environment can be launched from the Instant Messaging channel that appears on the Sun ONE Portal Server Desktop of the user.

Sun ONE Portal Server, Secure Remote Access

Sun ONE Portal Server, Secure Remote Access provides secure access to remote users in an intranet for Solaris-based or Windows-based systems. The user can access Secure Remote Access by logging in to the web-based Sun ONE Portal Server Desktop through the portal gateway. The authentication module configured for Sun ONE Portal Server authenticates the user. The user session is established with Sun ONE Portal Server and the access is enabled to the user’s portal desktop.

In the Sun ONE Portal Server environment, you can configure Sun ONE Instant Messenger in either secure or non-secure mode. In the secure mode, communication is encrypted through the Sun ONE Portal Server Netlet. When you are accessing Sun ONE Instant Messenger in the secured mode, a lock icon appears in the Status area of the Instant Messenger. In the non-secure mode, the Sun ONE Instant Messenger session is not encrypted. For more information on Netlet, see Sun ONE Portal Server, Secure Remote Access Administrator’s Guide at:

http://docs.sun.com/db/doc/816-6359-10

Sun ONE Identity Server

Sun ONE Identity Server provides user and service management, authentication and single sign-on services. It also provides policy management, logging service, debug utility, the admin console, and client support interfaces.

Instant Messaging Server

The Instant Messaging server handles tasks such as controlling Instant Messenger privileges and security, enabling Sun ONE Instant Messenger clients to communicate with each other by sending alerts, initiating chat conversations, and posting messages to the available news channels.

The Instant Messaging server supports the connection of a multiplexor that consolidates connections over one socket. For more information on the multiplexor, see Sun ONE Instant Messaging Multiplexor.

Access controls are used for administration of users, news channels, and conference rooms. These access controls are implemented by the Instant Messaging server and not the LDAP directory server.

Sun ONE Instant Messaging Multiplexor

The Instant Messaging multiplexor component connects multiple instant messenger connections into one TCP (Transmission Control Protocol) connection, which is then connected to the backend Instant Messaging server. The multiplexor reads data from the Sun ONE Instant Messenger and writes it to the server. Conversely, when the server sends data to Sun ONE Instant Messenger, the multiplexor reads the data and writes it to the appropriate connection. The multiplexor does not perform any user authentication or parse the client-server protocol.

The multiplexor always acts as the front-end component for the Instant Messaging server. Any client-server communication must go through the multiplexor. The Instant Messaging server architecture is designed in such a way that it always uses the multiplexor along with Sun ONE Instant Messenger and Instant Messaging server to communicate with each other.

You can install multiple multiplexors based on your deployment requirements. For more information, see Sun ONE Instant Messaging Deployment Configurations.

Web Server

Instant Messaging requires a web server to serve up the Instant Messenger resources. The Instant Messenger resource files include:

The initial index.html file, provided by Sun ONE Instant Messenger, or a home page with a link to invoke Sun ONE Instant Messenger.
Sun ONE Instant Messenger jar files (im.jar, imres.jar, imbrand.jar, imnet.jar, and imjni.jar).
The Sun ONE Instant Messenger Online Help.
Embedded URLs in the instant messages and the news channels in Sun ONE Instant Messenger. Instant Messaging supports web servers, such as Sun ONE Web Server Enterprise Edition.

You must install Sun ONE Instant Messenger on the same host where the web server is installed. In a Portal deployment, Sun ONE Instant Messenger can be installed on the Sun ONE Portal Server host or on a different web server host. In most cases, the Instant Messenger will be installed on the same host where you installed the Instant Messaging server software. It is possible to locate the Sun ONE Instant Messenger software on a host other than the Instant Messaging server or multiplexor. For more information on this, see Sun ONE Instant Messaging Installation Guide.

Note	Install the web server before installing Sun ONE Instant Messaging. If you are using Sun ONE Portal Server, you can use the web server that is shipped with the product. You need not install a separate web server for Instant Messaging.

LDAP Directory Server

Sun ONE Instant Messaging in a standalone mode requires an LDAP directory server to perform user authentication and to search for users.

Sun ONE Instant Messaging in a portal deployment environment uses the directory used by Sun ONE Portal Server. In a portal deployment environment, the Instant Messaging uses the directory only for user search and not for user authentication.

The Sun ONE Instant Messaging server does not store the Instant Messenger user information instead the Instant Messenger user information is stored in the LDAP server. For performing user search in the LDAP server, the Instant Messaging server uses the LDAP cn and uid attributes.

Sun ONE Instant Messaging supports users defined and maintained in an LDAP directory, such as Sun ONE Directory Server.

Instant Messaging does not ship with an LDAP directory server. If you do not have an LDAP directory installed, you must install one. For more information, see Sun ONE Instant Messaging Installation Guide.

SMTP Server

Instant Messaging uses an SMTP server to forward alerts as emails to users who are offline and are therefore unable to receive alerts.

The SMTP server is not shipped with Instant Messaging. If you do not have an SMTP server installed, you must install one. For more information, see Sun ONE Instant Messaging Installation Guide.

---

Sun ONE Instant Messaging Deployment Configurations

You can install and configure Sun ONE Instant Messaging server to meet your site’s requirements. The following are some of the Instant Messaging deployment scenarios:

Sun ONE Instant Messaging deployment with separate web server host
Sun ONE Instant Messaging deployment with multiple multiplexor hosts
Sun ONE Instant Messaging deployment with multiple Instant Messaging server hosts

Note	The configuration details described in this section are for standalone deployments of Instant Messaging. For information on configuring Instant Messaging on portal deployment, see Sun ONE Instant Messaging Deployment Guide.

The Web Server and the Instant Messenger Resources Installed on a Different Host

Figure 1-3 shows a configuration where the Instant Messaging server and multiplexor are installed on the same host, and the web server is installed on a separate host. Use this configuration when there is an existing instance of web server and LDAP server, and you do not want to install other applications on these hosts.

Figure 1-3  The web server and the Instant Messenger installed on a separate host.

Multiple Multiplexor Hosts

Figure 1-4 shows a configuration of two multiplexors installed on separate hosts, and the Instant Messaging server on a different host. This configuration enables you to place a multiplexor outside your company’s firewall. Installing multiplexors on multiple hosts distributes the load of the Instant Messaging server across multiple systems.

Note	The multiplexor can be resource-intensive, so putting it on a separate host can improve the overall performance of the system. Windows supports only one multiplexor instance per host.

Figure 1-4  Instant Messaging Multiplexors installed on two different hosts.

Multiple Instant Messaging server Hosts

Figure 1-5 shows a configuration consisting of two Instant Messaging servers. This configuration is used when the site contains multiple administrative domains. The server configuration on each Instant Messaging server host has to be set up so that users on one Instant Messaging server can communicate with users on other Instant Messaging servers.

Figure 1-5  Multiple Instant Messaging server hosts.

---

Configuration Files and Directory Structure

This section describes the Instant Messaging server directory structure and the properties files used to store Instant Messaging operational data and configuration information.

Instant Messaging server Directory Structure

Table 1-1 shows the platform-specific directory structure for the Instant Messaging server.

Table 1-1  Instant Messaging server directories  

Description	Solaris Location	Windows Location
Programs Files These files include the native executable files, the library files in bin or lib directory, the shell scripts in sbin directory, the java classes in classes directory, and templates files in lib directory.	im_install_dir/SUNWiim The default value for im_install_dir is /opt	im_install_dir The default value for im_install_dir is c:\Program Files\Sun\InstantMessaging
Server Configuration files These files include the iim.conf file, the acl files and a subdirectory which contains all the server-wide access control files.	/etc/opt/SUNWiim/default/config Note: The installer creates a symbolic link from /etc/opt/SUNWiim/default/config to im_install_dir/SUNWiim/config.	im_install_dir\config
Instant Messaging Server Data. These files include the configurable directory for the files generated by the server at runtime. It includes the user data in the db directory, which contains information such as the user and news channels directory. It also contains the server and multiplexor log files, in the log directory.	instancevardir/default The default value for instancevardir is /var/opt/SUNWiim	im_install_dir\
Instant Messenger resources. These files contain HTML documents and jar files used by Sun ONE Instant Messenger. The top-most directory contains the locale-independent resources, and the locale-specific directories contain the localized resources.	imdocroot	imdocroot

Note	On Linux, the primary server package name is soim, and all the above Solaris Location paths mentioned in Table 1-1 should be replaced by soim. For example, replace SUNWiim with soim.

Instant Messaging server Configuration File

Instant Messaging stores all configuration options in the iim.conf file. For more information on the parameters and their values stored in this file, see Instant Messaging Configuration Parameters.

Sun ONE Instant Messaging Data

Instant Messaging server stores the following data used by Sun ONE Instant Messenger in the runtime files directory, which you specified during the installation, and is indicated by the iim.instancevardir parameter in the iim.conf file:

User properties, such as contact lists, messenger settings, subscribed news channels and access control.
News channel messages and access rules.
Alert Messages that are to be delivered. These messages are delivered and removed when the recipient logs in.
Public conferences. This does not involve instant messages which are not persistent, but only properties of the conference objects themselves, such as access rules.

---

Using SSL in Sun ONE Instant Messaging

Instant Messaging supports the Secure Sockets Layer (SSL) protocol, for encrypted communications and for certificate-based authentication of Instant Messaging servers. Instant Messaging server supports SSL version 3.0.

Sun ONE Instant Messaging multiplexor and Sun ONE Instant Messenger also support SSL for encrypted communication between the client and the multiplexor.

For detailed information on SSL, see Appendix B in Sun ONE Console and Administration Server 5.0 Server Management Guide.

Enabling SSL for Sun ONE Instant Messaging Server necessitates the following:

Obtaining and installing a certificate for your Instant Messaging server, and configuring the Instant Messaging server to trust the Certification Authority’s certificate.
Ensuring that each Instant Messaging server that needs to communicate using SSL with your server, obtains and installs a certificate.
Turning on SSL in the server and the multiplexor by setting the appropriate parameters in the iim.conf file.

Enabling the client or server SSL requires the following:

Obtaining and installing a certificate for your Instant Messaging multiplexor host, and configuring the Instant Messaging server to trust the Certification Authority's certificate.
Turning on the SSL in the multiplexor by setting the appropriate parameters in the iim.conf file.
Making sure that the end users download and use the SSL version of the Instant Messenger, such as the imssl.jnlp file or the imssl.html file.

For steps on configuring SSL, see Configuring SSL.

---

Sun ONE Instant Messaging Access Control

Sun ONE Instant Messaging provides the user the ability to control access to the Instant Messaging features. Based on the access control mechanisms defined in the Instant Messaging server, the users are allowed or denied access to the information.

Sun ONE Instant Messaging provides the following access control mechanisms:

Global Access Control
Conference and News Channel Access Controls
Presence Access Control
Instant Messaging Administrator Access Control

Global Access Control

Global access control specifies end user access to specific functionality in Sun ONE Instant messaging. It specifies:

Ability to access the presence status of other users
Ability to send alerts to other users
Ability to save properties on the server
Ability to create and manage conference rooms
Ability to create and manage news channels

By default, the end user is provided with the privileges to access the presence status of other users, send alerts to users, and save properties to the server. In most of the deployments, the default values are not changed. These default values need to be changed when Instant Messaging is used exclusively for the popup functionality.

When Instant Messaging is used exclusively for the popup functionality the user will not be provided with the access privileges to presence information, chat, and news features.

If the user has privileges to create new conference rooms and news channels, make sure to enforce a policy that will limit the number of conference rooms and news channels created. As Instant Messaging does not have a search interface for conference rooms and news channels, you need to limit the number of conference rooms and news channels created.

Note	Although certain privileges can be set globally, the administrator can also define exceptions for these privileges. For example, the administrator can deny certain default privileges to select users or groups.

For more information on configuring global access control, see Managing User Privileges.

Conference Room and News Channel Access Controls

Users can have the following access privileges on Conference rooms and News channels:

MANAGE - full access, which includes the ability to set the conference room or the news channel privilege for other users.
WRITE - privilege to add contents to the conference room or the news channel.
READ - privilege to read the conference room or the news channel contents.
NONE - no access privileges.

Users with the MANAGE privilege can set the default privilege level for all the other users. These users can also define the exception rules to grant an access level that is different from the default access level permission given to specific users or groups.

Note	Setting the WRITE privilege, grants the users the READ privilege.

Presence Access Control

The end users can specify if other users can see their presence or not. By default, all users can access the presence information of another user. The end user can also set exceptions for denying this access to certain users and groups.

If the end user has denied other users from accessing the user’s presence status, then end users availability status appears as offline in others contact lists. No alerts or chat invitations can be sent to the end user, whose presence status is offline.

Presence access control can be configured using the User Settings window in the Instant Messenger. For more information on configuring presence access control, see Sun ONE Instant Messenger Online Help.

Instant Messaging Administrator Access Control

The Instant Messaging Administrator has access to all Instant Messaging features. The Administrator has MANAGE access to all conference rooms and news channels, see presence information of any user, and view and modify properties such as Contact Lists and Instant Messenger Settings of any user. The global access control settings has no impact on the Administrator’s privileges.

---

Using the Command-Line with Sun ONE Instant Messaging

The Instant Messaging server provides a command-line utility to start, stop and refresh the server and multiplexor. For more information on the imadmin command, see Stopping and Starting the Server and Multiplexor (On Unix).

Previous      Contents      Index      Next

---

Copyright 2003 Sun Microsystems, Inc. All rights reserved.