3.1 Planning Your Novell Messenger System

The Messenger Installation program helps you install and set up your Messenger system. The Installation program also provides information to guide you through the process.

Review the following sections while filling out Section 3.5, Novell Messenger Worksheet. The worksheet lists all the information you are prompted for as you run the Installation program.

3.1.1 Determining Installation Locations

The Installation program prompts you for information about the eDirectory tree where you will create Messenger objects and the network server locations where you will create Messenger directories and install files. The following sections prepare you to supply the required information:

eDirectory

Messenger is administered through the eDirectory directory service. All Messenger components and users are configured through objects in eDirectory. Ensure that you have eDirectory installed in your environment. See Novell Messenger Hardware and Software Requirements for more information.

Extending the eDirectory Tree’s Schema

The Installation program must extend the schema of the eDirectory tree where you plan to create your Messenger system. Because all objects in a Messenger system must reside in the same eDirectory tree, only one tree needs to be extended.

WORKSHEET

Under Item 4: Tree Name, enter the eDirectory tree where you will create the Messenger objects.

ConsoleOne

Messenger administration is performed through ConsoleOne. When you install Messenger, the Messenger snap-in files are copied into an existing ConsoleOne installation. The Messenger snap-in files extend the functionality of ConsoleOne to let you administer Messenger. ConsoleOne considerations differ by platform:

  • Windows: For a Messenger system on Windows, you need to decide which ConsoleOne location you want to use to administer Messenger. This can be a ConsoleOne location on a network server or it can be on a local workstation. ConsoleOne 1.3.6 is included in the downloaded Novell Messenger 3.0 image, so you can update your ConsoleOne installation if necessary. If you plan to use ConsoleOne on a local workstation, you need to perform the Messenger installation from that workstation.

  • Linux: If you will be administering a Messenger system on Linux, ConsoleOne must be installed before you set up Messenger. ConsoleOne 1.3.6 is included in the downloaded Novell Messenger 3.0 image, so you can update your ConsoleOne installation if necessary. If you plan to use ConsoleOne on a local workstation, you need to perform the Messenger installation from that workstation. Ensure that ConsoleOne is installed on the Linux server where you plan to create your Messenger system.

WORKSHEET

Under Item 14: Admin Configuration, indicate whether you need to update your ConsoleOne installation, and specify the path to the ConsoleOne software directory.

After your initial Messenger installation, you can install ConsoleOne and the Messenger snap-in to additional locations as needed.

3.1.2 Planning Your Novell Messenger System

Your Novell Messenger system is a collection of eDirectory objects to which the Messenger agents need access. In addition, the Messenger agents need access to all User objects that will be included in your Messenger system. The following sections help you decide how to implement your Messenger system in eDirectory:

Messenger System Location

You can create your Messenger system in any context in your eDirectory tree, except at the root of the tree. Within the Messenger system container you will have server, agent, policy, scope profile, LDAP profile, host, and chat objects.

The default name of the object that represents your Messenger system is MessengerService. The default object name for the server where you install the Messenger agents is the server’s DNS hostname with SERVER appended to it. You can change these object names, if necessary.

WORKSHEET

Under Item 5: Messenger System Context, specify the eDirectory context where you want to create your Messenger system. Ensure that the context exists in your eDirectory tree.

Under Item 6: Messenger System Objects, provide alternate names for the Messenger system and server objects if you do not want to use the default names.

After you have completed the installation of your Messenger system, the following structure is created in eDirectory:

Figure 3-1 Messenger Service Container and Contents

These objects are explained in Understanding Your Novell Messenger System in the Novell Messenger 3.0 Administration Guide.

Messenger User Locations

The Messenger agents scan eDirectory to obtain information about users. During installation, you can specify one or more eDirectory contexts where User objects are located. You can include subcontexts if necessary. The list of contexts you supply establishes the initial scope of your Messenger system.

User objects located in those contexts are considered part of your Messenger system and their associated users can communicate with each other by using the Messenger client. User objects located outside those contexts are not considered part of your Messenger system and their associated users cannot use Messenger.

NOTE:GroupWise External Entity objects are not treated as User objects and are not considered part of your Messenger system.

WORKSHEET

Under Item 11: User Configuration, list the eDirectory contexts where User objects are located and mark whether you want to include subcontexts.

On Linux, you cannot automatically include subcontexts during installation. You must list each subcontext separately or use ConsoleOne after installation to include subcontexts, as described in Editing the Default Scope Profile to Include Additional eDirectory Users in Managing Messenger Client Users in the Novell Messenger 3.0 Administration Guide.

Using the information you provide during installation, the Installation program creates a Scope Profile object in your Messenger system. When you view the properties of this object in the tree, you see the contexts you specified during installation. You can change the scope of your Messenger system as needed after installation, as described in Adding Users to Your Messenger System in Managing Messenger Client Users in the Novell Messenger 3.0 Administration Guide.

eDirectory Access and Authentication

Messenger is a directory-based application. Messenger agent configuration information, user information, and settings are stored in eDirectory. You can choose between two different methods of eDirectory access:

  • Direct Access: The Messenger agents can log directly into eDirectory to obtain the information they need. An advantage of direct access is fast access to a local eDirectory replica.

  • LDAP Access: The Messenger agents can be configured to access eDirectory through an LDAP server.

WORKSHEET

Under Item 9: Directory Access, mark whether you want the Messenger agents to use direct access or LDAP access to eDirectory.

If you are installing the Messenger agents on a Windows or Linux server, specify the IP address of an eDirectory replica. You can use only an IPV4 IP address for the eDirectory replica.

If you want to use LDAP access, specify the hostname and port number where the Messenger agents can communicate with the LDAP server. The default port number is 389 for non-SSL and 636 for SSL.

The initial eDirectory access method that you set up during installation determines how Messenger agents access eDirectory to obtain their configuration information and how the Messaging Agent accesses eDirectory on behalf of Messenger users when they log in to Messenger, search for contacts, establish conversations, and so on. Additional directory access alternatives can be configured after installation, as described in Customizing eDirectory Access for Users in the Novell Messenger 3.0 Administration Guide.

During installation, you must provide an eDirectory user name and password for the Messenger agents to use when accessing eDirectory. The simplest approach is to let them log in as an Admin equivalent user.

If you do not want to let the Messenger agents log in to eDirectory as an Admin equivalent user, you must set up an eDirectory user that meets these specific requirements:

  • Must be visible to the Messenger agents using the eDirectory access method you have selected (direct or LDAP).

  • Must be a trustee of your Messenger system object (MessengerService, by default) and have the following rights as a trustee in order to access the Messenger agent objects:

    Property

    Rights

    [All Attribute Rights]

    • Compare, Read, and Write

    • Inheritable

    [Entry Rights]

    • Browse, Create, Rename, and Delete

    • Inheritable

  • Must be a trustee of the eDirectory tree object or of the highest-level container object that contains all User objects that will be part of your Messenger system, and have the following rights as a trustee in order to access User objects:

    Property

    Rights

    [All Attribute Rights]

    • Compare and Read

    • Inheritable

    [Entry Rights]

    • Browse

    • Inheritable

    nnmBlocking nnmBlockingAllowList nnmBlockingDenyList nnmClientSettings nnmContactList nnmCustomStatusList nnmLastLogin

    • Compare, Read, and Write

    • Inheritable

Without sufficient rights to the Messenger system object, the Messenger agents cannot access their configuration information in eDirectory. Without sufficient rights to User objects, the Messaging Agent cannot access users’ contact lists, Messenger client settings, and other user-specific information.

WORKSHEET

Under Item 10: Directory Authentication, supply the user name and password that the Messenger agents can use to authenticate to eDirectory with the required rights.

For step-by-step instructions on setting up the required rights, see Assigning Required Rights for eDirectory Access in Managing Messenger Client Users in the Novell Messenger 3.0 Administration Guide.

Messenger System Security

Securing Communication between Messenger and eDirectory

By default, communication between the Messenger agents and eDirectory is not secure. Information obtained from eDirectory is not encrypted.

If you want to enable SSL encryption between the Messenger agents and eDirectory, you must use LDAP access, not direct access, to eDirectory. The Messenger agents must communicate with the LDAP server on the LDAP SSL port of 636, rather than on the default LDAP port of 389.

For additional security between the Messenger agents and eDirectory when using LDAP access, you can reference the root certificate for the server where the eDirectory replica accessed by the agents is located. Typically, the root certificate is named rootcert.der. On a Linux or Windows server, it is exported to a user-specified location after installation of eDirectory.

IMPORTANT:If you do not specify a root certificate, your LDAP server must be configured to accept clear text passwords.

Root certificates can be exported from ConsoleOne or iManager at any time after eDirectory is installed. For information about how to export a root certificate from iManager, see Exporting a Trusted Root or Public Key Certificate in the NetIQ Certificate Server Administration Guide.

WORKSHEET

Under Item 9: Directory Access, specify 636 as the LDAP port number and, if desired, provide the full path to the root certificate.

Securing Messenger Internal Communication

Internal communication in Messenger can either use an internal certificate, or an external certificate. If you decide to use an internal certificate, Messenger will create the certificate file and its private key for you. If you want to use an external certificate and private key, they must be available on your Messenger server.

WORKSHEET

Under Item 15: Security Configuration, specify the full path to the certificate file, your private key file (if separate from the certificate file), and the private key password.

If you want to move from internal certificates to external certificate or update your external certificates, follow the steps in Configuring Messaging Security with SSL Encryption in Managing the Messaging Agent in the Novell Messenger 3.0 Administration Guide.

3.1.3 Planning the Novell Messenger Agents

Your Novell Messenger system can include two agents:

  • Messaging Agent: Your Messenger system requires one Messaging Agent. The Messenger client communicates with the Messaging Agent for messaging, presence, and searching for users to add to the Messenger Contact List. The Messaging Agent also manages the queue for archiving conversations.

  • Archive Agent: If you want to enable archiving, your Messenger system requires one Archive Agent. The Archive Agent archives conversations, indexes conversations, and performs searches on the archive when contacted by an authorized Messenger user.

The following sections prepare you to supply the information required when installing the Messenger agents. Depending on the operating system you are installing to, some of these options might not apply:

Agent Platform

The agents are available as Linux executables and Windows executables.

WORKSHEET

Under Item 1: Server Information, mark the type of agents (Linux or Windows) that you want to install.

Agent Software Location

On Windows, you can specify where you want to install the Messenger agents. By default, they are installed to drive:\novell\nm where drive represents a mapped drive letter from the perspective of the Windows machine where you will run the Messenger Installation program.

On Linux, the Messenger agents are always installed to the bin and lib subdirectories of /opt/novell/messenger.

WORKSHEET

Under Item 3: Installation Path, specify the full path to the directory where you want to install the Windows Messenger agent software. If the directory does not exist, it will be created.

Agent Network Address and Ports

The Messenger Installation program obtains the IP address and DNS hostname of the server where you want to install the Messenger agents based on the agent software location you provide. If the server has multiple IP addresses and DNS hostnames associated with it, you can specify different information from what the Installation program obtained automatically.

In addition to the IP address and DNS hostname information, the Installation program also establishes the ports on which the Messenger agents listen for service requests. By default, the Messaging Agent listens for the Messenger client on client/server port 8300, meaning that conversations take place on port 8300. By default, the Archive Agent listens for the Messenger client on client/server port 8310, meaning that archive searches take place on port 8310. If a default port number is already in use on the server, select a different port number.

If you are using IPV6 for your Messenger agents, you must use the DNS hostname instead of the IP address for the agents.

WORKSHEET

Under Item 12: Server Address, list the IP address or DNS hostname of the server where you want to install the Messenger agents. If the default port numbers are in use on the server, specify unique port numbers for the Messenger agents.

Clustering Option for the Messenger Agents

Novell Cluster Services is a server clustering system that ensures high availability and manageability of critical network resources, including applications (such as the Messaging Agent and the Archive Agent) and volumes (where the Messenger queues and archive reside). Novell Cluster Services supports failover, failback, and migration of individually managed cluster resources. Novell Cluster Services is only available for OES Linux.

The Messenger agents can be configured to take advantage of the fault-tolerant environment provided by Novell Cluster Services. The Installation program adds a /cluster switch to the Messenger agent startup files. This tells the Messenger agents to use the cluster virtual server name rather than the specific server name in path names obtained from the Agent object properties in eDirectory or from startup switches.

In addition to Novell Cluster Services, Messenger also supports PolyServe and Heartbeat clusters. For additional information on how to install and configure PolyServe and Heartbeat clusters, see the GroupWise 2014 Interoperability Guide.

WORKSHEET

Under Item 13: Configure Agents for Clustering, mark whether you want to configure the Messenger agents for clustering.

For more information on clustering Messenger, see the GroupWise 2014 Interoperability Guide.

Linux Agent High Availability

The GroupWise High Availability service makes sure that if the Messaging Agent or the Archiving Agent goes down for any reason, it starts again automatically. On Windows, Microsoft Clustering Services automatically restarts a service that is not responding. On Linux, Novell Cluster Services does not include this capability, so it is built into the Novell Messenger Linux agents.

The GroupWise High Availability service (gwha) must be installed from the downloaded from the GroupWise image that you are running. After the gwha service has been installed, it starts when your server boots and makes sure that the Messaging Agent and the Archiving Agent are running. If it detects that one of these agents is no longer running, it immediately issues the command to start it. The High Availability service uses the GroupWise Monitor Agent to periodically check the status of the agents that it is responsible for restarting. For instructions on how to set up the High Availability service, see Section 3.2.4, Setting Up the High Availability Service. For information on configuring Monitor for the Novell Messaging agents, see Monitoring Messaging Agent Status in the Novell Messenger 3.0 Administration Guide.

Windows Server Options for the Windows Messenger Agents

You can run the Windows Messenger agents as Windows applications or as Windows services. When you run the agents as Windows services, they can run under a specific Windows user account, or they can run under the local system account, with no user name or password required. As with all Windows services, you can start the agents manually or have them start automatically each time the Windows server starts.

WORKSHEET

Under Item 2: Windows Server Options, select Install Agents as Windows Services if you want to run the Messenger agents as Windows services.

If you will run the agents as Windows services, under Item 8: Windows Service Options, record the account that the agents will run under (unless they will run under the local system account) and, if necessary, the password for the account. Also select whether you want the service to start automatically or manually.

If you want to use an SNMP manager program (such as the Management and Monitoring Services component of Novell ZENworks for Servers) to monitor the Windows Messenger agents, you must install some SNMP components along with the Windows Messenger agent software.

WORKSHEET

Under Item 2: Windows Server Options, select Install and Configure SNMP for Novell Messenger Agents if you want to use an SNMP manager program.

If this option is dimmed during installation, the SNMP service has not been set up on the Windows server where you are installing the Messenger agents. If you want to monitor the agents from an SNMP management program, the SNMP service must be enabled so that you can select this option. For information about setting up SNMP on a Windows server, see Using SNMP Monitoring Programs in Managing the Messaging Agent in the Novell Messenger 3.0 Administration Guide.