Skip to content

VNCtalk for Zimbra Installation

Installation Guide

VNCtalk specializes in providing services for real time communication and it includes several components. In minimal installation a Zimbra environment and a single additional server (the Talk server) are required. At the moment the only supported platform for the VNCtalk backend server is Ubuntu Ubuntu 16.04 (64bit). The VNCtalk system enables its users to perform text chat, text conference (groupchat), video chat & video conference as well as online document collaboration between the participants of a VNCtalk session, using Zimbra Zimlet technology.

Points To Consider

  • For a full-featured experience with VNCtalk the usage of these web browsers is recommended:
    • Google Chrome >=50.0 web-browser
    • Google Chromium >=50.0 will also work on most operating systems, except Debian Testing due to Debian specific changes in the sandbox handling1 .
    • Mozilla Firefox is now also fully supported, when using VNCtalk version 2.4.
    • The Safari web-browser and Microsoft's Internet Explorer are supported as well, when the Temasys WebRTC plugin is installed for the respective browser.
  • A functional webcam, microphone & headphones are also required for video conferencing.
  • Another limitation is the bandwidth which is available for the user. If many users, e.g. more than 6 users, are using the videochat application at the same time, the complete uplink and downlink bandwidth of a slow Internet connection (<= 16000Mbit/s) could be saturated, affecting the quality of the conversation.
  • Having a contact list/ roster containing more than 100 contacts setup for an account, might also impact the performance, so keeping the user's contacts in the list below 100 is advised.

Installation Prerequisites

Before performing an installation these prerequisites must be fulfilled:

  • a working Zimbra 8.6, 8.7.x or 8.8.x environment

  • knowledge and understanding of your network infrastructure setup, especially in regard to your firewall and DNS settings

  • access to DNS management to create the required DNS settings

  • access to Firewall management to enable required communication between Zimbra server(s) and VNCtalk server

  • root access to the Zimbra- and VNCtalk server.

  • Zimbra-Proxy must be installed and running on the Zimbra server, in case you do not have a dedicated Zimbra-Proxy instance running:

$ zmcontrol status | grep proxy
            proxy Running
$

In case you do not have a proxy running, follow the steps described in the Zimbra-Wiki, on how to enable the proxy: Zimbra-Wiki.
When the proxy is installed properly it should listen on port 443:

$ sudo netstat -nlp | grep 443
tcp     0     0 0.0.0.0:443        0.0.0.0:*          LISTEN     28098/nginx.conf
$

Certificate Requirements

VNCtalk heavily relies on DNS resource records and TLS. The certificates used at the Talk server must be valid and cover all required names. We recommend using a wildcard certificate here.
Below are the required domains that need to be included in the TLS certificate:

*yourdomain.tld
talk.yourdomain.tld
xmpp.yourdomain.tld
conference.yourdomain.tld
external.yourdomain.tld
auth.yourdomain.tld
jitsi-videobridge.yourdomain.tld
focus.yourdomain.tld

To order a certificate matching the requirements you can create a CSR using this command:

openssl req −out talk.csr −new −newkey rsa:2048 −nodes −sha256 −keyout talk.key
−subj '/C=DE/ST=Berlin/L=Berlin/O=Example Company/OU=TalkServer/
CN=yourtalkserver.yourdomain.tld/emailAddress=admin@yourdomain.tld/
subjectAltName=DNS.1=xmpp.yourdomain.tld,DNS.2=conference.yourdomain.tld,
DNS.3=auth.yourdomain.tld,DNS.4=jitsi−videobridge.yourdomain.tld,
DNS.5=focus.yourdomain.tld,DNS.6=external.yourdomain.tld,DNS.7=turn.yourdomain.tld,
DNS.8=talk.yourdomain.tld'
Generating a 2048 bit RSA private key
...........+++
...................................................................+++
writing new private key to 'talk.key'
−−−−−
$

Warning: we had to split the command into multiple lines to make it readable, but you should keep it all on one line, otherwise you may lose some subject details.
For better certificate management, put the key and crt files into the folder /etc/ssl/owncerts. You need to provide the TLS key and the TLS certificate. The certificate file must also include the complete CA chain!

Note 1: Please do not use a certificate with a password2.

Note 2: You may also order a LetsEncrypt-certificate covering the domains listed above as well. This Zimbra-Wiki article describes, how to install a LetsEncrypt SSL-certificate on Zimbra.

For the talk-server you need to provide the privkey*.pem and fullchain*.pem files when prompted for them during the installation process. Please make sure that you create a dedicated SSL-certificate for the talk server.

System Requirements

Evaluation and Testing Production Environments
Intel/AMD 64-bit CPU 1.5 GHz (min. 2 cores) Intel/AMD 64-bit CPU 2 GHz (min. 4 cores)
2 GB RAM min. 4 GB RAM
Ubuntu 16.04 LTS Server Edition (64bit) in minimal setup Ubuntu 16.04 LTS Server Edition (64bit) in minimal setup
10 GB free disk space 40 GB free disk space

Firewall Settings

The Talk application server uses multiple ports and protocols, so that these ports have to be accessible by the clients and the Zimbra environment:

Port Protocol Usage
80 TCP HTTP/BOSH/Websocket
443 TCP HTTPS/BOSH/Websocket
4443 TCP jitsi-meet videostream for very restrictive environments
5222 TCP XMPP client to server connections
5269 TCP XMPP server to server connections
5280 TCP HTTP and SecureWebSocket connection (SSL)
5281 TCP HTTP and WebSocket connection
3478 UDP/TCP STUN/TURN Port forwarding to turnserver
5349 UDP/TCP SSTUN/STURN Port forwarding to turnserver
10000 - 20000 UDP/TCP jitsi-meet videostream RTP
10000 - 20000 UDP/TCP TURN server media

In addition, the Zimbra-proxy server must have access to

Port Protocol Usage
8080 TCP Upsteam configuration for the Zimbra proxy to access the VNCmiddleware
See the section on customizing the zimbra-proxy settings

Please note: The server has to be accessible using the same hostname + port combination from Zimbra servers as well as from clients. If you are using NAT and split DNS you have to make sure your DNS settings are correct, otherwise the application will not work!

In addition to that, the Talk application server must have access to Zimbra's WSDL-Interface and Admin-UI. The respective ports required can be obtained by executing this query as user zimbra on the attached Zimbra-Server:

$ zmprov gs `zmhostname` zimbraAdminPort zimbraMailSSLPort zimbraMailPort
# zimbra.yourdomain.tld
zimbraAdminPort: 7071
zimbraMailPort: 8080
zimbraMailSSLPort: 8443
$  

Preparing Zimbra Environment

Required Information / Credentials

During the installation of the Talk server, the installer will ask for several settings and information about your Zimbra and network environment. It is recommended to fetch this information now and copy it to a textfile for convenient usage later on. Execute all the following commands as user zimbra.

  • Zimbra (and master LDAP) fully qualified domain (FQDN).
$ zmhostname
zimbra.yourdomain.tld
$
  • LDAP access to your master LDAP - please login to your LDAP Master and execute as zimbra user:
$ zmlocalconfig -s zimbra_ldap_password
zimbra_ldap_password = w_A77uZ9
$

The installer will check for additional settings and fetch these automatically. If any additional adjustments are required on your zimbra environment, the installer will provide the details for it.

General Settings

In preparation you should change these settings prior to installing the Talk server:

$ zmprov mcf zimbraZimletJspEnabled TRUE
$ zmprov mc default zimbraProxyAllowedDomains "*yourdomain.tld"
$ zmprov mcf +zimbraHttpThrottleSafeIPs $TalkServerIPv4
$ zmprov mcf zimbraHttpDosFilterMaxRequestsPerSec 100

Note: Replace the $TalkServerIP by the actual IP of your Talk server, as well as yourdomain.tld by the actual domain name you get when executing this command on the Talk application server:

$ hostname -d
yourdomain.tld
$

Note: If you do not adjust the settings now, the installer will prompt you for it during the installation process.

DNS entries

This section lists the required DNS entries for the VNCtalk components.

The XMPP server is called xmpp.yourdomain.tld. This server serves the yourdomain.tld. So a user JID3 will be for example alice.doe@yourdomain.tld.
For each VNCtalk service and subdomain a SRV DNS record is required, so the clients are informed which server provides the corresponding service, according to the official prosody documentation4:

The target domain (xmpp.example.com) must be an existing A record of the target server, it must not be an IP address, and cannot be a CNAME record.

;;
;; VNC XMPP server
;;
;; A records for XMPP server
;; OWNER-NAME                   TTL    CLASS   RR      IPV4
;yourdomain.tld.                       300     IN      A       $YOUR.IPv4   ; Use this record if the server has this dns name
xmpp.yourdomain.tld.                   300     IN      A       $YOUR.IPv4   ; VNCtalk prosody full hostname
conference.yourdomain.tld.             300     IN      A       $YOUR.IPv4
external.yourdomain.tld.               300     IN      A       $YOUR.IPv4
conference.external.yourdomain.tld.    300     IN      A       $YOUR.IPv4
auth.yourdomain.tld.                   300     IN      A       $YOUR.IPv4
jitsi-videobridge.yourdomain.tld.      300     IN      A       $YOUR.IPv4
focus.yourdomain.tld.                  300     IN      A       $YOUR.IPv4
turn.yourdomain.tld.                   300     IN      A       $YOUR.IPv4   
stun.yourdomain.tld.                   300     IN      A       $YOUR.IPv4

;;
;; XMPP special records
;;
;; TXT records for BOSH and Websocket
;; OWNER-NAME                    TTL     CLASS   RR      TEXT
_xmppconnect.xmpp.yourdomain.tld.        300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.yourdomain.tld:443/http-bind"
_xmppconnect.yourdomain.tld.             300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.yourdomain.tld:443/http-bind"
_xmppconnect.external.yourdomain.tld.    300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.yourdomain.tld:443/http-bind"
;;
;; SRV records for XMPP
;; SRVCE.PROT.OWNER-NAME                              TTL     CLASS   RR  PRI     WEIGHT  PORT    TARGET
_xmpp-client._tcp.yourdomain.tld.                     300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.yourdomain.tld.                     300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.xmpp.yourdomain.tld.                300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.xmpp.yourdomain.tld.                300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.  
_xmpp-client._tcp.auth.yourdomain.tld.                300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.auth.yourdomain.tld.                300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.focus.yourdomain.tld.               300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.focus.yourdomain.tld.               300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.jitsi-videobridge.yourdomain.tld.   300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.jitsi-videobridge.yourdomain.tld.   300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.conference.yourdomain.tld.          300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.conference.yourdomain.tld.          300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.external.yourdomain.tld.            300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.external.yourdomain.tld.            300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.
_xmpp-client._tcp.conference.external.yourdomain.tld. 300     IN      SRV 0       5       5222    xmpp.yourdomain.tld.
_xmpp-server._tcp.conference.external.yourdomain.tld. 300     IN      SRV 0       5       5229    xmpp.yourdomain.tld.

During the installation, the installer will create ready-to-use configs for BIND and dnsmasq, stored to the files
/etc/zimbra-talk/dnsmasq.conf
/etc/zimbra-talk/bind.conf
When the installation is finished, a tool is provided to check for correct DNS settings, located in
/usr/share/ztalk/libexec/check_talk_dns.sh

You can find real BIND and dnsmasq examples at the Appendix.

Install VNCtalk Server

The Talk Server has to be installed on a dedicated machine. Currently, the only supported environment is

  • Ubuntu 16.04 server 64bit.

While installing the base operating system, use the minimal installation and only add openSSH server to it.

The installation process is initiated by running the installer script with root privileges. During the installation process, it will interactively ask for all required information and installs & configures all components afterwards.

Getting the installer

After fetching the installer via:

wget -O install-vnctalk.e78088b.sh https://esafe.vnc.biz/index.php/s/TgVLTo4olHlU9A3/download

make it executable and start the installation:

sudo -s 
chmod +x ./install-vnctalk.e78088b.sh
./install-vnctalk.e78088b.sh

This will install quite a lot of dependencies and may take some time. Therefore we propose running the installation in a screen.

Installer Modes

Besides executing the installer script without parameters, which performs a straight forward installation, the installer can also be executed with additional arguments.

To get a list of available parameters, execute

sudo ./install-vnctalk.e78088b.sh --help

which will display this helptext:

interactive install of VNCtalk for Zimbra backend server                                                                                              
usage: ./install-vnctalk.e78088b.sh can be started with or without any arguments                                                                              
supported arguments:                                                                                                                                  
  -d     perform dry-run of installation                                                                                                              
  -a     use prepared config from dryrun
  -u     uninstall zimbra-talk
  -c     clean up config created by dry-run
  --help display this help

$ 
Description of the available arguments to pass
  • sudo ./install-vnctalk.e78088b.sh -d: Executing this performs a dry-run of the installation, creating all the configurations necessary but not installing any package or performing any modification to the current system's settings.
    During the dry-run, the user does not experience any difference between the dry-run-mode and executing the installer without any arguments, except, when the dry-run is finished the user is informed that it was only a dry-run and he/she needs to execute the installer again, using the -a flag to actually apply the modifications just tested to the system:
VNCtalk dryrun installation successful.
generated config for <yourtalkserver hostname>.

The dry run configuration is ready, you can now proceed with the silent installation by running
./install-vnctalk.e78088b.sh -a
$

Please note:
Right before the dry-run is finished, the user is prompted whether he/she wants to let the installer check if DNS is setup correctly, which might take up to a minute to complete. Any DNS-errors found will be stored in the current working directory to the file dnserror.txt, enabling the user to fix any DNS-issues occured before applying the dry-run configuration later on using the -a argument.

The correct DNS-setting is for bind and dnsmasq are, after the dry run is finished, available in the files:

/etc/zimbra-talk/dnsmasq.conf
/etc/zimbra-talk/bind.conf
  • sudo ./install-vnctalk.e78088b.sh -a: Executable after a dry-run installation has been previously performed. Passing the -a flag will execute the installer using the previously entered input made during the dry-run and will not prompt for anything until the installation has been completed. Then the user is asked if DNS-setup should be checked again for correctness.
    When everything went well, the Zimlet configuration to apply is displayed in the console:
VNCtalk for Zimbra installation (nearly) done.
please visit the next Wiki and follow the instructions - https://en.docs.vnc.biz/vnctalkzimbra/install/#configuring-the-zcs-vnc-talk-zimlet
configure in Zimbra Admin UI these settings:

XMPP server URL:          https://<server-URL-forAdminUI>
XMPP server URL Port:     443
External User server URL: https://<server-URL-forAdminUI>
External User URL Port:   443
Authentication Token:     <the authentication shared secret>
Etherpad URL:             https://<server-URL-forAdminUI>
Etherpad URL Port:        443
  • sudo ./install-vnctalk.e78088b.sh -c: In case the dry-run failed or should be executed again, all leftovers from a previously executed dry-run must be removed first. This is achieved by appending the -c flag. After the cleanup is finished, the installer provides this output:
$ sudo ./install-vnctalk.e78088b.sh -c
cleaning up prepared config data from dry-run
0
0
0
0
0
cleanup finished.
$
  • sudo ./install-vnctalk.e78088b.sh -u: Removes the VNCtalk application and its dependecies from the talk-backend-server. This whole uninstall process along with the tasks to perform on Zimbra-side is explained in chapter Uninstall VNCtalk.

Installation process

After adding some additional package repositories and pre-installing some required components, the interactive installation process starts.

  1. The first question asked by the installer is for the global system mode. As of now two modes are supported:
    • locked mode: [YES] allows access to video calls only for zimbra users. External guests can not participate in video calls.
    • open mode: [No] allows access to video calls for anybody.
  2. The next question you are prompted for asks you whether you want to access you LDAP-server via ldap:// or ldaps:// protocol:

    LDAP Hostname

  3. In the next five screens, the installer will ask for details to access Zimbra LDAP server and the public domain name of your VNCtalk server. Whenever a default value is available or can be determined, the input is pre-filled using this default value. In addition the installer provides you with the respective zimbra commandline, to fetch the required information from the Zimbra-server:

    Once these details are provided, the installer checks for the required Zimbra settings and provides feedback about required modifications still pending on Zimbra side.
    In case anything is not setup correctly, in this example JSP has not been enabled on the Zimbra-Server yet, you will be notified with a FAIL instead.
    In addition your are told, how you can modify the respective parameter:

    All necessary modifications pending are additionally stored in the file
    talk-install.prov-*,
    located in the current working directory, ready for execution via
    zmprov -f* on the Zimbra server. To apply, leave the current screen, copy the file to your zimbra(mailbox)-server(s):

    scp ./talk-install.prov* user@<zimbraserver>:/tmp/
    

    Connect to your zimbra-mailbox-server(s) via ssh, become user zimbra, apply the file via zmprov and restart mailbox(es) afterwards:

    sudo su - zimbra
    zmprov -f /tmp/talk-install.prov*
    zmmailboxdctl restart && zmprov fc all
    

    Now connect back to your VNCtalk installer screen.
    After clicking Ok the user is asked if he/she wants to check the settings again:

    When everything has been adjusted on Zimbra side according to the requirements, it will look like this:

  4. After successfully validating the Zimbra settings and answering to re-check with No, a decision must be made:

    whether to use

    • Yes for auto-generated contact lists: based on distribution list membership and de ned LDAP-filter settings
    • No for manually assembled contact lists: the users have to assemble their contact-lists and groups manually by themselves, starting with an empty roster but providing more freedom and options to them.

    Details about the pro and con of each mode are explained in section Using auto-generated contact lists.
    Selecting Yes here, will prompt you with another input field, where the default LDAP Roster Filter has to be set. The proposed filter setting will create a roster (contact list) from all existing Distribution Lists (per domain only):

    It is save to accept the provided default value here, since the default filter can be changed afterwards, as explained in section Using auto-generated contact lists.

  5. Now the installer will create the VNCtalk application server's databases. If you do not want to use external databases let the installer create them automatically by selecting Yes here:

  6. Now it is time to ready your SSL-certificate files. It is higly recommended to provide a valid commercial certificate. Using self-signed certificates can create weird and hard-to-debug errors, as these certificates will have to be imported into the Zimbra truststore as well as into all potential client systems.

    After pressing OK, you will be prompted in the next two screens to enter the path to the certificate's private key file and the SSL-certificate file.
    Provide the filenames with full path to the installer here. The files will be copied to
    /etc/zimbra-talk/ztalk-ssl-cert.key and /etc/zimbra-talk/ztalk-ssl-cert.pem afterwards.
    The installer will only accept valid key-files and certificates and will prompt you to re-enter the filepaths in case of an error is detected.

  7. Next up you will have to provide some more information about your Zimbra environment:

  8. Once this is done, the installer asks if the server is behind a NAT/Firewall. If you are using Split DNS answer Yes here5.

  9. In the next step, you are asked if you want to use the default virtual hostnames. These are the names mentioned e.g. in section Certificate Requirements.
    In most cases it is safe to answer ”Yes”. If you say ”No” here, the installer will prompt you for all the required virtual hostnames afterwards.

  10. After asking you if you want to use the default ports settings (recommended),

    you are then asked to enter the history retension time, meaning: How long should the chat history be stored?

    When OK is pressed, the remaining dependend packages are now installed and configured.

    When the process is finished and you selected Yes when asked if the server is behind a NAT/Firewall (8), you are now prompted with two additional screens, asking you to enter either the external

    • IPv4 or
    • IPv6 address

    Only one IP-address type is required to enter here. The other input field could be left empty. In case the answer was No in (8), the next two screens are skipped and the DNS configuration is created right away. When finished, you will get a notification.

  11. (Optional) Add external IP:

  12. DNS configuration created:

    The installer informs you, that the DNS-configuration to apply, has been created and stored as a dnsmasq.conf file as well as a bind.conf file to:

    /etc/zimbra-talk/dnsmasq.conf
    /etc/zimbra-talk/bind.conf
    

    Now is the time to apply these DNS-settings.

    After pressing Ok, you will be asked, if you want to let the installer check, if the DNS setup has been performed correctly:

    You can skip this test, which might take a minute, by selecting "No" here, while selecting "Yes" will provide you the information whether

    • No errors were found:

    • Or the test revealed that there are some DNS-settings wrongly configured:

      The details, which DNS-records do not match, are stored in the file dnserror.txt, located in the current working directory.

    However, you can repeat this test any time after fixing the reported DNS-issues, using the tool check_talk_dns by executing on the talk-backend server:

    sudo /usr/share/ztalk/libexec/check_talk_dns.sh
    
  13. Finally the required settings for the admin-UI are displayed:

    VNCtalk for Zimbra installation (nearly) done.
    please visit the next Wiki and follow the instructions - 
    https://en.docs.vnc.biz/vnctalkzimbra/install/#configuring-the-zcs-vnc-talk-zimlet
    configure in Zimbra Admin UI these settings:
    
    XMPP server URL:          https://<server-URL-forAdminUI>
    XMPP server URL Port:     443
    External User server URL: https://<server-URL-forAdminUI>
    External User URL Port:   443
    Authentication Token:     <secrettokenhere>
    Etherpad URL:             https://<server-URL-forAdminUI>
    Etherpad URL Port:        443
    

Install & Configure the VNCtalk Zimlet

This section describes how to install and configure the VNCtalk zimlet on a Zimbra 8.6/ 8.7/ 8.8 environment.

Customizing Zimbra proxy settings

After the talk-server installation has been completed, the Zimbra-proxy settings must be adjusted properly. For this task, the installer created a pearl script on the talk-server, located in

/usr/share/ztalk/libexec/proxy-template.pl

which when executed on the Zimbra-proxy, will perform the proper adjustments. To apply, perform the following steps accordingly:

  1. Copy the script to the zimbra-proxy's /tmp/ directory

    $ sudo scp /usr/share/ztalk/libexec/proxy-template.pl <user@zimbraserver>:/tmp/
    
  2. Connect via ssh to the Zimbra-proxy server. Then, with root privileges, make the script executable and execute it afterwards along with your talk-server's IP as argument:

    $ sudo chmod u+x /tmp/proxy-template.pl
    $ sudo /tmp/proxy-template.pl <talk-server-IP>
    
  3. Finally become user zimbra, apply the modifications and restart the zimbra-proxy afterwards:

    $ sudo su - zimbra
    $ /opt/zimbra/libexec/zmproxyconfgen && /opt/zimbra/bin/zmproxyctl restart
    

Please Note: On None-Ubuntu Zimbra-proxies, eg. when Zimbra is running on CentOS, when executing the pearl script, it falsely reports that the talk-server is not reachable on port 8080, even when it is:

$ sudo /tmp/proxy-template.pl <talk-server-IP>
Provided Hostname/IP (<talk-server-IP>) is not reachable on Port 8080!
Would you still proceed? (y/N) y

  • So when continueing with y anyway, the required proxy-modifications will be applied correctly.
  • To be on the save side, check via telnet if the talk-server's port 8080 is available for the zimbra-proxy:
    telnet <talk-server-IP> 8080
    

which should return:

    Trying <talk-server-IP>...
    Connected to <talk-server-IP>.
    Escape character is '^]'.

Installing zmpkg

In order to install any VNC Zimlets, including the VNCtalk zimlet, you need to install and configure zmpkg first. To do so, open this link in your web-browser, download the latest zmpkg installer from there and transfer it to the machine where Zimbra is installed. The latest version of zmpkg is always available at:

http://packages.vnc.biz/zmpkg/bootstrap/zmpkg-installer-latest.tar.gz

You can copy the link or alternatively use wget from the command line to download it directly to your Zimbra mailbox server, for example:

wget http://packages.vnc.biz/zmpkg/bootstrap/zmpkg-installer-latest.tar.gz

Extract the downloaded file:

tar xfvz zmpkg-installer-latest.tar.gz

Change to the extracted directory and execute the installer as user root. The install script will take care of all needed dependencies and will install these too.

$ cd zmpkg-installer-<version>
$ sudo ./install.sh

Please Note: Executing the install.sh shellscript, will trigger your system's package manager to initiate an update of your installed packages system along with it!

Now switch to the zimbra user:

$ sudo su - zimbra

and check whether zmpkg is installed or not by using the zmpkg list command.

$ zmpkg list

Please Note: If your system is behind a proxy, you might have to set the $http_proxy environment variable accordingly:

$ export http_proxy=http://<proxy-host>:<proxy-port>/

It may be required to add the http_proxy variable to the zimbra user's .profile or .bashrc files.

Configure zmpkg

Because zmpkg works like apt-get, it is possible to change the repository-URL where the zimlets are installed from. To modify the repository information for zmpkg, you need to log in as user zimbra and edit the apt-sources file located in /opt/zimbra/extensions-extra/zmpkg/etc/apt/sources.list

$ sudo su - zimbra
$ vi /opt/zimbra/extensions-extra/zmpkg/etc/apt/sources.list

In order to install the VNCtalk zimlet, you need to add the commercial repository. Finally the source.list file should look like this:

## automatic entry generated by bootstrap install
## NOTE: you should retain formatting (spaces instead of tabs) for further automatic config upgrades to work
deb http://packages.vnc.biz/zmpkg/current judaspriest free restricted commercial
## uncomment this if you want to use commercial VNC products
## NOTE: these products are free for evaluation-only, but charged on usage
##
please see http://www.vnc.biz/ for more information
# deb http://packages.vnc.biz/zmpkg/current judaspriest commercial
## add your own repos here

zmpkg Usage

zmpkg and zm-apt-get can be used like the Debian/Ubuntu dpkg and apt-get procedures:

update, upgrade, install, download, etc.

All these commands must be executed as the zimbra user!

Updating repository

$ zm-apt-get update

Installing zimlets from a given .deb file

Install any zimlet deb package using

$ zmpkg install </path/to/package.deb>

After the installation of a zimlet, restart the mailboxd and flush the cache by using

$ zmmailboxdctl restart
$ zmprov fc all

to make the changes available to the ZCS.

Installing zimlets from a repository

Install any zimlet using zm-apt-get install <package name> command, for example:

$ zm-apt-get install zcs-vnc-talk

After the installation of a zimlet, restart the mailboxd and flush the cache by using

$ zmmailboxdctl restart

to make the changes available to the ZCS.

Listing installed zimlets

To check if a zimlet is installed already or get a list of all the currently installed zimlets and dependencies on the current Zimbra mailbox, execute the command:

$ zmpkg list

Upgrading installed zimlets

To upgrade installed zimlets from the repository, just execute debian like:

$ zm-apt-get update
$ zm-apt-get upgrade

Installing the zcs-vnc-talk zimlet

After zmpkg has been installed successfully, while logged in as user zimbra on the respective Zimbra mailbox server, run the following shell commands to install the VNCtalk Zimlet and its dependencies, based on the Zimbra-Mailbox server's operating system:

$ sudo su - zimbra
$ zm-apt-get update
$ zm-apt-get install zcs-vnc-talk
$ zmcontrol restart

These commands use zmpkg to update the repository and install the VNCtalk zimlet. To make the changes available to the users it is required to restart all services.

Now you need to run the additional zmprov commands, listed in General Settings, if you did not already execute these yet.

Please note: On a Zimbra-Multiserver environment, zmpkg & the Zimlet must be installed on ALL zimbra-mailbox instances individually.

Configuring the zcs-vnc-talk Zimlet

After the Zimbra ZCS environment restarted all services and the VNCtalk backend server has been fully installed and configured, next step is the configuration of the VNCtalk Zimlet.

Open Zimbra Admin User Interface as the Zimbra-admin, then navigate to the section "Configure --> VNCtalk Zimlet", which brings you to the VNCtalk global configuration section.

Please note: On a Zimbra-Multiserver environment, the VNCtalk Zimlet must be configured on EVERY Zimbra-Mailbox individually. In order to do so, access all your Zimbra-Mailbox-Server's Admin-UI (https://mailbox-hostname:7071) and repeat the Zimlet configuration steps, documented in this section.

Basic XMPP configuration

Usually only the parameters in the Basic XMPP configuration section have to be configured. The other sections are optional and only required in special cases.

  1. VNCtalk Information: In this infobox, version information on the current VNCtalk components used and information about the license status and license expiry date are displayed.

  2. Basic XMPP configuration: This section contains the basic parameters required by VNCtalk to work for all domains existing in the Zimbra ZCS environment 7.
    The settings which must be filled in here, have been displayed at the end of the Talk-application server's installation process:

    VNCtalk for Zimbra installation (nearly) done.
    please visit the next Wiki and follow the instructions - 
    https://en.docs.vnc.biz/vnctalkzimbra/install/#configuring-the-zcs-vnc-talk-zimlet
    configure in Zimbra Admin UI these settings:
    
    XMPP server URL:          https://<server-URL-forAdminUI>
    XMPP server URL Port:     443
    External User server URL: https://<server-URL-forAdminUI>
    External User URL Port:   443
    Authentication Token:     <secrettokenhere>
    Etherpad URL:             https://<server-URL-forAdminUI>
    Etherpad URL Port:        443
    
  3. Suppress notifications checkbox: When checked, the red bar, displaying warning messages, eg. in case of a missing screenshare browser extension, is not displayed in the zimbra web client anymore.

  4. Show Authentication Token button: When pressed, the Authentication Token becomes visible. This is useful for debugging purposses in case the wrong auth-token has been entered.

    Please do not press this button before you saved the initial Basic XMPP configuration, since modified content is not saved, when the auth-token is visible and the Save button is pressed.

  5. Allow inter-domain communication checkbox: This option has only an effect, when auto-generated contact list is disabled8 for the respective domains where the users can (have to) assemble their own contact lists manually in the web-UI. When this option is

    • unchecked: the search area when searching for a contact to add to the contact list is limited to the Zimbra-GAL (Global Address List), which is per default configured for searching only among the user's domain.
    • checked: the search area is extended, starting to look in the user's address-book first, allowing the user now also to add users from other domains and even external accounts to their VNCtalk contact lists.
  6. Save button: After all configuration has been set, click the save button in the upper right corner of the screen, to apply the changes made in Zimlet configuration.

Advanced XMPP configuration

Post Install Tasks

Activate the Zimlet for Zimbra-accounts

In order to use the Zimlet, you have to activate it for the users per COS/ domain/ account.

Unlock the full VNCtalk feature set

Per default all zimbra-users only have the free VNCtalk feature set available.
The idea is to provide in multi-hosting environments everybody a grasp of VNCtalk potential but only unlock selectively the full featureset, when needed (e.g. it has been payed for).
Therefore everybody starts per default with the chat only featureset.

To unlock the full featureset, the parameter zimbraPrefIMFlashIcon, which is unset per default, must be set to FALSE.
This can be done on

  • COS level: providing when set to FALSE all accounts of that COS the full talk-feature set. For the default COS the command to be executed is:

    $ sudo su - zimbra
    $ zmprov mc default zimbraPrefIMFlashIcon 'FALSE'
    
  • Account level: providing when set to FALSE the respective accounts the full talk-feature set:

    $ sudo su - zimbra
    $ zmprov ma user@domain.tld zimbraPrefIMFlashIcon 'FALSE'
    

    Setting zimbraPrefIMFlashIcon for an account overrides the COS settings, therefore adjusting the parameter on account level is not recommended, since changing the parameter back later on COS level has no effect on the value set for the previously changed account, when it has been set once and not reverted.

Using auto-generated contact lists

When using pre-filled rosters (auto-generated contact lists), all users which want to use VNCtalk have to be members of at least one distribution list that is found via the LDAP query initially configured during the backend installation, else their contact list will be empty, rendering them unable to communicate with anyone.
The accounts in a contact list are grouped by their distribution list membership. Users in multiple DLs, which pass the LDAP filter, will be listed in multiple contact list groups.
To create a list containing (nearly) all domain members and adding them to the contact-list group users, you can run these commands as zimbra user:

$ zmprov -l gaa | grep "$yourdomain.com" | egrep -v "(spam|ham|virus|galsync)" > /tmp/users.raw
$ cat /tmp/users.raw | awk '{print "adlm allusers@$yourdomain.com " $1}' > /tmp/users.prov
$ zmprov cdl allusers@$yourdomain.com
$ zmprov -f /tmp/users.prov

Replace $yourdomain.com with your actual domain.

To enable Inter domain communication on a multi-tenancy Zimbra environment with pre-filled rosters, the following requirements must be fulfilled:

  1. The participating Zimbra-domains are configured for VNCtalk.

  2. Zimbra-accounts, which want to communicate beyond domain borders to each other, must be member of at least one distribution list in the remote user's domain and vice versa.

Change the roster ldap-filter

To modify which zimbra-distribution lists are used to fill up the auto-generated contact lists, the value for the parameter

  • DefaultRosterFilter in the config file:

    /etc/zimbra-talk/talk.defaults.cfg
    

    can be adjusted, which has a global effect on all domains.

  • RosterFilter in the respective domain's configuration file

    /etc/zimbra-talk/dconfig.d/<yourdomain.tld>.cfg
    

    can be adjusted as well to override the global parameter by a domain specific one.

To apply the changes made to /etc/zimbra-talk/talk.defaults.cfg and the domain specific config files in /etc/zimbra-talk/dconfig.d/, just update the prosody config and restart prosody service afterwards by executing:

$ sudo /usr/share/ztalk/libexec/update-prosody-conf
$ sudo service prosody restart

To disable the auto-generated contact lists and let the users manage their contacts by themselves, just set the roster ldap-filder for the respective domain to manual:
(RosterFilter = manual).
To apply manual Rosters for new domains, change the DefaultRosterFilter to manual as well: (DefaultRosterFilter = manual).

Using manually assembled contact lists

When auto-generated contact lists are disabled, the users have to add their contacts and groups manually in the Zimbra web-UI:

Depending on whether Allow inter-domain communication is enabled, the search area for searching contacts is limited to the Zimbra-GAL (disabled) or is extended to the user's Zimbra contacts (enabled) as well for potential contacts matching the current search string entered in the search input mask.

Whitelist/ Blacklist domains for VNCtalk

In Zimbra-environments with lots of domains configured, it might be desireble to not configure all of them for VNCtalk, e.g. in regards to ressource consumption.
For that purpose, two optional parameters can be configured in /etc/zimbra-talk/talk.defaults.cfg:
DOMAIN_WHITE and DOMAIN_BLACK.
Setting these parameters can define a powerful filter, which enables to limit the config creation for allowed domains in VNCtalk.

  • Both variables are supposed to be a regular expressions.

    Additional information on regex syntax used can be found here.

  • The processing of these parameters works in a way that

    1. DOMAIN_WHITE is used to get only domains which match the given regex.
    2. everything that matches DOMAIN_BLACK is removed from that whitelist of Zimbra-domains to be setup for VNCtalk afterwards.

Example:

  • setting in /etc/zimbra-talk/talk.defaults.conf

    DOMAIN_WHITE = com$|zimbra
    DOMAIN_BLACK = lab|^edu
    
  • will select all zimbra-domains that contain zimbra or end with com

  • but not those, which start with edu or contain lab

To apply the changes made to /etc/zimbra-talk/talk.defaults.cfg, just update the prosody config and restart prosody service by executing:

$ sudo /usr/share/ztalk/libexec/update-prosody-conf
$ sudo service prosody restart

Hide chatroom switches (Optional)

Per default when creating a new chat room, the user has two switches availability, which allows to modify the default settings for a chat room:

  • Delete chat stream after closing --> Default activated
  • Hide chatroom from public display --> Default activated

According to various customer feedback, these switches might irritate some users, so in VNCtalk 2.4 we introduced the option to hide these switches from user display, turning the interfrace from:

to

In case you like the switches enabled, you do not have to change anything here.
In case you want to remove them and always use both switches as default for a new chat room, the parameter zimbraPrefIMToasterEnabled, which is set to FALSE per default, must be set to TRUE.
This can be done on

  • COS level: removing when set to TRUE the switches for all accounts of that COS. For the default COS the command to be executed is:

    $ sudo su - zimbra
    $ zmprov mc default zimbraPrefIMToasterEnabled 'TRUE'
    
  • Account level: removing, when set to TRUE, the chat room switches for the respective account(s):

    $ sudo su - zimbra
    $ zmprov ma user@domain.tld zimbraPrefIMToasterEnabled 'TRUE'
    

Please consider to run zmprov fc all afterwards to ensure the caches have been flushed and the change is applied instantly.

Setting zimbraPrefIMToasterEnabled for an account overrides the COS settings and changing the parameter on COS level has no effect on the value set for the previously changed account, when it has been set once and not reverted.

Uninstall VNCtalk

Uninstall VNCtalk application server

To uninstall the VNCtalk application, execute the installer with the -u flag and root privileges:

$ sudo ./install-vnctalk.e78088b.sh -u

Since this might take some time, we propose running the uninstall process in a screen.
After the uninstall process has been started, you are prompted, if you are really sure to proceed:

If Yes is chosen here, the uninstall process will be started:

$ performing uninstall                                                                      
$ * Stopping Prosody XMPP Server prosody                                                    [OK]
$ * Stopping Jetty servlet engine (was reachable on http://<talkserverurl>:8080/). jetty8  [OK]
$ * Stopping nginx nginx                                                                    [OK]
$ removing packages
0
0
0
0
cleaning up
VNCtalk is now removed
$

The line VNCtalk is now removed indicates that the uninstall process has been finished and the VNCtalk application server has been completely removed from the system.

Uninstall VNCtalk Zimlet

To remove the VNCtalk Zimlet from your Zimbra-Environment, perform these commands as user zimbra:

$ sudo su - zimbra
$ zm-apt-get remove zcs-vnc-talk

To complete the removal process, the mailboxd has to be restarted and we propose to flush the cache the along with it:

$ zmmailboxdctl restart
$ zmprov fc all

In a multi-server environment, these actions must be performed on every Zimbra Mailbox server.

After Zimbra-Upgrade: Get VNCtalk running again

Since the VNC-specific modifications to the Zimbra-Installation are not recognized by the Zimbra installer, in case of a Zimbra Upgrade, the modifications to the Zimbra Proxy and the Zimbra Mailboxes must be re-applied.

Zimbra-Proxy: Re-apply proxy-customization

To re-apply the proxy customization, perform the instructions described in section Customizing the Zimbra-Proxy settings again.

Zimbra-Mailbox servers: Re-Install zmpkg and the VNCtalk-Zimlet

On every Zimbra mailboxd, zmpkg, the VNCtalk-Zimlet and all other VNC-Zimlets, that were installed via zmpkg, have to be re-installed in order to work again:

Re-install zmpkg

$ cd /tmp
$ wget http://packages.vnc.biz/zmpkg/bootstrap/zmpkg-installer-latest.tar.gz
$ tar xfvz zmpkg-installer-latest.tar.gz
$ cd zmpkg-installer-zcs-zmpkg-<version>/
$ sudo -s
$ ./install.sh

Re-Install the previously installed VNC-zimlets, including zcs-vnc-talk

Now after zmpkg has been re-installed successfully, you have re-install the previously installed Zimlets accordingly:

After zmpkg has been installed successfully, while logged in as user zimbra on the respective Zimbra mailbox server, run the following shell commands to install the VNCtalk Zimlet and its dependencies, based on the Zimbra-Mailbox server's operating system:

$ sudo su - zimbra
$ zm-apt-get update
$ zm-apt-get install --reinstall `zmpkg list | grep -v zmpkg | grep "^ii" | awk '{print $2}' | tr '\n' ' '`
$ zmmailboxdctl restart && zmprov fc all

Upgrade VNCtalk to a new version (v2.3 to v2.4)

To upgrade VNCtalk you have to perform the update on the VNCtalk application server and check for a new version of the VNCtalk Zimlet as well. If you upgrade only one of the two components, you might run into compatibility issues afterwards, which might render your VNCtalk setup unusable.

Upgrade the VNCtalk application server

Check for currently installed version

At first, check which version of VNCtalk/Zimbra-talk is installed on your talk-application sever:

$ dpkg -l | grep ztalk.conf

Depending on the installed version, you will get these outputs:

  • for version 2.3:

    ii  ztalk-conf        2.3.0-trusty-17-d0844a6      amd64
    
  • for version 2.4:

    ii  ztalk-conf        2.4.0-trusty-12-b65ced6      amd64
    

In case you already have version 2.4.0 installed, your talk-application server is already up-to-date and you only need to check if the correct zimlet is installed on your mailbox server(s), so you can continue here

Upgrade VNCtalk application

In case you have installed version 2.3, in order to upgrade to version 2.4, first you have to add the preview repository by fetching and executing the talk-add-preview-repo.sh shellscript:

$ wget -O talk-add-preview-repo.sh https://esafe.vnc.biz/index.php/s/TfdJa8rgPnsw15U/download
$ chmod +x ./talk-add-preview-repo.sh
$ sudo -s
$ ./talk-add-preview-repo.sh

Once the preview repository is setup, you can upgrade the current installation.
To be on the save side, backup the current configuration files to /tmp/ztalk-backup.tgz and secure the file afterwards:

$ sudo tar cvfz /tmp/ztalk-backup.tgz /etc/ /usr/share

Before starting, you need to add two new parameters to the

/etc/zimbra-talk/talk.defaults.cfg

file, else /usr/share/ztalk/libexec/update-prosody-conf will not work after the upgrade process, until these are configured:

  • Open talk.defaults.cfg with root privileges:

    $ sudo vi /etc/zimbra-talk/talk.defaults.cfg
    
  • and add these two lines just below the line LDAPHOST = your-zimbra-ldap

    LDAPPROTO = ldap
    LDAPPORT = 389
    
  • After saving the changes to the talk.defaults.cfg file, execute:

    $ sudo  apt-get remove ztalk-conf
    $ sudo  apt-get update
    $ sudo  apt-get install ztalk-conf vnctalk-branding
    

    You will be prompted on message history expiry, which right now only sets a parameter in the config, so it's safe to apply the proposed value or enter never:

    When prompted that a new version of /etc/clouddirectory/clouddird.cf is available, select install the package maintainer's version. In case you modified your /etc/clouddirectory/clouddird.cf before, it's saved as /etc/clouddirectory/clouddird.cf.old (clouddird.cf.ucf-old), so you can easily replace it again.

  • Then continue by executing:

    $ sudo  apt-get dist-upgrade
    

Despite the fact that the upgraded component services are restarted during the upgrade process, we recommend, doing a full reboot of the VNCtalk application server after the upgrade has been completed.

Once upgraded to version 2.4, you can upgrade the current installation any time by executing:

$ sudo apt-get update
$ sudo apt-get dist-upgrade

How to prevent unintentional VNCtalk server upgrades

In case you have installed from a preview- or testing repository, you might want to prevent unintentional server upgrades. To ensure unstable packages are not breaking your installation, you can set the VNCtalk packages On Hold by executing this command:

$ sudo apt-mark hold jicofo jitsi-meet jitsi-meet-prosody jitsi-videobridge vnctalk-jappix-mini ztalk-conf vnctalk-etherpad

To allow the upgrade of your VNCtalk packages and dependencies again, you can unfreeze the packages again by executing the following command:

$ sudo apt-mark unhold jicofo jitsi-meet jitsi-meet-prosody jitsi-videobridge vnctalk-jappix-mini ztalk-conf vnctalk-etherpad

Upgrade the VNCtalk Zimlet

Now check on your Zimbra mailbox server(s) which version of the zimlet is installed:

$ sudo su - zimbra
$ zmpkg list | grep zcs-vnc-talk

Depending on the installed version, you will get these outputs:

  • for version 2.3:

    ii  zcs-vnc-talk    2.3.0.0-judaspriest-33-1480761863-4f7c6fef all
    
  • for version 2.4:

    ii  zcs-vnc-talk    2.4.0.0-judaspriest-0-1517249585-fec1c318 all
    

In case you have version 2.4 installed on all mailbox-server, you are good to go, else you need to upgrade on every mailbox the zcs-vnc-talk zimlet.

$ zm-apt-get update
$ zm-apt-get upgrade
$ zmmailboxdctl restart && zmprov fc all

This will upgrade your installed VNCtalk-zimlet to the latest version, which you can check afterwards by executing:

$ zmpkg list | grep zcs-vnc-talk

which will show you, that now version 2.4.0 of the Zimlet is installed on the mailbox:

ii  zcs-vnc-talk    2.4.0.0-judaspriest-0-1517249585-fec1c318 all

Finally, since you are now on version 2.4, you need to unlock the full VNCtalk feature set, to experience the full version.

On a multi-server environment, the Zimlet must be upgraded this way on every mailbox-server.
Please also consider to clear your webbrowser's cache to get rid of depricated zimlet data which might still be in your browser's cache and compromize the functionality of the new zimlet, before logging into Zimbra again.

Useful tools and extensions

There is a list of useful tools provided along with the VNCtalk installation, explained in this chapter. The tools are located in the talk-server's directory

/usr/share/ztalk/libexec/

Check DNS setup

You can check, if DNS is setup correctly any time, by executing:

$ sudo /usr/share/ztalk/libexec/check_talk_dns.sh

In case everything is setup correctly, you will be prompted with

DNS Records OK
$

else all open DNS-issues are listed, as well as information how the the correct DNS-entry should look like.

Update prosody tool

The tool checks zimbra-ldap for all available zimbra-domains after considering the blacklist/whitelist parameters (DOMAIN_WHITE and DOMAIN_BLACK) configured in /etc/zimbra-talk-talk.defaults.cfg. and generates all neccessary configurations to make new domains available for VNCtalk.
In case it encounters some missing zimbra-modifications, it also reports, what is missing for a domain on Zimbra-side, so you can take the appropriate actions.
To start updating you settings, just execute:

$ sudo /usr/share/ztalk/libexec/update-prosody-conf

and restart the talk-backend server afterwards to apply.

Test connectivity of your clients to the talk-server

To test if the talk-server provides access to all necessary ports to a client machine, two testmodules are now provided:

  • Server module: testserver.sh which shuts down all services on the talk-server when executed and starts test-services to provide the proper feedback to the client module

  • Client module: test-talk-connectivity.sh must be executed on a potential client-machine running a Linux OS and starts checking port accessibility when started.

Steps to perform a connectivity test:

  1. Put the talk-server into testing mode, which will stop all services running on the talk-server:

    $ sudo /usr/share/ztalk/libexec/testserver.sh
    * Stopping Prosody XMPP Server prosody
      ...done.
    Stopping jitsi-videobridge: jvb stopped.
    Stopping jicofo: jicofo stopped.
    * Stopping Jetty servlet engine (was reachable on http:talk.ilm2.vnc.biz:8080/). jetty8//
    * Jetty servlet engine stopped. jetty8
      ...done.
    * Stopping nginx nginx
      ...done.
    * Stopping rfc5766-turn-server turnserver
      ...done.
    starting TCP echo server on port 80
    starting TCP echo server on port 8081
    starting TCP echo server on port 5269
    starting TCP echo server on port 3478
    starting TCP echo server on port 5222
    starting TCP echo server on port 5269
    starting TCP echo server on port 5280
    starting TCP echo server on port 5281
    starting TCP echo server on port 4443
    starting UDP echo server on port 10000
    ...
    starting UDP echo server on port 18345
    Services started. Please run the test tool on a linux client.
    $
    
  2. Fetch the client module, located in the talk-server's path

    /usr/share/ztalk/libexec/test-talk-connectivity.sh
    

    and copy it to the linux client, for which you want to test the connectivity.

  3. On the client, open a terminal console and execute the script along with the talk-server hostname as parameter:

    testing TCP echo to server <talkserver> on port 80 OK                                                                                               
    testing TCP echo to server <talkserver> on port 8081 OK                                                                                             
    testing TCP echo to server <talkserver> on port 5269    OK                                                                                             
    testing TCP echo to server <talkserver> on port 3478    OK                                                                                             
    testing TCP echo to server <talkserver> on port 5222    OK                                                                                             
    testing TCP echo to server <talkserver> on port 5269    OK                                                                                             
    testing TCP echo to server <talkserver> on port 5280    OK                                                                                             
    testing TCP echo to server <talkserver> on port 5281    OK                                                                                             
    testing TCP echo to server <talkserver> on port 4443    OK                                                                                             
    testing UDP echo to server <talkserver> on port 10000    OK  
    ...
    testing UDP echo to server <talkserver> on port 18345    OK
    no errors found, your setup seems to be fine. You can now reboot the Talk server or continue testing from another client.
    $
    

When finished testing, best reboot the talk-server in order to get all talk-services restarted.

Backup & Restore

Note: The required version of ztalk-conf which supports this feature is at least:

ztalk-conf 2.4.0-trusty-14-0939e2c

Backup the current VNCtalk installation

log in to the respective VNCtalk server, you wish to create a backup from and make the backup_ztalk.sh shellscript executable:

$ sudo -s
$ cd /usr/share/ztalk/libexec
$ chmod +x backup_ztalk.sh

Now execute the backup shellscript with root privileges in order to backup your current talk-installation:

$ ./backup_ztalk.sh

This will create a similiar output:

Saving to: ‘/tmp/vnctalk-installer-preview.sh’

100%[==================================================================================================================>] 79,252      --.-K/s   in 0.08s

2017-09-28 13:28:18 (946 KB/s) - ‘/tmp/vnctalk-installer-preview.sh’ saved [79252/79252]

tar: Removing leading `/' from member names
/tmp/pgdump.1506598098
/tmp/debconf-selections.1506598098
/etc/zimbra-talk/ztalk-ssl-cert.pem
/etc/zimbra-talk/ztalk-ssl-cert.key
/etc/zimbra-talk/
/etc/zimbra-talk/dconfig.d/
/etc/zimbra-talk/dconfig.d/ilm2.vnc.biz.cfg
/etc/zimbra-talk/dconfig.d/zim.ilm2.vnc.biz.cfg
/etc/zimbra-talk/dnsmasq.conf
/etc/zimbra-talk/default
/etc/zimbra-talk/bind.conf
tar: Removing leading `/' from hard link targets
/etc/zimbra-talk/ztalk-ssl-cert.pem
/etc/zimbra-talk/ilm2.vnc.biz-vnc_hybrid_authenticator.cfg
/etc/zimbra-talk/talk.defaults.cfg
/etc/zimbra-talk/dns.d/
/etc/zimbra-talk/dns.d/zim.ilm2.vnc.biz.bind.conf
/etc/zimbra-talk/dns.d/zim.ilm2.vnc.biz.dnsmasq.conf
/etc/zimbra-talk/ztalk-ssl-cert.key
/etc/zimbra-talk/zim.ilm2.vnc.biz-vnc_hybrid_authenticator.cfg
/tmp/vnctalk-installer-preview.sh
/etc/clouddirectory/licenses/
/etc/clouddirectory/licenses/demo-env-license.crt
/etc/clouddirectory/licenses/trial-license.lic
/etc/clouddirectory/licenses/VNCtalkStandard_Inova.crt
adding: ztalk.backup.1506598098.tar (deflated 0%)
adding: restore_ztalk.sh (deflated 47%)

################################################################################################################
### Successfully created: /usr/share/vnctalk/backup/ztalk.backup.1506598098.zip                              ###
### Please secure the file, which contains all information to restore the current state of this talk-server. ###
################################################################################################################

It also creates a backup_talk.log logfile, where debug information is stored to, located in the current working directory. When done, you can fetch all required backup-data from the server by securing this file:

/usr/share/vnctalk/backup/ztalk.backup.<timestamp>.zip

Restore VNCtalk installation from backup

Copy the backup file ztalk.backup..zip to a clean Ubuntu 16.04 system, where you want to restore your prviously backuped talkserver installation to.
Once done extract the file:

unzip ztalk.backup.<timestamp>.zip

which will extract the files:

restore_ztalk.sh
ztalk.backup.<timestamp>.tar

Now make the restore_ztal.sh shellscript executable:

chmod +x restore_ztalk.sh

And initiate the restoration process with root privileges:

sudo -s
./restore_ztalk.sh ztalk.backup.<timestamp>.tar

The restoration process now automatically performs a VNCtalk installation on the server without prompting you for anything. Once completed, a restore_talk.log file is created in the current working directory, which you can consult for debugging in case anything went wrong.

Shortly before the restore process is finished, you are prompted if you like to check DNS on the server where you restore your VNCtalk installation on:

When done, it finalizes the restoration process, which when completed successfully, prompts you with that message:

Restore completed. Please reboot the server.

After rebooting the talk-server, your restored version of VNCtalk is fully operational.

Whiteboard Plugin

All required information on how to install, setup and use the VNCtalk Whiteboard plugin, can be found in the Chapter Whiteboard of the VNCtalk for Zimbra User Manual.

Release Notes

The current release notes can be viewed here

Support

VNC provides 2nd and 3rd level support for VNCtalk to the members of the Zimbra support staff, which already have an account in VNC's Zimbra Talk Support Portal. To issue a support requests, login using your credentials, which have been initially sent to you via eMail.
The user manual describing the Support Portal's user interface and the support workflow procedure, can be viewed by clicking here.
The Troubleshooting guide, which informs on how to generate useful debug output to issue support requests properly and contains the most common setup related errors and their mitigation, could be fetched from here.

Appendix

Required DNS Records

BIND DNS Records Example

;;
;; VNC XMPP server
;;
;; A records for XMPP server
;; OWNER-NAME                   TTL     CLASS   RR      IPV4
;vnc.biz.                       300     IN      A       $YOUR.IPv4  ; Use this record if the server has this dns name
xmpp.vnc.biz.                   300     IN      A       $YOUR.IPv4  ; Zimbra Talk prosody full hostname
conference.vnc.biz.             300     IN      A       $YOUR.IPv4
external.vnc.biz.               300     IN      A       $YOUR.IPv4
conference.external.vnc.biz.    300     IN      A       $YOUR.IPv4
auth.vnc.biz.                   300     IN      A       $YOUR.IPv4
jitsi-videobridge.vnc.biz.      300     IN      A       $YOUR.IPv4
focus.vnc.biz.                  300     IN      A       $YOUR.IPv4
turn.vnc.biz.                   300     IN      A       $YOUR.IPv4
;stun.vnc.biz.                  300     IN      A       $YOUR.IPv4


;;
;; XMPP special records
;;
;; TXT records for BOSH and Websocket
;; OWNER-NAM                    TTL     CLASS   RR      TEXT
_xmppconnect.xmpp.vnc.biz.      300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 
_xmppconnect.vnc.biz.           300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 
_xmppconnect.external.vnc.biz.  300     IN      TXT     "_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 


;;
;; SRV records for XMPP
;; SRVCE.PROT.OWNER-NAME                              TTL     CLASS   RR  PRI     WEIGHT  PORT    TARGET
_xmpp-client._tcp.vnc.biz.                     300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.vnc.biz.                     300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.xmpp.vnc.biz.                300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.xmpp.vnc.biz.                300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.auth.vnc.biz.                300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.auth.vnc.biz.                300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.focus.vnc.biz.               300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.focus.vnc.biz.               300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.jitsi-videobridge.vnc.biz.   300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.jitsi-videobridge.vnc.biz.   300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.conference.vnc.biz.          300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.conference.vnc.biz.          300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.external.vnc.biz.            300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.external.vnc.biz.            300     IN      SRV 0       5       5269    xmpp.vnc.biz.
_xmpp-client._tcp.conference.external.vnc.biz. 300     IN      SRV 0       5       5222    xmpp.vnc.biz.
_xmpp-server._tcp.conference.external.vnc.biz. 300     IN      SRV 0       5       5269    xmpp.vnc.biz.

dnsmasq DNS Records Example

##
## VNC XMPP server
##
## A records for XMPP server
##          DOMAIN          IPv4
#address=/vnc.biz/$YOUR.IPv4    # Use this record if the server has this dns name
address=/xmpp.vnc.biz/$YOUR.IPv4
address=/conference.vnc.biz/$YOUR.IPv4
address=/external.vnc.biz/$YOUR.IPv4
address=/conference.external.vnc.biz/$YOUR.IPv4
address=/auth.vnc.biz/$YOUR.IPv4
address=/jitsi-videobridge.vnc.biz/$YOUR.IPv4
address=/focus.vnc.biz/$YOUR.IPv4
address=/turn.vnc.biz/$YOUR.IPv4
#address=/stun.vnc.biz/$YOUR.IPv4


##
## XMPP special records
##
## TXT records for BOSH and Websocket
## OWNER-NAM                                TEXT
txt-record=_xmppconnect.xmpp.vnc.biz,"_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 
txt-record=_xmppconnect.vnc.biz,"_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 
txt-record=_xmppconnect.external.vnc.biz,"_xmpp-client-xbosh=https://xmpp.vnc.biz:443/http-bind" 


##
## SRV records for XMPP
## SRVCE.PROT.OWNER-NAME              TARGET    PORT
srv-host=_xmpp-client._tcp.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.xmpp.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.xmpp.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.conference.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.conference.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.external.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.external.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.conference.external.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.conference.external.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.auth.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.auth.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.focus.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.focus.vnc.biz,xmpp.vnc.biz,5269
srv-host=_xmpp-client._tcp.jitsi-videobridge.vnc.biz,xmpp.vnc.biz,5222
srv-host=_xmpp-server._tcp.jitsi-videobridge.vnc.biz,xmpp.vnc.biz,5269

Split DNS

Split DNS, sometimes also called split-horizon DNS is a common network setup method used for hosting environments. The idea is to use private network IP addresses9 in your hosting environment and provide public access using network address translation.10
Usually this allows for a more flexible datacenter setup while the availability of public IP addresses is limited. The downside is that DNS has to provide different replies to the same query.

Another side effect:
When connection information is transmitted inside network communication, it usually has to be translated as well. VNCtalk uses STUN/TURN to mitigate these problems, but the servers have to know the actual public IP address that will be used in order to create correct announcements for video connections.


  1. Workaround: execute Chromium without sandbox. chromium no-sandbox 

  2. A password secured TLS certificate is currently not supported by VNCtalk 

  3. http://tools.ietf.org/html/rfc6122 

  4. http://prosody.im/doc/dns 

  5. see Section Split DNS in Appendix 

  6. see https://en.wikipedia.org/wiki/Private_network 

  7. The Zimbra-domains must also be configured in the talk-backend. Currently all domains are configured during the installation. Whenever a new domain is added which should be enabled for VNCtalk as well, run
    /usr/share/ztalk/libexec/update-prosody-conf
    with root privileges on the talk-application server to update the configuration. 

  8. Selecting No when prompted for it during the installation process. 

  9. see https://en.wikipedia.org/wiki/Private_network 

  10. see https://en.wikipedia.org/wiki/Network_address_translation