Overview of the IBM Mobile Connect Product and Architecture
The follow is a document on the general components and architecture of the IBM Mobile Connect product. The goal of this document is to help understand the basic fundamentals for understanding the necessary components and architecture to deploy a IBM Mobile Connect architecture.
Additional details and information for actual deployment activities should be referenced on the IBM website at the following link if necessary or required. Please Note if you never worked or deployed the IMC product It is recommend to get some assistance to help with the deployment configuration and valuable knowledge transfer.
Let's review all the primary components of the IBM Mobile Connect product. The IBM Mobile Connect product performs two basic functions and services offerings.
Installable full client VPN implementation and services – This mode performs and requires a full client to be installed on PCs and mobile devices etc. and configured to access services available via the IBM Mobile Connect settings. This mode allows VPN access to internal network servers and services.
Clientless (HTTPS) mode and services – The clientless mode allows HTTPS /HTTP base access and services with security. The services are provided via the IBM Mobile Connect architecture and incorporate a reverse proxy style access to the applications or services required. This mode will allow access to configured HTTP /HTTPS servers. No client software is required.
Core architecture components for the IBM Mobile Connect product.
Persistent data storage
Specific types of data are persistently stored for use by the Connection Manager.
The Connection Manager integrates all supported networks within a single multihomed host. It can also support and connect to radio networks and any wireline network from local area networks (LANs) to wide area networks (WANs).
The Gatekeeper is an easy-to-use administrative interface. With Gatekeeper, you can define and manage resources. Additionally, you can configure Connection Managers, register users and mobile devices, specify logging and tracing controls, and complete many other administrative tasks and configuration of services.
The Connection Manager connects with clients based on which features are installed and configured. Installed or Client-less
Network providers are specific network bearers, both IP and non-IP, to which the Connection Manager connects. The support for network providers varies by protocols used by the operators of the networks.
These are the following components that make up the IBM Mobile Connect product. Many of these features may not be used or leveraged for a typical IBM Traveler /iNotes architecture or deployment. Now we will focus in on the primary components that are used for IBM Traveler or other IBM HTTP services.
The IMC components and architecture for a IBM Traveler deployment and usage.
The following are the primary components that most administrators or support team members will be using or leveraging in the IBM Mobile Connect product for a implementation and support with a IBM Traveler. These consist of:
Gatekeeper and configurations – This component will provide the GUI interface for managing configuring and updating the IBM Mobile Connect servers configurations.
Connection manager configurations – This component will provide access to the HTTP services and applications supported for the configuration or deployment.
Directory services server component –This component is necessary to authenticate to the source directory services server being used for users authentication profiles.
Authentication profiles –This provides authentication and SSL token support for users accessibility usage and authentication profiles created and managed by the IBM Mobile Connect servers to other Application services i.e Traveler servers, etc.
Additionally a SQL database IBM DB2, Microsoft SQL, Oracle is required for supporting the users profile and configuration information. As there is a local storage model, but this is only used for very small deployments of less than 100 concurrent users. Over 100 users it required that you use one of the following SQL databases mentioned above. Please note that one DB Server or Instance can support multiple IMC servers but is a single point of failure. You can create a DB Instances on separate Servers if you what to HA the Database support for the IMC servers or use HA modes of the SQL servers themselves.
Please reference the system requirements link below for all additional support and product availability for deploying the IMC server.
The next several pages will help you visualize each one of these components, their usage and how they integrate and operate or depend on each other to provide the overall IBM Mobile Connect architecture and services.
Also Note additional components may be necessary for your IMC / Traveler HA architecture such as load balancers. Load-balancing requirements are very generic meaning it does not require the purchasing or use of an expensive intelligent load-load balancer such as BigIP F5. You can use simple load balancers like Cisco CSS or even virtualized software based load-balancing solutions.
Let take a look for a End to End Architecture for a IMC / Traveler HA deployment and all its required components.
IMC and Traveler HA Architecture Overview.
The diagram above displays a basic architectural components required for a IMC and Lotus Traveler HA architectural flow. The goal is to give you a visual of the different components and interactions between each application services platform. Based off your final requirements or design additional changes would be adjusted or implemented to support additional requirements. In most cases the general flow for communications and activities will be the same as the model example above.
Gatekeeper components diagram
Below is an example of what the gatekeeper component will look like when launching or entering the gatekeeper component.
The Gatekeeper provides the administration GUI for or all administration activities including configurations, installation of new services, and stop and start activities. The diagram below provides a visual of what the gatekeeper interface looks like:
As you can see there's a hierarchical layout for system configurations services and other components. Using the right-hand mouse clicking on many of the items listed above will provide additional details or actions that can be performed. Also double-clicking one of the selective services under System folder will bring up the details for each one of the components or services listed in the diagram above. The example above also list the IBM Mobile Connect for Traveler architectural components looks like and this is a functional IMC /Traveler and iNotes configuration above.
Note that one gatekeeper can manage all IMC servers and configurations if you have more then one IMC server.
Directory services and server
In most cases the first item that needs to be deployed or created is the directory services component or services. This is typically a LDAP directory or active directory configuration. The following is an example of what the directory services server configuration may look like.
Here you can see we are pointing at a Domino LDAP server. To understand more about the configuration you can double-click the entry or select the system folder right-hand mouse click and create a new directory services server. Additional information will be requested to authenticate and access the directory services servers information.
Once the directory services servers have been created and configured you can now create the authentication profile or profiles.
Authentication profile configurations
Authentication profiles provide the mapping of key information between the directory servers configured and the additional single sign-on token activities. As you will see there are plenty of tabs and configuration options that will exist with me authentication profile. This document does not cover the full details for each one of these configuration options. At the end of this document some additional links will be provided for helping you configure the IBM Mobile Connect product for a Traveler installation and additional documentation links already provided in this document
The main take away is to be sure to align your directory services server LDAP and single sign-on information including keys and fields that will be used for mapping users authentication request. Additional import and export of keys will also be vital for the authentication profile to either map the token and information or re-authenticate the user's information for future reference and storage. Note Authentication Profiles is one major area that is most customers don't configure correctly and spend lost hours or days troubleshooting issues. The other is in the Connection manager and HTTP Service sections.
Connection Manager & Components
The following is a examples of the connection managers and its components. The connection manager provides the networking or protocol services needed to perform communications between the IBM Mobile Connect server and the target servers. For Traveler and other web-based services we will be using HTTP component. The example below provides a visual of how this component will be used or configured. Again you will see there a number of tabs that must be reviewed and configured in order to support HTTP services and request.
The primary take away from the connection manager is what will align HTTP requests and activities between the common URL and the target servers to be routed to or from the devices or other connection services and sources i.e. iNotes, others. The primary tabs that you will want to configure include the Service, Server, Mode, General, and IBM mobility tabs. Also note that the connection manager can be started or stopped but consists of two different services and each service must be stopped or started independently. Best practices for stopping and starting his services are as follow:
Stopping the services start at the bottom with the HTTP service first then move up to the Connection manager.
In starting the services perform the opposite start with the Connection manager and then move down to the HTTP service.
For the HTTP service you can scroll down under the service tab see if it's currently active.
For the Connection manager you can go to the general Tab and scroll down to see if it is active.
This makes up the general IBM Mobile Connect components and architectures required for supporting IBM Traveler servers and services. Again the goal of this document was just to provide a general overview of the moving components and general architecture configurations required or needed to deploy an IMC infrastructure. This document also provided a visual of full Traveler deployed architecture for your reference. The architecture includes all the required products and components needed to support in HA Traveler infrastructure and deployment. Feel free to reference or adopt as necessary to support or build your Traveler HA infrastructure.
The following links below also provide additional insight and step-by-step instructions for setting up an IBM Mobile Connect server for Traveler support or uses. Please note the following is based off of an older Mobile Connect version 6.1.4 but may add some value on the guidelines and insight to the configurations required for your deployment?
Setup IMC for Traveler servers.
IMC 6.1.5 Documentation
We hope this information helps you have a better understanding for how the IMC server and its components work and are require for a successful IMC and Traveler HA deployment.