If Enterprise Management Servers are installed at your site, you must register onsite or Groove-hosted relay server(s) with the management server in order to provision Groove domain members with relay servers. If you use Groove Hosted Management Services, the
hosted relay servers are already listed on the hosted management server.
Note: In a Role Based Access Control (RBAC) environment, you must have the role of Server or Domain Administrator to administer relay server sets at the group level;
a role of Server, Domain, or Member Administrator is required to provision indi-vidual members with relay server sets.
The sections below describe the following relay server tasks:
• Overview of Server Registration
• Exchanging Server Keys Overview of Server Registration
If you are using an onsite Enterprise Management Server, you must register each support-ing Groove server with the management server before you can assign theses servers to domain groups or members. Because relay and management servers depend on each other to perform specified functionality (such as data synchronization), they must be able to communicate securely. To establish this relationship, public/private key pairs are used to authenticate each server to the other and to the Groove users assigned to the relay server.
An exchange of certificates (corresponding to these keys) is therefore required in the case of onsite relay servers.
Note: Data synchronization and similar tasks are not performed with hosted servers, so hosted relay (or other) servers do not require management server keys.
For onsite servers, the registration process involves two main steps:
• Copying the management server certificate and information into the supporting server registry.
• Copying the supporting server certificate and information to the management server and listing it with a domain.
Registering hosted relay services involves only the second part of the certificate exchange described for onsite servers: copying the supporting server’s certificate and information to the management server.
Exchanging Server Keys
The following procedure applies to onsite servers and hosted services and is a necessary preliminary to server provisioning.
To perform the server key exchange, follow these steps:
1. Go to the management server administrative Web site and from the navigation pane, click the domain Server Sets heading in the navigation pane. The Server Sets tab appears with a list of server sets. The management server provides an initial default server set (which is empty if servers have not been added to the set).
Note: For convenience, if your setup allows, you can perform this procedure by logging into the management server from the relay server machine.
2. Click the Servers tab. The Servers page appears, with a list of relay servers that have been added to the domain.
3. Click Add Server in the tool bar, then select a server type: Hosted Relay Server, Onsite Relay Server, or XMPP Server. The Add ___ Server page appears.
4. If you are installing an onsite relay server, follow the series of substeps below to copy the management server public key to the relay server.
If you are registering a Groove-hosted relay or other server, skip this series of substeps and proceed to the next main step to import the relay server.xml file onto the management server.
a. From the Add Server page, click the Download Public Key button to download ManagementServer.reg. The File Download dialogue box appears. This .reg file contains the management server’s certificate (containing its public key and identifying information). For more information about management server keys, see “Appendix B. Management Server Keys and Certificates”.
b. Click Save this file, then click OK, select a location for saving the file, click the Save button, and click the Close button. (If you are conducting this procedure from a local relay server machine, you can click the Open button to apply the registry settings from the .reg file, instead of saving the file on the management server to disk and then copying it onto the relay server.)
c. From the relay server machine, copy the ManagementServer.reg file from its current location onto the relay server.
d. From the relay server machine, launch the ManagementServer.reg file to apply the registry settings that contain the management server certificate in the relay server registry.
5. If you are using an onsite relay server, copy the relay server ID file, RelayID.xml, to a safe place on disk. This file is defined by the server administrator during installation and configuration of the supporting server, and usually resides in the relay server or other server’s installation directory.
If you are using hosted relay services, locate the relay server ID file, GrooveHostedRelay.xml (usually provided on a separate CD).
6. From the Add Server page on the management server, in the File location text box, type or browse to the location of the server’s ID file (RelayID.xml or
GrooveHostedRelay.xml, for example). This file contains two certificates: a SOAP certificate which is used by the management server to authenticate the server, and an SSTP certificate which will be used by Groove clients provisioned to this server.
See the Groove Enterprise Relay Server Administrator’s Guide for information about generating this .xml file on onsite servers).
7. Click OK to upload the server ID file to the management server domain. The server name appears in the list of servers added to the domain on the Server tab and in the Add Server window for a selected set.
Note that adding a server to a domain automatically adds it to the default relay server set for provisioning to domain groups and members. You can delete the server from the default set as described below in “Removing Servers from a Set”.
You can also add servers to specified sets as described below in “Adding Groove Domain Servers to a Set”.