Previous     Contents     Index          Next     
iPlanet Portal Server:Instant Collaboration Pack Administrator's Guide



Chapter 1   Introduction to iPlanet Instant Messaging Server


This chapter describes the iPlanet Instant Messaging Server components, architecture, and configurations.

This chapter contains these sections:



iPlanet Instant Messaging Server Components

iPlanet Instant Messaging Server (iIM Server) enables web clients to participate in real-time messaging and automatically distributed information. With iIM Server, users partake in instant messaging and group chat sessions, share instant information through news channels, and view immediate alerts on important news. In addition, iIM Server is suitable for both intranets and the Internet.

You install and configure iPlanet Instant Messaging Server in one of two ways:

  • As part of the iPlanet Portal Server environment, so that iPlanet Instant Messenger is made available as an application in the iPlanet Portal Server Desktop Applications channel (Solaris platform only)

  • As a standalone server

Whether you install and configure iPlanet Instant Messaging Server with iPlanet Portal Server or as a standalone server, the iIM Server components are the same. These components include:

  • iPlanetTM Instant Messenger (iIM client)

  • iIM server

  • iIM multiplexor

  • iIM client software/files

The following software, installed separately from iIM Server, completes the instant messaging environment:

  • (Optional) iPlanetTM Portal Server, for portal deployments.

  • Web server: Portal deployments use the web server that ships with iPlanet Portal Server. Standalone deployments provide their own web server, such as iPlanet Web Server. In both cases, the iIM Server client files must reside on the same host as the web server. For portal deployments, this means the iIM Server client files must reside on the portal host.

  • LDAP directory server: iPlanet Instant Messaging Server uses an LDAP server, such as iPlanetTM Directory Server, for user authentication and user search. However, if desired, portal deployments can use iPlanet Portal Server's internal directory, to avoid having to install and configure an external LDAP server.

  • SMTP server, such as iPlanetTM Messaging Server.

  • (Optional) iPlanetTM Delegated Administrator.


Portal Deployment Overview

Figure 1-1 illustrates how the iPlanet Portal Server and iPlanet Instant Messaging Server software components interact.

Figure 1-1    iPlanet Instant Messaging Server—Portal Deployment

In simplistic terms, iPlanet Instant Messaging Server in the iPlanet Portal Server environment works as follows:

  1. The user logs on to the iPlanet Portal Server by entering the appropriate URL in a web browser.

  2. The iPlanet Portal Server software authenticates the user with the configured authentication mechanism, communicating with the external LDAP directory server to get the uid. (It is also possible to use iPlanet Portal Server's internal directory.)

  3. The iPlanet Portal Server software downloads the user's iPlanet Portal Server Desktop.

  4. The user clicks the iPlanet Instant Messenger link in the iPlanet Portal Server Desktop Applications channel.

  5. The servlet file, iimcservlet.jar, uses the existing session ID from iPlanet Portal Server to set up a session with the iPlanet Instant Messaging multiplexor. The launch servlet fills in information taken from when the user logged into iPlanet Portal Server, for example: username, password, uid, token, if secure or not (SSL), whether the Java Plug-in or Java Web Start is being used, codebase, and so forth.

  6. iPlanet Instant Messenger is launched.

  7. iPlanet Instant Messenger connects to the iIM multiplexor and passes in the necessary credentials.

  8. An SMTP server, when notified by the iIM server that users are offline, forwards alerts to their email. Users must set their preferences to have alerts forwarded as email when they are offline.

  9. iPlanet Delegated Administrator is used to add and delete user IDs, and change passwords.


Standalone Deployment Overview

Figure 1-2 illustrates the interaction of the software components in a standalone configuration.

Figure 1-2    iPlanet Instant Messaging Server—Standalone Deployment

In simplistic terms, an iIM Server standalone deployment works as follows:

  1. The user enters the URL of the web server providing the initial iIM Server index.html web page in a browser, for example, http://iim.i-zed.com.

  2. The web server accesses the appropriate client files, and downloads the iPlanet Instant Messenger applet to the browser.

  3. User enters LDAP user name and password, and the applet talks to the multiplexor.

  4. The multiplexor forwards the data received from the applet to the backend iIM server.

  5. The iIM server talks to the LDAP server to authenticate the user.

  6. An SMTP server, when notified by the iIM server that users are offline, forwards alerts to their email. Users must set their preferences to have alerts forwarded as email when they are offline.

  7. iPlanet Delegated Administrator is used to add and delete user IDs, and change passwords.


    Note The above scenario describes the iPlanet Instant Messenger applet. You can also run iPlanet Instant Messenger as an application by using JavaTM Web Start. See the iPlanet Portal Server: Instant Collaboration Pack Installation Guide for more details.


For more information on deploying iPlanet Instant Messenger, see the iPlanet Portal Server: Instant Collaboration Pack Deployment Guide.

The following sections explain these software components in detail. See "iPlanet Instant Messaging Server Configurations" for more information on how iIM Server can be deployed.


iPlanet Portal Server

iPlanet Portal Server provides secure access to an intranet for remote users on Solaris-based or Windows-based personal computers. Users access iPlanet Portal Server by logging on to the web-based iPlanet Portal Server Desktop through their assigned authentication scheme. The authentication module configured for iPlanet Portal Server authenticates the log-on request, the user session is established with the iPlanet Portal Server, and the user receives the assigned desktop portal page.

When you install iPlanet Instant Messaging Server in the iPlanet Portal Server environment, users invoke the iPlanet Instant Messenger client from their iPlanet Portal Server Desktop Applications channel. In the iPlanet Portal Server environment, you configure iPlanet Instant Messenger in either secure or non-secure mode. In secure mode, communication is encrypted through the iPlanet Portal Server Netlet. A lock icon appears in iPlanet Instant Messenger's Status area when you are running in secure mode. In non-secure mode, the iPlanet Instant Messenger session is not encrypted. See the iPlanet Portal Server documentation for more information on Netlet.


iPlanet Instant Messenger

iPlanet Instant Messenger, written in Java, is iPlanet Instant Messaging Server's client that can be configured to be browser-based (applet) or independent of a browser (Java Web Start application). To run the iPlanet Instant Messenger client on Solaris, you must use Java Web Start; on Microsoft Windows you can choose between applet or Java Web Start configurations.

You can customize a number of items for iPlanet Instant Messenger. See Chapter 3 "Managing iPlanet Instant Messenger" for more information.

iPlanet Instant Messenger provides the following communication modes:

  • Chat - iIM Server's version of instant messaging, chat is a real-time conversation capability that enables users to complete projects, answer customer questions, and complete other time-critical work assignments. Chat sessions are held either in chat rooms created on an as-needed basis or in pre-established conference rooms.

  • Alerts - Alerts are time-critical messages that users instantly receive. The sender knows who has received the message and can be notified that the message is read when the alert is either closed or clicked. If the alert message requires a response, right clicking on the alert brings up a pop-up menu with an option to Chat with Sender.

  • Poll - The polling function enables you to poll users for their response to a question. You send a question and possible answers to selected users and they respond with their selected answer. If desired, you can send a poll that enables respondents to customize their answers.

  • News Channels -News channels are forums for posting and sharing information. Users subscribe to news channels of interest to see updates. The information in a news channel is usually published automatically by way of a URL, or by a user with proper privilege.


    Note News channels can contain embedded URLs, such as http://stocks.yahoo.com?id=sunw. To resolve such URLs, it might be necessary, depending on your underlying DNS infrastructure (if you are using proxy servers) to have clients using Java Web Start modify their proxy configuration.

    Users set the proxies manually by using the Preference panel in Java Web Start's Application manager.



iPlanet Instant Messaging Server

The iPlanet Instant Messaging server handles tasks such as controlling client privileges and security, enabling iPlanet Instant Messenger clients to communicate with each other by sending alerts, by initiating chat conversations, and by posting messages to available news channels.

The iPlanet Instant Messaging server supports the connection of a multiplexor that concentrates connections over one socket. See "iPlanet Instant Messaging Multiplexor" for more information.

Access controls are used for administration, users, news channels, and conference rooms. These access controls are implemented by the iPlanet Instant Messaging server (not an LDAP directory server). See "iPlanet Instant Messaging Server Privileges and Access Levels" for more information.


iPlanet Instant Messaging Multiplexor

The iPlanet Instant Messaging multiplexor component is a connection multiplexor that listens for iPlanet Instant Messenger clients and opens only one connection to the backend iPlanet Instant Messaging server. The multiplexor reads data from the iPlanet Instant Messenger client and writes it to the server. Similarly, when the server sends data to iPlanet Instant Messenger client, the multiplexor reads the data and writes it to the appropriate client connection. The multiplexor does not perform any user authentication or parse the client-server protocol.

In effect, the multiplexor always acts as a frontend component to the iPlanet Instant Messaging server. Any client-server communication must go through the multiplexor; that is, iIM Server architecture is such that it always uses the multiplexor. iPlanet Instant Messenger and iPlanet Instant Messaging server do not talk to each other directly.

You can install multiple multiplexors as needed, depending your configuration. See "iPlanet Instant Messaging Server Configurations" for more information.


Web Server

iPlanet Instant Messaging Server depends on a web server to serve up HTML, including:

  • An initial index.html file, provided by the product, or your own home page, with a link to invoke the iPlanet Instant Messenger.

  • The product's client jar files (iim.jar, iimres.jar, iimnet.jar, and iimjni.jar).

  • The iPlanet Instant Messenger online help.

  • Embedded URLs in messages and news channels, to iPlanet Instant Messenger. iIM Server supports web servers such as iPlanet Web Server.

You must install the iPlanet Instant Messenger software on the same host (or iPlanet Portal Server host) where the web server is installed. In most instances, this will be the same host where you installed the iIM Server software. It is possible, however, to locate the iPlanet Instant Messenger client software on a host other than the iIM server/multiplexor. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.

iPlanet Instant Messaging Server does not ship with a web server. If you do not have a web server installed at your site, you must install one.


Note If you are using iPlanet Portal Server, you use the web server that ships with that product. You do not need to install a separate web server.



LDAP Directory Server

iPlanet Instant Messaging Server in standalone mode requires an external LDAP directory server. When installed in standalone mode, iPlanet Instant Messaging Server uses the directory to perform user authentication and to search for users.

iPlanet Instant Messaging Server in a portal deployment can use either an external LDAP server or iPlanet Portal Server's internal directory. When installed in portal mode and using iPlanet Portal Server's internal directory, iIM Server uses the directory for user search only, not user authentication.

The iPlanet Instant Messaging server itself does not store iIM user information. When searching in LDAP, iIM Server uses the LDAP cn and uid attributes.

iIM Server supports users defined and maintained in an LDAP directory, such as iPlanet Directory Server.

iPlanet Instant Messaging Server does not ship with an LDAP directory server. If you do not have an LDAP directory installed, you must install one. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.


SMTP Server

iPlanet Instant Messaging Server uses an SMTP server to forward alerts as email to users who are offline and unable to receive alerts. As long as users configure their preferences to use this feature, alerts are forwarded as email when they are not online using iPlanet Instant Messenger.

iPlanet Instant Messaging Server does not ship with an SMTP server. If you do not have an SMTP server installed, you must install one. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.


iPlanet Delegated Administrator

An optional component for iPlanet Instant Messaging Server, iPlanet Delegated Administrator is a web-based directory application providing real-time, policy-driven user administration. It enables management of user information and accounts in the iPlanet Directory Server to either internal or external administrators, as well as providing user self-service, powering the foundation for Unified User Management in mission-critical, e-commerce and extranet deployments.



iPlanet Instant Messaging Server Privileges and Access Levels


Administrators determine the availability of the client communication modes by assigning privileges to users. In some cases, you can assign a minimal number of privileges. For example, a user can be configured to initiate alerts to others but not to add conference rooms. Privileges give users access to needed utilities and views. Privileges control almost all features of iIM Server, limiting what a user can see or do.

There are six server-wide privileges that you set by editing iIM Server access control (ACL) files. Only users with administrator rights on the iIM Server host can set privileges. On Solaris systems, this would be root or the iim.user provided during installation.

Table 1-1 shows the ACL files and what privileges they control. The ACL files are located in the following platform-specific directories:

  • Solaris
    /etc/opt/SUNWiim/config/acls

  • Windows NT
    im30_install_dir\config\acls


    Table 1-1    iPlanet Instant Messaging Server Privileges and Access Control Files

    ACL File

    Description

    sysAdmin.acl  

    Administrator Privilege - Gives users administrative privileges to all iPlanet Instant Messenger features. This privilege overrides all other privileges, so should be reserved only for administrators.  

    sysTopicsAdd.acl  

    News Channel Creation Privilege - Gives users the ability to create news channels.  

    sysRoomsAdd.acl  

    Room Creation Privilege - Gives users the ability to create conference rooms.  

    sysSendAlerts.acl  

    Send Alert Privilege - Gives users the ability to send alerts.  

    sysSaveUserSettings.acl  

    User Settings Privilege - Gives users the ability to change their own preferences in the User Settings dialog box.  

    sysWatch.acl  

    Watch Privilege - Gives users the ability to watch for changes on other users. The iPlanet Instant Messenger Main window does not appear for those users who do not have this privilege.  

In addition to the above six server-wide privileges, you set certain access levels through iPlanet Instant Messenger itself. Each individual news channel and conference room have their own subset of access levels—ranging from Manage to None—that determines if users can view, change, or manage information in a room or news channel. Individual users have the privilege to decide who can see them, send alerts to them, and so on. Only users with administrator privilege can give or take away other user privileges. See the iPlanet Instant Messenger online help for more information.



iPlanet Instant Messaging Server Configurations


You can install and configure iIM Server in a variety of configurations to fit your site's needs, including:

  • Using an existing (separate) web server host

  • Installing multiple iPlanet Instant Messaging multiplexors

  • Installing multiple iIM Server hosts (servers) to accommodate multiple administrative domains


    Note The configurations described in this section are for standalone deployments. See the iPlanet Portal Server: Instant Collaboration Pack Deployment Guide for information on portal deployment configurations.



Separate Web Server Host

Figure 1-3 shows a configuration where the web server is installed on a separate host, and the iPlanet Instant Messaging server and multiplexor are installed on the same host. Use this configuration when there is an existing web server and LDAP server installed, and you do not want to load other applications on to those systems.

Figure 1-3    iIM Server Configuration - Separate Web Server


Multiple Multiplexor Hosts

Figure 1-4 shows a configuration of two multiplexors installed on separate hosts, and the iPlanet Instant Messaging server on its own host. This configuration enables you to place a multiplexor outside your company's firewall. Installing multiplexors on multiple hosts distributes the load for iIM Server across multiple systems. The multiplexor can be resource-intensive, so putting it on a separate machine can improve overall system performance.


Note Windows NT supports only one multiplexor instance per host.


Figure 1-4    iIM Server Configuration - Multiple Multiplexors, Separate iIM Server and Web Server


Multiple iIM Server Hosts

Figure 1-5 shows a configuration consisting of two iIM servers. Use this configuration when your site contains multiple administrative domains. In this type of configuration you need to set up the server configuration on each iIM Server host so that users on the one system can talk to users on another system.


Note These are not "virtual domains," as the administrators on the different systems need to trust each other and cooperate in making this configuration work.


Figure 1-5    iIM Server Configuration - Multiple iIM Servers



Configuration Files and Directory Structure


This section describes the iPlanet Instant Messaging server directory structure and properties files used to store configuration and operational data.


Directories

Table 1-2 shows the platform-specific directory structures for iIM Server.


Table 1-2    iIM Server Directories  

Description

Solaris

Windows NT

Contains the multiplexor executable. (Windows NT directory also contains the server executable, iim.exe.)  

im30_install_dir/SUNWiim/bin  

im30_install_dir\bin  

Contains the iIM Server jar files.  

im30_install_dir/SUNWiim/classes  

im30_install_dir\classes  

Contains the iim.conf configuration file and an acls subdirectory, which contains all the server-wide access control files.  

/etc/opt/SUNWiim/default/config

Note: The installer creates a symbolic link from /etc/opt/SUNWiim/default/config to im30_install_dir/SUNWiim/config.  

im30_install_dir\config  

Configurable directory for the server runtime files, including database, which contains information such as user and news channels directories, server and multiplexor log files, and other files created by the server and multiplexor at runtime.  

/var/opt/SUNWiim/default  

im30_install_dir\  

Contains HTML documents and jar files required by iPlanet Instant Messenger.  

im30_install_dir/SUNWiim/html  

im30_install_dir\html  

Contains the online help files.  

im30_install_dir/SUNWiim/html/help  

im30_install_dir\html\help  

Configurable base directory.  

im30_install_dir/SUNWiim/
(The default is /opt.)  

im30_install_dir\
(The default is c:\Program Files\iplanet.)  

Contains the Java Runtime Environment files.  

N/A  

im30_install_dir\java  

Contains the iIM Server libraries (Windows NT only).  

N/A  

im30_install_dir\lib  

Contains the lock files for the multiplexor.  

/var/opt/SUNWiim/default/lock  

im30_install_dir\lock  

Configurable directory for the server and multiplexor logs.  

/var/opt/SUNWiim/default/log  

im30_install_dir\log  

Contains the iIM Server administration command.  

im30_install_dir/SUNWiim/sbin  

im30_install_dir\sbin  


Server Configuration File

iPlanet Instant Messaging Server stores all configuration options in the iim.conf file. For more information on the parameters and their values stored in this file, see Appendix A "iPlanet Instant Messaging Server Configuration Parameters."


iPlanet Instant Messenger Data

iIM Server stores the following persistent data used by iPlanet Instant Messenger in the runtime files directory, which you specified during the installation, and is indicated by the iim.instancevardir parameter in the iim.conf file:

  • User properties (contact lists, client settings, subscribed news channels, access control, and so forth).

  • News channel messages and access rules.

  • Public conferences. This does not involve instant messages, which are not archived, but only references to the conference objects themselves, such as access rules.



Using SSL in iPlanet Instant Messaging Server

iPlanet Instant Messaging Server supports the Secure Sockets Layer (SSL) protocol, for encrypted communications and for certificate-based authentication of iPlanet Instant Messaging servers. iIM Server supports SSL version 3.0.

SSL is based on the concepts of public-key cryptography. For background information, see:

http://docs.iplanet.com/docs/manuals/console/50/10_ssl.htm

Enabling SSL for use with iPlanet Instant Messaging Server entails the following:

  1. Obtaining and installing a certificate for your iIM server, and configuring the iIM server to trust the Certification Authority's certificate.

  2. Turning on SSL by setting the appropriate parameter in the iim.conf file.

  3. Ensuring that each iIM server needing to communicate by using SSL with your server obtains and installs a certificate.

See "Configuring SSL" for the instructions to configure SSL.



iPlanet Instant Messaging Server Access Control


Internet-based instant messaging services are, by their very nature, not secure. The server is controlled by a third party, and it is possible for personnel outside your company to intercept and read your confidential company information. iPlanet Instant Messaging Server provides complete security for your inter-company communications. You control the messaging server and the users who have access to the various modes of communication.

The robust configuration flexibility of iPlanet Instant Messaging Server enables you to also preserve intra-company confidentiality. You have complete control over who can enter and participate in a conference room session. You have control over who receives information in certain news channels and you also have control over who can post messages in these news channels.

With the iIM Server access control options you can also enhance productivity by limiting access to the various communication modes. You decide who has the authority to initiate chat sessions, and who can send alerts. You can give different users different access capabilities. For example, call center agents could be assigned access privileges that enable them to receive alerts, but not be able to see which other users are online.



Using the Command Line with iPlanet Instant Messaging Server


iIM Server provides a command-line utility to start, stop and refresh the server and multiplexor. See Chapter 2 "Administering iPlanet Instant Messaging Server and Multiplexor," for more information on this command.


Previous     Contents     Index          Next     
Copyright © 2002 Sun Microsystems, Inc. All rights reserved.

Last Updated March 29, 2002