IBM DISA e-collaboration User's Manual
Contents
1. s See information about your computer system and change settings for hardware performance and automatic updates Page 5 of 51 Workstation Preparation amp New User Getting Started Guide 3 1 Additional client requirements for audio video 3 1 1 Sound card or chip A full duplex sound card is required to participate in interactive audio video meetings Sound cards and cameras that work with the Multimedia Services are listed below Ge Ze CrystalWare integrated Montego A3D Xstream SoundBlaster Live Value ALS120 Aureal Vortex A3D SQ1500 Aureal SB Audio PCI 64V ES1887 integrated Montego II A3D Montego II Quadzilla Rockwell WaveArtist SoundBlaster PCI 128 SoundBlaster PCI 512 SoundBlaster 32 AWE SIIG SoundWave Pro PCI Yamaha DS XG integrated Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze Ge Ze d 3 1 2 Microphone and speakers High quality microphones are recommended Avoid microphones with on and off switches unless they are of high quality A headset that contains a boom microphone performs best and is highly recommended If a desktop microphone is used a unidirectional dynamic microphone that uses batteries is preferred 3 1 3 Camera Web cameras are optional Users who do not have a camera can still participate in an audio video meeting These users see video images of other speakers display2. fdcc_admin Documents Pictures Music Search Recent Items Computer Network Connect To Control Panel Default Programs Help and Support mim Right click on the Command Prompt shortcut and select Run as administrator Page 39 of 51 Workstation Preparation amp New User Getting Started Guide Internet Mozilla Firefox Sr E mail al Windows Mail pen file location m al Welcome Center Je Bun as administrator Pin to Start Menu at ZK Windows Mobility Ce A id to Quick Launch ZS Windows Meeting Spa Restore previous versions Send To Copy g Windows Media Playe Remove from this list GH Windows Live Messen Rename Properties W Command Prompt Connect To Control Panel Default Programs gt All Programs Help and Support SSES am E Ce a If the command prompt is not listed under the Start Menu type cmd under Start Search box in the Start Menu Click Continue to use the Command Prompt as an Admin Page 40 of 51 Workstation Preparation amp New User Getting Started Guide User Account Co ntrol emm RI If you started this action continue Windows Command Processor Microsoft Windows User Account Control helps stop unauthorized changes to your computer Type in the command Ier gpupdate force and hit En Administrator Command Prompt icrosoft Windows Version 6 6 6600 Copyright lt c gt 2006 Micr
3. Once the FDCC SDC machine s Windows Vista OS has been restarted all group policy changes will have taken effect B 7 Add E CollabCenter to Trusted Sites in IE 7 Click on Start and type regedit in search and run regedit as admin Page 42 of 51 Workstation Preparation amp New User Getting Started Guide Programs ae regedit deg Run as administrator en fdec winxp xccdf Pin to Start Menu Add to Quick Launch Restore previous versions fdcc winxp oval Send To Cut Copy Delete Open file location Properties Network Connect To Control Panel Default Programs J9 See all results J9 Search the Internet Help and Support D Click on Continue User Account Control ei Windows needs your permission to continue If you started this action continue gt Registry Editor Microsoft Windows vai User Account Control helps stop unauthorized changes to your computer Page 43 of 51 Workstation Preparation amp New User Getting Started Guide Go to HKEY_Local_ Machine Software Policies Microsoft Windows Current Version Internet Settings Any of the following 3 items should be 0 Security_ HKLM_only Security_Options_Edit Security_Zones_Map_Edit B Registry Editor WEEP ERE yen Favorites Help Value name Security_options_edit Value data Ob Digital Locker J DriverSearching J EventLog Jo Explorer Jo GameUX dJ Group
4. Page 30 of 51 Workstation Preparation amp New User Getting Started Guide A 2 Additional Details on Microsoft s Binary and Script Behavior Internet Explorer defines interactive controls as Java or ActiveX components which provide user interfaces IBM Lotus Sametime does not use ActiveX controls but does use Java applets for chat rooms and web conferences That Microsoft decided to lump Java with it s well understood sandbox isolation and the unrestricted native code of ActiveX together is unfortunate and doesn t seem logical from a security perspective However Internet Explorer s default setting for Binary and Script Behavior is enabled in the Internet Security Zone so most commercial users of Sametime never see any problem with Java controls To use an interactive control on a web page the designer uses the APPLET EMBED or OBJECT elements to load the control Internet Explorer makes that control inactive and prevents keyboard or mouse window messages from reaching the control The control s user interface is blocked until the user activates it To activate an interactive control the user clicks it or uses the TAB key to set focus on it and then press the SPACEBAR or the ENTER key Internet Explorer can prevent activation of interactive controls through the security setting for Binary and Script Behavior When the value of this setting is DISABLE the user is prevented from activating the control On a typical web page the user
5. Appendix B highlights the administrative level adjustments needed to ensure that E CollabCenter works seamlessly with FDCC and SDC v2 0 4 There are no known issues once the changes in Appendix B are applied to FDCC and SDC v2 0 4 For more information about FDCC please visit http nvd nist gov fdcc index cfm For detailed instructions on the necessary adjustments needed to ensure that E CollabCenter functions optimally with FDCC and SDC 2 0 4 please click here to go to Appendix B 4 5 Details on the required Sun Java Runtime Environment JRE The E CollabCenter solution requires Sun Java JRE release 1 5 0 update 12 or later Links to compatible versions may be found in Section 1 of this document Some of the common effects of not having the correct JRE 1 Meeting hangs at testing connectivity and inability to enter a meeting 2 Ability to enter a meeting but only see a blue grey screen 3 Inability to screen share whiteboard no Audio Video etc If you check the meeting logs the native libraries for screen sharing audio video will not have been downloaded etc How to verify that your workstation has Sun Java JRE release 1 5 0 or later installed 1 Go to Start gt Settings gt Control Panel 2 If you have Sun Java installed you should see a Java tea cup 3 Click to open it and click on the About tab to check the version If your workstation does not have Sun Java build 1 5 0_12 or greater installed on the machine you c
6. 3 April 3 Jim Stroud Updated to include that session cookies must be 2007 enabled on the browser 1 4a April 4 Jim Stroud Updated to mention that Internet Explorer 2007 Binary and Script Behaviors must be enabled 1 5 April 5 Jim Stroud Added information on supported client Operating 2007 Systems clarified recommended JREs and provided more information on required ports Merged information from New User Getting Started Guide 1 6 April 9 Jim Stroud Many grammatical corrections Brief mention 2007 Doruk Akan that Java JRE 1 6 01 has undergone limited testing and appears to work fine with e collab Added screenshot for successful UDP connectivity and updated test meeting section of Appendix Added links that explain what the Binary and Script Behaviors in Internet Explorer is and explained that e collab does not use ActiveX 1 6a April 9 Jim Stroud Added ports needed by Sametime Connect 2007 thick client to support audio and video messaging 1 7a April 11 Jim Stroud Made document generic for enclaves classified 2007 and unclassified service removed old unclass IP addresses for the service 1 7b April 12 Jim Stroud Added additional information on binary and script 2007 behavior and added details on this in Appendix 1 7c April 13 Jim Stroud Added to include that Mozilla 1 7 13 works with 2007 e collab and provided Mozilla browser setting details Also clarified support for JRE 1 4 2 release Included abbreviated explanat
7. 7 5 1 release is Sun Microsystems Java JRE release 1 5 0 update 12 is preferred 4 4 FDCC amp SDC v2 0 4 Windows clients The Federal Desktop Core Configuration FDCC is an OMB mandated security configuration The FDCC currently exists for Microsoft Windows Vista and XP operating system software While not addressed specifically as the Federal Desktop Core Configuration the FDCC was originally called for in a March 22 2007 memorandum from OMB to all Federal agencies and department heads and a corresponding memorandum from OMB to all Federal agency and depart Chief Information Officers CIO The Windows Vista FDCC is based on DoD customization of the Microsoft Security Guides for both Windows Vista and Internet Explorer 7 0 Microsoft s Vista Security Guide was produced through a collaborative effort with DISA NSA and NIST for the Windows Vista platform The Window s XP FDCC 1 Thanks to Tom Condon of EUCOM condont eucom mil for helping with this IWS information Page 9 of 51 Workstation Preparation amp New User Getting Started Guide is based on Air Force customization of the Specialized Security Limited Functionality SSLF recommendations in NIST SP 800 68 and DoD customization of recommendations in Microsoft s Security Guide for Internet Explorer 7 0 The SDC is used by the USAF as a customized version of the FDCC There are known java issues when using E CollabCenter on a Vista FDCC XP FDCC and SDC 2 0 4 machine
8. Phone 800 447 2457 DSN 850 3136 OCONUS to CONUS DSN 312 850 3136 NIPR Emai NCESSupportTeam csd disa mil SIPR Email NCESColumbus NOCC disa smil mi Page 28 of 51 Workstation Preparation amp New User Getting Started Guide APPENDIX A A 1 Steps to Test your Audio Video Capabilities Prior to Entering a Web Conference performed within the E CollabCenter portal e Log into E CollabCenter and select the Web Conferencing tab e Click the Test Meeting link e For afew second the following Test Meeting window displays Preparing the Sametime meeting room Answer YES if you receive any security warnings or Sametime will not function properly HRHHDHHDDHDDHDDHDHDDRDDH Start up steps Show hide details 1 Checking for browser and system capabilities You are using a browser newer than what we tested Your browser is Microsoft Internet Explorer 7 0 which is newer than our recommended browsers Reconfiguring your desktop may be helpful When using Screen Sharing you may want to decrease your color depth to improve performance Your desktop is set to 1024 by 768 True Color 32 bit 2 Checking for installed meeting tools 3 Testing connectivity e Then if your workstation is configured properly to work with Sametime meetings a k a web conferences you will see the screen similar to the one below in an new browser window Page 29 of 51 Workstation Preparation amp New User Getting Started Guide v
9. Validation If you a this item part nt Mozilla will stay in memory when not in Advanced use allowing it to start up faster M Quick Launch Scripts amp Plug ins Keyboard Navi Cache Proxies HTTP Networking Software Insta Mouse Wheel System E 4 6 3 2 TLS Now verify that Mozilla has TLS Enabled Mozilla enables this by default 1 Launch Mozilla 2 Click on Edit Preferences Privacy and Security SSL 3 Verify that TLS is checked by default Mozilla 1 7 12 has TLS 1 enabled 4 If TLS 1 is not checked check it and then restart Mozilla Page 21 of 51 Workstation Preparation amp New User Getting Started Guide p Appearance Aj i El Navigator SSL Protocol Versions sl History E Enable SSL version 2 Edit Ciphers Helper deg Enable SSL version 3 Sit Brania Enable TLS Make sure TLS is enabled This is Internet Search F Tabbed Browsing f SSL Warnings Downloads Mozilla can alert you to the security status of the web page you are Eicsstioser viewing Set Mozilla to show a warning and ask permission before ElPrivacy amp Security 7 C Loading a page that supports encryption Cookies Loading a page that uses low grade encryption Images Leaving a page that supports encryption Popup Windows Sending form data from an unencrypted page to an unencrypted Forms page Passwords Viewing a page with an encrypted unencrypted mix Ma
10. disable this policy setting Java 27 Run NET Framework reliant components signed with Auth Not configured Locked Down Internet Zone applets cannot run UE Software channel permissions Not configured E Locked Down Intranet Zone If you do not configure this policy o e 7 Locked Down Local Machine Zone setting Java applets are disabled UE Run MET Framework reliant components not signed with A Not configured E Locked Down Restricted Sites Zone li Userdata persistence Not configured Locked Down Trusted Sites Zone lt f 7 1777 Allow script initiated windows without size or position cons Not configured E Restricted Sites Zone li Web sites in less privileged Web content zones can navigate Not configured RB insted StesZone Extended Standard UE Submit non encrypted form data Not configured Page 35 of 51 Workstation Preparation amp New User Getting Started Guide File Action View Help Ce diel ca PEED re E Local Computer Policy a Computer Configuration lt 1 E Software Settings E Windows Settings 4 7 Administrative Templates ge 2 E Control Panel E Network Printers E System 4 2 Windows Components 3 5 ActiveX Installer Service E Application Compatibility E AutoPlay Policies E Backup F BitLocker Drive Encryption E Credential User Interface E Desktop Window Manager E Digital Locker E Event Log Service F Event Viewer 1 Game Explorer E Import Video 4 7 Internet Explore
11. e collaboration center system are Minimum CPU Pentium IV 1 5 GHz or higher RAM 512MB or more Instructions to Verify CPU Speed amp Memory RAM Size in Windows XP 1 Go to Start gt Settings gt Control Panel 2 Double click System to view the CPU Speed and Memory RAM size 3 See below screenshot for more information B P Search E Folders c System Properties ddress gt Control Panel System Restore Automatic Updates Name General Computer Name Hardware DP internet Options i F keyboard System G gt Switch to Category View oP mail Microsoft Windows XP J Mouse Professional Network Connections E Version 2002 See Also T Network Setup Wizard be Service Pack 2 p Windows Update s Phone and Modem Optid zs Registered to Help and Support 2 Power Options ee S2Sprinters and Faxes IBM_USER Regional and Language IBM Scanners and Cameras 76487 640 7989441 23804 9 Scheduled Tasks WI Security Center S Silicon Image S on Manufactured and supported by Ae Cherk toca E alana f ows XP version 2 06 Sounds and gfGdio Devid DAR ege eg S p a g M X SSS FS Snd Start Menu ThinkPad Configuration A TrackPoint Accessibility 8 User Accounts Sr Windows Firewall L oe IL Goes Wireless Link congore imirareo nie tanster mage anster ana naroware serang i Wireless Network Setup Wizard Setup or add to a wireless network for your home or office
12. ensuring optimal readiness before logging in to E CollabCenter Once logged in you will find a selection of training courses to take you from beginner to advanced proficiency in all collaborative service functions Now that you have IBM Lotus Sametime 7 5 1 FIPS you can use your computer to communicate with your colleagues and conduct online meetings Meetings can be broadcast the audience only watches and listens or interactive participants work together using tools like screen and microphone sharing Before you use Sametime there are steps you should take to ensure that your work station meets the minimal software and hardware requirements and is optimally configured for Sametime The purpose of this guide is to take you through those steps For any issues which may go beyond the steps in this guide please contact the DISA Help Desk DISA Help Desk Commercial Phone 800 447 2457 DSN 850 3136 OCONUS to CONUS DSN 312 850 3136 NIPR Emai NCESSupportTeam csd disa mil SIPR Email NCESColumbus NOCC disa smil mi l Page 4 of 51 Workstation Preparation amp New User Getting Started Guide 3 Workstation Hardware requirements See pages 16 amp 17 in the Sametime 7 5 Critical Fix 1 CF1 release notes on NIPRNet http www elink ibmlink ibm com publications servlet pbi wss C TY CA amp FNC SRX amp PBL G325258501 The workstation also known as client system requirements for operation with the
13. may see this as a broken function or may not see the capability at all Unfortunately in the case where the component is in fact an application scripted into a web page IE s behavior is to simply fail and display a nondescript catchall Error loading page message This is the behavior that users see when attempting to enter a Sametime meeting In IBM Lotus Sametime Web Conferencing the Meeting Room is a Java applet The webpage to join a meeting contains JavaScript which configures the meeting room applet and allows participants to join and use the various meeting functions group chat attendance list document and screen sharing polling etc The script displays the Preparing the Sametime meeting room and executes the Meeting Room applet but never passes the Checking for Java test Users report this as Sametime stops when trying to join a meeting because the don t see the IE error message or if they see the message may try several times getting the same result and eventually assume there is something wrong with the application Individual webpages and websites listed as Trusted Sites are not affected by the setting of Binary and Script Behavior Also see http en wikipedia org wiki Eolas APPENDIX B FDCC amp SDC v2 0 4 Configuration Login to the FDCC SDC machine as an Admin B 1 Install the latest Sun JRE Currently the latest version of Sun JRE is 1 6 0 5 613 and that s what we used in our test Sun JRE can be down
14. must also enable TLS 1 0 in the Sun Java Control Panel in addition to enabling TLS 1 0 in the browser itself 1 Internet Explorer IE 7 2 Firefox 2 0 0 x 3 Firefox 1 5 0 x 4 Internet Explorer 6 SP2 5 Mozilla 1 7 12 Due to the fact that Internet Explorer 6 SP1 is outdated and has so many security vulnerabilities it is not supported with E CollabCenter Internet Explorer 6 SP2 came out in August 2004 Opera browsers will not work with E CollabCenter because Opera does not support iFrames Netscape browsers are not supported Page 13 of 51 Workstation Preparation amp New User Getting Started Guide Internet Explorer 4 6 1 1 Cookies You must have enabled cookies for either the www e collabcenter com NIPRNet or the www e collabcenter nces dod smil mil SIPRNet or if you are using an enclave have cookies enabled for the URL to that enclave site The following Microsoft article found on NIPRNet describes cookies and how to configure them in Internet Explorer http support microsoft com kb 283185 The default IE privacy settings medium will allow session cookies for E CollabCenter com Below is a screenshot of this setting which is found under Tools Internet Options Privacy l Internet Options EN General Security Privacy Content Connections Programs Advanced Settings g Select a setting for the Internet lt ka tT setting in IE that d 4 allows session cookies Medium for the e coll
15. the Table of Contents Fixed the version seen in the footer on the title page and the page numbering in table of contents Page numbers are no long restarting from 1 for Appendices instead they continue onwards from previous section Minor adjustment to the title on page 2 End of Document Page 50 of 51
16. 0 through 20 833 to be opened to the Sametime servers These 4 ports have not been approved by the government please do NOT open these 4 ports to the Sametime servers We are only listing them below so administrators are aware of this Since these ports are not opened to the Sametime servers the audio and video call features are disabled in the thick client so the end user will not see the icons on the thick client that would otherwise allow audio and video calls Port 20830 UDP RTP used for Audio by Sametime thick client Port 20831 UDP RTCP used for Audio by Sametime thick client Port 20832 UDP RTP used for Video by Sametime thick client Port 20833 UDP RTOP used for Video by Sametime thick client The old NIPRNET IP address range was 216 12 138 1 through 216 12 138 127 and was changed in April 2007 3 These 4 ports are not mentioned in the https Awww itfgno mil operations messages 2006 index htm web site as they are new to Sametime 7 5 1 FIPS Connect client a k a thick client The ports have not been approved by the JTF GNO and should not be opened They are listed merely as a reference Page 23 of 51 Workstation Preparation amp New User Getting Started Guide For an end user to determine if their workstation can communicate to the collaboration service over UDP have the user attend a meeting or go to the Support Tab and click on the Attend a Test Meeting Then click View Meeting Room Status Log
17. 1 5 Use SSL 3 0 Certificates When a web site requires a certificate Select one automatically Ask me every time Page 19 of 51 Workstation Preparation amp New User Getting Started Guide Options E be Ce ei GG Main Tabs Content Feeds General Network Update Encryption For Firefox 2 0 make sure the TLS 1 0 is checked this is the r Protocols ult option Use TLS 1 0 Privacy Security Advanced Use SSL 3 0 r Certificates When a web site requires a certificate Select one automatically Ask me every time eege Desst in Page 20 of 51 Workstation Preparation amp New User Getting Started Guide 4 6 3 Mozilla 4 6 3 1 Sun Java To verify if the Mozilla browser is configured to use Sun Java do the following 1 Launch Mozilla then select 2 Edit Preferences Advanced 3 Then make sure Enable Java is checked If not checked check it and click OK 4 Close down and restart Mozilla The default for Mozilla is to have Java Enabled Preferences Advanced Composer Al Privacy amp Security M Features that help interpret web pages Cookies Enable Java n Ensure that Java is Enabled C Send this email address as anonymous FTP password Images Popup Windows Forms Passwords Master Passwo SSL Certificates C Keep Mozilla in memory to improve startup performance
18. DISA e collaboration Workstation Preparation amp New User Getting Started Guide ENS Version 1 8a Copyright IBM Corporation 2008 Workstation Preparation amp New User Getting Started Guide Table of Contents 1 QUICK START TO CONFIGURE YOUR WORKSTATION FOR E COLLABCENTER 2 2 INTRODUCTION amp OVERVIEW 0 cccccsseeeeeeeeeseeescaeeeseeeeeeeeeesaesenaaeenseeeeeeeeesaaesaseeeeneeeseseaesaaeeeenseeeeeas 4 3 WORKSTATION HARDWARE REQUIREMENTS csccssscseeeeenseeeeeeeeeseaeseseeeenseeeeseesesnaesesneeenseees 5 3 1 ADDITIONAL CLIENT REQUIREMENTS FOR AUDIO VIDEO 0000c0seeeeeeeeeeeseeeseeesseseeeeeseseeeeeseseseeeeeseeeeens 6 3 1 3 emt egen Biase eine Raa eet Eege eg Eege Sege 6 3 2 VERIFYING THE SYSTEM AUDIO AND MICROPHONE ARE ENABLED ssssssnnnnnnssssininnnnnssesirnnnnsnssrrnnnnnnene 7 3 2 1 Steps To Verify Correct Device and Volume Controls Selections for Windows EP 7 3 2 2 Steps to Verify Selection of the Appropriate Sound Playback and Recording Deutce 7 4 CLIENT SOFTWARE REQUIREMENTS cccssccssseeeeeeeeeeeeeesneeeesneeeneeeeneaesesnaesaseaeeeeeeesnaesaseneeeeeeeeas 9 dt SIWSICONELICT nina e a a iin Aide tulad Eed AER dade bal 9 4 2 LINUX CLIENTS atiii i ee aE E A E A i a a d i aaia eE DEEE 9 4 3 WINDOWS CLIENT Siri iupiri a ain eae a ae a a ee a EEA 9 4 4 FDCC amp SDC v2 0 4 WINDOWS CLIENT 9 4 5 DETAILS ON THE REQUIRED SUN JAVA RUNTIME ENVIRONMENT JRE ccccccscscsssscseseseee
19. Policy A HandwritingErrorReports d Installer 1 Internet Connection Wizard IPSec J LLTD di Network Connections 1 Registration Wizard Control b safer tere Name Type Data ab Default REG_SZ S CertificateRevoc REG_DWORD DI PreventIgnoreC REG_DWORD DO ProxySettingsPe REG DWORD is Security HKLM_ REG_DWORD Kl Security_options REG_LDWORD 3 Security_zones_ REG_DWORD value not set 0x00000001 1 0x00000001 1 0x00000001 1 Double Click on each and change the value to 0 and click OK omputer HKEY_LOCAL_MACHINE SOFTWARE Policies Microsoft Windows CurrentVersion Internet Settings Note that once you are done with this appendix you will want to come back and change these settings to their original values Typically a restart will also cause these values to revert as well Page 44 of 51 Workstation Preparation amp New User Getting Started Guide Now run Internet Explorer 7 as admin and click on Tools then Internet Options e Default Programs e Internet Explorer Windows Ci B Windows Ci kl Windows Di B Windows Lil e Windows M D Windows M Windows M E Windows M iE Windows PI El Windows Uj A Accessories A Extras and U A Dames A IBM Lotus S di Maintenana A Startup e Run as administrator i Open file location Pin to Start Menu Add to Quick Launch Restore previous versions Send To Cut Copy Delete Rename Properties C
20. STED SITES IN IE Z A 42 DOCUMENT INFORMATION AND REVISION HISTORY csccccesceseeeeeeeeeeeeeeeseaeseneeeenseeseseaesaneeeenseeeneas 49 Page 1 of 51 Workstation Preparation amp New User Getting Started Guide 1 Quick Start To Configure Your Workstation for E CollabCenter NOTICE Our Unclassified was upgraded in August 2007 to be compliant with FIPS 140 2 The upgrade requires Sun Java release 1 5 0 update 12 If you are using the SameTime Thick Client a compatible version is now available for download on our website version ST 7 5 1 FIPS 1 The E CollabCenter solution requires Sun Java JRE release 1 5 0 update 12 or later Compatible versions of Java may be found below JRE 1 5 0 Update 12 NIPRNet http java sun com javase downloads index_jdk5 jsp SIPRNet https patches csd disa smil mil metadata jsp ID 76827 JRE 1 6 0 Update 3 Latest version as of 20 February 2008 NIPRNet http Awww java com en download SIPRNet hittps patches csd disa smil mil metadata jsp ID 77506 2 For details on how to check your version see section 4 5 Details on the required Sun Java Runtime Environment JRE 3 Cookies must be enabled this is an Internet Explorer IE default setting In IE go to Tools gt Internet Options gt Privacy and select Medium 4 Sun Java must be enabled in the browser and Microsoft VM disabled here is how to check a Launch Internet Explorer b Click on Tools gt Internet Options c C
21. ab service Blocks third party cookies that do not have a compact privacy policy Blocks third party cookies that save information that can Lal be used to contact you without your explicit consent Restricts first party cookies that save information that can be used to contact you without your implicit consent Pop up Blocker Prevent most pop up windows from appearing C Turn on Pop up Blocker Page 14 of 51 Workstation Preparation amp New 4 6 1 2 Sun Java User Getting Started Guide To verify if the Internet Explorer browser is configured to use Sun Java d Ze Usually IE Internet Explorer uses Microsoft s Virtual Machine by default To change this from an IE browser click on Tools gt Internet Options Click on the Advanced tab and verify that the Java Sun is checked Make sure that all the options under Microsoft VM are unchecked restart the browser Internet Options General Security Privacy Content Connections Programs Advanced If the SUN Java option is not checked it means that the browser is not using it Click on OK on the options window for any changes to take effect and close and LR Settings Send IDN server names C Send IDN server names for Intranet addresses Send UTF 8 URLs Show Information Bar for encoded addresses C Use UTF 8 for mailto links amp Java Sun Use JRE TY5 0_11 for lt applet gt requires re
22. an acquire it using one of the following URLs Please note that you must have local administrative privileges to install Java If you do not have local administrative privileges please contact your local Help Desk Page 10 of 51 Workstation Preparation amp New User Getting Started Guide JRE 1 5 0 Update 12 NIPRNet http java sun com javase downloads index_jdk5 jsp SIPRNet https patches csd disa smil mil metadata jsp ID 76827 JRE 1 6 0 Update 3 Latest version as of 20 February 2008 NIPRNet http www java com en download SIPRNet https patches csd disa smil mil metadata jsp ID 77506 Page 11 of 51 Workstation Preparation amp New User Getting Started Guide 4 5 1 Enable TLS 1 0 in Java JRE 1 5 0 and later TLS 1 0 must be enabled in the Sun Java Control Panel There are two ways to do this 1 Via Java tea cup icon To do this right click on the Java icon Tea cup and select Open Control Panel This is the Sun Java tea cup icon This is present once you launch and log into www e collabcenter com ae mA z Click on the Advanced Tab Check the Use TLS 1 0 box and hit apply By default Sun Java JRE 1 5 0 does not have TLS 1 0 enabled so these steps are necessary before using Sametime 7 5 Sun JRE 1 6 does have TLS 1 0 enabled by default though Java Control Panel m P General Update Java Security Advanced Settings Debugging Java console lt APPLET
23. both meeting rooms and alerts in chat rooms to function To accomplish this within Internet Explorer see the screenshots below Launch Internet Explorer then select Tools Internet Options from the IE menu then click on the Security tab then click the Internet zone then click on Cu DOP Ol Be Qe Click OK Security Settings Internet Zone bar stom Level go under the ActiveX controls and plugins section ensure the Binary and Script behaviors radio button is enabled g Settings 9 ActiveX controls and plug ins 9 Allow previously unused ActiveX controls to run without pron Disable Enable 9 Allow Scriptiets Disable Enable Prompt Automatic prompting for ActiveX controls Disable Enable Binary and script behaviors Z7 widen and animstinn on mahnana that dase nnt rice Le iw iw Takes effect after you restart Internet Explorer Reset custom settings Reset to Medium high default v Lea Dette The NIPRNet links below explain the binary and script behaviors setting in more detail h e ttp www microsoft com technet prodtechnol winx ro maintain sp2brows mspx EXOAC http technet2 microsoft com WindowsServer en library 291a929b ea1 8 47da be87 9e566698fbc51033 mspx mfr true h ttp msdn microsoft com msdnmag issues 01 01 cuttin f Page 17 of 51 Workstation Preparation amp New User G
24. cecsesesseeesenes 10 4 5 1 Enable TLS 1 0 in Java JRE 1 5 0 and Joter 12 4 6 SUPPORTED BROWSERS AND REQUIRED BROWSER GETTINGS 13 4 6 2 PATOL E 18 4 6 3 Mozilla 253 oth Sits E eee eA RN eee ea Re ae eae a N 21 5 FILE UPLOAD SIZE LIMITATIONS scccceeeseseeseeeeesneeeeeeeeseaesasaneeeeeeeesaesaseeeeneeeeseeesesnaesaseeeeeeneess 22 6 NETWORK REQUIREMENT G ccccccsseceseeeeeeeeeeeeeeeeseeeenseeeescaesaseaeenseeeeeesascaesasneeenseeeseaeseseneeenenaes 23 7 TROUBLE SIONS ee EE ed ENEE 25 8 ADDITIONAL SUPPORT 1 ees SEENEN EENS deeg 27 APPENDIX Areon an a E A a E EE 29 A 1 STEPS TO TEST YOUR AUDIO VIDEO CAPABILITIES PRIOR TO ENTERING A WEB CONFERENCE PERFORMED WITHIN THE E COLLABCENTER PORTAL 29 A 2 ADDITIONAL DETAILS ON MICROSOFT S BINARY AND SCRIPT BEuAVIOn 31 APPENDIX B FDCC amp SDC V2 0 4 CONFIGURATION 0 ccccsseceseeeeeseeeeeeeeeseaeseseeeenseeesseeseneeeenseeeeeaees 31 Bl INSTALL THE LATEST SUN URE exec itae ati aen eeh e thet ese 31 B 2 MAKE SURE EQUIFAX IS A TRUSTED CERTIFICATE AUTHORITY sssssnnnnsnsseseniinnsnnseirnrnnnnnsersrrnrnnnnsenne 31 B 3 RUN THE GROUP POLICY EDITOR AS AN ADMIN 32 DA EDIT INTERNET EXPLORER S JAVA SECURITY SETTINGS nenene nsns nensnsnsnrns nn nnnnn narn nn nananana nnna na 35 B 5 CHANGE JAVA PERMISSIONS E 36 B 6 UPDATE GROUP POLICY AS AN ADMIN ccccccceceesseaeceeceececseseeaeceseccesceeseaaeseseeseecseseaaeseceeseeeseaaaeseeeesenes 38 B 7 ADD E COLLABCENTER TO TRU
25. d for web conferences a k a meetings Port 8008 TCP fallback port if port 1533 is blocked amp traffic is tunnelled in http though Port 8084 TCP fallback for audio and video in meetings if Dynamic UDP ports are blocked Port 8080 TCP used launch a web conference from browser Instant Messaging session Dynamic Ephemeral Destination Ports Ports 49 252 through 65 535 UDP Bi directional firewall rules are needed for UDP this means that connections must be allowed that are initiated by the source workstations to the destination IBM servers and also connections initiated from the destination IBM servers to the source workstations e The Dynamic ports are used for interactive audio and video using the Real Time application streaming protocol standard RTP RFC1889 over UDP and are selected randomly If the selected UDP ports are blocked the service will fall back to TCP over Port 8084 This may result in higher delay and lower quality with dropped audio syllables on occasion under certain network conditions These ports are listed in the locations found below o NIPR hittps www jtfgno mil operations messages 2006 index htm o SIPR http www jtfgno smil mil site documents CTO2007 CTO_07 011 NCES Collab Ports rtf In addition to the ports above the Sametime 7 5 1 FIPS Connect client also known as the thick client has the capability to make desktop to desktop audio and video calls This capability requires 4 ports 20 83
26. e dr G Test IBM Lotus Sametime Meeting Room Z dh i Page gt File Edit View Actions Tools Help Stop Presenting Sa Set Permissions Meeting Information Participants 1 Video Chair Buddy Test15 8 6 4 8 Show All Participan v G8 B Buddy Test15 Test Meeting Apr 9 2007 8 03 34 PM Chair None You have all permissions 0 hands raised 9 E am available v Sample meeting room to test your environment for online meetings If you can see this message then your environment is correctly set up for Sametime meetings 5 Click File Leave Meeting to leave the test and close this window Please Note The following support options are available once you have logged into E CollabCenter e IBM E CollabCenter Training o Log into the portal at https www e collabcenter com then click on the Help and Training tab How Do e Provides a set of step by step written guides for basic E CollabCenter functions Tutorials e Provides a set of step by step video tutorials for basic E CollabCenter functions Training Calendar e Lists available and upcoming training courses e NCES Help Desk Support o Log into the portal at https www e collabcenter com then click on the Chat Rooms tab Scroll down the list and click on the E CollabCenter Help Desk chat room then click on the Enter Place s button at the bottom of the window to enter the Help Desk Chat Room
27. ed Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Not configured Extended A Standard F By default under FDCC java permissions is set to disable java This setting disables the use of any java based application on the machine as in Sun JRE and not just Microsoft JVM This Internet Explorer security setting is discussed in detail on FDCC site at enabled but the permission level is set to http blogs technet com fdcc archive 2008 01 31 internet explorer security setting java permissions disable java aspx In our test we were able to use Sametime services on E CollabCenter portal under the following different conditions 1 Java Permissions set to Disabled 2 Java Permissions set to Enabled High 3 Java Permissions set to Enabled Medium 4 Java Permissions set to Enabled Low 5 Refer to the screenshots below on how to change Java Permissions By default the option is set to Enabled and Java permissions set to Disable Java as seen below Page 36 of 51 Workstation Preparation amp New User Getting Started Guide tat Java permissions Not Configured E Enabled lt Sup
28. elow please contact the NCES Help Desk Internet Explorer 1 Control Panel gt Internet Options gt General tab Delete Cookies Delete Files delete all offline content make sure its checked Clear History Firefox 1 Open Firefox gt Tools gt Options gt Privacy Section History tab gt Clear Browsing History Now Download History tab gt Clear Download History Now Cookies tab gt Clear Cookies Now Cache tab gt Clear Cache now or Open Firefox gt Tools gt Clear Private Data After performing these steps close your browser window and open another browser session to allow the changes to take effect After you have completed this step clear the Java temporary files To do this right click on the Java icon Tea cup and select Open Control Panel Page 25 of 51 Workstation Preparation amp New User Getting Started Guide This is the Sun Java tea cup icon This is present once you launch and log into www e collabcenter com Qe iS 1 Control Panel gt Java gt General tab gt Delete Files amp Java Control Panel Bow View version information about Java Control Panel M Network Settings Network settings are used when making Internet connections By default Java will use the network settings in your web browser Only advanced users should modify these settings Network Settings M Temporary Internet Files Files you use in Java application
29. etting Started Guide 4 6 2 Firefox 4 6 2 1 Sun Java To verify if the Firefox browser is configured to use Sun Java do the following 1 Launch Firefox then select 2 Tools Options 3 Then make sure Enable Java is checked If not checked check it and click OK 4 Close down and restart Firefox The default for Firefox is to have Java Enabled H GW Co e 2 General Privacy Content Tabs Downloads Advanced Block Popup Windows Allowed Sites Warn me when web sites try to install extensions or themes Z Load mages C for the originating web site only Enable Java Enable JavaScript Fonts amp Colors Default Font Times New Roman v Size 16 Advanced Colors 4 6 2 2 TLS 1 0 Now verify that Firefox has TLS 1 0 Enabled Firefox enables this by default 1 Launch Firefox 2 Click on Tools gt Options 3 Click on the Advanced icon then click the Security tab Firefox 1 5 or the Encryption tab in Firefox 2 0 and verify that TLS 1 0 is checked by default Firefox 1 5 0 x and 2 0 0 x both have TLS 1 0 enabled 4 If TLS 1 0 is not checked check it and then restart Firefox Below are screenshots that show these steps for Firefox 1 5 and 2 0 respectively Page 18 of 51 Workstation Preparation amp New User Getting Started Guide SC Se General Privacy Content Tabs Downloads Advanced For Firefox 1 5 ensure that TLS 1 0 is checked which is the default Protocols for Firefox
30. ff controls on the headset or cable e Verify mute button is Off o Push the mute or on off button securely to the sound On position o Test speaking into your headset microphone o Verify all volume levels are on high o Verify enablement of all playback and recording devices see steps below You can adjust volume levels before entering the E CollabCenter through your internal operating system controls 3 2 1 Steps To Verify Correct Device and Volume Controls Selections for Windows XP Open the Windows Control Panel by Clicking the Start button Highlight Settings Click on Control Panel Double click on Sounds and Audio Devices Click the Audio tab The Sounds and Audio Devices Properties window displays EE E keng 3 2 2 Steps to Verify Selection of Wie Appropriate Sound Playback and Recording Device Perform the following steps for Sound playback and Sound recording ebe Seet udio Voice Hardware Sound playback D Default device 2y Bonde and Audio Devices Properties 1 Select the Audio tab SigmaTel Audio x 2 Click the Volume button under the CO M t Sound Playback section e Follow steps on page 20 ae Default device 3 Click the Volume button under SigmaT ol Audio Sound recording e Follow steps on page 20 MIDI music playback Default device ao Microsoft GS Wavetable SW Synth C Use only default devices Page 7 of 51 Workstation Preparation amp New User Getting Started Guide e Whe
31. from the top menu File Edit View Actions Tools Help Click to P Fit to Screen Maximize Participat Default Layout Chair at Participant List 3 Led Sidebar Tabs gt video gt art up Messages L Meeting Room Status Log y Mes vi Remaining Meeting Time In the browser window that is opened if something is blocking UDP you will see the following UDP stream for Video RTP failed Meeting Room Status Log UDP stream started UDP stream started UDP stream started UDP stream failed g UDP stream failed rhis shows that udp ports are being blocked TCP connection started i connection option vl If UDP is successful you will see UDP stream for Audio RTP succeeded Here is a screenshot of the browser window that a successful UDP connection Page 24 of 51 Workstation Preparation amp New User Getting Started Guide Meeting Room Status Log lt Screen Sharing library loaded lal UDP stream started dei UDP stream succeeded a This shows that UDP Ports are open FESCH rom your workstation to UDP stream started the e collab servers UDP stream succeeded UDP stream succeeded 7 Trouble Shooting If you are having problems accessing the service and you have verified you have the proper Sun JRE and you browser settings are correct please perform the following steps If you encounter a problem that you cannot correct using the steps b
32. gt tag support Shortcut Creation JNLP File MIME Association Security Allow user to grant permissions to signed content Allow user to grant permissions to content from an untrusted authority Use certificates and keys in browser keystore Tel Use personal certificate automatically if only one matches server request Warn if site certificate does not match hostname Show sandbox warning banner Allow user to accept JNLP security requests Lol Use SSL 2 0 compatible ClientHello format Use SSL 3 0 Em E TLS 1 0 must be checked here in wiere the Java Console as well as in the browser This option only appears in Sun JRE 1 5 0_xx and is not present in Sun JRE 1 4 2_xx Page 12 of 51 Workstation Preparation amp New User Getting Started Guide 2 Via Control Panel 1 Click on Start Highlight Settings Click on Control Panel Double click on Java Select the Advanced tab Oo Hi Ze ba P Click the sign at left of Security to expand o Once expanded the changes to Select Check Use TLS 1 0 See screenshot above 8 Click the Apply button 9 Click the OK button N 4 6 Supported Browsers and Required Browser Settings In all desktop configurations the browser must be configured to allow session cookies and allow pop ups from E CollabCenier site The list below shows the supported browsers all must be configured to use Sun Java and have TLS 1 0 enabled For Firefox and Mozilla browsers you
33. hing applications and files in an IFRAME Not configured E Event Viewer 5 Logon options Not configured li Open files based on content not file extension Not configured Java permissions Setting State UE Access data sources across domains Not configured E Game Explorer Medium Safety enables applets to run E Import Video in their sandbox an area in memory outside of which the program cannot UE Navigate sub frames across different domains Not configured 4 GB Internet Explorer 4 make calls plus capabilities like LE Do not prompt for client certificate selection when no certifi Not configured Application C tibili i 5 6 3 EI Application Compatibility scratch space a safe and secure li Automatic prompting for ActiveX controls Not configured E Corporate Settings storage area on the client computer SS t 2 a E Internet Control Panel 5 aidera fle UG Automatic prompting for file downloads Not configured E Advanced Page d l Run ActiveX controls and plugins Not configured i High Safety enables applets to runin 27 Script ActiveX controls marked safe for scripting Not configured 4 7 Security Page ben d 3 E Internet Zone G their sandbox Disable Java to prevent Initialize and script ActiveX controls not marked as safe Not configured any applets from running eai a gt crnpting of Java a S jot configuri E Intranet Zone l Scripting of Java applet Not configured E Local Machine Zone If you
34. in the Sametime Meeting Room client When a user without a camera speaks others see the IBM Lotus Sametime logo display in place of a video image in the Meeting Room client e Choose a web camera that does NOT utilize or combine a microphone and or speaker e On Windows machines the camera must support Microsoft Video for Windows e High quality USB or PCMCIA PC cameras e Do not use parallel port cameras Examples of Successfully Tested Web Cams Choose items that are simple to use and easy to install Please note that these are NIPRNet URLs e Video o Logitech Quickcam Chat http www logitech com index cfm products details US EN CRID 2204 CONTEN TID 11635 o Microsoft LifeCam VX 3000 o Creative Webcam N10225 for notebooks e Audio o Logitech USB Headset 250 http www logitech com index cfm products details US EN CRID 103 CONTENT ID 10012 o Logitech Premium Stereo Headset 3 1 4 Video capturing software Video for Windows Page 6 of 51 Workstation Preparation amp New User Getting Started Guide 3 2 Verifying the System Audio and Microphone are Enabled It is important that your local operating system has all sound devices enabled and volume levels configured properly prior to entering the E CollabCenter portal e Verify all sound peripherals headsets speakers microphones etc are securely plugged in o Verify external mute button on the headset or microphone is off Some headsets have volume and or mute on o
35. ion of ports Clarified support on IE 6 as IE 6 SP2 Also mentioned that some version of Netscape 7 2 8 0 2 8 0 0 3 amp 8 0 4 may work with e collab but are not supported 1 7d May 11 Jim Stroud Added 1 page Quick Start Guide in front of doc 1 7e May 17 Jim Stroud Explained that network admins should not allow 4 ports related to the thick client Also clarified JRE versions 1 7f June 11 Jim Stroud Added how to get IWS to work with e collab 1 7g July 13 Ames Trebing Updated with client requirements for FIPS Ron Sticinski compliance Page 49 of 51 Workstation Preparation amp New User Getting Started Guide 1 7h July 17 Neil Starkey Misc corrections 2007 1 7i July 25 Ames Trebing Added notice for network changes to network 2007 James Stroud systems firewalls packet forwarding and filtering devices Added TLS java setting to summary Added info that on the conflict with IWS due to JREs 1 7 February James Stroud Corrected Firewall Port Info removing several 8 2008 UDP port requirements 1 7k February Jennifer Sackett Updated JRE versions Help Desk contact 16 2008 information and training and Help Desk navigation info in Appendix A 1 8a May 28 Mostafa Added FDDC amp SDC procedures Section 4 4 2008 Sekandari and Appendix B were created Section 4 2 was Yasir Saleem also updated to reflect compatibility with Ubuntu 8 01 and CentOS 5 1 Moved revision history to the end of the document and can now be seen in
36. isplay correctly Click here for options Welcome Mostafai Sekandarii My Profile Statistics Admin Logout Information sharing can be the most powerful weapon DISA NCES Collaboration amp Sametime Contact List People Options W E 23 work E Z NCES Public TUNN Error Java not enabled edit delete To continue you must enable Java in yqur browser IBM Lotus Sametime uses Java when running online meetings Sametime Connect Client Hotfix New Item For information about setting up your br wser click here to view the Sametime help Error Cookies not enabled To continue you must enable cookies ig your browser IBM Lotus Sametime uses cookies To store information about your session E Frequently Asked For information about setting up your browser click here to view the Sametime help Questions Q General edit delete Q Network edit delete New Item 8 Additional Support Page 27 of 51 Workstation Preparation amp New User Getting Started Guide This document is a user workstation requirements document designed to provide general software hardware and configuration requirements for workstations for the e collaboration solution that is based upon Sametime 7 5 1 FIPS For more detailed information and support regarding e collaboration products and services refer to the on line guide or contact the DISA Help Desk via phone or e mail DISA Help Desk Commercial
37. lick on the Advanced tab and verify that the Java Sun is checked Also make sure that all the options under Microsoft VM are unchecked d Ifthe SUN Java option is not checked it means that the browser is not using it e Click on OK on the options window for any changes to take effect and close and restart the browser 5 TLS 1 0 must be enabled in your Browser otherwise you will not be able to view the login page a Launch Internet Explorer for Firefox users this is enabled by default b Click on Tools gt Internet Options c Click on the Advanced tab and verify that TLS 1 0 is checked by default IE 6 has TLS 1 0 not enabled while IE 7 does d If TLS 1 0 is not checked check it and then restart IE 6 TLS 1 0 must be enabled in Java Follow the steps below a From Windows click on Start b Highlight Settings c Click on Control Panel d Double click on Java e Select the Advanced tab f Click the sign at left of Security to expand a Once expanded the changes to i Select Check Use TLS 1 0 ii Click the Apply button iii Click the OK button 7 Binary and script behavior must be enabled in IE does not apply to Firefox users a Launch Internet Explorer b Select Tools Internet Options from the IE menu bar c then click on the Security tab Page 2 of 51 Workstation Preparation amp New User Getting Started Guide then click the Internet zone then click on Custom Level go unde
38. loaded from www sun com B 2 Make sure Equifax is a trusted Certificate Authority Equifax must be listed under Internet Explorer s Trusted CA Note This is only necessary with FDCC and NOT SDC v2 0 4 Page 31 of 51 Workstation Preparation amp New User Getting Started Guide B 3 Run the Group Policy Editor as an Admin Go to the Start menu _ Internet Mozilla Firefox py E mail Windows Mail ud Welcome Center Tab w e Se Windows Mobility Center E Windows Meeting Space ay Windows Photo Gallery Windows Media Player CH Windows Live Messenger Download giel Command Prompt All Programs i T t mal Type in gpedit msc as seen below fdcc_admin Documents Pictures Music Search Recent Items Computer Network Connect To Control Panel Default Programs Help and Support ele Wi Page 32 of 51 Workstation Preparation amp New User Getting Started Guide Programs fil gpedit gt See all results 32 Search the Internet fdec_admin Documents Pictures Music Search Recent Items Computer Network Connect To Control Panel Default Programs Help and Support Settee gn o ee Right click on the gpedit program as seen below and select Run as administrator Page 33 of 51 Workstation Preparation amp New User Getting Started Guide Programs Run as administrator Open With Pin to Start Menu Add to Quick Launch Restore previo
39. n the Volume Control window displays 4 Verify the following settings e Volume levels are high e All Mute boxes are unchecked DI Volume Control m m Options Help Volume Control Wave SW Synth CD Player Line In Balance Balance Balance Balance Balance L t e 2 F F Cite h l et BEI Steet Volume Volume Volume Volume Volume i Gei C3 i L Mute all SoundMAX Digital Audio 5 When the recording playback window displays e Adjust all volume levels to a high level e Check the Select button for Microphone o CD Player and Line In are user personal preferences for which E CollabCenter has no requirement DI Recording Control Options Help Microphone Balance p C Select V Select SoundMAX Digital Audio Page 8 of 51 Workstation Preparation amp New User Getting Started Guide 4 Client Software requirements This section describes the software requirements for the workstation that is accessing the e collabcenter com web site The workstation is sometimes referred to as a client machine Ensuring that your workstation meets these software requirements will enable it to work optimally the E CollabCenter environment 4 1 IWS Conflict Previously Sametime and IWS could both use JRE 1 4 2_14 However in order for Sametime to support FIPS 140 2 encryption E CollabCenter which is based on Sametime technology requires Java JRE 1 5 Update 12 or greater IWS 3 0 does not s
40. onnect To Control Panel Default Programs Help and Support Start Search p Page 45 of 51 Workstation Preparation amp New User Getting Started Guide Don t run the program unless you know where it s from or you ve used it before CR iexplore exe Unidentified Publisher gt Cancel I don t know where this program is from or what it s for gt Allow I trust this program I know where it s from or I ve used it before Details User Account Control helps stop unauthorized changes to your computer Ge Live Search PY PS er A G e 5 Page E Diagnose Connection Problems Internet Explorer cannot display the webpage Pop up Blocker Phishing Filter Manage Add ons Most likely causes e You are not connected to the Internet Work Offline e The website is encountering problems Windows Update e There might be a typing error in the address Full Screen Menu Bar Toolbars What you can try Diagnose Connection Problems Sun Java Console More information Page 46 of 51 Workstation Preparation amp New User Getting Started Guide Click on the Security tab and then highlight Trusted sites and click on the Sites button trust not to damage your computer or your files Security level for this zone Allowed levels for this zone All Medium Prompts before downloading potentially unsafe content Unsigned Ac
41. osoft Corporation All rights reserved iC Windows system32 gt gpupdate force When the OK to Restart prompt appears type y and hit Enter Note that SDC v2 0 4 a restart was not prompted or required Command Prompt gpupdate force DU x Microsoft Windows Version 6 0 6000 WCopyright lt c gt 2006 Microsoft Corporation All rights reserved iC Users fdcc_admin gt gpupdate force Updating Policy User Policy update has completed successfully Computer Policy update has completed successfully Certain User policies are enabled that can only run during logon Certain Computer policies are enabled that can only run during startup OK to Restart Y NDyL Page 41 of 51 Workstation Preparation amp New User Getting Started Guide Click Close or simply wait a few seconds for the Windows OS to restart Command Prompt loj x Microsoft Windows Version 6 0 6008 opyright lt c gt 2006 Microsoft Corporation All rights reserved C Users fdcc_admin gt gpupdate force Updating Policy ser Policy update has completed successfully Computer Policy update has completed successfully ertain User policies are enabled that can only run during logon Certain Computer policies are enabled that can only run during startup OK to Restart C NDy Restarting the computer You are about to be logged off xa Windows will shut down in less than a minute C Users fdcc_admin gt
42. ported on At least Intemet Explorer 6 0 in Windows XP Service P Ca m To access and use Sametime services on E Collabcenter portal the above Java Permission settings must be changed to either ONE of the following options 1 Java Permissions set to Disabled 2 Java Permissions set to Enabled High most secure and recommend option 3 Java Permissions set to Enabled Medium 4 Java Permissions set to Enabled Low Java Permissions set to Disabled OR Page 37 of 51 Workstation Preparation amp New User Getting Started Guide Java Permissions set to Enabled with High Medium or Low eg Java permissions 5 Not Configured Enabled 5 Disabled bere Custom Disable Java High safety Low safety Medium safety B 6 Update Group Policy as an Admin Open the command prompt as an Admin and run the following command gpupdate force For changes to take affect a Windows restart is recommended Refer to the screenshots below on how to update the Group Policy as an Admin Go to the Start menu Page 38 of 51 Workstation Preparation amp New User Getting Started Guide Internet Mozilla Firefox Sr E mail ell Windows Mail wall Welcome Center Ba ap e Windows Mobility Center Sj Windows Meeting Space a Windows Photo Gallery Windows Media Player CH Windows Live Messenger Download E
43. r lt q 4 1 Application Compatibility E Corporate Settings 4 Internet Control Panel ge 5 1 Advanced Page a 7 Security Page D E Internet Zone E Intranet Zone E Local Machine Zone Locked Down Internet Zone Locked Down Intranet Zone Locked Down Local Machine Zone E Locked Down Restricted Sites Zone 1 Locked Down Trusted Sites Zone Restricted Sites Zone E Trusted Sites Zone 4 7 B 5 Change Java Permissions Java permissions Display Properties Requirements At least Internet Explorer 6 0 in Windows XP Service Pack 2 or Windows Server 2003 Service Pack 1 Description This policy setting allows you to manage permissions for Java applets If you enable this policy setting you can choose options from the drop down box Custom to control permissions settings individually Low Safety enables applets to perform all operations Medium Safety enables applets to run in their sandbox an area in memory outside of which the program cannot make calls plus capabilities like scratch space a safe and secure storage area on the client computer and user controlled file I O High Safety enables applets to run in their sandbox Disable Java to prevent any applets from running If you disable this policy setting Java applets cannot run If you do not configure this policy setting the permission is set to Low Safety Setting li Access data sources across domains 17 Allow active scripting Allo
44. r the ActiveX controls and plugins section ensure the Binary and Script behaviors radio button is enabled Click OK a gt oo 8 All ports necessary to access E CollabCenter must be opened in your location s firewall See section 6 Network Requirements for more details 9 Two easy ways to test that you have satisfied all the requirements above is to 1 Go to our Getting Started URL and click on the E CollabCenter Workstation Checker tool NIPR https www e collabcenter com wps portal gettingstarted SIPR https meeting e collabcener nces dod smil mil check workChecker jsp 2 Log into https www e collabcenter com a Select the Web Conferencing tab b Click the Test Meeting link c After a few seconds the Test Meeting window will display If your workstation is configured properly to work with Sametime meetings a k a web conferences You will see the screen similar to the one below in a new browser window that says Sample meeting to test your environment for online meetings If you can see this message then your environment is correctly set up for Sametime Meetings See Appendix A Steps to Test your Audio Video Capabilities Prior to Entering a Web Conference performed within the E CollabCenter portal for a screenshot of this Page 3 of 51 Workstation Preparation amp New User Getting Started Guide 2 Introduction amp Overview This document provides instructions to optimize a user s local workstation
45. s am 2 Local Computer Policy 4 Computer Configuration ge 1 1 Software Settings E Windows Settings 4 5 Administrative Templates ef 2 Display Properties E Allow active scripting Not configured E Control Panel E Network Requirements Allow META REFRESH l Not configured Printers At least Internet Explorer 6 0 in Allow cut copy or paste operations from the clipboard vias Not configured Windows XP Service Pack 2 or Allow binary and script behaviors Not configured gt System Windows Server 2003 Service Back Use ft S ki H e d VR eege j 3 U5 Use Pop up Blocker lot configures E ActiveX Installer Service Description LE Display mixed content Enabled E Application Compatibility This policy setting allows you to 77 Download signed ActiveX controls Not configured E AutoPlay Policies manage permissions for Java applets Download unsigned ActiveX controls Not configured E Backup If you enable this policy setting you 277 Allow drag and drop or copy and paste files Not configured E BitLocker Drive Encryption can choose options from the drop UE Allow file downloads Not configured E Credential User Interface down box Custom to control 5 Allow font downloads Not configured E Desktop Window Manager Permissions settings individually i Allow installation of desktop items Not confiqured E Digital Locker Low Safety enables applets to E Java permissions Enabled E Event Log Service perform all operations S Launc
46. s are stored in a special Folder for quick execution later Only advanced users should delete Files or modify these settings Click here to delete temporary internet files Delete Files 2 All checkboxes must be checked hit OK Delete Temporary Files 9 Delete the Following temporary files Downloaded Applets Downloaded Applications Other Files Click OK SA Ce et Page 26 of 51 Workstation Preparation amp New User Getting Started Guide If problems still exist ask the client to send the Java Console log to the NCES Help Desk How to view the Java console log gt gt gt Right click on the Java icon Tea cup and select Open Console to bring up the java console log g EE E T nn Sign Up My Yaho BA G e EL om 4m Contact List Awareness does not work What do you do Check if the JRE version is correct and if browser is configured correctly to use it If it is then just clear the cookies and temporary internet files Close all browser sessions and open a new session and login back into the E CollabCenter website FDCC SDC v2 0 4 Error Java not enabled What do you do If you are using FDCC or SDC machines and are experiencing a java error similar to the screenshot below please read Section 4 4 FDCC amp SDC v2 0 4 Windows clients CJ Your security settings do not allow websites to use ActiveX controls installed on your computer This page may not d
47. start crosaft VM Uncheck these 3 Microso e requires restart dg We Always use ClearType for HTML Enable automatic image resizing Mm ka Sun Java must be checked VM A Takes effect after you restart Internet Explorer Reset Internet Explorer settings Deletes all temporary files disables browser add ons and resets all the changed settings You should only use this if your browser is in an unusable state Reset Page 15 of 51 Workstation Preparation amp New User Getting Started Guide 4 6 1 3 TLS 1 0 Now verify that Internet Explorer has TLS 1 0 Enabled a government requirement to satisfy FIPS 140 2 encryption e Launch Internet Explorer e click on Tools gt Internet Options e Click on the Advanced tab and verify that TLS 1 0 is checked by default IE 6 does not have TLS 1 0 enabled while IE 7 does e If TLS 1 0 is not checked check it and then restart IE Internet Options Ax g z General Security Privacy Content Connections Programs Advanced Settings C Empty Temporary Internet Files folder when browser is dro Enable Integrated Windows Authentication Enable native XMLHTTP support L Phishing Filter N Disable Phishing Filter Turn off automatic website checking Turn on automatic website checking C Use SSL 2 0 TLS 1 0 must enabled not enabled Use SSL 3 0 by default in IE 6 but it is enabled Use TLS 1 0 be bn defaul
48. ster Passwo SSL Certificates Validation UF Advanced H LA he 5 File Upload Size Limitations In meetings chat rooms and instant message sessions there are limits on attachment sizes e For Web Conferences the practical size limit is 20 MB e Chat Rooms have a 10 MB file size limit that the users cannot exceed e Instant Messages have a 20 MB file size limit that on files that can be transferred from one person to another via an IM session Page 22 of 51 Workstation Preparation amp New User Getting Started Guide 6 Network Requirements The access statements rules for firewalls and all packet forwarding or filtering devices need to be in place in order to use the E CollabCenter service are listed below The NIPRNET Destination IP addresses are 216 12 152 1 through 216 12 152 127 For SIPRNet Destination IP addresses please contact the DISA Help Desk Source Address The addresses for all the workstations on your network Source Ports High ports ports above 1024 tcp and udp Direction Static Ports initiated by Source only NOT Bi Directional Dynamic Ports Bi Directional Destination IPs The IP Addresses for the all the e collab servers Static Destination Ports Port 80 TCP HTTP web trafic Port 443 TCP HTTPS encrypted web traffic Port 554 TCP needed to play back recorded meetings Port 1533 TCP needed for samtime connect thick client for instant message traffic Port 8081 TCP neede
49. t in IE7 Warn about certificate address mismatch TT Warn if changing between secure and not secure mode Warn if POST submittal is redirected to a zone that does n iw lll emm RA Takes effect after you restart Internet Explorer Reset Internet Explorer settings Deletes all temporary files disables browser l add ons and resets all the changed settings You should only use this if your browser is in an unusable state Co eren 4 6 1 4 Binary and Script Behavior E CollabCenter does NOT require ActiveX to run The IBM Sametime development team removed all ActiveX dependencies from its product in version 7 0 consequently Sametime 7 5 1 FIPS does not use ActiveX In an effort to avoid 3rd party litigation Microsoft added the binary and scripting behavior set to control Internet Explorer IE running embedded user interface controls such as Java applets Sametime uses Java Applets for web conferencing There are two options in Internet Explorer to allow Sametime s use of Java either add the Sametime URLs as a trusted site or set Binary and Script Behavior to enable Page 16 of 51 Workstation Preparation amp New User Getting Started Guide The default IE settings have Binary and Script Behavior enabled here are instructions on how to enable it In the Internet Explorer browser under the ActiveX Security controls and plug ins area the Binary and Script Behaviors must be enabled for
50. tiveX controls will not be downloaded E Enable Protected Mode requires restarting Internet Explorer Reset all zones to default level oO Some settings are managed by your system administrator L oe we Page 47 of 51 Workstation Preparation amp New User Getting Started Guide Add e collabcenter com and make sure you uncheck the box at the bottom You can add and remove websites from this zone All websites in this zone will use the zone s security settings Add this website to the zone e collabcenter com Websites F Require server verification https for all sites in this zone You can add and remove websites from this zone All websites in this zone will use the zones security settings Add this website to the zone F Require server verification https for all sites in this zone Now you are done adding E CollabCenter to your trusted sites zone and ready to use E CollabCenter Page 48 of 51 Workstation Preparation amp New User Getting Started Guide Document Information and Revision History Revision Date Author Editor Nature of Change 1 0 Feb 22 Jim Stroud Initial Draft 2007 1 1 Feb 28 Jim Stroud Corrected information on how to determine if 2007 UDP ports are in use w Sametime 7 5 1 2 March 14 Jim Stroud Updated to include the need for TLS 1 0 in the 2007 Sun 1 5 JRE and updated to include Firefox ver 2 0 0 x instead of 2 0 0 1 1
51. upport JRE 1 5 IWS 3 0 is the version used by most of DoD IWS Version 3 0 6 will be released soon and it is JRE independent so it would not conflict with Sametime at all theoretically This means that a workstation running IWS would have to install JRE 1 5 update 12 is preferred and most likely have to uninstall JRE 1 4 2 in order to use E CollabCenter 4 2 Linux clients Library required for application sharing on Linux systems In order to load Application Sharing native code on Linux platforms the following library is required on the client machine libz so 1 which resides in usr lib The supported Linux operating systems are RedHat Enterprise Linux 4 0 Ubuntu 8 04 CentOS 5 1 and Novell Linux Desktop 10 0 using Firefox 1 5 Limited testing has been done by the IBM E CollabCenter project team with these Linux desktops 4 3 Windows clients The recommended operating system for E CollabCenter is Windows XP with Service Pack SP 2 Prior versions of Windows such Windows XP SP 1 and Windows 2000 may work but have not been tested by the E CollabCenter team Limited testing has been done using Windows 2003 Server SP1 and SP2 as an E CollabCenter client they both appear to work fine For the Sametime Broadcast client Sametime Connect a k a thick client client Sametime Meeting Room client the Microsoft Virtual Machine VM is not supported and must be disabled The supported JRE for all Sametime java applet clients in the Sametime
52. us versions Send To Cut Copy Delete Open file location Properties Control Panel Default Programs See all results Search the Internet Help and Support 0 If you started this action continue Microsoft Management Console Microsoft Windows WW Details User Account Control helps stop unauthorized changes to your computer Page 34 of 51 Workstation Preparation amp New User Getting Started Guide B 4 Edit Internet Explorer s Java security settings Under the Group Policy Editor go to Computer Configuration Administrative Templates Windows Componenis Internet Explorer Internet Control Panel Security Page Trusted Sites Zone Java Permissions AND Computer Configuration Administrative Templates Windows Components Internet Explorer Internet Control Panel Security Page Locked Down Trusted Sites Zone Java Permissions Note You must change the Java permission for BOTH Locked Down Trusted Sites Zone AND Trusted Sites Zone Refer to the screenshots below on how to edit Internet Explorer Security Settings in the Group Policy Editor Under the Group Policy Editor go to Computer Configuration Administrative Templates Windows Components Internet Explorer Internet Control Panel Security Page Trusted Sites Zone amp Locked Down Trusted Sites Zone Java Permissions Double click the Java Permissions option on the right as shown below E Grou File Action View Help e9 cl
53. w META REFRESH i Allow cut copy or paste operations from the clipboard via s f Allow binary and script behaviors Use Pop up Blocker li Display mixed content LE Download signed ActiveX controls lE Download unsigned ActiveX controls Allow drag and drop or copy and paste files f Allow file downloads Allow font downloads i Allow installation of desktop items Java permissions Enabled E Launching applications and files in an IFRAME E Logon options Open files based on content not file extension l Navigate sub frames across different domains E Allow active content over restricted protocols to access my LE Do not prompt for client certificate selection when no certifi Automatic prompting for ActiveX controls Automatic prompting for file downloads LE Run ActiveX controls and plugins lE Script ActiveX controls marked safe for scripting l Initialize and script ActiveX controls not marked as safe E Scripting of Java applets l Run NET Framework reliant components signed with Auth Software channel permissions Submit non encrypted form data Run NET Framework reliant components not signed with A i Userdata persistence Allow script initiated windows without size or position cons Not configured Not configured Not configured Not configured Not configured Not configured Enabled Not configured Not configured Not configured Not configur
Download Pdf Manuals
Related Search