Blog

Blog Search

Search this site

Advertisements

Everything Else

Sponsor

Wood Watch Review

Google Custom Searches

Custom Blogger Search
Custom Sametime Search
Custom XPages Search

Subscribe

Subscribe via RSS

Recent Tweets

Hosting by

You are here: Home › Blog

Thoughts on the Open Mic call for the Sametime Gateway 7.5.1 this morning


Tags :


I attended the Open Mic call on the Sametime Gateway this morning to see what everyone had concerns about. (Do not worry, this call goes live again one more time tomorrow I think, see the website or Partner Forum for details).  Well I came away with concerns myself as I see how this is getting implemented at the larger enterprises.

There were at least 15 calls taken, and I managed to capture and write down the main point of each one.  The majority revolved around a couple key areas, and that is where the concern is.  Participants were asking for network diagrams, port settings and allowable IP addresses and better clustering support.  While some of the questions did receive direct answers, in my opinion some did not.  Now someone there will say it was not official support inquiries, no official statements, yada, yada.  But when you have large enterprises trying to deploy a clustered solution in large deployments with too many network security teams in the mix, well you get confusion.

First thing to the companies.  Too many companies are trying to reverse proxy, put servers in front of server even in the DMZ, build SIP clusters with load balancers/IP sprayers.  I agree with one thing for sure, everyone needs the cluster support to deploy this is an enterprise solution.  As for all this worry over this server in the DMZ, why the stress?  No data sits on the gateway server, it connects over SSL to your internal LDAP (further restricted by port and hosts is needed), it uses the encrypted VP protocol to the Sametime clusters in the back.  DB/2 can sit behind the firewall restricted by host/port access also.  So you basically have a shell running a program that acts as the gatekeeper.  Or gateway as it is named.  Get the security team to understand this.  There is no data to be protected, if the gateway gets bombed or hijacked, then they get an empty shell that you cut off.

Second thing is to Lotus.  Come prepared.  Half answering chat logging questions, diagram requests, proxy support and numerous clustering questions won't fly for long if this is truly an enterprise solution.  Yes you did answer some areas of what is coming, things that are verified in support and even how to map multiple O's through LDAP queries to Domino.  But the lack of testing of clustering and the network outline support is frustrating to most of the callers if my current pings I am getting are right.