Previous      Contents      Index      Next
Sun Java System Instant Messaging 6 2004Q2 Deployment Planning Guide

Chapter 1
Overview

Sun Java^TM System Instant Messaging enables secure, real-time communication and collaboration, combining presence awareness with instant messaging capabilities such as chat, conferences, alerts, news, polls, and file transfers to create a rich collaborative environment. These features enable one-to-one as well as group collaboration through either short-lived communications or persistent venues such as conference rooms or news channels.

Instant Messaging ensures the integrity of communications through its multiple authentication mechanisms and secure SSL connections. Integration with the Sun Java System Portal Server and Sun Java System Identity Server bring additional security features, services-based provisioning access policy, user management, and secure remote access.

This chapter describes basic concepts you should understand prior to deploying Instant Messaging. It includes the following sections:

What is an Instant Messaging Service?
Sun ONE Instant Messaging Core Product Components
Components Related to Instant Messaging
Supported Standards
Designing Your Deployment

---

What is an Instant Messaging Service?

An instant messaging service is an open standards-based client-server solution that meets the instant messaging needs of enterprises and hosts of all sizes. It provides superior administration, scalability, performance, security, and connectivity throughout the enterprise and across the Internet.

At a simplistic level, an instant messaging service:

Accepts instant messages from external sites.
Determines the user to which the message should be delivered, and routes it accordingly.
Accepts instant messages from internal hosts.
Determines the destination system to which the message should be delivered, and routes it accordingly.

In addition, an instant messaging service can provide real-time conferencing, news and calendar alerts, and for offline users, email message forwarding.

Of crucial importance to a good instant messaging service is that the service follows the SHARP (scalability, high availability, reliability, and good performance) standard.

---

Sun ONE Instant Messaging Core Product Components

Sun Java^TM System Instant Messaging contains the following core components:

Instant Messenger resources (client), a set of files that make up the client program for end users to initiate, compose, and reply to messages. Typically users also use the client to participate in conferences. The client is also called Sun Java^TM System Instant Messenger.
Instant Messaging server, an electronic message delivery system that supports instant message delivery from one system to another system. The server serves the presence information to Instant Messenger clients, allows end users to establish sessions, and enforces policies.
Instant Messaging multiplexor, a scalability component that consolidates messenger connections. In order to support large deployments, for example 40,000 concurrent connections, Instant Messaging uses a connection multiplexor to improve server scalability. This component opens a single connection to the Instant Messaging server. In addition to scalability, you can install the multiplexor outside the firewall while leaving the server inside the firewall in order to protect from unauthorized external access. The Instant Messaging multiplexor is also referred to as the multiplexor.
Access, Communication, and Transfer Protocols, such as LDAP, HTTP, TCP/IP, and SMTP protocols. These protocols can be found in Supported Standards.
Sun Java^TM System Identity Server Instant Messaging Service Definition, a service used by the Sun Java System Identity Server and the Sun Java System Identity Server SDK to provide policy management and single sign-on capabilities for Instant Messaging.
Instant Messaging API, allows you to create custom Instant Messaging clients.
LDAP server, a “lightweight” version of the Directory Access Protocol (DAP). While typically not an instant messaging server component, the LDAP server is integral for user maintenance and management. It usually serves the needs of a wide variety of applications in an organization.

Note	Since a proper Directory Server implementation is instrumental to a successful Instant Messaging deployment, it is highly recommended that you read the Sun Java System Directory Server Deployment Guide in addition to this guide.

---

Components Related to Instant Messaging

The software components discussed in this section work with Instant Messaging server, but are installed separately. Chapter 2, "Deployment Examples" provides more detailed information that illustrates how these servers interact with Instant Messaging.

Web server

(Required) For a basic deployment, you need to install a web server, such as Sun Java^TM System Application Server SE (Standard Edition). Deployments with Sun Java System Portal Server use the web server that ships with Portal Server. In either case, the Instant Messenger resources must reside on the web server host.

Instant Messaging requires a web server to serve the Instant Messenger resources. The Instant Messenger resource files include:

The index.html file, provided by Instant Messenger, or a home page with a link to invoke Sun Java^TM System Instant Messenger.
Sun Java^TM System Instant Messenger jar files (messenger.jar, imres.jar, imbrand.jar, imdesktop.jar, imnet.jar, and imjni.jar).
The Sun Java^TM System Instant Messenger Online Help.

You must install Instant Messenger resources on the same host where the web server is installed. In a Sun Java System Identity Server deployment, you can install these resources on the Identity server’s host or on a different web server host. In most cases, the resources will be installed on the same host where you installed the Instant Messaging server software. It is possible to locate the Instant Messenger resources on a host other than the Instant Messaging server or multiplexor. For more information on this, see Sun Java System Instant Messaging Installation Guide.

Note	Install the web server before installing Sun ONE Instant Messaging. If you are using Sun Java System Portal Server, you can use the web server that is shipped with the product. You do not need to install a separate web server for Instant Messaging.

LDAP server

(Required) Instant Messaging uses an LDAP server, such as Sun Java System Directory Server, for end user authentication and search. In a deployment with Sun Java System Portal Server, Instant Messaging uses the same LDAP server used by the Portal server.

The Instant Messaging server does not store the Instant Messenger end-user authentication information; instead, this information is stored in the LDAP server.

By default, the Sun Java^TM System Instant Messaging server relies on the common end-user attributes cn and uid to search for end-user and group information. If you want, you can configure the server to use another attribute for search. In addition, Sun Java^TM System Instant Messaging properties (such as contact lists and subscriptions) can be stored in files on the Sun Java^TM System Instant Messaging server or in the LDAP server.

If you do not have an LDAP directory installed, you must install one. For more information, see Sun Java System Instant Messaging Installation Guide. For instructions on configuring the server to use a non-default attribute for user search, see the Sun Java System Instant Messaging Administration Guide.

SMTP server

(Optional) A Messaging server, such as Sun Java System Messaging Server, is used to forward instant messages, in the form of email, to end users who are offline. The SMTP server is not shipped with Instant Messaging.

Sun Java System Calendar Server

(Optional) The Sun Java System Calendar Server, is used to notify users of calendar-based events. The Calendar server is not shipped with Instant Messaging.

Sun ONE Identity Server and Sun Java System Identity Server SDK

(Optional, Solaris only) Sun Java System Identity Server and Sun Java System Identity Server SDK provide end user and service management, authentication and single sign-on services. They also provide policy management, logging service, debug utilities, the admin console, and client support interfaces.

In addition, Sun Java System Identity Server and SDK are required in deployments that include Sun Java System Portal Server. In both deployments, the SDK must be installed on the Instant Messaging server’s host.

Sun JavaTM System Portal Server

(Optional, Solaris only) Sun Java^TM System Portal Server supports message archiving, and allows you to run Instant Messaging in secure mode. In addition, the Instant Messenger client is made available to end users through the Portal Server desktop. The following two components of Sun Java System Portal Server provide additional functionality:

Portal Server Desktop
Sun ONE Portal Server, Secure Remote Access

Portal Server Desktop

Sun Java^TM System Instant Messenger installed in the Portal Server environment can be launched from the Instant Messaging channel available to end users on Portal Server Desktop.

Sun ONE Portal Server, Secure Remote Access

Sun ONE Portal Server, Secure Remote Access enables remote end users to securely access their organization’s network and its services over the Internet for Solaris-based or Windows-based systems. The end user can access Secure Remote Access by logging into the web-based Portal Server Desktop through the portal gateway. The authentication module configured for Sun ONE Portal Server authenticates the end user. The end-user session is established with Sun ONE Portal Server and the access is enabled to the end user’s Portal Server Desktop.

In the Sun Java System Portal Server environment, you can configure Instant Messenger in either secure or non-secure mode. In the secure mode, communication is encrypted through the Sun Java System Portal Server Netlet. When you are accessing Instant Messenger in the secured mode, a lock icon appears in the Status area of the Instant Messenger. In the non-secure mode, the Instant Messenger session is not encrypted. For more information on Netlet, see Sun ONE Portal Server, Secure Remote Access Administrator’s Guide.

---

Supported Standards

Instant Messaging is built on native Internet technology, so you can maintain a single architecture inside and outside your organization, even when collaborating with your customers and partners. Additionally, you aren’t locked into a proprietary system. All key components of Instant Messaging are based on proven, open Internet standards such as:

LDAP. Provides access to enterprise directory information, enabling an accurate, secure instant messaging system.
HTML. Formatting language for providing web browser access for the client.
HTTP. HypterText Transport Protocol for providing web browser access for the client.
SMTP. Simple Mail Transfer Protocol for reliable delivery of instant messages over Internet mail messages.
TCP/IP. Proven, worldwide networking protocol.

Instant Message Structure Format

HTML (HyperText Markup Language) is typically used as a standard for web documents. The Instant Messenger client also formats instant messages using HTML. This allows users to include hyperlinks within messages.

Access Protocol

In Instant Messaging, user information and preferences are retrieved from an LDAP directory. This directory can be dedicated for use by Instant Messaging, or the Sun Java System Portal Server’s directory. User data is typically retrieved using LDAP search functions.

LDAP provides a common language that client applications and servers use to communicate with one another. LDAP is a “lightweight” version of the Directory Access Protocol (DAP) used by the ISO X.500 standard. DAP gives any application access to the directory via an extensible and robust information framework, but at an expensive administrative cost. DAP uses a communications layer that is not the Internet standard TCP/IP protocol and has complicated directory-naming conventions.

LDAP preserves the best features of DAP while reducing administrative costs. LDAP uses an open directory access protocol running over TCP/IP and uses simplified encoding methods. It retains the X.500 standard data model and can support millions of entries for a modest investment in hardware and network infrastructure.

Communication and Message Transfer Protocols

Server-to-server and client-to-server communications occur over TCP/IP.

A message transfer protocol is used to send messages to offline users. SMTP is the most commonly used protocol.

Browsers use HTTP to retrieve Instant Messenger resource files from the Web server. Once retrieved, the browser reads the HTML and displays the contents of the files.

---

Instant Messaging Architecture

Figure 1-1 shows the basic out-of-the-box Sun Java^TM System Instant Messaging architecture.

Figure 1-1  Sun Java^TM System Instant Messaging Basic Architecture

The Web server (or an application server with a Web service embedded), downloads the Instant Messaging resources via a browser to the clients. The resource files make up the client. Clients sends messages to one another through a multiplexor which forwards the messages on to the Instant Messaging server.

The Directory server stores and retrieves local user and group delivery information such as preferences, location, and to which multiplexor to route messages for this user. When the Instant Messaging server receives a message, it uses this information to determine where and how the message should be delivered. In addition, the Directory server may contain user information such as contact lists and subscriptions.

In this basic configuration, Instant Messaging directly accesses a Directory Server to verify user login name and passwords for mail clients that use Instant Messaging.

Outgoing instant messages from clients go directly to the multiplexor. The multiplexor sends the message to the appropriate Instant Messaging server, which in turn forwards the message to another Instant Messaging server, or if the message is local, to the multiplexor with which the recipient is associated. (See Physical Deployment Examples for illustrations of this process.)

New users are created by adding user entries to the directory. Entries can be created or modified by modifying the directory using the tools provided with the Directory server.

Instant Messaging components are administered using a set of command line interfaces and text-based configuration files. Any machine connected to the Instant Messaging host can perform administrative tasks (assuming, of course, the administrator has the required privileges).

The following sections outline the three primary components of Instant Messaging in further detail:

The Instant Messaging Server
The Multiplexor
The Instant Messenger Client

The Instant Messaging Server

The Instant Messaging server handles tasks such as controlling Instant Messenger privileges and security, enabling Sun Java^TM System Instant Messenger clients to communicate with each other by sending alerts, initiating chat conversations, and posting messages to the available news channels.

The Instant Messaging server supports the connection of a multiplexor that consolidates connections over one socket. For more information on the multiplexor, see The Multiplexor.

Access control files and Sun Java System Identity Server policies are used for administration of end users, news channels, and conference rooms.

The Instant Messaging server routes, transfers, and delivers instant messages for the Sun Java^TM System Instant Messaging product.

Direct LDAP Lookup

The server can look up directory information directly from the LDAP server. The results of the LDAP queries are cached in the process, with configurable aging and expiration, so settings are tunable. Refer to the Sun Java^TM System Directory Server Administrator’s Guide for further information.

Message Delivery

After the message is processed, the server sends the message to the next stop along the message’s delivery path. This may be the intended recipient’s multiplexor, or another server. Once received by a multiplexor, the message is routed directly to the intended recipient. (See Physical Deployment Examples for illustrations of this process.)

The Multiplexor

The Instant Messaging multiplexor component connects multiple instant messenger connections into one TCP (Transmission Control Protocol) connection, which is then connected to the Instant Messaging server. The multiplexor reads data from Instant Messenger and writes it to the server. Conversely, when the server sends data to Instant Messenger, the multiplexor reads the data and writes it to the appropriate connection. The multiplexor does not perform any end user authentication or parse the client-server protocol (IM protocol). Each multiplexor is connected to one and only one Instant Messaging server.

You can install multiple multiplexors based on your deployment requirements. You must install at least one multiplexor. For more information, see Chapter 2, "Deployment Examples".

The Instant Messenger Client

The Java-based Sun Java^TM System Instant Messenger is Instant Messaging’s client that can be configured to be a browser-based applet using Java Plug-in, or a standalone Java application using Java Web Start.

To run Instant Messenger client on Solaris, you must use Java Web Start. On Microsoft Windows you can run Instant Messenger as an applet or a Java Web Start application. It is recommended that you run Sun ONE Instant Messenger as a Java Web Start application.

For more information on customizing Sun Java^TM System Instant Messenger, see the Sun Java System Instant Messaging Administration Guide.

Instant Messenger provides the following modes of communication:

Chat - Sun Java^TM System Instant Messenger’s version of Instant Messaging conferences is called chat. Chat is a real-time conversation capability that enables end users to complete projects, answer customer queries, and complete other time-critical assignments. Chat sessions (two or more participants) are held in chat rooms created on a need basis.
Conference Rooms - Conference rooms are persistent chat rooms that work similarly to regular chat sessions, but offer:
Access Control
Moderated Chats
Alerts - Alerts enable information delivery and response to end users through the Instant Messenger interface. Alerts can deliver time-critical information to the end user. The sender of the alert message is notified when the message is delivered, and read by the recipient.
Poll - The polling function enables you to ask end users for their response to a question. You can send a question and possible answers to poll recipients, and the recipients can respond with their selected answer.
News - News channels are forums for posting and sharing information. End users can subscribe to news channels of interest to see updates using the URL of the news channels or view the news channel updates through static messages. Administrators control news channel access by assigning end users to the channels they need, and deciding who can see or post information to the channels.

Note	The instant messages can contain embedded URLs. If you are using proxy servers, you may need to have clients using Java Web Start modify their proxy configuration for resolving such URLs. For more information on configuring the proxy settings manually, see the Sun Java System Instant Messaging Administration Guide.

---

Designing Your Deployment

During the planning process, you will gather data about your requirements, such as environment and data sources. With this information, you can design an Instant Messaging deployment that meets the needs of your users.

The flexibility of Sun Java^TM System Instant Messaging allows you to rework your design to meet unexpected or changing requirements, even after deployment.

The following topics outline the stages in a successful deployment:

Planning Process
Piloting Instant Messaging
Putting Instant Messaging Into Production

Planning Process

The process for planning your deployment can be broken into the following functions:

Analyzing Your Requirements

This is one of the first steps in planning your deployment.

Determining Your Infrastructure Needs

For example network capacity, backup infrastructure, and DNS services.

Designing Your Topology

Topology design involves determining how you divide your system among multiple servers and how these servers communicate with one another.

Planning Your Directory Data

You need to understand the relationships between your directory tree, schema, and Instant Messaging.

Developing an Instant Messaging Architecture
Designing Secure Instant Messaging

You need to plan how to protect Instant Messaging from common security threats.

Creating a Monitoring Strategy

Using SNMP and other methods to monitor your deployment. A well-planned deployment will perform without extensive intervention from an administrator.

Planning for Growth

As the number of users and messages increase, it is important to outline successful guidelines for capacity planning.

Identifying System Requirements

Often, people make the mistake of thinking about their system requirements before planning the rest of the deployment. In actuality, you should define your system requirements only after considering the aforementioned topics. In particular, software, hardware, and input/output sub-systems.

Planning Your Sizing Strategy

This chapter explains basic sizing concepts. Chapter 3, "Planning Your Sizing Strategy" outlines the factors to consider when sizing your deployment.

Piloting Instant Messaging

After you have designed your deployment, you can start the deployment process. The first step of the deployment phase is installing a server instance as a pilot and testing whether Instant Messaging can:

Send and route messages
Handle the user load
Perform directory lookups for user information
Create and support conferences

If the deployment is not adequate as it is, you can adjust your pilot design until you have a robust service you can confidently introduce to your enterprise.

Putting Instant Messaging Into Production

Once you have piloted and tuned Instant Messaging, you need to develop and execute a plan for taking Instant Messaging from a pilot to production. Create a production plan that includes the following:

Estimate of the resources you need
List of tasks you must perform before installing servers
Schedule of what needs to be accomplished and when
Set of criteria for measuring the success of your deployment

For information on installing Instant Messaging, refer to the Sun Java System Instant Messaging Installation Guide. For information on administering and maintaining Instant Messaging, refer to the Sun Java System Instant Messaging Administration Guide.

Previous      Contents      Index      Next

---

Copyright 2004 Sun Microsystems, Inc. All rights reserved.