Making GroupWise Messenger Available Inside and Out
Novell Cool Solutions: Feature
By Sindre Westre
Digg This -
Posted: 20 Nov 2003
At our school we have installed GroupWise 6.5 with great success. At first I planned to provide just the employees with GroupWise and have the students use NetMail. However, I reconsidered, and since GroupWise is so easy to administer I decided to go with GroupWise for my entire network. We also use LDAP to authenticate to GroupWise, so the users only have to remember their network password.
For a long time, I was not sure if I wanted to allow a Chat client in my network, but recently I installed the GroupWise Messenger, also known as Novell Messenger. I was asking myself if students should have chat ability. I'm blocking the Yahoo and MSN Messenger chat clients already, so I was wondering what's different with this chat - if there is anything different other than it has the Novell logo.
|What's Secure to Me?|
After considering the "what's different" subject for a while, I found that the difference between the Novell Messenger and "the rest" are several factors that are really important to me. First, there is no File Transfer in this client. Some of the other chat clients have the potential to spread viruses and trojan horses with their file sharing mechanism. No viruses / trojan horses will enter the network through this client! Secondly, I get to decide who is on the Chatter list at our school. If one of the students abuse the Chat AUP, I simply kick start my ConsoleOne, click the Novell Messenger tab, and deselect "Enable Novell Messenger Services" for that particular user. And besides, since I decide who is to be allowed to use the chat service, no strangers will be able to chat with our students using Novell Messenger. I know many parents will appreciate that fact.
|Why use a Chat Client in a School?|
The chat client will make it possible for students to collaborate on their school-related projects, even when they are at home. Providing the tool with guidelines will, in my opinion, provide the students with a tool they can learn to use productively, not just for gossip. One way or another, students will use chat tools, but by controlling the client they learn to use the tool productively, which will provide them with a collaboration tool they can put to good use when they've graduated.
There are many ways to configure a network. The scenario that I use in this article is similar to the one described in my previous article, Secure on the Outside, Open on the Inside. This is a simple DMZ (DeMilitarized Zone) scenario. I'll use NAT in this article, but a proxy could do the same job. I'm using the BorderManager firewall, but that's not necessary to make this work.
|Configuring the Firewall|
Use NAT to map the internal IP address of your Messenger Server with a registered IP address. TID 10053602 explains how.
Then open up the necessary ports: You will have to set up one exception that allows traffic from the Internet to your network (only to the internal IP of your Messenger server) with source ports 1024-65535 and destination port 8300 (if you changed the default chat-port, use that port here). Then you have to allow traffic from you internal network (your internal IP) to the Internet with source port 8300 and destination ports 1024-65535. Note: these rules only allow traffic to/from the Messenger server, and that you must use the private IP address, not the registered one, in the filter exception rules.
|Configuring the Messenger Server|
Using ConsoleOne, edit the properties of the MessengerService object. Click Novell Messenger > Client Update and make sure that "Enable client download through a browser" is checked.
I assume that you are using internal DNS servers to resolve internal lookups, and your ISPs DNS servers to resolve external lookups.
I recommend that you configure your internal DNS server to resolve your Messenger servers private IP address, e.g. messenger.company.com, and have your ISP resolve messenger.company.com to your registered (public) IP address; http://messenger.company.com:8300 will then present your users with the Novell Messenger download page both from the inside and the outside.
|Configure the Download Page|
The download page index.htm is located on your Messenger server in the \novell\nm\ma\software subdirectory. To localize this page, overwrite this file with the one found in the appropriate directory beneath \server\web, or simply edit the original index.htm page in you HTML editor of choice.
Then edit the index.htm file to remove both instances of "~down," (the download-link) for example:
Test the download and installation both from the inside and from the outside. If the Novell Messenger log in dialog box presents you with the private IP address when you download the client from outside of the firewall, edit the \novell\nm\ma\software\client\win32\setup.cfg file, and change the ServerAddress=line and provide the DNS name of the Messenger server.
- "How to set up an IP device behind BorderManager using Static and Dynamic NAT." - TID 10053602
- Cool Solutions Article - Secure on the Outside, Open on the Inside
Novell Cool Solutions (corporate web communities) are produced by WebWise Solutions. www.webwiseone.com