Blog

Blog Search

Search this site

Advertisements

Everything Else

Sponsor

Wood Watch Review

Google Custom Searches

Custom Blogger Search
Custom Sametime Search
Custom XPages Search

Subscribe

Subscribe via RSS

Recent Tweets

Hosting by

You are here: Home › Blog

Part 2 - the Sametime Gateway Open Mic call last night


Tags :


I went ahead and posted my notes on this since I had answers (posted in each one with italics) to some of the questions they were asking.  Maybe some of the callers will find this posting.  These were quick notes to myself, and I only slightly cleaned them up.  So bear with me.  (I am headed to vacation)

  • Asia Pacific area looking for a proof of concept install for their business and need NAT and public CA documentation.  Caller said they got the wrong certificate purchased, that it didn't support TLS.  Lotus is working hard in 8 to simplify install and config.  As for NAT, they list the restrictions for NAT due to SIP.  Certain NAT providers are becoming SIP aware due to VOIP and other real-time collaboration.  As I posted about the morning call, I will shoot out some diagrams for everyone since this seems to be a main focus.
  • Caller is implementing Sametime 7.5.1 and having client issues, even with CF1, of getting layout and pre-population to clients.  Preference controls like auto-status changes, for example.  Lotus suggested utilizing the   plugin_customization.ini file to change and set some of the settings.  They have no policy control with the 6.5.1 server and Sametime Connect 7.5.1 CF1.  The issue is that they must then match the new policies when going live with the server on 7.5.1 or 8 to make sure they do not change everything back.  This is a big part of rolling out the advanced client and wanting particular features enabled or set a certain way before the server policies are deployed.
  • Another caller emphasizes the issues with SSL config from Premium Server as first caller.  Thawte server worked fine.  Yes, I am seeing in installs that you need to import root certificates in many instances to get it to work.
  • Australia - IBMUS and Australia connectivity problems.  Customer is using dual network cards trying to route public and private address.  asking if the OS will do the routing.  Part 2 - Wants to talk his SIP to their SIP.  Asked about port 443, which is not right.  He needs port 5061 for encrypted, not 5060 which is unencrypted.  No 443 need.  1516 and 1533 open for internal connectivity on 7.5.1.  Then 1516 for 7.5.1 CF1.   Also asked about LDAP server connectivity over 636.  DB2 server, is it encrypted by default and does Express C handle it?  Not by default, and maybe not in Express version, have to verify that.  IBM SIP gateway connectivity actually needs port 5060 for the first connection then 5061 to finish.  LDAP SSL relies only on the LDAP server having a public certificate.  What data is stored in the DB2 database, a security concern question.  Lotus answers that in the DB2 database you can find the gateway configuration data, user id and group id in UNID form.  Last question, checkpoint firewall in front to cover NAT issue?  Lotus has customers with it.  Multiple NIC cards not an issue as long as its config'd correctly.  I say why not use NAT and routing with a single NAT instead of trying the dual-NIC approach.
  • What kind of arrangement does IBM have with the chat vendors in terms of IP address changes?  same question as this am, same answer.  Then MSN connectivity question.  no official statement yet from Lotus.  I see the IP address changes a hard part for firewall teams that are trying to set the port to only allow certain addresses to talk to the gateway.  That is a tough move when you are relying on a 3rd party (IBM) to tell you when they are changing their IP addresses.  How about just moving to a DNS range for the provider and then everyone is happy.
  • SIP phone as PBX install.  Asking for connectivity options as general PBX integration.  Good question but no comment was provided to direct them to the vendors writing plug-ins and softphones.
  • Customer wants an  easy way to find out what other corps are using the gateway?  Lotus does not keep or publish that.  Creating a Sametime Gateway group in Facebook or a posting in the Sametime forum was a recommendation.  There is a Facebook group for the Sametime Gateway already with a good couple handfuls of members