Blog

So let’s talk RTC Gateway


Tags :


I had to gather my thoughts on it with all the pings/emails/podcasting and such.  With much discussion about why they picked WebSphere, will it ever run on Domino, why does it require so much hardware out there, we need to focus on the real issue, installation and deployment.  We can blow that smoke till we are blue (bad choice of colors with IBM involved) in the face.  Currently, there is no talks of any other path for RTC than what you see.  It takes whatever hardware it takes.  Now, I am not saying I agree here either.  This area is not the topic of the debate at the moment.  But more like how do we get this thing running?  So I started compiling a checklist.  Not of the step by step, I worked enough helping build those during the beta and they are documented now.  But more of key items to consider and this you should/shouldn't do.  Off we go on revision 1 below.  It was too big to leave on the main page in entirety.  Just click the Read More that is to follow and you get the info on the following:

  • Installation
  • Security
  • Management





Installation
  • By my 5th time now installing it, I can be done in a couple hours total, including SSL and network below
  • Following the documentation steps one by one is key.  They are in order for a reason
  • Do not forget to install the WebSphere fixpack before launching the system
  • Do realize that the initial selection for LDAP should be verified, tested and bound before tossing it in and wasting time
  • Do make the local community connection first before any Clearinghouse attempts
  • Do load the CF1 update for Sametime or you are totally wasting your time overall.  This update needs to be done for the Sametime Connect clients also by the way
  • Do trust the RTC Gateway in stconfig on your Sametime server with the address that it connects to Sametime as, not the external IP address.
  • Do restart Sametime after trusting the gateway address
  • Forget about seeing AOL users as soon as it is up with the wait for provisioning (already had that one)
  • Make sure the system is running and open to the Internet before requesting provisioning and then don't touch it.  Really don't/  If it is not there when they attempt to contact the system and provision, you go back into the cycle
  • Make sure you restart your Sametime client after all connectivity is reached to make sure you get the option to add external users
  • Do make sure you allow for the adding of external users into your Sametime policy
  • Do plan on restarting RTC numerous times as you follow the instalaltion path
  • Do use the proper bin directory specified in the documentation, as there is more than one in WebSphere to be found
  • Do a full restart of the box before going live to clean up anything that did not get cleaned up during install and restarts

Security
  • We couldn't stress this enough on the podcastlet this week
  • Do not forget to obtain a public SSL key form a trusted root.  Do not attempt to use a self signed certificate on WebSphere once into production.  AOL won't take it, no way , no how.
  • You must secure the WebSphere, LDAP, DB2 first
  • Then you must secure the access rights globally and per protocol
  • You must create and apply the right policy tree to the necessary users.  Don't skimp in this planning stage.  You need to work a Sametime policy map plus the mapping of the entire gateway, coupled with each protocol connection
  • You must make some management decisions on placement of the gateway in your infrastructure.  NAT provides some limitations so a DMZ approach might be your path.  Unidirectional presence issues versus bidirectional come into play if you choose a full behind the firewall deployment

Management
  • Do plan on having some monitoring put in place.  Once introduced users will be quite upset if it stops.  This is only the first rev of the production code, so keep that in mind before your skivvies are in a bunch
  • Do plan on visiting for updates and patches as they become available
  • Do not leave trace logging on for any extended period of time on the RTC Gateway.  It constantly chatters with AOL and such for SIP connectivity and presence.  Plus when users subscribe
  • Please manage timeouts and settings for performance.  Do not expect it to continue to perform awesome when you start adding lots of users and never tweak a thing
  • Please configure LDAP appropriately for binding, SSL and filtering for performance