Enabling ports for TLS for a Sametime Media Manager

Edit settings in the stavconfig.xml file to specify secure ports for TLS encryption. Do this only if all users are running IBM Sametime clients V8.5.1 or later; older clients cannot connect to the V9.x Media Manager.

Before you begin

Make a note of the values you need to transfer to stavconfig.xml from the Sametime® SIP/Proxy Registrar, Conference Manager, and Video Manager servers. Open the WebSphere® Application Server Integrated Solutions Console for each server and click Servers > Server Types > WebSphere Application servers > STMediaServer > Ports.

Find the values for a non-clustered or clustered environment.

Non-clustered environment
  • SIP/Proxy Registrar

    SIP_ProxyRegHOST/SIP_ProxyRegSECURE

  • Conference Manager

    SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port

  • Video Manager

    SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port

Clustered environment

  • SIP/Proxy Registrar

    SIP_ProxyRegHOST/SIP_ProxyRegSECURE

    (Clustered node) WebSphere Application Server proxy host

    (Clustered node) WebSphere Application Server proxy secure port

  • Conference Manager

    SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port

    (Clustered node) WebSphere Application Server proxy host

    (Clustered node) WebSphere Application Server proxy secure port

  • Video Manager

    SIP_DEFAULTHOST/SIP_DEFAULTHOST_SECURE port

About this task

The default settings in the stavconfig.xml file specify secure ports. If you have modified this file to use TCP, then it must be modified again for use with TLS encryption. Edit the stavconfig.xml files on the Conference Manager by changing the non-secure ports to secure ports. This file is not used by the SIP Proxy/Registrar.

Follow these steps to update the stavconfig.xml file for every instance of the Media Manager components. When multiple profiles are installed on the same computer, each profile uses its own copy of the file and requires the updates.

Procedure

  1. Log in to the WebSphere Integrated Solutions Console for the server.
  2. On the server hosting the Conference Manager, or SIP Proxy/Registrar, navigate to the following directory:
    dm_install_root/config/cells/cell_name/nodes/node_name/servers/server_name
  3. In a text editor, open the stavconfig.xml file.
  4. Modify the following settings:
    • The ConferenceServerPort setting should contain the SIP_DEFAULTHOST_SECURE port value from the Conference Manager server.
    • The SIPProxyServerPort setting should contain the SIP_ProxyRegSECURE port value from the SIP Proxy/Registrar server.
    • The VMGRServerSIPPort setting should contain the SIP_DEFAULTHOST_SECURE port value from the Video Manager server.
    • Change the SIPProxyServerTransportProtocol setting value to TLS.
  5. (Clustered environment only)

    Make these additional changes in the file if you are configuring on a clustered node server.

    Conference Manager node
    • SIPProxyServerHost field

      SIP Proxy/Registrar WAS proxy host

    • SIPProxyServerPort field

      SIP Proxy/Registrar WAS proxy secure port

    • VMGRServerHost field

      IPSprayer host

    • VMGRServerSIPPort field

      IPSprayer SIP port

  6. Close and save the updated file.
  7. Synchronize all nodes in the deployment manager that manages the component.
    1. In the deployment manager's WebSphere Integrated Solutions Console, click System Administration > Nodes.
    2. Click Full Resynchronize.

Results

Communications will now take place over the secure ports. If you later switch back to (nonencrypted) TCP or UDP transport protocol, you must change the port settings back to their original values. For SIP transport, you should use either TLS or TCP transport protocols.