Thursday Apr 05, 2007

Communications Suite Odds and Ends

As usual, lots to scrape off the Comms windshield. Here are some interesting factoids that have turned up in the past few days:

  • Installing a Comms 5 Calendar Server deployment, front end and back end (where the front end is using the DWP protocol to communicate with the back end): when you use the csconfigurator.sh program on the front end to configure Calendar Server, you are prompted to use the IP address of the back end to point to. Unfortunately, this needs to be the host name, so you'll have to correct that manually. (Bug has been filed.)
  • When deploying Connector for Outlook with Calendar Server/Communications Express, realize that Connector needs to access calendar in WCAP (a calendar protocol encapsulated in HTTP) and communicate directly to a calendar process that 'speaks' WCAP (cshttpd). In a multi-tier deployment, that means installing a Calendar Server front-end on your host running Communications Express. This calendar front-end prowides the WCAP services necessary for Connector, and then communicates to the back-end host using the DWP protocol (port 57779 by default; thus, be carefull with you firewall rules between front-end and back-end host). For more information on this kind of deployment:

    http://docs.sun.com/app/docs/doc/4439/6n4udv3em?a=view
    http://docs.sun.com/app/docs/doc/4439/6n4udv3cg?a=view

  • I pushed a new tech note to docs.sun.com today, should be available by tomorrow: Using Sun StorageTek 53xx NAS with Messaging Server Message Store.
  • Our deployment team says that you need an expert to install Comms, and even then, don't expect a problem-free time. Question: Is this news to anyone? I do hope, at least, that our customers have been seeing some improvement in this area from at least the docs standpoint. If not, you know you can always drop me a line and let me know.
  • Found this interesting tech note from our Access Manager brethren: Sun Java System Access Manager ACI Guide. Personally, I'd rather have to eat peanut butter and crackers stranded in the desert without water than to have to deal with AM ACIs, but here you have a new peek into what the heck's going on there.

Wednesday Apr 04, 2007

Heads Up: Communications Suite New Info on the Way

Just a quick update to describe some of the new information coming your way regarding Communications Suite:

  • Tuning the Messaging Server MMP - I'm working with one of our support engineers on this tech tip type doc, which describes tuning recommendations for Sun Java System Messaging Server 2005Q4 Messaging Multiplexor (MMP). The tuning information applies to the Sun Java System Messaging Multi-Plexor (MMP) software provided with the Java ES 4 (2005Q4) release (118207-56/118208-56 patch release or above).
  • Comms Single Host Deployment Example for Linux - Yes indeed, one of our more successful docs (by all reports) will now be available for the Linux platform as well, to help with what one reader described as the "opaque incantations" of the Comms install process. (And thanks go again to the same support engineer mentioned above for putting this together.)
  • Patch Information - I'll be using the Downloads > Updates tab on the Comms Suite BigAdmin Hub to post patch information for both Comms 5 and Comms 2005Q4.
I'll be sure to alert the Comms blogosphere when these items make their way live.

Tuesday Apr 03, 2007

The Secret Life of Calendar Groups in Calendar Server 6.3 and Communications Express 6.3

We've been having an internal discussion about a 'new' feature in Calendar Server 6.3, namely, Calendar Groups, and how all this fits in with Calendar Server and Communications Express. According to the Calendar Server Release Notes:

Support for LDAP Groups in Calendar Server 6.3

It is now possible to create LDAP groups using Delegated Administrator. Groups have the following functionality:

  • A group is a list of users. The group does not “contain” the listed users. It is not a container.

  • A group can have a group calendar.

  • Invitations sent to a group reside on all the members' calendars, as well as the group calendar.

  • All members of the group share the same access rights to the group calendar.

  • There is no primary owner for a group calendar.

    - This should be corrected to: The group calendar does have an owner, and can have co-owners too.

Clarifying these points, then, with some discussion that took place today:

  • The group calendar that you create through Delegated Administrator is a Corporate Group--different from your usual Personal Group (created through the Communications Express Addressbook).
  • When subscribing to a group calendar through the Communications Express interface, you subscribe to the Personal not Corporate group. That is, the CE interface does not access the group calendar created in the LDAP directory (by using DA).
  • The cscal command manages calendars in the Calendar Database not the LDAP directory. Thus, if you go looking for your LDAP group calendar with cscal, you won't find it initially (see below for more info).
  • When you invite the LDAP group calendar, member calendars added to the group get the events. There is no 'physical' calendar for the group calendar but the individual user's (member's) calendars.
  • To manage a group calendar, you actually manage the member's calendars (in Comms Express).
  • Calendar Groups can be used for limited functionality, including invite to event, check availability, compose mail to group, and view calendar from Addressbook (in Comms Express).
  • Currently, when you create the group calendar, you must then access it the first time (use it in an invite, for example) before it 'shows up' using the cscal command. Unfortunately--and this is a big unfortunately--currently there is no client today with which you an invite the calendar.
I hope this explanation helps in how to use (or not use) the current implementation of group calendars in Calendar Server and Communications Express. Questions anyone?

Tuesday Mar 20, 2007

Calendar Server Pop-ups: Not Just For Breakfast Anymore

Ya know, it's actually kinda cool when we use our own products. I'm talking about getting pop-up reminders on your desktop for your Calendar Server appointments. As long as you're running both Calendar Server and Instant Messaging, you can make this happen. And believe it or not, we actually do just that at Sun. Here's how.

To get pop-up reminders, you must have Instant Messaging installed on your network and you must be logged into Instant Messenger. (Instant Messenger can be iconified if you like). With Sun Java Communications Suite 5, the IM configuration wizard configures the iim.conf file for pop-up notifications and there is nothing you need to add to the iim.conf file, unless you want to define an optional password. You still need to modify the Calendar Server ics.conf file and enable calendar reminders in the IM client.

How to do it:

  1. Edit the Instant Messaging iim.conf file as shown below, and restart Instant Messaging. (Only required for versions of IM prior to IM 7.2. You can skip the iim.conf configuration steps if running IM 7.2 or later.)
    ! calendar event config
    jms.consumers=cal
    
    jms.providers=ens
    jms.provider.ens.broker=.domain:57997
    jms.provider.ens.factory=com.iplanet.ens.jms.EnsTopicConnFactory
    !
    jms.consumer.cal.destination=enp:///ics/customalarm
    jms.consumer.cal.provider=ens
    jms.consumer.cal.originator=.domain
    jms.consumer.cal.type=topic
    jms.consumer.cal.factory=com.iplanet.im.server.JMSCalendarMessageListener
    jms.consumer.cal.param="eventtype=calendar.alarm"
    iim_agent.enable=true
    iim_agent.agent-calendar.enable=true
    agent-calendar.jid=calimbot..domain
    agent-calendar.password=
    iim_server.components=agent-calendar
    
    \*Note: .domain is the fully qualified hostname of the calendar server such as megademo.demo.iplanet.com
    
  2. Edit the Calendar Server ics.conf as show belown, and restart Calendar Server.
    caldb.serveralarms = "yes"
    caldb.serveralarms.dispatch = "yes"
    caldb.serveralarms.url = "enp:///ics/customalarm"
    caldb.serveralarms.contenttype = "text/xml"
    caldb.serveralarms.dispatchtype = "ens"
    
  3. Click the "Show Calendar Reminders" checkbox in the Instant Messenger client. This is contained in the "Alerts" tab in the Instant Messenger "Settings" popup.

Friday Mar 16, 2007

Communications Suite 5 and Java ES: The Parting of the Ways

Just a heads-up about the forthcoming Communications Suite 5 release, in case you've missed it: Comms in no longer part of Java ES. So, all the Comms Suite 5 products--Messaging Server 6.3, Calendar Server 6.3, Instant Messaging 7.2--aren't part of the Java ES 5 bundle, and they won't be part of a Java ES bundle going forward. You'll download a separate Comms software bundle now, once we make it available. In addition, there will be separate Comms Install and Upgrade Guides. In the past, this information was included in the Java ES docs.

Here's the official statement that will appear in the docs:

Change in Availability of Communications Suite Products

Beginning with this release of Communications Suite 5, communications products are being removed from the Sun Java Enterprise System entitlement. Communications products are available as part of the Communications Suite or as individual products. Communications products will no longer be installed through the Java Enterprise System installer. Communications product components continue to interoperate with Java Enterprise System components.

This change in entitlement does not affect the communications products in Java Enterprise System 2005Q4. If you have communication products installed, no change will occur to your entitlement.

Thursday Mar 15, 2007

Communications Suite 5 Q&A: Access Manager, Delegated Admin, and Schema

There continues to be a fair amount of confusion (or miscommunication on our part) around Access Manager, Delegated Administrator, and schema choice. And the same confusion potentially could exist when it comes to deploying Comms Suite 5. So, here in a nutshell, are what I think are the basic questions and answers surrounding these products. I'll try and keep track of these issues going forward and continue to post them.

  1. In Communications Suite 5, does Delegated Administrator 6.4 still require you to deploy Access Manager?
    Yes, Delegated Administrator 6.4 still requires you to deploy Access Manager.
  2. In Communications Suite 5, does Communications Express 6.3 require you to deploy Access Manager?
    Starting with the Communications Suite 5 release, this dependency on Access Manager for Schema 2 has been removed.

    In previous releases, Communications Express used the following APIs and libraries to establish connections and fetch information from an LDAP store:

    • Domain MAP API (which a part of Communications Express) if Communications Express was deployed using Schema 1 mode.
    • Access Manager SDK if Communications Express was deployed using Schema 2

    This made Communications Express dependent on Access Manager in Schema 2 mode even though Access Manager is not mandatory for it to work apart from just connecting and fetching information from the LDAP store.

  3. When do I need to deploy Schema 2? Do I only need Schema 2 in an Access Manager/Delegated Administrator situation?
    Delegated Administrator currently supports only Schema 2. Other situations requiring Schema 2 include integration with Portal Server, and with Access Manager (for SSO).
For more information on these topics, see my previous entry.

Monday Mar 12, 2007

Locking Down a Sun Java System Instant Messaging Deployment

Occasionally, someone at Sun actually reads the documents that I write. (Just kidding.) And when they do, they just might not find what they were looking for. So, like good little Sun people, they file a documentation bug. And through the miracle of modern email, that bug ends up in my inbox, alerting me to the dire crisis in the doc.

Don't get me wrong, doc bugs are a good thing, a necessary thing, it's just that I might have an opinion if it's the most important priority that I should be addressing in my Sun life, or if it can wait until some time when I'm not dealing with the usual fires.

That's what happened around the following body of information for Instant Messaging. Some group within Sun, which is tasked with ensuring that we are providing the proper security planning information on all our software products, nailed me for lack of information on Instant Messaging. Here, then, is a summary of what you'll find in the forthcoming Sun Java Communications Suite 5 Deployment Planning Guide.

Overview of Instant Messaging Security

Instant Messaging supports the following levels of security:

  • No Security. Communication is all plain text from client through the multiplexor to the server.

  • Legacy SSL. Secure communication between client and multiplexor, and plain text between multiplexor and server. (This is only relevant if you are using the multiplexor).

  • startTLS. End-to-end secure communication between client and server. If you enable the multiplexor, it does not process any data but instead passes it on to the server.

The startTLS option enables end-to-end encryption (the communication between client-multiplexor-server is all in encryption form), while legacy SSL enables encryption between the Instant Messenger client up to the multiplexor: the communication between multiplexor and server is in plain text (though in a proprietary protocol). Use startTLS if you require a higher level of security. If you use startTLS, you do not need an alternate means of securing the multiplexor-to-server communication (it will be secure).

Protecting Instant Messaging Server and Multiplexor

Instant Messaging supports TLS (Transport Layer Security) and legacy SSL (Secure Sockets Layer) for secure communications. Instant Messaging uses a startTLS extension to the Transport Layer Security (TLS) 1.0 protocol for client-to-server and server-to-server encrypted communications and for certificate-based authentication between servers. In addition, Instant Messaging supports a legacy implementation of the SSL protocol (version 3.0) for encrypted communications between the Instant Messenger client and the multiplexor.

The Instant Messaging default installation supports only SASL Plain. If you require a higher level of security, use the Instant Messaging public Service Provider Interface. SASL Plain and jabber:iq:auth are two forms of plain text authentication. That is, in both, the password is sent in the clear (encoded perhaps, but still clear text) and so both are insecure forms of authentication. Nevertheless, this is an issue only if end-to-end encryption (through startTLS for direct socket connection, and HTTPS for httpbind) is not enabled. If end-to-end encryption is enabled, the password is not “seen” in the clear on the network.

Alternatively, if you do not want to transmit passwords in the clear (even if over an encrypted stream), use the Instant Messaging SPI for plugging in authentication mechanism's at the server side through SASLRealm. You can implement custom SASL mechanisms as implementations but you will then need an Instant Messaging client that supports this custom mechanism. The Sun Java System Instant Messaging client supports only SASL Plain, jabber:iq:auth (both insecure).

Providing Instant Messaging Client Access Through a Firewall

The XMPP/HTTP Gateway (httpbind) provides Instant Messaging access to XMPP-based clients, such as HTML based clients, and clients that are behind firewalls that allow HTTP traffic only and don't permit XMPP traffic. The gateway proxies Instant Messaging traffic to the XMPP server on behalf of HTTP clients.

Protecting the Instant Messaging Archive

Instant Messaging has the capability to archive instant messages for later retrieval and searching. If you enable the email archive, you need to decide which administrators will receive email containing archived instant messages. You can configure a separate list of administrators to receive polls, news, conference, alerts, or chat sessions. You can also configure Instant Messaging to use the extended RFC 822 header. Doing so allows mail clients to filter messages based on the header content. If you do enable the Portal archive, you can decide which administrators can access the Portal archive database.

Friday Mar 09, 2007

Calendar Server: Saving the Daylight

New!  Download the Calendar DST Fix Tool
Get this Sun tool (and instructions) to correct timings of events and tasks in Sun Java System Calendar Server, related to the DST switchover in US and Canadian timezones.

Friday Mar 02, 2007

Communications Suite: Drat that winmail.dat

Q. My Communications Express users are getting winmail.dat attachments to email received from sender's on Microsoft Exchange. Is this a Communications Express issue?

A. No, the Microsoft Exchange server needs to be properly configured. For more information, see:

How to Prevent the Winmail.dat File from Being Sent to Internet Users

(It's always nicer when the problem is another vendor's.)

Friday Feb 16, 2007

Communications Suite - Suggestion Box

My email server was down from around 6pm last night until noon today (sendmail, not Messaging Server), and once back up, I decided to do some cleanup on my--ahem!--out of control inbox. (Afterall, a smaller inbox WILL help in times of system recovery.)

In the process of my cleanup, I came across an email thread that I thought I'd post, to see if the Comms Community cares to discuss. The topic: What information pertaining to Comms could we (Sun) provide more in-depth training/knowledge coverage on? Here are the responses. Granted, I'm only one tech writer on Comms, but the more feedback I can gather on issues such as this, the better off I can come to my SMEs and try and argue for what the customer needs. (Note: I believe this was initially a "training" request, but from where I sit, waiting for training courses to come out (no offense to our training coordinators and developers) takes too long to address the info/knowledge gaps.)

Messaging Server:

  • Practice with channel rewriting, including:
    • Special channel for outbound mail to a problematic host
    • Secure submission channels
  • How to use aliasdetourhost
General Comms Topics
  • Migrating events out of Microsoft Exchange and into Comms
  • Co-existence with Microsoft Exchange
  • Supporting large deployments of Connector for Outlook
  • Synchronizing with PDAs
  • Use of Non-Comms Express clients with Comms
  • Sizing Workshop
  • Sieve Topics
    • Vacation filters
    • System wide filters
    • Channel filters
    • Options/commands available in the Sieve scripts

Just for grins, I took a look at what some of us have been discussing about general Comms topics we "think" we should be working on in terms of Comms training/knowledge enhancement:

  • Deployment Architecture and Planning
  • Installation & Deployment Strategies
  • Planning Single Sign-On (Access Manager, Messaging SSO, Hybrid SSO)
  • Securing your Internet MTA
  • Customizing UWC
  • Migrations from Messaging Express to Comms Express
  • Deployments in Solaris 10 Zones
  • Automating Installations / Configurations for Production Deployments
  • Tuning UWC (incl. Solaris 10 DTrace and JVM Tuning)
  • Troubleshooting UWC (incl. Outlook, Calendar, Access Mgr, Directory & Messaging)
  • Transitioning Deployment Architectures to Comms Suite v5 (next release)

Now, for more data points. I did an internal survey of our field/engagement forces a few months back, with the same question, and got these responses:

  • Messaging Server Best Practices Guide
  • Configuring Communications Suite for SSL
  • Sizing a Communications Suite 25K User Deployment, including Communications Express
  • Initial Patch Levels for all Communications Suite Products (by release)
  • Gathering Debug Data for Messaging Server (data a customer needs to collect before calling Support)
  • Calendar Coexistence Using SyncML/Synchronica
  • Messaging Server Benchmark Data
  • Best Practices for Backup Up Lots of Data
  • Deployment Example: Comms Suite on T1000/T2000 and Solaris Zones
  • Deployment Example: Comms Suite in a Two-tiered Architecture

In an ideal world, we'd be working on all these topics, but unfortunately, we have to prioritize them and assign what resources we have accordingly. The good news is, some of these topics have already been addressed, or are in the process of getting addressed by documentation. Now that I have this list assembled and am looking at it in its entirety, I see that another post is in order to recap where we're at, and where we hope to go. Stay tuned for details.

And as always, drop a line if you have any suggestions on what docs/information you'd like to see us work on.

Thursday Feb 15, 2007

Calendar Server - Get Yer Appts Emailed To You

I like it when I can say, here's some new information for you. As I mentioned yesterday, we were close to getting out a cool article (and it's actually the script that is cool) for generating an automatic email to your Calendar Server users, containing that day's appointments and tasks. Have at it:

Receiving a Daily Summary of Sun Java System Calendar Server Events and Tasks by Email

Thanks to Mike d. for contributing this info.

Wednesday Feb 14, 2007

Heads Up: Cool Calendar Server Article Almost Here

As I wrote about in this previous blog entry, I've been working in conjunction with one of our Calendar Server gurus to document how to provide your Calendar Server users with a daily summary of their Calendar Server events and tasks, emailed to their inbox or mobile device each weekday morning. I've got the article on our internal staging site, and it should be pushed out this week to BigAdmin.

While were at it, for more fun with Calendar Server, see this post by a new Sun employee (formerly with SeeBeyond) and his positive experiences with Thunderbird and the Lightning extension that is part of the Sunbird Mozilla project, to access his Calendar Server data from w/i Thunderbird.

Tuesday Feb 13, 2007

Mac Users in Sync with Sun Java System Calendar Server: JSCalendarSync

I'm not a Mac user (yet)--actually, I'm thinking about making my next computer purchase a Mac, but that's another story--but for those of you who are, and are using our Sun Java System Calendar Server product, there's good news: You can use JSCalendarSync to synchronize data between Calendar Server and Mac OS X’s iCal.

JSCalendarSync uses the native synchronization framework provided by Mac OS X 10.4. Note that JSCalendarSync development is in progress, it is not to be considered as a finished product. Mac users can also benefit from Lightning, the Mozilla Thunderbird extension, created by Sun's StarOffice developers. Indeed, several Sun teams are using Thunderbird+Lightning to collaborate.

Monday Feb 12, 2007

Communications Express Browser Support

With the proliferation of browsers and versions of specific browsers, it's only natural that we get the question, and quite often, which browsers does Communications Express support? As always, start with the Release Notes to find out. For the current version, that is, Communications Express 6 2005Q4, the "supported" browsers are Netscape 7.2, IE 6.0 SP2 or later 6.x version, and Mozilla 1.4.

Though this is the "officially supported" browser list, we are always working to certify the most commonly used browsers over time.

Thursday Feb 08, 2007

Messaging and Calendar, Say Hello to Norway

Norwegian Governmental Services To Be Powered by Sun Solutions, Including Messaging Server and Calendar Server

The Norwegian government announced a deal with Sun to use the Solaris 10 Operating System, and Sun servers and software, including Messaging Server, Calendar Server, and Portal Server, to enable citizens to have secure, browser-based public access to government services through a secure and personalized portal interface. The complete end-to-end Sun solution allows the government to drive innovation and provide an online platform for citizens to vote, pay taxes, obtain social security benefits, register and manage automobiles, communicate with public officials and conduct other civic initiatives and services.

» Read the Entire Article

About

Reporting about Unified Communications Suite Documentation, including news, Comms 101, documentation updates, and tips and tricks.

Search

Archives
« April 2014
SunMonTueWedThuFriSat
  
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
   
       
Today