Changing the transport protocol to TLS

When you change the transport protocol from TCP to TLS for the IBM® Sametime® Media Manager, you must update settings for the SIP Proxy/Registrar, Conference Manager, and Video Manager components.

About this task

For information on determining the correct ports to use in this procedure, see Determining the ports used by the Sametime Media Manager components.

Procedure

  1. Log in to the Sametime System Console as the Sametime administrator.
  2. Click Sametime System Console > Sametime Servers > Sametime Media Manager.
  3. In the Sametime Media Managers list, click the deployment name of the Media Manager that you are updating.
  4. Click the Configuration tab.
  5. On the Configuration page, enter a number (in seconds) between 30 and 300 in the Session expiration field to specify how frequently the SIP process should check to determine whether a client is still connected.
  6. Change the transport protocol for the SIP Proxy/Registrar by making the following changes in the "SIP Proxy Registrar" section of the Configuration page.
    1. Set the Transport protocol to TLS.
    2. Change the Sip port to the value of the corresponding TLS port.
      • If you deployed a combined PR/CF server, use the SIP_ProxyReg_SECURE port (for example, 5081).
      • If you deployed a cluster of SIP Proxy/Registrar servers, use the port for the WebSphere® SIP proxy server that you deployed in front of the cluster (for example, 5061).
  7. Change the transport protocol for the Video Manager by making the following changes in the "Video Manager" section of the Configuration page.
    1. Set the HTTP(S) port.
      • For a non-clustered server, use the WC_defaulthost_secure port (for example, 8443).
      • For a cluster, use the WEB_InboundLBSecure port (for example, 7443).
    2. Set the SIP Port.
      • For a non-clustered server, use the SIP_DEFAULTHOST_SECURE port (for example, 5061).
      • For a cluster, use the SIP_InboundLBSecure port (for example, 5081).
    3. Set the Transport Protocol to HTTPS.
  8. Click OK.
  9. Save the changes to the master configuration by clicking the Save link in the "Messages" box at the beginning of the page.
  10. Change the transport protocol for the Conference Manager by completing the following steps.
    1. On the deployment manager for the Sametime Conference Manager (typically the Sametime System Console), locate the stavconfig.xml file and open it for editing.

      For example, in Linux™, the file is located in the following directory: /opt/IBM/WebSphere/AppServer/profiles/STSCDMgrProfile/config/cells/<SSCCellname>/nodes/<nodenameSTMSNode1>/servers/STMediaServer/stavconfig.xml

    2. Change the value of ConferenceServerPort to the corresponding TCP port of the Sametime Conference Manager.
      • If you deployed a combined PR/CF server, use the SIP_ProxyRegHOSTSecure port (for example, 5081).
      • If you deployed a cluster of SIP Proxy/Registrar servers, use the port for the WebSphere SIP proxy server that you deployed in front of the cluster (for example, 5061).
    3. Save and close the file.
    4. Resynchronize the nodes by returning to the IBM WebSphere Integrated Solutions Console and clicking System administration > Nodes, selecting all of the nodes, and then clicking Full Resynchronize.
    5. Restart the deployment manager (typically the Sametime System Console) and the Sametime Conference Manager.