Lesson 1: Instant Messaging

Instant messaging (IM) is an evolving technology that introduces new features that no other messaging technology provides. Through instant messaging, friends may chat with one another on the Internet. Organizations, too, are increasingly noting its advantages. Instant messaging does not only allow you to exchange small messages without the overhead of composing and sending e-mail, but can also provide a backup communication path in case e-mail transfer is interrupted. Furthermore, instant messaging supports the propagation of presence information. You can see when other users are online, idle, or out of the office. You are also able to control who can contact you.

This lesson provides an overview of Instant Messaging as implemented into Exchange 2000 Server. It addresses the various roles that IM servers can assume in an IM domain, and introduces the Microsoft MSN Messenger client, which can be used to participate in an IM environment.

At the end of this lesson, you will be able to:

• Describe the technology and features of Instant Messaging.
• Install Instant Messaging on an Exchange 2000 server.
• Use MSN Messenger for Instant Messaging.

Estimated time to complete this lesson: 75 minutes

The Principle of Instant Messaging

Instant messaging is a client/server technology. Users work with IM client software to exchange text-based messages, and an IM server takes care of message routing and maintenance of presence information. Leading software vendors, including Microsoft and Lotus/IBM, jointly developed an Instant Messaging Presence Protocol (IMPP) specification that allows the exchange of presence information between different systems. Exchange 2000 Server, however, does not use this protocol.

IM Client Logon

When your client starts, it logs you on to Instant Messaging using your current user credentials, and then informs the IM server that you are now online. The server keeps track of this status information and propagates it to all other users that have registered interest in you. In technical language, presence information is propagated to all other users that have subscribed you as a contact. Your IM server also keeps track of your client connection by means of your workstation's IP address to route instant messages to you.

IM Authentication

Of course, your account must be enabled with instant messaging; otherwise, the server will reject your logon attempt (see Exercise 1 in this lesson). Using your current Windows 2000 user account and password, the IM client will log you on implicitly and does not prompt you for user information. Integrated Windows authentication is an easy and very secure method of authenticating users and therefore enabled by default. Only if you are working with an account that is not instant messaging—enabled will you be asked for logon credentials. You can read more about integrated Windows authentication in Chapter 11, "Internet-Based Client Access."

It is recommended to use the integrated Windows authentication, but users that work with instant messaging clients over firewalls or HTTP proxies may then be unable to log on. You can support them via Digest authentication over HTTP. Digest authentication is an Internet Standard that transmits password information in the form of encrypted hash values to the server. In Exchange 2000 Server, Digest authentication is enabled by default, but you also need to allow reversible password encryption under Windows 2000 Server to support this form of authentication. You need to enable the Store Password Using Reversible Encryption For All Users In The Domain setting in a Group Policy that applies to your users. In a Group Policy (for example, the Default Domain Policy object), this option is under Computer Configuration/Windows Settings/Security Settings/Account Policy/Password Policy. You can read more about Group Policies in the Windows 2000 Server product documentation.

NOTE

---

To verify whether Digest authentication is enabled, launch the Internet Services Manager utility. Open the Web site container where the InstMsg virtual directory is located, right-click InstMsg, select Properties, click on the Directory Security tab, and then, under Anonymous Access And Authentication Control, click Edit. In the Authentication Methods dialog box, make sure Digest Authentication For Windows Domain Servers is selected.

Obtaining Status Information

If you want to subscribe contacts to receive status information about other users to send them instant messages when they are online, you need to add them to your contact list. The contact list is also referred to as a buddy list. Your IM client will attempt to determine the status of new contacts as soon as you subscribe them by sending a status request to your IM server. If the contact resides on the same IM server, status information is obtained right away. Otherwise, the request is routed to your contact's local server to obtain the status information from there.

Maintaining Subscriber Lists

In addition to the status request, your client also issues a subscription request, which is likewise routed to the contact's home server. Each IM server must maintain subscriber lists for its local users to send notifications to each registered subscriber if the status of a local user changes. Having the server actively send status change notifications ensures that contact lists are always up to date.

However, contact subscriptions are temporary. Your client must periodically renew them to obtain continuous presence information from the server. Each IM client maintains its list of subscribed contacts in the Registry under the following key:

 HKEY_CURRENT_USER      \Software         \Microsoft           \Exchange             \Messenger                 \Profiles                      \http://<IM domain name>/Instmsg/Aliases/<User Alias>\Contacts 

Instant Messaging Client Software

The primary IM client is MSN Messenger. This client comes with Exchange 2000 Server and can be installed on Microsoft Windows 95/98, Microsoft Windows NT 4.0, and Microsoft Windows 2000. MSN Messenger requires Microsoft Internet Explorer 5.0. It is a good idea to start the IM client automatically when you log on to your Windows 2000 domain and keep it running for your entire session to be available for instant messages and to provide presence information. As soon as you close this application, your status will change to offline, and other users cannot send further instant messages to you.

NOTE

---

When you log on to Instant Messaging, MSN Messenger opens a window on the desktop automatically, which displays your subscribed contacts (the Contacts Online and Contacts Offline lists). Closing this window does not close MSN Messenger. The client remains active on your taskbar.

Controlling Presence Information

You can control your IM status in MSN Messenger using the Status button on the toolbar. Seven different status settings are provided: Online, Invisible (your presence information is not propagated), Busy, Be Right Back, Away From Computer, On The Phone, and Out To Lunch. Setting your status appropriately helps other users determine whether it makes sense to send you an instant message at a given moment. E-mail might be a better choice if you are out to lunch, for instance.

There are two further status indicators that the IM client sets for you automatically: Idle and Offline. Idle indicates that you haven't been working with your keyboard for a defined time. Offline is your status when you are logged off (that is, the client is closed).

NOTE

---

The MSN Messenger client allows you to block the propagation of presence information via the Privacy command, available on the Tools menu. You may also select the Notify Me When Passport Users Add Me To Their Contact Lists check box to be notified when another user adds you to his or her buddy list. Under Which MSN Messenger Service Users Have Added Me To Their Contact Lists, click View to display a list of users that have subscribed you as a contact.

Instant Messaging Implementation

Instant Messaging is not directly related to other services of Exchange 2000 Server. It is a technology for the World Wide Web. The communication between client and server takes place over the rendezvous protocol (RVP), a proprietary protocol developed by Microsoft as an extension to the Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV in turn extends HTTP, as discussed in Chapter 11, "Internet-Based Client Access." Instant messages are formatted in Extensible Markup Language (XML).

NOTE

---

A significant difference between e-mail and instant messages is that instant messages are not stored on an Exchange 2000 server. Instant messages are dynamic in nature, and they are lost when you close the MSN Messenger window.

Instant Messaging Service Integration

Instant Messaging requires Microsoft Windows 2000 Server and Internet Information Services (IIS) 5.0. It is not necessary to run Exchange 2000 Server on the same computer. However, you must have installed Exchange 2000 Server on at least one server in your organization to prepare the Active Directory forest.

Instant Messaging is implemented in an Internet Server Application Programming Interface (ISAPI)-based DLL called MSIMSRV.DLL, which will be registered for the World Wide Web publishing service in the IIS metabase. MSIMSRV.DLL runs as part of the IIS process (INETINFO.EXE). You can find this DLL in the \Program Files\Exchsrvr\Bin directory.

Components of the Internet Messenger Service

MSIMSRV.DLL represents the server application layer that communicates with other server-side Instant Messaging components, as well as the Active Directory directory service, and IM clients (see Figure 25.1). The server application layer maintains the IM node database (MSIMNODE.EDB) based on the Extensible Storage Engine (ESE). This database holds user status information, contact subscriptions, and client IP addresses of active Instant Messaging connections. The remaining Instant Messaging server components are the firewall topology module (FTM) and the locator service. FTM, for instance, provides IP-related data about IM servers that are located behind firewalls. The locator is used to determine home servers to dispatch notifications via an IM router.

Figure 25.1 Instant Messaging service components

FTM and Protected IP Addresses

If you are communicating with external users on the Internet indirectly through a firewall, you need to identify protected IP addresses. To specify firewall and HTTP proxy settings, launch Exchange System Manager, right-click Instant Messaging Settings under Global Settings in the console tree, select Properties, and then click on the Firewall Topology tab. Select This Network Is Protected By A Firewall, and then click Add to define protected IP address ranges. You can also specify a proxy server for outbound requests. The Instant Messaging Settings object will only exist if you have installed the Instant Messaging feature in your organization.

Clients with IP addresses outside the protected ranges communicate indirectly via IM router servers. Clients with IP addresses within the protected address range are allowed direct connections to IM home servers in an Instant Messaging domain. The purpose of IM routers in an IM domain is explained in the following sections.

Instant Messaging Domains

Instant Messaging resources are organized in domains, which have a purpose similar to that of regular Simple Mail Transfer Protocol (SMTP)-based e-mail domains. Instant Messaging domains contain users and IM virtual servers (see Figure 25.2).

Figure 25.2 Instant Messaging domains with router and home servers

IM Domain Names

Based on the domain name and the user alias, IM clients can locate their home servers. To simplify the messaging environment, you should match the Instant Messaging domain names of your users to their SMTP domain names, as demonstrated in Exercise 1. For instance, users in the SMTP domain bluesky-inc-10.com should have an IM domain name of im.bluesky-inc-10.com, which may be matched to bluesky-inc-10.com by means of a service (SRV) DNS record. The configuration of DNS servers is explained later in this lesson.

NOTE

---

Organizations with more than one Active Directory forest must configure separate IM domains, each representing an independent Instant Messaging installation.

IM Home Servers Versus IM Routers

Each Instant Messaging domain contains at least one home server, which hosts the IM accounts of users and maintains their status information. Up to 10,000 online users may be placed on a single IM home server. The home server communicates directly with IM clients via RVP.

Router servers, on the other hand, do not maintain any user accounts. Their purpose is to route instant messages between domains to the correct home servers of IM recipients. IM routers are especially important when exchanging instant messages with Internet users through firewalls. IM routers are supposed to have an upper limit of 20,000 users. If you need to support more users, install additional servers (see Figure 25.2).

TIP

---

It is recommended to install IM home servers and IM routers on different physical machines.

User Addresses for Instant Messaging

As mentioned earlier, instant messaging is primarily a Web-based technology. Consequently, every IM user must be identified through a unique Instant Messaging URL that points to the user's home server. This URL is known as the home server URL, which has the format http://<FQDN of IM home server>/instmsg/aliases/<user alias>/ (such as, http://bluesky-srv1.bluesky-inc-10.com/instmsg/aliases/administrator/). In addition, every IM user must own a second URL that points to the IM domain's router server. This URL is used for external communication. It is therefore called the domain URL or public URL. The public URL has the same format as the home server URL, but it should point to the IM router server instead of the home server. Only in environments with a single IM server are home server and public URLs the same.

NOTE

---

You can view the IM address information for your user account in Active Directory Users and Computers. Right-click your account, select Properties, switch to the Exchange Features tab, select Instant Messaging, and then click Properties. In the Instant Messaging dialog box, both the home server and public URL are displayed.

IM User Addresses

Although a Web-based technology, users see Instant Messaging primarily as an e-mail service. To provide users with a consistent address scheme for e-mail and Instant Messaging, IM user addresses have been standardized according to the SMTP address convention <User Name>@<IM Domain Name> (such as, Administrator@im.bluesky-inc-10.com). Based on this information, the client can construct the required URLs (http://< IM Domain Name>/Instmsg/Aliases/<User Name>/) internally to carry out the communication via RVP. This process is invisible to the user. However, it is important to note that the IM domain name must be registered in DNS. Otherwise, IM clients will not be able to determine the IP address of the required IM server.

Domain Name Service Dependencies

Instant Messaging domains must be registered in DNS. This is not much different than the registration of SMTP domains in DNS mail exchanger (MX) records. However, specific DNS record types have not been defined for Instant Messaging. Consequently, you need to register your IM domain in a host (A) record and specify the IP address of the IM router server. If you have configured multiple IM routers, you need to create a separate A record for each router using the same "host" (IM domain) name but the appropriate IP address—just as you would match the same host name to different IP addresses in a DNS round-robin configuration.

DNS and Client Logon

To log you on, the MSN Messenger Service needs to resolve the IM domain name that you have specified in your IM address, such as im.bluesky-inc-10.com. Through a DNS lookup, the IP address of your IM domains router server is obtained. The client connects to this server, and the router queries Active Directory to determine your IM home server. Your home server URL will be returned to your client, and based on this URL, the IM client can connect you to your IM home server. As outlined earlier, the home server URL contains the fully qualified domain name (FQDN) of your home server, which is resolved to the corresponding IP address in another DNS lookup. MSN Messenger connects to this server, and your home server validates your Active Directory account and password.

DNS and Message Routing

The routing of instant messages depends on DNS as well. Based on home server URLs, IM clients can send messages to servers of recipients directly if all resources are located within a protected network. Across the boundaries of protected networks, public URLs are used to forward messages to IM router servers first. An IM router can determine correct destinations based on IM domain names and forward the messages to other IM routers or home servers where the users reside.

NOTE

---

IM clients outside a protected network only connect to IM routers, which in turn communicate with IM home servers inside the protected network on behalf of the clients.

Service Location Resource Records for Instant Messaging

You have the option to add SRV resource records for IM routers to DNS to map the IM domain name to the service and the TCP port on which the service is provided. SRV records can simplify the IM addressing scheme because they allow you to register a common domain name for SMTP and Instant Messaging, such as Bluesky-inc-10.com.

The following is an example of an SRV record for the IM domain im.bluesky-inc-10.com:

 _rvp._tcp.bluesky-inc-10.com SRV 0 0 80 im.bluesky-inc-10.com 

The symbolic name for IM is _rvp, _tcp refers to the transport protocol, and bluesky-inc-10.com is the domain name that replaces the IM domain name (IM.Bluesky-inc-10.com). The two zeroes following SRV represent priority and weight, which can be used for load balancing between multiple servers. The TCP port number follows. It is set to 80 for Instant Messaging over HTTP. The SRV record is completed by the IM domain name, which corresponds to the FQDN of the IM router. In other words, this SRV record allows your users to specify IM user addresses as <User Alias>@Bluesky-inc-10.com instead of <User Alias>@IM.Bluesky-inc-10.com. You can read more about the creation of SRV resource records in the DNS documentation of Windows 2000 Server.

NOTE

---

The operating system of your workstation must be able to retrieve symbolic names; otherwise, it is not possible to simplify the IM addressing scheme. Windows 2000, for instance, fully supports SRV records.

System Monitoring of Instant Messaging

As an Instant Messaging administrator, you need to work with three main management utilities: Exchange System Manager to configure Instant Messaging servers and firewall settings; Active Directory Users and Computers to enable, move, or disable instant messaging users; and Internet Services Manager to stop, pause, or restart the virtual IIS server that provides access to the InstMsg virtual directory.

To track Instant Messaging activities, you can use the virtual IIS server's logging capabilities. In Internet Services Manager, right-click the Web site under which InstMsg is located, and then, on the Web Site tab, make sure the Enable Logging check box is selected. The virtual IIS server will write information about Instant Messaging activities to the logs in the \Winnt\System32\Logfiles\ W3svc1 directory. You can also check the virtual IIS server's state dynamically using the Performance tool. Important performance objects start with MSExchangeIM. The Performance tool was briefly discussed in Chapter 12, "Management Tools for Microsoft Exchange 2000 Server."

Exercise 1: Deploying Instant Messaging

In this exercise you will configure Instant Messaging on an Exchange 2000 server. You will also install Microsoft MSN Messenger to work with Instant Messaging.

To view a multimedia demonstration that displays how to perform this procedure, run the EX1CH25*.AVI files from the \Exercise_Information\Chapter25 folder on the Supplemental Course Materials CD.

Prerequisites

• Reboot BLUESKY-SRV1 and BLUESKY-WKSTA.
• Log on as Administrator to BLUESKY-SRV1.
• Insert the Exchange 2000 Server, Enterprise Edition, evaluation software installation CD into the CD-ROM drive of BLUESKY-SRV1. It is assumed that the CD-ROM drive is E.
• CarlT has been granted the rights of a local administrator for BLUESKY-WKSTA (on BLUESKY-SRV1, in Active Directory Users and Computers, right-click BLUESKY-WKSTA from the Computers container, select Manage, open the Local Users And Groups container, open Groups, double-click Administrators, and then use the Add button to add the account of Carl Titmouse from the Bluesky-inc-10.com domain to this group).
• For completeness, it is assumed that you have not set up Instant Messaging on BLUESKY-SRV1 yet. However, if you have followed Exercise 4 of Chapter 5, "Installing Microsoft Exchange 2000 Server," Instant Messaging is already installed, in which case you should begin the following procedure with Step 7.

To implement Instant Messaging in an Exchange 2000 server organization

1. Click Start, then select Run, and, in the Run dialog box, type e:\setup\i386\setup.exe. Click OK.
2. On the welcome screen of the Microsoft Exchange 2000 Installation Wizard, click Next.
3. On the Component Selection wizard screen, under Microsoft Exchange 2000, select Change. For Microsoft Exchange Instant Messaging Services, select Install (see Figure 25.3). Click Next.
4. On the Licensing Agreement wizard screen, select I Agree That, and then click Next.
5. On the Component Summary wizard screen, verify your selection, and then click Next.
6. Setup is now installing the Instant Messaging Services. On the final wizard screen, informing you that you have successfully installed the component, click Finish.

   

   Figure 25.3 Setting up an Instant Messaging virtual server

7. Start Exchange System Manager from the Microsoft Exchange program group.
8. Expand Administrative Groups, then First Administrative Group, then Servers, then expand BLUESKY-SRV1. Open the Protocols container, and then select Instant Messaging (RVP).
9. Right-click Instant Messaging (RVP), and select Properties to examine the location of the IM node database in the General tab. Click OK. If you are prompted to create the directories, click Yes.
10. Right-click Instant Messaging (RVP) again, point to New, and then select Instant Messaging Virtual Server.
11. On the welcome screen of the New Instant Messaging Virtual Server Wizard, click Next.
12. On the Enter Display Name wizard screen, type IMHOME-SRV1, and then click Next. IMHOME-SRV1 will be the name of the virtual server displayed in Exchange System Manager.
13. On the Choose IIS Web Site wizard screen, make sure Default Web Site is selected, and then click Next. Every Instant Messaging home server requires a separate IIS virtual server.
14. On the Domain Name wizard screen, type im.bluesky-inc-10.com, and then click Next. Because it is assumed that the home server also performs routing functions (a one-machine installation), the default domain name needs to be changed to the Instant Messaging domain name. For home servers that work with a dedicated IM router, you may accept the default domain name obtained from the server's IP configuration.
15. On the Instant Messaging Home Server wizard screen, select the Allow This Server To Host User Accounts check box, and then click Next.
16. On the final wizard screen, informing you that you have successfully created the virtual server, click Finish.
17. Launch the DNS Administration tool from the Administrative Tools program group.
18. Expand BLUESKY-SRV1, then Forward Lookup Zones, and then Bluesky-inc-10.com.
19. Right-click Bluesky-inc-10.com and select New Host.
20. In the New Host dialog box, type IM under Name (Uses Parent Domain Name If Blank), and type 192.168.1.22 under IP Address, and then click Add Host. If your server uses a different IP address, you need to change the configuration accordingly. You can obtain your server's configuration information at the command prompt via the IPCONFIG command.
21. In the DNS dialog box, informing you that the host record was successfully created, click OK. In the New Host dialog box, click Done.
22. In the DNS utility, right-click Bluesky-inc-10.com again, and then select Other New Records.
23. In the Resource Record Type dialog box, select Service Location from the list, and then click Create Record.
24. In the New Resource Record dialog box, type _rvp under Service, make sure _tcp is displayed under Protocol, change Port Number to 80, and then type im.bluesky-inc-10.com under Host Offering This Service (see Figure 25.4).
25. Click OK. In the Resource Record Type dialog box, click Done, and then close the DNS administration tool.
26. Start Active Directory Users and Computers from the Administrative Tools program group.
27. Right-click the Administrator account from the Users container, and then select Exchange Tasks.

    

    Figure 25.4 Configuring DNS for Instant Messaging

28. On the welcome screen of the Exchange Task Wizard, click Next.
29. On the Available Tasks wizard screen, select Enable Instant Messaging, and then click Next.
30. On the Enable Instant Messaging wizard screen, under Instant Messaging Home Server, click Browse.
31. In the Select Instant Messaging Server dialog box, double-click IMHOME-SRV1.
32. Verify that im.bluesky-inc-10.com is displayed under Instant Messaging Domain Name (see Figure 25.5), and then click Next.
33. On the final wizard screen, review the Instant Messaging User Address, Public URL, and Home Server URL, and then click Finish.
34. Repeat Steps 26 through 33 for the account of Carl Titmouse, and then close the Active Directory Users and Computers utility.

    

    Figure 25.5 Enabling Instant Messaging for Windows 2000 user accounts

35. Click Start, select Run, and, in the Run dialog box, type e:\instmsg\i386\client\usa\mmssetup.exe. Click OK.
36. In the Messenger Service 2.2 dialog box displaying the licensing agreement, click Yes to begin the client installation.
37. On the welcome screen of the MSN Messenger Service wizard, click Next.
38. On the Provide Microsoft Exchange Instant Messaging Information wizard screen, make sure the Use This Program To Talk To My Microsoft Exchange Contacts check box is selected, and, under E-mail Address, type Administrator@Bluesky-inc-10.com (see Figure 25.6). (For Carl Titmouse, type CarlT@Bluesky-inc-10.com.)
39. Click Next, and, on the Get A Free Passport wizard screen, select the Use Exchange Instant Messaging Only check box, and then click Next.
40. On the final wizard screen, click Finish.
41. The MSN Messenger Service will be launched automatically. Verify that you are successfully logged in. The status bar will display Administrator (Online).

    

    Figure 25.6 Installing the MSN Messenger Service

42. On BLUESKY-WKSTA, log on as Carl Titmouse, insert the Exchange 2000 Server installation CD into the CD-ROM drive, and repeat Steps 35 through 40 to set up the MSN Messenger Service.
43. In the MSN Messenger Service application of Carl Titmouse, click Add on the toolbar, accept the default By E-mail Address option on the Add A Contact wizard screen, and then click Next.
44. On the second wizard screen, type Administrator@Bluesky-inc-10.com, and then click Next and Finish.
45. Verify that the Administrator is now listed in the MSN Messenger Service application under Contacts Currently Online (see Figure 25.7).
46. On the toolbar, click Send, and then select Administrator.
47. In the Administrator—Instant Message window, type Instant Messaging is a cool technology because it allows you to send and receive immediate messages and supports presence information. Click Send.
48. On BLUESKY-SRV1, verify that the arrival of an instant message is indicated on the taskbar, click on it to open the Carl Titmouse — Instant Message window, type Goodbye, Carl, and then click Send.
49. Close the Carl Titmouse — Instant Message window, click Status on the toolbar of the MSN Messenger Service application, and then select Appear Offline.
50. On BLUESKY-WKSTA, verify that Carl Titmouse's MSN Messenger client immediately lists the Administrator under Contacts Not Online.

    

    Figure 25.7 Adding a contact to the MSN Messenger Service

Exercise Summary

To install Instant Messaging, you need to launch the Exchange 2000 Setup program. During the installation, Setup will update the Active Directory schema with IM-related classes and attributes and register an IM management snap-in. You can use this snap-in separately or as part of Exchange System Manager to manage Instant Messaging settings. You need to be an Exchange Administrator to configure IM home servers and routers. To manage IM users, use the Exchange Task Wizard in Active Directory Users and Computers, which allows you to enable or disable Instant Messaging or change the IM home server. Domain Administrator permissions are required for the domain that contains the user accounts. As soon as your account has been enabled with Instant Messaging, you can use the MSN Messenger client to subscribe contacts and exchange instant messages.