Database Setup for IM and Presence Service on Cisco Unified Communications Manager, Release 9.0(1)
External database installation and setup
Downloads: This chapterpdf (PDF - 409.0KB) The complete bookPDF (PDF - 877.0KB) | Feedback

External database installation and setup

External database installation and setup

This chapter provides information about how to configure an external database to store information synchronized from the Cisco Unified Communications Manager IM and Presence Service. The following IM and Presence features require an external database:

  • Permanent Group Chat feature - IM and Presence supports two types of group chat, temporary (ad-hoc) chat and permanent chat. You do not require an external database for temporary chat to work. However, if you require permanent chat rooms on IM and Presence, you must configure an external database.
  • Instant Messaging Compliance - If you deploy the native Message Archiver (MA) component on IM and Presence for compliance logging, you require an external database.

External database setup requirements

  • Hardware requirements: A remote server on which you install the PostgreSQL database(s).
  • Software requirements:
    • IM and Presence Service, release 9.0.
    • PostgreSQL database, versions 8.3.x through 9.1.1
    • You can install the PostgreSQL database on either a Linux or a Windows operating system. See the PostgreSQL documentation for details on the supported operating systems and platform requirements.

Note


You can also use version 8.1.x of the PostgreSQL database, but the configuration of these versions may be different to the PostgreSQL database configuration described in this module. See the PostgreSQL documentation for details on how to configure these PostgreSQL database versions. If you use version 8.1.x of the PostgreSQL database, the database configuration on IM and Presence will be the same as described in this module.


  • External Database requirements for IM and Presence features: The external database requirements differ depending on the features you wish to deploy on IM and Presence:
    • Permanent Group Chat feature: You require one unique external database for each IM and Presence server in an IM and Presence cluster. Each node requires its own logical database, but nodes can share the same physical database installation.
    • Compliance feature: We highly recommend that you configure at least one external database for an IM and Presence cluster; however you may require more than one external database for a cluster depending on your server capacity.

Note


If you deploy both the Permanent Group Chat and Compliance features on an IM and Presence server you can assign the same external database to both features.


Related Information

Additional documentation

This procedure only describes how to configure the external database on IM and Presence. It does not describe how to fully configure the features that require the external database, specifically the Permanent Group Chat and Compliance features. See the documentation specific to the feature you are deploying for the complete configuration:

  • For information on configuring the Compliance feature on IM and Presence, see the Instant Messaging Compliance for IIM and Presence Service on Cisco Unified Communications Manager
  • For information on configuring the Permanent Group Chat feature on IM and Presence, see the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager

External database setup prerequisites

Before you install and configure the external database on IM and Presence, perform the following tasks:

  • Install the IM and Presence servers as described in the Installing Cisco Unified Communications Manager.
  • Configure the IM and Presence servers as described in the Deployment Guide for IM and Presence Service on Cisco Unified Communications Manager.

Hardware and performance recommendations

When you configure an external database with IM and Presence, you need to consider the following recommendations:

  • We recommend that you use similar hardware for both the external database and the IM and Presence nodes.
  • We recommend that you maintain the external database according to the best practice guidelines described in the product documentation. If you do not properly maintain the external database, and you allow the external database to fill up, this causes performance problems in the IM and Presence cluster.
Related Information

About security recommendations

External database connection security

IM and Presence does not provide a secure TLS/SSL connection to the external database. We recommend that you consider this security limitation when you plan your IM and Presence deployment, and consider the security recommendations we provide in this topic.

User access restriction recommendations

We strongly recommend that you restrict user access to the external database to only the particular user and database instance that IM and Presence uses. You can restrict user access to the PostgreSQL database in the pg_hba.conf file located in the <install_dir>/data directory.


Caution


Do not configure 'all' for the user and database entries because potentially this could allow any user access to any database.


When you configure user access to the external database, we also recommend that you configure password protection for the database access using the 'password' method.


Note


You are required to enter a password for the database user when you configure a database entry on IM and Presence.


The following are examples of a secure user access configuration, and a less secure user access configuration, in the pg_hba.conf file.

Example of a secure configuration:

# TYPE

DATABASE

USER

CIDR-ADDRESS

METHOD

host

dbinst1

tcuser1

10.89.99.0/24

password

host

dbinst2

mauser1

10.89.99.0/24

password

Example of a less secure configuration:

# TYPE

DATABASE

USER

CIDR-ADDRESS

METHOD

host

dbinst1

tcuser1

10.89.99.0/24

trust

host

dbinst2

all

10.89.99.0/24

password

Notes on the example of a less secure configuration:

  • The first entry contains no password protection for the database.
  • The second entry allows any user to access the database "dbinst2".
Related Information

Maximum connection limit setup


Note


Use this section as a guideline if you wish to limit the number of connections to the database. This section is optional configuration.


For additional security, you can limit the maximum number of permitted connections to the external database. Use the guideline we provide here to calculate the number of database connections that are appropriate for your deployment.

You must modify this guideline to suit your IM and Presence deployment and configuration. The guideline we provide here assumes that:

  • You are running both the Compliance and Permanent Group Chat features on IM and Presence. and
  • You configure the default number of connections to the database for the Permanent Group Chat feature on IM and Presence administration interface.

To limit the number of database connections, configure the max_connections value in the postgresql.conf file located in the <install_dir>/data directory. We recommend that you set the value of the max_connections parameter equal to this guideline:

max_connections = N*10 + Additional Connections

  • N is the number of nodes in your IM and Presence cluster.
  • 10 is the default number of connections to the database on IM and Presence, that is, five connections for the Compliance feature and five connections for the Permanent Group Chat feature. You can configure the number of database connections for the Permanent Group Chat feature on IM and Presence Administration interface.
  • Additional Connections represents any independent administration or database administrator (DBA) connections to the database server. For example, if you have an IM and Presence cluster containing six nodes, and you require an additional three DBA connections, using the guideline above, you should set the max_connections value to 63.
Related Information

Default listener port setup


Note


This section is optional configuration.


For additional security, you may choose to change the default listening port on the PostgreSQL server. You can configure the default listening port in the postgresql.conf file located in the <install_dir>/data directory.

Related Tasks