View
231
Download
0
Category
Preview:
Citation preview
GroupWise® Messenger Installation, Configuration, and Operation
Dirk GilesSenior Software EngineerGroupWise Messenger Developmentdpgiles@novell.comMike StoddardSoftware EngineerGroupWise Messenger Developmentmistoddard@novell.com
© March 9, 2004 Novell Inc.2
one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.
The one Net vision
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
© March 9, 2004 Novell Inc.3
The one Net vision
Novell Nterprise is an innovative family of products which gives you the power to enable and manage the constant interaction of people with your business systems — regardless of who they are or where they are.
Novell Nterprise™
Novell exteNd™
Novell Nsure™
Novell Nterprise™
Novell NgageSM
:
:
:
:
© January 23, 2004 Novell Inc, Confidential & Proprietary4
Today's Agenda
Prerequisites• What you should
know• Things you should
do
Installation• Linux• Issues and tips
Up and Running• The Agents
• Communications• Archive
• Securing your system
• Administering users• Client Deployment
Questions and Answers
• Optimizing your system
• Additional Considerations
© January 23, 2004 Novell Inc, Confidential & Proprietary5
Novell GroupWise Messenger:Release Goals
Novell GroupWise Messenger provides:
• Integration with Novell eDirectory for authentication and system management.
• A Secure IM solution using SSL
• Central Archiving of conversations
© January 23, 2004 Novell Inc, Confidential & Proprietary6
Novell GroupWise Messenger:Architecture
LDAPDirectory
Messaging Agent
User Authentication
Storage
Office
F i r e w
a l l
Mobile
Home
Novell eDirectory
Archive Agent
RemoteOffice
I n t e
r n e
t
© January 23, 2004 Novell Inc, Confidential & Proprietary7
Messenger System Components:Messaging Agent
The Messaging Agent:• Accesses Novell eDirectory on behalf of users to
authenticate them when they start the Messenger client, searches for contacts, saves users’ option settings for the Messenger client etc.
• Transfers instant messages back and forth between Messenger users
• Maintains presence information about Messenger users• Passes conversations to the Archive Agent if archiving is
enabled
© January 23, 2004 Novell Inc, Confidential & Proprietary8
The Archiving Agent:• Accesses eDirectory on behalf of authorized Messenger
users in order to grant them access to the Messenger archive
• Receives completed conversations from the Messaging Agent and stores them in the Messenger archive
• Indexes the archived conversations so that they can be searched by authorized Messenger users
• Performs searches in the Messenger archive for authorized Messenger users
• Manages expiration of old conversations• Repairs the Messenger archive in case of damage to its
database
Messenger System Components:Archive Agent
© January 23, 2004 Novell Inc, Confidential & Proprietary9
GroupWise Messenger – Prerequisites: Operating System
Make sure your OS is up to the job:• NetWare® 5.x and up• Windows 2000 and Windows XP
• Note: Although testing has shown that Messenger will work on Windows NT4 it is not supported
• Linux• SuSE Linux Enterprise Server 8• Red Hat Enterprise Linux AS 3• Note: Testing has shown that Messenger will run on SuSE Linux 9 Pro
and Red Hat Linux 9 but these are not supported
Make sure eDirectory™ is up to date and free from errors
• If using Novell NDS® / eDirectory for the LDAP server the following versions are supported:• Novell NDS eDirectory 8.78 or later• Novell eDirectory 85.23 (8.5.1) or later• Novell eDirectory 8.6.2 or later for Linux
© January 23, 2004 Novell Inc, Confidential & Proprietary10
GroupWise Messenger: Information Needed for Install
Before you Install Messenger; make sure you have the following information:
• eDirectory or LDAP Server information• Port, IP Address / DNS name, and authentication
credentials• If LDAP SSL is required, path to LDAP server certificate
• SSL Certificate and Key information• If you want to secure conversations in your system
© January 23, 2004 Novell Inc, Confidential & Proprietary11
GroupWise Messenger: LDAP SSL Certificates
If using LDAP and the LDAP server requires SSL/TLS:• Windows/Linux – Export the certificate
– Using LDAP server object, determine Certificate object– Using Certificate object, export Trusted Root Certificate
– Don’t export the private key– Save in DER format to an accessible location
• NetWare – Certificate should already have been exported
Or allow clear-text passwords through LDAP Group object:
• Deselect “Require SSL/TLS for simple binds”, or• Select “Allow clear-text passwords” (older
eDirectory)
© January 23, 2004 Novell Inc, Confidential & Proprietary12
GroupWise Messenger – Installation
GroupWise Messenger can be installed from either Windows or Linux
• Windows 2000 or Windows XP– Novell Client™ 32 required to allow you to extend
the Schema– Mapped drive to NetWare Server if installing to
NetWare– ConsoleOne® 1.3.2 or better (1.3.4 is included if
you don’t have it)
• Linux– If eDirectory is not installed, a LDAP connection to
another tree must be used– If ConsoleOne® is installed, the GroupWise
Messenger ConsoleOne® plugin will be installed.
© January 23, 2004 Novell Inc, Confidential & Proprietary13
Installing Messenger - Linux
Two Methods of installation can be performed(1) Install scripts and/or binary executable
(2) RPMs
The Messenger Agent installation will perform the following tasks:
• Install/Reinstall the agent rpm• Install Novell LDAP rpms if not installed• Install/Reinstall the ConsoleOne plugin rpm
(if ConsoleOne is installed)
© January 23, 2004 Novell Inc, Confidential & Proprietary14
Installing Messenger – Linux (cont.)
The Messenger installation will allow you to:
• Extend the Schema
• Create directory objects
• Create startup files
• Run the agents
Configuration script is /opt/novell/messenger/configure.sh
© January 23, 2004 Novell Inc, Confidential & Proprietary15
Linux File Locations
The Linux install is based on LSB/FHS
• Executables and tools are in /opt/novell/messenger
• Shared libraries are in /opt/novell/lib
• Startup and configuration files are in /etc/opt/novell/messenger
• Queues and stores are in /var/opt/novell/messenger
• Logs and error files are in /var/opt/novell/log/messenger
© January 23, 2004 Novell Inc, Confidential & Proprietary16
GroupWise Messenger for Linux:Install Demo
Install Demo
© January 23, 2004 Novell Inc, Confidential & Proprietary17
Post Installation tasks
Configure your Messenger Policies
– Note: You should have at least one Policy to allow users to gain access (the install creates a default policy). By default users are enabled
Configure your Messenger Profiles
Once the Messenger Agents are installed:
– Note: You *must* have at least one Scope to allow users to gain access
Configure and enable SSL if required
– Creating and/or using SSL certificates
Configure Archiving if required
Tune Directory Access and Searches if required
Setup Client Deployment
© January 23, 2004 Novell Inc, Confidential & Proprietary19
GroupWise Messenger Policy Object: General
Enable Archiving Here!
© January 23, 2004 Novell Inc, Confidential & Proprietary20
GroupWise Messenger Policy Object: Contact List
© January 23, 2004 Novell Inc, Confidential & Proprietary21
GroupWise Messenger Policy Object: Information List
© January 23, 2004 Novell Inc, Confidential & Proprietary22
Setting Up Profiles
GroupWise Messenger has the following profiles:
Scope Profile (mandatory)• Defines which user contexts the system will
service
LDAP Profile• Used for directory access via LDAP• Needed to run in protected memory on
NetWare• Also used for load balancing (pools) and
failover
LDAP
© January 23, 2004 Novell Inc, Confidential & Proprietary26
Select your server and use the provided certificate and key file
Securing Conversations:Generate a Certificate Signing Request
Use the GWCSRGEN utility from GroupWise 6.5• You will then have a servername.CSR file• Submit this to your Certificate Authority
• Tip: You can use Novell Certificate Server (FREE!) to generate your certificate
Note: Do NOT use the ROOTCERT.DER file included with eDirectory as a public certificate
Note: If you want BOTH the Messaging and Archive agents to use SSL you will need to select the SERVER object
© January 23, 2004 Novell Inc, Confidential & Proprietary27
Securing Conversations:Specifying your Certificate and Key File
© January 23, 2004 Novell Inc, Confidential & Proprietary28
Archiving Conversations Centrally
GroupWise Messenger allows you to archive conversations within the system centrally
• By user
• By Policy
The Central Archives are currently only available to designated administrators
Note: Users can store conversations locally into text files on their workstation
© January 23, 2004 Novell Inc, Confidential & Proprietary29
Accessing Archived Conversations:Granting Archive Access
© January 23, 2004 Novell Inc, Confidential & Proprietary30
Optimizing Agent Performance:Agent Settings – Tuning
Maximum number of users (Default 5120)• When you reach this limit nobody can login• Linux system default is 1024 file descriptors
• The agent will attempt to adjust limit up to Messenger Max
Client / Server threads (Default 15)• This is fine up to 7500 users, more than 50 threads
can impact anything else running on the server
© January 23, 2004 Novell Inc, Confidential & Proprietary31
Optimizing Agent Performance:Agent Settings – Tuning
Default number of connections (Default 10)• Defines how many connections the Agent
makes to eDirectory when using direct access for user lookups
– TIP: These connections are ALWAYS kept open even when not in use
Idle Timeout (Default 30 seconds)• Idle timeout for any direct connections above
the default that are unused
© January 23, 2004 Novell Inc, Confidential & Proprietary32
Maximum connections (Default 50)• The maximum number of direct connections
that can be opened at any time
Maximum query results (Default 100)• Maximum number of results returned by a user
lookup• NOTE: Setting this to more than 200 will impact
system performance if a large number of queries are issued
Maximum query timeout (Default 30)• Maximum time server will spend doing a single
search• NOTE: Currently clients have a 30 second timeout
as well; decrease server query timeout if searches taking too long
Optimizing Agent Performance:Agent Settings – Tuning
© January 23, 2004 Novell Inc, Confidential & Proprietary33
Optimizing Agent Performance:Agent Settings
© January 23, 2004 Novell Inc, Confidential & Proprietary34
Optimizing Agent Performance:Startup File Switches 1
;----------------------------------------------------------------------; Directory Query Maximum Results; Specifies the maximum number of results that will be returned for any; request to the directory.;----------------------------------------------------------------------/dirquerymaxresults-200;----------------------------------------------------------------------; Directory Idle Timeout; Specifies the amount of time before an inactive directory connection; closes down.;----------------------------------------------------------------------/diridletimeout-20;----------------------------------------------------------------------; Directory Maximum Connections; Specifies the maximum number of directory connections;----------------------------------------------------------------------/dirmaxconnections-40;----------------------------------------------------------------------; Directory UserID Alias; Specifies the attribute to use instead of CN for user authentications; and searches etc.;----------------------------------------------------------------------/diruseralias-'Internet Email Address'
1
© January 23, 2004 Novell Inc, Confidential & Proprietary35
;----------------------------------------------------------------------; Directory Default Connections; Specifies the default number of directory connections;----------------------------------------------------------------------/dirdefaultconnections-15;----------------------------------------------------------------------; Directory Query Timeout; Specifies the amount of time the server will wait on searches;----------------------------------------------------------------------/dirquerytimeout-25;----------------------------------------------------------------------; Maximum connections; Number of Client/Server connections the server will allow.; The default is 5120 (5K).;----------------------------------------------------------------------/maxconns-2000;----------------------------------------------------------------------; Number of TCP Processing Threads; Sets how many threads the Messaging Agent spawns for handling; Client/Server requests. The default is 15.;----------------------------------------------------------------------/threads-20
Optimizing Agent Performance:Startup File Switches 2
2
© January 23, 2004 Novell Inc, Confidential & Proprietary36
3
Optimizing Agent Performance:Startup File Switches 3
This switch toggles between the default verify password model and the bind user model:
• Verify• Slightly shorter login times• Single default user needed for authentication and searches
• Bind• Each user must bind to the directory for authentication• eDirectory password and account settings honored• Default user still required for settings retrieval and searches
;-----------------------------------------------------------; Directory User Authentication via Bind; Specifies whether user authentication is performed via ; a bind or a comparison. Default is comparison.;-----------------------------------------------------------/diruserauthbind
© January 23, 2004 Novell Inc, Confidential & Proprietary37
Client Deployment:Setting up Platform Clients
Clients must be copied to download area
• Copy Windows Client– To /opt/novell/messenger/software/client/win32
• Copy Linux Client– To /opt/novell/messenger/software/client/linux
• Copy Mac Client– To /opt/novell/messenger/software/client/mac
Note: Until this is done, links on download page will be broken
Updates can be distributed via Red Carpet
© January 23, 2004 Novell Inc, Confidential & Proprietary38
Monitoring Your System:Setting up the Web Console
© January 23, 2004 Novell Inc, Confidential & Proprietary39
Linux Agent Startup:Manual Startup
Agents can be started as a: • Console app
• su to root• Change to bin directory (/opt/novell/messenger)• ./nmma @/etc/opt/novell/messenger/strtup.ma• Will log to console
• Daemon• su to root• /etc/init.d/novell-nmma start• Access agent by Web Console
© January 23, 2004 Novell Inc, Confidential & Proprietary40
Linux Agent Startup:Setting up Automatic Startup
Agents can be configured as init.d services • SuSE Linux
– su to root– insserv novell-nmma– Remove with insserv –r novell-nmma
• Red Hat Linux– su to root– chkconfig --add novell-nmma– Remove with chkconfig --del novell-nmma
Note: Messenger Agents are dependent on NDS service; will run after eDirectory starts up if installed
© January 23, 2004 Novell Inc, Confidential & Proprietary42
Web Console:Configuration
Access to logging actions
Access to archive actions
© January 23, 2004 Novell Inc, Confidential & Proprietary45
Web Console:Log Files
New Cycle Log Link
© January 23, 2004 Novell Inc, Confidential & Proprietary46
GroupWise Messenger:Additional Considerations
eDirectory Attribute Indexes• Advanced search can use (if entered):
• Given Name*• Surname*• Userid (CN)*• Department (OU)• Title
• Basic search always uses Full Name*, Given Name*, and Surname*
• Indexing these attributes through iManager or ConsoleOne will decrease search times
* Minimum recommended indexes
© January 23, 2004 Novell Inc, Confidential & Proprietary47
Installing The Messenger Client:Cross-platform Client
Linux install• Execute binary client installer as root• Will install icon on desktop• Don’t have to be root to run client
Macintosh install• Double-click downloaded sit
© January 23, 2004 Novell Inc, Confidential & Proprietary48
Messenger Client:Client Demo
Gaim plugin (Linux)
Java Client (Linux)
Java Client (Macintosh)
© January 23, 2004 Novell Inc, Confidential & Proprietary49
The Present…
Current Projects:• SP2 – Currently in authorized Beta
• Bug fixes• Performance & Scalability (including LAN rush)• Search Improvements• Slow client connection improvements
• GroupWise Messenger for Linux – Currently in Beta• SP2 + running on Linux
© January 23, 2004 Novell Inc, Confidential & Proprietary50
See GroupWise Collaboration Futures Class!
The Future…
What’s coming:• GroupWise “Sequoia” (features to be finalized)
• GroupWise Client Integration Improvements• Scalability enhancements (multiple agents)• Chat rooms• Personal conversation archives• File Transfer
• Parallel SDK development
© January 23, 2004 Novell Inc, Confidential & Proprietary53
General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.
No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.
Recommended