Previous Contents Index DocHome Next |
iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Administrator's Guide |
Chapter 1 Introduction to iPlanet Instant Messaging Server
This chapter describes the iPlanet Instant Messaging Server components, architecture, and configurations.This chapter contains these sections:
iPlanet Instant Messaging Server Components
iPlanet Instant Messaging Server Privileges and Access Levels
iPlanet Instant Messaging Server Configurations
Configuration Files and Directory Structure
Using SSL in iPlanet Instant Messaging Server
iPlanet Instant Messaging Server Access Control
Using the Command Line with iPlanet Instant Messaging Server
iPlanet Instant Messaging Server Components
iPlanet Instant Messaging Server (iIM Server) enables web clients to participate in real-time messaging and automatically distributed information. With iIM Server, users partake in instant messaging and group chat sessions, share instant information through news channels, and view immediate alerts on important news. In addition, iIM Server is suitable for both intranets and the Internet.You install and configure iPlanet Instant Messaging Server in one of two ways:
As part of the iPlanet Portal Server environment, so that iPlanet Instant Messenger is made available as an application in the iPlanet Portal Server Desktop Applications channel (Solaris platform only)
Whether you install and configure iPlanet Instant Messaging Server with iPlanet Portal Server or as a standalone server, the iIM Server components are the same. These components include:The following software, installed separately from iIM Server, completes the instant messaging environment:
(Optional) iPlanetTM Portal Server, for portal deployments.
Web server: Portal deployments use the web server that ships with iPlanet Portal Server. Standalone deployments provide their own web server, such as iPlanet Web Server. In both cases, the iIM Server client files must reside on the same host as the web server. For portal deployments, this means the iIM Server client files must reside on the portal host.
LDAP directory server: iPlanet Instant Messaging Server uses an LDAP server, such as iPlanetTM Directory Server, for user authentication and user search. However, if desired, portal deployments can use iPlanet Portal Server's internal directory, to avoid having to install and configure an external LDAP server.
Portal Deployment Overview
Figure 1-1 illustrates how the iPlanet Portal Server and iPlanet Instant Messaging Server software components interact.
Figure 1-1    iPlanet Instant Messaging ServerPortal Deployment
In simplistic terms, iPlanet Instant Messaging Server in the iPlanet Portal Server environment works as follows:
The user logs on to the iPlanet Portal Server by entering the appropriate URL in a web browser.
The iPlanet Portal Server software authenticates the user with the configured authentication mechanism, communicating with the external LDAP directory server to get the uid. (It is also possible to use iPlanet Portal Server's internal directory.)
The iPlanet Portal Server software downloads the user's iPlanet Portal Server Desktop.
The user clicks the iPlanet Instant Messenger link in the iPlanet Portal Server Desktop Applications channel.
The servlet file, iimcservlet.jar, uses the existing session ID from iPlanet Portal Server to set up a session with the iPlanet Instant Messaging multiplexor. The launch servlet fills in information taken from when the user logged into iPlanet Portal Server, for example: username, password, uid, token, if secure or not (SSL), whether the Java Plug-in or Java Web Start is being used, codebase, and so forth.
iPlanet Instant Messenger is launched.
iPlanet Instant Messenger connects to the iIM multiplexor and passes in the necessary credentials.
An SMTP server, when notified by the iIM server that users are offline, forwards alerts to their email. Users must set their preferences to have alerts forwarded as email when they are offline.
iPlanet Delegated Administrator is used to add and delete user IDs, and change passwords.
Standalone Deployment Overview
Figure 1-2 illustrates the interaction of the software components in a standalone configuration.
Figure 1-2    iPlanet Instant Messaging ServerStandalone Deployment
In simplistic terms, an iIM Server standalone deployment works as follows:
The user enters the URL of the web server providing the initial iIM Server index.html web page in a browser, for example, http://iim.i-zed.com.
The following sections explain these software components in detail. See "iPlanet Instant Messaging Server Configurations" for more information on how iIM Server can be deployed.The web server accesses the appropriate client files, and downloads the iPlanet Instant Messenger applet to the browser.
User enters LDAP user name and password, and the applet talks to the multiplexor.
The multiplexor forwards the data received from the applet to the backend iIM server.
The iIM server talks to the LDAP server to authenticate the user.
An SMTP server, when notified by the iIM server that users are offline, forwards alerts to their email. Users must set their preferences to have alerts forwarded as email when they are offline.
iPlanet Delegated Administrator is used to add and delete user IDs, and change passwords.
iPlanet Portal Server
iPlanet Portal Server provides secure access to an intranet for remote users on Solaris-based or Windows-based personal computers. Users access iPlanet Portal Server by logging on to the web-based iPlanet Portal Server Desktop through their assigned authentication scheme. The authentication module configured for iPlanet Portal Server authenticates the log-on request, the user session is established with the iPlanet Portal Server, and the user receives the assigned desktop portal page.When you install iPlanet Instant Messaging Server in the iPlanet Portal Server environment, users invoke the iPlanet Instant Messenger client from their iPlanet Portal Server Desktop Applications channel. In the iPlanet Portal Server environment, you configure iPlanet Instant Messenger in either secure or non-secure mode. In secure mode, communication is encrypted through the iPlanet Portal Server Netlet. A lock icon appears in iPlanet Instant Messenger's Status area when you are running in secure mode. In non-secure mode, the iPlanet Instant Messenger session is not encrypted. See the iPlanet Portal Server documentation for more information on Netlet.
iPlanet Instant Messenger
iPlanet Instant Messenger, written in Java, is iPlanet Instant Messaging Server's client that can be configured to be browser-based (applet) or independent of a browser (Java Web Start application). To run the iPlanet Instant Messenger client on Solaris, you must use Java Web Start; on Microsoft Windows you can choose between applet or Java Web Start configurations.You can customize a number of items for iPlanet Instant Messenger. See Chapter 3 "Managing iPlanet Instant Messenger" for more information.
iPlanet Instant Messenger provides the following communication modes:
Chat - iIM Server's version of instant messaging, chat is a real-time conversation capability that enables users to complete projects, answer customer questions, and complete other time-critical work assignments. Chat sessions are held either in chat rooms created on an as-needed basis or in pre-established conference rooms.
Alerts - Alerts are time-critical messages that users instantly receive. The sender knows who has received the message and can be notified that the message is read when the alert is either closed or clicked. If the alert message requires a response, right clicking on the alert brings up a pop-up menu with an option to Chat with Sender.
Poll - The polling function enables you to poll users for their response to a question. You send a question and possible answers to selected users and they respond with their selected answer. If desired, you can send a poll that enables respondents to customize their answers.
News Channels -News channels are forums for posting and sharing information. Users subscribe to news channels of interest to see updates. The information in a news channel is usually published automatically by way of a URL, or by a user with proper privilege.
iPlanet Instant Messaging Server
The iPlanet Instant Messaging server handles tasks such as controlling client privileges and security, enabling iPlanet Instant Messenger clients to communicate with each other by sending alerts, by initiating chat conversations, and by posting messages to available news channels.The iPlanet Instant Messaging server supports the connection of a multiplexor that concentrates connections over one socket. See "iPlanet Instant Messaging Multiplexor" for more information.
Access controls are used for administration, users, news channels, and conference rooms. These access controls are implemented by the iPlanet Instant Messaging server (not an LDAP directory server). See "iPlanet Instant Messaging Server Privileges and Access Levels" for more information.
iPlanet Instant Messaging Multiplexor
The iPlanet Instant Messaging multiplexor component is a connection multiplexor that listens for iPlanet Instant Messenger clients and opens only one connection to the backend iPlanet Instant Messaging server. The multiplexor reads data from the iPlanet Instant Messenger client and writes it to the server. Similarly, when the server sends data to iPlanet Instant Messenger client, the multiplexor reads the data and writes it to the appropriate client connection. The multiplexor does not perform any user authentication or parse the client-server protocol.In effect, the multiplexor always acts as a frontend component to the iPlanet Instant Messaging server. Any client-server communication must go through the multiplexor; that is, iIM Server is architected to always use the multiplexor. iPlanet Instant Messenger and iPlanet Instant Messaging server do not talk to each other directly.
You can install multiple multiplexors as needed, depending your configuration. See "iPlanet Instant Messaging Server Configurations" for more information.
Web Server
iPlanet Instant Messaging Server depends on a web server to serve up HTML, including:
An initial index.html file, provided by the product, or your own home page, with a link to invoke the iPlanet Instant Messenger.
You must install the iPlanet Instant Messenger software on the same host (or iPlanet Portal Server host) where the web server is installed. In most instances, this will be the same host where you installed the iIM Server software. It is possible, however, to locate the iPlanet Instant Messenger client software on a host other than the iIM server/multiplexor. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.The product's client jar files (iim.jar, iimres.jar, iimnet.jar, and iimjni.jar).
The iPlanet Instant Messenger online help.
Embedded URLs in messages and news channels, to iPlanet Instant Messenger. iIM Server supports web servers such as iPlanet Web Server.
iPlanet Instant Messaging Server does not ship with a web server. If you do not have a web server installed at your site, you must install one.
Note If you are using iPlanet Portal Server, you use the web server that ships with that product. You do not need to install a separate web server.
LDAP Directory Server
iPlanet Instant Messaging Server in standalone mode requires an external LDAP directory server. When installed in standalone mode, iPlanet Instant Messaging Server uses the directory to perform user authentication and to search for users.iPlanet Instant Messaging Server in a portal deployment can use either an external LDAP server or iPlanet Portal Server's internal directory. When installed in portal mode and using iPlanet Portal Server's internal directory, iIM Server uses the directory for user search only, not user authentication.
The iPlanet Instant Messaging server itself does not store iIM user information. When searching in LDAP, iIM Server uses the LDAP cn and uid attributes.
iIM Server supports users defined and maintained in an LDAP directory, such as iPlanet Directory Server.
iPlanet Instant Messaging Server does not ship with an LDAP directory server. If you do not have an LDAP directory installed, you must install one. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.
SMTP Server
iPlanet Instant Messaging Server uses an SMTP server to forward alerts as email to users who are offline and unable to receive alerts. As long as users configure their preferences to use this feature, alerts are forwarded as email when they are not online using iPlanet Instant Messenger.iPlanet Instant Messaging Server does not ship with an SMTP server. If you do not have an SMTP server installed, you must install one. See the iPlanet Portal Server: Instant Collaboration Pack Release 3.0 Installation Guide for more information.
iPlanet Delegated Administrator
An optional component for iPlanet Instant Messaging Server, iPlanet Delegated Administrator is a web-based directory application providing real-time, policy-driven user administration. It enables management of user information and accounts in the iPlanet Directory Server to either internal or external administrators, as well as providing user self-service, powering the foundation for Unified User Management in mission-critical, e-commerce and extranet deployments.
iPlanet Instant Messaging Server Privileges and Access Levels
Administrators determine the availability of the client communication modes by assigning privileges to users. In some cases, you can assign a minimal number of privileges. For example, a user can be configured to initiate alerts to others but not to add conference rooms. Privileges give users access to needed utilities and views. Privileges control almost all features of iIM Server, limiting what a user can see or do.There are six server-wide privileges that you set by editing iIM Server access control (ACL) files. Only users with administrator rights on the iIM Server host can set privileges. On Solaris systems, this would be root or the iim.user provided during installation.
Table 1-1 shows the ACL files and what privileges they control. The ACL files are located in the following platform-specific directories:
Solaris
In addition to the above six server-wide privileges, you set certain access levels through iPlanet Instant Messenger itself. Each individual news channel and conference room have their own subset of access levelsranging from Manage to Nonethat determines if users can view, change, or manage information in a room or news channel. Individual users have the privilege to decide who can see them, send alerts to them, and so on. Only users with administrator privilege can give or take away other user privileges. See the iPlanet Instant Messenger online help for more information.
/etc/opt/SUNWiim/config/aclsWindows NT
im30_install_dir\config\acls
iPlanet Instant Messaging Server Configurations
You can install and configure iIM Server in a variety of configurations to fit your site's needs, including:
Using an existing (separate) web server host
Installing multiple iPlanet Instant Messaging multiplexors
Installing multiple iIM Server hosts (servers) to accommodate multiple administrative domains
Separate Web Server Host
Figure 1-3 shows a configuration where the web server is installed on a separate host, and the iPlanet Instant Messaging server and multiplexor are installed on the same host. Use this configuration when there is an existing web server and LDAP server installed, and you do not want to load other applications on to those systems.
Figure 1-3    iIM Server Configuration - Separate Web Server
Multiple Multiplexor Hosts
Figure 1-4 shows a configuration of two multiplexors installed on separate hosts, and the iPlanet Instant Messaging server on its own host. This configuration enables you to place a multiplexor outside your company's firewall. Installing multiplexors on multiple hosts distributes the load for iIM Server across multiple systems. The multiplexor can be resource-intensive, so putting it on a separate machine can improve overall system performance.
Note Windows NT supports only one multiplexor instance per host.
Figure 1-4    iIM Server Configuration - Multiple Multiplexors, Separate iIM Server and Web Server
Multiple iIM Server Hosts
Figure 1-5 shows a configuration consisting of two iIM servers. Use this configuration when your site contains multiple administrative domains. In this type of configuration you need to set up the server configuration on each iIM Server host so that users on the one system can talk to users on another system.
Note These are not "virtual domains," as the administrators on the different systems need to trust each other and cooperate in making this configuration work.
Figure 1-5    iIM Server Configuration - Multiple iIM Servers
Configuration Files and Directory Structure
This section describes the iPlanet Instant Messaging server directory structure and properties files used to store configuration and operational data.
Directories
Table 1-2 shows the platform-specific directory structures for iIM Server.
Server Configuration File
iPlanet Instant Messaging Server stores all configuration options in the iim.conf file. For more information on the parameters and their values stored in this file, see Appendix A "iPlanet Instant Messaging Server Configuration Parameters."
iPlanet Instant Messenger Data
iIM Server stores the following persistent data used by iPlanet Instant Messenger in the rutime files directory, which you specified during the installation, and is indicated by the iim.instancevardir parameter in the iim.conf file:
User properties (contact lists, client settings, subscribed news channels, access control, and so forth).
News channel messages and access rules.
Public conferences. This does not involve instant messages, which are not archived, but only references to the conference objects themselves, such as access rules.
Using SSL in iPlanet Instant Messaging Server
iPlanet Instant Messaging Server supports the Secure Sockets Layer (SSL) protocol, for encrypted communications and for certificate-based authentication of iPlanet Instant Messaging servers. iIM Server supports SSL version 3.0.SSL is based on the concepts of public-key cryptography. For background information, see:
http://docs.iplanet.com/docs/manuals/console/50/10_ssl.htm
Enabling SSL for use with iPlanet Instant Messaging Server entails the following:
Obtaining and installing a certificate for your iIM server, and configuring the iIM server to trust the Certification Authority's certificate.
See "Configuring SSL" for the instructions to configure SSL.Turning on SSL by setting the appropriate parameter in the iim.conf file.
Ensuring that each iIM server needing to communicate by using SSL with your server obtains and installs a certificate.
iPlanet Instant Messaging Server Access Control
Internet-based instant messaging services are, by their very nature, not secure. The server is controlled by a third party, and it is possible for personnel outside your company to intercept and read your confidential company information. iPlanet Instant Messaging Server provides complete security for your inter-company communications. You control the messaging server and the users who have access to the various modes of communication.The robust configuration flexibility of iPlanet Instant Messaging Server enables you to also preserve intra-company confidentiality. You have complete control over who can enter and participate in a conference room session. You have control over who receives information in certain news channels and you also have control over who can post messages in these news channels.
With the iIM Server access control options you can also enhance productivity by limiting access to the various communication modes. You decide who has the authority to initiate chat sessions, and who can send alerts. You can give different users different access capabilities. For example, call center agents could be assigned access privileges that enable them to receive alerts, but not be able to see which other users are online.
Using the Command Line with iPlanet Instant Messaging Server
iIM Server provides a command-line utility to start, stop and refresh the server and multiplexor. See Chapter 2 "Administering iPlanet Instant Messaging Server and Multiplexor," for more information on this command.
Previous Contents Index DocHome Next
Copyright © 2001 Sun Microsystems, Inc. All rights reserved.
Last Updated November 26, 2001