Instant messaging (IM) is an evolving technology that introduces new features that no other messaging technology provides. Through instant messaging, friends may chat with one another on the Internet. Organizations, too, are increasingly noting its advantages. Instant messaging does not only allow you to exchange small messages without the overhead of composing and sending e-mail, but can also provide a backup communication path in case e-mail transfer is interrupted. Furthermore, instant messaging supports the propagation of presence information. You can see when other users are online, idle, or out of the office. You are also able to control who can contact you.
This lesson provides an overview of Instant Messaging as implemented into Exchange 2000 Server. It addresses the various roles that IM servers can assume in an IM domain, and introduces the Microsoft MSN Messenger client, which can be used to participate in an IM environment.
At the end of this lesson, you will be able to:
Estimated time to complete this lesson: 75 minutes
Instant messaging is a client/server technology. Users work with IM client software to exchange text-based messages, and an IM server takes care of message routing and maintenance of presence information. Leading software vendors, including Microsoft and Lotus/IBM, jointly developed an Instant Messaging Presence Protocol (IMPP) specification that allows the exchange of presence information between different systems. Exchange 2000 Server, however, does not use this protocol.
When your client starts, it logs you on to Instant Messaging using your current user credentials, and then informs the IM server that you are now online. The server keeps track of this status information and propagates it to all other users that have registered interest in you. In technical language, presence information is propagated to all other users that have subscribed you as a contact. Your IM server also keeps track of your client connection by means of your workstation's IP address to route instant messages to you.
Of course, your account must be enabled with instant messaging; otherwise, the server will reject your logon attempt (see Exercise 1 in this lesson). Using your current Windows 2000 user account and password, the IM client will log you on implicitly and does not prompt you for user information. Integrated Windows authentication is an easy and very secure method of authenticating users and therefore enabled by default. Only if you are working with an account that is not instant messaging—enabled will you be asked for logon credentials. You can read more about integrated Windows authentication in Chapter 11, "Internet-Based Client Access."
It is recommended to use the integrated Windows authentication, but users that work with instant messaging clients over firewalls or HTTP proxies may then be unable to log on. You can support them via Digest authentication over HTTP. Digest authentication is an Internet Standard that transmits password information in the form of encrypted hash values to the server. In Exchange 2000 Server, Digest authentication is enabled by default, but you also need to allow reversible password encryption under Windows 2000 Server to support this form of authentication. You need to enable the Store Password Using Reversible Encryption For All Users In The Domain setting in a Group Policy that applies to your users. In a Group Policy (for example, the Default Domain Policy object), this option is under Computer Configuration/Windows Settings/Security Settings/Account Policy/Password Policy. You can read more about Group Policies in the Windows 2000 Server product documentation.
NOTE
To verify whether Digest authentication is enabled, launch the Internet Services Manager utility. Open the Web site container where the InstMsg virtual directory is located, right-click InstMsg, select Properties, click on the Directory Security tab, and then, under Anonymous Access And Authentication Control, click Edit. In the Authentication Methods dialog box, make sure Digest Authentication For Windows Domain Servers is selected.
If you want to subscribe contacts to receive status information about other users to send them instant messages when they are online, you need to add them to your contact list. The contact list is also referred to as a buddy list. Your IM client will attempt to determine the status of new contacts as soon as you subscribe them by sending a status request to your IM server. If the contact resides on the same IM server, status information is obtained right away. Otherwise, the request is routed to your contact's local server to obtain the status information from there.
In addition to the status request, your client also issues a subscription request, which is likewise routed to the contact's home server. Each IM server must maintain subscriber lists for its local users to send notifications to each registered subscriber if the status of a local user changes. Having the server actively send status change notifications ensures that contact lists are always up to date.
However, contact subscriptions are temporary. Your client must periodically renew them to obtain continuous presence information from the server. Each IM client maintains its list of subscribed contacts in the Registry under the following key:
HKEY_CURRENT_USER \Software \Microsoft \Exchange \Messenger \Profiles \http://<IM domain name>/Instmsg/Aliases/<User Alias>\Contacts
The primary IM client is MSN Messenger. This client comes with Exchange 2000 Server and can be installed on Microsoft Windows 95/98, Microsoft Windows NT 4.0, and Microsoft Windows 2000. MSN Messenger requires Microsoft Internet Explorer 5.0. It is a good idea to start the IM client automatically when you log on to your Windows 2000 domain and keep it running for your entire session to be available for instant messages and to provide presence information. As soon as you close this application, your status will change to offline, and other users cannot send further instant messages to you.
NOTE
When you log on to Instant Messaging, MSN Messenger opens a window on the desktop automatically, which displays your subscribed contacts (the Contacts Online and Contacts Offline lists). Closing this window does not close MSN Messenger. The client remains active on your taskbar.
You can control your IM status in MSN Messenger using the Status button on the toolbar. Seven different status settings are provided: Online, Invisible (your presence information is not propagated), Busy, Be Right Back, Away From Computer, On The Phone, and Out To Lunch. Setting your status appropriately helps other users determine whether it makes sense to send you an instant message at a given moment. E-mail might be a better choice if you are out to lunch, for instance.
There are two further status indicators that the IM client sets for you automatically: Idle and Offline. Idle indicates that you haven't been working with your keyboard for a defined time. Offline is your status when you are logged off (that is, the client is closed).
NOTE
The MSN Messenger client allows you to block the propagation of presence information via the Privacy command, available on the Tools menu. You may also select the Notify Me When Passport Users Add Me To Their Contact Lists check box to be notified when another user adds you to his or her buddy list. Under Which MSN Messenger Service Users Have Added Me To Their Contact Lists, click View to display a list of users that have subscribed you as a contact.
Instant Messaging is not directly related to other services of Exchange 2000 Server. It is a technology for the World Wide Web. The communication between client and server takes place over the rendezvous protocol (RVP), a proprietary protocol developed by Microsoft as an extension to the Web Distributed Authoring and Versioning (WebDAV) protocol. WebDAV in turn extends HTTP, as discussed in Chapter 11, "Internet-Based Client Access." Instant messages are formatted in Extensible Markup Language (XML).
NOTE
A significant difference between e-mail and instant messages is that instant messages are not stored on an Exchange 2000 server. Instant messages are dynamic in nature, and they are lost when you close the MSN Messenger window.
Instant Messaging requires Microsoft Windows 2000 Server and Internet Information Services (IIS) 5.0. It is not necessary to run Exchange 2000 Server on the same computer. However, you must have installed Exchange 2000 Server on at least one server in your organization to prepare the Active Directory forest.
Instant Messaging is implemented in an Internet Server Application Programming Interface (ISAPI)-based DLL called MSIMSRV.DLL, which will be registered for the World Wide Web publishing service in the IIS metabase. MSIMSRV.DLL runs as part of the IIS process (INETINFO.EXE). You can find this DLL in the \Program Files\Exchsrvr\Bin directory.
MSIMSRV.DLL represents the server application layer that communicates with other server-side Instant Messaging components, as well as the Active Directory directory service, and IM clients (see Figure 25.1). The server application layer maintains the IM node database (MSIMNODE.EDB) based on the Extensible Storage Engine (ESE). This database holds user status information, contact subscriptions, and client IP addresses of active Instant Messaging connections. The remaining Instant Messaging server components are the firewall topology module (FTM) and the locator service. FTM, for instance, provides IP-related data about IM servers that are located behind firewalls. The locator is used to determine home servers to dispatch notifications via an IM router.
Figure 25.1 Instant Messaging service components
If you are communicating with external users on the Internet indirectly through a firewall, you need to identify protected IP addresses. To specify firewall and HTTP proxy settings, launch Exchange System Manager, right-click Instant Messaging Settings under Global Settings in the console tree, select Properties, and then click on the Firewall Topology tab. Select This Network Is Protected By A Firewall, and then click Add to define protected IP address ranges. You can also specify a proxy server for outbound requests. The Instant Messaging Settings object will only exist if you have installed the Instant Messaging feature in your organization.
Clients with IP addresses outside the protected ranges communicate indirectly via IM router servers. Clients with IP addresses within the protected address range are allowed direct connections to IM home servers in an Instant Messaging domain. The purpose of IM routers in an IM domain is explained in the following sections.
Instant Messaging resources are organized in domains, which have a purpose similar to that of regular Simple Mail Transfer Protocol (SMTP)-based e-mail domains. Instant Messaging domains contain users and IM virtual servers (see Figure 25.2).
Figure 25.2 Instant Messaging domains with router and home servers
Based on the domain name and the user alias, IM clients can locate their home servers. To simplify the messaging environment, you should match the Instant Messaging domain names of your users to their SMTP domain names, as demonstrated in Exercise 1. For instance, users in the SMTP domain bluesky-inc-10.com should have an IM domain name of im.bluesky-inc-10.com, which may be matched to bluesky-inc-10.com by means of a service (SRV) DNS record. The configuration of DNS servers is explained later in this lesson.
NOTE
Organizations with more than one Active Directory forest must configure separate IM domains, each representing an independent Instant Messaging installation.
Each Instant Messaging domain contains at least one home server, which hosts the IM accounts of users and maintains their status information. Up to 10,000 online users may be placed on a single IM home server. The home server communicates directly with IM clients via RVP.
Router servers, on the other hand, do not maintain any user accounts. Their purpose is to route instant messages between domains to the correct home servers of IM recipients. IM routers are especially important when exchanging instant messages with Internet users through firewalls. IM routers are supposed to have an upper limit of 20,000 users. If you need to support more users, install additional servers (see Figure 25.2).
TIP
It is recommended to install IM home servers and IM routers on different physical machines.
As mentioned earlier, instant messaging is primarily a Web-based technology. Consequently, every IM user must be identified through a unique Instant Messaging URL that points to the user's home server. This URL is known as the home server URL, which has the format http://<FQDN of IM home server>/instmsg/aliases/<user alias>/ (such as, http://bluesky-srv1.bluesky-inc-10.com/instmsg/aliases/administrator/). In addition, every IM user must own a second URL that points to the IM domain's router server. This URL is used for external communication. It is therefore called the domain URL or public URL. The public URL has the same format as the home server URL, but it should point to the IM router server instead of the home server. Only in environments with a single IM server are home server and public URLs the same.
NOTE
You can view the IM address information for your user account in Active Directory Users and Computers. Right-click your account, select Properties, switch to the Exchange Features tab, select Instant Messaging, and then click Properties. In the Instant Messaging dialog box, both the home server and public URL are displayed.
Although a Web-based technology, users see Instant Messaging primarily as an e-mail service. To provide users with a consistent address scheme for e-mail and Instant Messaging, IM user addresses have been standardized according to the SMTP address convention <User Name>@<IM Domain Name> (such as, Administrator@im.bluesky-inc-10.com). Based on this information, the client can construct the required URLs (http://< IM Domain Name>/Instmsg/Aliases/<User Name>/) internally to carry out the communication via RVP. This process is invisible to the user. However, it is important to note that the IM domain name must be registered in DNS. Otherwise, IM clients will not be able to determine the IP address of the required IM server.
Instant Messaging domains must be registered in DNS. This is not much different than the registration of SMTP domains in DNS mail exchanger (MX) records. However, specific DNS record types have not been defined for Instant Messaging. Consequently, you need to register your IM domain in a host (A) record and specify the IP address of the IM router server. If you have configured multiple IM routers, you need to create a separate A record for each router using the same "host" (IM domain) name but the appropriate IP address—just as you would match the same host name to different IP addresses in a DNS round-robin configuration.
To log you on, the MSN Messenger Service needs to resolve the IM domain name that you have specified in your IM address, such as im.bluesky-inc-10.com. Through a DNS lookup, the IP address of your IM domains router server is obtained. The client connects to this server, and the router queries Active Directory to determine your IM home server. Your home server URL will be returned to your client, and based on this URL, the IM client can connect you to your IM home server. As outlined earlier, the home server URL contains the fully qualified domain name (FQDN) of your home server, which is resolved to the corresponding IP address in another DNS lookup. MSN Messenger connects to this server, and your home server validates your Active Directory account and password.
The routing of instant messages depends on DNS as well. Based on home server URLs, IM clients can send messages to servers of recipients directly if all resources are located within a protected network. Across the boundaries of protected networks, public URLs are used to forward messages to IM router servers first. An IM router can determine correct destinations based on IM domain names and forward the messages to other IM routers or home servers where the users reside.
NOTE
IM clients outside a protected network only connect to IM routers, which in turn communicate with IM home servers inside the protected network on behalf of the clients.
You have the option to add SRV resource records for IM routers to DNS to map the IM domain name to the service and the TCP port on which the service is provided. SRV records can simplify the IM addressing scheme because they allow you to register a common domain name for SMTP and Instant Messaging, such as Bluesky-inc-10.com.
The following is an example of an SRV record for the IM domain im.bluesky-inc-10.com:
_rvp._tcp.bluesky-inc-10.com SRV 0 0 80 im.bluesky-inc-10.com
The symbolic name for IM is _rvp, _tcp refers to the transport protocol, and bluesky-inc-10.com is the domain name that replaces the IM domain name (IM.Bluesky-inc-10.com). The two zeroes following SRV represent priority and weight, which can be used for load balancing between multiple servers. The TCP port number follows. It is set to 80 for Instant Messaging over HTTP. The SRV record is completed by the IM domain name, which corresponds to the FQDN of the IM router. In other words, this SRV record allows your users to specify IM user addresses as <User Alias>@Bluesky-inc-10.com instead of <User Alias>@IM.Bluesky-inc-10.com. You can read more about the creation of SRV resource records in the DNS documentation of Windows 2000 Server.
NOTE
The operating system of your workstation must be able to retrieve symbolic names; otherwise, it is not possible to simplify the IM addressing scheme. Windows 2000, for instance, fully supports SRV records.
As an Instant Messaging administrator, you need to work with three main management utilities: Exchange System Manager to configure Instant Messaging servers and firewall settings; Active Directory Users and Computers to enable, move, or disable instant messaging users; and Internet Services Manager to stop, pause, or restart the virtual IIS server that provides access to the InstMsg virtual directory.
To track Instant Messaging activities, you can use the virtual IIS server's logging capabilities. In Internet Services Manager, right-click the Web site under which InstMsg is located, and then, on the Web Site tab, make sure the Enable Logging check box is selected. The virtual IIS server will write information about Instant Messaging activities to the logs in the \Winnt\System32\Logfiles\ W3svc1 directory. You can also check the virtual IIS server's state dynamically using the Performance tool. Important performance objects start with MSExchangeIM. The Performance tool was briefly discussed in Chapter 12, "Management Tools for Microsoft Exchange 2000 Server."
In this exercise you will configure Instant Messaging on an Exchange 2000 server. You will also install Microsoft MSN Messenger to work with Instant Messaging.
To view a multimedia demonstration that displays how to perform this procedure, run the EX1CH25*.AVI files from the \Exercise_Information\Chapter25 folder on the Supplemental Course Materials CD.
To implement Instant Messaging in an Exchange 2000 server organization
Figure 25.3 Setting up an Instant Messaging virtual server
Figure 25.4 Configuring DNS for Instant Messaging
Figure 25.5 Enabling Instant Messaging for Windows 2000 user accounts
Figure 25.6 Installing the MSN Messenger Service
Figure 25.7 Adding a contact to the MSN Messenger Service
To install Instant Messaging, you need to launch the Exchange 2000 Setup program. During the installation, Setup will update the Active Directory schema with IM-related classes and attributes and register an IM management snap-in. You can use this snap-in separately or as part of Exchange System Manager to manage Instant Messaging settings. You need to be an Exchange Administrator to configure IM home servers and routers. To manage IM users, use the Exchange Task Wizard in Active Directory Users and Computers, which allows you to enable or disable Instant Messaging or change the IM home server. Domain Administrator permissions are required for the domain that contains the user accounts. As soon as your account has been enabled with Instant Messaging, you can use the MSN Messenger client to subscribe contacts and exchange instant messages.