GroupWise ® Messenger Installation, Configuration, and Operation Dirk Giles Senior Software Engineer GroupWise Messenger Development Mike Stoddard Software Engineer GroupWise Messenger Development
© March 9, 2004 Novell Inc. 2 one Net: Information without boundaries…where the right people are connected with the right information at the right time to make the right decisions. The one Net vision Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :
© March 9, 2004 Novell Inc. 3 The one Net vision Novell Nterprise is an innovative family of products which gives you the power to enable and manage the constant interaction of people with your business systems — regardless of who they are or where they are. Novell Nterprise ™ Novell exteNd ™ Novell Nsure ™ Novell Nterprise ™ Novell Ngage SM : : : :
© January 23, 2004 Novell Inc, Confidential & Proprietary 4 Today's Agenda Prerequisites What you should know Things you should do Installation Linux Issues and tips Up and Running The Agents Communications Archive Securing your system Administering users Client Deployment Questions and Answers Optimizing your system Additional Considerations
© January 23, 2004 Novell Inc, Confidential & Proprietary 5 Novell GroupWise Messenger: Release Goals Novell GroupWise Messenger provides: Integration with Novell eDirectory for authentication and system management. A Secure IM solution using SSL Central Archiving of conversations
© January 23, 2004 Novell Inc, Confidential & Proprietary 6 Novell GroupWise Messenger: Architecture LDAP Directory Messaging Agent User Authentication Storage Office F i r e w a l l Mobile Home Novell eDirectory Archive Agent Remote Office I n t e r n e t
© January 23, 2004 Novell Inc, Confidential & Proprietary 7 Messenger System Components: Messaging Agent The Messaging Agent: Accesses Novell eDirectory on behalf of users to authenticate them when they start the Messenger client, searches for contacts, saves users’ option settings for the Messenger client etc. Transfers instant messages back and forth between Messenger users Maintains presence information about Messenger users Passes conversations to the Archive Agent if archiving is enabled
© January 23, 2004 Novell Inc, Confidential & Proprietary 8 The Archiving Agent: Accesses eDirectory on behalf of authorized Messenger users in order to grant them access to the Messenger archive Receives completed conversations from the Messaging Agent and stores them in the Messenger archive Indexes the archived conversations so that they can be searched by authorized Messenger users Performs searches in the Messenger archive for authorized Messenger users Manages expiration of old conversations Repairs the Messenger archive in case of damage to its database Messenger System Components: Archive Agent
© January 23, 2004 Novell Inc, Confidential & Proprietary 9 GroupWise Messenger – Prerequisites: Operating System Make sure your OS is up to the job: NetWare ® 5.x and up Windows 2000 and Windows XP Note: Although testing has shown that Messenger will work on Windows NT4 it is not supported Linux SuSE Linux Enterprise Server 8 Red Hat Enterprise Linux AS 3 Note: Testing has shown that Messenger will run on SuSE Linux 9 Pro and Red Hat Linux 9 but these are not supported Make sure eDirectory ™ is up to date and free from errors If using Novell NDS ® / eDirectory for the LDAP server the following versions are supported: Novell NDS eDirectory 8.78 or later Novell eDirectory (8.5.1) or later Novell eDirectory or later for Linux
© January 23, 2004 Novell Inc, Confidential & Proprietary 10 GroupWise Messenger: Information Needed for Install Before you Install Messenger; make sure you have the following information: eDirectory or LDAP Server information Port, IP Address / DNS name, and authentication credentials If LDAP SSL is required, path to LDAP server certificate SSL Certificate and Key information If you want to secure conversations in your system
© January 23, 2004 Novell Inc, Confidential & Proprietary 11 GroupWise Messenger: LDAP SSL Certificates If using LDAP and the LDAP server requires SSL/TLS: Windows/Linux – Export the certificate – Using LDAP server object, determine Certificate object – Using Certificate object, export Trusted Root Certificate – Don’t export the private key – Save in DER format to an accessible location NetWare – Certificate should already have been exported Or allow clear-text passwords through LDAP Group object: Deselect “Require SSL/TLS for simple binds”, or Select “Allow clear-text passwords” (older eDirectory)
© January 23, 2004 Novell Inc, Confidential & Proprietary 12 GroupWise Messenger – Installation GroupWise Messenger can be installed from either Windows or Linux Windows 2000 or Windows XP – Novell Client™ 32 required to allow you to extend the Schema – Mapped drive to NetWare Server if installing to NetWare – ConsoleOne ® or better (1.3.4 is included if you don’t have it) Linux – If eDirectory is not installed, a LDAP connection to another tree must be used – If ConsoleOne ® is installed, the GroupWise Messenger ConsoleOne ® plugin will be installed.
© January 23, 2004 Novell Inc, Confidential & Proprietary 13 Installing Messenger - Linux Two Methods of installation can be performed (1) Install scripts and/or binary executable (2) RPMs The Messenger Agent installation will perform the following tasks: Install/Reinstall the agent rpm Install Novell LDAP rpms if not installed Install/Reinstall the ConsoleOne plugin rpm (if ConsoleOne is installed)
© January 23, 2004 Novell Inc, Confidential & Proprietary 14 Installing Messenger – Linux (cont.) The Messenger installation will allow you to: Extend the Schema Create directory objects Create startup files Run the agents Configuration script is /opt/novell/messenger/configure.sh
© January 23, 2004 Novell Inc, Confidential & Proprietary 15 Linux File Locations The Linux install is based on LSB/FHS Executables and tools are in /opt/novell/messenger Shared libraries are in /opt/novell/lib Startup and configuration files are in /etc/opt/novell/messenger Queues and stores are in /var/opt/novell/messenger Logs and error files are in /var/opt/novell/log/messenger
© January 23, 2004 Novell Inc, Confidential & Proprietary 16 GroupWise Messenger for Linux: Install Demo Install Demo
© January 23, 2004 Novell Inc, Confidential & Proprietary 17 Post Installation tasks Configure your Messenger Policies –Note: You should have at least one Policy to allow users to gain access (the install creates a default policy). By default users are enabled Configure your Messenger Profiles Once the Messenger Agents are installed: –Note: You *must* have at least one Scope to allow users to gain access Configure and enable SSL if required –Creating and/or using SSL certificates Configure Archiving if required Tune Directory Access and Searches if required Setup Client Deployment
© January 23, 2004 Novell Inc, Confidential & Proprietary 18 GroupWise Messenger Policy Object
© January 23, 2004 Novell Inc, Confidential & Proprietary 19 GroupWise Messenger Policy Object: General Enable Archiving Here!
© January 23, 2004 Novell Inc, Confidential & Proprietary 20 GroupWise Messenger Policy Object: Contact List
© January 23, 2004 Novell Inc, Confidential & Proprietary 21 GroupWise Messenger Policy Object: Information List
© January 23, 2004 Novell Inc, Confidential & Proprietary 22 Setting Up Profiles GroupWise Messenger has the following profiles: Scope Profile (mandatory) Defines which user contexts the system will service LDAP Profile Used for directory access via LDAP Needed to run in protected memory on NetWare Also used for load balancing (pools) and failover LDAP
© January 23, 2004 Novell Inc, Confidential & Proprietary 23 Scope Profile: System Scope
© January 23, 2004 Novell Inc, Confidential & Proprietary 24 LDAP Profile: General Settings LDAP
© January 23, 2004 Novell Inc, Confidential & Proprietary 25 LDAP Profile: Connection Settings LDAP
© January 23, 2004 Novell Inc, Confidential & Proprietary 26 Select your server and use the provided certificate and key file Securing Conversations: Generate a Certificate Signing Request Use the GWCSRGEN utility from GroupWise 6.5 You will then have a servername.CSR file Submit this to your Certificate Authority Tip: You can use Novell Certificate Server (FREE!) to generate your certificate Note: Do NOT use the ROOTCERT.DER file included with eDirectory as a public certificate Note: If you want BOTH the Messaging and Archive agents to use SSL you will need to select the SERVER object
© January 23, 2004 Novell Inc, Confidential & Proprietary 27 Securing Conversations: Specifying your Certificate and Key File
© January 23, 2004 Novell Inc, Confidential & Proprietary 28 Archiving Conversations Centrally GroupWise Messenger allows you to archive conversations within the system centrally By user By Policy The Central Archives are currently only available to designated administrators Note: Users can store conversations locally into text files on their workstation
© January 23, 2004 Novell Inc, Confidential & Proprietary 29 Accessing Archived Conversations: Granting Archive Access
© January 23, 2004 Novell Inc, Confidential & Proprietary 30 Optimizing Agent Performance: Agent Settings – Tuning Maximum number of users (Default 5120) When you reach this limit nobody can login Linux system default is 1024 file descriptors The agent will attempt to adjust limit up to Messenger Max Client / Server threads (Default 15) This is fine up to 7500 users, more than 50 threads can impact anything else running on the server
© January 23, 2004 Novell Inc, Confidential & Proprietary 31 Optimizing Agent Performance: Agent Settings – Tuning Default number of connections (Default 10) Defines how many connections the Agent makes to eDirectory when using direct access for user lookups – TIP: These connections are ALWAYS kept open even when not in use Idle Timeout (Default 30 seconds) Idle timeout for any direct connections above the default that are unused
© January 23, 2004 Novell Inc, Confidential & Proprietary 32 Maximum connections (Default 50) The maximum number of direct connections that can be opened at any time Maximum query results (Default 100) Maximum number of results returned by a user lookup NOTE: Setting this to more than 200 will impact system performance if a large number of queries are issued Maximum query timeout (Default 30) Maximum time server will spend doing a single search NOTE: Currently clients have a 30 second timeout as well; decrease server query timeout if searches taking too long Optimizing Agent Performance: Agent Settings – Tuning
© January 23, 2004 Novell Inc, Confidential & Proprietary 33 Optimizing Agent Performance: Agent Settings
© January 23, 2004 Novell Inc, Confidential & Proprietary 34 Optimizing Agent Performance: Startup File Switches 1 ; ; Directory Query Maximum Results ; Specifies the maximum number of results that will be returned for any ; request to the directory. ; /dirquerymaxresults-200 ; ; Directory Idle Timeout ; Specifies the amount of time before an inactive directory connection ; closes down. ; /diridletimeout-20 ; ; Directory Maximum Connections ; Specifies the maximum number of directory connections ; /dirmaxconnections-40 ; ; Directory UserID Alias ; Specifies the attribute to use instead of CN for user authentications ; and searches etc. ; /diruseralias-'Internet Address' 1
© January 23, 2004 Novell Inc, Confidential & Proprietary 35 ; ; Directory Default Connections ; Specifies the default number of directory connections ; /dirdefaultconnections-15 ; ; Directory Query Timeout ; Specifies the amount of time the server will wait on searches ; /dirquerytimeout-25 ; ; Maximum connections ; Number of Client/Server connections the server will allow. ; The default is 5120 (5K). ; /maxconns-2000 ; ; Number of TCP Processing Threads ; Sets how many threads the Messaging Agent spawns for handling ; Client/Server requests. The default is 15. ; /threads-20 Optimizing Agent Performance: Startup File Switches 2 2
© January 23, 2004 Novell Inc, Confidential & Proprietary 36 3 Optimizing Agent Performance: Startup File Switches 3 This switch toggles between the default verify password model and the bind user model: Verify Slightly shorter login times Single default user needed for authentication and searches Bind Each user must bind to the directory for authentication eDirectory password and account settings honored Default user still required for settings retrieval and searches ; ; Directory User Authentication via Bind ; Specifies whether user authentication is performed via ; a bind or a comparison. Default is comparison. ; /diruserauthbind
© January 23, 2004 Novell Inc, Confidential & Proprietary 37 Client Deployment: Setting up Platform Clients Clients must be copied to download area Copy Windows Client – To /opt/novell/messenger/software/client/win32 Copy Linux Client –To /opt/novell/messenger/software/client/linux Copy Mac Client –To /opt/novell/messenger/software/client/mac Note: Until this is done, links on download page will be broken Updates can be distributed via Red Carpet
© January 23, 2004 Novell Inc, Confidential & Proprietary 38 Monitoring Your System: Setting up the Web Console
© January 23, 2004 Novell Inc, Confidential & Proprietary 39 Linux Agent Startup: Manual Startup Agents can be started as a: Console app su to root Change to bin directory Will log to console Daemon su to root /etc/init.d/novell-nmma start Access agent by Web Console
© January 23, 2004 Novell Inc, Confidential & Proprietary 40 Linux Agent Startup: Setting up Automatic Startup Agents can be configured as init.d services SuSE Linux – su to root – insserv novell-nmma – Remove with insserv –r novell-nmma Red Hat Linux – su to root – chkconfig --add novell-nmma – Remove with chkconfig --del novell-nmma Note: Messenger Agents are dependent on NDS service; will run after eDirectory starts up if installed
© January 23, 2004 Novell Inc, Confidential & Proprietary 41 Web Console: Status
© January 23, 2004 Novell Inc, Confidential & Proprietary 42 Web Console: Configuration Access to logging actions Access to archive actions
© January 23, 2004 Novell Inc, Confidential & Proprietary 43 Web Console: Archive Actions
© January 23, 2004 Novell Inc, Confidential & Proprietary 44 Web Console: Logging Actions
© January 23, 2004 Novell Inc, Confidential & Proprietary 45 Web Console: Log Files New Cycle Log Link
© January 23, 2004 Novell Inc, Confidential & Proprietary 46 GroupWise Messenger: Additional Considerations eDirectory Attribute Indexes Advanced search can use (if entered): Given Name* Surname* Userid (CN)* Department (OU) Title Basic search always uses Full Name*, Given Name*, and Surname* Indexing these attributes through iManager or ConsoleOne will decrease search times * Minimum recommended indexes
© January 23, 2004 Novell Inc, Confidential & Proprietary 47 Installing The Messenger Client: Cross-platform Client Linux install Execute binary client installer as root Will install icon on desktop Don’t have to be root to run client Macintosh install Double-click downloaded sit
© January 23, 2004 Novell Inc, Confidential & Proprietary 48 Messenger Client: Client Demo Gaim plugin (Linux) Java Client (Linux) Java Client (Macintosh)
© January 23, 2004 Novell Inc, Confidential & Proprietary 49 The Present… Current Projects: SP2 – Currently in authorized Beta Bug fixes Performance & Scalability (including LAN rush) Search Improvements Slow client connection improvements GroupWise Messenger for Linux – Currently in Beta SP2 + running on Linux
© January 23, 2004 Novell Inc, Confidential & Proprietary 50 See GroupWise Collaboration Futures Class! The Future… What’s coming: GroupWise “Sequoia” (features to be finalized) GroupWise Client Integration Improvements Scalability enhancements (multiple agents) Chat rooms Personal conversation archives File Transfer Parallel SDK development
© January 23, 2004 Novell Inc, Confidential & Proprietary 51 Questions
© January 23, 2004 Novell Inc, Confidential & Proprietary 52
© January 23, 2004 Novell Inc, Confidential & Proprietary 53 General Disclaimer This document is not to be construed as a promise by any participating company to develop, deliver, or market a product. Novell, Inc., makes no representations or warranties with respect to the contents of this document, and specifically disclaims any express or implied warranties of merchantability or fitness for any particular purpose. Further, Novell, Inc., reserves the right to revise this document and to make changes to its content, at any time, without obligation to notify any person or entity of such revisions or changes. All Novell marks referenced in this presentation are trademarks or registered trademarks of Novell, Inc. in the United States and other countries. All third-party trademarks are the property of their respective owners. No part of this work may be practiced, performed, copied, distributed, revised, modified, translated, abridged, condensed, expanded, collected, or adapted without the prior written consent of Novell, Inc. Any use or exploitation of this work without authorization could subject the perpetrator to criminal and civil liability.