Consultants Corner: Instant Gratification, Instant Messaging
Novell Cool Solutions: Feature
By Gregg Hinchman
Digg This -
Posted: 17 Apr 2007
"We all shine on like the moon, and the stars and the sun" ...There are certainly days when IT seems to be "cold, hard and unforgiving" - it sort of lknocks you on the head. I am sure that like me, you have had those days. Thankfully, it's on those days you can reach out to a friend via email, phone or instant messaging and take a breather from technology ... or can you?
Email is the preferred method of business communication. But have you considered instant messaging? Yes, I know it's just one more "toy" for end users, not unlike the Internet was a toy in the mid-90's. Novell Messenger (named GroupWise Messenger) helps you build strong business applications for instant messaging in your organization.
Consider this: with GroupWise Messenger you can control end user access to services as well as create ways to increase performance of customer service within your organization. How? Simple. Here are two ideas:
The HelpDesk UserYou can create user accounts with titles like 'HelpDesk' such as HelpDesk1, HelpDesk2, etc., and assign these accounts to your help desk personnel. Then these users can be forced down to your customers (end users). When the personnel responsible for, say, HelpDesk1 comes in to work, they log in and are available to assist end users. Here's the rub: everything they do (type) can be recorded and placed into help desk software, like GroupLink HelpDesk, or saved in help desk trouble ticket documentation. AND, if that's not enough, answer this: How many phone calls from end users with problems can one help desk person work on at the same time? If you said only 1, you are correct!
The GroupWise Messenger account allows help desk folks to handle multiple problems at time. Now maybe their response to an individual problem will be decreased a bit, but their response time from the end user perspective will increase, with no more voice mails or busy phone lines to get help.
The HR User
OK - now think about Human Resources. How many phone calls can they take at one time? One. Right! Again, creating HRUser1, HRUser2, etc. can increase their response time, especially for simple little questions like: Is Earth Day a paid day off? And when an end user needs a link to HR documents, the HRUser1 can just pop it in an instant message to them. Or, what if an end user has a personal matter to discuss? It can be recorded on Messenger and saved in the end user's file all via SSL.
Installing GroupWise MessengerNow that I have piqued your interest, let's look at installing GroupWise Messenger. First, we need the software, which is free if you have GroupWise - the latest version is 2.0. You will also want to download the latest service pack 2.0.2, which can be installed after the full implementation installation.
Next, we need a bit of planning. Here are a few simple things you should do before you start the installation.
1. Create an eDirectory user for GroupWise Messenger to use, then set its rights.
2. Get a certificate for LDAP authentication from an eDirectory replica server.
3. Create an SSL certificate for GroupWise Messenger to use in order to allow secured communication.
4. (Optional) If you have a cluster, then cluster GroupWise Messenger for increased availability.
Let's take a look at these.
1. Setting Up the eDirectory User
When you install GroupWise Messenger, it wants an eDirectory user in order to authenticate the system and to be able to read eDirectory objects. The installation recommends 'Admin', but we all know this means a bit more rights and a security hole to boot. So, create a user just for GroupWise Messenger (I like the name 'IMAgent User' for my user).
Once you have created this user in eDirectory, you need to provide it with proper rights to the tree and respective objects.
1. Go to the root of your tree.
2. Right-click and select 'Trustees' of this object. (I assume you have Admin rights when you are doing this.)
3. Add 'IMAgent' as a trustee of Root.
4. Provide it with these rights, according to the Novell documentation:
Be a trustee of the eDirectory tree object or of the highest-level container object that contains all User objects that will be part of your Messenger system, and have the following rights as a trustee in order to access User objects:
|[All Attribute Rights]||* Compare, Read, and Write|
|[Entry Rights]||* Browse|
|nnmBlocking nnmBlockingAllowList nnmBlockingDenyList nnmClientSettings nnmContactList nnmCustomStatusList nnmLastLogin||* Compare, Read, and Write|
Figure 1 - IMAgent Trustee Rights of Root Object
2. Getting the LDAP Certificate
Now it's time to get the LDAP certificate. This is a simple process.
1. Find a server that GroupWise Messenger will log into, preferably one with a replica of Root (or a replica of the location of users and GroupWise Messenger in your tree).
2. Go to the server's sys:\public directory and copy the 'rootcert.der' file.
I like to place this file in a subdirectory on the same volume as the installed GroupWise Messenger agents. I call the directory CERTS. It looks like this:
server\volume:\certs - mine is like this: imvs\imvl:\certs
(Yes, I am installing GroupWise Messenger to a cluster, hence the naming of the virtual server [imvs] and the volume [imvl].)
Once its in the CERTS directory, I rename it so that I know which server it belongs to, like this: oesnw101.der . Notice it is in 8.3 format a must.
3. Setting up the SSL Certificate
The next step is getting the SSL Certificate for secure communication.
1. In ConsoleOne, go to the location of your Certificate Authority Server, or the location of the cluster resource (IMVS) in my case.
2. Right-click on the container and select New > Object.
3. Browse to the NDSPKI:Key Material object. Quite often I choose the same server I got the LDAP certificate from - in this case, OESNW101 when I create this SSL certificate.
4. Choose the server and give the new certificate a name (I like 'Messenger').
5. Click the 'Custom' button.
6. Click Next.
7. To get an Organizational Certificate Authority at this time, select Next.
8. To choose your RSA information, select SSL, 2048 Key size, and allow for export "all the defaults".
9. Click Next.
10. On the next screen, mint the certificate for a maximum period of time under 'validity period'. Make sure you do that.
11. Select Next and just take the defaults the rest of the way.
Once you have the certificate, you will need to export it.
1. In ConsoleOne, right-click on the 'Messenger' SSL certificate and select Properties.
2. Click the Certificates tab and go to the Trusted Root window.
3. Select Export to export the Private Key.
4. Click Next.
Now you will be asked where you want the certificate created.
5. Browse to the CERTS directory.
6. Give the new SSL certificate a name (msger.pfx, and 8.3 format is a must) and provide a password.
7. Click Next.
8. At the summary screen, review and select Finish.
Figure 2 - Certificates in the CERTS folder
Now that you have an eDirectory user, an LDAP certificate, and an SSL certificate, you can start the installation process. Well, what about clustering? Let's cover that later.
1. Map a drive to the \\IMVS\IMVL clustered volume.
2. Create a directory called IM on the IMVL volume.
3. Launch Setup.exe for Novell Messenger.
4. Select Install Server.
5. Select English and click OK.
6. Select English and click OK on the License Agreement screen.
7. Select Create New System and Next on the Setup screen.
8. Select NetWare, browse to the IM directory on the IMVL volume mapped drive, then click Next.
9. Set the Tree in the Tree field.
10. Browse to the context to GroupWise.Office.Demo where the Messenger services will be installed. (This is my context in my tree where all things GroupWise get installed.)
11. Accept the default System Container Object.
12. In the Server Object field, type "IMVS-Server".
13. Click Next.
14. When asked to Extend the eDirectory Schema, click Yes.
15. Click OK on the Successfully Extended Schema screen.
16. On the Install Components screen, select all three choices and click Next.
17. In the Directory Access Configuration screen, select "LDAP" and specify an LDAP server in your tree. Preferably, the LDAP server will be a replica server in your eDirectory tree, holding a replica of every partition in your eDirectory tree. This is the server we copied the 'rootcert.der' OESNW101 for me.
18. Click Next.
19. Add the name of a user that Messenger will use to Authenticate to eDirectory upon startup. I choose "IMAgent".
20. Click Next.
21. In the User Configuration screen, add a context where users exist to the list. Also, select "Include Subcontexts" if you have users beneath the initial context. In my case, I will choose the Organization - Demo.
22. At the Server IP Address screen, fill in the IP Address where GroupWise Messenger will run, or use DNS:
IP Address - 192.168.20.109 Messaging Agent Port - 8300 Archiving Agent Port - 8310
(Optional)Select the Configure Agents for Clustering box and select Next.
23. On the SSL screen, click the Enable button.
24. Browse to the CERTS directory and select the MSGER.PFX certificate.
25. In the Key file, browse to the same MSGER.PFX and enter the password and verification for this SSL certificate.
26. Click Next.
27. Select the Path to your ConsoleOne installation and click Next.
28. Click Next on the Start Copying screen.
29. You will be prompted to install a newer LDAP SDK; click Yes.
30. Once the installation is complete, a Setup Complete screen will appear. Select 'Launch Agents now' to have GroupWise Messenger load at this time. If you are installing to a single server (not a cluster) then select 'Update Autoexec.ncf' If you like Readme's, by all means read this one.
31. Select Finish.
The installation created several new objects in the MessengerService.GroupWise container. Some of the objects are container objects as well, such as the Archive agent. Within the MessengerService container are several sub-containers.
Figure 3 - GroupWise Messenger Service
Figure 4 - IMVS-SERVER -GroupWise Messenger Server with SSL enabled
With GroupWise Messenger installed, you now just have to configure its properties as you like in order to customize it for your organization. My suggestion is that you take your time, get everything set up as you would like it and then start rolling it out to users.
A few additional notes for you ...
Because we installed with LDAP, you can load the agents in protected memory. If we had not done LDAP authentication, then we would not be able to load in protected memory.
Clustering GroupWise Messenger
There are several more steps to clustering GroupWise messenger, which I cover in my book "Success with Clustering GroupWise 7" found at www.taykratzer.com. But let me give you a tip: If you want GroupWise Messenger to run on different cluster nodes, you will have to go to the first node where GroupWise Messenger was installed, to the sys:\system directory, and find/copy the 'QFIND217.NLM' to all other cluster nodes sys:\system directories. Otherwise, it will not load.
Once you have GroupWise Messenger completely set up and ready for your end users, you can start reaping the benefits of better business communication. And it's likely your end users will thank you for giving them more "toys" and tools to do their job. Thank-you's are a form of instant gratification and may even help your Karma. So, now you can sit back and relax and not worry that "Instant Karma's gonna get you".
As always, I can be reached at Gregg@HinchmanConsulting.com if you have any comments, article ideas or just want to help a quirky consultant support his GroupWise habit.
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com