Planning a Sametime Gateway deployment

Before you begin your installation, consider the size of your deployment, the IBM® DB2® database and LDAP server that you will connect to, ports in the firewalls that need to open, hardware requirements, and node names. Review this checklist to prepare for installation.

About this task

Sametime® Gateway supports direct connections between your internal Sametime communities and external communities that are hosted outside of your intranet. If some of your Sametime users connect from outside of the firewall but belong to a community hosted inside the firewall, you do not need to deploy Sametime Gateway. For information on supporting those users, see Deploying Sametime servers in the extranet.

Procedure

  1. Read the Sizing Guide and deployment scenarios on the Sametime wiki and refer to the software and hardware requirements as you size your deployment.
  2. Talk with the systems administrators in your company who oversee DB2, LDAP, and DNS servers about Sametime Gateway Server requirements. Make sure everyone in your organization knows that this product requires these services. A well-designed and well-thought out process makes the deployment of new software systems roll out smoother and faster.
  3. Consult the network firewall administrator about requirements to open ports in the firewalls. The Gateway Server is installed in the DMZ between the internal and external firewalls. See the deployment scenario diagrams to understand the ports that need to be open:
    Table 1. Sametime Gateway ports to be opened in the DMZ

    This is a table.

    Port Firewall Description
    1516 Internal Port to each Sametime Community Server in the local Sametime community, allowing both inbound and outbound traffic between Sametime Gateway Server and each Community Server.
    389 or 636 Internal Port 389 or 636 (SSL) to LDAP server that services the local Sametime community.
    Note: Port 389 or 636 should be opened for all deployed nodes, including the SIP proxy.
    50000 Internal Port to DB2 server.
    5269 External Port to an XMPP connection.
    5061 External Port to external Sametime or AOL® communities.
    5060 External Port to external Sametime communities not using TLS/SSL.
    53 External Port to external DNS servers to resolve the fully qualified domain name of external community servers.
  4. The Sametime Gateway Servers must have access to a DNS server that can resolve public DNS records (A records, SRV records, and PTR records).
  5. If you are installing a standalone deployment of a Sametime Gateway Server, what computer will you use?
  6. If you plan to configure a cluster, determine what computers you will need to support the servers in a Network Deployment:
    Table 2. Servers used in a Sametime Gateway network deployment

    Node type Number allowed Comments
    Deployment Manager 1 You can install the Deployment Manager on its own computer, or on the same computer with primary node and proxy servers.
    Primary node 1 You can install the primary node on its own computer, or on the same computer with Deployment Manager and the proxy servers. You can install multiple server instances on each primary node.
    Secondary node n Install the secondary node on its own computer, or on the same computer with proxy servers. You can install multiple server instances on each secondary node.
    SIP proxy server 2 If you have a clustered deployment, you must install a SIP proxy server to connect to other Sametime communities or AOL communities. The best practice is to install proxy servers on a separate computer to isolate the proxy processing from the Sametime Gateway cluster.
    XMPP proxy server 1 If you have a clustered deployment, you must install an XMPP proxy server to connect to an XMPP community.
  7. Determine the following items for the DB2 database:
    Table 3.

    What You Need to Know Comments
    Database host name For example: database.server.example.com
    Port used by the database server The default port is 50000 (Windows) or 50001 (Linux).
    Name of the database The default database name is STGW but you can change this by editing the database creation script.
    DB2 application user ID and password A database user ID that has permission to connect to the DB2 database and read or write records. This is normally the ID you created when you installed DB2.
    DB2 schema owner ID and password A database user ID for a user who has appropriate permission to create tables in the database. You may need to get this information from the database administrator. The schema user ID is often the same as the application user ID.
  8. Determine the administrative security user ID and password. You are prompted for this ID and password during installation. Use these credentials to log into the Integrated Solutions Console (http://localhost:9060/ibm/console), the administrative interface to WebSphere® Application Server.
  9. Determine if you plan to connect to your LDAP server when you run the installation wizard, or later. If you require a client side certificate to securely connect to an LDAP server from the Sametime Gateway Server, you must configure LDAP using the Integrated Solutions Console after installation. Otherwise, you can connect to your LDAP during the installation process. In either case, you will need this information about your LDAP:
    Table 4. LDAP information for Sametime Gateway Server access

    LDAP information needed for anonymous access LDAP information needed for authenticated access
    • host name (or IP address)
    • port
    • host name (or IP address)
    • port
    • bind distinguished name and password
    • base distinguished name (not required for Domino® LDAP)
  10. What are the node names for the Deployment Manager, primary node, proxy server node, and additional secondary nodes? The installation wizard provides a name that you can change if needed. Node names must be unique and cannot contain spaces or special characters.
  11. What is the fully qualified host name or IP address of the Sametime Community Server in your local Sametime community?
  12. How will you install Gateway Server? You can use an installation wizard, console mode, or silent installation.
    Note: If your server runs on IBM i and it is enabled for IPv6 addressing, you must install the Gateway Server in console mode with input validation disabled, as noted in the installation instructions.
  13. Download the installation images and either burn a CD or copy the install images to each computer where you plan to install a Gateway Server.
  14. Sketch a deployment diagram that shows where your load balancer, firewalls, deployment manager, primary node, secondary nodes, and proxy servers will be installed related to the hardware. List the node names and host names that you plan to use. Identify where you should check network connectivity and other environmental issues that may interfere with a smooth installation process.