IBM®
Skip to main content
    Country/region [select]      Terms of use
 
 
    
     Home      Products      Services & solutions      Support & downloads      My account     
 
developerworks > My developerWorks >  Dashboard > IBM Lotus Sametime Wiki > ... > Sametime Gateway deployments > Sametime Gateway 8.0.1 Cluster - AIX with NAT
developerWorks
Log In   View a printable version of the current page.
Overview Connect Spaces Forums Blogs Wikis
Sametime Gateway 8.0.1 Cluster - AIX with NAT
Browse space Browse Space    
Added by osenbach, last edited by billjp on Apr 15, 2008  (view change)
Labels: 
(None)


This wiki has moved to a new location.

Click on the link below to check out the great new look and feel! And please remember to bookmark the new location.
http://www.lotus.com/ldd/stwiki.nsf

This secnario depicts a Lotus Sametime Standalone Server on Microsoft Windows exchanging instant messaging and presence with a Lotus Sametime Gateway 8.0.1 Cluster on AIX through a NAT.  The primary focus of this deployment will be on the Cluster portion to detail the steps necessary to obtain a functioning Gateway in a symmetric NAT environment.  The cluster consists of six machines with those being the Deployment Manager, the primary node, the secondary node, the SIP proxy, the DB2 server, and the IBM Tivoli Directory Server (ITDS) LDAP.



Overview



Lotus Sametime Gateway Version 8.0.1 is a platform for presence and real-time collaboration with other instant messaging communities. Lotus Sametime Gateway enables real-time collaboration between a local Sametime community and an external Sametime community, or other instant messaging services such as AOL, Yahoo!, Google Talk, and Jabber. Lotus Sametime Gateway replaces and enhances the Sametime SIP Gateway found in Lotus Sametime 3.1, 6.5.1 and 7.0.  The following Sametime Gateway environment depicts a typical clustered environment and focuses on the installation and configuration steps necessary for a symmetric NAT environment to exchange presenence, awareness, and IM by means of two Sametime Gateways.  The topics included in the deployment range from intermediate to advanced with a suggested prior background in WebSphere Application Server concepts, IP routing, and current networking technologies.  See Skills Requried for a complete list of skills, training, and concepts to become more familar with Sametime Gateway technology.

The environment includes a Sametime Gateway cluster deployment and a Sametime Gateway standalone deployment.  The software stack includes:

  1. Sametime Gateway 8.0.1
  2. WAS 6.1.0.11
  3. ITDS 6.1 Server
  4. DB2 9.1 WSE Server
  5. Sametime 8.0.1 Server 
  6. Domino 8.0.1 Server

See Hardware and software requirements for a complete list of requirements.

This configuration is suggested for customers who wish to perform an enterprise deployment of the Sametime Gateway in a NAT'ed environment where high-availability, failover, and scalability are all factors.  This configuration is suggested for medium to large customer populations.   Please note that a standalone Sametime Gateway deployment is not supported in a NAT environment.  The core technology utilized in the NAT-enabled solution is only present in the SIP proxy container and thus is not available otherwise.  TURN, STUN, and ICE NAT technologies are not supported in the Sametime 8.0.1 release but will be evaluated for possible inclusion in future Sametime Gateway releases.

Environment Diagram




Environment Discussion

The NAT configuration requires the use of a special custom property defined within the WAS cell combined with the functionality of the sprayer within the SIP container.  The following procedure is for the additional steps required the enable the Sametime Gateway cluster for the NAT environment after the cluster has been successfully installed.  Please refer to the deployment instructions section below for the detailed step-by-step procedure for the entire installation/configuration process.

There are a number of NAT technologies that exist in the marketplace today.  Those technologies include TURN (Traveral Using Relay NAT), STUN (Simple Traversal of UDP over NATs), ICE (Interactive Connectivity Establishment), and symmetric NAT (bi-directional NAT).  Symmetric NAT is the most common NAT implementation within large Enterprises that is often used for the primary purpose of conserving IPv4 addresses by allowing internal private addresses to masquerade or translate into a small number of publicly routable addresses.  The technology works by rewriting the source and/or destination IP addresses and/or ports.  The mapping is then is then translated back into the original packet by the use of state information saved with the router.  In addition, there are also a number of translations such as PAT (Port Address Translation) and static NAT, one-to-one, or basic NAT within the symmetric NAT category.  For the purpose of testing the Sametime Gateway 8.0.1 release, a Cisco 3620 router was used to test the solution for both interoperability and reliability. 

As stated earlier, the current NAT support only includes a symmetric NAT implementation that is statically defined.  That is, the outbound translation must always be to the same fully qualified domain name whereas an implementation such as PAT is not supported.  This requirement will be apparent once the setup procedures are performed and will be described in detail throughout the rest of this section.

Step 1, Define the WAS custom property within the cell:

  1. Within the WAS ISC, select System Administration -> Cell -> Custom Properties

  2. Add a new custom property by selecting, New

  3. Add the following custom property:
       Name:  com.ibm.sametime.gateway.fqdn
       Value:  rtp_nat.ibm.com


Step 2, Enable the Sprayer:

  1. Select Servers -> Proxy Servers -> SIPProxyServer

  2. Under Proxy Settings, select SIP Proxy Server Settings -> SIP Proxy Settings

  3. Enable and configure the sprayer by performing the following:
       a.  Check "Enable TCP Sprayer
       b.  Set TCP host to rtp_natpool1.ibm.com
       c.  Set the TCP port to 5060



    Alternatively, the SSL sprayer could have been enabled and configured with SSL host rtp_natpool1.ibm.com and SSL port 5061.  Only configure one sprayer against the appropriate port for the Sametime Gateway node where by default TCP is 5060 and SSL is 5061




How to determine the information to enter:

First, think in terms of the cluster environment in itself.  Inbound is any data with a source address of the firewall and outbound is any data with a destination address of the external community.  For the Sametime Gateway to properly function in a NAT'ed environment, SDP (Session Description Protocol) correction must be performed on the inbound packets to transcribe the session headers into the pre-NAT form.  In addition, the outbound SIP packets must be sent with a source address of the static NAT for the external community to properly respond to the request.  That is, set the WAS cell custom propery to the value of the inbound address configured in the firewall and the sprayer IP address and port to the address that the outbound request will be NAT'ed to.  In this SVT environment, the router/firewall was configured as follows:

Inbound:

         Map all inbound traffic at 9.42.124.45 port 5062 to 9.42.111.5 port 5062

Outbound:

         Map all outbound traffic to source address 9.42.124.46




Questions to be answered during 8.0.1:

1.  Must the sprayer configuration match the external community setting for the cluster?  That is, if the external community is defined at 5060 TCP, must the sprayer also be configured for TCP 5060?  I would assume so

2.   Can this solution handle an inbound static translation to a different destination port?  Example:  The first NAT RTP configuration involved a translation from 5060 to 5062 inbound to the SIP proxy

Infrastructure



Description Type Model Operating System CPU's CPU Speed CPU Type Memory Comments
SIP Proxy1 7038 IBM pSeries 650
AIX 5.3 TL7
2 1.5GHz Power4
4GB Sametime Gateway SIP Proxy
STGW DM1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB Sametime Gateway Deployment Manager
STGW PN1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB Sametime Gateway Primary Node
STGW SN1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB Sametime Gateway Secondary Node
Sametime Server1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB Sametime/Domino 8.0.1 Server
DB2 Server1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB DB2 9.1 WSE Server
LDAP Server1 7038 IBM pSeries 650 AIX 5.3 TL7 2 1.5GHz Power4
4GB ITDS 6.0.0.19 LDAP Server
STGW Standalone2 3550 IBM System x3550 Windows 2003 SP2 Standard 2 3GHz AMD Opteron 4GB Sametime Gateway Standalone Server
Sametime Server2 8665 IBM eServer xSeries 232 Windows 2003 SP2 Standard 2 1.3GHz Intel Pentium III 1.25GB Sametime/Domino 8.0.1 Server
DB2 Server2 8668 IBM eServer xSeries 255 Windows 2003 SP2 Standard 2 3GHz Intel Xeon 4GB DB2 9.1 WSE Server
LDAP Server2 8668 IBM eServerxSeries 255 Windows 2003 SP2 Standard 2 3GHz Intel Xeon 4GB ITDS 6.0.0.19 LDAP Server



Tuning Information




Test Case Execution

Include test case information in the form of a table here

Reliability Data

Include verbose GC and StressTester logs here

Gotcha's

Talk about the difficulty to determine which addresses and which ports to configure where. The "where" being the external community, the custom property, and the sprayer.

Deployment Instructions

The Lotus Sametime Gateway 8.0 Information Center contains detailed, step-by-step instructions for installing and deploying a standalone Sametime Gateway.  Consult the following links. For best results, follow all instuctions completely and in the order in which they are presented in the information center.

  1. Planning a deployment
  2. Deployment scenarios
  3. Reviewing the installation checklist
  4. Hardware requirements
  5. Software requirements
  6. Installing DB2
  7. Installing servers in a cluster
  8. Installing the Deployment Manager on Windows
  9. Installing the primary node on Windows
  10. Federating the primary node into the cell on Windows
  11. Installing a secondary node on Windows
  12. Federating a secondary node on Windows into the cell
  13. Starting the Integrated Solutions Console
  14. Creating the cluster
  15. Installing a SIP and XMPP proxy server on Windows
  16. Federating the proxy server node into the cell
  17. Configuring a SIP proxy server
  18. Configuring the XMPP proxy server
  19. Setting up node replication and failover for the cluster
  20. Starting a cluster
  21. Configuring LDAP
  22. Setting up SSL on a cluster
  23. Connecting servers to Sametime Gateway
  24. Opening ports in the firewalls
  25. Connecting the local Sametime server to Sametime Gateway
  26. Connecting to instant messaging communities
  27. Connecting to external Sametime communities
  28. How users can add external contacts to their Contact List
  29. Tuning Sametime Gateway
  30. Managing properties
  31. Troubleshooting




     

Resources

Need support?
This wiki is designed to provide valuable information to help you use Lotus Sametime, but it does not replace other technical support services. Refer the following resources for more information.

 Don't forget to Sign in to edit or comment on information. Learn how to work with the wiki. Please review the [Terms and Conditions], which govern your use of this site.

 
    About IBM      Privacy      Contact