Configuring the communications between the SIP Edge Proxy Server and the Sametime SIP Proxy/Registrar

Designate whether the IBM® SIP Edge Proxy Server's communication with the Sametime® SIP Proxy/Registrar's transport type is secure, and define the basic SIP Edge Proxy Server routing settings.

About this task

When the SIP Edge Proxy Server receives a message, it determines whether the package was received from a Sametime SIP Proxy/Registrar by checking the network address the message was received from.

In a clustered environment with a MAC forwarding load balancer in front of the SIP Edge Proxy Server, or when there is no load balancer in front of the SIP Edge Proxy cluster, this is the address of the WebSphere® SIP proxy server that sits in front of the SIP Proxy/Registrar cluster. In a NAT environment, this address might not match the physical IP address of the WebSphere SIP proxy server because NAT can translate the address to a different IP address. To determine how the SIP Edge Proxy Server sees packets coming from the SIP Proxy/Registrar, consult with a network administrator or run a network analyzing tool on the WebSphere SIP proxy servers that sit in front of the SIP Edge Proxy cluster and analyze the source IP address of the packets sent from the SIP Proxy/Registrar.

In addition, if the SIP Edge Proxy cluster is fronted by a NAT forwarding load balancer, the SIP Edge Proxy Server might see all packets sent by external clients or the SIP Proxy/Registrar as received from the same IP address, that is, the IP address of the load balancer. To allow the SIP Edge Proxy Server to distinguish between external users and the SIP Proxy/Registrar, allocate a separate connection pool on the load balancer for the traffic received from the SIP Proxy/Registrar. Consult a load balancer administrator for other options.

Since there are no System Solutions Console administrative pages for the IBM SIP Edge Proxy Server configuration, perform configuration updates by manually editing the edge-proxy.xml file.

Procedure

  1. On the IBM SIP Edge Proxy Server's deployment manager, open the file edge-proxy.xml located in the following directory:
    • Linux™ and Unix

      dm profile/config/cells/cell/applications/EdgeProxyAppl.ear/deployments/EdgeProxyAppl/EdgeProxyWeb.war/WEB-INF/

      For example,

      /opt/IBM/WebSphere/AppServer/profiles/STMSDMgrProfile/config/cells/dominoMediaCell/applications/EdgeProxyAppl.ear/deployments/EdgeProxyAppl/EdgeProxyAppl.war/WEB-INF/

    • Microsoft™ Windows™

      dm profile \config\cells\cell\applications\EdgeProxyAppl.ear\deployments\EdgeProxyAppl\EdgeProxyWeb.war\WEB-INF\

      For example,

      C:\IBM\WebSphere\AppServer\profiles\STMSDMgrProfile\config\cells\sipMediaCell\applications\EdgeProxyAppl.ear\deployments\EdgeProxyAppl\EdgeProxyWeb.war\WEB-INF

    • The authoritativeProxy section contains the host name, port, and transport of the Sametime SIP Proxy/Registrar:
      • Specify the SIP Proxy/Registrar host name.
      • Specify the SIP port.
      • Specify the SIP transport TCP or TLS to match the  SIP Proxy/Registrar configuration.
    • The edgeProxy section contains the host name, port, and transport of the IBM SIP Edge Proxy Server:
      • Specify the SIP Edge Proxy Server host name.
      • Specify the SIP port.
      • Specify the SIP Edge Proxy server transport TCP or TLS.
    • The authProxySourceAddr section specifies the address of the Sametime SIP Proxy/Registrar. Supported values: IP address, regular expression that matches the SIP Proxy/Registrar Server address, for example, "10.10.102.14 | 10.10.102.16".
    For example, assume you are setting the following host names and IP addresses:
    • Sametime SIP Proxy Registrar Hostname: sipproxy.company.com
    • Sametime SIP Proxy Registrar IP Address: 10.10.102.14
    • Sametime SIP Edge Proxy Server Hostname: sipedge.company.com
    For example, settings for TCP:
    <authoritativeProxy authProxyHost="sipproxy.company.com"
    authProxyPort="5060" authProxyTransport="tcp"
    authProxySourceAddr="10.10.102.14"/><edgeProxy edgeProxyHost="sipedge.company.com"
    edgeProxyPort="5080" edgeProxyTransport="tcp"/>
    For example, settings for TLS:
    <authoritativeProxy authProxyHost="sipproxy.company.com"
    authProxyPort="5061"authProxyTransport="tls"
    authProxySourceAddr="10.10.102.14"/><edgeProxy
    edgeProxyHost="sipedge.company.com"edgeProxyPort="5081" edgeProxyTransport="tls"/>
    Note: Use the same transport you use for the Sametime Media Manager servers. For example, if the Sametime Conference Manager is configured to use TLS, set the authProxyTransport attribute to TLS as well.
  2. When modifications are complete, save the edge-proxy.xml file.
  3. Synchronize all of the nodes in the cell as follows:
    1. In the WebSphere Integrated Solutions Console, log in as the WebSphere administrator to the deployment manager that manages the SIP Edge Proxy server.
    2. Click System Administration > Nodes.
    3. Select all nodes.
    4. Click Full Resynchronize.