When you deploy secure applications that allow users to connect to IBM®
Sametime®, ensure that your users connect to their home Sametime Community Servers or home clusters. You can prevent
users from connecting to remote servers by specifying trusted IP addresses and rejecting forwarded
log-ins during the log-in process.
About this task
For users that must log in through a secure application, the Sametime Community Server should allow them to connect only
through the home server. The Sametime Community Mux Server
should only accept connections that come from the application's IP addresses. You must dedicate a
specific Community Mux to a specific Sametime Community
Server, and limit users to connecting to that Mux through the secure applicatoin. This applies to
local Community Mux services hosted on the Sametime
Community Server, as well as to stand-alone Community Mux servers. Use the following settings on all
Sametime Community Servers and Sametime Community Mux servers in your deployment.
Procedure
- Use a text editor to open the sametime.ini file
located in the Sametime Community
server installation directory.
- In the
[Connectivity]
section, add or
create a comma-separated list of trusted IP addresses of proxy servers.
VPMX_TRUSTED_CLIENT_IPS=IPaddress1, IPaddress2
Only
clients originating from one of the IP addresses in this list are
allowed to connect to
Sametime.
An empty list (the default) means that this feature is disabled and
clients from all IP addresses can connect to
Sametime.
- Create or edit the VP_REJECT_FORWARDED_LOGINS setting
so that forwarded logins are rejected.
VP_REJECT_FORWARDED_LOGINS=1
When that setting is
set to
1, users must connect to their assigned home servers. This is essential
when users must connect through the secure applicatoin.
- Save the sametime.ini file.