After setting up your initial IBM
® Sametime environment, you may want to make additional changes to safeguard information at your site, including limiting user access to certain features, using encryption, and modifying default security settings.
This section contains information about securing your Sametime servers running on Domino
® and WebSphere
® Application Server.
For security, IBM recommends that you configure an HTTPS environment using SSL encryption
for all Sametime Meeting Server deployments.
Working with Sametime servers that are enabled for SSL
Communications between Sametime servers are encrypted when they are set up to run with the Secure Sockets Layer (SSL). The IBM
Sametime servers that run on IBM WebSphere
Application Server install with SSL enabled, but you can change the SSL certificates they use.
Setting up compliance for FIPS 140-2
® supports the U.S. government-defined security requirements for cryptographic modules known as FIPS 140-2 (Federal Information Processing Standard 140-2). If your Sametime
deployment must maintain FIPS 140-compliance for all data exchanged between clients and Sametime
Community Servers, you must install the FIPS Server on the Sametime
Proxy Server to accept data on behalf of Sametime
Setting up single sign-on (SSO) for Sametime clients
Configure servers for single sign-on (SSO) as a convenience to users running the Sametime
browser client. With SSO configured, users who log in once to any server in the DNS domain do not have to log in again when they access any other server running on Domino
Application Server. Enabling SSO between the servers also helps the Connect Client as well. If the community server is in the single sign-on domain, the component services can re-use the token from the Connect client to login to other services.
Configuring security for the Sametime Community Server
Sametime server uses the Internet and intranet security features of the Domino
server on which it is installed to authenticate web browser users who access Domino
databases on the server.