Extending web chat to external clients and mobile users
To set up Sametime® Communicate for external users, you need to host the Sametime Proxy Server in the DMZ in a stand-alone cell or as a managed node that's part of the internal cell. All other servers can in behind the firewall in the intranet.
You must decide if the Sametime Proxy Server will be in its own stand-alone cell or part of the internal cell. If part of the internal cell, there's no difference in functionality. The difference is in the deployment model and how the Sametime Proxy Server node is to be managed.
For iOS users, access to DB2® is required for message storage. Network access to Apple Push Notification Service (APNS) is also required. The Sametime System Console is required for policy management and the DB2 license. Deployment without the Sametime System Console is not recommended. Google users require access to Google Cloud Messaging.
Stand-alone cell deployment
If you decide to deploy the Sametime Proxy Server in a stand-alone cell, choose the Cell option when deploying the Sametime Proxy Server using the Sametime System Console. Installation will include its own Deployment Manager and Integrated Solutions Console for local WebSphere® Application Server administration. A stand-alone cell has no communication with the internal Sametime cell from a WebSphere Application Server perspective.
- LDAP
- DB2
- Sametime Community Server
- Sametime System Console
- Media Manager
- Conference Manager
- Video Manager
- Video MCU
- SIP Proxy Registrar
- Sametime Proxy Server
- Community Server in the intranet to Sametime Proxy Server in the DMZ: TCP 1516
- LDAP and Media Manager: TCP 389 or 636
- Community Server and Sametime Proxy Server: TCP 1516
- Community Server and Media Manager: TCP 1516
- DB2 in the intranet and Sametime Proxy Server and Sametime Meeting Server in the extranet: TCP 50000 or 50001
- Internal client and Community Server: VP 1533
- Internal client and Meeting Server: TCP 80 or 443
- Internal client and Sametime Proxy Server: TCP 80 or 443
- Internal client and Media Manager in the intranet:
- TCP 5060
- UDP outbound 420001 to 43000 (audio)
- UDP outbound 46001 to 47000 (video)
- UDP inbound 42000 to 43000 (audio)
- UDP inbound 46000 to 47000 (video)
- Over the SOAP protocol for administration of Sametime Proxy Server features from the Sametime System Console
- Over HTTP for installation and upgrades to the Sametime System Console
- 9080/9443 to the Sametime System Console for installation and registration
- 1516 to your Community Servers for server traffic
- 389/636 to LDAP (optional)
- 50000/50001 to DB2 for iOS message storage
- 2195/2196 for APNS traffic
- 9080/9443 for Web traffic (configurable)
Managed node deployment
You can deploy the Sametime Proxy Server as a managed node that's part of internal cell. At installation, choose Primary Node, if installing a first server, or Secondary Node if adding a cluster member. This deployment uses the Sametime System Console for WebSphere Application Server administration and be part of the internal cell from a WebSphere Application Server perspective.
- Over the SOAP protocol for administration of Sametime Proxy Server features from the Sametime System Console
- Over HTTP for installation and upgrades to the Sametime System Console
- 9080/9443/8701/8703 to the Sametime System Console for installation and registration
- 1516 to your Community Servers for server traffic
- 389/636 to LDAP (required)
- 50000/50001 to DB2 for iOS message storage
- WebSphere ports
- 2195/2196 for APNS traffic
- 9080/9443 for Web traffic (configurable)
The following diagram shows a Sametime Proxy Server deployed in the DMZ to support browser and mobile clients for external users. The red line indicates how internal users would access Sametime using a browser.