groupwise ® messenger installation, configuration, and operation dirk giles senior software...

GroupWise® Messenger Installation, Configuration, and Operation

Dirk GilesSenior Software EngineerGroupWise Messenger [email protected] StoddardSoftware EngineerGroupWise Messenger [email protected]

© March 9, 2004 Novell Inc.2

one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions.

The one Net vision

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© March 9, 2004 Novell Inc.3

The one Net vision

Novell Nterprise is an innovative family of products which gives you the power to enable and manage the constant interaction of people with your business systems — regardless of who they are or where they are.

Novell Nterprise™

Novell exteNd™

Novell Nsure™

Novell Nterprise™

Novell NgageSM

:

:

:

:

© January 23, 2004 Novell Inc, Confidential & Proprietary4

Today's Agenda

Prerequisites• What you should

know• Things you should

do

Installation• Linux• Issues and tips

Up and Running• The Agents

• Communications• Archive

• Securing your system

• Administering users• Client Deployment

Questions and Answers

• Optimizing your system

• Additional Considerations


Novell GroupWise Messenger:Release Goals

Novell GroupWise Messenger provides:

• Integration with Novell eDirectory for authentication and system management.

• A Secure IM solution using SSL

• Central Archiving of conversations


Novell GroupWise Messenger:Architecture

LDAPDirectory

Messaging Agent

User Authentication

Storage

Office

F i r e w

a l l

Mobile

Home

Novell eDirectory

Archive Agent

RemoteOffice

I n t e

r n e

t


Messenger System Components:Messaging Agent

The Messaging Agent:• Accesses Novell eDirectory on behalf of users to

authenticate them when they start the Messenger client, searches for contacts, saves users’ option settings for the Messenger client etc.

• Transfers instant messages back and forth between Messenger users

• Maintains presence information about Messenger users• Passes conversations to the Archive Agent if archiving is

enabled


The Archiving Agent:• Accesses eDirectory on behalf of authorized Messenger

users in order to grant them access to the Messenger archive

• Receives completed conversations from the Messaging Agent and stores them in the Messenger archive

• Indexes the archived conversations so that they can be searched by authorized Messenger users

• Performs searches in the Messenger archive for authorized Messenger users

• Manages expiration of old conversations• Repairs the Messenger archive in case of damage to its

database

Messenger System Components:Archive Agent


GroupWise Messenger – Prerequisites: Operating System

Make sure your OS is up to the job:• NetWare® 5.x and up• Windows 2000 and Windows XP

• Note: Although testing has shown that Messenger will work on Windows NT4 it is not supported

• Linux• SuSE Linux Enterprise Server 8• Red Hat Enterprise Linux AS 3• Note: Testing has shown that Messenger will run on SuSE Linux 9 Pro

and Red Hat Linux 9 but these are not supported

Make sure eDirectory™ is up to date and free from errors

• If using Novell NDS® / eDirectory for the LDAP server the following versions are supported:• Novell NDS eDirectory 8.78 or later• Novell eDirectory 85.23 (8.5.1) or later• Novell eDirectory 8.6.2 or later for Linux


GroupWise Messenger: Information Needed for Install

Before you Install Messenger; make sure you have the following information:

• eDirectory or LDAP Server information• Port, IP Address / DNS name, and authentication

credentials• If LDAP SSL is required, path to LDAP server certificate

• SSL Certificate and Key information• If you want to secure conversations in your system


GroupWise Messenger: LDAP SSL Certificates

If using LDAP and the LDAP server requires SSL/TLS:• Windows/Linux – Export the certificate

– Using LDAP server object, determine Certificate object– Using Certificate object, export Trusted Root Certificate

– Don’t export the private key– Save in DER format to an accessible location

• NetWare – Certificate should already have been exported

Or allow clear-text passwords through LDAP Group object:

• Deselect “Require SSL/TLS for simple binds”, or• Select “Allow clear-text passwords” (older

eDirectory)


GroupWise Messenger – Installation

GroupWise Messenger can be installed from either Windows or Linux

• Windows 2000 or Windows XP– Novell Client™ 32 required to allow you to extend

the Schema– Mapped drive to NetWare Server if installing to

NetWare– ConsoleOne® 1.3.2 or better (1.3.4 is included if

you don’t have it)

• Linux– If eDirectory is not installed, a LDAP connection to

another tree must be used– If ConsoleOne® is installed, the GroupWise

Messenger ConsoleOne® plugin will be installed.


Installing Messenger - Linux

Two Methods of installation can be performed(1) Install scripts and/or binary executable

(2) RPMs

The Messenger Agent installation will perform the following tasks:

• Install/Reinstall the agent rpm• Install Novell LDAP rpms if not installed• Install/Reinstall the ConsoleOne plugin rpm

(if ConsoleOne is installed)


Installing Messenger – Linux (cont.)

The Messenger installation will allow you to:

• Extend the Schema

• Create directory objects

• Create startup files

• Run the agents

Configuration script is /opt/novell/messenger/configure.sh


Linux File Locations

The Linux install is based on LSB/FHS

• Executables and tools are in /opt/novell/messenger

• Shared libraries are in /opt/novell/lib

• Startup and configuration files are in /etc/opt/novell/messenger

• Queues and stores are in /var/opt/novell/messenger

• Logs and error files are in /var/opt/novell/log/messenger


GroupWise Messenger for Linux:Install Demo

Install Demo


Post Installation tasks

Configure your Messenger Policies

– Note: You should have at least one Policy to allow users to gain access (the install creates a default policy). By default users are enabled

Configure your Messenger Profiles

Once the Messenger Agents are installed:

– Note: You *must* have at least one Scope to allow users to gain access

Configure and enable SSL if required

– Creating and/or using SSL certificates

Configure Archiving if required

Tune Directory Access and Searches if required

Setup Client Deployment


GroupWise Messenger Policy Object


GroupWise Messenger Policy Object: General

Enable Archiving Here!


GroupWise Messenger Policy Object: Contact List


GroupWise Messenger Policy Object: Information List


Setting Up Profiles

GroupWise Messenger has the following profiles:

Scope Profile (mandatory)• Defines which user contexts the system will

service

LDAP Profile• Used for directory access via LDAP• Needed to run in protected memory on

NetWare• Also used for load balancing (pools) and

failover

LDAP


Scope Profile:System Scope


LDAP Profile:General Settings

LDAP


LDAP Profile:Connection Settings

LDAP


Select your server and use the provided certificate and key file

Securing Conversations:Generate a Certificate Signing Request

Use the GWCSRGEN utility from GroupWise 6.5• You will then have a servername.CSR file• Submit this to your Certificate Authority

• Tip: You can use Novell Certificate Server (FREE!) to generate your certificate

Note: Do NOT use the ROOTCERT.DER file included with eDirectory as a public certificate

Note: If you want BOTH the Messaging and Archive agents to use SSL you will need to select the SERVER object


Securing Conversations:Specifying your Certificate and Key File


Archiving Conversations Centrally

GroupWise Messenger allows you to archive conversations within the system centrally

• By user

• By Policy

The Central Archives are currently only available to designated administrators

Note: Users can store conversations locally into text files on their workstation


Accessing Archived Conversations:Granting Archive Access


Optimizing Agent Performance:Agent Settings – Tuning

Maximum number of users (Default 5120)• When you reach this limit nobody can login• Linux system default is 1024 file descriptors

• The agent will attempt to adjust limit up to Messenger Max

Client / Server threads (Default 15)• This is fine up to 7500 users, more than 50 threads

can impact anything else running on the server



Default number of connections (Default 10)• Defines how many connections the Agent

makes to eDirectory when using direct access for user lookups

– TIP: These connections are ALWAYS kept open even when not in use

Idle Timeout (Default 30 seconds)• Idle timeout for any direct connections above

the default that are unused


Maximum connections (Default 50)• The maximum number of direct connections

that can be opened at any time

Maximum query results (Default 100)• Maximum number of results returned by a user

lookup• NOTE: Setting this to more than 200 will impact

system performance if a large number of queries are issued

Maximum query timeout (Default 30)• Maximum time server will spend doing a single

search• NOTE: Currently clients have a 30 second timeout

as well; decrease server query timeout if searches taking too long



Optimizing Agent Performance:Agent Settings


Optimizing Agent Performance:Startup File Switches 1

;----------------------------------------------------------------------; Directory Query Maximum Results; Specifies the maximum number of results that will be returned for any; request to the directory.;----------------------------------------------------------------------/dirquerymaxresults-200;----------------------------------------------------------------------; Directory Idle Timeout; Specifies the amount of time before an inactive directory connection; closes down.;----------------------------------------------------------------------/diridletimeout-20;----------------------------------------------------------------------; Directory Maximum Connections; Specifies the maximum number of directory connections;----------------------------------------------------------------------/dirmaxconnections-40;----------------------------------------------------------------------; Directory UserID Alias; Specifies the attribute to use instead of CN for user authentications; and searches etc.;----------------------------------------------------------------------/diruseralias-'Internet Email Address'

1


;----------------------------------------------------------------------; Directory Default Connections; Specifies the default number of directory connections;----------------------------------------------------------------------/dirdefaultconnections-15;----------------------------------------------------------------------; Directory Query Timeout; Specifies the amount of time the server will wait on searches;----------------------------------------------------------------------/dirquerytimeout-25;----------------------------------------------------------------------; Maximum connections; Number of Client/Server connections the server will allow.; The default is 5120 (5K).;----------------------------------------------------------------------/maxconns-2000;----------------------------------------------------------------------; Number of TCP Processing Threads; Sets how many threads the Messaging Agent spawns for handling; Client/Server requests. The default is 15.;----------------------------------------------------------------------/threads-20


2


3


This switch toggles between the default verify password model and the bind user model:

• Verify• Slightly shorter login times• Single default user needed for authentication and searches

• Bind• Each user must bind to the directory for authentication• eDirectory password and account settings honored• Default user still required for settings retrieval and searches

;-----------------------------------------------------------; Directory User Authentication via Bind; Specifies whether user authentication is performed via ; a bind or a comparison. Default is comparison.;-----------------------------------------------------------/diruserauthbind


Client Deployment:Setting up Platform Clients

Clients must be copied to download area

• Copy Windows Client– To /opt/novell/messenger/software/client/win32

• Copy Linux Client– To /opt/novell/messenger/software/client/linux

• Copy Mac Client– To /opt/novell/messenger/software/client/mac

Note: Until this is done, links on download page will be broken

Updates can be distributed via Red Carpet


Monitoring Your System:Setting up the Web Console


Linux Agent Startup:Manual Startup

Agents can be started as a: • Console app

• su to root• Change to bin directory (/opt/novell/messenger)• ./nmma @/etc/opt/novell/messenger/strtup.ma• Will log to console

• Daemon• su to root• /etc/init.d/novell-nmma start• Access agent by Web Console


Linux Agent Startup:Setting up Automatic Startup

Agents can be configured as init.d services • SuSE Linux

– su to root– insserv novell-nmma– Remove with insserv –r novell-nmma

• Red Hat Linux– su to root– chkconfig --add novell-nmma– Remove with chkconfig --del novell-nmma

Note: Messenger Agents are dependent on NDS service; will run after eDirectory starts up if installed


Web Console:Status


Web Console:Configuration

Access to logging actions

Access to archive actions


Web Console:Archive Actions


Web Console:Logging Actions


Web Console:Log Files

New Cycle Log Link


GroupWise Messenger:Additional Considerations

eDirectory Attribute Indexes• Advanced search can use (if entered):

• Given Name*• Surname*• Userid (CN)*• Department (OU)• Title

• Basic search always uses Full Name*, Given Name*, and Surname*

• Indexing these attributes through iManager or ConsoleOne will decrease search times

* Minimum recommended indexes


Installing The Messenger Client:Cross-platform Client

Linux install• Execute binary client installer as root• Will install icon on desktop• Don’t have to be root to run client

Macintosh install• Double-click downloaded sit


Messenger Client:Client Demo

Gaim plugin (Linux)

Java Client (Linux)

Java Client (Macintosh)


The Present…

Current Projects:• SP2 – Currently in authorized Beta

• Bug fixes• Performance & Scalability (including LAN rush)• Search Improvements• Slow client connection improvements

• GroupWise Messenger for Linux – Currently in Beta• SP2 + running on Linux


See GroupWise Collaboration Futures Class!

The Future…

What’s coming:• GroupWise “Sequoia” (features to be finalized)

• GroupWise Client Integration Improvements• Scalability enhancements (multiple agents)• Chat rooms• Personal conversation archives• File Transfer

• Parallel SDK development


Questions


General DisclaimerThis document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners.

No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.

groupwise ® messenger installation, configuration, and operation dirk giles senior software...

Documents