Introduction
IBM Sametime is available in different license models and feature sets. In some cases, customers run different Sametime licenses in a single environment and require guidance for correct configuration to ensure a compliant implementation.

Purpose
This article is intended to assist you in configuring Sametime in a mixed license environment. It describes some mixed license situations and recommends configurations to ensure only licensed features are being used. This article touches on some areas of licensing to describe differences and configurations. It does not define the licensing and is not part of the license definition. You are responsible for keeping your Sametime implementation compliant.

In a Sametime mixed license environment, be careful to ensure that users access only the Sametime features they are licensed to use. Sametime users, such as those licensed for Sametime Communicate or Complete, can connect to multiple Sametime Community servers. On the other hand, a Notes Domino licensed user is entitled to use a limited set of Sametime features and only one server. Therefore, for compliance purposes, if you have mixed license users accessing the same Sametime Community server, be sure to implement settings and policies to limit user access to the features they are licensed to use. Create policies to separate authenticating users into different groups according to the features they are entitled to use.

Sametime Version
This article applies to IBM Sametime 9.0. It does not apply to earlier Sametime versions, and is not directly applicable to future releases unless indicated.

Sametime License Mix – General overview
IBM Sametime can be licensed in various ways, including a mixed license situation, where some users are allowed to use one set of features, while others use a different set of features. This article describes only licensed features. You can decide to reduce the set of features available to a user. Do not provide a user with features that are not licensed.

Sametime License Mix Scenario
This article focuses on the mixed implementation of IBM Sametime Limited Use and IBM Sametime Collaboration Accelerator, with optional additional Sametime Complete licenses deployed to some users. This article does not apply to a scenario with Sametime Limited Use with Sametime Complete and without IBM Collaboration Accelerator.

Prerequisites
There is a formal requirement that must be completed before users of Sametime 9 Limited Use are allowed to access a Sametime Community Server that is not a Limited Use server. IBM must provide an entitlement, usually in form of a Contract Addendum, which references this article.
Contact your IBM Sales contact for the Contract Addendum.

Mixing Sametime 9 Limited Use with IBM Collaboration Accelerator licensing

Sametime 9 Limited Use
Sametime 9 Limited Use is a limited set of Sametime features which come bundled with other products, in this case with IBM Notes. This product consists of these components:

• A Sametime client embedded in the IBM Notes client which is typically used by Notes users to exchange presence and instant messaging information.
• A Sametime Limited Use server with limited Sametime features, in this case, limited presence and instant messaging features. Limited means that the server does not provide all services, some are missing, and that the server manages the client and reduces the feature set available to the user.
• A capability to run limited Sametime presence and chat features as part of the web based IBM Notes experience (IBM iNotes) which delivers a functionality similar to the installed Notes Client with embedded Sametime.

The Sametime Limited Use license is based on authorized users. Users are licensed, and the server resources required for implementation are not relevant for the licensing.
In a deployment with only Sametime Limited Use, the Limited Use server is installed and the clients connect to the server.
In a deployment with other licenses, best practices suggest that you deploy a second Sametime Community Server that is not limited for those users who are entitled to use additional features. In this case, the server configures its users accordingly.
The Sametime Community Servers can connect to exchange presence and instant messaging information, and can assign users to a Sametime Community Server via the directory being used. This ensures that a user who connects to any server will log in to the correct server.

Sametime 9 Complete
Some users may have a Sametime 9 Complete license providing access to all Sametime services and clients (not including Sametime Unified Telephony). Customers can decide which services and clients are used and can limit access to specific features, assigning these users special policy configurations. Use the Sametime Home Server attribute in the LDAP configuration to indicate which server is to be used.

Sametime 9 and the IBM Collaboration Accelerator
IBM Collaboration Accelerator is a bundle of several IBM software products, including WebSphere Portal, IBM Connections and some parts of Sametime 9. These features are included:

• IBM WebSphere Portal, which includes the option to use Sametime presence and instant messaging features in the context of portal pages – for instance a user name can be extended to show the user's presence status.
• IBM Connections
• IBM Sametime Conferencing, which includes browser based access to Sametime Meetings and Audio/Video conferencing as part of web conferences. Using the IBM Collaboration Accelerator, licensing is by server, not by user. All users can access Messaging services in the browser.

In contrast to the products above, the IBM Collaboration Accelerator is licensed on an IBM Processor Value Unit (PVU) base. The CPU power of the servers required to run the environment is measured and is then used as the base for the license. All users in the organization can be permitted to access the servers. Limiting the access is still an optional customer decision, not a license requirement.

Mixed Sametime Licenses
As described in the previous sections, IBM provides different Sametime licenses, either directly or by bundling software. Customers may have a mixed configuration. Sametime needs to be implemented and configured to ensure that users only use the features they are licensed to use.

Configuring a mixed license environment

Mixed license environment
In a mixed license environment, configure the features that users are licensed to use. The following areas need to be addressed:

• Web conferences and instant meetings
• Web conferences from a browser can be used by all users
• Instant meetings and instant sharing cannot be used by Sametime Limited Use users
• Sametime toolkits including embedded instant messaging
• Integration of presence services in WebSphere Portal is allowed
• Sametime Limited Use users need to be restricted from using these features:
• Sametime Gateway Server, used to connect to other instant messaging systems
• Sametime mobile clients
• File transfer
• Telephony (with 3rd party)
• Voice, Video chat chat (point-to-point)
• Geographic locating
• Screen capture tool
• Sametime plug-ins

Configuration is performed in various places of the administrative domain, for example, in Sametime (or Notes) policies, the Sametime managed settings file, or server configurations on the Sametime System Console.

Leveraging the data in vpuserinfo.nsf
Use the Domino database vpuserinfo.nsf to determine actual logins to the Sametime Community server. The database, vpuserinof.nsf, is located in the data directory on the Domino server. Vpuserinfo.nsf contains every unique Sametime community user's contact list, privacy list, and alerts. You can also view the total number of users who have ever logged in to Sametime. While there is some additional data within the database that is not easily read, a Domino agent can easily pull out specific user information, including the names of unique logins.

Sametime Policies
As a first step, Sametime policies need to be defined and configured to separate the users into different groups and assign features and configurations to them. This is the basic policy configuration that is required as a minimum. A customer can implement additional policies, but must ensure that the users in the various policies are assigned as required. Sametime provides three types of policies: instant messaging, meetings and audio/video. A default policy is provided for each type of policy. Additional policies can be created, they are listed in a prioritized list and users (or user groups) are assigned.
If a user logs in, the user's assignment to the policies is verified top-down and the highest policy the user is assigned to is used.
Users who do not have an explicit policy assignment use the default policy. Best practices dictate using the default policy for the Sametime 9 Limited Use users. Then, additional policies can be created and users assigned as required. Be sure that the number of users assigned to other policies matches the number of licenses, for instance, Sametime Complete.

Assigning policies to users
Policies can be assigned to users by either assigning the individual users to the policy, or by assigning the policy to a group of users. The group is defined in the LDAP directory used by Sametime. Best practices dictate that you create separate, clearly named groups in the directory, add users to the groups as required and then assign the group to a policy.

If a user is a member of multiple groups, the first policy is selected when the user is part of any assigned group in the policy. Therefore, a user is always using exactly one policy of each type. When the groups do not overlap (best practice), it is easier to determine why a user receives a specific feature. Still, in the policy list, a search can be performed that identifies the policy for a user. Use the button Find Active Policies (see Figure 1 - Managing Sametime Policies) to perform such a search.

Note: The policy defined as the first policy is based on the weight of a policy as shown in the policy list.

Configuring the Instant Messaging Default Policy for Limited Use users
Figure 1 shows the instant messaging policies with the Default policy selected.
Click Edit to configure the policy.

Figure 1 - Managing Sametime Policies


Chat Settings
The settings in the boxes in Figure 2 must be set as shown. This ensures that the Sametime Client disables the features that are not licensed for users of Sametime Limited Use.

Figure 2 - Sametime Limited Use, Chat Settings

Image Settings
The image settings in Figure 3 must be disabled for users of Sametime Limited Use.

Figure 3 - Sametime Limited Use, Image Settings


File Transfer Settings
The File Transfer settings in Figure 4 are not licensed for users of Sametime Limited Use. All settings included in Figure 4 must be disabled for Sametime Limited Use. The key settings are shown in boxes.

Figure 4 - Sametime Limited Use, File Transfer Settings

Plug-in Settings
Users of Sametime Limited Use are not allowed to use any Sametime plug-ins, so these settings need to be disabled.

Figure 5 - Sametime Limited Use, Plug-in Settings


Mobile Client Settings
Users of Sametime Limited Use are not allowed to use any mobile clients. The clients are already disabled, but best practices indicate all settings shown in Figure 6 should be disabled.
Be aware that this setting is only reflecting clients that use the Sametime Proxy Server, for example, the iOS and Android Sametime Clients. Blackberry clients connect with an API. Ensure that users of Sametime Limited Use do not use a Blackberry client. Blackberry users minimally need a Sametime Communicate license.

Figure 6 - Sametime Limited Use, Mobile Client Settings


Changes to other policies for Limited Use users
No changes are required to other policies.

• The audio/video (Meeting Manager) policy is independent of the client, and web usage of audio/video as part of a meeting is allowed using IBM Collaboration Accelerator. Set the default policy to enable audio/video.
• In the Instant Message section, the setting "Allow all Sametime Connect features to be used with integrated clients (IC)" is disabled for Sametime Limited Use. This ensures that audio/video is not offered in the embedded Sametime client. Users of Sametime Limited Use do not see the Sametime Connect features. Note: Use the "Allow all Sametime Connect features to be used with integrated clients (IC)" setting if the Sametime Connect Client is enabled and licensed to work with another product's client.
• The Meetings policy is independent of the client. The user interface for the Meetings rich client is disabled using managed settings.

Managed Settings
Managed settings configure the Sametime client through the server. When a user logs in to Sametime, the settings are downloaded and applied. Each Instant Messaging policy can assign a different set of managed settings.
The customer can use more managed settings than recommended here, but it’s important not to turn on any feature for a user that a user is not licensed to use.

• Managed settings for users of Sametime Limited Use -- None required
• Managed settings for users of Sametime Communicate -- Disable the Meetings user interface
• Launch meeting in browser -- The rich client is disabled and users access meetings with a browser
• Managed settings for users of Sametime Complete -- As required by the customer

Using Sametime Managed Settings
To use managed settings, create a managed_settings.xml file and post it on a web server. You can create multiple managed settings files and place them in different places on the web server. In each policy, the URL to the managed settings file is configured.

• The file name must be managed_settings.xml and is not part of the URL.
• The URL is configured in the Instant Messaging Policy as Update Site URL (IC).
• Restart the Sametime Community Server to activate the newly-defined policies. The managed setting assignment should be validated.

Additional details regarding managed settings are available in the Sametime Knowledge Center:
Overview information
http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/config/config_client_pref.dita?lang=en
Detailed information
http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/config/config_client_xml_location.dita?lang=en

Managed Settings that must be disabled
The following settings are required to disable specific features:

• Disable Sametime Advanced features for Users of Sametime Limited Use
• Disable the Classic Meetings UI for all users, because Sametime 9 does not support Classic Meetings
• Disable the New Meeting UI for Users of Sametime Limited Use or Sametime Communicate
• Launch meeting in Browser where the the rich client is disabled and users access meetings with a browser
• Disable Telephony, Audio and Video features for Users of Sametime Limited Use

Sample Managed Settings configuration file
The following is a sample configuration for managed settings that can be used for users of Sametime Limited Use. It can be extended, but the configurations of the listed items should not be changed.