Sun Java logo     Previous      Contents      Index      Next     

Sun logo
Sun Java System Instant Messaging 6 2004Q2 Deployment Planning Guide 

Chapter 1

Sun JavaTM System Instant Messaging enables secure, real-time communication and collaboration, combining presence awareness with instant messaging capabilities such as chat, conferences, alerts, news, polls, and file transfers to create a rich collaborative environment. These features enable one-to-one as well as group collaboration through either short-lived communications or persistent venues such as conference rooms or news channels.

Instant Messaging ensures the integrity of communications through its multiple authentication mechanisms and secure SSL connections. Integration with the Sun Java System Portal Server and Sun Java System Identity Server bring additional security features, services-based provisioning access policy, user management, and secure remote access.

This chapter describes basic concepts you should understand prior to deploying Instant Messaging. It includes the following sections:

What is an Instant Messaging Service?

An instant messaging service is an open standards-based client-server solution that meets the instant messaging needs of enterprises and hosts of all sizes. It provides superior administration, scalability, performance, security, and connectivity throughout the enterprise and across the Internet.

At a simplistic level, an instant messaging service:

In addition, an instant messaging service can provide real-time conferencing, news and calendar alerts, and for offline users, email message forwarding.

Of crucial importance to a good instant messaging service is that the service follows the SHARP (scalability, high availability, reliability, and good performance) standard.

Sun ONE Instant Messaging Core Product Components

Sun JavaTM System Instant Messaging contains the following core components:

Components Related to Instant Messaging

The software components discussed in this section work with Instant Messaging server, but are installed separately. Chapter 2, "Deployment Examples" provides more detailed information that illustrates how these servers interact with Instant Messaging.

Web server

(Required) For a basic deployment, you need to install a web server, such as Sun JavaTM System Application Server SE (Standard Edition). Deployments with Sun Java System Portal Server use the web server that ships with Portal Server. In either case, the Instant Messenger resources must reside on the web server host.

Instant Messaging requires a web server to serve the Instant Messenger resources. The Instant Messenger resource files include:

You must install Instant Messenger resources on the same host where the web server is installed. In a Sun Java System Identity Server deployment, you can install these resources on the Identity server’s host or on a different web server host. In most cases, the resources will be installed on the same host where you installed the Instant Messaging server software. It is possible to locate the Instant Messenger resources on a host other than the Instant Messaging server or multiplexor. For more information on this, see Sun Java System Instant Messaging Installation Guide.


Install the web server before installing Sun ONE Instant Messaging.

If you are using Sun Java System Portal Server, you can use the web server that is shipped with the product. You do not need to install a separate web server for Instant Messaging.

LDAP server

(Required) Instant Messaging uses an LDAP server, such as Sun Java System Directory Server, for end user authentication and search. In a deployment with Sun Java System Portal Server, Instant Messaging uses the same LDAP server used by the Portal server.

The Instant Messaging server does not store the Instant Messenger end-user authentication information; instead, this information is stored in the LDAP server.

By default, the Sun JavaTM System Instant Messaging server relies on the common end-user attributes cn and uid to search for end-user and group information. If you want, you can configure the server to use another attribute for search. In addition, Sun JavaTM System Instant Messaging properties (such as contact lists and subscriptions) can be stored in files on the Sun JavaTM System Instant Messaging server or in the LDAP server.

If you do not have an LDAP directory installed, you must install one. For more information, see Sun Java System Instant Messaging Installation Guide. For instructions on configuring the server to use a non-default attribute for user search, see the Sun Java System Instant Messaging Administration Guide.

SMTP server

(Optional) A Messaging server, such as Sun Java System Messaging Server, is used to forward instant messages, in the form of email, to end users who are offline. The SMTP server is not shipped with Instant Messaging.

Sun Java System Calendar Server

(Optional) The Sun Java System Calendar Server, is used to notify users of calendar-based events. The Calendar server is not shipped with Instant Messaging.

Sun ONE Identity Server and Sun Java System Identity Server SDK

(Optional, Solaris only) Sun Java System Identity Server and Sun Java System Identity Server SDK provide end user and service management, authentication and single sign-on services. They also provide policy management, logging service, debug utilities, the admin console, and client support interfaces.

In addition, Sun Java System Identity Server and SDK are required in deployments that include Sun Java System Portal Server. In both deployments, the SDK must be installed on the Instant Messaging server’s host.

Sun JavaTM System Portal Server

(Optional, Solaris only) Sun JavaTM System Portal Server supports message archiving, and allows you to run Instant Messaging in secure mode. In addition, the Instant Messenger client is made available to end users through the Portal Server desktop. The following two components of Sun Java System Portal Server provide additional functionality:

Portal Server Desktop

Sun JavaTM System Instant Messenger installed in the Portal Server environment can be launched from the Instant Messaging channel available to end users on Portal Server Desktop.

Sun ONE Portal Server, Secure Remote Access

Sun ONE Portal Server, Secure Remote Access enables remote end users to securely access their organization’s network and its services over the Internet for Solaris-based or Windows-based systems. The end user can access Secure Remote Access by logging into the web-based Portal Server Desktop through the portal gateway. The authentication module configured for Sun ONE Portal Server authenticates the end user. The end-user session is established with Sun ONE Portal Server and the access is enabled to the end user’s Portal Server Desktop.

In the Sun Java System Portal Server environment, you can configure Instant Messenger in either secure or non-secure mode. In the secure mode, communication is encrypted through the Sun Java System Portal Server Netlet. When you are accessing Instant Messenger in the secured mode, a lock icon appears in the Status area of the Instant Messenger. In the non-secure mode, the Instant Messenger session is not encrypted. For more information on Netlet, see Sun ONE Portal Server, Secure Remote Access Administrator’s Guide.

Supported Standards

Instant Messaging is built on native Internet technology, so you can maintain a single architecture inside and outside your organization, even when collaborating with your customers and partners. Additionally, you aren’t locked into a proprietary system. All key components of Instant Messaging are based on proven, open Internet standards such as:

Instant Message Structure Format

HTML (HyperText Markup Language) is typically used as a standard for web documents. The Instant Messenger client also formats instant messages using HTML. This allows users to include hyperlinks within messages.

Access Protocol

In Instant Messaging, user information and preferences are retrieved from an LDAP directory. This directory can be dedicated for use by Instant Messaging, or the Sun Java System Portal Server’s directory. User data is typically retrieved using LDAP search functions.

LDAP provides a common language that client applications and servers use to communicate with one another. LDAP is a “lightweight” version of the Directory Access Protocol (DAP) used by the ISO X.500 standard. DAP gives any application access to the directory via an extensible and robust information framework, but at an expensive administrative cost. DAP uses a communications layer that is not the Internet standard TCP/IP protocol and has complicated directory-naming conventions.

LDAP preserves the best features of DAP while reducing administrative costs. LDAP uses an open directory access protocol running over TCP/IP and uses simplified encoding methods. It retains the X.500 standard data model and can support millions of entries for a modest investment in hardware and network infrastructure.

Communication and Message Transfer Protocols

Server-to-server and client-to-server communications occur over TCP/IP.

A message transfer protocol is used to send messages to offline users. SMTP is the most commonly used protocol.

Browsers use HTTP to retrieve Instant Messenger resource files from the Web server. Once retrieved, the browser reads the HTML and displays the contents of the files.

Instant Messaging Architecture

Figure 1-1 shows the basic out-of-the-box Sun JavaTM System Instant Messaging architecture.

Figure 1-1  Sun JavaTM System Instant Messaging Basic Architecture

Illustrates the relationship between components in Instant Messaging

The Web server (or an application server with a Web service embedded), downloads the Instant Messaging resources via a browser to the clients. The resource files make up the client. Clients sends messages to one another through a multiplexor which forwards the messages on to the Instant Messaging server.

The Directory server stores and retrieves local user and group delivery information such as preferences, location, and to which multiplexor to route messages for this user. When the Instant Messaging server receives a message, it uses this information to determine where and how the message should be delivered. In addition, the Directory server may contain user information such as contact lists and subscriptions.

In this basic configuration, Instant Messaging directly accesses a Directory Server to verify user login name and passwords for mail clients that use Instant Messaging.

Outgoing instant messages from clients go directly to the multiplexor. The multiplexor sends the message to the appropriate Instant Messaging server, which in turn forwards the message to another Instant Messaging server, or if the message is local, to the multiplexor with which the recipient is associated. (See Physical Deployment Examples for illustrations of this process.)

New users are created by adding user entries to the directory. Entries can be created or modified by modifying the directory using the tools provided with the Directory server.

Instant Messaging components are administered using a set of command line interfaces and text-based configuration files. Any machine connected to the Instant Messaging host can perform administrative tasks (assuming, of course, the administrator has the required privileges).

The following sections outline the three primary components of Instant Messaging in further detail:

The Instant Messaging Server

The Instant Messaging server handles tasks such as controlling Instant Messenger privileges and security, enabling Sun JavaTM System Instant Messenger clients to communicate with each other by sending alerts, initiating chat conversations, and posting messages to the available news channels.

The Instant Messaging server supports the connection of a multiplexor that consolidates connections over one socket. For more information on the multiplexor, see The Multiplexor.

Access control files and Sun Java System Identity Server policies are used for administration of end users, news channels, and conference rooms.

The Instant Messaging server routes, transfers, and delivers instant messages for the Sun JavaTM System Instant Messaging product.

Direct LDAP Lookup

The server can look up directory information directly from the LDAP server. The results of the LDAP queries are cached in the process, with configurable aging and expiration, so settings are tunable. Refer to the Sun JavaTM System Directory Server Administrator’s Guide for further information.

Message Delivery

After the message is processed, the server sends the message to the next stop along the message’s delivery path. This may be the intended recipient’s multiplexor, or another server. Once received by a multiplexor, the message is routed directly to the intended recipient. (See Physical Deployment Examples for illustrations of this process.)

The Multiplexor

The Instant Messaging multiplexor component connects multiple instant messenger connections into one TCP (Transmission Control Protocol) connection, which is then connected to the Instant Messaging server. The multiplexor reads data from Instant Messenger and writes it to the server. Conversely, when the server sends data to Instant Messenger, the multiplexor reads the data and writes it to the appropriate connection. The multiplexor does not perform any end user authentication or parse the client-server protocol (IM protocol). Each multiplexor is connected to one and only one Instant Messaging server.

You can install multiple multiplexors based on your deployment requirements. You must install at least one multiplexor. For more information, see Chapter 2, "Deployment Examples".

The Instant Messenger Client

The Java-based Sun JavaTM System Instant Messenger is Instant Messaging’s client that can be configured to be a browser-based applet using Java Plug-in, or a standalone Java application using Java Web Start.

To run Instant Messenger client on Solaris, you must use Java Web Start. On Microsoft Windows you can run Instant Messenger as an applet or a Java Web Start application. It is recommended that you run Sun ONE Instant Messenger as a Java Web Start application.

For more information on customizing Sun JavaTM System Instant Messenger, see the Sun Java System Instant Messaging Administration Guide.

Instant Messenger provides the following modes of communication:

Designing Your Deployment

During the planning process, you will gather data about your requirements, such as environment and data sources. With this information, you can design an Instant Messaging deployment that meets the needs of your users.

The flexibility of Sun JavaTM System Instant Messaging allows you to rework your design to meet unexpected or changing requirements, even after deployment.

The following topics outline the stages in a successful deployment:

Planning Process

The process for planning your deployment can be broken into the following functions:

Piloting Instant Messaging

After you have designed your deployment, you can start the deployment process. The first step of the deployment phase is installing a server instance as a pilot and testing whether Instant Messaging can:

  1. Send and route messages
  2. Handle the user load
  3. Perform directory lookups for user information
  4. Create and support conferences

If the deployment is not adequate as it is, you can adjust your pilot design until you have a robust service you can confidently introduce to your enterprise.

Putting Instant Messaging Into Production

Once you have piloted and tuned Instant Messaging, you need to develop and execute a plan for taking Instant Messaging from a pilot to production. Create a production plan that includes the following:

For information on installing Instant Messaging, refer to the Sun Java System Instant Messaging Installation Guide. For information on administering and maintaining Instant Messaging, refer to the Sun Java System Instant Messaging Administration Guide.

Previous      Contents      Index      Next     

Copyright 2004 Sun Microsystems, Inc. All rights reserved.