Instant messaging and Access manager - configuration question
I am in the process of implementing IM using access manager as the policy authoritity.
The existing access manager configuration is an access manager site defined behind a load balancer (ie: the site am.server.com consists of a farm of servers amserver1.server.com .... N).I understand that you have to put the instant messenger components on a web container which has the Access Manager software installed on it.
I plan to put the access manager software on separate servers co-resident with the instant messaging software. These new servers will be outside of the access manager site definition but will share the same encryption keys/secrets as the production servers. As well, cookies created by these servers will be recorded in the failover databases of the primary production servers so that IM logins will contribute to the enterprise SSO.
I just would like to know if this is a general architecture in use for the IM software or do people just put the im software on their production access manager instances and widen the farms as performance suffers.
thanks
steve
# 1
Hi Steve,
Of the three components relevent in this case :
1) the core server itself.
2) the webapplication - also referred to as client resources.
3) Multiplexors.
The webapplication which gets hosted on the app/web server - contains only static information.
That is, it has the client jars, jnlp's for fetching these, a few jsp and launcher html files for endusers to launch the im client over webstart.
So, this webclient can be moved to any webcontainer of your choice - and has no restrictions or dependencies on anything.
Just install the client resources on any server of your choice (which is accessible by end users) and configure/deploy it to your webserver - it needs no access to the backend in any way at all.
The IM server uses the access manager sdk (amsdk) to talk to access manager - hence, you will need to modify AMConfig.properties appropriately in case you are making the deployment changes after installation and configuration of IM and amsdk on IM server (please refer to IM and AM documentation for more info on how to do this).
Since what you are attempting looks like a AM supported config, you should not have any issues in configuring IM with that for auth and policy enforcement.
The multiplexor is totally oblivious to all this - just needs to be accessible by clients and should be able to talk to server - thats all.
Hope this helps.
Regards,
Mridul
