Securing connections

About this task

There are a variety of interactions happening on the Sametime server, and each of them can be secured. These interactions are:

Desktop Client to Community Server

These are connections from client to server that happen on port 1533 to the Sametime Multiplexer (Mux) by default. Sametime has legacy encryption enabled by default. These connections can be secured over TLS 1.2.

Server Connections

This is the traffic that happens when Community servers communicate with each other over port 1516 using VP Protocol. This includes the connection from standalone Mux to the Community server.

Sametime Community Server to LDAP server

By default the LDAP operations are not encrypted. It is recommended to enable encryption using TLS to encrypt sensitive user data (such as names, passwords, etc). The secure port for LDAPS is typically 636 but may be different in your environment.

Decrypting SAML Assertions

When Sametime Community server is configured for SAML, the Sametime server can validate the encrypted assertions are from the Identity Provider (IdP). These settings will be used for the decryption.

Mobile and Web Clients to Sametime Proxy Server:

These are the client to server connections from web and mobile clients to the Sametime Proxy server.

Configuration Scope

Sametime Community Server can be configured to use key and trust stores at the global level, where all certificates are shared among the different Community Services. As an option they can be configured to use separate key and trust stores.

The Sametime Proxy Server has a separate key and trust store and must be configured on the Proxy Server.