Cisco WebEx Meetings Server (CWMS)

Local Edition

© 2013 Cisco and/or its affiliates. All rights reserved. Cisco Public

Local Edition

Cisco WebEx Meetings Server (CWMS) Pete DePalma Collaboration CSE


Agenda

•  Intro to CWMS •  CWMS Architecture

•  CWMS Integrations

•  CWMS High Availability and Flows


Local Edition

Intro to Cisco WebEx Meetings Server


Naming Conventions WebEx <product>

Old Name New Name Description n/a WebEx Meetings Server On-prem Everything (Web/Scheduling/Audio)

MeetingPlace Express On-prem Everything (Old, Dead Product!)

WebEx WebEx Meetings Cloud (TC/MC/EC/SC, VoIP or PSTN Audio)

MeetingPlace (MP) n/a Cloud WebEx Sched/Web, Only audio on-prem

WebEx Connect WebEx Messenger Cloud IM and Presence

Quad WebEx Social Cloud or on-prem Cisco Cloud Connector n/a Directory Integration Callway WebEx Telepresence Cloud-based Telepresence Infrastructure

(Call Control/MCU, etc). Endpoints on-prem


Cisco WebEx Meetings Server What is it?

• It’s WebEx….On Premises New = Deployment/Install, administration, monitoring

• Same WebEx Meeting Center Experience (WBS27) Including great iPhone & iPad clients, and high-quality video

• Integrated with Cisco UC Suite Jabber Escalation to WebEx, Outlook, Exch., Presence

• Is not a “Scary new 1.0 product” What’s New then


CWMS and WebEx Cloud High Level Comparison

SaaS WebEx

WebEx EE (MC, TC, EC, SC, Messenger)

Productivity Tools and some 3rd party Plug-Ins

Extensive Customizability

Scalable (EC - 2000 in one conference)

OpEx, subscription-based

Audio = WebEx Audio or TSP to 3rd party

Leading Web Collab feature development

CWMS 1.1

Meeting Center Only

Productivity Tools

Very Limited Customizability (Logo, PS, TOS, Legal Disclaimer)

2,000 Peak Attendees, only 100 per meeting

CapEx, Perpetual User Licenses

Audio is built in (requires CUCM)

Built on WBS27, lagging behind


CWMS and MeetingPlace High Level Comparison

MeetingPlace 8.5

Uses WebEx Cloud

Specialized Audio Features – E.g. Continuous Meetings / Reservationless Meetings

Scalable and Geographic Redundancy Resiliency

Mostly OpEx

Has audio-only deployment model

CWMS 1.0

WBS27, MC Only

Basic Audio Conferencing + PC Based Audio

Limited Scalability, Limited Geographic redundancy / no Geographic resiliency

CapEx

Web Centric, not an audio only solution


CWMS Misc. Features

•  Jabber Integration (Escalation to CWMS Meeting) •  iPhone/iPad with/without VoIP audio

•  New Productivity Tools (now WebEx Assistant) New feature not in cloud called “Call Internal Number” bypasses full E.164 formatting to dialed number to fit internal dial plan

•  Capacity Control (Telephony, Video, SVS, Meeting Participants)

•  Recording (NFS)

•  100% localized

•  Web page logo and Email template customization

•  Reporting System Usage/Resources, Meeting Usage, License Usage, etc.


CWMS Jabber Integration – CUCM 9

• Simplified Configuration ‒ UC Service

‒ Service Policy

‒ Assign to User

• Typical WebEx integration functionality ‒ See list of your WebEx meetings

‒ Start Instant WebEx meeting

‒ Toaster invitation

‒ Escalate to WebEx


Local Edition

CWMS Architecture


CWMS Architecture Components on the Network

Active Directory External Firewall CUCM

Internal Users

IPv4 + IPv6 Teleconferencing

Virtual Appliance(s)

Internal Firewall

IPv4 Web/Video/PC Audio Traffic from

Mobile Users

SAML 2.0 Single Sign

On

Guest and Mobile Users

IPv4 Web/Video/PC Audio Traffic from

Internal Users

Web VM

Reverse Proxy VM

Media VM

Admin VM

HA Web VM

HA Media VM

HA Admin VM

DMZ

Proxy’s are OPTIONAL HA is OPTIONAL

Internal VM

(50 port)

Internal HA VM

(50 port)

Internal VMs


CWMS Architecture HW Requirements / Server Sizing

Common Requirements •  UCS M2 Gen or above (Westmere Processor or above) w/AES-NI •  2.4GHz Processor or above •  vSphere ESXi version 5, 5.1(v1.1) •  Additional NIC recommended for VMware Management Network

•  vCenter version 5 - •  DAS minimum 4 Drives - RAID 10 or RAID 5 •  SAN Supported •  RAID Battery Backup

50 Port. Requirements: vSphere Standard, 7200RPM HDD, 100Mbps NIC, Built in RAID, Add 2 Cores for vSphere 5.1

Primary •  4 cores •  24 GB RAM •  1 NIC •  1 TB HDD*

IRP •  4 cores •  12 GB RAM •  1 NIC •  300GB HDD*

Co-Resident Configurations (1TB HDD*) Primary + vCenter •  8 cores •  36 GB RAM •  1 NIC

Primary + IRP •  8 cores •  36 GB RAM •  2 NIC

Primary + IRP + vCenter •  12 cores •  40 GB RAM •  2 NIC

250 Port Requirements: vSphere Standard, 7200RPM HDD, 1GB NIC, 1TB HDD (Usable), Built in RAID - Example host C220-M3

Primary •  12 Cores •  52 GB RAM •  1 NIC •  1TB HDD*

IRP •  12 Cores •  36 GB RAM •  1 NIC •  300GB HDD*

Primary & vCenter •  16 Cores •  56 GB RAM •  1 NIC •  1TB HDD

800 or 2000 Port Requirements: vSphere Enterprise Plus (5.0) or Enterprise (5.1), 10,000RPM SAS, 10Gbps NIC, 1TB HDD (Usable), LSI 9260-8i - Example host C460-M2

Primary •  40 Cores •  80 GB RAM •  4 NIC •  1TB HDD*

IRP •  40 Cores •  36 GB RAM •  4 NIC •  300GB HDD*

* Usable HDD space after RAID Configuration


CWMS and MeetingPlace Other HW Considerations

•  3rd Party Servers are on the uncommitted roadmap Spec-based on Cisco UCS

C and B series only

•  RAID Requirements for B Series Must be FC or FCoE

Emulate RAID configuration specified for C-Series DAS

Emulate IOPS one would receive in C-Series DAS

•  All server performance sizing is based off of 50% of ports doing video •  See CWMS Ordering Guide to help size the servers •  Eventually will go into the UC sizing tool, sizing spreadsheet for now.


CWMS Architecture SW Requirements

Category System Requirements UCS •  UCS only, support for 3rd party servers planned

•  No Co-Residency in V1 (vcenter or IRP can be co-resident in certain deployment types)

VMware •  VMware 5.0 & 5.1(v1.1) •  vSphere 5.0 or 5.1(v1.1) Standard for 50 & 250 User systems •  vSphere 5.0 Enterprise Plus for 800 & 2000 User Systems •  vSphere 5.1 Enterprise for 800 & 2000 User Systems •  vCenter mandatory •  One License per socket

Networking •  LAN •  DNS must be configured prior to deployment •  NTP required on ESXi Host •  Redundant configurations must have all NIC interfaces duplicated and connected

to independent switching fabric to support LAN Fault tolerance •  WAN

•  Similar to SaaS WebEx for HQ Video, Web Share etc. •  Plan assuming 70-30 distribution in-company users (LAN) and internet users

(WAN) Storage (Network Attached Storage)

•  Needed only if customer wants to record meetings and keep system snapshots (for DR)

Teleconferencing •  CUCM 7.1, 8.6, 9.0, 9.1(v1.1) for SIP Trunk based Teleconferencing

SSO (Single Sign On) •  If using ADFS 2.0 as iDP then customer needs AD (Active Directory) 2010 •  Other SAML 2.0 SSO Compliant iDP also supported – same as SaaS WebEx •  PingFederation V6.5.2, ADFS V2, OpenAM V9.5.4


CWMS System Capacities

Media Type 50 Port 250 Port 800 Port 2000 Port

100% SIP/PC Audio 50 250 800 2000

Encrypted Audio (sRTP) 50 250 800 2000

Secured MC Web (SSL) 50 250 800 2000

50% HQ Video (SSL)** 25 125 400 1000

Single Meeting Max Size 50 100 100 100

Oracle DB Max User Count 400k 400k 400k 400k

Oracle DB Max Active Meetings 12,5k 62,5k 250k 500k

Oracle Max Past Meetings 50k 250k 1m 2m

Recorded Meetings Max at Peak 5% of Ports or 10% of Maximum meetings

**Video cut off by CWMS if exceeds 50%, sizing assumes 50% Port = Actively participating Hosts + Attendees Event Center to supplement for large meetings Includes G.722 codec


Model Size Simultaneous Users

Company Knowledge Workers based on usage

Average Minutes Per Month Ranges

50 Ports ~ 500 heavy (10 to 1) ~ 1,000 avg. (20 to 1) ~ 1,500 light (30 to 1)

50-125 K (2500 min/port)

250 Ports ~ 2,500 heavy (10 to 1) ~ 5,000 avg. (20 to 1) ~ 7,500 light (30 to 1)

130-750 K (3000 min/port)


1000 K - 2.8 M (3500 min/port)


3-8 M (4000 min/port)

Actual Usage may vary based on conferencing add growth

CWMS ArchitectureSizing Guidelines


Primary Admin + vCenter IRP

or Primary Admin + vCenter IRP

or

•  Separate Internal and DMZ UCS ESXi hosts

•  Singe UCS ESXi host •  ESXi host is dual-homed to

Internal and DMZ (Layer 2)

Data Center ESXi Host

Internal DMZ Internal DMZ


HA Admin HA IRP

Internal DMZ


HA Admin HA IRP

Internal DMZ

or

High Availability Option 1

•  All Single DC •  vCenter can be co-resident app •  vCenter required, but can be existing customer vCenter system •  “Admin” VM = Admin + Media + Web applications

High Availability Option 2

No High Availability

CWMS Deployment Layouts50 Port System



250 Port

or Primary Admin + vCenter IRP

Internal DMZ Primary Admin + vCenter IRP

HA Admin HA IRP

Internal DMZ

800 Port

or Primary Admin IRP

Internal DMZ Primary Admin IRP

HA Admin HA IRP

Internal DMZ

•  “Admin” VM = Admin + Media + Web

applications

•  All Single DC •  For DR, simply mirror the layout in

other Data Center (vCenter follow VMware rules)

•  No dual-homed ESXi server(s) •  vCenter required, but can be

existing customer vCenter system •  Only difference between 250 and

800 port is resource consumption and vCenter co-residency.

•  Identical layout to 50 port with separate Internal/DMZ UCS ESXi hosts

•  vCenter can NOT be co-resident

High Availability Option




CWMS Deployment Layouts250/800 Port System



or

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

HA Admin/Media

HA Web

HA IRP


•  Separate Internal and DMZ UCS ESXi hosts •  Non-HA Total 7 app instances across 4 ESXi hosts •  HA add one of each type of app instance (Admin/Media/

Web/IRP) for N+1 redundancy •  For DR, simply mirror the layout in other Data Center


CWMS Deployment Layouts2000 Port System


CWMS BW Consumption

•  Videoconference •  Video Streaming •  Integrated Audio (VoIP) •  Presentation Share •  Desktop and Application Share •  Type of Device


CWMS BW Consumption – About Video / VoIP

H.264 SVC based video “Layers” of quality (base layer + multiple enhancement layers

Enhancement layers added where BW is available up to max

Enhancement layers removed when BW not available or performing poorly

Various frame rates supported in HQ

2 participants 30fps, Multi-party 24fps

“High Quality” 360p video 2-way 360p for PC

iPad 2+ provides 1-way 360p receive, 180p transmit

Video Layouts

Main Video and Thumbnails

In full screen, can receive main video with 6 x Thumbnails

VoIP is audio via browser

T0 T0 T0 T0 T1 T1 T1

T0 T1 T0 T2 T2 T3 T3 T3 T3


CWMS BW Consumption – About Video / VoIP Cont…

Remember, this is just WebEx (http://www.webex.com/pdf/wp_bandwidth.pdf)

Various factors determine video BW usage

Type of Device (PC / iPad), camera vendor, lighting, TCP vs. UDP, movement

Maximum and Average Video BW Usage for PC and iPads

Device Video Capability

Max Send Mbps

Ave Send Mbps

Max Rec. Mbps

Ave Rec. Mbps

PC Main Video 360p 2-way 1.5 .911 1 .635

iPad Main Video R-360p / S-180p .5 .330 .1 .635

Any Thumbnail 90p n/a n/a .05 .04

VoIP Audio .08 .08 .08 .08


Local Edition

CWMS Integrations


CUBE CUBE

PSTN

CUCM-SME

CUCM Leaf Clusters

CUBE CUBE

PSTN

CUCM

CUBE CUBE

PSTN

CUCM-SME

Legacy PBX

CWMS ArchitecturePBX Integrations


CWMS Architecture Audio Integration

•  G.722 recommended. G.729/711 supported as well. TLS/sRTP supported •  CWMS has no echo cancellation. Consider with PSTN and TDM PBX

integration. •  SIP Trunks to/from CUCM/SME •  Can go into TDM PBX from CUCM/SME •  Through SME, no cluster limit •  Call-back Teleconferencing

Just like WebEx, this is what it's engineered for (Best End User experience)

•  Dial In Operations (Toll free, toll, non-DID) Uses SIP Refer to get to right media server (always)


CWMS Architecture SMTP Integration

•  Email essential to CWMS for provisioning and password resets

•  Is one of the first things configured upon install

•  Self provisioning works as follows ‒  When user is imported they are sent an email

‒  In body of email, they click on link and begin provisioning process

Set Password, location, time zone, language

‒  Auto provisioning with SSO, user simply logs in

•  Password resets user receives email

Cisco Confidential © 2010 Cisco and/or its affiliates. All rights reserved. 28

CWMS Architecture Authentication and Directory - SSO

•  What is SSO?

•  IdP - Identity Provider ‒  Provided by customer’s Identity Management System

‒  Example OpenAM, ADFS, Ping Identity

•  SP - Service Provider ‒  WebEx, CWMS

•  Directory ‒  Active Directory

•  SSO-enabled Client ‒  Browser

‒  WebEx Assistant

•  SAML 2.0 ‒  Typically used / designed for cloud environments

‒  can be used internally



•  SAML 2.0 IdP support only

•  2 ways to deploy

•  SP Initiated Recommended and secure for CWMS

SP (or CWMS in our case) collects the authentication

Credentials are sent to IdP (ex. ADFS or OpenAM)

Pass/Fail sent back

•  IdP initiated SP redirects initial collection of credentials to customer provide web server

Considered more secure, but more complex



•  SSO only used to authenticate •  Still need user DB,

import .csv…or… •  Can emulate complete LDAP

authentication and DB synch by: ‒  Enable SSO

‒  Enable Auto Account Creation and Auto Account Update

•  LDAP synchronization coming in a few months


Local Edition

CWMS High Availability and Flows


CWMS SIP Routing Basics with CWMS

•  CWMS must be front-ended with CUCM

•  CWMS is web-based and “wants” to out-dial ‒  It is the way it was intended to be utilized, although many misuse it (user training)

•  CWMS of course supports dial-in as well ‒  If you dial into CWMS, it must collect meeting ID and get you into the right server

•  For Inbound calls ‒  Calls from CUCM must be directed to SIP “Load Balancer”

‒  SIP Load Balancer targets (2 of the Media VMs) are provided to you upon provisioning the system

‒  Initial Calls from CUCM to SIP LB should be done in “circular” fashion using RGs and RLs

‒  From there, CWMS must process calls and hold meetings on “application” server

•  Two Trunk Types ‒  CUCM SIP messages with CWMS “load balancer” servers

‒  CUCM SIP messages with CWMS “application”servers


CWMS High Availability and Routing for SIP (2000 Port Model)

The Concept of VIPs (discussed later) do not apply to SIP, only Web SIP HA from CUCM to CWMS handled by CUCM routing mechanisms (RLs and RGs) Also, you can utilize SIP OPTIONS ping for smoother failover SIP HA for inbound calls

1.  The SIP “Load Balancer” receives all initial inbound SIP requests (but never terminates actual media)

2.  Caller Calls from CUCM to a server via RG/RLs 3.  The SIP “Load Balancer” immediately does a SIP 3XX redirect of caller to one

of the media servers for IVR processing. There is no guarantee at this point that you are on the right media server where the meeting is in progress. This uses SIP Route patterns in CUCM and can go to any of the Media VMs

4.  The IVR on the media server collects the meeting ID (DTMF) 5.  The IVR does a SIP REFER to the media VM where the meeting is in

progress (assuming it is on a different server). This uses the same SIP route patterns in CUCM and can go to any of the Media VMs.

SIP HA for out-dial, CWMS simply generates call to number from the media server where the active meeting is being held and none of the above matters

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

HA Admin/Media

HA Web

HA IRP Meeting Already Started Here

3 4 5

Example Shown with 2000 port

model

1

1

2


CWMS High Availability and Routing for SIP Summary

Therefore, with CWMS Architecture We have 2 types of trunks

“Load Balancer” Trunks and “Application Server” Trunks

Because CUCM can’t trunk to same IP address on same ports, we utilize different port numbers. This equates to two CUCM SIP Security Profiles

In 2000 port deployment model with HA We have 2 trunks to the “load balancer” functionality

We have 4 trunks to support Refers/Redirects (one for each Media)

In 50/200/800 port deployment model with HA We have 2 trunks to the “load balancer” functionality

We have 2 trunks to support Refers/Redirects (one for each Media)

Use SIP OPTIONS pings

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

HA Admin/Media

HA Web

HA IRP

2000 port HA

Primary Admin IRP

HA Admin HA IRP

Internal DMZ

50/200/800 port HA


CWMS High Availability for Web Traffic - Split DNS example

‒ We use Virtual IP addresses (VIPs) that works like HSRP, same L2 network, replying to ARPs appropriately ‒ Admin/Media VMs on inside handle Private VIP for Web Traffic (web meetings and administration) ‒ IRPs handle the Public VIP (for external web traffic coming in) ‒ Heartbeat communication for VIPs happens between the real IP addresses ‒ When active Admin/Media VIP or IRP VIP fails, the backup takes over and starts responding to ARP for the VIP ‒ Split DNS (described later), the meeting URL points to internal server VIP (inside attendees) and the IRP server

VIP (external attendees) ‒ Administration URL points to internal server VIP

v

meeting.cisco.com meeting.cisco.com meetingadmin.cisco.com X

X


CWMS Web Traffic Routing In Action (2000 port as example)

Basic Web High Availability and Routing Example 1.  Initial Web request comes in to VIP

2.  Active server responds to ARP request for the .1 address below

3.  Load Balancer functionality provides client list of servers based off of capacity/load calculations

4.  Client connects to its Web server. Multiple servers may be employed for the same meeting in heavy load. Here, client was connected to an overflow server

5.  cascading may occur (transparent to client)

Active LB Meeting Already Started Here

Meeting can Cascade


• Simplified Installation plays into a simplified DR strategy

• Installation by .ova file

‒ Open Virtualization Archive file (zipped Open Virtualization Format, or OVF, files)

‒ SW on the vdisk

• VMware Scripted Installation

‒ Requires v-Center

‒ Contains properties file, asks for all networking information, then performs scripted installation

‒ Install the admin VM first

‒ Web in, then choose Manual or Automated

‒ Automated deploys all VMs for you

CWMS ArchitectureProduct Installation


• No Geographic redundancy HA yet

• Must be on the same L2 network with no latency • Disaster Recovery

‒ Basically a Geographically placed cold-standby

‒ Have full .OVA ready at all times

‒ Backups on simple NAS/NFS share

‒ Replicate NFS data to another store in secondary data center. Includes Recordings and Backups

‒ Re-install product (Manual or Auto Deploy). Very quick and easy

‒ Make sure newly installed system is pointed to backup NAS/NFS share

‒ When CWMS sees backup file on NAS, provides option to initialize DR

CWMS ArchitectureDisaster Recovery and Dual Data Center


CWMS DNS and Traffic Flow

• DNS For ‒ Admin URL (ex. https://meetadmin.cisco.com) ‒ Meeting URL (ex. https://meet.cisco.com)

• Two DNS Options ‒ Flat DNS, or “non-split-horizon DNS” ‒ Split DNS, or “split-horizon DNS” ‒ This is in regards to the meeting URL (ex. https://meet.cisco.com) ‒ Important, b/c it affects the traffic flow

• Flat DNS ‒ Resolves meeting URL to the same IP address for internal and external users ‒ All meeting traffic flows through the IRP

• Split DNS ‒ Internet DNS resolves meeting URL to the IRP on DMZ

Traffic from Internet flows through the IRP ‒ Internal DNS resolves to internal server

Traffic from internal network goes straight to internal web server.


CWMS DNS and Traffic Flow – Flat DNS

• External Client 1.  DNS request to https://

meeting.cisco.com 2.  DNS responds with VIP of IRP 3.  HTTP traffic from external client to IRP 4.  IRP reverse proxies traffic to internal

CWMS server where mixing occurs

• Internal Client 1.  DNS request to https://

meeting.cisco.com 2.  DNS responds with VIP of IRP 3.  HTTP traffic from internal client to IRP 4.  IRP reverse proxies traffic to internal

CWMS server where mixing occurs

2

1

3

4

1

2 3

4


CWMS DNS and Traffic Flow – Split DNS

• External Client 1.  DNS request to https://

meeting.cisco.com 2.  External DNS responds with VIP of IRP 3.  HTTP traffic from external client to IRP 4.  IRP reverse proxies traffic to internal

CWMS server

• Internal Client 1.  DNS request to https://

meeting.cisco.com 2.  Internal DNS responds with VIP of

internal CWMS server 3.  HTTP traffic from internal client to

internal CWMS server

2

1

3

4

1

2

3


Internet Reverse Proxy (IRP) Recommended in the DMZ Ports 443 and 80 will need to be open inbound to the IRP. Other ports (listed) will need to be open inbound from the IRP to CWMS and outbound from CWMS to the IRP.

CWMS Architecture Firewall Ports


CWMS Tips for in the Lab Only

Installation simply needs to see the # of cores

Can Scale back after installation

Do not need the required memory for it to run

Utilize thin-disk provisioning

Utilize ManyCam to emulate a video camera in VM

Extended trial period CWMS software will install and run for 6 months without any license

Jabber works well in VMware Utilize RDP version 7 to pass speaker/MIC


New Collaboration SRND 9.x

What is the Collaboration SRND? Evolution of our UC SRND and TP design guides:

  Evolve from UC and TP design to Collaboration

  Make video pervasive through doc

  Change overall tone of document from voice to collaboration

  Emphasize recommended but include supported

  Expand scope to include more Social, Cloud and Mobile

  Combine UC and TP/Video Design Guidance

Collaboration SRND


Feedback •  Give us your feedback and you could win fabulous

prizes. Winners announced daily. ‒  Receive 20 Passport points for each session evaluation

you complete

‒  Complete your session evaluation online now (open a browser through our wireless network to access our portal) or visit one of the Internet stations throughout the Convention Center.

•  Don’t forget to activate your Cisco Live Virtual account for access to all session material, communities, and on-demand and live activities throughout the year. Activate your account at the Cisco booth in the World of Solutions or visit www.ciscolive.com.

45


Register for Cisco Live - Orlando

Cisco Live - Orlando June 23 – 27, 2013 www.ciscolive.com/us

46 46

Technology

Cisco WebEx Meetings Server (CWMS)