Deployment Example: Sun Java System Communications Services for Access Anywhere (EdgeMail)

4.9 Installing and Configuring Instant Messaging

Instant Messaging client resources and multiplexor will be installed on two dedicated FE systems: fe-amer-11.example.com and fe-amer-12.example.com. Instant Messaging (server configuration) will be installed on a single BE system in Broomfield: phys-bedge6-2.us.example.com. A pre-requisite for installation of Instant Messaging and Web Server (for IM) is that the im-amer.example.com interface must be plumbed and ifconfig'd up as an entry in the /etc/rc3.d/S80loopbacks file on the FEs. Example entry:

ifconfig lo0:1 plumb
ifconfig lo0:1 inet 10.1.82.193 netmask 255.255.255.255 up

On the BE (phys-bedge6-2.us), the file /etc/hostname.ce1:10 must exist and contain im-amer-01. The ce1:10 interface must be plumbed and up. On all servers, update /etc/passwd, /etc/shadow and /etc/group with the following information:

/etc/passwd:  iimuser:x:504:504::/home/iimuser:/bin/pfsh
/etc/passwd:  webservd:x:80:80::/home/webservd:/bin/pfsh

/etc/shadow:  iimuser:NP:::::::
/etc/shadow:  webservd:*LK*:::::::

/etc/group:   iimgroup::504:
/etc/group:   webservd::80:

To Install Instant Messaging

Steps

cd to the directory that contains the JES3 software
# cd /var/tmp/im/java_es_05Q1_im/Solaris_sparc

Start JES installer
# ./installer -nodisplay

Select the following options

Select all languages
 Select the software components:
      Sun Java(TM) System Web Server 6.1 SP4 2005Q1 (60.58 MB)
      Sun Java(TM) System Instant Messaging 7 2005Q1 (11.40 MB)

 Component Selection will be: 
      1. Instant Messaging Server Core
      2. Instant Messenger Resources
      3. Access Manager Instant Messaging Service

 Install directories: 
      Instant Messaging:  /opt
      Web Server:         /opt/SUNWwbsvr

 Select: Configure Later

Patch IM

# cd /var/tmp/im
# /usr/sbin/patchadd -d T118786-05
# /usr/sbin/patchadd -d T118789-06/

To Configure Web Server for Instant Messaging on FE Servers

Steps

Run the Instant Messaging configurator:

# cd /opt/SUNWwbsvr
# ./configure

Sun Java(TM) System Web Server 6.1 2005Q1 SP4

Enter the hostname for this machine [fe-amer-11.us.example.com]: im-amer.example.com
Enter your Sun Java System Web Server server port [80]: 80
Enter a content root [/opt/SUNWwbsvr/docs]:
Would you like the Web Server to start on system boot (n/y): [y]
Enter a valid system user for the Administration Server [root]:
(NOTE: USE THE SAME ADMIN PASSWD AS IN THE OTHER WEB INSTALLATIONS FOR EDGE3)
Administration Server User Name [admin]:
Enter your Administration Server Password :
Enter (again) your Administration Server Password :
Enter your Administration Server Port [8888]:

Modify the /opt/SUNWwbsvr/https-im-amer.example.com/config/server.xml file for the newly created web server:

<PROPERTY name="docroot" value="/opt/SUNWwbsvr/docs/im"/>

<LS id="ls1" port="80" servername="im-amer.example.com" 
defaultvs="https-im-amer.example.com" ip="10.1.82.193" security="false" 
acceptorthreads="1" blocking="false">

<PROPERTY name="docroot" value="/opt/SUNWwbsvr/docs/im"/>

Create the new docroot for the IM client services:

# cd /opt/SUNWwbsvr/docs
# ln -s /opt/SUNWiim/html/ im

Start the webserver:
# /etc/init.d/webserver01 start

To Configure Web Server for Instant Messaging on BE Servers

Steps

Run the Instant Messaging configurator:

# cd /opt/SUNWwbsvr
# ./configure
 
Sun Java(TM) System Web Server 6.1 2005Q1 SP4
 
Enter the hostname for this machine [fe-amer-11.us.example.com]: im-amer-01.c
entral.example.com
Enter your Sun Java System Web Server server port [80]: 80
Enter a content root [/opt/SUNWwbsvr/docs]:
Would you like the Web Server to start on system boot (n/y): [y] n
Enter a valid system user for the Administration Server [root]:
(NOTE: USE THE SAME ADMIN PASSWD AS IN THE OTHER WEB INSTALLATIONS FOR EDGE3)
Administration Server User Name [admin]:
Enter your Administration Server Password :
Enter (again) your Administration Server Password :
Enter your Administration Server Port [8888]:

Modify the /opt/SUNWwbsvr/https-im-amer.example.com/config/server.xml file for the newly created web server:

<PROPERTY name="docroot" value="/opt/SUNWwbsvr/docs-im"/>

<LS id="ls1" port="80" servername="im-amer-01.us.example.com" defaultvs="http
s-im-amer-01.us.example.com" ip="10.1.82.137" security="false" acceptorth
reads="1" blocking="false"/>

<PROPERTY name="docroot" value="/opt/SUNWwbsvr/docs-im"/>

Create the new docroot for the IM client services:

# cd /opt/SUNWwbsvr/
# ln -s /opt/SUNWiim/html/ docs-im

Start the webserver:
# /etc/init.d/webserver01 start

To Configure Instant Messaging on the FE Servers

Configure Instant Messaging services on two of the FE systems, fe-amer-11.example.com and fe-amer-12.example.com.

Steps

Run the Instant Messaging configurator:

# cd /opt/SUNWiim
# ./configure -nodisplay

   Components to configure:
         Sun Java System Instant Messaging Server
         Sun Java System Instant Messenger Resources
   
   Host name:        im-amer
   DNS Domain name:  example.com
   User ID:          iimuser
   Group ID:         iimgroup
   
   Instant Messaging Server runtime files directory:  /var/opt/SUNWiim

   Instant Messaging Server Configuration:
          Domain Name:             example.com
          IM Server port:          9999
          Multiplexor port:        9909
          Disable Server:          yes
          Remote Server Hostname:  im-amer-01.us.example.com
          Messenger Resources Code Base URL:  http://im-amer.example.com:80

   Start Instant Messaging Services after successful configuration:  no
   Start Instant Messaging Services on system startup:               yes

Add the SSL certificates

# cd /usr/local/cert/SUN_PKI.cert/im-amer
# cp cert8.db /opt/SUNWwbsvr/alias/https-im-amer-cert8.db
# cp key3.db /opt/SUNWwbsvr/alias/https-im-amer-key3.db
# cp secmod.db /opt/SUNWwbsvr/alias/secmod.db
# cp cert8.db /etc/opt/SUNWiim/default/config/https-im-amer-cert8.db
# cp key3.db /etc/opt/SUNWiim/default/config/https-im-amer-key3.db
# cp secmod.db /etc/opt/SUNWiim/default/config/secmod.db
# cp PW /etc/opt/SUNWiim/default/config/PW
# cd /opt/SUNWwbsvr/alias
# chmod 644 *
# cd /etc/opt/SUNWiim/default/config
# mv PW sslpassword.conf
# chown iimuser:iimgroup *

Edit the /etc/opt/SUNWiim/default/config/sslpassword.conf file and change it to the following format:
Internal (Software) Token:password_from_PW_file

Edit the /etc/opt/SUNWiim/default/config/iim.conf file and verify the following parameters:

iim.smtpserver = "mail-amer-xfr.example.com"
iim.instancedir = "/opt/SUNWiim"
iim.instancevardir = "/var/opt/SUNWiim/default"
iim.user = "iimuser"
iim.group = "iimgroup"
iim_ldap.host = "empldap1.us.example.com:389"
iim_ldap.searchbase = "dc=example,dc=com"
iim_ldap.usergroupbinddn = ""
iim_ldap.usergroupbindcred = ""
iim.log.iim_server.severity = "INFO"
iim.log.iim_mux.severity = "INFO"
iim.log.iim_wd.severity = "INFO"
iim_server.domainname = "example.com"
iim_server.useport = "True"
iim_server.port = "5269"
iim_server.usesslport = "False"
iim_server.enable = "false"
iim_server.clienttimeout = "15"
iim_server.usesso = "0"
iim.policy.modules = "iim_ldap"
iim.userprops.store = "file"
iim_mux.listenport = "im-amer.example.com:9909"
iim_mux.serverport = "im-amer-01.us.example.com:9999"
iim_mux.enable = "true"
iim_mux.numinstances = "4"
iim_mux.maxthreads = "10"
iim_mux.maxsessions = "1000"

! SSL settings
iim_mux.usessl = "on"
iim_mux.secconfigdir = "/etc/opt/SUNWiim/default/config"
iim_mux.keydbprefix = "https-im-amer-"
iim_mux.certdbprefix = "https-im-amer-"
iim_mux.secmodfile = "secmod.db"
iim_mux.certnickname = "Server-Cert"
iim_mux.keystorepasswordfile = "sslpassword.conf"

iim_wd.enable = "true"
iim_wd.period = "300"
iim_wd.maxRetries = "3"
! Calendar agent stuff - disable on the FEs
iim_agent.enable = "false"
iim_agent.agent-calendar.enable = "false"

Edit the IM client resources to force the use of SSL (all language files must be edited

Edit /opt/SUNWiim/html/index.html, search for and change all instances of the following:
im.html to imssl.html im.jnlp to imssl.jnlp

Perform the same edits on the index.html files for all languages. The index.html file is found in the following directories:

/opt/SUNWiim/html/de
/opt/SUNWiim/html/es
/opt/SUNWiim/html/fr
/opt/SUNWiim/html/ja
/opt/SUNWiim/html/ko
/opt/SUNWiim/html/zh
/opt/SUNWiim/html/zh_TW

To Configure Instant Messaging on the BE Server

Configure Instant Messaging on the BE server phys-bedge6-2.us.

Steps

Run the Instant Messaging configurator:

# cd to the IM installation directory
# cd /opt/SUNWiim
# ./configure -nodisplay

Components to configure:
        Sun Java System Instant Messaging Server
        Sun Java System Instant Messenger Resources
  Host name:        im-amer-01
  DNS Domain name:  central.example.com
  User ID:          iimuser
  Group ID:         iimgroup
  Instant Messaging Server runtime files directory:  /var/opt/SUNWiim
  Instant Messaging Server Configuration:
         Domain Name:             example.com
         IM Server port:          9999
         Multiplexor port:        9909
         Disable Server:          no
  LDAP Host Name:    empldap1.us.example.com
  LDAP Port Number:  389
  Base DN:           dc=example,dc=com
  Bind DN:           cn=directory manager
  Bind Password:     (enter directory manager password here)
  SMTP Server Host Name:   mail-amer-xfr.example.com
  Messenger Resources Code Base URL:   http://im-amer-01.us.example.com:80
  Start Instant Messaging Services after successful configuration:  no
  Start Instant Messaging Services on system startup:               yes

Edit the /etc/opt/SUNWiim/default/config/iim.conf file and verify the following parameters:

iim.smtpserver = "mail-amer-xfr.example.com"
iim.instancedir = "/opt/SUNWiim"
iim.instancevardir = "/var/opt/SUNWiim/default"
iim.user = "iimuser"
iim.group = "iimgroup"
! iim_ldap.host = "ds-amer-01.us.example.com:389"
iim_ldap.host = "empldap1.us.example.com:389"
iim_ldap.searchbase = "dc=example,dc=com"
iim_ldap.usergroupbinddn = ""
iim_ldap.usergroupbindcred = ""
iim.log.iim_server.severity = "INFO"
iim.log.iim_mux.severity = "INFO"
iim.log.iim_wd.severity = "INFO"
iim.log.agent-calendar.severity = "INFO"
iim_server.domainname = "example.com"
iim_server.useport = "True"
iim_server.port = "5269"
iim_server.usesslport = "False"
iim_server.enable = "true"
iim_server.clienttimeout = "15"
iim_server.usesso = "0"
iim.policy.modules = "iim_ldap"
iim.userprops.store = "file"
iim_mux.listenport = "im-amer-01.us.example.com:9909"
iim_mux.serverport = "im-amer-01.us.example.com:9999"
iim_mux.enable = "true"
iim_mux.numinstances = "4"
iim_mux.maxthreads = "10"
iim_mux.maxsessions = "1000"
iim_wd.enable = "true"
iim_wd.period = "300"
iim_wd.maxRetries = "3"

If you are deploying EdgeMail complexes in multiple locations, each must have local calendar agent to communicate with the other complexes. For each remote complex, such as the one serving Asia located in Japan for this example, perform the following steps:

Create a directory for the calendar agent:

# cd /var/opt/SUNWiim
# mkdir cal-agent2-jp

Create the individual configuration files for the calendar agent:
# cd /etc/opt/SUNWiim/default/config # cp iim.conf cal2.conf

Edit cal2.conf and change the following parameters:

iim_server.enable = "false"
iim_wd.enable = "false"
iim_mux.enable = "false"

Now modify the calendar agent information in the cal2.conf file

iim.instancevardir = "/var/opt/SUNWiim/cal-agent2-jp"
!
! Calendar-IM integration Configuration
! iim_agent.enable="true"
! iim_agent.agent-calendar.enable="true"
! iim_server.components=agent-calendar
agent-calendar.jid=calimbot.aedge3-cal1.jp.example.com
agent-calendar.password=password
agent-calendar.category=component

! JMS Consumers
jms.consumers=cal_reminder
jms.consumer.cal_reminder.destination=enp:///ics/customalarm
jms.consumer.cal_reminder.provider=ens
jms.consumer.cal_reminder.type=topic
jms.consumer.cal_reminder.param="eventtype=calendar.alarm"
jms.consumer.cal_reminder.factory=com.iplanet.im.server.JMSCalendarMessageListener

! JMS providers
jms.providers=ens
jms.provider.ens.broker=aedge3-cal1.jp.example.com:7997
jms.provider.ens.factory=com.iplanet.ens.jms.EnsTopicConnFactory

Edit the iim.conf file to modify the Calendar Agent information:

! Calendar-IM integration Configuration
iim_agent.enable="true"
iim_agent.agent-calendar.enable="true"
iim_server.components=agent-calendar,agent-calendar2[,...]

agent-calendar.jid=calimbot.bedge5-cal1.us.example.com
agent-calendar.password=netscape
agent-calendar.category=component

agent-calendar2.jid=calimbot.aedge3-cal1.jp.example.com
agent-calendar2.password=netscape
agent-calendar2.category=component

[...]

! JMS Consumers
jms.consumers=cal_reminder
jms.consumer.cal_reminder.destination=enp:///ics/customalarm
jms.consumer.cal_reminder.provider=ens
jms.consumer.cal_reminder.type=topic
jms.consumer.cal_reminder.param="eventtype=calendar.alarm"
jms.consumer.cal_reminder.factory=com.iplanet.im.server.JMSCalendarMessageListener

! JMS providers
jms.providers=ens
jms.provider.ens.broker=bedge5-cal1.us.example.com:7997
jms.provider.ens.factory=com.iplanet.ens.jms.EnsTopicConnFactory

Edit the /etc/init.d/sunwiim file to add the additional Calendar Agent information:

#!/bin/sh
#
# Copyright (c) 1991-2001, by Sun Microsystems, Inc.
#
#ident  "@(#)sunwiim     1.7     96/10/02 SMI"

case "$1" in
'start')
        /opt/SUNWiim/sbin/imadmin start

        # Start the JP calendar agent
        /opt/SUNWiim/sbin/imadmin -c /opt/SUNWiim/config/cal2.conf start agent-calendar
        # Start other calendar agents here if neccessary
        ;;
'stop')
        /opt/SUNWiim/sbin/imadmin stop
        # Stop the JP calendar agent
        /opt/SUNWiim/sbin/imadmin -c /opt/SUNWiim/config/cal2.conf stop agent-calendar
        # Stop other calendar agents here if neccessary
        ;;
*)
        echo "Usage: /etc/init.d/sunwiim { start | stop }"
        ;;
esac
exit