Planning Guide and System Requirements for Cisco WebEx

Planning Guide and System Requirements for Cisco WebEx Meetings
Server Release 2.8
First Published: 2016-11-01
Last Modified: 2017-10-18
Americas Headquarters
Cisco Systems, Inc.
170 West Tasman Drive
San Jose, CA 95134-1706
USA
http://www.cisco.com
Tel: 408 526-4000
800 553-NETS (6387)
Fax: 408 527-0883
THE SPECIFICATIONS AND INFORMATION REGARDING THE PRODUCTS IN THIS MANUAL ARE SUBJECT TO CHANGE WITHOUT NOTICE. ALL STATEMENTS,
INFORMATION, AND RECOMMENDATIONS IN THIS MANUAL ARE BELIEVED TO BE ACCURATE BUT ARE PRESENTED WITHOUT WARRANTY OF ANY KIND,
EXPRESS OR IMPLIED. USERS MUST TAKE FULL RESPONSIBILITY FOR THEIR APPLICATION OF ANY PRODUCTS.
THE SOFTWARE LICENSE AND LIMITED WARRANTY FOR THE ACCOMPANYING PRODUCT ARE SET FORTH IN THE INFORMATION PACKET THAT SHIPPED WITH
THE PRODUCT AND ARE INCORPORATED HEREIN BY THIS REFERENCE. IF YOU ARE UNABLE TO LOCATE THE SOFTWARE LICENSE OR LIMITED WARRANTY,
CONTACT YOUR CISCO REPRESENTATIVE FOR A COPY.
The Cisco implementation of TCP header compression is an adaptation of a program developed by the University of California, Berkeley (UCB) as part of UCB's public domain version
of the UNIX operating system. All rights reserved. Copyright © 1981, Regents of the University of California.
NOTWITHSTANDING ANY OTHER WARRANTY HEREIN, ALL DOCUMENT FILES AND SOFTWARE OF THESE SUPPLIERS ARE PROVIDED “AS IS" WITH ALL FAULTS.
CISCO AND THE ABOVE-NAMED SUPPLIERS DISCLAIM ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING, WITHOUT LIMITATION, THOSE OF
MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND NONINFRINGEMENT OR ARISING FROM A COURSE OF DEALING, USAGE, OR TRADE PRACTICE.
IN NO EVENT SHALL CISCO OR ITS SUPPLIERS BE LIABLE FOR ANY INDIRECT, SPECIAL, CONSEQUENTIAL, OR INCIDENTAL DAMAGES, INCLUDING, WITHOUT
LIMITATION, LOST PROFITS OR LOSS OR DAMAGE TO DATA ARISING OUT OF THE USE OR INABILITY TO USE THIS MANUAL, EVEN IF CISCO OR ITS SUPPLIERS
HAVE BEEN ADVISED OF THE POSSIBILITY OF SUCH DAMAGES.
Any Internet Protocol (IP) addresses and phone numbers used in this document are not intended to be actual addresses and phone numbers. Any examples, command display output, network
topology diagrams, and other figures included in the document are shown for illustrative purposes only. Any use of actual IP addresses or phone numbers in illustrative content is unintentional
and coincidental.
Cisco and the Cisco logo are trademarks or registered trademarks of Cisco and/or its affiliates in the U.S. and other countries. To view a list of Cisco trademarks, go to this URL: http://
www.cisco.com/go/trademarks. Third-party trademarks mentioned are the property of their respective owners. The use of the word partner does not imply a partnership
relationship between Cisco and any other company. (1110R)
© 2017
Cisco Systems, Inc. All rights reserved.
CONTENTS
CHAPTER 1
WebEx System Requirements 1
General System Requirements 1
Cisco WebEx Meetings Server Best Practices 4
WebEx Productivity Tools 5
Users 6
Deployment Sizes For Your System 6
Requirements for vCenter Co-residency 6
Virtual Machines In Your System 7
Minimum Hardware Requirements 7
Resources Consumed by CWMS and the ESXi Host 9
50-user System 10
250-user System 13
800-user System 15
2000-user System 18
System Capacity Matrix 22
Supported Upgrade Paths 28
CHAPTER 2
Introduction and Data Center Topology For Your System 31
Introducing Cisco WebEx Meetings Server 31
Information for Cisco Unified MeetingPlace Customers 33
Deploying a Single Data Center 33
Joining Single Data Centers to Create a Multi-data Center (MDC) System 33
Using VMware vSphere With Your System 33
Advantages of Deploying a System on VMware vSphere 34
IOPS and Storage System Performance 36
Installing VMware vSphere ESXi and Configuring Storage 37
Joining Meetings 38
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
iii
Contents
CHAPTER 3
Networking Topology 41
Virtual Machine Layout in Your Network 41
Different Types of Network Topology for Your System 42
Internal Internet Reverse Proxy (IRP) Network Topology 42
Non-Split-Horizon Network Topology 43
All Internal Network Topology 45
Split-Horizon Network Topology 46
Redundancy in HA or MDC Deployments 47
Network Considerations for the Internet Reverse Proxy 49
Network Bandwidth Requirements 51
Network Requirements for Multi-data Center 54
NIC Teaming for Bandwidth Aggregation 55
Load Balancing 56
CHAPTER 4
Networking Changes Required For Your Deployment 57
Networking Checklist for Your System 58
Networking Checklist for an Installation or Expansion With an Automatic Deployment and
Public Access 59
Networking Checklist for an Installation or Expansion With a Manual Deployment, Public
Access, and All Internal Virtual Machines 61
Networking Checklist for an Installation or Expansion With Automatic Deployment, Public
Access, and a Non-Split-Horizon DNS 64
Networking Checklist For an Installation or Expansion With Manual Deployment, Public
Access, and a Non-Split Horizon DNS 66
Networking Checklist For an Installation or Expansion With Automatic Deployment, Public
Access, and a Split-Horizon DNS 69
Networking Checklist for an Installation or Expansion with Manual Deployment, Public
Access, and a Split-Horizon DNS 72
Networking Checklist for an Installation or Expansion with Automatic Deployment and No
Public Access 75
Networking Checklist For an Installation or Expansion With Manual Deployment and No
Public Access 76
WebEx Site and WebEx Administration URLs 79
Port Access When All the Virtual Machines Are in the Internal Network 80
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
iv
Contents
Port Access With an Internet Reverse Proxy in the DMZ Network 81
Port Access in the External Firewall 81
Port Access in the Internal Firewall 82
VMware vCenter Ports 85
Cisco WebEx Meeting Center Ports 87
Using NAT With Your System 87
Forward Proxies 90
CHAPTER 5
Configuring Cisco Unified Communications Manager (CUCM) 91
Configuring Cisco Unified Communications Manager (CUCM) 91
CUCM in an MDC Environment 92
Before You Begin 92
CUCM Secure Teleconferencing in an MDC Environment 93
CUCM Configuration Checklist for Multi-data Center 93
CUCM Configuration Checklist With or Without High Availability 93
Configuring CUCM in a CWMS Multi-data Center System 94
Configuring CUCM on a 250- or 800-user Multi-data Center System 95
Configuring CUCM on a 2000-user Multi-data Center System 95
Configuring CUCM for High-Availability and Non-High-Availability Systems 96
Configuring CUCM on 50-, 250-, and 800-User Systems Without High Availability 97
Configuring CUCM on 50-, 250-, or 800-User Systems with High Availability 97
Configuring CUCM on a 2000-User System without High Availability 98
Configuring CUCM on a 2000-User System with High Availability 99
Configuring a SIP Trunk Security Profile 100
Configuring a SIP Trunk Security Profile for a Load Balance Point 100
Configuring a SIP Trunk Security Profile for an Application Point 101
Configuring a SIP Profile 102
Configuring a Standard SIP Profile 102
Configuring a TLS SIP Profile 103
Configuring an IPv6 SIP Profile 103
CUCM Certificate Management by Using TLS 103
Uploading Cisco WebEx Meetings Server Certificates 104
Installing a Third-Party CUCM Certificate 105
Downloading CUCM Certificates 106
Generating a Certificate Signing Request (CSR) 106
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
v
Contents
Configuring a SIP Trunk 107
Configuring a SIP Trunk on a Load Balance Point 108
Configuring a SIP Trunk for an Application Point 109
Configuring a Route Group 110
Configuring a Route List 111
Configuring a Route Pattern 112
Configuring a SIP Route Pattern 112
CUCM Feature Compatibility and Support 113
Audio Endpoint Compatibility 115
CHAPTER 6
Downloading and Mass Deploying Applications 117
About Application Downloads 117
Downloading Applications from the Administration Site 118
Contents of the Application ZIP Files 119
Application Language Key 119
Productivity Tools ZIP File Contents 120
WebEx Meetings Client ZIP File Contents 120
Network Recording Player ZIP File Contents 121
Silent Installation Limitations for CWMS Applications When Using SMS 122
Mass Deployment of Cisco WebEx Productivity Tools 122
Silent Installation of Productivity Tools by Using the Command Line 122
Silent Removal of the Productivity Tools by using the Command Line Interface 123
Advertising WebEx Productivity Tools by using the SMS Per-System Unattended 123
Removing Productivity Tools Components by Using the SMS Per-System Unattended
Program 124
Adding Productivity Tools by Using SMS Per-System Unattended 125
Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program 126
Advertising the Program to Update the New Version of WebEx Productivity Tools 126
Creating a Package from a Definition 127
Mass Deployment of the Meetings Application 127
Installing Cisco WebEx Meetings 128
Uninstall Cisco WebEx Meetings Locally 128
Silent Installation of the Meetings Application by Using the Command Line 129
Silent Removal of the Meetings Application by using the Command Line Interface 129
Advertising CWMS by Using SMS Per-System Unattended 130
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
vi
Contents
Uninstalling the Cisco WebEx Meetings Application by Using the SMS Per-System Uninstall
Program 131
Mass Deployment of the Network Recording Player 131
Installing Network Recording Player 131
Silent Installation of the Recording Player by Using the Command Line 132
Silent Uninstallation of the Recording Player by Using the Command Line Interface 132
Installation of CWMS Applications by Using Microsoft Systems Management Server 2003
(SMS) 133
Advertising Cisco WebEx Network Recording Player Using the SMS Per-System Unattended
Program 133
Uninstalling the Cisco WebEx Network Recording Player Using the SMS Per-System
Uninstall Program 134
Reconfiguring Settings After Performing an Update 135
CHAPTER 7
SAML SSO Configuration 137
Overview of Single Sign-On 137
Benefits of Single Sign-On 138
Overview of Setting Up SAML 2.0 Single Sign-On 139
SAML SSO for End-User and Administration Sign In 140
SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and
WebEx Meetings Server 140
SAML Assertion Attributes 145
Supported SAML Assertion Attributes 145
Optional Parameters 149
Time Zone Values 149
Country Code Values 152
Region Values 162
Language Values 163
Language Codes 164
CHAPTER 8
Storage Requirements 165
Storage Requirements for Meeting Recordings 165
Storage Requirements for System Backup Files 166
CHAPTER 9
SNMP MIBs and Traps Supported 167
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
vii
Contents
Supported SNMP MIBs 167
CWMS System Information MIBS 167
CPU-Related MIBs 168
CWMS Memory Information 170
Disk Usage 171
Supported SNMP Traps 171
Notification Events 172
Trap Data 173
CHAPTER 10
User System Requirements 175
Common PC System Requirements 175
Operating System Requirements for Windows 176
Operating System Requirements for MAC 177
Operating Systems Requirements for Mobile Devices 178
Citrix XenDesktop and XenApp Support 179
Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix 179
About Host Licenses 181
CHAPTER 11
Cisco WebEx Meetings Server Integration and Audio Endpoint Compatibility 183
Cisco Unified Communications Manager (CUCM) Integration 183
Session Manager Edition (SME) Integration 183
Audio Endpoint Compatibility 184
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
viii
CHAPTER
1
WebEx System Requirements
This section provides an overview of hardware, CPU and memory, network, and storage requirements for
Cisco WebEx Meetings Server (CWMS).
• General System Requirements, page 1
• WebEx Productivity Tools, page 5
• Users, page 6
• Deployment Sizes For Your System, page 6
• Requirements for vCenter Co-residency , page 6
• Virtual Machines In Your System, page 7
• Minimum Hardware Requirements, page 7
• System Capacity Matrix, page 22
• Supported Upgrade Paths, page 28
General System Requirements
Cisco WebEx Meetings Server (CWMS) is compatible with Cisco UCS servers that meet or exceed the
specifications presented in this section.
Important
When you perform an upgrade to a major release of CWMS, such as to Release 2.0 or Release 2.5 from
Release 1.x, the ESXi hosts (Cisco UCS server) where the Admin virtual machine is located require a
minimum of 1.5-TB of free disk space. Refer to the section in this document that describes the different
size user systems that begin with the 50-user System, on page 10. During an upgrade, there are two sets
of virtual machines on your network at the same time; the original virtual machines running Release 1.x
and the upgrade virtual machines to support the new release. For more details, see the "Upgrading the
System" section in the CWMS Administration Guide at http://www.cisco.com/en/US/products/ps12732/
prod_installation_guides_list.html.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
1
WebEx System Requirements
General System Requirements
Module
Host server and processors
Requirements Notes
• Cisco UCS C-series rack server or equivalent B-series blade
server.
• AES-NI instruction set support.
• 2.4 GHz or faster processor clock speed.
Note
Network interfaces
The NICs between the ESXi hosts (for the
Cisco WebEx Meetings Server virtual
machines) and the Ethernet switch (not to
the external network interface).
Third-party hardware is not
supported.
• Minimum 1 physical NIC for a non-redundant
configuration. See the 50-user System, on page 10 section
for special requirements where the Internet Reverse Proxy
(IRP) and Admin virtual machine are sharing a host.
• Redundant configurations must have all NIC interfaces
duplicated (teamed or bonded) and connected to an
independent switching fabric.
• An additional NIC for the VMware management network
(optional).
1
Internal (DAS) Storage for ESXi hosts
where internal virtual machines are
deployed
• Minimum of 4 drives in a RAID-10 or RAID-5
configuration
• Minimum of 1.5-TB usable storage for new system
deployments or upgrades.
• When you upgrade to CWMS Release 2.X from Release
1.X, the ESXi hosts each require from 172 to 1118-GB free
disk space depending on the size of your system and the
virtual machines. Refer to the section in this document that
describes the different size user systems, which begins with
the 50-user System, on page 10.
• Optional second array for ESXi
Note
Internal (DAS) storage for ESXi hosts
where IRP virtual machines are deployed
The virtual machines must use thick provisioning for
storage.
• Minimum of 2 drives in a RAID-1 configuration
• Minimum of 300-GB usable storage
• Can use the same configurations as for the internal virtual
machines
Note
The virtual machines must use thick provisioning for
storage.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
2
WebEx System Requirements
General System Requirements
Module
SAN storage
Requirements Notes
• Can be used as a substitute for DAS. (We recommend
allocating of the same amount of storage space.)
• B-series blade servers have only two hard disk drives. If
you are using Cisco UCS B-series blade servers and you
plan to upgrade to CWMS Release 2.X, you must use SAN
storage to meet the 4 hard disk drives in either a RAID 5
or RAID 10 configuration.
• Recommended only for deployments where the support
staff has experience monitoring and tuning SAN
performance.
Note
You take responsibility for adding storage for new
VMware requirements and future growth of the
system.
• Fiber Channel (FC) or Fiber Channel over 10-GB Ethernet
(FCoE) only.
• Performance requirements are the same as for DAS.
Hypervisor
ESXi versions and vSphere licenses are described in the
Minimum Hardware Requirements, on page 7 section.
VMware Vsphere is required and the only product supported;
other hypervisor products are not supported.
vCenter Server 5.0, 5.0 Update 1, 5.0 Update 2, 5.1, 5.1 Update
1, 5.5, and 6.0 (CWMS 2.6MR1 and higher)
vSphere licenses are described in the Minimum Hardware
Requirements section.
One VMware license per processor socket.
Coresidency:
• vCenter can be coresident with CWMS, providing the
processor and memory requirements are added to the system
requirements.
• vCenter coresident configurations are supported only for
50-user and 250-user systems.
• Coresidency with Cisco Unified Communications products
on the same physical ESXi host is not supported.
• Coresidency with non-CWMS virtual machines on the same
physical ESXi host is not supported.
Advanced VMware vSphere features such as Distributed
Resource Scheduler (DRS), Cloning, Fault Tolerance (FT), and
vMotion or Storage vMotion while the system is powered on are
not supported.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
3
WebEx System Requirements
Cisco WebEx Meetings Server Best Practices
Module
Email server
Requirements Notes
• Fully qualified domain name (FQDN) of the mail server
that the system uses to send emails.
• Port number—default value of the SMTP port number is
25 or 465 (secure SMTP port number).
• To use a TLS-enabled email server with third-party
certificates, you must import the certificates into your
system. For more information, See "Managing Certificates"
in the administration guide at http://www.cisco.com/en/US/
products/ps12732/prod_installation_guides_list.html.
Licenses
MDC licenses—An MDC license is required for each data center
in a multi-data center system. A MDC license is not required for
a system with a single data center.
Host license—Each user that shall host a meeting must have a
Host license to start a WebEx Web, WebEx Audio, Blast Dial
meeting, or Personal Conferencing. For more information on
Host licenses, see About Host Licenses, on page 181.
1 If your organization has expertise in managing a storage area network (SAN), we recommend SAN over direct attached storage (DAS). SANs can be more
reliable than local disk arrays.
Cisco WebEx Meetings Server Best Practices
The following is a list of best practices that you should refer to when configuring and maintaining your Cisco
WebEx Meetings Server system:
• Power your virtual machine hosts by using an uninterruptible power source (UPS) to minimize power
interruptions. Repeated power failures can damage host systems and virtual machines.
• Always put your system into maintenance mode before shutting down a guest operating system.
• For scheduled events and other situations that require a system shutdown, gracefully shut down your
virtual machines by shutting down the guest operating system.
• The system is designed to repair itself when necessary and rebooting can interrupt this process. We do
not recommend that you reboot your system to fix it. If your system is in an unhealthy state, contact the
Cisco TAC. Power off your system only when instructed to do so or during scheduled events such as
data center maintenance.
• Configure network redundancy to minimize network failures. Refer to "Adding a High Availability
System" in the Cisco WebEx Meetings Server Administration Guide for more information.
• Using snapshots on your virtual machines can impair system performance in ways that affect user
experience even when the system is otherwise lightly loaded.
• If your system is having problems, make sure that you check your VMware VCenter environment to
determine if conditions in VCenter or the network are causing the problem.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
4
WebEx System Requirements
WebEx Productivity Tools
• Configure high availability to increase the probability that your system can continue to operate if a failure
occurs.
• If you have a high-availability system and your secondary system fails, you can repair it by removing
the existing secondary system (refer to "Removing a High Availability System" in your Cisco WebEx
Meetings Server Administration Guide) and adding a new secondary system (refer to "Adding a High
Availability System" in your Cisco WebEx Meetings Server Administration Guide). If the primary system
on a high-availability system fails, you cannot repair it using this procedure. We recommend that you
restore your primary system using the disaster recovery procedure and then add a new secondary system.
Until you add a new secondary system your deployment is operating without full redundancy. This
procedure helps prevent unplanned outages if any of your secondary virtual machines fails. Refer to
"Using the Disaster Recovery Feature" in the Cisco WebEx Meetings Server Administration Guide for
more information.
• Since your system only keeps the latest system backup on the NFS and removes previous instances every
day, we recommend that you keep several recent backups on other media.
Restriction
Do not manually create files or directories in the NFS share used by Cisco WebEx
Meetings Server, as it runs various scripts on NFS files and directories. The NFS storage
server must be for the exclusive use of Cisco WebEx Meetings Server.
• Use your dashboard to monitor the health status of the NFS, CPU, and storage. We recommend enabling
dashboard alarms for storage and CPU.
• If you plan to use directory integration, refer to the Configuring Directory Integration section in the
"Managing Users" chapter of the Cisco WebEx Meetings Server Administration Guide for more
information.
• When using Cisco WebEx Meetings Server, the related SIP trunk on CUCM in the CallManager service
interface should have the Media Termination Point Required check box unchecked on the Trunk
Configuration page. See Configuring a SIP Trunk on a Load Balance Point, on page 108 and Configuring
a SIP Trunk for an Application Point, on page 109 for more details.
• If you are running Cisco WebEx Meetings Server Release 2.0 or higher and using B-series blade servers,
you are required to use SAN storage to fulfill the hard drive requirements. See General System
Requirements, on page 1 for more information about SAN requirements.
WebEx Productivity Tools
WebEx Productivity Tools allow users to start, schedule, or join WebEx Meetings sessions from within
applications, such as Microsoft® Outlook®. Users can find more information on Cisco WebEx Productivity
Tools at http://www.webex.com/support/productivity-tools.html.
Cisco WebEx Meetings Server supports the latest version of WebEx applications, available on the Settings
> Downloads page. If users are running an older version of WebEx Productivity Tools after you perform a
system upgrade, they can schedule, start, and join meetings, but the latest features are not available. We
recommend that you silently push the latest WebEx Productivity Tools .msi for an optimal experience. (See
Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on page 179.)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
5
WebEx System Requirements
Users
Users
The system supports a lifetime maximum of 400,000 user accounts. This number represents the total of both
active and deactivated user accounts. This lifetime maximum number is large enough to accommodate expected
growth in the user database.
Administrators cannot delete users from the system. Instead, users are deactivated. This design enables
administrators to reactivate previously deactivated user accounts, even after long periods of user inactivity.
The user's meetings and other content (including recordings) are restored.
Deployment Sizes For Your System
When determining the size for your system, consider how many users you expect to be using the system at
any given time. For example, in a 50-user system the maximum number of users concurrently attending
meetings is 50. If more than 50 users attempt to join a meeting, an error messages displays for all users who
attempt to join a meeting after the maximum number of users is exceeded, and the system prevents these users
from joining the meeting.
• 50-user System, on page 10
• 250-user System, on page 13
• 800-user System, on page 15
• 2000-user System, on page 18
Here are some things to consider when determining the size for you system:
• Determine the largest number of users you anticipate will join a meeting at any given time, including
rare or unusual occasions.
• You can expand the system size to a larger size at any time as long as your hardware meets or exceeds
the minimum requirements for the larger size system; otherwise, you must purchase additional hardware.
• If you plan to add High Availability (HA) or a Multi-data Center (MDC) to your system, include the
additional virtual machines necessary to support the HA or MDC system when you purchase your
hardware.
•
Requirements for vCenter Co-residency
VMware vCenter Server or vCenter Server Appliance can reside with other virtual machines or with Cisco
WebEx Meetings Server (CWMS) virtual machines in some instances.
On a 50– or 250–user system, VMware vCenter can reside on the same host with CWMS. However additional
RAM must be ordered or installed with the Cisco UCS server. For the exact amount of RAM required, see
the requirements for that system size in Minimum Hardware Requirements.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
6
WebEx System Requirements
Virtual Machines In Your System
Virtual Machines In Your System
These are the virtual machines created for your system. Some functions are combined into one virtual machine
for the smaller system sizes.
• Admin—Heart node of the system. Includes the system database and provides administrative functions.
• Media—Provides media services (audio-video function, telephony and meetings services).
Included in the Admin virtual machine in a 50 concurrent users system.
• Web—Provides web services (meeting list and recordings). Enables the user to schedule future meetings.
Included in the Admin virtual machine in a 50, 250 or 800 concurrent users system.
End users sign in to the WebEx web site. Administrators sign in to the Administration web site.
• Internet Reverse Proxy (IRP)—Provides public access, enabling users to host or attend meetings from
the Internet and mobile devices. The Internet Reverse Proxy is required for your mobile workforce to
attend meetings.
Note
Note
Only the IRP provided with this product may be used in this system. Internet Reverse
Proxies or web load balancers, supplied by other vendors, are not supported. The IRP
provided with this product is optimized for handling real-time web, audio, and
data-sharing traffic from external users joining meetings from the Internet.
In this documentation, we use the term internal virtual machines to refer to the Admin virtual machine,
and if applicable, the Media and Web virtual machines.
The IRP is situated in the DMZ network (non-split-horizon and split-horizon network topologies) or in the
internal network (all internal network toplogy).
• Non-Split-Horizon Network Topology, on page 43
• Split-Horizon Network Topology, on page 46
• Internal Internet Reverse Proxy (IRP) Network Topology, on page 42
Minimum Hardware Requirements
This section lists some of the Cisco UCS servers you can use for each size system. For specific requirements
for each system, refer to:
• 50-user System
• 250-user System
• 800-user System
• 2000-user System
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
7
WebEx System Requirements
Minimum Hardware Requirements
See also the "Cisco WebEx Meetings Server Ordering Guide" at http://www.cisco.com/c/en/us/products/
conferencing/webex-meetings-server/sales-resources-listing.html.
Table 1: ESXi Versions and License Types
2
System Size
ESXi Version
vSphere License Type
50 or 250
5.0, 5.0 Update 1, 5.1, 5.5, or 6.0
Standard Edition, Enterprise
Edition, Enterprise Plus Edition
800 or 2000
5.0 or 5.0 Update 1
Enterprise Plus Edition Only
5.1 to 5.52
Enterprise Edition, Enterprise Plus
Edition
5.5 or higher1
Standard Edition, Enterprise
Edition, Enterprise Plus Edition
6.0
Standard Edition, Enterprise
Edition, Enterprise Plus Edition
"Or higher" references updates, not full versions. For example, 5.5 Update 1 or 5.1 Update 2.
Table 2: Host Models
Deployment Size
50 Users
Example of UCS Model
• UCS C220 M3
• UCS B200 M3
• UCS C220 M4S
• C240 M4S2
250 Users
• UCS C220 M3
• UCS B200 M3
• UCS C220 M4S
• C240 M4S2
800 Users
• UCS C460 M2
• UCS B440 M2
• UCS B420 M3 (2.0 and higher)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
8
WebEx System Requirements
Resources Consumed by CWMS and the ESXi Host
Deployment Size
Example of UCS Model
2000 Users
• UCS C460 M2
• UCS B440 M2
• UCS B420 M3 (2.0 and higher)
Co-residency with vCenter is supported with 50- and 250-user system deployments only. Co-residency with
Cisco Unified Communications products on the same physical host is not supported.
You can use older models of the UCS hardware with your system, but for a better user experience use the
hardware listed in the table. For example, you can use the UCS C220 M3 for a 250-user system if you already
have that hardware available.
When upgrading to Cisco WebEx Meetings Server Release 2.0 or higher, it is possible to use Cisco UCS
B200 M3 blade servers with 2x local hard drives as long as the upgraded system uses SAN storage for its
virtual machines. Using SAN storage with B-series blade servers allows your system to meet the 4 hard disk
drives in a RAID 5 or RAID 10 configuration requirement for Cisco WebEx Meetings Server.
Note
For 800-user and 2000-user systems running 2.0 and higher, we do not recommend deploying additional
virtual machines on a DMZ host. This can result in increased packet loss and noticeable latency on media
connections.
Resources Consumed by CWMS and the ESXi Host
Cisco WebEx Meetings Server is deployed on one or more virtual machines on ESXi hosts. CPU and memory
resources, and storage space, is consumed by Cisco WebEx Meetings Server (CWMS)and by ESXi (VMware
component that enables virtualization on the physical Cisco UCS Server). Depending on your system size,
vCenter and multiple virtual machines might run on the same Cisco UCS server.
CWMS uses resource reservation for its virtual machines to guarantee system scalability. Other VMware
workloads do not take CPU and other resources away from the virtual machines. The minimum requirements
for each system size includes enough resources to support:
• Continued quality of service for CWMS at peak system usage (maximum capacity).
• VMware ESXi.
• VMware vCenter (when co-resident).
For the requirements for vCenter Server, see Knowledge Base and search for "Installing vCenter Server
5.0 best practices," or "Installing vCenter Server 5.1 best practices," or "Installing vCenter Server 5.5
best practices" respectively.
• VMware snapshots of the virtual machine (delete these as soon as possible otherwise you may experience
severe performance degradation).
Extra disk space is required for snapshots, as some snapshots may be as large as the original virtual
machine. In some cases, vSphere may delete snapshots to create storage space, compromising the ability
to roll back to previous snapshots.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
9
WebEx System Requirements
50-user System
• Use of the Cisco UCS Server over the typical life cycle of the server.
The hardware requirements specified in the OVA file are the minimum requirements that are needed to deploy
Cisco WebEx Meetings Server. These requirements do not include any CPU, memory, or storage requirements
for VMware vCenter or ESXi.
Caution
Co-residency, other than the configurations listed in the tables in this document, is not supported. If you
disregard our system requirements, your virtual machines might not boot. The deployment of the virtual
machines can stall from within the earliest product screens during the vCenter OVA deployment.
50-user System
A 50-user system is also described as a micro system. (Multi-data Center (MDC) is not available for micro
systems.) The diagram illustrates two versions of a 50-user deployment. (The "Redundant" virtual machines
demonstrate support for High Availability (HA).)
The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.
The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings
Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings
Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see
General System Requirements.
For information about the bandwidth requirements, see the Network Bandwidth Requirements, on page 51.
Note
For IOPS information, see Advantages of Deploying a System on VMware vSphere, on page 34.
Co-residency with vCenter is supported with a 50-user system deployment as configured in the following
table.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
10
WebEx System Requirements
50-user System
Virtual Machines on
ESXi Host (Cisco UCS
Server)
CPU Cores
Memory Ethernet Ports
(GB)
Admin
4 (ESXi 5.0) 24
6 ( ESXi 5.1
and above)
Hard Drive
Storage
Requirement
for New
Installs
Free Hard Drive
Storage
Required for
Automatic
Upgrade from
3
1.5MR3 to 2.X
2 for the Admin virtual 1.5 TB;
1118 GB for an
machine, including 1 if minimum of automatic
NIC teaming is used for 7,200 RPM installation.
redundancy
1 recommended for
ESXi management
network
Admin and vCenter
(co-resident)
6 (ESXi 5.0) 36
8 ( ESXi 5.1
and above)
2 for the Admin virtual 1.5 TB;
machine, including 1 if minimum of
NIC teaming is used for 7,200 RPM
redundancy
1 for vCenter
1 recommended for
ESXi management
network
Internet Reverse Proxy
(IRP)
4 (ESXi 5.0) 12
6 ( ESXi 5.1
and above)
1078 GB
This figure is
based on the
assumption that
you have set up
vCenter with 40
GB.
2 for the IRP virtual
300 GB;
172 GB
machine, including 1 if minimum of
NIC teaming is used for 7,200 RPM
redundancy
1 recommended for
ESXi management
network
Admin and IRP
(co-resident)
8
36
2 for the Admin virtual 1.5 TB;
990 GB
machine, including 1 if minimum of
NIC teaming is used for 7,200 RPM
redundancy
2 for IRP virtual
machine, including 1 if
NIC teaming is used for
redundancy
1 recommended for
ESXi management
network
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
11
WebEx System Requirements
50-user System
Virtual Machines on
ESXi Host (Cisco UCS
Server)
CPU Cores
Admin and IRP and
12
vCenter (all co-resident)
Memory Ethernet Ports
(GB)
40
Hard Drive
Storage
Requirement
for New
Installs
2 for the Admin virtual 1.5 TB;
machine, including 1 if minimum of
NIC teaming is used for 7,200 RPM
redundancy
2 for IRP virtual
machine, including 1 if
NIC teaming is used for
redundancy
Free Hard Drive
Storage
Required for
Automatic
Upgrade from
3
1.5MR3 to 2.X
950 GB
This figure is
based on the
assumption that
you have set up
vCenter with 40
GB.
1 for vCenter
1 recommended for
ESXi management
network
3 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the
free space as is required for Automatic Upgrade.
Note
If you plan to use a High Availability (HA) system, double the hardware requirements and quantities of
the primary system to support both systems.
Resources Reserved by the Virtual Machines in a 50-user System
This section describes how much media the virtual machines use and is intended for those with expert
knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware
VMkernel uses MHz cycles to control CPU scheduling.
Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared
with other virtual machines on the same physical Cisco UCS Server.
Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS file system
partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.
If you attempt to deploy a virtual machine without the minimum number of vCPUs, the OVA deployment of
the virtual machine will fail. If you attempt to deploy a virtual machine without the minimum total MHz
processor speed, then the virtual machine will not power on.
Important
The numbers in this table do not include resources for VMware ESXi or vCenter. See Resources Consumed
by CWMS and the ESXi Host, on page 9.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
12
WebEx System Requirements
250-user System
4
Virtual Machine Type
Virtual CPU
(vCPU)
CPU (MHz)
Reserved Memory/Total Disks (GB)
5
Memory (GB)
Admin
4
8000
12/14
418
Internet Reverse Proxy
4
8000
4/4
128
4 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The
physical CPU must have a clock speed of 2.4 GHz or faster.)
5 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total
250-user System
A 250-user system is also described as a small system. This diagram illustrates two versions of a 250-user
deployment. The "Redundant" virtual machines demonstrate support for High Availability (HA). If your
system does not include HA support, then only deploy the Primary system.
This diagram shows the layout of a 250-user system with two data centers that form a Multi-data Center
(MDC) system with Internet Reverse Proxy (IRP) support.. The License Manager runs on only one data center.
The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.
The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings
Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
13
WebEx System Requirements
250-user System
Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see
General System Requirements.
For information about the bandwidth requirements, see the Network Bandwidth Requirements, on page 51.
For IOPS information, see Advantages of Deploying a System on VMware vSphere, on page 34.
Co-residency with vCenter is supported with a 250 user system deployment as configured in the following
table.
Virtual Machines on ESXi Host CPU
(Cisco UCS Server)
Cores
Memory Ethernet Ports
(GB)
Hard Drive
Storage
Requirement
for New
Installs
Free Hard
Drive Storage
Required for
Automatic
Upgrade from
6
1.5MR3 to 2.X
Admin and Media
52
1.5 TB;
minimum of
7200 RPM
990 GB
1.5 TB;
minimum of
7200 RPM
950 GB
300 GB;
• 2 for IRP,
minimum of
including 1 if NIC 7200 RPM
teaming is used for
redundancy
172 GB
12
• 2 for Admin and
Media, including
1 if NIC teaming
is used for
redundancy
• 1 recommended
for ESXi
management
network
(Admin and Media) and
vCenter (co-resident)
16
56
• 2 for Admin and
Media, including
1 if NIC teaming
is used for
redundancy
• 1 recommended
for ESXi
management
network
(This figure is
based on the
assumption
that you have
set up vCenter
with 40 GB.)
• 1 for vCenter
Internet Reverse Proxy (IRP) 12
36
• 1 recommended
for ESXi
management
network
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
14
WebEx System Requirements
800-user System
6 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the
free space as is required for Automatic Upgrade.
Note
If you plan to use a HA system, purchase the same hardware and quantities for the HA system as you did
for the primary system.
Resources Reserved by the Virtual Machines in a 250-user System
This section describes how much media the virtual machines use and is intended for those with expert
knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware
VMkernel uses MHz cycles to control CPU scheduling.
Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared
with other virtual machines on the same physical Cisco UCS Server.
Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS file system
partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.
If you attempt to deploy a virtual machine without the minimum number of vCPUs, the OVA deployment of
the virtual machine will fail. If you attempt to deploy a virtual machine without the minimum total MHz
processor speed, then the virtual machine will not power on.
Important
The numbers in this table do not include resources for VMware ESXi or vCenter. See Resources Consumed
by CWMS and the ESXi Host.
7
Virtual Machine Type
Virtual CPU
(vCPU)
CPU (MHz)
Reserved Memory/Total Disks (GB)
8
Memory (GB)
Admin
4
8000
16/16
418
Media
8
16,480
13/23
128
Internet Reverse Proxy
8
16,480
6/6
128
7 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The
physical CPU must have a clock speed of 2.4 GHz or faster.)
8 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total
800-user System
An 800-user system is also described as a medium system. This diagram illustrates two versions of an 800-user
deployment. The "Redundant" virtual machines demonstrate support for High Availability (HA).
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
15
WebEx System Requirements
800-user System
This diagram shows the layout of an 800-user system with two data centers that form a Multi-data Center
(MDC) system with Internet Reverse Proxy (IRP) support. The License Manager runs on only one data center.
The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.
The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings
Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings
Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see
General System Requirements.
For information about the bandwidth requirements, see the Network Bandwidth Requirements, on page 51.
Note
Co-residency with vCenter is not supported with an 800-user system deployment.
For IOPS information, see Advantages of Deploying a System on VMware vSphere, on page 34.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
16
WebEx System Requirements
800-user System
Virtual Machines on ESXi Host CPU
(Cisco UCS Server)
Cores
Memory Ethernet Ports
(GB)
Hard Drive
Storage
Requirement
for New
Installs
Free Hard
Drive Storage
Required for
Automatic
Upgrade from
9
1.5MR3 to 2.X
Admin and Media (combined) 40
80
1.5 TB;
minimum of
10,000 RPM
990 GB
300 GB;
• 2 for IRP,
minimum of
including 1 if NIC 10,000 RPM
teaming is used for
redundancy
172 GB
• 2 for Admin and
Media, including
1 if NIC teaming
is used for
redundancy
• 1 recommended
for ESXi
management
network
Internet Reverse Proxy (IRP) 40
36
• 1 recommended
for ESXi
management
network
9 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the
free space as is required for Automatic Upgrade.
Note
If you plan to use an HA system, purchase the same hardware requirements and quantities as the primary
system.
For 800 user systems, we do not recommend deploying additional virtual machines on a DMZ host. This
might result in increased packet loss and noticeable latency on media connections.
Resources Reserved by the Virtual Machines in an 800-user System
This section illustrates how much media the virtual machines use and is intended for those with expert
knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware
VMkernel uses MHz cycles to control CPU scheduling.
Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared
with other virtual machines on the same physical Cisco UCS Server.
Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS filesystem
partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
17
WebEx System Requirements
2000-user System
If you attempt to deploy a virtual machine without the minimum number of vCPUs, the OVA deployment of
the virtual machine will fail. If you attempt to deploy a virtual machine without the minimum total MHz
processor speed, then the virtual machine will not power on.
Important
The numbers in this table do not include resources for VMware ESXi. See Resources Consumed by CWMS
and the ESXi Host, on page 9.
10
Virtual Machine Type
Virtual CPU
(vCPU)
CPU (MHz)
Reserved Memory/Total Disks (GB)
11
Memory (GB)
Admin
10
20,600
16/16
418
Media
30
60,800
14/44
128
Internet Reverse Proxy
20
41,200
10/10
128
10 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The
physical CPU must have a clock speed of 2.4 GHz or faster.)
11 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total
2000-user System
A 2000-user system is also described as a large system. This diagram shows a 2000-user system with High
Availability (HA) and Internet Reverse Proxy (IRP) support. The HA virtual machines are shown as the
Redundant virtual machines. If your system does not include HA support, then only deploy the Primary
system.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
18
WebEx System Requirements
2000-user System
This diagram shows a 2000-user system deployment with two data centers that form a Multi-data Center
(MDC) system with Internet Reverse Proxy (IRP) support. The License Manager runs on only one data center.
Important
We recommend that you deploy the all virtual machines shown in the diagram. By deploying different
types of virtual machines on a physical server, you can better avoid a system shutdown in the event of a
hardware failure. For example, placing a Media and a Web virtual machines on a single physical server
is more resilient than if you place both Web virtual machines on the same physical server.
On a large system there is an exclusion from the equal load balance rule (see Load Balancing, on page 56
for more information), where there are SIP trunk load balancers on Media 1 and Media 2, and where Media
3 and optionally Media HA do not have load balancing. If there is a failure of both Media 1 and 2 on the
primary system, all telephony service on CWMS is lost. If the system is a HA deployment, the redundancy
mitigates the failure of a single virtual machine.
The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.
The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings
Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings
Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see
General System Requirements.
For more information about the bandwidth requirements, see Network Bandwidth Requirements, on page
51.
If you plan to add a HA system, those virtual machines are shown as the "redundant" virtual machines. If you
do not want HA, then only deploy the primary system.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
19
WebEx System Requirements
2000-user System
Note
Co-residency with vCenter is not supported with a 2000-user system deployment.
Note
For IOPS information, see Advantages of Deploying a System on VMware vSphere, on page 34.
Virtual Machines on ESXi Host CPU
(Cisco UCS Server)
Cores
Memory Ethernet Ports
(GB)
Media1 and Admin
(combined)
80
40
Hard Drive
Storage
Requirement
for New
Installs
1.5 TB;
• 2 for Media1 and minimum of
Admin, including 10,000 RPM
1 if NIC teaming
is used for
redundancy
Free Hard
Drive Storage
Required for
Automatic
Upgrade from
12
1.5MR3 to 2.X
990 GB
• 1 recommended
for ESXi
management
network
Media2 and Web1 (combined) 40
80
1 TB;
• 2 for Media2 and minimum of
Web1, including 1 10,000 RPM
if NIC teaming is
used for
redundancy
768 GB
• 1 recommended
for ESXi
management
network
Media3 and Web2 (combined) 40
80
1 TB;
• 2 for Media3 and minimum of
Web2, including 1 10,000 RPM
if NIC teaming is
used for
redundancy
• 1 recommended
for ESXi
management
network
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
20
768 GB
WebEx System Requirements
2000-user System
Virtual Machines on ESXi Host CPU
(Cisco UCS Server)
Cores
Memory Ethernet Ports
(GB)
Internet Reverse Proxy (IRP) 40
36
Hard Drive
Storage
Requirement
for New
Installs
300 GB;
• 2 for IRP,
minimum of
including 1 if NIC 10,000 RPM
teaming is used for
redundancy
Free Hard
Drive Storage
Required for
Automatic
Upgrade from
12
1.5MR3 to 2.X
172 GB
• 1 recommended
for ESXi
management
network
Media and Admin (combined) 40
for HA
80
1.5 TB;
• 2 for Media and
minimum of
Admin, including 10,000 RPM
1 if NIC teaming
is used for
redundancy
990 GB
• 1 recommended
for ESXi
management
network
Web for HA
40
80
1 TB;
• 2 for Web,
minimum of
including 1 if NIC 10,000 RPM
teaming is used for
redundancy
896 GB
• 1 recommended
for ESXi
management
network
IRP for HA
40
36
300 GB;
• 2 for IRP,
minimum of
including 1 if NIC 10,000 RPM
teaming is used for
redundancy
172 GB
• 1 recommended
for ESXi
management
network
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
21
WebEx System Requirements
System Capacity Matrix
12 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the
free space as is required for Automatic Upgrade.
Resources Reserved by the Virtual Machines in a 2000-user System
This section illustrates how much media the virtual machines use and is intended for those with expert
knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware
VMkernel uses MHz cycles to control CPU scheduling.
Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared
with other virtual machines on the same physical Cisco UCS Server.
Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS file system
partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.
If you attempt to deploy a virtual machine without the minimum number of vCPUs, the OVA deployment of
the virtual machine will fail. If you attempt to deploy a virtual machine without the minimum total MHz
processor speed, then the virtual machine will not power on.
Important
The numbers in this table do not include resources for VMware ESXi. See Resources Consumed by CWMS
and the ESXi Host.
13
Virtual Machine Type
Virtual CPU
(vCPU)
CPU (MHz)
Reserved Memory/Total Disks (GB)
14
Memory (GB)
Admin
10
20,600
16/16
418
For versions
2.6 and higher,
new systems
deployed by
using an OVA
file must be
513.
Media
30
Web
10
Internet Reverse Proxy
20
14/44
128
20,600
16/16
128
41,200
10/10
128
13 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The
physical CPU must have a clock speed of 2.4 GHz or faster.)
14 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total
System Capacity Matrix
Key Points:
• One of the basic assumptions for the information presented in this section is that there are at least two
people participating in a meeting.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
22
WebEx System Requirements
System Capacity Matrix
• Concurrent meeting connections is defined as the number of people participating in a meeting at any
given time. For example, for a 50 user system, the maximum concurrent meeting connections can be
comprised of five concurrent meetings that each have a total of 10 people in the meeting (for example,
one host and nine participants).
• After the maximum number of meeting participants is reached for any point in time, the system does
not allow other users to start or join meetings. Of those maximum number of meeting participants (2000,
800, 250 or 50 people), only half of the participants can use video. Video is defined as sending or
receiving, meaning users might be using their WebEx webcam video or the video file share option which
allows users to share a video.
• Desktop sharing is not considered video. This means with a 250 user system, 250 people can be sharing
their desktops during meetings at any given time.
• The addition of High Availability or Multi-data Center does not increase the capacity of the system to
hold meetings; an 800-user system is still an 800-user system.
The numbers in the table below represent the design capacity for the Cisco WebEx Meetings Server system.
Operating the system at a capacity higher than these specifications can result in a degraded user experience
and may result in system instability. Cisco reserves the right to enforce capacity limits at these levels.
Note
These values in the following table remain the same regardless of whether your system is a single data
center or a multi-data center system.
Table 3: System Capacity Matrix for Version 2.5 and Higher
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Concurrent
2000
Meeting Connections
(Audio, Video, and Web
users)
800
250
50
The number of people participating in
concurrent meetings at any given time.
Maximum Simultaneous 2000
Audio Connections
(Teleconference Phone
Calls and Voice
Connection Using
Computer From Meeting
Clients)
800
250
50
The system capacity remains the same as
shown on the left, regardless of what
combination of the following features are
used:
• G.711, G.722, G.729 audio codecs
• IPv4 or IPv6 teleconferencing
• TLS/SRTP audio encryption
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
23
WebEx System Requirements
System Capacity Matrix
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Concurrent
Video and Video File
Sharing Users
1000
25
400
125
15
These numbers show the maximum number
of concurrent meeting connections (or
participants) allowed to use video sharing at
the same time. When the number of users
with video sharing in concurrent meetings
reaches this limit, then the remaining users
invited to the concurrent meetings can join
the meetings, but their video windows are
grayed out.
Note
Note
Maximum Participants
in One Meeting
500
500
250
50
These numbers show the maximum number
of participants who can attend a meeting.
Maximum Meetings That 100
Can be Recorded
Simultaneously
40
13
3
This is the total number of meetings that can
use the Recording feature at one time.
Maximum Concurrent
Recording Playback
Sessions
200
63
12
This is the total number of recording
playback sessions that can occur
simultaneously. This refers to recordings that
are saved on your storage system and does
not include recordings that are downloaded
to users' desktops.
500
Note
These playback sessions are not
included in the concurrent meeting
connections on the system.
Maximum Number of
User Profiles
400,000 400,000 400,000 400,000 This number includes active and deactivated
users.
Maximum Concurrent
Meetings
1000
400
125
25
The number of separate meetings that can
be active concurrently.
Maximum Call Rate
(calls/per second)
20
8
3
1
This is the average number of users who can
dial into a meeting during a one second time
period. After the system reaches this number,
the next few users to dial into the meeting
might experience an additional few seconds
wait before connecting to the meeting.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
24
If one participant in a meeting uses
video, then all other users in the
same meeting are counted as video
users, even if they are not using
video themselves.
Desktop sharing is not considered
video.
WebEx System Requirements
System Capacity Matrix
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Concurrent
Sign-in
20
people
per
second
1
person
per
second
This is the average number of users who can
simultaneously sign in to your WebEx site
during a one second time period. After the
system reaches this number, the next few
users to sign in to the WebEx site might
experience an additional few seconds wait
before they can join a meeting.
Maximum Aggregate
Bandwidth Utilization
5 Gbps 2 Gbps 625
Mbps
125
Mbps
Using our test system at its maximum
bandwidth, this is the maximum bandwidth
the test system could handle. For more
information about bandwidth utilization see
the Network Bandwidth Requirements
section in the Networking Topology for Your
System chapter of the Planning Guide. You
can also refer to the WebEx Network
Bandwidth White Paper.
8
people
per
second
3
people
per
second
15 800 in Federal Information Processing Standards (FIPS environments)
Table 4: System Capacity Matrix for Version 2.0
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Concurrent
2000
Meeting Connections
(Audio, Video, and Web
users)
800
250
50
The number of people participating in
concurrent meetings at any given time.
Maximum Simultaneous 2000
Audio Connections
(Teleconference Phone
Calls and Voice
Connection Using
Computer From Meeting
Clients)
800
250
50
The system capacity remains the same as
shown on the left, regardless of what
combination of the following features are
used:
• G.711, G.722, G.729 audio codecs
• IPv4 or IPv6 teleconferencing
• TLS/SRTP audio encryption
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
25
WebEx System Requirements
System Capacity Matrix
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Concurrent
Video and Video File
Sharing Users
1000
25
400
125
These numbers show the maximum number
of concurrent meeting connections (or
participants) allowed to use video sharing at
the same time. When the number of users
with video sharing in concurrent meetings
reaches this limit, then the remaining users
invited to the concurrent meetings can join
the meetings, but their video windows are
grayed out.
If one participant in a meeting uses
video, then all other users in the
same meeting are counted as video
users, even if they are not using
video themselves.
Note
Desktop sharing is not considered
video.
These numbers show the maximum number
of participants who can attend a meeting.
Note
Maximum Participants
in One Meeting for
Non-HA Deployments
100
100
100
50
Maximum Participants
in One Meeting for HA
Deployments
250
250
100
50
These numbers show the maximum number
of participants who can attend a meeting.
Maximum Meetings That 100
Can be Recorded
Simultaneously
40
13
3
This is the total number of meetings that can
use the Recording feature at one time.
Maximum Concurrent
Recording Playback
Sessions
200
63
12
This is the total number of recording
playback sessions that can occur
simultaneously. This refers to recordings that
are saved on your storage system and does
not include recordings that are downloaded
to users' desktops.
500
Note
Maximum Number of
User Profiles
400,000 400,000 400,000 400,000 This number includes active and deactivated
users.
Maximum Concurrent
Meetings
1000
400
125
25
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
26
These playback sessions are not
included in the concurrent meeting
connections on the system.
The number of separate meetings that can
be active concurrently.
WebEx System Requirements
System Capacity Matrix
Note
System Capacity
2000
800
250
user
user
user
system system system
50 user Notes
system
Maximum Call Rate
(calls/per second)
20
8
3
1
This is the average number of users who can
dial into a meeting during a one second time
period. After the system reaches this number,
the next few users to dial into the meeting
might experience an additional few seconds
wait before connecting to the meeting.
Maximum Concurrent
Sign-in
20
people
per
second
8
people
per
second
3
people
per
second
1
person
per
second
This is the average number of users who can
simultaneously sign in to your WebEx site
during a one second time period. After the
system reaches this number, the next few
users to sign in to the WebEx site might
experience an additional few seconds wait
before they can join a meeting.
Maximum Aggregate
Bandwidth Utilization
5 Gbps 2 Gbps 625
Mbps
125
Mbps
Using our test system at its maximum
bandwidth, this is the maximum bandwidth
the test system could handle. For more
information about bandwidth utilization see
the Network Bandwidth Requirements
section in the Networking Topology for Your
System chapter of the Planning Guide. You
can also refer to the WebEx Network
Bandwidth White Paper.
For new installations of Cisco WebEx Meetings Server, the storage requirements are as follows:
• Disk space can be local (DAS) or external (SAN or NAS).
• ESXi hosts (Cisco UCS server) with the Admin virtual machine require 1.5 TB of disk space.
• ESXi hosts (Cisco UCS server) without an Admin virtual machine require 1 TB of disk space.
• When upgrading Cisco WebEx Meetings Server by using existing Cisco UCS servers, the ESXi
hosts requires 1118 GB of free disk space if the UCS server has only the Admin virtual machine
(primary or HA system) or 990 GB of free disk space if the UCS server has one Admin and one
Media virtual machine (primary or HA system).
For complete details, see the Resources Consumed by Cisco WebEx Meetings Server and the ESXi
Host section in the http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/
products-installation-and-configuration-guides-list.html.
Tip
The maximum length of a meeting is 24 hours for all size user system deployments.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
27
WebEx System Requirements
Supported Upgrade Paths
Note
When considering an upgrade, plan for the increased size of the data stores, as the original system and the
upgraded system share data stores until testing of the upgraded system is complete and the original system
is removed.
For information about network bandwidth requirements for the various size user systems, see the "Network
Bandwidth Requirements" section in the Network Topology For Your System chapter in this book.
Supported Upgrade Paths
This release of Cisco WebEx Meetings Server supports upgrades from release 1.x to 2.8. The following points
apply:
• An upgrade is defined as a replacement of the system to deploy major modifications that we made to
the system.
• An update is defined as an incremental modification of the system. Updates deploy fixes and minor
improvements.
• An update retains all data from the original system. An upgrade retains all data from the original system,
except for the logs.
• When upgrading, you cannot skip a major version of the software and go directly to a companion
maintenance release (MR).
For example, to upgrade from 1.5MR5 to a 2.8MR, upgrade from 1.5MR5 to 2.8 and then update to the
2.8MR.
Note
Caution
All updates require downtime. For Multi-data centers, you update both data centers simultaneously.
Do not click Restart for one data center until the update for the other is complete, and both display the
Restart button. When you update from Release 2.5MR6 or later to 2.8, restarting one data center before
the update is complete for the other breaks replication.
Use the following table to determine your upgrade path to Cisco WebEx Meetings Server Release 2.8.
Installed Release
To Release
1.0 to 1.1
2.8
Path
1 Update to 1.5.
2 Update to 1.5MR5 Patch 2 or later.
3 Upgrade to 2.8.
1.5 to 1.5MR4
2.8
1 Update to 1.5MR5 Patch 2 or later.
2 Upgrade to 2.8.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
28
WebEx System Requirements
Supported Upgrade Paths
Installed Release
To Release
1.5 MR5
2.8
Path
1 Update to 1.5MR5 Patch 2 or later.
2 Upgrade to 2.8.
1.5 MR5 Patch 2 or later 2.8
2.0 to 2.0MR8
2.8
Upgrade to 2.8.
1 Update to 2.0MR9.
2 Update to 2.8.
2.0MR9 or later
2.8
2.5 to 2.5MR5
2.8
Update to 2.8.
1 Update to 2.5MR6.
2 Update to 2.8.
2.5MR6
2.8
2.6 to 2.6MR2
2.8
Update to 2.8.
1 Update to 2.6MR3
2 Update to 2.8
2.6MR3 or later
2.8
Update to 2.8.
2.7 or any 2.7MR
2.8
Update to 2.8.
2.8 or any 2.8MR
Any 2.8MR
Update to 2.8MR.
Important
You cannot change the audio encryption type (Audio Encrypted -AE/Audio Unencrypted -AU) for the
system, during an upgrade or during an update. After deployment, the only way to change a system from
one type of audio encryption to the other is to deploy a new system.
For more information, see the following documents:
• Cisco WebEx Meetings Server Administration Guide Release 2.8: http://www.cisco.com/en/US/products/
ps12732/prod_installation_guides_list.html
• Cisco WebEx Meetings Server Planning Guide and System Requirements Release 2.8: http://
www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/
products-installation-and-configuration-guides-list.html
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
29
WebEx System Requirements
Supported Upgrade Paths
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
30
CHAPTER
2
Introduction and Data Center Topology For Your
System
This chapter provides an introduction, a data center overview, and VMware vCenter requirements for your
system.
• Introducing Cisco WebEx Meetings Server, page 31
• Information for Cisco Unified MeetingPlace Customers, page 33
• Deploying a Single Data Center, page 33
• Joining Single Data Centers to Create a Multi-data Center (MDC) System, page 33
• Using VMware vSphere With Your System, page 33
• IOPS and Storage System Performance , page 36
• Installing VMware vSphere ESXi and Configuring Storage, page 37
• Joining Meetings, page 38
Introducing Cisco WebEx Meetings Server
Cisco Webex Meetings Server (CWMS) is a secure, fully virtualized, private cloud (on-premises) conferencing
solution that combines audio, video, and internet to reduce conferencing costs and extend your investments
in Cisco Unified Communications.
Like other Cisco WebEx products, it offers real-time collaboration tools, including document, application,
and desktop sharing, annotation tools, full host control for effective meeting management, an integrated
participant list with active talker, and video switching, recording, and playback. This product utilizes high
quality video, so the video sharing experience is crisp and clear.
You can deploy and manage this conferencing solution in your private cloud, behind the firewall in your data
center. It is designed for Cisco UCS servers and VMware vSphere. (For specific requirements, see Minimum
Hardware Requirements, on page 7.) It features a rapid virtual deployment and powerful tools for
administrators to configure and manage the system and see key system metrics.
In addition, mobile users can attend and participate in meetings. For supported devices, see Operating Systems
Requirements for Mobile Devices, on page 178.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
31
Introduction and Data Center Topology For Your System
Introducing Cisco WebEx Meetings Server
Important Considerations For Your System
Note the following:
• Forward proxies—not recommended, though you may use forward proxies with restrictions. For complete
details, refer to the Cisco WebEx Meetings Server Troubleshooting Guide.
• Reverse proxies—only the Internet Reverse Proxy server included with this product is supported.
• NAT—supported when it meets the requirements for this system. For complete details, see Using NAT
With Your System.
• Single data centers—deployments within a single data center are supported for all releases of Cisco
WebEx Meetings Server. For complete details, see Deploying a Single Data Center.
• Multi-data centers—data centers running Cisco WebEx Meetings Server Release 2.5 or higher can be
joined to create a system comprised of multiple data centers. For complete details, see the About Multi-data
Center in the Cisco WebEx Meetings Server Administration Guide.
• Storage Server—Each data center in a multi-data center system must have a separate storage server. The
same storage server cannot support more than one data center.
• High-availability system—defined as a system with redundant virtual machines running the same version
of Cisco WebEx Meetings Server. If the primary system (in a single data center system) fails, the
high-availability system continues service. The redundant high-availability virtual machines must be
co-located in the same data center with the primary virtual machines. The primary and high-availability
system virtual machines must be on the same VLAN or subnet.
You cannot join high-availability systems to create a multi-data center environment.
• Internet Reverse Proxy (IRP) Server—is defined as a virtual machine placed as a proxy between the
external Internet and a company's internal network to provide public access to CWMS. An Internet
Reverse Proxy server is required to allow users to schedule and attend meetings from mobile devices or
to provide secured access to your WebEx Site from the Internet. An Internet Reverse Proxy server is
not required if you are going to limit access to Cisco WebEx Meetings Server to your internal network.
(Deploy an IRP virtual machine by using the same OVA file you use to deploy your administration
virtual machine. The IRP virtual machine must be on the same subnet as the Public Virtual IP address.)
• Virtual IP (VIP) Address—used to communicate with the Admin, Media, and Web virtual machines
within a data center.
• Private Virtual IP (VIP) address—configured on the Admin virtual machine and is associated to the
Administration Site URL. The private VIP can also be associated with the WebEx Site URL if the address
is configured in the internal DNS server in a Split-Horizon DNS deployment or deployments without
an Internet Reverse Proxy server.
• Public Virtual IP (VIP) address—configured on the Internet Reverse Proxy virtual machine and is
associated with the WebEx Site URL only. The WebEx Site URL on the external DNS servers must be
resolvable to the Public Virtual IP address to provide users access to the WebEx Site from the Internet.
A public virtual IP address is not configured on the system if there is no Internet Reverse Proxy server.
Caution
If you disregard our recommendations and requirements when deploying a system, you will not receive
support from Cisco. Cisco is not responsible for any problems you might encounter as a result of not
following our guidance.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
32
Introduction and Data Center Topology For Your System
Information for Cisco Unified MeetingPlace Customers
New and Changed Features for Cisco WebEx Meetings Server
For a list of new and changed features, see the "New and Changed Features for Cisco WebEx Meetings Server"
in the Release Notes for Cisco WebEx Meetings Server at Release Notes.
Information for Cisco Unified MeetingPlace Customers
Because of architectural differences, there is no migration path (for existing user accounts, customizations,
and meetings) from Cisco Unified MeetingPlace to Cisco WebEx Meetings Server. These are two distinct
products.
You can ease the transition for your users by continuing to support both Cisco Unified MeetingPlace and
Cisco WebEx Meetings Server while encouraging your users to switch to the new system.
Deploying a Single Data Center
Cisco WebEx Meeting Server (CWMS) can be deployed as a Single-data Center (SDC) system and optionally
as a High Availability (HA) system or a Multi-data Center (MDC) system (see Redundancy in HA or MDC
Deployments, on page 47). A SDC system (including a system with HA support) requires only Host licenses
after a trial period. A MDC system requires a minimum of two MDC feature licenses, Host licenses, and there
is no MDC trial period.
Joining Single Data Centers to Create a Multi-data Center (MDC)
System
You can join two data centers that are running Cisco WebEx Meeting Server Release 2.5 or higher to form a
single Multi-data Center (MDC) system. A maximum of two data centers can be joined. The difference between
a Multi-data Center and a High Availability system is that a High Availability system must be co-located and
functions as a backup system. In an MDC system, the data centers can be located in different geographic
locations and both data centers contribute to system processing. See Redundancy in HA or MDC Deployments,
on page 47. One license must be purchased for each CWMS data center in an MDC system. MDC licenses
should be purchased before you attempt to deploy an MDC system. (A system with a single data center does
not need a feature license.) For details on how to prepare your data centers to be joined, the Join process, and
how to carry over data from one data center to another when the Join process is complete, refer to the "Joining
Data Centers to Create a Multi-data Center (MDC) System" chapter in the Cisco WebEx Administration Guide
(http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/
products-installation-guides-list.html).
Using VMware vSphere With Your System
Important
This product only installs on a VMWare vSphere virtualization platform. VMWare Tools for CWMS are
automatically installed during system deployment and should not be upgraded manually. See
docwiki.cisco.com/wiki/VMWare_Tools for more information on VMWare Tools.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
33
Introduction and Data Center Topology For Your System
Advantages of Deploying a System on VMware vSphere
• Cisco WebEx Meetings Server is designed to work on any equivalent Cisco UCS Server that meets or
exceeds the system requirements. However, to save you time, we recommend using standard Cisco UCS
servers. For complete details on the hardware and VMWare requirements, see Minimum Hardware
Requirements, on page 7.
• You must purchase VMWare vSphere 5.0, 5.0 Update 1, 5.0 Update 2, 5.1, or 5.1 Update 1 for use as
the hypervisor platform for Cisco WebEx Meetings Server.
You must purchase VMWare vSphere 5.0, 5.0 Update 1, 5.0 Update 2, 5.1, 5.1 Update 1, 5.5, or 6.0 for
use as the hypervisor platform for Cisco WebEx Meetings Server.
Note
For security reasons, 5.1 must be version 1900470 or later.
Complete one of the following:
◦Buy vSphere directly from Cisco on the GPL (Global Price List). Cisco is an approved VMWare
partner and distributor.
◦Purchase vSphere directly from VMWare through enterprise agreements you have with VMWare.
Advantages of Deploying a System on VMware vSphere
This section explains why VMware vSphere and vCenter are integral to using this Cisco WebEx product and
lists some considerations.
Deployment of the System
• This product is packaged as a VMware vSphere compatible OVA virtual appliance and not as a collection
of software packages on a DVD. You must have vCenter to deploy the OVA or the product will not
install.
• By packaging it as a virtual appliance we enable rapid deployment; in some cases in under an hour.
• To facilitate rapid installations with the OVA virtual appliance, you can select automatic system
deployment for most system sizes. Simply provide vCenter credentials and we will deploy all the virtual
machines for your system without manual intervention. This innovation will minimize your labor costs
and time.
Note
The OVA template creates two virtual NICs for each virtual machine. However, only
the Admin virtual machines uses both virtual NICs. For all other Cisco WebEx Meetings
Server (CWMS) virtual machines, only one virtual NIC is used and the other one is
disconnected.
• CWMS requires you to run VMware ESXi or the corresponding VMware ESXi installable Cisco ISO
Image. Both these editions contain the necessary drivers required to support the Cisco UCS Servers that
are required by CWMS. For more information, see http://www.cisco.com/en/US/docs/unified_computing/
ucs/release/notes/OL_26617.pdf.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
34
Introduction and Data Center Topology For Your System
Advantages of Deploying a System on VMware vSphere
Easy Recovery From System Errors
If the change does not meet your expectations, by using VMware Data Recovery you can revert
system-impacting changes rapidly and without a system redeployment.
vSphere Considerations
Note the following considerations:
• You can move your virtual machine to another ESXi host. However, you must retain the layout of the
virtual machines on the new ESXi host. In other words, if you plan to move a Media virtual machine
that is co-resident with a Web virtual machine, then you must either move it to a separate ESXi host
(where it is the only virtual machine) or move it to an ESXi host that already has a Web virtual machine.
Note
Your destination ESXi host must conform to the same system requirements as the source
ESXi host.
The following VMware features are not supported with CWMS:
• VMotion and Storage VMotion (Although you can move your virtual machines, you may not do so by
using these tools.)
• VMware Distributed Resource Schedule (DRS)
• vSphere High Availability (HA)
• vSphere clustering and resource sharing
• Cloning a virtual machine
vSphere Best Practices
• We recommend that you do not use virtual machine snapshots. If you decide to use snapshots, then after
confirming your system changes, either commit the snapshots or remove them as soon as possible.
Keeping a snapshot for any period of time will result in severe performance degradation.
• For SAN environments, deploy disk images to a SAN with high IOPS numbers.
For an 800-user system, the average IOPS for an OVA deployment is 506 (max IOPS is 855) for the
Admin virtual machine and 475 (max IOPS is 652) for a Media virtual machine. Once these virtual
machines are created and powered on, then you can enter the case-sensitive URL and continue the system
deployment in a web browser. The average IOPS for a primary system is 108 (max IOPS is 1558) and
163 (max IOPS is 1736) for a secondary system.
• Verify that there is enough free space on your SAN. Snapshots are stored on the same SAN.
• Deploy a 10GB network for the quickest deployment and bandwidth for future growth.
• We recommend that you manage all virtual machines by using the same vCenter. This allows for an
easier restoration should you need to recover your system.
For more information on network bandwidth, see Network Bandwidth Requirements, on page 51.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
35
Introduction and Data Center Topology For Your System
IOPS and Storage System Performance
vCenter Server Requirements
In addition to vSphere, vCenter Server is also required.
• To deploy this virtual appliance, you must also use vCenter to deploy and manage the virtual machines
in your system. This product will not work without vCenter Server.
• Cisco recommends backups and snapshots of the system ahead of important system-impacting operations.
Creating backups permits you to roll back the changes in case the update does not meet your expectation.
You may automate backups and snapshots using vCenter.
• CWMS supports vSphere Standard Edition.
vSphere Edition For the 800 and 2000 User Systems
• The 800 and 2000 user systems comprise virtual machines that require between 30 and 40 vCPUs. These
virtual machines use these vCPUs to perform very compute intensive tasks such as SSL encoding or
decoding, mixing audio streams, and so on.
For complete information on vCPU requirements, see Resources Consumed by CWMS and the ESXi
Host, on page 9.
• At minimum, you must purchase the vSphere 5.0 Enterprise Plus edition or the vSphere 5.1 Enterprise
edition, as the lower-end vSphere editions do not support the number of required vCPUs.
IOPS and Storage System Performance
Expected Maximum IOPS and Throughput
The following table shows the expected maximum IOPS and throughput values for maximum load on the
system for a single virtual machine.
System Size
Virtual Machine
Maximum
Maximum Read
Input/Output
Megabytes per
Operations (IOPS) Second
Maximum Write
Megabytes per
Second
50 user system
Admin
450
1
15
DMZ
70
0.3
0.3
Admin
1400
1
25
Media
150
1
10
DMZ
110
0.4
0.6
Admin
1400
3
50
Media
300
1
30
DMZ
150
1
1.5
250 user system
800 user system
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
36
Introduction and Data Center Topology For Your System
Installing VMware vSphere ESXi and Configuring Storage
System Size
Virtual Machine
Maximum
Maximum Read
Input/Output
Megabytes per
Operations (IOPS) Second
Maximum Write
Megabytes per
Second
1600
2.5
60
Media
300
1
25
Web
200
3
1.5
DMZ
200
1.5
3
2000 user system Admin
IOPS for System Reboot for a 2000 User System
The following table shows IOPS information for a 2000 user system for the boot (reboot) process.
Virtual Machines in a 2000 User
System
IOPS for System Boot (Reboot)
IOPS for Minor Update
Admin
2300
3000
Media
2000
2000
Web
1500
2000
Web
1000
2000
IOPS for Backup for a 2000 User System
The following table shows IOPS information for a 2000 user system for a backup done during the off hours.
Admin Virtual Machine
for a 2000 User System
IOPS for Backup
Maximum Read
Megabytes per Second
Maximum Write
Megabytes per Second
1 GB Backup
2000
220
300
12 GB Backup
5000
320
600
Installing VMware vSphere ESXi and Configuring Storage
Cisco WebEx Meetings Server is a software-based solution. It is not a combination hardware and software
package. You can choose what to purchase and how to provision your hardware platforms, as long as the
hardware meets or exceeds CPU, memory, and storage requirements.
You can deploy Cisco WebEx Meetings Server on Cisco UCS Servers that meet our minimum specifications.
Or you can choose to deploy this product on newer and higher-end UCS Servers that exceed our minimum
specifications.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
37
Introduction and Data Center Topology For Your System
Joining Meetings
Multiple RAID controller and network options are available. You may choose to use SAN storage instead of
local RAID. We do not provide details about every storage configuration that you may choose.
However, since Cisco WebEx Meetings Server is deployed on Cisco UCS Servers, refer to the Cisco UCS
Servers RAID Guide at http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/raid/configuration/
guide/RAID_GUIDE.html.
Setting the Write Cache on a RAID Controller
For optimal system performance, you check the Default Write setting on your RAID controller. You can set
Default Write to three settings: Write Back with BBU, Write Through, or Always Write Back. Some guidelines
for selecting the appropriate setting for Default Write on your Cisco UCS Servers are:
• Write Back with BBU - use this setting if you have installed a battery backup unit on your RAID
controller. If the system experiences a power loss, the battery backup unit preserves the content of the
controller cache memory.
If the battery backup unit fails or goes offline to a re-learn cycle, the Write Back with BBU setting
automatically fails back to Write Through cache. Without a working battery backup unit, the Write
Through setting is safer although you may notice performance degradation on the I/O subsystem of the
host machine.
• Write Through - use this setting and enable the cache explicitly (using the Disk Cache option) if you
must remove the battery backup unit for repairs. This setting gives you better, but not optimal performance.
After you replace the faulty battery, you can safely return the Default Write setting to Write Back with
BBU mode.
• Always Write Back - use this setting if the host that houses your RAID controller is connected to an
uninterruptible power supply unit.
Joining Meetings
End user experience with Cisco WebEx Meetings Server is of a website that users access to schedule and join
meetings. This website includes real-time conferencing elements that facilitate online meetings. Users can
join meetings through a browser or through a client on their desktops.
For complete details on the end user experience, sign in to the WebEx site and select Help.
Windows Users
The following assumes that a user has Windows Administrator privileges on their PC sufficient to allow them
to join WebEx meetings. If this is not true, system administrators can push the WebEx Meetings application
client to a user by using desktop management software such as IBM Tivoli. See Downloading Applications
from the Administration Site, on page 118.
• Microsoft Internet Explorer users can install an ActiveX control or Java plug-in, download the WebEx
Meetings application installer, or run the application in a temporary system folder (such as TFS). The
first time the user joins a meeting, the client software is downloaded and automatically installed.
• Google Chrome and Mozilla Firefox users can install a Java plug-in, download the WebEx Meetings
application, or run the application in a temporary system folder. The client software is downloaded and
automatically installed the first time the user joins a meeting.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
38
Introduction and Data Center Topology For Your System
Joining Meetings
It is not necessary to change any of the ActiveX, Java plug-in, WebEx Meetings application installer, or TFS
settings.
Mac Users
• If Java is enabled, the client software is downloaded and automatically installed the first time the user
joins a meeting. (Java is turned off by default in Mac OS X Lion version 10.7 and OS X Mountain Lion
version 10.8.)
• If Java is disabled, the user can download and install the WebEx Meetings application.
Multi-data Center System Users
If your WebEx site uses self-signed certificates instead of certificates from a well-known Certificate Authority,
after your data center is joined to another data center users must install a certificate for each data center in the
Trusted Root Certification Authorities store before they start or join a meeting.
Using Chrome and FireFox Browsers
If you use Chrome 32 and later or Firefox 2716 and later, you might see a prompt to install a Cisco WebEx
plug-in. Select Download and follow the instructions to install the required plug-in.
Note
After installing the plug-in, some browsers require that you enable it.
• If you use Chrome, click the plug-in icon that appears on the top right of your page. Select the Always
allow plug-ins... option and then click Done.
• If you use Firefox, click the plug-in icon that appears at the beginning of your URL (before https:)
and then click Allow and Remember.
If the meeting does not start automatically, refresh the page.
If you are using the Chrome 38 browser and later to start a WebEx meeting or play a WebEx recording, you
might be required to complete the following one-time installation to add the Cisco WebEx extension to your
Chrome browser:
1 Select Add WebEx to Chrome.
2 Select Free on the Cisco WebEx Extension dialog.
3 Select Add to add the Cisco WebEx extension to your Chrome browser.
4 Open the Cisco_WebEx_Add-on.exe file and select Run.
5 The page refreshes when the installation has finished. If the meeting does not start automatically, refresh
the page.
16 The exact versions of Chrome and Firefox that are impacted by this policy have not been finalized as of the publishing of this document.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
39
Introduction and Data Center Topology For Your System
Joining Meetings
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
40
CHAPTER
3
Networking Topology
• Virtual Machine Layout in Your Network, page 41
• Different Types of Network Topology for Your System, page 42
• Internal Internet Reverse Proxy (IRP) Network Topology, page 42
• Non-Split-Horizon Network Topology, page 43
• All Internal Network Topology, page 45
• Split-Horizon Network Topology, page 46
• Redundancy in HA or MDC Deployments, page 47
• Network Considerations for the Internet Reverse Proxy, page 49
• Network Bandwidth Requirements, page 51
• NIC Teaming for Bandwidth Aggregation, page 55
• Load Balancing, page 56
Virtual Machine Layout in Your Network
Cisco WebEx Meetings Server (CWMS) comprises two groups of virtual machines: the internal virtual
machines and the optional Internet Reverse Proxy (IRP) virtual machines. IRP is required for systems where
external users are allowed to host or attend meetings through the Internet without using VPN or by using
CDMA mobile devices. Without IRP, only internal and VPN users can host or join meetings. For more
information about IRP, see Network Considerations for the Internet Reverse Proxy, on page 49.
Internal Virtual Machines
Internal virtual machines refer to the Admin virtual machine, and if applicable, the Media and Web virtual
machines.
• The internal virtual machines must be on a single, common VLAN or subnet. During the system
deployment, you will see error messages if your IP address assignments violate this rule. The system
design assumes that all the internal virtual machines, including any High Availability (HA) virtual
machines, are connected through a LAN that offers high bandwidth, negligible packet loss, and a latency
of under 4 ms.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
41
Networking Topology
Different Types of Network Topology for Your System
Voice, data, video and the SAN all rely on the network bandwidth. It is critical to deploy a network that
is capable of handling the required load.
• Cisco recommends placing all the internal virtual machines on the same Ethernet switch. However, when
provisioning a HA system we recommend that you deploy two Ethernet switches to ensure network
redundancy.
• If you decide instead to place the virtual machines on different Ethernet switches within the same data
center, then your network must meet the specific bandwidth and network latency requirements as described
in Network Bandwidth Requirements, on page 51. In this situation, the switch-to-switch trunk must
meet the same networking characteristics as the L3 latency and throughput for a single physical switch.
For additional information on systems with HA, see Redundancy in HA or MDC Deployments, on page 47.
Different Types of Network Topology for Your System
This product supports the following network topologies:
• Internal Internet Reverse Proxy (IRP) Network Topology, on page 42
• Non-Split-Horizon Network Topology, on page 43
• All Internal Network Topology, on page 45
• Split-Horizon Network Topology, on page 46
Important
If you want mobile users to attend meetings, select a network topology that includes the Internet Reverse
Proxy virtual machine. Deploy the Internet Reverse Proxy regardless of how mobile users attend meetings.
When using a cellular data network, mobile users join the meeting through the Internet to the Internet Reverse
Proxy. When using a local Wi-Fi connection, mobile users join the meeting using one of the following methods:
• Internet Reverse Proxy (non-split-horizon network topology)
• Directly through the internal virtual machines (split-horizon network topology)
Note
If your network topology includes forward proxies, they must meet specific requirements for the Internet
Reverse Proxy to work properly. See the Cisco WebEx Meetings Server Troubleshooting Guide for
complete details.
Internal Internet Reverse Proxy (IRP) Network Topology
This section describes the network topology when all the virtual machines in your system, including the
Internet Reverse Proxy (IRP) virtual machine, are in the same internal network.
This configuration permits users to sign in and join meetings securely from the Internet without a VPN
connection.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
42
Networking Topology
Non-Split-Horizon Network Topology
If you are using automatic deployment, then the ESXi hosts for all your virtual machines (including the IRP)
must be managed from the same VMware vCenter. This vCenter information is required during an automatic
system deployment.
Note
This configuration supports mobile access.
You will define the Administration URL, the WebEx Site URL, the private VIP address, and the public VIP
address during the deployment of your system. For more information about these terms, and when you provide
them, see the Installation section of the Cisco WebEx Meetings Server Administration Guide.
This is a diagram of an all-internal IRP network topology.
For a complete list of the port access required for this deployment, see Port Access When All the Virtual
Machines Are in the Internal Network, on page 80.
Advantages of an All Internal IRP Network Topology
Compared with the non-split-horizon network topology, there are no virtual machines in the DMZ, and the
network traffic for internal users is not connected through the DMZ to host or attend meetings.
Disadvantages of an All Internal IRP Network Topology
Public access (allowing external users to access the system) requires opening inbound ports (80 and 443)
directly from the Internet to the internal network.
For more information about IRP, see Network Considerations for the Internet Reverse Proxy, on page 49.
Non-Split-Horizon Network Topology
This section describes the network topology when you have a non-split-horizon DNS. The internal virtual
machines (Admin, and if applicable, Media and Web) are in the internal network, and the Internet Reverse
Proxy is in the DMZ network.
Note
This configuration permits users to sign in and join meetings securely from the Internet without a VPN
connection.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
43
Networking Topology
Non-Split-Horizon Network Topology
Note
This configuration supports mobile access.
For this product, the primary difference between a split-horizon and a non-split-horizon network topology is
that for a split-horizon system, internal users access the WebEx site URL using the private VIP address.
External users (outside the firewall) access the WebEx site URL using the public VIP address. For a
non-split-horizon network, all users (internal and external) access the WebEx site URL using the public VIP
address.
You will define the Administration URL, the WebEx Site URL, the private VIP address, and the public VIP
address during the deployment of your system. For more information about these terms, and when you provide
them, see the Installation section of the Cisco WebEx Meetings Server Administration Guide.
This is a schematic diagram of a non-split-horizon network topology.
Note
For a complete list of the port access required for this deployment, see Port Access With an Internet
Reverse Proxy in the DMZ Network, on page 81.
Advantages of a Non-Split-Horizon Network Topology
• Tight control on the traffic that comes in and goes out of a network.
• Addresses more common, simple DNS network requirements.
Disadvantages of a Non-Split-Horizon Topology
• Complex setup, but not as complex as the split-horizon network topology.
• Internal traffic is directed to the DMZ network. All network traffic from the Internet as well as from the
internal (private network) goes to the Internet Reverse Proxy in the DMZ network, then comes back to
the internal virtual machines.
• Requires more ports to be opened in the firewall between the DMZ and internal network than the all
internal network topology.
• Automatic system deployment (for 50, 250, or 800 concurrent user systems only) requires a more detailed
setup in vCenter.
• Of the three network topologies, this configuration most affects network performance, since all of the
meetings load is through the Internet Reverse Proxy. Because there are multiple hops, network latency
is affected as well.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
44
Networking Topology
All Internal Network Topology
Note
Refer to Network Bandwidth Requirements, on page 51 for details about NIC speed requirements for
non-split-horizon DNS deployments.
All Internal Network Topology
This section describes the network topology when all the virtual machines in your system are in the same
internal network. There is no public access; only internal and VPN users can host or join meetings.
Note
If you are using automatic deployment, then the ESXi hosts for all your virtual machines must be managed
from the same VMware vCenter. This vCenter information is required during an automatic system
deployment.
Note
This configuration does not support mobile access.
You will define the Administration URL, the WebEx Site URL and the private VIP address during the
deployment of your system. For more information about these terms, and when you provide them, see the
Installation section of the Cisco WebEx Meetings Server Administration Guide.
This is a schematic diagram of an all internal network topology.
Advantages of an All Internal Network Topology
• Provides lower latency as there are fewer network hops between the virtual machines.
Disadvantages of an All Internal Network Topology
• There is no public access (allowing external users to access the system) and no access for mobile users.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
45
Networking Topology
Split-Horizon Network Topology
Split-Horizon Network Topology
This section describes the network topology when you have a split-horizon DNS. The internal virtual machines
(Admin, and if applicable, Media and Web) are in the internal network, and the Internet Reverse Proxy (IRP)
is in the DMZ network.
Note
This configuration permits users to sign in and join meetings securely from the Internet without a VPN
connection.
Note
This configuration can only support mobile access from a public IP (internet) network. Mobile access is
not supported on an internal (intranet) network.
In a split-horizon deployment, Internet-origin traffic (including mobile users employing a cellular data network)
goes to the Internet Reverse Proxy. Internal-origin traffic (including mobile users employing local Wi-Fi)
goes directly to the internal virtual machines.
For this product, the primary difference between a split-horizon and a non-split-horizon network topology is
that for a split-horizon system, internal users access the WebEx site URL using the private virtual IP (VIP)
address. External users (outside the firewall) access the WebEx site URL using the public VIP address. For
a non-split-horizon network, all users (internal and external) access the WebEx site URL using the public VIP
address.
You will define the Administration URL, the WebEx Site URL, the private VIP address, and the public VIP
address during the deployment of your system. For more information about these terms, and when you provide
them, see the Installation section of the Cisco WebEx Meetings Server Administration Guide.
This is a schematic diagram of a split-horizon network topology.
Note
For a complete list of the port access required for this deployment, see Port Access With an Internet
Reverse Proxy in the DMZ Network, on page 81.
Split-horizon DNS with Public VIP NAT on the External Firewall
If you have public virtual IP (VIP) NAT configured on the external firewall, you need three DNS servers to
deploy split-horizon DNS:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
46
Networking Topology
Redundancy in HA or MDC Deployments
• Internal DNS: This server resolves the WebEx Site URL to the Private VIP IP address on the Admin
virtual machine. This server permits internal users to access the WebEx site internally with a Private
VIP.
• DMZ DNS: This server resolves the IRP VM FQDN to the IRP Eth0 IP address and the WebEx Site
URL to the Public VIP address. This server is required to successfully deploy the IRP virtual machine
and to add Public Access to the topology.
• External DNS: This server resolves the WebEx Site URL to the public IP address on the External firewall
that is being NATed to the Public VIP on the IRP virtual machine.
Advantages of a Split-Horizon Network Topology
• Tight control on the traffic that comes in and goes out of a network.
• There is a separation of network traffic hitting the system, enabling a more distributed spread of the
load.
The traffic coming in from the Internet goes to the Internet Reverse Proxy. The traffic coming from the
internal (private network) goes directly to the internal virtual machines (Admin, and if applicable, Media
and Web).
• Performance and network latency is better than a non-split-horizon DNS, but worse than an all internal
network topology.
Disadvantages of a Split-Horizon Topology
• Of the three different network topologies, this is the most complex setup.
• Requires sophisticated DNS mapping.
• Requires more ports to be opened in the firewall between the DMZ and internal network than the all
internal network topology.
• Automatic system deployment (for 50, 250, or 800 concurrent user systems only) requires a more detailed
setup in vCenter.
• Because of web redirection for internal users, the WebEx site URL is replaced with the URL exposing
the hostname of the virtual machine containing the web services and the Media virtual machines.
See Network Bandwidth Requirements, on page 51 for details about NIC speed requirements for split-horizon
DNS deployments.
Redundancy in HA or MDC Deployments
High Availability (HA) provides redundancy through failover from a faulty primary Cisco WebEx Meetings
Server (CWMS) system to a backup CWMS HA system in the same physical location.
CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS
system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users
and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users
improves network performance. A CWMS system cannot support both HA and MDC.
The conditions for redundancy are:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
47
Networking Topology
Redundancy in HA or MDC Deployments
• The HA virtual machines must be co-located in the same data center as the primary virtual machines.
All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements
for connectivity between the primary and HA components are the same as defined previously for the
primary virtual machines. Splitting the primary and HA components of the system between data centers
is not supported.
The MDC virtual machines are not required to be co-located in the same data center.
• Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a
switch or network link does not sever the connectivity between the primary and HA or MDC components.
To achieve this redundancy, each host server should have redundant connections to multiple Ethernet
switches.
• The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or
subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet
Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual
machines.
After joining data centers in an MDC system, IRP can be enabled or disabled on the data centers. The
IRP configuration for all data center in the CWMS MDC system must match; there cannot be a mismatch.
The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an
800 user system with or without HA, the total system capacity remains the same; the maximum number of
simultaneous audio connections is 800.
The HA or MDCsystem comprises redundant virtual machines for each virtual machine type in your
deployment. (For a description of each type of virtual machine, see Virtual Machines In Your System, on
page 7.) For example:
• A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP)
virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50
user system consists of two Admin virtual machines and two IRP virtual machines.
• A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and
optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user
system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual
machines.
• A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two
Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the
combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant)
Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual
machines.
In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system.
(The public VIP address and the private VIP address are different and are not shared.) When one virtual
machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual
machine failure is transparent to users as meetings continue without placing unusual demands on the DNS
infrastructure. However, a shared VIP address can only be implemented on a single network segment or
VLAN; splitting a VLAN across two data centers creates multiple problems.
We require connectivity between the primary and HA internal virtual machines to be within the same data
center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure.
Allowing a split network can result in split meeting connections and conflicting database updates. It is more
practical to construct a true HA network segment within a single data center than between multiple data
centers.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
48
Networking Topology
Network Considerations for the Internet Reverse Proxy
In an MDC system, the data is replicated across data centers (except for the License Manager). Therefore if
a data center goes down or network connectivity is lost, the surviving data center continues to serve users
independent of geographic location.
The best way to build a fault tolerant system is when most system components operate as “all active.” However,
certain key components, notably the database service, are “active/standby." (Web servers and media components
in the HA system are dependent on the primary system components.) Any latency or interruption on the
connections results in delays for users, particularly when joining meetings. Latency between media service
components increases audio and video latency for some users during meetings. (For Cisco WebEx Meetings
Server, 4 ms of network latency is acceptable between the internal virtual machines. For more details, see
Virtual Machine Layout in Your Network, on page 41.)
Network Considerations for the Internet Reverse Proxy
The Internet Reverse Proxy virtual machines share the same general networking requirements as the internal
virtual machines. For the non-split-horizon and split-horizon DNS configuration, the Internet Reverse Proxy
virtual machines are deployed in your DMZ network and not the internal network.
Restriction
Even if the Cisco UCS Servers are configured with two NICs, Cisco WebEx Meetings Server does not
support pointing one NIC to the Internet and the other NIC to the Intranet. This restriction applies regardless
of the mappings between the physical NICs and virtual NICs used by vSphere (and the Internet Reverse
Proxy).
The Internet Reverse Proxy virtual machine always connects to a single external VLAN regardless of the
number or NICs you use. If you use multiple physical NICs, and they are connected to different switches or
routers, the NICs must still be connected to the same VLAN.
Therefore, you cannot use the Internet Reverse Proxy to bridge traffic between two separate network segments
(with one pointing to the Internet and the other pointing to the Intranet). The next section describes how you
can accomplish this goal.
Latency Between Internal Virtual Machines and the Internet Reverse Proxy
The maximum acceptable round-trip latency on the path between the NIC on the Internet Reverse Proxy and
the NIC on any of the internal virtual machines should be established at less than 4 ms. Excess latency on this
path will limit the bandwidth usable by end users for audio, video, and desktop sharing. If the latency increases
from 4 ms to 8 ms, for instance, the usable bandwidth will drop by half, with the experience progressively
degrading as the latency increases.
Note
The 4 ms latency limit does not apply to the path between any of Cisco WebEx Meetings Server components
and end users endpoints.
Note
Potentially severe delays on end user connections that pass through the Cisco WebEx Meetings Server
Internet Reverse Proxy can result when latency exceeds 4 ms between the IRP and the internal virtual
machines.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
49
Networking Topology
Network Considerations for the Internet Reverse Proxy
Network Traffic Isolation
You may set up network traffic isolation between the Internet and your internal network by using a DMZ
Ethernet switch. The following procedure and diagram illustrate one example:
1 Connect the Internet Reverse Proxy to a head-end switch or router and use that switch or router to split
the Internet and Intranet traffic.
2 Once the switch or router splits the traffic, then you can pipe those two traffic patterns to two separate
physical ports on the switch or router. One port points to the Internet and other port points to the Intranet.
Here is a diagram of a sample network topology:
For information about network bandwidth requirements, see Network Bandwidth Requirements, on page 51.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
50
Networking Topology
Network Bandwidth Requirements
Network Bandwidth Requirements
This section describes the bandwidth requirements for 50, 250, 800 and 2000 user systems. Meeting the
bandwidth requirements outlined in the section will provide a quality end user experience for your users who
host and attend WebEx meetings, and helps ensure that your network can support the traffic demands from
the web sharing, audio, and video.
Estimating Bandwidth for End User Sessions
It is important to estimate the network bandwidth to support the traffic demands of video, audio, and web
sharing for the size of your user system. The bandwidth requirements for this product are fundamentally the
same as for Cisco WebEx cloud services. If you wish to optimize your network provisioning, Cisco WebEx
cloud services bandwidth usage is presented in the WebEx Network Bandwidth White Paper.
The information in the following table shows the expected bandwidth for video, audio and web sharing.
WebEx Meeting Component
Aggregate End User Session Bandwidth
Video (360p + 6 thumbnails)
1.5 Mb/s
Audio
0.1 Mb/s
Web sharing
0.6 Mb/s
(This value assumes you flip a slide every 30 seconds.)
Total maximum bandwidth
2.2 Mb/s
Although 2.2 Mb/s is the maximum expected bandwidth for a single user connection, Cisco recommends
using the maximum expected bandwidth of 1.5 Mb/s when calculating bandwidth requirements. Because only
one-half of the maximum number of users can employ video, audio, and web sharing while the remaining
users should use only audio and web sharing, this yields an average bandwidth of approximately 1.5 Mb/s
per user connection.
If you refer to the WebEx Network Bandwidth White Paper, you will notice that the bandwidth values in the
preceding table are based on worst-case traffic conditions. Average bandwidth utilization is much smaller,
but Cisco recommends using worst case numbers for the following reasons:
• Using the worst case numbers for your calculation should help you provide the needed bandwidth to
prevent a degraded user experience as a result of heavy usage.
• The Cisco WebEx Meetings Server sends the same data simultaneously to all the participants in a meeting.
When a WebEx host flips a page on a presentation, an image of that page (possibly comprising several
megabytes) is sent separately to each endpoint, simultaneously, and as quickly as possible.
Bandwidth on Network Paths
Use the following process to determine the necessary bandwidth on various network paths.
1 Determine the averaged bandwidth for a user session using the table provided in the preceding section.
2 Determine the maximum number of users you expect to connect simultaneously over that link.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
51
Networking Topology
Network Bandwidth Requirements
3 Multiply the total bandwidth by the maximum number of users.
Scenario examples:
• If you expect a maximum of 100 users to connect concurrently from the Internet, you will probably need
1.5 Mb/s x 100 = 150 Mb/s of available bandwidth on your ISP connection and through your external
firewall to the Internet Reverse Proxy. For details about Internet Reverse Proxy, see Network
Considerations for the Internet Reverse Proxy, on page 49
• Assume you have a 2000 user system with all connections going through the Internet Reverse Proxy.
In this scenario, you need to assume traffic for all 2000 users will connect to the Internet Reverse Proxy,
and then from the Internet Reverse Proxy to the internal virtual machines. The aggregate bandwidth
coming into the Internet Reverse Proxy from other parts of the network will be 2000 x 1.5 Mb/s = 3
Gb/s. For details about non-split-horizon, see Non-Split-Horizon Network Topology, on page 43.
Note
The same 3 Gb/s of traffic passes inbound and outbound through the Internet Reverse
Proxy, requiring the NIC on the Internet Reverse Proxy to handle 6 Gb/s of user traffic.
See the next section for more information about bandwidth requirements for the NIC
on the Internet Reverse Proxy.
• Assume you have 2000 user system in a split-horizon DNS deployment. In this scenario, your Internet
users will connect to the Internet Reverse Proxy while intranet users connect directly to the internal
virtual machines. Assume ten percent of your users connect to a meeting using the Internet versus 90
percent of users connect to their meetings through the Intranet. The result is the aggregate bandwidth
coming into the Internet Reverse Proxy will now be approximately 300 Mb/s (10 percent of 2000 users
times 1.5 Mb/s equals 300 Mb/s). If that same 300 Mb/s of traffic passes from the Internet Reverse
Proxy, the NIC on the Internet Reverse Proxy may be required to handle 600 Mb/s of user traffic. This
is a dramatically lower bandwidth requirement than with a non-split-horizon DNS deployment described
in the previous scenario. The reduction in network traffic has direct bearing on the recommendations
for NIC or switch interface speed (see next section) which can result in you being able to deploy less
expensive 1 Gb/s NICs on the Cisco UCS Server for the Internet Reverse Proxy or 1 Gigabit Ethernet
Switch Infrastructure in DMZ network. For more details about split-horizon, see Split-Horizon Network
Topology, on page 46.
Note
You may be required to deploy 1 Gigabit Ethernet NICs configured for NIC Teaming
if the Internet Reverse Proxy usage is marginally close to the 1000 Mb/s threshold.
See NIC Teaming for Bandwidth Aggregation, on page 55 for more details.
Bandwidth on Cisco WebEx Meetings Server Network Interfaces
For direct interfaces between your switching architecture and your system, we recommend provisioning your
interface NICs to the maximum speeds shown in the following table. These speeds apply to the connectivity
between the Cisco UCS Servers and ports on head-end switches in your local switching infrastructure only.
These are the recommended speeds needed to support worst-case traffic requirements.
System Capacity
NIC or Switch Interface Speed
50 user system
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
52
1 Gb/s
Networking Topology
Network Bandwidth Requirements
System Capacity
NIC or Switch Interface Speed
250 user system
1 Gb/s
800 user system
10 Gb/s 1718
2000 user system
10 Gb/s19
17 You may optionally choose to reduce network infrastructure costs by deploying NIC Teaming using two or more Gigabit Ethernet NICs on the UCS Server
and NIC Teaming on the head-end switch.
18 For 800 user systems, if your deployment is using internal DAS storage, you can optionally choose to reduce network infrastructure costs by deploying NIC
Teaming using two or more Gigabit Ethernet NICs on the UCS Server and NIC Teaming on the head-end switch. However, if your deployment is using SAN
or NAS storage, you will need a 10 Gigabit Ethernet link.
19 If you have a non-split-horizon DNS deployment, the 10 Gb/s requirement pertains to the IRP and internal virtual machines. If you have a split-horizon DNS
deployment, you may be able to reduce the network infrastructure demands on your IRP (and DMZ network), which can result in you being able to deploy less
expensive 1 Gb/s NICs on the Cisco UCS Server for the Internet Reverse Proxy or 1 Gigabit Ethernet Switch Infrastructure in DMZ network, as described in
the "Bandwidth on Network Paths" section. However the 10 Gb/s speed requirement holds true for the internal virtual machines (and internal network).
See the next section, "Bandwidth Considerations for Split-Horizon DNS Deployments," for more information
about using 1 Gb/s NICs and Ethernet switches for a split-horizon DNS deployment.
Assumptions for NIC Speed Calculations:
• The aggregate end-user session bandwidth (1.5 Mb/s) was used to calculate the NIC speeds shown in
the preceding table.
• The inter-virtual machine control traffic must be free of congestion. This especially applies to 2000 user
systems and any system provisioned for high availability. Severe congestion on virtual machine links
can result in system instability and consequent interruption of service.
• The connections to NAS storage, used for recording and database backup, must not be congested.
• Protocol overhead and implementation inefficiencies result in usable link bandwidth that is significantly
less than the 1 Gb/s or 10 Gb/s speed labels.
• If a large percentage of your traffic will hit the Internet Reverse Proxy when users log in to meetings,
you need to remember that every user connection passes twice through the NIC on the Internet Reverse
Proxy (inbound and outbound). Using the 2000 user system as an example, this means the NIC on the
Internet Reverse Proxy may be required to handle 6 Gb/s of user traffic (2000 users times 1.5 Mb/s
equals 3 Gb/s, times two for inbound and outbound traffic equals 6 Gb/s).
Conservatively, we ask that the local connections be no more than 60 percent used for end user media traffic,
allowing the remaining 40 percent to be available for other traffic, unusual traffic bursts, and network overhead.
Using the 800 user system as an example, we estimate the end user traffic at 1.2 Gb/s for the Admin and
Media virtual machines and 2.4 Gb/s for the Internet Reverse Proxy virtual machine. Applying the 60 percent
rule, we want the NIC to be capable of handling 2 Gb/s for the Admin and Media virtual machines (1.2 Gb/s
estimated user traffic for the Admin and Media virtual machines divided by 60 percent estimated normal
bandwidth consumption equals 2.0 Gb/s) and 4 Gb/s for the Internet Reverse Proxy virtual machine.
Note
The NIC speeds shown in the preceding table do not account for bandwidth used for accessing SAN
storage. If Fibre Channel over Ethernet (FCoE) is used for a SAN connection, it should be provisioned to
use an independent network interface.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
53
Networking Topology
Network Requirements for Multi-data Center
Bandwidth Considerations for Split-Horizon DNS Deployments
With a split-horizon DNS deployment, some of your users will be logging in to meetings from the Internet
and that traffic will hit the Internet Reverse Proxy, while the majority of users who are on the internal network
will be logging into meetings without hitting the Internet Reverse Proxy. With a split-horizon DNS deployment,
if you speed up your network and segment your traffic so that most of your traffic stays within the internal
network (as opposed to hitting the Internet Reverse Proxy), you can potentially use NIC Teaming and provision
a lower-end NIC (1 Gb/s NIC) on the Internet Reverse Proxy and provision the switching infrastructure
between the Internet Reverse Proxy and the Internet to be 1 Gb/s, or at least lower than the recommended 10
Gb/s, for a 2000 user system.
For example, if a company has 100 users who want to access a 2000 port user system from the Internet
concurrently, you would need a bandwidth of 150 Mb/s (1.5 Mb/s aggregate user session bandwidth * 100
users = 150 Mb/s). This implies that a network infrastructure from the DMZ network to the Internet Reverse
Proxy can be 1 Gb/s Ethernet switches, and the Ethernet NIC interface on the Internet Reverse Proxy can be
1 Gb/s, as opposed to the stated 10 Gb/s interface requirement. Even when you factor in that the Internet
Reverse Proxy sees double the traffic (meaning its NIC would have to handle 300 Mb/s of user traffic),
applying the 60 percent rule (explained in the "Bandwidth on Cisco WebEx Meetings Server Network
Interfaces" section) translates to 500 Mb/s. A 1 Gb/s link is still sufficient, but it would not be sufficient if
we assumed 250 users instead of 100 users.
Note
The optimization of bandwidth is only applicable for the NIC on the Internet Reverse Proxy in a
split-horizon DNS deployments.
For non-split-horizon DNS deployments, you must deploy 10 Gb/s Ethernet switches and Ethernet NIC
interfaces on the Internet Reverse Proxy.
Network Requirements for Multi-data Center
Requirements for a network link between two data centers:
• Guaranteed bandwidth of 4.5 Mbps for essential inter-data center communications.
• Less than 200 ms latency (round-trip time delay).
Data center network requirements for inter-data center cascaded meetings:
• Each cascaded meeting with audio and Web requires 0.16 Mbps.
• Each cascaded meeting with LQ video at 180p, audio, and Web requires 0.66 Mbps.
• Each cascaded meeting with HQ video at 360p, audio, and Web requires 1.20 Mbps.
• Less than 200 ms latency (round-trip time delay).
For example, a worst case a 2000 user system (maximum number of 1000 meetings are cascaded. Half of
them can have Video, and half are without:
• HQ video : 500 x 1.2 + 500 x 0.16 = 680 Mbps
• LQ video: 500 x 0.66 + 500 x 0.16 = 410 Mbps
For an 800 user system:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
54
Networking Topology
NIC Teaming for Bandwidth Aggregation
• HQ video: 680 / 2000 x 800 = 272 Mbps
• LQ video: 410 / 2000 x 800 = 164 Mbps
For a 250 user system:
• HQ video: 680 / 2000 x 250 = 85 Mbps
• LQ video: 410 / 2000 x 250 = 51.25 Mbps
Additional information can be found at http://www.cisco.com/c/en/us/products/conferencing/
webex-meeting-center/white-paper-listing.html.
NIC Teaming for Bandwidth Aggregation
Configuring NIC Teaming on your UCS Servers that contain the ESXi host with the internal virtual machines
provides two advantages: NIC Teaming load balances the network traffic between physical and virtual networks,
and provides failover in the event of a hardware failure or a network outage. In addition, for deployments
where 10 Gb/s infrastructure is not available, it may be possible for you to team multiple 1 Gb/s NICs to
achieve an equivalent result.
Note
For more information about NIC speeds required for different size user systems, see the section "Bandwidth
on Cisco WebEx Meetings Server Network Interfaces" in this chapter.
Cisco supports NIC Teaming for bandwidth load balancing for all user system sizes--50, 250, 800, and 2000
user systems--but it is most useful for customers who are trying to optimize networking costs for an 800 user
system. If your deployment is using internal DAS storage, the aggregate bandwidth requirements to and from
Cisco UCS Servers and the head-end switches for an 800 user system are projected to be similar to using Dual
1 Gigabit Ethernet NICs (or Quad 1 Gigabit Ethernet NICs on a system with HA) to support worst-case traffic
requirements, thereby alleviating the need to provision the UCS Servers with 10 Gigabit Ethernet NICs (or
to purchase 10 Gigabit Ethernet head-end switches).
Note
If your deployment is using SAN or NAS storage, the aggregate bandwidth requirements to and from
Cisco UCS Servers and the head-end switches for an 800 user system is 10 Gigabits Ethernet.
Note
For information about provisioning NIC teaming in VMware, refer to the VMware documentation at http:/
/kb.vmware.com and search for "NIC teaming in ESXi/ESX".
Assuming the use of traditional network interfaces and Ethernet switches, you can provide redundancy by
using NIC teaming and duplicate switches, as outlined in the following process:
• Set up an Ethernet switch which supports IEEE 802.3ad/IEEE 802.1ax Link Aggregation Control Protocol
(LACP).
• Using vCenter, connect the virtual machine port group associated with the Cisco WebEx Meetings Server
virtual machines to both physical adapters.
• Connect both physical adapters to the switch.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
55
Networking Topology
Load Balancing
• Provision the switch to statically provision the two ports as a team.
• Using VMware vSphere, set NIC Teaming to Active/Active to allow throughput on both NIC interfaces.
For example, for an 800 user deployment, two 1 Gb/s links may be substituted for each 10 Gb/s link on the
ESXi host with the internal virtual machines, and four 1 Gb/s links may be substituted for each 10 Gb/s link
on the Internet Reverse Proxy. (To get fault tolerance on a system with HA, as described in the section
"Redundant Network Connections for HA Deployments", it is necessary to double the number of links.) With
the ESXi host with the internal virtual machines, connect two 1 Gb/s links to the first Ethernet switch plus
two 1 Gb/s links to the second Ethernet switch.
Note
The example server configurations shown in the Cisco WebEx Meetings Server System Requirements do
not include sufficient network interfaces to support NIC Teaming for this purpose.
Load Balancing
Load balancing is always done on CWMS no matter what type of traffic is being handled and it is not
configurable.
The system attempts to balance the load equally on all web nodes. When the deployment is a system without
High Availability (HA), connections are balanced among all web nodes on that system. In the case of a HA
deployment, the system uses the web nodes on both the primary system and the HA system for load balancing.
In the event of a failure of one, but not all web nodes, the system remains active, but capacity is reduced.
The Internet Reverse Proxy (IRP) node is an entry point and most load balancing decisions are made there.
Only one IRP node is active on a system. A system without HA deployment has only one IRP node. A system
with HA deployment has two IRP nodes, one IRP is active while the other is inactive. Depending on the DNS
configuration, IRP serves all external traffic (and all internal traffic in case of non-split DNS).
If there is a failure involving multiple hosts, then the functionality and capacity might be affected.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
56
CHAPTER
4
Networking Changes Required For Your
Deployment
• Networking Checklist for Your System, page 58
• Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public
Access, page 59
• Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and
All Internal Virtual Machines, page 61
• Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access,
and a Non-Split-Horizon DNS, page 64
• Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and
a Non-Split Horizon DNS, page 66
• Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access,
and a Split-Horizon DNS, page 69
• Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a
Split-Horizon DNS, page 72
• Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public
Access, page 75
• Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access,
page 76
• WebEx Site and WebEx Administration URLs, page 79
• Port Access When All the Virtual Machines Are in the Internal Network, page 80
• Port Access With an Internet Reverse Proxy in the DMZ Network, page 81
• VMware vCenter Ports, page 85
• Cisco WebEx Meeting Center Ports, page 87
• Using NAT With Your System, page 87
• Forward Proxies, page 90
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
57
Networking Changes Required For Your Deployment
Networking Checklist for Your System
Networking Checklist for Your System
The networking checklist lists the networking changes required for your system, depending on your DNS
configuration and whether or not you enable public access (allowing users to host or attend meetings from
the Internet or a mobile device).
Choose the appropriate checklist depending on whether you are using automatic system deployment
(recommended for 50, 250, or 800 user deployments) or manual system deployment (required for a 2000 user
deployment).
• All virtual machines, including the Internet Reverse Proxy, are in your internal network (easiest
configuration)
◦Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public
Access, on page 59
◦Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access,
and All Internal Virtual Machines, on page 61
• Non-split-horizon DNS (the most common DNS configuration)
◦Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access,
and a Non-Split-Horizon DNS, on page 64
◦Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access,
and a Non-Split Horizon DNS, on page 66
• Split-horizon DNS
◦Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access,
and a Split-Horizon DNS, on page 69
◦Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access,
and a Split-Horizon DNS, on page 72
• Systems without public access
◦Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public
Access, on page 75
◦Networking Checklist For an Installation or Expansion With Manual Deployment and No Public
Access, on page 76
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
58
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public Access
Networking Checklist for an Installation or Expansion With an
Automatic Deployment and Public Access
Virtual Machine Deployment
In an automatic deployment, we deploy all the virtual machines (other than the Admin virtual machine) for
you. We recommend that you choose an automatic deployment if you are deploying a 50, 250, or 800 user
system.
• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.
• Verify that the Internet Reverse Proxy virtual machines are in your internal network.
• Verify that the ESXi hosts for all your virtual machines (including the Internet Reverse Proxy) are
managed from the same VMware vCenter.
Required IP Addresses
Description
Network Location
IP Address
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the Internet Reverse Proxy Internal (may be on the same
subnet as Admin virtual machine)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to the public VIP address)
Internal (same subnet as the
Internet Reverse Proxy). This IP
address must be publicly routable.
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
Internal [same subnet as the
primary system Internet Reverse
Proxy (but can use NAT with a
private IP address)]
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
59
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public Access
DNS Configuration
Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site
URL and the Administration site URL. For a list of the words that you cannot use, see WebEx Site and WebEx
Administration URLs, on page 79.
Task
Hostnames and IP addresses of the internal virtual
machines: Admin virtual machine and, if applicable,
the Media virtual machine.
Examples
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Hostname and IP address for the Internet Reverse
Proxy virtual machine.
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Administration site URL and Private VIP address.
• <Administration-site-URL>
<Private-VIP-address>
WebEx site URL and Public VIP address.
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate
from the internal (Admin or Media) virtual machines. See Port Access When All the Virtual Machines Are
in the Internal Network, on page 80.
Network Routing Configuration
Task
Enable Layer 3 routing between the internal and DMZ
networks.
Examples
• Internal Subnet <internal-subnet>/24
• DMZ Subnet <DMZ-subnet>/24
Verify that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet. [As you are deploying all your system virtual
machines internally (the Internet Reverse Proxy is
not in the DMZ), this subnet must be in the internal
network.]
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
60
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal
Virtual Machines
Task
Examples
Verify that the Private VIP address and internal virtual
machines are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Networking Checklist for an Installation or Expansion With a
Manual Deployment, Public Access, and All Internal Virtual
Machines
Virtual Machine Deployment
In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your
vSphere client. You then install your system using a manual deployment.
You must choose a manual deployment if you are deploying a 2000 user system.
• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same
subnet as the Admin virtual machine.
• Ensure that the Internet Reverse Proxy virtual machines are in your internal network.
Required IP Addresses
Description
Network Location
IP Address
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the second Media virtual Internal (same subnet as Admin
machine (2000 user system only)
virtual machine)
Real IP address of the third Media virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Web virtual machine
(2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the second Web virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
61
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal
Virtual Machines
Description
Network Location
IP Address
Real IP address of the Internet Reverse Proxy Internal (may be on the same
subnet as Admin virtual machine)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to the public VIP address)
Internal (same subnet as the
Internet Reverse Proxy)
Note
This IP address must be
publicly routable.
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Web virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
Internal—same subnet as the
primary system's Internet Reverse
Proxy (but may use NAT with a
private IP address)
DNS Configuration
Make the following changes to your DNS configuration.
Note
There are some limitations for the hostname portion of the WebEx site URL and the Administration site
URL. For a list of the words that you may not use, see WebEx Site and WebEx Administration URLs,
on page 79.
Task
Update your DNS Server with the hostnames and IP
Addresses for the internal virtual machines: Admin
virtual machine and if applicable, the Media and Web
virtual machines.
Example
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Update your DNS server with the hostname and IP
address for the Internet Reverse Proxy virtual
machine.
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
62
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal
Virtual Machines
Task
Example
Update your DNS server with Administration site
URL and Private VIP address information.
• <Administration-site-URL>
<Private-VIP-address>
Update your DNS server with WebEx site URL and
Public VIP address information.
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from
the internal (Admin, Media and Web, if applicable) virtual machines.
Although it is not recommended, we do also support placing all of your virtual machines (Internet Reverse
Proxy and internal) on the same subnet. See Port Access When All the Virtual Machines Are in the Internal
Network, on page 80.
Network Routing Configuration
Make the following changes to your network routing.
Task
Compare These IP Addresses
Enable L3 (Layer 3) routing between the internal and
DMZ networks for the following virtual machines:
Admin virtual machine and if applicable, the Media
and Web virtual machines
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Ensure that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet.
Note
As you are deploying all your system virtual
machines internally (the Internet Reverse
Proxy is not in the DMZ), then this subnet
must be in the internal network.
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
63
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a
Non-Split-Horizon DNS
Task
Compare These IP Addresses
Ensure that the Private VIP address and internal
virtual machines (Admin, and Media and Web, if
applicable) are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Networking Checklist for an Installation or Expansion With
Automatic Deployment, Public Access, and a Non-Split-Horizon
DNS
Virtual Machine Deployment
In an automatic deployment, we deploy all the virtual machines (other than the Admin virtual machine) for
you. We recommend that you choose an automatic deployment if you are deploying a 50, 250, or 800 user
system.
• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.
• Verify that the Internet Reverse Proxy virtual machines are in your DMZ network.
Required IP Addresses
Description
Network Location
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the Internet Reverse Proxy DMZ (but can use NAT with a
private IP address)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to the public VIP address)
DMZ (same subnet as the Internet
Reverse Proxy)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
64
IP Address
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a
Non-Split-Horizon DNS
Description
Network Location
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
DMZ [same subnet as the primary
system Internet Reverse Proxy
(but can use NAT with a private
IP address)]
IP Address
DNS Configuration
Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site
URL and the Administration site URL. For a list of the words that you cannot use, see WebEx Site and WebEx
Administration URLs, on page 79.
Task
Example
Hostnames and IP addresses of the internal virtual
machines: Admin virtual machine and, if applicable,
the Media virtual machine.
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Hostname and IP address for the Internet Reverse
Proxy virtual machine.
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Administration site URL and Private VIP address.
• <Administration-site-URL>
<Private-VIP-address>
WebEx site URL and Public VIP address.
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate
from the internal (Admin or Media) virtual machines. See Port Access When All the Virtual Machines Are
in the Internal Network, on page 80.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
65
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split
Horizon DNS
Network Routing Configuration
Make the following changes to your network routing.
Task
Compare These IP Addresses
Enable Layer 3 routing between the internal and DMZ
networks.
• Internal Subnet <internal-subnet>/24
• DMZ Subnet <DMZ-subnet>/24
Verify that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet.
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Verify that the Private VIP address and internal virtual
machines are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Networking Checklist For an Installation or Expansion With
Manual Deployment, Public Access, and a Non-Split Horizon
DNS
Virtual Machine Deployment
In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your
vSphere client. You then install your system using a manual deployment.
You must choose a manual deployment if you are deploying a 2000 user system.
• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same
subnet as the Admin virtual machine.
• Ensure that the Internet Reverse Proxy virtual machines are in your DMZ network.
Required IP Addresses
Description
Network Location
Real IP address of the Admin virtual machine Internal
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
66
IP Address
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split
Horizon DNS
Description
Network Location
IP Address
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the second Media virtual Internal (same subnet as Admin
machine (2000 user system only)
virtual machine)
Real IP address of the third Media virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Web virtual machine
(2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the second Web virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Internet Reverse Proxy DMZ (but may use NAT with a
private IP address)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to the public VIP address)
DMZ (same subnet as the Internet
Reverse Proxy)
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Web virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
DMZ—same subnet as the
primary system's Internet Reverse
Proxy (but may use NAT with a
private IP address)
DNS Configuration
Make the following changes to your DNS configuration.
Note
There are some limitations for the hostname portion of the WebEx site URL and the Administration site
URL. For a list of the words that you may not use, see WebEx Site and WebEx Administration URLs,
on page 79.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
67
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split
Horizon DNS
Task
Update your DNS Server with the hostnames and IP
Addresses for the internal virtual machines: Admin
virtual machine and if applicable, the Media and Web
virtual machines.
Example
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Update your DNS server with the hostname and IP
address for the Internet Reverse Proxy virtual
machine.
• <IRP-vm-FQDN>
Update your DNS server with Administration site
URL and Private VIP address information.
• <Administration-site-URL>
<IRP-vm-IP-address>
<Private-VIP-address>
Update your DNS server with WebEx site URL and
Public VIP address information.
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from
the internal (Admin, Media and Web, if applicable) virtual machines. See Port Access With an Internet Reverse
Proxy in the DMZ Network, on page 81.
Network Routing Configuration
Make the following changes to your network routing.
Task
Enable L3 (Layer 3) routing between the internal and
DMZ networks for the following virtual machines:
Admin virtual machine and if applicable, the Media
and Web virtual machines
Compare These IP Addresses
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
68
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon
DNS
Task
Compare These IP Addresses
Ensure that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet.
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Ensure that the Private VIP address and internal
virtual machines (Admin, and Media and Web, if
applicable) are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Networking Checklist For an Installation or Expansion With
Automatic Deployment, Public Access, and a Split-Horizon DNS
Virtual Machine Deployment
In an automatic deployment, we deploy all the virtual machines (other than the Admin virtual machine) for
you. We recommend that you choose an automatic deployment if you are deploying a 50, 250, or 800 user
system.
• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.
• Verify that the Internet Reverse Proxy virtual machines are in your DMZ network.
Required IP Addresses
Description
Network Location
IP Address
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the Internet Reverse Proxy DMZ (but can use NAT with a
private IP address)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
69
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon
DNS
Description
Network Location
IP Address
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to two VIP addresses):
• internal users—private VIP address
• Internal users—Internal
(same subnet as Admin
virtual machine)
• external users—public VIP address
• External users—DMZ (same
subnet as the Internet
Reverse Proxy)
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
DMZ [same subnet as the primary
system Internet Reverse Proxy
(but can use NAT with a private
IP address)]
DNS Configuration
Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site
URL and the Administration site URL. For a list of the words that you cannot use, see WebEx Site and WebEx
Administration URLs, on page 79.
Task
Hostnames and IP addresses of the internal virtual
machines: Admin virtual machine and, if applicable,
the Media virtual machine.
Example
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Hostname and IP address for the DMZ virtual
machine.
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
70
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon
DNS
Task
Example
WebEx site URL, Administration site URL, and
Private VIP address information.
• <Administration-site-URL>
<Private-VIP-address>
• <WebEx-site-URL>
<Private-VIP-address>
WebEx site URL and Public VIP address.
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate
from the internal (Admin or Media) virtual machines. See Port Access When All the Virtual Machines Are
in the Internal Network, on page 80.
Network Routing Configuration
Make the following changes to your network routing.
Task
Compare These IP Addresses
Enable Layer 3 routing between the internal and DMZ
networks.
• Internal Subnet <internal-subnet>/24
• DMZ Subnet <DMZ-subnet>/24
Verify that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet.
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Verify that the Private VIP address and internal virtual
machines are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
71
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon
DNS
Networking Checklist for an Installation or Expansion with
Manual Deployment, Public Access, and a Split-Horizon DNS
Virtual Machine Deployment
In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your
vSphere client. You then install your system using a manual deployment.
You must choose a manual deployment if you are deploying a 2000 user system.
• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same
subnet as the Admin virtual machine.
• Ensure that the Internet Reverse Proxy virtual machines are in your DMZ network.
Required IP Addresses
Description
Network Location
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the second Media virtual Internal (same subnet as Admin
machine (2000 user system only)
virtual machine)
Real IP address of the third Media virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Web virtual machine
(2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the second Web virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Internet Reverse Proxy DMZ (but may use NAT with a
private IP address)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to two VIP addresses)
• internal users—private VIP address
• Internal users—Internal
(same subnet as Admin
virtual machine)
• external users—public VIP address
• External users—DMZ (same
subnet as the Internet
Reverse Proxy)
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
72
IP Address
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon
DNS
Description
Network Location
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Web virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
DMZ—same subnet as the
primary system's Internet Reverse
Proxy (but may use NAT with a
private IP address)
IP Address
DNS Configuration
Make the following changes to your DNS configuration.
Note
There are some limitations for the hostname portion of the WebEx site URL and the Administration site
URL. For a list of the words that you may not use, see WebEx Site and WebEx Administration URLs,
on page 79.
Task
Example
Update your DNS Server (that enables internal
lookup) with the hostnames and IP Addresses for the
internal virtual machines: Admin virtual machine and
if applicable, the Media and Web virtual machines.
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Update your DNS server (that enables internal lookup)
with the hostname and IP address for the DMZ virtual
machine.
• <IRP-vm-FQDN>
Update your DNS server (that enables internal lookup)
with WebEx site URL, Administration site URL, and
Private VIP address information.
• <Administration-site-URL>
<IRP-vm-IP-address>
<Private-VIP-address>
• <WebEx-site-URL>
<Private-VIP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
73
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon
DNS
Task
Update your DNS server (that enables external
lookup) with WebEx site URL and Public VIP address
information.
Example
• <WebEx-site-URL>
<Public-VIP-address>
Firewall Configuration
For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from
the internal (Admin, Media and Web, if applicable) virtual machines. See Port Access With an Internet Reverse
Proxy in the DMZ Network, on page 81.
Network Routing Configuration
Make the following changes to your network routing.
Task
Enable L3 (Layer 3) routing between the internal and
DMZ networks for the following virtual machines:
Admin virtual machine and if applicable, the Media
and Web virtual machines
Compare These IP Addresses
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Ensure that the Public VIP address and the Internet
Reverse Proxy virtual machines are on the same
subnet.
• <Public-VIP-address>
• <IRP-vm-FQDN>
<IRP-vm-IP-address>
Ensure that the Private VIP address and internal
virtual machines (Admin virtual machine and if
applicable, the Media and Web virtual machines) are
on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
74
Networking Changes Required For Your Deployment
Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public Access
Networking Checklist for an Installation or Expansion with
Automatic Deployment and No Public Access
Virtual Machine Deployment
In an automatic deployment, we deploy all the virtual machines (other than the Admin virtual machine) for
you. We recommend that you choose an automatic deployment if you are deploying a 50, 250, or 800 user
system.
Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.
Required IP Addresses
Description
Network Location
IP Address
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
Real IP address of the HA Internet Reverse
Proxy (if applicable)
Internal (same subnet as primary
system Admin virtual machine)
DNS Configuration
Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site
URL and the Administration site URL. For a list of the words that you cannot use, see WebEx Site and WebEx
Administration URLs, on page 79.
Task
Example
Hostnames and IP addresses of the internal virtual
machines: Admin virtual machine and, if applicable,
the Media virtual machine.
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
75
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access
Task
WebEx site URL, Administration site URL, and
Private VIP address information.
Example
• <Administration-site-URL>
<Private-VIP-address>
• <WebEx-site-URL>
<Private-VIP-address>
Firewall Configuration
Task
Example
Configure all the firewalls inside your internal
HTTP <Private-VIP-address>:80
network to permit web browsers to access the Private HTTPS <Private-VIP-address>:443
VIP address.
Network Routing Configuration
Task
Verify that the Private VIP address and internal virtual
machines are on the same subnet.
Compare These IP Addresses
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
Networking Checklist For an Installation or Expansion With
Manual Deployment and No Public Access
Virtual Machine Deployment
In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your
vSphere client. You then install your system using a manual deployment.
You must choose a manual deployment if you are deploying a 2000 user system.
• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same
subnet as the Admin virtual machine.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
76
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access
Required IP Addresses
Description
Network Location
IP Address
Real IP address of the Admin virtual machine Internal
Real IP address of the Media virtual machine Internal (same subnet as Admin
(if applicable)
virtual machine)
Real IP address of the second Media virtual Internal (same subnet as Admin
machine (2000 user system only)
virtual machine)
Real IP address of the third Media virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the Web virtual machine
(2000 user system only)
Internal (same subnet as Admin
virtual machine)
Real IP address of the second Web virtual
machine (2000 user system only)
Internal (same subnet as Admin
virtual machine)
Administration URL (used exclusively by the Internal (same subnet as Admin
system. Maps to the private VIP address)
virtual machine)
WebEx site URL (used exclusively by the
system. Maps to the private VIP address)
Internal (same subnet as Admin
virtual machine)
Real IP address of the HA Admin virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Media virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
Real IP address of the HA Web virtual
machine (if applicable)
Internal (same subnet as primary
system's Admin virtual machine)
DNS Configuration
Make the following changes to your DNS configuration.
Note
There are some limitations for the hostname portion of the WebEx site URL and the Administration site
URL. For a list of the words that you may not use, see WebEx Site and WebEx Administration URLs,
on page 79.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
77
Networking Changes Required For Your Deployment
Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access
Task
Update your DNS Server (that enables internal
lookup) with the hostnames and IP Addresses for the
internal virtual machines: Admin virtual machine and
if applicable, the Media and Web virtual machines.
Example
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
Update your DNS server with Administration site
URL, WebEx site URL, and Private VIP address
information.
• <Administration-site-URL>
<Private-VIP-address>
• <WebEx-site-URL>
<Private-VIP-address>
Firewall Configuration
Make the following changes to your firewalls.
Task
Configure all the firewalls inside your internal
network to permit web browsers to access the Private
VIP address.
Example
• HTTP <Private-VIP-address>:80
• HTTPS <Private-VIP-address>:443
Network Routing Configuration
Make the following changes to your network routing.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
78
Networking Changes Required For Your Deployment
WebEx Site and WebEx Administration URLs
Task
Compare These IP Addresses
Ensure that the Private VIP address and internal
virtual machines (Admin, and Media and Web, if
applicable) are on the same subnet.
• <Private-VIP-address>
• <admin-vm-FQDN>
<admin-vm-IP-address>
• <media-vm-FQDN>
<media-vm-IP-address>
• <web-vm-FQDN>
<web-vm-IP-address>
WebEx Site and WebEx Administration URLs
WebEx Site URL
Users access the WebEx site URL to schedule, host, or attend meetings. This URL resolves to either the private
VIP address or the public VIP address, depending on whether or not you are using a split-horizon DNS.
• Resolves to the public VIP address for all users, when you do not have split-horizon DNS.
• Resolves to the public VIP address for external users when you have split-horizon DNS.
• Resolves to the private VIP address for internal users when you have split-horizon DNS.
Note
Ports 80 and 443 must be open for the WebEx site URL.
WebEx Administration URL
Administrators access the WebEx Administration URL to configure, manage, and monitor the system. This
URL resolves to the private VIP address.
Note
Ports 80 and 443 must be open for the WebEx Administration URL.
Names for the WebEx Site and WebEx Administration URLs
You may choose almost any names for these URLs, comprising all lowercase characters. However, you cannot
use the following as the hostname in the URLs:
• the same name as the hostnames for any of the virtual machines in the system
• authentication
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
79
Networking Changes Required For Your Deployment
Port Access When All the Virtual Machines Are in the Internal Network
• client
• companylogo
• dispatcher
• docs
• elm-admin
• elm-client-services
• emails
• maintenance
• manager
• orion
• oriondata
• oriontemp
• nbr
• npp
• probe
• reminder
• ROOT
• solr
• TomcatROOT
• upgradeserver
• url0107ld
• version
• WBXService
• webex
Port Access When All the Virtual Machines Are in the Internal
Network
This section describes the port access required in the external firewall when all the system virtual machines
(Admin, and if applicable, Media, Web, and Internet Reverse Proxy) are in the internal network. This is the
Internal Internet Reverse Proxy network topology.
Ensure that the firewall or any load balancing solution redirects requests to the ports listed below to ensure
end users can host and join meetings successfully.
• TCP Port 80 to the public virtual IP (VIP) address
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
80
Networking Changes Required For Your Deployment
Port Access With an Internet Reverse Proxy in the DMZ Network
• TCP Port 443 to the public virtual IP (VIP) address
Note
The Web node and Admin node send SMTP requests to the configured Email server. If there is a firewall
between the internal Web and Admin virtual machines and the Email server, SMTP traffic might be
blocked. To ensure Email server configuration and Email notification work properly, port 25 or 465 (secure
SMTP port number) must be open between the Email server and the Web and the Admin virtual machines.
Port Access With an Internet Reverse Proxy in the DMZ Network
This section describes the port access required in the internal and external firewalls when you have internal
virtual machines (Admin, and if applicable, Media and Web) in the internal network, and the Internet Reverse
Proxy (IRP) in the DMZ network.
Configure access control lists (ACLs) on the switch that permits traffic to the ESXi hosts for the system's
virtual machines.
Port Access in the External Firewall
Enabled public access by opening port 80 (HTTP) in addition to port 443 (HTTPS), so users can enter the
WebEx site URL without having to remember whether it is HTTP or HTTPS. Although port 80 is open, all
the network traffic flows over port 443 (SSL encrypted HTTPS).
Important
Ensure that the firewall or any load balancing solution redirects requests to the ports listed below to ensure
users can host and join meetings successfully.
Restriction
Configure TCP port 64700 on the IRP machine to deny any requests that come to the public VIP address.
In the external firewall, this limits access to this port for requests only from the Admin virtual machines.
Protocol
Port
Source
Destination
Why It Is Needed
TCP
443
Any external clients. Public VIP (Eth1) of External clients
the IRP.
access the WebEx
site URL by using
HTTPS. TCP
connections are
initiated from the
external client
machines to the IRP
virtual machines.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
81
Networking Changes Required For Your Deployment
Port Access in the Internal Firewall
Protocol
Port
Source
TCP
80
Any external clients. Public VIP (Eth1) of External clients
the IRP.
accessing the
WebEx site URL by
using HTTP. TCP
connections are
initiated from the
external client
machines to the IRP
virtual machines.
TCP
8444
Any external clients. Public VIP (Eth1) of External clients
the IRP.
accessing the
WebEx recordings
by using HTTPS.
TCP connections
are initiated from
the external client
machines to the IRP
virtual machines.
(Introduced in
2.5MR1, 2.6, and
2.0MR6HF.)
UDP
53
Real IP (Eth0) of
the IRP.
Destination
DNS server.
Why It Is Needed
This is needed if
you have a firewall
between the virtual
machines and the
DNS server, for
your system to
deploy and operate
successfully.
Port Access in the Internal Firewall
If you have restrictions on connections from the internal network to the DMZ network, then the table in this
section applies. Allow TCP connections outbound from the internal network to the DMZ network segment.
Note
No TCP connections need to be allowed from the DMZ segment in to the internal network for this product
to work properly.
Note
Using iptables or access control lists (ACLs), configure the firewall so that connections to port 64616
only come from the Admin virtual machine.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
82
Networking Changes Required For Your Deployment
Port Access in the Internal Firewall
Note
The Web node and Admin node send SMTP requests to the configured Email server. If there is a firewall
between the internal Web and Admin virtual machines and the Email server, SMTP traffic might be
blocked. To ensure Email server configuration and Email notification work properly, port 25 or 465 (secure
SMTP port number) must be open between the Email server and the Web and the Admin virtual machines.
Note
Especially when the IRP is in the DMZ network, allow Internet Control Message Protocol (ICMP) echo
requests and replies. Otherwise, the IRP detect and the DNS server availability validation might fail if the
ICMP echo reply is not received.
Protocol
Port
Source
Destination
Why It Is Needed
TCP
64001
All internal virtual Real IP (Eth0) of
machines (Eth0 IP). the IRP virtual
machines.
Establishes reverse
connections to the
IRP. TCP
connections are
established from the
internal virtual
machines to the IRP
virtual machines.
TCP
64002
Admin and web
virtual machines
(Eth0 IP).
Real IP (Eth0) of
the IRP virtual
machines.
Establishes reverse
connections to the
IRP. TCP
connections are
established from the
internal virtual
machines to the IRP
virtual machines.
TCP
7001
All internal virtual Real IP (Eth0) of
machines (Eth0 IP). the IRP virtual
machines.
Establishes reverse
connections to the
IRP. TCP
connections are
initiated from the
internal virtual
machines to the IRP
virtual machines.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
83
Networking Changes Required For Your Deployment
Port Access in the Internal Firewall
Protocol
Port
Source
Destination
TCP
64616
Admin virtual
Real IP (Eth0) of
machines (Eth0 IP). the IRP virtual
machines.
Why It Is Needed
Bootstrap the IRP.
TCP connections
are initiated from
the Admin virtual
machines to the IRP
virtual machines.
Note
TCP
22
Any internal client
machines.
Real IP (Eth0) of
the IRP virtual
machines.
TCP
443
Any internal client
machines.
Private VIP (Eth1) Internal users
of the Admin virtual accessing the
machines.
WebEx site URL by
using HTTPS. TCP
Real IP (Eth0) of
connections are
the Media virtual
established from the
machines.
internal client
machine to the
Admin virtual
machine.
TCP
443
Private VIP (Eth1) Public VIP (Eth1) of
of the Admin virtual the IRP.
machines and Real
IP (Eth0) of the
Media virtual
machines.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
84
Using
iptables or
access
control lists
(ACLs),
configure
the firewall
so that
connections
to port
64616 only
come from
the Admin
virtual
machine.
Troubleshooting the
IRP virtual
machines using a
Remote Support
Account.
Networking Changes Required For Your Deployment
VMware vCenter Ports
Protocol
Port
Source
Destination
TCP
65002
Any internal client
machines.
Any internal virtual Controls network
machines.
traffic between
internal virtual
machines.
TCP
65102
Any internal client
machines.
Any internal virtual Controls network
machines.
traffic between
internal virtual
machines.
TCP
80
Any internal client
machines.
Private VIP (Eth1) Internal users
of the Admin virtual accessing the
machines.
WebEx site URL
using HTTP. TCP
connections are
established from the
internal client
machine to the
Admin virtual
machine.
UDP
53
All internal virtual DNS server.
machines (Eth0 IP).
If you have a
firewall between the
virtual machines
and the DNS server,
for your system to
deploy and operate
successfully.
TCP
8443
Cisco WebEx
Meetings Server
Web Node.
For AXL traffic in a
multi-data center
system between
Cisco WebEx
Meetings Server and
CUCM to allow
LDAP CUCM
failover.
CUCM
Why It Is Needed
VMware vCenter Ports
Ports Open for Deployment
These are some of the ports that are used during the deployment of a Single-data Center (SDC) Cisco WebEx
Meetings Server (CWMS). Once the deployment completes, you can close any ports that were opened solely
for the deployment.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
85
Networking Changes Required For Your Deployment
VMware vCenter Ports
TCP Port 443 should be open, in both directions, between vCenter and the Admin virtual machine for secure
https management during an automatic system deployment. The Admin virtual machine uses this port to
provide vCenter credentials to deploy the virtual machines automatically in vCenter.
The ports listed below are used for communication between the ESXi host and vCenter. If the ESXi host and
vCenter are connected to a separate management network, you may not need to open these ports through the
firewall. For a complete list of ports used by vCenter and the ESXi host, see your VMware documentation.
• UDP/TCP Port 902 in both directions between vCenter and the ESXi hosts for vCenter management
• (Optional) TCP Port 22 from the vSphere client to the ESXi hosts for SSH management
• UDP Port 514 from the ESXi hosts for your system to the internal syslog
• TCP Port 5989 in both directions between vCenter and the ESXi hosts for XML management
The default UDP port used for external clients for audio and video data transmission is SSL (port 443).
Ports Open to Support Multi-data Center
Ports to be open between the internal machines
tcp 8080 tcp 8081 tcp 8082 tcp 9809 tcp 9810 tcp
9811 tcp 9812 tcp 9813 tcp 9814 tcp 9815 tcp 9816
tcp 9817 tcp 9818 tcp 9819 tcp 9820 tcp 9840 tcp
6502 tcp 12340 tcp 12342 tcp 12442
tcp 7001 tcp 7003
tcp 7004
tcp 7005
tcp:5060
tcp 5061
tcp 5062
tcp 5063
tcp 22
Ports to be open between the internal machines and
Virtual IPs
tcp 443
tcp 80
Ports to open between Internet Reverse Proxy IPs and tcp 7001
the internal machines
tcp 64001
tcp 64700
tcp 64616
UDP ports to open between the internal machines
udp range:10000:19999
udp range:16000:32000
udp range:9000:9009
udp 5060
udp 5062
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
86
Networking Changes Required For Your Deployment
Cisco WebEx Meeting Center Ports
Cisco WebEx Meeting Center Ports
• The UDP ports used for internal clients for audio and video data transmission between UDP and SSL
include:
◦For 50 user systems, use UDP port 9000
◦For 250 user systems, use UDP ports 9000, 9001, 9002, 9003
◦For 800 user systems, use UDP ports 9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007, 9008, 9009
◦For 2000 user systems, use UDP ports 9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007
• With the appropriate network settings, internal media servers allow connections through any port used
by Meeting Center.
• The Internet Reverse Proxy only accepts connections from Meeting Center through TCP ports 80 and
443.
Using NAT With Your System
Cisco supports Network Address Translation (NAT) traversal with this product for virtual machine IP addresses
and for the virtual IP addresses (Public and Private VIPs) that are used in your system.
The following schematic diagram illustrates a typical NAT traversal for a 50 user system without High
Availability (HA). By using NAT, you can reduce the number of public IP addresses required for the product
to just one IP address, instead of two (or three if you deploy HA). You can also deploy similar NAT deployments
as long as these meet the overall system requirements.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
87
Networking Changes Required For Your Deployment
Using NAT With Your System
Important
The use of multiple NATs and firewalls tends to increase latency, affecting the quality of real time-traffic
for users.
Also, when using multiple NAT domains, routing between these various NAT domains can be challenging.
You can use NAT-ed IP addresses as long as the following requirements are met:
• All the virtual machines in the system can use NAT-ed IP addresses, with the exception of the Internet
Reverse Proxy virtual machine. NAT between the Administration virtual machine and the Internet
Reverse Proxy virtual machine is not supported. The IP address of the Internet Reverse Proxy virtual
machine (its real IP address) must be reachable by the Administration virtual machine through the
internal network.
• The public VIP address itself does not need to be publicly visible, but it must be translatable from
the Internet.
• When deploying public access, the WebEx site URL must be mapped to an Internet-visible IP address.
This Internet-visible IP address must be accessible by external users and also map to the public VIP
address you configure during the system deployment.
You can choose to make the public VIP address visible from the Internet. If you choose not to make
it publicly visible, then it must be translatable from the Internet.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
88
Networking Changes Required For Your Deployment
Using NAT With Your System
In the diagram, an external user accesses the WebEx site to join or host a meeting. Following a DNS lookup,
the IP address for the WebEx site is the NAT public IP address (Eth0). This NAT public IP address is for the
external NAT firewall router (Firewall and NAT router 1), between the external network and the DMZ network.
The firewall router receives this request from the external user, and internally routes the request to the NAT
private IP address for the router (Eth1, exposed to the DMZ network). Eth1 then sends the request to the public
VIP address (also a NAT IP address in the private networking segment for the WebEx site).
You can use NAT IP addresses for the public VIP address, and the Internet Reverse Proxy IP addresses. The
only NAT public IP address is the Eth0 IP address for the NAT firewall router.
Note
To ensure this NAT firewall router (between the Internet and DMZ network) routes the incoming packet
correctly, set port mapping configuration on the NAT device, or apply other similar mechanisms to ensure
the packet is routed correctly to the public VIP address and the Internet Reverse Proxy.
There is usually a second internal NAT firewall router between the DMZ network and the internal network.
Similar to the external NAT firewall router, Eth0 is a DMZ NAT private IP address and is an interface to the
DMZ network. Eth1 is also a NAT private IP address that is an interface to the internal network.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
89
Networking Changes Required For Your Deployment
Forward Proxies
You can use NAT IP addresses for the private VIP address and the Administration virtual machine IP addresses.
For more information about NAT, see http://www.cisco.com/c/en/us/tech/ip/ip-addressing-services/
tech-tech-notes-list.html.
Forward Proxies
If your network topology includes forward proxies, they must meet specific requirements for the Internet
Reverse Proxy to work properly. See "Use of Forward Proxies in Your System" in the Cisco WebEx Meetings
Server Troubleshooting Guide for complete details.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
90
CHAPTER
5
Configuring Cisco Unified Communications
Manager (CUCM)
• Configuring Cisco Unified Communications Manager (CUCM), page 91
• CUCM Configuration Checklist for Multi-data Center, page 93
• CUCM Configuration Checklist With or Without High Availability , page 93
• Configuring CUCM in a CWMS Multi-data Center System, page 94
• Configuring CUCM for High-Availability and Non-High-Availability Systems, page 96
• Configuring a SIP Trunk Security Profile, page 100
• Configuring a SIP Profile, page 102
• CUCM Certificate Management by Using TLS, page 103
• Configuring a SIP Trunk, page 107
• Configuring a Route Group, page 110
• Configuring a Route List, page 111
• Configuring a Route Pattern, page 112
• Configuring a SIP Route Pattern, page 112
• CUCM Feature Compatibility and Support, page 113
Configuring Cisco Unified Communications Manager (CUCM)
To enable teleconferencing on Cisco WebEx Meetings Server you must configure one (or more) Cisco Unified
Communications Manager (CUCM) system to manage call control. Optionally you can configure a second
CUCM system for audio high availability.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
91
Configuring Cisco Unified Communications Manager (CUCM)
CUCM in an MDC Environment
CUCM in an MDC Environment
The CUCM configurations in a Multi-data Center (MDC) environment are the same as in a Single-data Center
(SDC) environment. Configuration parameters modified on one data center are automatically matched on the
other data center.
On CUCM, the basic configurations in a Multi-data Center (MDC) environment are the same as in a Single-data
Center (SDC) environment. However, you must configure trunks to all data centers. Each data center can have
a different route pattern. If you want to use more than one CUCM, each data center must have a SIP trunk to
the CUCM in the other data centers for calls to transfer.
Before You Begin
Obtain your Load Balancer Point and Application Point information from your Cisco WebEx Meetings Server
Audio page. Load balancer points manage call load balancing and application points manage calls, conference
flow, and feature control. Systems of different sizes have different numbers of load balancer points and
application points and the numbers are not customized. Sign into your Administration site and select Settings
> Audio to see this information.
• Size (50/250/800/2000)
• High availability
• Transport type
On the Audio page, there is a SIP Configuration Table that displays load balancer point and application point
information including IP addresses and ports. This table is also displayed on the Configuring Your Audio
Settings for the First Time page that appears the first time you configure your audio settings.
To make CUCM work with Cisco WebEx Meetings Server, CUCM requires the following base and specific
configurations:
• Base configuration
Note
These configurations can be shared with multiple Cisco WebEx Meetings Server systems.
◦SIP trunk security profile
◦SIP profile
• Specific configuration
Note
These configurations must be made for individual Cisco WebEx Meetings Server systems
and cannot be shared by multiple systems.
◦Certificate management
◦SIP trunk
◦Route group
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
92
Configuring Cisco Unified Communications Manager (CUCM)
CUCM Secure Teleconferencing in an MDC Environment
◦Route list
◦Route pattern
◦SIP route pattern
CUCM Secure Teleconferencing in an MDC Environment
It is not possible to import certificates from all data centers in a Multi-data Center (MDC) into a single Cisco
Unified Call Manager (CUCM) as needed to secure teleconferencing when the common name of both certificates
is the same.
By default, the common name for all data centers is the global site URL of the system. However, to make the
common name unique, you can generate certificates. For more information, see Generating a Certificate
Signing Request (CSR), on page 106. Select the local site URL instead of the global site URL to use in the
common name.
Self-signed certificates generated during any system altering procedure (such as changing the site or
administration URL, changing hostnames) results in a certificate that has the global site URL in the common
name, so you must manually create certificates with the local site URL after this type of operation.
CUCM Configuration Checklist for Multi-data Center
The configuration checklist displays the number of each Cisco Unified Communication Manager (CUCM)
configuration type that you must configure for your system with Multi-data Center (MDC).
System Size Security
SIP Profiles SIP Trunks
Profiles
(Base
(Specific
(Base
Configuration) Configuration)
Configuration)
Route
Route Lists
Groups
(Specific
(Specific
Configuration)
Configuration)
Route
Patterns
(Specific
Configuration)
SIP Route
Patterns
(Specific
Configuration)
250 users
2
1
4
1
1
N
2
800 users
2
1
4
1
1
N
2
2000 users
with HA
2
1
6
1
1
N
4
CUCM Configuration Checklist With or Without High Availability
The configuration checklist displays the number of each Cisco Unified Communication Manager (CUCM)
configuration type that you must configure for your Single-data Center (SDC) system with or without High
Availability (HA).
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
93
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM in a CWMS Multi-data Center System
System Size Security
SIP Profiles SIP Trunks
Profiles
(Base
(Specific
(Base
Configuration) Configuration)
Configuration)
Route
Route Lists
Groups
(Specific
(Specific
Configuration)
Configuration)
Route
Patterns
(Specific
Configuration)
SIP Route
Patterns
(Specific
Configuration)
50 users
2
1
2
1
1
N20
1
50 users
with HA
2
1
4
1
1
N
2
250 users
2
1
2
1
1
N
1
250 users
with HA
2
1
4
1
1
N
2
800 users
2
1
2
1
1
N
1
800 users
with HA
2
1
4
1
1
N
2
2000 users
2
1
5
1
1
N
3
2000 users
with HA
2
1
6
1
1
N
4
20 N is the number of Call-In Access Numbers that you configure in Cisco WebEx Meetings Server.
Configuring CUCM in a CWMS Multi-data Center System
Typically, each site in a Multi-data Center (MDC) environment has a dedicated CUCM cluster associated
with it. CUCM clusters are connected by using inter-cluster trunks (ICT). Each CUCM cluster has call-in/in-dial
trunks to the local CWMS site. Session Manager Edition (SME) is supported. CWMS can be configured
behind the local CUCM clusters. Each CUCM has SIP REFER trunks to all the media virtual machines in the
MDC.
For redundancy, each CUCM cluster can have INVITE trunks to all the data centers. The call-in route pattern
gives priority to the INVITE trunk associated with the local data center and uses the INVITE trunk to the
remote data center only upon failure.
Table 5: CUCM SIP Trunks Configured on Each CUCM Cluster
Deployment
INVITE Trunks - Load Balancer
(MACC)
REFER Trunks—Application Point
(TAS)
Small
2
2
Medium
2
2
Large
4
6
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
94
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM on a 250- or 800-user Multi-data Center System
Configuring CUCM on a 250- or 800-user Multi-data Center System
Configure Cisco Unified Communication Manager (CUCM) for 250- or 800-user Multi-data Center systems.
Typically, each data center has a local CUCM cluster.
Before You Begin
Information required:
• One load balance point IP address for each data center
• One application point IP address for each data center
• The number of call-in access numbers you will configure on your system
Step 1
Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx Meetings
Server setup requirement. If it does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application
point. See Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 100 and Configuring a SIP Trunk
Security Profile for an Application Point, on page 101.
Step 2
Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup
requirement. If it does not, configure one SIP profile.
Configure a SIP profile as described in Configuring a TLS SIP Profile or Configuring an IPv6 SIP Profile, on page 103.
Step 3
Configure two SIP trunks for your load balance points.
See Configuring a SIP Trunk on a Load Balance Point.
Step 4
Configure two SIP trunks for your application points.
See Configuring a SIP Trunk for an Application Point.
Step 5
Configure one route group by using the SIP trunk that you configured for your load balance point.
See Configuring a Route Group.
Step 6
Configure one route list by using the route group that you configured in the previous step.
See Configuring a Route List.
Step 7
Configure N route patterns by using the above route list.
N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See
Configuring a Route Pattern.
Step 8
Configure two SIP route patterns for your application points.
See Configuring a SIP Route Pattern.
Configuring CUCM on a 2000-user Multi-data Center System
Configure Cisco Unified Communication Manager (CUCM) for a 2000-user Multi-data Center (MDC) system.
Typically, each data center has a local CUCM cluster.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
95
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM for High-Availability and Non-High-Availability Systems
Before You Begin
Information required:
• Two load balance point IP addresses for each data center
• Three application point IP addresses for each data center
• The number of call-in access numbers you will configure on your system
Step 1
Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx Meetings
Server setup requirement. If it does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application
point. See Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 100 and Configuring a SIP Trunk
Security Profile for an Application Point, on page 101.
Step 2
Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup
requirement. If it does not, configure one SIP profile.
Configure a SIP profile as described in Configuring a TLS SIP Profile or Configuring an IPv6 SIP Profile, on page 103.
Step 3
Configure two SIP trunks for your load balance points.
See Configuring a SIP Trunk on a Load Balance Point.
Step 4
Configure four SIP trunks for your application points.
See Configuring a SIP Trunk for an Application Point.
Step 5
Configure one route group by using the SIP trunk that you configured for your load balance point.
See Configuring a Route Group.
Step 6
Configure one route list by using the route group that you configured in the previous step.
See Configuring a Route List.
Step 7
Configure N route patterns by using the above route list.
N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See
Configuring a Route Pattern.
Step 8
Configure four SIP route patterns for your application points.
See Configuring a SIP Route Pattern.
Configuring CUCM for High-Availability and
Non-High-Availability Systems
The following sections provide a description of the tasks required to configure high-availability and
non-high-availability systems of various sizes.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
96
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM on 50-, 250-, and 800-User Systems Without High Availability
Configuring CUCM on 50-, 250-, and 800-User Systems Without High Availability
Configure CUCM for 50-, 250-, and 800-user systems without High Availability.
Before You Begin
Information required:
• One load balance point IP address
• One application point IP address
• The number of call-in access numbers you will configure on your system
Step 1
Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx Meetings
Server setup requirement. If it does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application
point. See Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 100 and Configuring a SIP Trunk
Security Profile for an Application Point, on page 101.
Step 2
Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup
requirement. If it does not, configure one SIP profile.
Configure a SIP profile as described in Configuring a TLS SIP Profile or Configuring an IPv6 SIP Profile, on page 103.
Step 3
Configure one SIP trunk for your load balance point.
See Configuring a SIP Trunk on a Load Balance Point.
Step 4
Configure one SIP trunk for your application point.
See Configuring a SIP Trunk for an Application Point.
Step 5
Configure one route group by using the SIP trunk that you configured for your load balance point.
See Configuring a Route Group.
Step 6
Configure one route list by using the route group that you configured in the previous step.
See Configuring a Route List.
Step 7
Configure N route patterns by using the above route list.
N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See
Configuring a Route Pattern.
Step 8
Configure two SIP route patterns for your application points.
See Configuring a SIP Route Pattern.
Configuring CUCM on 50-, 250-, or 800-User Systems with High Availability
This section describes the information required and detailed instructions on how to configure CUCM for 50-,
250-, or 800-user systems with high availability.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
97
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM on a 2000-User System without High Availability
Information Required
• Two load balance point IP addresses
• Two application point IP addresses
• The number of call-in access numbers you will configure on your system
Configuration Procedure
Perform the following steps:
Task Description
Detailed Information
1
Review the existing SIP trunk security profile and
determine whether or not it satisfies your Cisco
WebEx Meetings Server setup requirement. If it
does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load
balance point and add a SIP trunk security profile
for your application point. See Configuring a SIP
Trunk Security Profile for a Load Balance Point,
on page 100 and Configuring a SIP Trunk Security
Profile for an Application Point, on page 101.
2
Review the existing SIP profile and determine
whether or not it satisfies your Cisco WebEx
Meetings Server setup requirement. If it does not,
configure one SIP profile.
Configure a SIP profile as described in
Configuring a TLS SIP Profile or Configuring an
IPv6 SIP Profile, on page 103.
3
Configure two SIP trunks for your load balance
points.
See Configuring a SIP Trunk on a Load Balance
Point.
4
Configure two SIP trunks for your application
points.
See Configuring a SIP Trunk for an Application
Point.
5
Configure one route group by using the SIP trunk See Configuring a Route Group.
that you configured for your load balance point in
Task 3, above.
6
Configure one route list by using the route group
that you configured in Task 5, above.
7
Configure N route patterns by using the above route See Configuring a Route Pattern.
list. N is the number of call-in access numbers that
you configured in your audio settings on the
Administration site.
8
Configure two SIP route patterns for your
application points.
See Configuring a Route List.
See Configuring a SIP Route Pattern.
Configuring CUCM on a 2000-User System without High Availability
Configure Cisco Unified Communication Manager (CUCM) for a 2000-user system without High Availability.
Before You Begin
Information required:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
98
Configuring Cisco Unified Communications Manager (CUCM)
Configuring CUCM on a 2000-User System with High Availability
• Two load balance point IP addresses
• Three application point IP addresses
• The number of call-in access numbers you will configure on your system
Step 1
Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx Meetings
Server setup requirement. If it does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application
point. See Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 100 and Configuring a SIP Trunk
Security Profile for an Application Point, on page 101.
Step 2
Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup
requirement. If it does not, configure one SIP profile.
Configure a SIP profile as described in Configuring a TLS SIP Profile or Configuring an IPv6 SIP Profile, on page 103.
Step 3
Configure two SIP trunks for your load balance point.
See Configuring a SIP Trunk on a Load Balance Point.
Step 4
Configure three SIP trunks for your application point.
See Configuring a SIP Trunk for an Application Point.
Step 5
Configure one route group by using the SIP trunk that you configured for your load balance point.
See Configuring a Route Group.
Step 6
Configure one route list by using the route group that you configured in the previous step.
See Configuring a Route List.
Step 7
Configure N route patterns by using the above route list.
N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See
Configuring a Route Pattern.
Step 8
Configure two SIP route patterns for your application points.
See Configuring a SIP Route Pattern.
What to Do Next
Configuring CUCM on a 2000-User System with High Availability
Configure Cisco Unified Communication Manager (CUCM) for a 2000-user system with High Availability.
Before You Begin
Information required:
• Two load balance point IP addresses
• Four application point IP addresses
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
99
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Trunk Security Profile
• The number of call-in access numbers you will configure on your system
Step 1
Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx Meetings
Server setup requirement. If it does not, configure two SIP trunk security profiles.
Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application
point. See Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 100 and Configuring a SIP Trunk
Security Profile for an Application Point, on page 101.
Step 2
Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup
requirement. If it does not, configure one SIP profile.
Configure a SIP profile as described in Configuring a TLS SIP Profile or Configuring an IPv6 SIP Profile, on page 103.
Step 3
Configure two SIP trunks for your load balance points.
See Configuring a SIP Trunk on a Load Balance Point.
Step 4
Configure four SIP trunks for your application points.
See Configuring a SIP Trunk for an Application Point.
Step 5
Configure one route group by using the SIP trunk that you configured for your load balance point.
See Configuring a Route Group.
Step 6
Configure one route list by using the route group that you configured in the previous step.
See Configuring a Route List.
Step 7
Configure N route patterns by using the above route list.
N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See
Configuring a Route Pattern.
Step 8
Configure two SIP route patterns for your application points.
See Configuring a SIP Route Pattern.
What to Do Next
Configuring a SIP Trunk Security Profile
Configuring a SIP Trunk Security Profile for a Load Balance Point
Before You Begin
If your Cisco WebEx Meetings Server system is configured for TLS, you must import a secure teleconferencing
certificate. For more information refer to the "Importing Secure Teleconferencing Certificates" section in the
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
100
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Trunk Security Profile for an Application Point
Cisco WebEx Meetings Server Administration Guide at http://www.cisco.com/c/en/us/support/conferencing/
webex-meetings-server/products-installation-guides-list.html.
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select System > Security > SIP Trunk Security Profile.
Select Add New.
Configure the following fields.
• Name—Enter a name to identify your SIP trunk security profile.
• Device Security Mode—Select No Secure if you want CUCM to communicate with Cisco WebEx Meetings Server
by using UDP/TCP. Select Encrypted if you want CUCM to communicate with Cisco WebEx Meetings Server
by using TLS.
• X.509 Subject Name— Enter your certificate name if you want CUCM to communicate with Cisco WebEx Meetings
Server by using TLS.
Note
If you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS, a different Cisco
WebEx Meetings Server system cannot share the same SIP Trunk Security Profile because each system
must have a different certificate. Obtain the Cisco WebEx Meetings Server certificate name from the
Administration site. For more information refer to "Managing Certificates" in the Administration Guide.
• Incoming Port— Enter 5060 if you want CUCM to communicate with Cisco WebEx Meetings Server using
UDP/TCP. Enter 5061 if you want CUCM communicates Cisco WebEx Meetings Server using TLS.
Note
Step 6
Do not configure any of the other fields on the page; leave the default settings.
Select Save.
Configuring a SIP Trunk Security Profile for an Application Point
Before You Begin
If your Cisco WebEx Meetings Server system is configured for TLS, you must import a secure teleconferencing
certificate. For more information refer to the "Importing Secure Teleconferencing Certificates" section in the
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
101
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Profile
Cisco WebEx Meetings Server Administration Guide at http://www.cisco.com/c/en/us/support/conferencing/
webex-meetings-server/products-installation-guides-list.html.
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select System > Security > SIP Trunk Security Profile.
Select Add New.
Configure the following fields:
• Name—Enter a name to identify your SIP trunk security profile.
• Device Security Mode—Select Non Secure if you want CUCM to communicate with Cisco WebEx Meetings
Server by using UDP/TCP. Select Encrypted if you want CUCM to communicate with Cisco WebEx Meetings
Server by using TLS.
• X.509 Subject Name— Enter your certificate name if you want CUCM to communicate with Cisco WebEx Meetings
Server by using TLS.
Note
If you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS, a different Cisco
WebEx Meetings Server system cannot share the same SIP Trunk Security Profile, because each system
must have a different certificate. Obtain the Cisco WebEx Meetings Server certificate name from the
Administration site. For more information refer to "Managing Certificates" in the Administration Guide.
• Incoming Port— Enter 5062 if you want CUCM to communicate with Cisco WebEx Meetings Server by using
UDP/TCP. Enter 5063 if you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS.
Note
Step 6
Do not configure any of the other fields on the page; leave the default settings.
Select Save.
Configuring a SIP Profile
Configuring a Standard SIP Profile
The standard Session Initiation Protocol (SIP) profile uses the default settings and requires no additional
configuration steps.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
102
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a TLS SIP Profile
Configuring a TLS SIP Profile
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Device > Device Settings > SIP Profile.
Select Add New.
Configure the following fields:
• Name—Enter a name for your SIP profile.
• Redirect by Application—Select the check box.
Do not configure any of the other fields on the page; leave the fields with their default settings.
Step 6
Select Save.
Configuring an IPv6 SIP Profile
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Device > Device Settings > SIP Profile.
Select Add New.
Configure the following fields:
• Name—Enter a name for your SIP profile.
• Enable ENAT—Select the check box.
Do not configure any of the other fields on the page; leave the fields with their default settings.
Step 6
Select Save.
CUCM Certificate Management by Using TLS
If you want Cisco Unified Communications Manager (CUCM) to communicate with Cisco WebEx Meetings
Server (CWMS) by using TLS, you must perform the following actions:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
103
Configuring Cisco Unified Communications Manager (CUCM)
Uploading Cisco WebEx Meetings Server Certificates
• Obtain a CWMS certificate from the Administration site and upload it to CUCM.
Note
If CWMS uses third-party certificates, then all certificates in the certificate chain must
be uploaded to CUCM.
• Download your CUCM certificate and then upload it to CWMS Administration site.
Note
If CUCM uses third-party certificates, then only the last certificate in the certificate
chain (Root Certificate Authority (CA) certificate) must be uploaded to CWMS.
If you use TLS to connect all the data centers in a Multi-data Center (MDC) system to the same CUCM,
CWMS cannot use the common site URL for the certificate common name. You must use each data center
local site URL for each certificate common name, because the CUCM 10.5 and older versions treat multiple
certificates with a common name as same certificate. If the names are not different, the second data center
certificate replaces the first data center certificate after uploading the second data center certificate into CUCM.
Refer to "Managing Certificates" in the Administration Guide for more information. See http://www.cisco.com/
en/US/products/ps12732/prod_installation_guides_list.html for more details.
Uploading Cisco WebEx Meetings Server Certificates
Step 1
Download and export your Cisco WebEx Meetings Server certificate.
a) Sign in to the Cisco WebEx Meetings Server Administration site.
b) Select Settings > Security > Certificates.
c) Copy the certificate name from the SSL Certificate section.
d) Select More Options > Export SSL certificate.
e) Save your certificate to your local hard drive.
Step 2
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified OS Administration.
Select Security > Certificate Management.
Select Upload Certificate/Certificate Chain.
Select CallManager-trust in the Certificate name drop-down menu.
Select Browse button and select the certificate that you saved to your local hard drive.
Select Upload File.
The system displays a "Success: Certificate Uploaded" message.
Step 3
Step 4
Step 5
Step 6
Step 7
Step 8
Step 9
Select Close.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
104
Configuring Cisco Unified Communications Manager (CUCM)
Installing a Third-Party CUCM Certificate
Installing a Third-Party CUCM Certificate
This procedure explains how to upload a third-party certificate to your Cisco WebEx Meetings Server.
Before You Begin
• Generate a Certificate Signing Request (CSR) and send it to a third part certificate authority to apply
for certificates.
• The certificate authority sends you a certificate chain that can have the following:
◦Certificate 1 (user) - issued to a user entity by an intermediate certificate authority.
◦Certificate 2 (intermediate) - issued to an intermediate certificate authority by a root certificate
authority.
◦Certificate 3 (Root CA) - issued by the root certificate authority.
• When you receive multiple certificates in a certificate chain, concatenate the three certificates into one
file, with the user certificate first.
Step 1
Import your third-party certificate file into your Cisco WebEx Meetings Server as described in the Cisco WebEx Meetings
Server Administration Guide available from http://www.cisco.com/en/US/products/ps12732/prod_installation_guides_
list.html.
Step 2
Sign in to http://ccm-server/, where ccm-server is the fully qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified OS Administration.
Select Security > Certificate Management.
Select Upload Certificate/Certificate Chain.
Select CallManager-trust in the Certificate name drop-down menu.
Select Browse button and select the Root Certificate Authority (CA) certificate that you saved to your local hard drive.
This is the last, self-signed certificate from the verification chain, which is used to verify the CallManager.pem certificate.
Step 3
Step 4
Step 5
Step 6
Step 7
You can obtain the Root CA certificate from a certificate authority directly, at the same time the CallManager.pem
certificate is created.
Select Upload File.
Wait for your system to indicate "Success: Certificate Uploaded."
Note
Step 8
Step 9
Select Close.
What to Do Next
For more information about certificates, refer to the Managing Certificates section in the Cisco WebEx Meetings
Server Administration Guide at http://www.cisco.com/en/US/products/ps12732/prod_installation_guides_
list.html.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
105
Configuring Cisco Unified Communications Manager (CUCM)
Downloading CUCM Certificates
Downloading CUCM Certificates
This procedure is required only if CUCM uses self-signed certificates. If CUCM uses third party certificates,
you should upload only the last certificate (Root CA certificate) in the certificate chain to your Cisco WebEx
Meeting Server. Contact your Certificate Authority (CA) for information on how to obtain a Root CA certificate.
Refer to your CUCM documentation for more information on generating CUCM certificates.
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified OS Administration.
Select Security > Certificate Management.
Search for the certificate in "Certificate Name" field for the certificate with name "CallManager". Select the ".PEM File"
field.
Select Download to save the CUCM certificate CallManager.pem on your local hard drive.
What to Do Next
For more information on uploading CUCM certificates to Cisco WebEx Meetings Server, refer to "Managing
Certificates" in the Administration Guide. See
http://www.cisco.com/en/US/products/ps12732/products_installation_and_configuration_guides_list.html.
Generating a Certificate Signing Request (CSR)
The hashing method used to generate Certificate Signing Request (CSR) and private key for SSL certificates
uses SHA2 (SHA256).
Step 1
Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage
all the data centers in this system.
Step 2
Select Settings > Security > Certificates > Certificates on CWMS System.
On a Multi-data Center system, continue with Certificates on CWMS System or Certificates on Datacenter N
Step 3
Select Generate CSR for the desired type of CSR.
On November 1, 2015, Certification Authorities (e.g. VeriSign, GoDaddy, and so forth) stopped issuing certificates for
internal domain names (e.g. domain.local , domain.internal). Before CWMS version 2.0MR9, you could upload only a
single SSL certificate with Subject Alternative Names for all components in the deployment, but this requires you to
purchase expensive SAN SSL certificates for a complete solution. As of CWMS version 2.5MR5 you can purchase on
WebEx Site URL SSL a certificate from Certification Authority for use on IRP servers, and use Self-signed SSL certificates
for the internal network virtual machines.
Step 4
Complete the fields on the Generate CSR (Certificate Signing Request) page.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
106
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Trunk
Option
Description
Common Name
Select Local Site URL certificate, Global Site URL certificate, or
Wildcard certificate.
Subject Alternative Names
Your administration site and virtual machine names. No subject
alternative names are required if you selected a wildcard common
This option appears only if you select Subject
Alternative Name for your Common Name type. name.
Organization
Enter the organization name.
Department
Enter the department name.
City
Enter the city.
State/Province
Enter the state or province.
Country
Select the country.
Key Size
Select the key size.2048.
Hash Algorithm
Select the Hash Algorithm SHA256.
Step 5
Select Generate CSR.
The Download CSR dialog box appears.
Step 6
Select Download.
You receive a ZIP file that contains the CSR and the associated private key. The CSR file is called csr.pem and the
private key file is called csr_private_key.pem.
Step 7
Back up your system by using VMware Data Recovery or VMware vSphere Data Protection.
Backing up your system preserves the private key if it becomes necessary to restore it.
Configuring a SIP Trunk
Note
When deploying a 2000-user system with High Availability (HA) and multiple load balance and application
points, each load balancer and application point in the CWMS solution should have a dedicated SIP trunk;
multiple destination IP addresses within the same SIP trunk is not supported.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
107
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Trunk on a Load Balance Point
Configuring a SIP Trunk on a Load Balance Point
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Device > Trunk.
Select Add New.
On the Trunk Type drop-down menu, select SIP Trunk.
Note
Do not change any other fields on this page; leave the parameters at their default settings.
Media Termination Point Required should be unchecked on the Trunk Configuration page when CUCM
is communicating with Cisco WebEx Meeting Server. If you are not using Cisco WebEx Meetings Server with
CUCM SIP audio, select Media Termination Point Required when providing telephony services by using a
third-party PBX infrastructure.
Select Next.
Configure the following fields:
• Device Name—Enter a name for the SIP trunk.
• Device Pool—Select an appropriate device pool from the drop-down menu.
To determine which Cisco Unified Communications Manager Group has been configured on that device pool,
select System > Device Pool menu. To verify which Cisco Unified Communications Managers are part of this
group, select System > Cisco Unified CM Group.
Note
Record the IP addresses of the primary and secondary server. These IP addresses are entered when you
configure your audio settings in Cisco WebEx Meetings Server. See "Configuring Your Audio Settings
for the First Time" in the Administration Guide for more details. See Cisco WebEx Meetings Server Install
and Upgrade Guides.
• Destination Address—Enter your load balance point IPv4 address. Refer to the SIP Configuration table on your
Administration Site Audio page for the IP address.
• Destination Address IPv6—Enter your load balance point IPv6 address if you want to enable IPv6 between CUCM
and Cisco WebEx Meetings Server.
• Destination Port—Enter 5060 if you want CUCM to communicate with Cisco WebEx Meetings Server using
UDP/TCP. Enter 5061 if you want CUCM to communicate with Cisco WebEx Meetings Server using TLS.
• SIP Trunk Security Profile—Select your load balance point's security profile from the drop-down menu.
• SIP Profile—Select Standard SIP Profile if you want CUCM to communicate with Cisco WebEx Meetings Server
using UDP/TCP. Select TLS SIP Profile if you want CUCM to communicate with Cisco WebEx Meetings Server
using TLS. Select IPv6 SIP Profile if you want to enable IPv6 between CUCM and Cisco WebEx Meetings Server.
• Calling Search Space—Select a Calling Search Space that can call the phone numbers and route patterns configured
in CUCM where you want Cisco WebEx Meetings Server to call out. Select Call Routing > Class of Control >
Calling Search Space. A calling search space consists of an ordered list of route partitions that are typically
assigned to devices or route patterns. Calling search spaces determine the partitions that calling devices search
when they are attempting to complete a call. For more information, refer to "Calling Search Space Configuration"
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
108
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a SIP Trunk for an Application Point
in the Cisco Unified Communications Manager Administration Guide or "Partitions and Calling Search Spaces"
in the Cisco Unified Communications Manager System Guide.
• Rerouting Calling Search Space and Out-Of-Dialog Refer Calling Search Space—Select a Calling Search Space
and Out-Of-Dialog Refer Calling Search Space that contains the route partition that is configured for the SIP route
pattern. See Configuring a SIP Route Pattern. If it is set to < None >, then the system only routes calls to route
patterns with the route partition set to < None >, so the SIP route pattern must have the route partition set to < None
>. This configuration is necessary to enter meetings in Cisco WebEx Meetings Server. For more information, refer
to "Calling Search Space Configuration" in the Cisco Unified Communications Manager Administration Guide or
"Partitions and Calling Search Spaces" in the Cisco Unified Communications Manager System Guide for more
information.
Note
Step 8
Step 9
Do not change any other fields on this page; leave the parameters at their default settings.
Select Save.
Select Reset and then select Reset and Restart in the popup window.
Configuring a SIP Trunk for an Application Point
Step 1
Step 2
Step 3
Step 4
Step 5
Step 6
Step 7
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Device > Trunk.
Select Add New.
On the Trunk Type drop-down menu select SIP Trunk.
Note
Do not change any other fields on this page; leave the values at their default settings.
Select Next.
Configure the following fields:
• Device Name—Enter a name for your SIP trunk.
• Device Pool—Select Default from the drop-down menu.
• Destination Address—Enter the application server IPv4 address.
• Destination Address IPv6—Optionally enter the application server IPv6 address to enable IPv6 between CUCM
and Cisco WebEx Meetings Server.
• Destination Port—Enter 5062 if you want CUCM to communicate with Cisco WebEx Meetings Server by using
UDP/TCP. Enter 5063 if you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS.
• SIP Trunk Security Profile—Select your application server security profile from the drop-down menu.
• SIP Profile—Select Standard SIP Profile if you want CUCM to communicate with Cisco WebEx Meetings Server
by using UDP/TCP. Select TLS SIP Profile if you want CUCM to communicate with Cisco WebEx Meetings
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
109
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a Route Group
Server by using TLS. Select IPv6 SIP Profile if you want to enable IPv6 between CUCM and Cisco WebEx
Meetings Server.
• Calling Search Space—Select a Calling Search Space that can call the phone numbers and route patterns configured
in CUCM that you want to enable Cisco WebEx Meetings Server to call. Select Call Routing > Class of Control
> Calling Search Space. A calling search space consists of an ordered list of route partitions that are typically
assigned to devices or route patterns. Calling search spaces determine the partitions that calling devices search
when they are attempting to complete a call. If this is set to < None >, this will only be able to call devices or route
patterns with a partition set to < None >. For more information, refer to Calling Search Space Configuration in the
Cisco Unified Communications Manager Administration Guide or Partitions and Calling Search Spaces in the
Cisco Unified Communications Manager System Guide.
Note
Step 8
Step 9
Do not change any other fields on this page; leave the values at their default settings.
Leave the Media Termination Point Required check box deselected on the Trunk Configuration page when
CUCM is communicating with Cisco WebEx Meeting Server. If you are not using Cisco WebEx Meetings
Server with CUCM SIP audio, you can select the Media Termination Point Required check box when providing
telephony services using a third-party PBX infrastructure.
Select Save.
Select Reset and then select Reset and Restart in the pop-up window.
You must reset the SIP trunk to complete the configuration.
Configuring a Route Group
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Call Routing > Route/Hunt > Route Group.
Select Add New.
Configure the following fields
• Route Group Name—Enter a name for your route group.
• Distribution Algorithm. Select Circular in drop-down menu.
Note
By selecting Circular, you enable CUCM to distribute a call to idle or available users starting from the
(N+1)th member of a route group, where the Nth member is the member to which CUCM most recently
extended a call. If the Nth member is the last member of a route group, CUCM distributes a call starting
from the top of the route group.
• Find Devices to Add to Route Group—Select SIP trunk of Load Balance Point in the Available Devices list.
Then select Add to Route Group.
Note
Do not change any other fields on this page. Leave them at their default settings.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
110
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a Route List
Step 6
Select Save.
What to Do Next
Create a route list for your route group. Proceed to Configuring a Route List, on page 111.
Configuring a Route List
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Call Routing > Route/Hunt > Route List.
Select Add New.
Configure the following fields
• Name—Enter a name for your route list.
• Cisco Unified Communications Manager Group—Select Default in drop-down menu.
Note
Do not change any other fields on this page; leave the fields at their default settings.
Step 6
Step 7
Select Save.
Select Add Route Group.
The Route List Detail Configuration page appears.
Step 8
Select the previously configured route group from Route Group drop-down menu and select Save.
The Route List Configuration page appears.
Step 9
Select Save.
What to Do Next
Configure a route pattern for your route list. Proceed to Configuring a Route Pattern, on page 112.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
111
Configuring Cisco Unified Communications Manager (CUCM)
Configuring a Route Pattern
Configuring a Route Pattern
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Call Routing > Route/Hunt > Route Pattern.
Select Add New.
Configure the following fields
• Route Pattern—Enter a name for your route pattern.
Note
Add a route pattern for each Blast Dial group. Record this name because you must enter it on the
Administration Settings > Audio > Blast Dial Group page when you create a Blast Dial group.
• Route Partition—Select a route partition that is accessible by phones or devices that can call Cisco WebEx Meetings
Server. If this set to < None > any device configured in CUCM would be able to call Cisco WebEx Meetings Server.
For more information, refer to "Calling Search Space Configuration" in the Cisco Unified Communications Manager
Administration Guide or "Partitions and Calling Search Spaces" in the Cisco Unified Communications Manager
System Guide.
• Gateway/Route List—Select the previously configured route list from the drop-down menu.
Note
Step 6
Do not change any other fields on this page; leave these fields at their default settings.
Select Save.
Configuring a SIP Route Pattern
Step 1
Step 2
Step 3
Step 4
Step 5
Sign in to http://ccm-server/, where ccm-server is the fully-qualified domain name or IP address of the Cisco Unified
Communications Manager server.
Select Cisco Unified CM Administration.
Select Call Routing > SIP Route Pattern.
Select Add New.
Configure the following fields
• Route Partition—Select a route partition that is included in the calling search space that is configured as the Rerouting
Calling Search Space from the section "Configuring a SIP Trunk for an Application Point" above. If this set to <
None > then the Rerouting Calling Search Space configured for the SIP trunk for an application point must be set
to < None >. For more information refer to "Calling Search Space Configuration" in the Cisco Unified
Communications Manager Administration Guide or "Partitions and Calling Search Spaces" in the Cisco Unified
Communications Manager System Guide.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
112
Configuring Cisco Unified Communications Manager (CUCM)
CUCM Feature Compatibility and Support
• Pattern Usage—Select IP Address Routing.
• IPv4 Pattern—Enter the application point IP address. Refer to the SIP Configuration table on your Administration
Site Audio page the IP address.
• SIP Trunk—Select the previously configured SIP trunk for the application point from the drop-down menu.
Note
Step 6
Do not change any other fields on this page; leave these fields at their default settings.
Select Save.
CUCM Feature Compatibility and Support
CUCM Feature Compatibility
Cisco WebEx Meetings Server (CWMS) supports Cisco Unified Call Manager (CUCM) 8.6 or 9.0 without
TLS/SRTP, and CUCM 9.1, 10.0, 10.5, 11.0(1a), or 11.5(1)SU1.
Important
TLS connections between CUCM and CWMS fail with releases of CUCM that do not support certificates
that are signed with a signature algorithm SHA256 with RSA encryption.
Upgrade CUCM to a version that supports this signature algorithm or obtain a third-party certificate that
is signed with SHA1 with RSA encryption. According to the latest National Institute of Standards and
Technology (NIST) recommendation, SHA1 should no longer be used for digital signature generation as
this has a security vulnerability.
The following table provides feature compatibility for the supported versions of CUCM. Cisco WebEx
Meetings Server system capacity is not affected by any of your configuration choices.
Note
CWMS does not support any unlisted CUCM versions or other third-party SIP proxy management
applications.
Table 6: Feature Compatibility for the Supported Versions of CUCM
Feature
Pre-Conditions/Remarks
Call out (IPv6)
Configure CWMS with IPv6 addresses during the
installation process.
Call in (IPv6)
Configure CWMS with IPv6 addresses during the
installation process.
TLS/SRTP
Configure CWMS system security certificates.
RFC2833
Select this option during CUCM SIP trunk
configuration.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
113
Configuring Cisco Unified Communications Manager (CUCM)
CUCM Feature Compatibility and Support
Feature
Pre-Conditions/Remarks
KPML
Select this option during CUCM SIP trunk
configuration.
Keepalive—CWMS sending
Performed by using the SIP OPTIONS message.
Keepalive—CWMS receiving
Performed by using the SIP OPTIONS message.
Quality of Service
Control packets.
TCP
Make sure that your default ports are: 5060 for
conferencing load balance points; 5062 for
conferencing application points.
TLS
Make sure that your default ports are: 5061 for
conferencing load balance points; 5063 for
conferencing application points.
UDP
Make sure that your default ports are: 5060 for
conferencing load balance points; 5062 for
conferencing application points.
Self-signed certificates
n/a
Third-party certificates
n/a
Supported Telephony Call Features
Note
The CUCM 9.0 software that is part of the BE6K (Business Edition 6000) product is supported by CWMS.
• Call hold
• Call un-hold
• Caller ID display on EP
• Calling name display on EP
• Call transfer (IPv4 to IPv4)
• Call transfer (IPv6 to IPv4)
• Call transfer (IPv4 to IPv6)
• Call transfer (IPv6 to IPv6)
Telephony Media Features
CWMS supports participants with G.711, G.722, and G.729 codecs at the same time. Changing your codec
configuration does not affect system performance. Packet sizes supported on CWMS:
• 10, 20, or 30ms for g.711 audio codecs
• 20ms for g.722 audio codec
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
114
Configuring Cisco Unified Communications Manager (CUCM)
Audio Endpoint Compatibility
• 10, 20, 30, 40, 50, or 60ms for g.729 audio codecs
Note
Feature
G.711
G.722
G.729
Noise Compression
Yes
Yes
Yes
Comfort noise
Yes
No
No
Echo cancellation
No
No
No
Packet loss concealment
Yes
Yes
No
Automatic gain control
Yes
Yes
Yes
Quality of Service
Yes
Yes
Yes
All custom audio prompts, including Blast Dial prompts, are: 8KHz, 16-bit, 64kbps, momo, CCITT u-law
(G.711).
Audio Endpoint Compatibility
You can use any standards-based audio endpoint that connects to Cisco Unified Communications Manager
to join a WebEx meeting. The supported audio endpoints include the Cisco IP Phones, Telepresence endpoints,
and PSTN devices such as mobile phones and land line phones. Many audio endpoints support audio and
video connectivity. However, only audio connectivity to the Cisco WebEx Meetings Server is supported.
To permit users from outside the organization to join WebEx meetings by using PSTN devices, your company
must deploy Analog-to-VoIP Gateways, such as Cisco Integrated Service Routers (ISR). The IP phones listed
below have been tested with Cisco WebEx Meetings Server:
• Cisco 7960
• Cisco 7970
• Cisco 7971
• Cisco 7940
• Cisco 9951
• Cisco 9971
• Cisco 7980 (Tandberg)
• Cisco 7975
• Cisco E20
• Cisco Telepresence (CTS 1100)
• Cisco IP Communicator
• Lifesize video phone
• Tandberg 1000
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
115
Configuring Cisco Unified Communications Manager (CUCM)
Audio Endpoint Compatibility
• Tandberg 1700
• Polycom
• Cisco Cius
• C20
• EX 60
• EX 90
Other Cisco UC-compatible endpoints should also operate normally. For a list of Cisco Unified IP Phones
supported by Cisco Unified Communications Manager and the Device Packs available for each model, see
Cisco Unified IP Phone Feature and Cisco Unified Communications Manager Device Pack Compatibility
Matrix .
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
116
CHAPTER
6
Downloading and Mass Deploying Applications
Use of this product requires additional applications that must be downloaded to your users' computers.
• About Application Downloads, page 117
• Downloading Applications from the Administration Site, page 118
• Contents of the Application ZIP Files, page 119
• Silent Installation Limitations for CWMS Applications When Using SMS, page 122
• Mass Deployment of Cisco WebEx Productivity Tools, page 122
• Mass Deployment of the Meetings Application, page 127
• Mass Deployment of the Network Recording Player, page 131
• Reconfiguring Settings After Performing an Update, page 135
About Application Downloads
You can mass-deploy CWMS applications by using the tools available to you on the Administration site. The
applications available for download include are:
• WebEx Meetings Application—The core application for scheduling, attending, or hosting meetings.
Running the WebEx Meetings application on a virtualized operating system is not supported.
If a user does not have the WebEx Meetings application installed, the first time a user joins a meeting
it is downloaded to the PC. This can be configured to be done on-demand or silently. The user has the
option of using the Cisco WebEx Meetings application for the duration of the meeting and having it
removed when the meeting is over or performing an installation of the application to speed up the process
of starting or joining future meetings. This might fail because the user does not have administrator
privileges.
• WebEx Productivity Tools—Provides an interface between other applications, such as Microsoft™
Outlook®, allowing the management of meetings through those applications.
After an update or upgrade to a system, any old versions of WebEx Productivity Tools should be removed
and the latest version installed.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
117
Downloading and Mass Deploying Applications
Downloading Applications from the Administration Site
• WebEx Network Recording Player—Plays back the recordings of meetings. This can include any material
displayed during the meeting.
In CWMS the .MSI installer for the applications is available from the Admin > Settings > Downloads page.
See "Downloading Applications from the Administration Site" in the CWMS Planning Guide for more
information.
We recommend that you push the applications to user computers offline, before you inform those end-users
that accounts have been created for them. This ensures that your users can start and join meetings and play
network recordings the first time they sign in.
Where users have administrator privileges, you can enable users to download the applications from the end-user
Downloads page and install the applications themselves. No additional administrator action is required.
When upgrading to Cisco WebEx Meetings Server Release 1.5MR3 or later in a locked-down environment
where user PCs do not have administrator privileges, before you start the upgrade procedure push the new
version of the WebEx Meetings application to all user PCs.
Downloading Applications from the Administration Site
You can configure your system so that administrators can push Cisco WebEx desktop applications to users
or you can enable users to perform their own downloads.
Step 1
Sign in to Site Administration.
In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage
all the data centers in this system.
Step 2
Step 3
Select Settings > Downloads.
Select your download method:
• Permit users to download WebEx desktop applications.
Use this option to allow users who have administrator permissions for their PCs to manage the conferencing
applications.
• Manually push WebEx desktop applications to user's desktop.
Use this option to enable conferencing for users who do not have administrator permissions for their PCs.
If you selected this option the window is expanded to show the Cisco WebEx Meetings, Productivity Tools, and
Network Recording Player sections.
Step 4
(Optional) Select Auto update WebEx Productivity Tools to configure periodic, automatic updates of the WebEx
Productivity Tools. (Default: checked.)
Step 5
If you selected Manually push WebEx desktop applications to user’s desktop:
a) In the WebEx Meetings section select Download and save the ZIP file to your system.
b) In the Productivity Tools section, select Download and save the ZIP file to your system.
c) In the WebEx Network Recording Player section select Download and save the ZIP file to your system.
Step 6
Select Save to save your Download settings.
This is especially important if you are permitting users to download WebEx desktop applications.
Step 7
(Optional) If you selected Manually push WebEx desktop applications to user’s desktop:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
118
Downloading and Mass Deploying Applications
Contents of the Application ZIP Files
a) Unzip the downloaded files.
b) Open the ZIP file.
Each ZIP file contains the application installer for all supported languages. See Contents of the Application ZIP
Files, on page 119 for information on the installer recommended for use.
c) Select the installer for your platform and language, and extract it to a local directory folder.
The ZIP file contains MSI installers for the Windows platform in all available languages.
The Productivity Tools and Meetings Application version that aligns with each version Cisco WebEx Meeting Server
can be found at Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on page 179.
What to Do Next
Deploy the MSI installers as described in this chapter.
Contents of the Application ZIP Files
The ZIP files contain one installer application per language.
Application Language Key
The English application installer file in each ZIP file is without a language suffix. The application installer
file for each of the other languages contains an abbreviation in the filename that indicates the language of the
application it contains. The table lists the abbreviation used for each language:
Abbreviation Language
B5
Traditional Chinese
DE
German
ES
Latin American Spanish
FR
French
GB
Simplified Chinese
IT
Italian
JP
Japanese
KO
Korean
NL
Dutch
PT
Portuguese
RU
Russian
SP
Spanish
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
119
Downloading and Mass Deploying Applications
Productivity Tools ZIP File Contents
Productivity Tools ZIP File Contents
The Productivity Tools ZIP file contains the following files. Use the key in the Application Language Key
table to determine the language of each file. Note that there is no Mac version of the Productivity Tools.
• ptools.msi
• ptools_B5.msi
• ptools_DE.msi
• ptools_ES.msi
• ptools_FR.msi
• ptools_GB.msi
• ptools_IT.msi
• ptools_JP.msi
• ptools_KO.msi
• ptools_NL.msi
• ptools_PT.msi
• ptools_RU.msi
• ptools_SP.msi
WebEx Meetings Client ZIP File Contents
Use the key in the Application Language Key, on page 119 to determine the language of the application
contained in each Zip file.
Version 2.7 and later
Version 2.6 and earlier
webexmc.msi.msi
onpremmc.msi
webexmc_allinone.msi
onpremmc_B5.msi
webexmc.msi_B5.msi
onpremmc_DE.msi
webexmc.msi_DE.msi
onpremmc_ES.msi
webexmc.msi_ES.msi
onpremmc_FR.msi
webexmc.msi_FR.msi
onpremmc_GB.msi
webexmc.msi_GB.msi
onpremmc_IT.msi
webexmc.msi_IT.msi
onpremmc_JP.msi
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
120
Downloading and Mass Deploying Applications
Network Recording Player ZIP File Contents
Version 2.7 and later
Version 2.6 and earlier
webexmc.msi_JP.msi
onpremmc_KO.msi
webexmc.msi_KO.msi
onpremmc_NL.msi
webexmc.msi_NL.msi
onpremmc_PT.msi
webexmc.msi_PT.msi
onpremmc_RU.msi
webexmc.msi_RU.msi
onpremmc_SP.msi
webexmc.msi_SP.msi
webexmc_onprem.dmg (for Mac)
webexmc_onprem.dmg (for Mac)
Network Recording Player ZIP File Contents
Network Recording Player is only available for download and mass deployment if you have selected Permit
users to download WebEx desktop applications on the Downloads page. Refer to Configuring Your Download
Settings in the Cisco WebEx Meetings Server Administration Guide for more information.
The Network Recording Player ZIP file contains the following files. Use the key in the Application Language
Key table to determine the language of each file.
• nbr2player_onprem.msi
• nbr2player_onprem_B5.msi
• nbr2player_onprem_DE.msi
• nbr2player_onprem_ES.msi
• nbr2player_onprem_FR.msi
• nbr2player_onprem_GB.msi
• nbr2player_onprem_IT.msi
• nbr2player_onprem_JP.msi
• nbr2player_onprem_KO.msi
• nbr2player_onprem_NL.msi
• nbr2player_onprem_PT.msi
• nbr2player_onprem_RU.msi
• nbr2player_onprem_SP.msi
• webexnbrplayer_intel.dmg (for Mac)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
121
Downloading and Mass Deploying Applications
Silent Installation Limitations for CWMS Applications When Using SMS
Silent Installation Limitations for CWMS Applications When
Using SMS
The following limitations apply when you perform a silent installation by using Microsoft Systems Management
Server 2003 (SMS):
• SMS per-user mode is not supported.
• If the SMS administrator wants to add a feature for WebEx Productivity Tools, run the REMOVE
command first, and then run the ADDSOURCE command.
• If users log on to their computers using remote desktop while their administrator advertises the package,
have the users restart their computers.
• Mass deployment is possible, but each user must enter their credentials.
• Before you update to a maintenance release or upgrade to a newer release, have all users uninstall Cisco
WebEx Productivity Tools. After the update or upgrade, you can manually push the Productivity Tools
to your users or they can download Productivity Tools from the Downloads page.
• If you are using Lync integration, after a silent installation your users must restart their computers to
make all of the instant messenger integrations work properly.
Mass Deployment of Cisco WebEx Productivity Tools
This section is describes the tasks involved in installing Cisco WebEx Productivity Tools by using the
ptools.ms package. Single-computer installation and large-scale installations can be accomplished by using
Microsoft Systems Management Server 2003 (SMS).
The Productivity Tools version that aligns with each version Cisco WebEx Meeting Server can be found at
Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on page 179.
Related Topics
Silent Installation Limitations for CWMS Applications When Using SMS, on page 122
Silent Installation of Productivity Tools by Using the Command Line
Administrators can sign in to a user’s computer and install WebEx Productivity Tools using silent mode.
Before You Begin
Before installing a maintenance release or upgrading your system to a newer release, previous versions of
Cisco WebEx Productivity Tools should be uninstalled.
Step 1
Step 2
Step 3
Sign in to the user's computer.
Download the MSI package to the computer hard drive.
Open the Windows Command prompt.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
122
Downloading and Mass Deploying Applications
Silent Removal of the Productivity Tools by using the Command Line Interface
Step 4
Step 5
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Run the MSI command to install WebEx Productivity Tools silently.
Parameter Name
Value
Description
OI
1
Enable Outlook Integration
0 (default)
Disable Outlook Integration
Restart the computer.
Silent Removal of the Productivity Tools by using the Command Line Interface
Administrators can sign in to a user’s computer and uninstall the Productivity Tools by using silent mode.
Step 1
Step 2
Step 3
Step 4
Sign in to the user's computer.
Download the MSI package to the computer hard drive.
Open the Windows Command prompt.
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Uninstall all components of the MSI package ptools.msi by entering the command msiexec.exe /q /x "ptools.msi".
Advertising WebEx Productivity Tools by using the SMS Per-System Unattended
After an update or an upgrade, you can use the Administration site to manually push the Productivity Tools
to your users or allow users to download Productivity Tools from the end-user Downloads page.
Refer to the "Configuring Your Download Settings" section of the Cisco WebEx Meetings Server Administration
Guide for more information.
If you are the Microsoft Systems Management Server 2003 (SMS) administrator, you can advertise the Cisco
WebEx Productivity Tools using the SMS per-system unattended program.
Step 1
Step 2
Create a package from the definition. See Creating a Package from a Definition, on page 127 for more information.
Change the program options for Per-system unattended before advertisement:
a) Right-click Per-system unattended and select Properties to open the Per-system unattended Program Properties
dialog box.
b) Select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
123
Downloading and Mass Deploying Applications
Removing Productivity Tools Components by Using the SMS Per-System Unattended Program
• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to interact
with this program.)
c) Select the General tab.
d) Append an additional parameter to the command line option to specify some options for Cisco WebEx Productivity
Tools:
• SITEURL=″http://sample.webex.com″ specifies the WebEx Site URL used by your company.
• Productivity Tools flags specify which component is enabled for WebEx Productivity Tools. The parameters
should be uppercase and the default value is 0 (Disabled).
In the following example, the initial command line is msiexec.exe /q ALLUSERS=2 /m MSIZWPBY /i
"ptools.msi".
Step 3
Advertise the program.
a) Right-click Per-system unattended.
b) Select All Tasks > Distribute Software.
c) Select Next in the Distribute Program Wizard.
d) Select the SMS Server and select Next.
e) Select the collection and select Next.
f) Enter the advertisement name in the Name field and select Next.
g) Specify whether the advertisement should apply to subcollections and select Next.
h) Specify when the program will be advertised and select Next.
i) Specify whether or not to assign the program and select Next.
j) Select Finish on the Completing the Distribute Program Wizard page.
k) Navigate to the \Site Database\System Status\Advertisement Status directory and check the advertisement status.
If you enable notification, the user will see a message indicating that the assigned program is going to run after the
program has been advertised. The assigned program will run silently.
Removing Productivity Tools Components by Using the SMS Per-System
Unattended Program
Perform the following procedure to remove Productivity Tools by using Microsoft Systems Management
Server 2003 (SMS):
SUMMARY STEPS
1. Create a new program and copy all the options from the “per-system unattended program” as described in
Advertising WebEx Productivity Tools by using the SMS Per-System Unattended, on page 123, and then
update the command line:
2. Advertise the program to the specified collection of work machines in the domain.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
124
Downloading and Mass Deploying Applications
Adding Productivity Tools by Using SMS Per-System Unattended
DETAILED STEPS
Step 1
Create a new program and copy all the options from the “per-system unattended program” as described in Advertising
WebEx Productivity Tools by using the SMS Per-System Unattended, on page 123, and then update the command line:
a) Right-click the blank area and then select New > Program.
b) Enter the program name and default command line.
c) In the Properties dialog box, select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to interact
with this program).
d) Update the command-line on the General tab.
e) Append REMOVE to the command line and specify the features that need to be removed.
Example:
If you want to remove OI, enter the following command: msiexec.exe /q ALLUSERS=2 /m MSII5HK3 /i "ptools.msi"
REMOVE="OI"
Step 2
Advertise the program to the specified collection of work machines in the domain.
Cisco WebEx Productivity Tools is updated on these machines silently.
Related Topics
Silent Installation Limitations for CWMS Applications When Using SMS, on page 122
Adding Productivity Tools by Using SMS Per-System Unattended
To add a component to the Productivity Tools, you must first run REMOVE and then run ADDSOURCE,
even though the component has not been installed before.
Step 1
Create a new program named Add-phase1, copy all the options from the “per-system unattended program,” and then
update the command line:
a) Right-click the blank area and then select New > Program.
b) Enter the program name and default command line.
c) On the properties dialog, select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to interact
with this program.)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
125
Downloading and Mass Deploying Applications
Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program
d) Update the command-line on the General tab.
Step 2
Step 3
Advertise the program to the specified collection of work machines in the domain.
Create a second program name, “Add-phrase2”, and copy all the options from the “per-system unattended program” and
then update the command line:
a) Right-click the blank area and then select New > Program.
b) Enter the program name and default command line.
c) On the properties dialog box, select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to interact
with this program).
d)
e)
f)
g)
Step 4
On the properties dialog box select, the Advanced tab.
Turn on Run another program first and select program Add-phase1.
Update the command-line on the General tab.
Append ADDSOURCE to the command line and specify the features that need to be added.
Advertise the program to the specified collection of work machines in the domain.
Cisco WebEx Productivity Tools are silently updated on these machines.
Related Topics
Silent Installation Limitations for CWMS Applications When Using SMS, on page 122
Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program
The SMS administrator can uninstall Cisco WebEx Productivity Tools by using the SMS per-system uninstall
program.
Step 1
Step 2
Use the SMS Installation package created in Creating a Package from a Definition, on page 127.
Advertise the per-system uninstall program to uninstall Cisco WebEx Productivity Tools.
Cisco WebEx Productivity Tools will be uninstalled on these machines silently.
Advertising the Program to Update the New Version of WebEx Productivity
Tools
Perform the following procedure to advertise the program to update to the new version of Cisco WebEx
Productivity Tools.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
126
Downloading and Mass Deploying Applications
Creating a Package from a Definition
Before You Begin
Before you install a maintenance release or upgrade your system to a newer release, your users must uninstall
Cisco WebEx Productivity Tools running on their desktops. After the upgrade, you can use the Administration
site to manually push the Productivity Tools to your users or users can download Productivity Tools from the
end-user Downloads page.
Sign in to the Administration site, select Settings > Downloads and disable the following settings:
• Auto update Cisco WebEx Productivity Tools
• Permit users to download WebEx desktop applications
Step 1
Create a new SMS installation package by using the WebEx Productivity Tools MSI package.
See Creating a Package from a Definition, on page 127 for more information.
Step 2
Change the program options for Per-system unattended before advertisement.
See Adding Productivity Tools by Using SMS Per-System Unattended, on page 125 for more information.
Step 3
Advertise the program. See Adding Productivity Tools by Using SMS Per-System Unattended, on page 125 for more
information.
The old Cisco WebEx Productivity Tools are removed and the new Cisco WebEx Productivity Tools are installed silently.
Creating a Package from a Definition
Step 1
Step 2
Step 3
Step 4
Open the SMS Administrator Console and select Site Database > Package.
Right-click Package.
Select New > Package From Definition.
On the Create Package from Definition wizard, select Next.
Step 5
Step 6
Step 7
Step 8
Select Browse to locate and select the WebEx Productivity Tools MSI package and then select Next.
Select Always obtain files from a source directory and then select Next.
Select Source directory location and then select Next.
Select Finish.
Mass Deployment of the Meetings Application
This section is designed to help your organization understand the tasks involved in installing Cisco WebEx
Meetings application. This section is a comprehensive guide that covers various types of installations, including
a single-computer installation and large-scale installations using Microsoft Systems Management Server 2003
(SMS).
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
127
Downloading and Mass Deploying Applications
Installing Cisco WebEx Meetings
Note
"Silent installation" means the application can be deployed silently but end-user configuration is necessary.
Related Topics
Silent Installation Limitations for CWMS Applications When Using SMS, on page 122
Installing Cisco WebEx Meetings
Before You Begin
The following prerequisites apply to the Cisco WebEx Meetings installer:
• Installing the Cisco WebEx MSI package requires administrator privileges. The MSI package is installed
to the default OS Programs folder which requires administrator privileges to access.
• The Cisco WebEx MSI package is developed for Windows Installer Service 2.0 or higher. If the local
machine is configured with an older version, an error message is displayed informing the user that a
newer version of the Windows Installer Service is required. Upon executing the MSI package, the user
is prompted with a basic MSI interface.
Step 1
Launch the installer on the user's computer.
The installation wizard appears with an introductory message.
Step 2
Step 3
Step 4
Select Next in the following dialogue boxes until you reach the installation dialogue box.
Select Install.
Select Finish when the installation is complete.
Uninstall Cisco WebEx Meetings Locally
You can sign in to a user's computer and uninstall the Cisco WebEx Meetings application from the Control
Panel or the WebEx folder on the local hard drive.
Before You Begin
The Cisco WebEx Meetings application is installed on a user's computer.
Step 1
Step 2
Sign in to the user's computer.
Delete the Cisco WebEx Meetings application using one of the following methods:
• Select Start > Control Panel > Programs and Features. From the list of programs, select Cisco WebEx Meetings
and then Uninstall/Change.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
128
Downloading and Mass Deploying Applications
Silent Installation of the Meetings Application by Using the Command Line
• Select Start > Computer > System (C:) > ProgramData folder > WebEx folder. Right-click atcliun.exe and
select Delete.
When you uninstall atcliun.exe from the WebEx folder, both the on-premises and cloud versions of the Cisco
WebEx Meetings application are removed, if both versions of the application were saved on the user's local
hard drive. However, when you uninstall the application using the Control Panel, only the on-premises version
of the application is uninstalled.
The Cisco WebEx Meetings application is unistalled from the user's computer.
Note
Silent Installation of the Meetings Application by Using the Command Line
Administrators can sign in to a user’s computer and install the WebEx Meetings application using silent mode.
Step 1
Step 2
Step 3
Step 4
Sign in to the user's computer.
Download the MSI package to the computer hard drive.
Open the Windows Command prompt.
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Enter the MSI command to install Cisco WebEx Meeting Applications silently.
Example:
Step 5
Enter msiexec /i onpremmc.msi /qn.
Restart the computer.
Silent Removal of the Meetings Application by using the Command Line
Interface
Administrators can sign in to a user’s computer and uninstall the Meetings application by using silent mode.
Step 1
Step 2
Step 3
Sign in to the user's computer.
Open the Windows Command prompt.
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Uninstall all components of the MSI package onpremmc.msi by entering the command msiexec/x onpremmc.msi/qn.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
129
Downloading and Mass Deploying Applications
Advertising CWMS by Using SMS Per-System Unattended
Advertising CWMS by Using SMS Per-System Unattended
A Microsoft Systems Management Server 2003 (SMS) administrator can advertise the availability of the
Cisco WebEx Meetings applications by using the Per-system Unattended program.
Before You Begin
Sign in to the Administration site and configure your Download settings to manually push the WebEx desktop
applications to the user's computer. Refer to the Configuring Your Download Settings section of the Cisco
WebEx Meetings Server Administration Guide for more information.
Step 1
Step 2
Create a package from the definition. See Creating a Package from a Definition, on page 127 for more information.
Change the program options for "Per-system unattended" before advertisement:
a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco WebEx
Meeting Application English > Programs.
b) Right click the Per-system unattended option and select Properties to open the Per-system unattended Program
Properties dialog box.
c) Select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
• For the Run mode option, select Run with administrative rights. Do not select Allow users to interact with
this program.
d) Select the General tab.
e) Append an additional parameter to the command line option to specify some options for the WebEx Meetings
application:
Example:
For example, the initial command line is: msiexec /i "onpremmc.msi" /qn
Step 3
Now you can advertise the program.
a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco WebEx
Meeting Application English > Programs.
b) Right-click Per-system unattended.
c) Select All Tasks > Distribute Software.
d) Select Next in the Distribute Program Wizard.
e) Select the SMS Server and select Next.
f) Select the collection and select Next.
g) Enter the advertisement name in the Name field and select Next.
h) Specify whether the advertisement should apply to subcollections and select Next.
i) Specify when the program will be advertised and select Next.
j) Specify whether to assign the program and select Next.
k) Select Finish on the Completing the Distribute Program Wizard page.
l) Navigate to the \Site Database\System Status\Advertisement Status directory and check the advertisement status.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
130
Downloading and Mass Deploying Applications
Uninstalling the Cisco WebEx Meetings Application by Using the SMS Per-System Uninstall Program
If you enable notification, the user will see a message indicating that the assigned program is going to run after the
program has been advertised. The assigned program will run silently.
Uninstalling the Cisco WebEx Meetings Application by Using the SMS
Per-System Uninstall Program
The SMS administrator can uninstall the Cisco WebEx Meetings application by using the SMS per-system
uninstall program.
Step 1
Step 2
Use the SMS Installation package created in Creating a Package from a Definition, on page 127.
Advertise the per-system uninstall program to uninstall the Cisco WebEx Meetings application.
The Cisco WebEx Meetings application is silently uninstalled on the specified machines.
Mass Deployment of the Network Recording Player
This section is a comprehensive guide that covers various types of installations, including a single-computer
installation and large-scale installations using Microsoft Systems Management Server 2003 (SMS).
Note
Network Recording Player files greater than 4 GB can only be played when accessed from a Web browser.
Related Topics
Silent Installation Limitations for CWMS Applications When Using SMS, on page 122
Installing Network Recording Player
Before You Begin
• Verify that you have administrator privileges on the target device, because the Cisco WebEx MSI package
is installed in the default OS Programs folder that requires such access.
• The Cisco WebEx MSI package was developed for Windows Installer Service 2.0 or higher. If the local
machine is configured with an older version of the installer, an error message appears informing the user
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
131
Downloading and Mass Deploying Applications
Silent Installation of the Recording Player by Using the Command Line
that to install this MSI package, a newer version of the Windows Installer Service is required. Upon
executing the MSI package, the user is prompted through the MSI interface.
Step 1
Launch the installer on the user's computer.
The installation wizard appears with an introductory message.
Step 2
Step 3
Step 4
Select Next on each of the dialogue boxes until the installation dialogue box appears.
Select Install.
Select Finish.
Silent Installation of the Recording Player by Using the Command Line
Administrators can sign in to a user’s computer and install the WebEx Recording Player by using silent mode.
Step 1
Step 2
Step 3
Step 4
Sign in to the user's computer.
Download the MSI package to the computer hard drive.
Open the Windows Command prompt.
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Enter the MSI command to install WebEx Recording Player silently.
Example:
Step 5
Enter msiexec/i nbr2player_onprem.msi/qn.
Restart the computer.
Silent Uninstallation of the Recording Player by Using the Command Line
Interface
Administrators can sign in to a user’s computer and remove Recording Player by using silent mode.
Step 1
Step 2
Step 3
Step 4
Sign in to the user's computer.
Download the MSI package to the computer hard drive.
Open the Windows Command prompt.
On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.
Uninstall all components of the MSI package onpremmc.msi by entering the command msiexec/i
nbr2player_onprem.msi/qn.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
132
Downloading and Mass Deploying Applications
Installation of CWMS Applications by Using Microsoft Systems Management Server 2003 (SMS)
Installation of CWMS Applications by Using Microsoft Systems Management
Server 2003 (SMS)
Advertising Cisco WebEx Network Recording Player Using the SMS Per-System Unattended
Program
If you are the SMS administrator, perform the following procedure to advertise the Cisco WebEx Network
Recording Player using the SMS per-system unattended program.
Before You Begin
Sign in to the Administration site and configure your Download settings to manually push the WebEx desktop
applications to the user's desktop. Refer to the "Configuring Your Download Settings" section of the Cisco
WebEx Meetings Server Administration Guide for more information.
SUMMARY STEPS
1. Create a package from the definition. See Creating a Package from a Definition, on page 127 for more
information.
2. Change the program options for "Per-system unattended" before advertisement:
3. Now you can advertise the program.
DETAILED STEPS
Step 1
Step 2
Create a package from the definition. See Creating a Package from a Definition, on page 127 for more information.
Change the program options for "Per-system unattended" before advertisement:
a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco WebEx
Network Recording Player English > Programs.
b) Right click the Per-system unattended option and select Properties to open the Per-system unattended Program
Properties dialog box.
c) Select the Environment tab.
• For the Program can run option, select Only when a user is logged on.
• For the Run mode option, select Run with administrative rights. Do not select Allow users to interact with
this program.
d) Select the General tab.
e) Append an additional parameter to the command line option to specify some options for the WebEx Meetings
application:
Example:
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
133
Downloading and Mass Deploying Applications
Installation of CWMS Applications by Using Microsoft Systems Management Server 2003 (SMS)
For example, the initial command line is: msiexec /i "nbr2player_onprem.msi" /qn
Step 3
Now you can advertise the program.
a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco WebEx
Network Recording Player English > Programs.
b) Right-click Per-system unattended.
c) Select All Tasks > Distribute Software.
d) Select Next in the Distribute Program Wizard.
e) Select the SMS Server and select Next.
f) Select the collection and select Next.
g) Enter the advertisement name in the Name field and select Next.
h) Specify whether the advertisement should apply to subcollections and select Next.
i) Specify when the program will be advertised and select Next.
j) Specify whether to assign the program and select Next.
k) Select Finish on the Completing the Distribute Program Wizard page.
l) Navigate to the \Site Database\System Status\Advertisement Status directory and check the advertisement status.
If you enable notification, the user will see a message indicating that the assigned program is going to run after the
program has been advertised. The assigned program will run silently.
Uninstalling the Cisco WebEx Network Recording Player Using the SMS Per-System Uninstall
Program
The SMS administrator can uninstall the Cisco WebEx Network Recording Player using the SMS per-system
uninstall program by performing the following procedure.
SUMMARY STEPS
1. Use the SMS Installation package created in Creating a Package from a Definition, on page 127.
2. Advertise the per-system uninstall program to uninstall the Cisco WebEx Network Recording Player.
DETAILED STEPS
Step 1
Step 2
Use the SMS Installation package created in Creating a Package from a Definition, on page 127.
Advertise the per-system uninstall program to uninstall the Cisco WebEx Network Recording Player.
The Cisco WebEx Network Recording Player will be uninstalled on the specified machines silently.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
134
Downloading and Mass Deploying Applications
Reconfiguring Settings After Performing an Update
Reconfiguring Settings After Performing an Update
After you perform an update of your Cisco WebEx Meetings Server (CWMS) software, you must update the
paths to your mass-deployed applications. (After an update, the Network Recording Player is automatically
updated the first time it is used to play a recording.)
For Mac systems the path is /Users/(Local
User)/Library/Application Support/WebEx Folder/.
For Windows systems, the path depends on the version, download type, and web browser type:
• Windows 7 and Windows Vista: <SystemDisk>\ProgramData\WebEx
• From Productivity Tools or WebEx Connect, use your Productivity Tools or WebEx Connect path.
• If you are using MSI installation, always use a unique path. Your system ignores the existing file.
• If you are using the download type with Windows 7, your system uses a unique path. In Windows XP,
if the GPC can find the registered table value, your system uses the existing folder. Otherwise the system
uses its own path, as described above.
Client applications on both Windows and Mac systems are automatically updated to maintain compatibility
with your updated system.
In a locked down environment, you must perform updates manually for Windows systems, but not for Mac
systems.
Note
The version of the Productivity Tools and Meetings Application that aligns with the version Cisco WebEx
Meeting Server can be found at Cisco WebEx Meetings Application and Productivity Tools Compatibility
Matrix, on page 179.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
135
Downloading and Mass Deploying Applications
Reconfiguring Settings After Performing an Update
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
136
CHAPTER
7
SAML SSO Configuration
• Overview of Single Sign-On, page 137
• Benefits of Single Sign-On, page 138
• Overview of Setting Up SAML 2.0 Single Sign-On, page 139
• SAML SSO for End-User and Administration Sign In, page 140
• SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and WebEx
Meetings Server, page 140
• SAML Assertion Attributes, page 145
Overview of Single Sign-On
Federated single sign-on (SSO) standards such as SAML 2.0 provide secure mechanisms for passing credentials
and related information between different websites that have their own authorization and authentication
systems. SAML 2.0 is an open standard developed by the OASIS Security Services Technical Committee.
The SAML 2.0 protocol has seen significant success, gaining momentum in financial services, higher education,
government, and other industry segments. SAML 2.0 support has been implemented by all major web-access
management vendors. The U.S. Government General Services Administration (GSA) requires all vendors
participating in the U.S. E-Authentication Identity Federation program to be SAML 2.0-compliant.
SAML 2.0-compliant websites exchange user credential information using SAML assertions. A SAML
assertion is an XML document that contains trusted statements about a subject including, for example, a
username and privileges. SAML assertions are digitally signed to ensure their authenticity.
Many large enterprises have deployed federated Identity and Access Management (IAM) and Identity Provider
(IdP) systems, such as Ping Identity Ping Federate, CA SiteMinder, Open AM, and Windows ADFS 2.0 on
their corporate intranets. These IAM and IdP systems handle the user authentication and SSO requirements
for employees and partners. IAM and IdP systems use the SAML protocols to interoperate with partner
websites outside their firewalls. Users can utilize their IAM and IdP systems to automatically authenticate
their users to Cisco WebEx Meeting services. This increases efficiency because users do not have to remember
their usernames and passwords to start or join meetings on their Cisco WebEx sites.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
137
SAML SSO Configuration
Benefits of Single Sign-On
Note
WebEx Meetings Server supports SAML 2.0 IdPs only. It does not support IdPs based on the older SAML
1.1 and WS-Federate standards. This restriction stands in contrast to the cloud-based Cisco WebEx Meeting
services which continue to support SAML 1.1 and WS-Federate. The following is a list of SAML 2.0 IdPs
that have been validated to work with Cisco WebEx Meetings Server:
• Microsoft ADFS 2.0 (a free add-on to Microsoft Windows Server 2008/Windows Server 2008 R2
or AD FS server role in Windows Server 2012)
• Microsoft ADFS 3.0 (AD FS server role in Windows Server 2012)
• Ping Identity Ping Federate 6.6.0.17
• Forgerock Open AM 10.0.0
• CA SiteMinder 6.0 SP5
Because SAML 2.0 is an open standard, other SAML 2.0 IdPs might also operate with Cisco WebEx
Meetings Server. However, other SAML 2.0 IdPs have not been tested by Cisco. It is therefore the
administrator's responsibility to make any such integration operational.
Benefits of Single Sign-On
Single sign-on (SSO) can benefit you in the following ways:
• Simplified user authentication—Out of the box, Cisco WebEx Meetings Server requires users to sign
in using email addresses and passwords that are specific to the Meetings Server system. While this
approach works well for some small and mid-sized organizations, larger organizations prefer using
corporate credentials—that is, Active Directory—for enhanced security. You can accomplish this by
using SAML 2.0 SSO.
Note
Secure authentication—The SSO password is never sent to or stored in Cisco WebEx
Meetings Server after the user authenticates.
• Simplified user management—Large organizations with changing workforces due to normal attrition
prefer to automate the process of user management when integrating with WebEx Meetings Server. This
means automating the following:
• User account creation when employees join the organization
• User account updates when employees take on different roles within the organization
• User account deactivation when employees leave the organization
You can achieve automation for these events by configuring Auto Account Creation and Auto Account
Update in the SSO section of the Cisco WebEx Meetings Server Administration site. We recommend
that you turn on these features if they are also supported by your SAML IdPs. User accounts are
automatically created and updated "on demand" when users authenticate, eliminating the need to create
user accounts manually. Similarly, users can no longer sign into their accounts after they leave the
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
138
SAML SSO Configuration
Overview of Setting Up SAML 2.0 Single Sign-On
organization, because the SAML 2.0 IdP blocks those users from signing in after they are removed from
the database, which is usually a proxy for the underlying corporate directory.
Overview of Setting Up SAML 2.0 Single Sign-On
Important
Caution
Unless you or someone in your organization has experience with SAML 2.0 single sign-on (SSO), we
recommend that you engage the services of a qualified Cisco AUC partner or Cisco Advanced Services.
We make this recommendation because SAML SSO configuration can be complicated.
If the SAML response has a carriage return in any of the fields, then the update, account creation, and
authentication fails. Although the SAML provider calculates the digital signature with the carriage return,
Cisco WebEx Meetings Server removes the carriage return causing the digital signature to be invalid.
Review these general steps for setting up SAML 2.0 SSO:
1 Ensure that your SAML 2.0 SSO infrastructure is in place and is integrated with your corporate directory.
This consists of setting up the SAML 2.0 IdP software and the SSO authentication website. The
authentication website is a portal where users enter their corporate credentials.
2 Ensure that users can access the SSO authentication website. This step is important because, as part of the
sign-in process, Cisco WebEx Meetings Server redirects users to this authentication website.
3
Note
If your Cisco WebEx Meetings Server system is enabled for public access, allowing users to sign in and
join meetings from the Internet, it is critical to ensure that the SSO authentication website is also accessible
from the Internet. This usually implies deploying the SAML 2.0 IdP in your DMZ. Otherwise, users see
"404 site not found" errors when signing in to Cisco WebEx Meetings Server from the Internet.
4 Connect WebEx Meetings Server to the SAML 2.0 IdP by using both of these methods:
• Select Settings > Security > Federated SSO on your Cisco WebEx Meetings Server Administration
site and set the IdP parameters. (See the Configuring Federated Single Sign-On (SSO) Settings section
in the Cisco WebEx Meetings Server Administration Guide.)
• Follow the instructions in your SAML 2.0 IdP documentation. Note that these instructions vary from
vendor to vendor. We recommend that you contact a qualified Cisco AUC partner or Cisco Advanced
Services to help you implement the solution.
Note
Do not use the instructions found on the Cisco Developer Network to set up a SAML
2.0 IdP. Those instructions are intended for cloud-based Cisco WebEx meeting services
and do not work with Cisco WebEx Meetings Server.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
139
SAML SSO Configuration
SAML SSO for End-User and Administration Sign In
SAML SSO for End-User and Administration Sign In
SAML SSO is typically configured only for sign-in purposes on the End-User site and not the Administration
site. On SAML 2.0 SSO-integrated Cisco WebEx Meetings Server sites the behavior mirrors SaaS WebEx
behavior when it comes to user authentication. A Cisco WebEx Meetings Server administrator (and an SaaS
WebEx administrator) can sign in to an end-user account using SAML SSO but must sign in to an administrator
account on the same system using a separate password. This ensures that in the event of catastrophic failures
on the SAML SSO iDP, an administrator will still be able to access the Administration site. Without this
failsafe, you might encounter a situation in which the Administration site becomes inaccessible not because
of a product failure but because of a problem with the SAML SSO IdP software. The SAML SSO IdP software
is on a server that is external to Cisco WebEx Meetings Server (or SaaS WebEx) and therefore outside of our
control.
SAML 2.0 Single Sign-On Differences Between Cloud-Based
WebEx Meeting Services and WebEx Meetings Server
While the cloud-based Cisco WebEx meeting services employ unique user IDs when creating users accounts,
Cisco WebEx Meetings Server uses email addresses as the basis for creating user accounts. When deploying
SAML 2.0 single sign-on (SSO) note that the cloud-based Cisco WebEx Meeting services permit removal of
the email domain, such as "@cisco.com," from the UPN (User Principal Name) when auto account creation
is turned on. This results in the creation of a user account that resembles a user ID. Because Cisco WebEx
Meetings Server requires a complete email address to create user accounts, you cannot remove the email
domain from the UPN.
The Identity Provider (IdP) server can use any unique Active Directory (AD) field as the NameID for an SSO
configuration. If you use SSO and you change the email address for an active user, change the mapping for
the NameID field on the IdP server.
You can deploy Cisco WebEx Meetings Server without SAML 2.0 SSO and after the deployment, turn on
SSO. Doing so has the following important effects on the user authentication, auto account creation, and auto
account update features:
Scenario
User
Authentication
Behavior
Auto Account
Creation (AAC)
On
SSO is not
turned on. User
accounts were
created in the
CWMS system.
Users sign in by N/A
using their email
addresses and
unique
passwords.
AAC Off
Auto Account
Update (AAU)
On
AAU Off
N/A
N/A
N/A
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
140
SAML SSO Configuration
SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and WebEx Meetings Server
Scenario
User
Authentication
Behavior
Turn on SSO.
Users with
existing
accounts sign
in to their
WebEx site,
WebEx
Productivity
Tools, or the
Cisco WebEx
Meetings
applications on
their mobile
devices.
Users are
N/A
redirected to the
SAML 2.0 IdP
authentication
website and sign
in by using their
corporate
credentials,
instead of unique
passwords.
SSO is turned
on.
Same as the
previous
scenario.
Users do not
have existing
accounts in the
system.
Auto Account
Creation (AAC)
On
AAC Off
Auto Account
Update (AAU)
On
AAU Off
N/A
N/A
N/A
Users that do not N/A
have accounts in
the system can
sign in, cannot
access but Cisco
WebEx. To
remedy this
situation:
N/A
If they are not
valid users, they
are informed by
the SAML 2.0
IdP that they
cannot use Cisco
WebEx or that
they are invalid
users.
User accounts
for Cisco
WebEx
Meetings are
created
"on-demand"
after users sign
in.
Prerequisite: The
SAML Assertion
contains a valid
email address in
the NameID
field.
SSO is turned Same as the
on. Users
"Turn on SSO"
previously
scenario.
signed in are
using SSO and
are signing in
again.
N/A
• Leave AAC
on.
• Manually
create user
accounts.
N/A
Existing user
N/A
accounts are
automatically
updated with
any changes to
the user
credentials as
long as the
NameID
remains
unchanged.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
141
SAML SSO Configuration
SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and WebEx Meetings Server
Scenario
User
Authentication
Behavior
You turn off
SSO. (This is
an uncommon
scenario.)
Auto Account
Creation (AAC)
On
If users enter
N/A
their corporate
credentials, they
cannot sign in
because Cisco
Users
WebEx expects
previously
their email
signed in by
using SSO and addresses and
are now signing unique
passwords. In
in again.
this situation,
educate the users
about resetting
the unique
passwords in
their Cisco
WebEx accounts
and allow them
enough time to
act before you
turn off SSO.
AAC Off
Auto Account
Update (AAU)
On
AAU Off
N/A
N/A
N/A
After resetting
their passwords,
users can sign in
by using their
email addresses
and unique
passwords.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
142
SAML SSO Configuration
SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and WebEx Meetings Server
Scenario
User
Authentication
Behavior
Auto Account
Creation (AAC)
On
AAC Off
Auto Account
Update (AAU)
On
Special case: A
user is also a
system
administrator.
Scenario A:
Same results as
the previous
scenario.
Scenario A: Same Scenario A:
results as the
Same results as
previous scenario. the previous
Scenario B: N/A. scenario.
Scenario A:
The user signs
in to the
WebEx Site.
Scenario B:
N/A.
Scenario B:
N/A.
AAU Off
Scenario A:
Same results as
the previous
scenario.
Scenario B:
N/A.
Scenario B:
The user signs
in to the Cisco
WebEx
Administration
site.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
143
SAML SSO Configuration
SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and WebEx Meetings Server
Scenario
User
Authentication
Behavior
Auto Account
Creation (AAC)
On
AAC Off
Scenario A:
Same results as
the previous
scenario.
Scenario B:
When the user
signs in to the
Cisco WebEx
Administration
site, he or she is
always prompted
to enter their
email address
and unique
password; SSO
has no effect
when a user signs
into the Cisco
WebEx
Administration
site.
This is a security
measure built
into the product.
It ensures that
systems
administrators
can always sign
in to the Cisco
WebEx
Administration
site.
If the Cisco
WebEx
Administration
site were to
support SSO,
then
malfunctions in
the SAML 2.0
IdP or a loss of
network
connectivity
between Cisco
WebEx Meetings
Server and the
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
144
Auto Account
Update (AAU)
On
AAU Off
SAML SSO Configuration
SAML Assertion Attributes
Scenario
User
Authentication
Behavior
Auto Account
Creation (AAC)
On
AAC Off
Auto Account
Update (AAU)
On
AAU Off
SAML 2.0 IdP
might result in
systems
administrators
being unable to
sign in and
manage the
product.
SAML Assertion Attributes
The following tables list the SAML assertion attributes supported by Cisco WebEx Meetings Server. Make
sure to configure the lastname, firstname, email, and updatetimestamp attributes. Automatic update does
not work unless the updatetimestamp attribute is configured.
Supported SAML Assertion Attributes
Attribute Name
Attribute Meaning
Mandatory for Auto Input Value Range
Create User
lastname
Yes
firstname
Yes
email
Yes
Valid email format
Comments
Always mandatory,
even if Auto
Account Creation
and update are
disabled in the SSO
configuration.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
145
SAML SSO Configuration
Supported SAML Assertion Attributes
Attribute Name
Attribute Meaning
Mandatory for Auto Input Value Range
Create User
updatetimestamp
The user
information update
time
No
Comments
Support format
If the
updateTimeStamp is
long format:
missing, you cannot
sample:
perform an auto
System.currentTimeMillis() update user,
normally mapped to
LDIF format:
the whenChanged
yyyyMMddHHmmss item if the IdP is
linked to AD.
yyyy-MM-dd
HH:mm:ss
sample:
20090115213256
UTC format
("2009-10-09T06:00:32Z")
optionalparams
No
See Optional
Parameters, on
page 149.
OPhoneCountry
No
Office phone
country code
OPhoneArea
No
Office phone area
OPhoneLocal
No
Enter numerical
Office phone local
characters only. For
example, 5551212.
Do not enter
non-numerical
characters such as
dashes or
parentheses.
OPhoneExt
No
Office phone
extension
FPhoneCountry
No
Alternate phone
country code
FPhoneArea
No
Alternate phone
area
FPhoneLocal
No
Alternate phone
local
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
146
SAML SSO Configuration
Supported SAML Assertion Attributes
Attribute Name
Attribute Meaning
Mandatory for Auto Input Value Range
Create User
Comments
FPhoneExt
No
Alternate phone
extension
PPhoneCountry
No
Alternate phone 2
country code
PPhoneArea
No
Alternate phone 2
area
PPhoneLocal
No
Alternate phone 2
local
PPhoneExt
No
Alternate phone 2
extension
MPhoneCountry
No
Mobile phone
country code
MPhoneArea
No
Mobile phone area
MPhoneLocal
No
Mobile phone local
MPhoneExt
No
Mobile phone
extension
TimeZone
No
See Time Zone
Values, on page
149.
Address1
No
Address1
Address2
No
Address2
City
No
City
State
No
State
ZIP code
No
ZIP code
Country
No
See Country Code
Values, on page
152.
Region
No
See Region Values,
on page 162.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
147
SAML SSO Configuration
Supported SAML Assertion Attributes
Attribute Name
Attribute Meaning
Language
Mandatory for Auto Input Value Range
Create User
Comments
No
See Language
Values, on page
163.
TC1
String
No
Tracking Code
Index 1
Group 1 entered by
user on the
Administration site
TC2
String
No
Tracking Code
Index 2
Group 2 entered by
user on the
Administration site
TC3
String
No
Tracking Code
Index 3
Group 3 entered by
user on the
Administration site
TC4
String
No
Tracking Code
Index 4
Group 4 entered by
user on the
Administration site
TC5
String
No
Tracking Code
Index 5
Group 5 entered by
user on the
Administration site
TC6
String
No
Tracking Code
Index 6
Group 6 entered by
user on the
Administration site
TC7
String
No
Tracking Code
Index 7
Group 7 entered by
user on the
Administration site
TC8
String
No
Tracking Code
Index 8
Group 8 entered by
user on the
Administration site
TC9
String
No
Tracking Code
Index 9
Group 9 entered by
user on the
Administration site
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
148
SAML SSO Configuration
Optional Parameters
Attribute Name
Attribute Meaning
Mandatory for Auto Input Value Range
Create User
TC10
String
No
Comments
Tracking Code
Index 10
Group 10 entered by
user on the
Administration site
Optional Parameters
You can set the optionalparams setting as follows:
• <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic'
Name="optionalparams">
• <saml:AttributeValue xsi:type="xs:string">City=Toronto</saml:AttributeValue >
• <saml:AttributeValue xsi:type="xs:string">AA=OFF</saml:AttributeValue >
• <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic' Name="City">
• <saml:AttributeValue xsi:type="xs:string">Toronto</saml:AttributeValue>
• <saml:Attribute NameFormat="urn:oasis:names:tc:SAML:2.0:attrname-format:basic' Name="AA">
• <saml:AttributeValue xsi:type="xs:string">OFF</saml:AttributeValue>
Time Zone Values
Time Zone
Value
Marshall Islands (Dateline Time, GMT-12:00)
0
Samoa (Samoa Time, GMT-11:00)
1
Honolulu (Hawaii Time, GMT-10:00)
2
Anchorage (Alaska Daylight Time, GMT-08:00)
3
San Francisco (Pacific Daylight Time, GMT-07:00) 4
Arizona (Mountain Time, GMT-07:00)
5
Denver (Mountain Daylight Time, GMT-06:00)
6
Chicago (Central Daylight Time, GMT-05:00)
7
Mexico City (Mexico Daylight Time, GMT-05:00)
8
Saskatchewan (Central Time, GMT-06:00)
9
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
149
SAML SSO Configuration
Time Zone Values
Time Zone
Value
Bogota (S. America Pacific Time, GMT-05:00)
10
New York (Eastern Daylight Time, GMT-04:00)
11
Indiana (Eastern Daylight Time, GMT-04:00)
12
Halifax (Atlantic Daylight Time, GMT-03:00)
13
La Paz (S. America Western Time, GMT-04:00)
14
Newfoundland (Newfoundland Daylight Time,
GMT-02:30)
15
Brasilia (S. America Eastern Standard Time,
GMT-03:00)
16
Buenos Aires (S. America Eastern Time, GMT-03:00) 17
Mid-Atlantic (Mid-Atlantic Time, GMT-02:00)
18
Azores (Azores Summer Time, GMT)
19
Reykjavik (Greenwich Time, GMT)
20
London (GMT Summer Time, GMT+01:00)
21
Amsterdam (Europe Summer Time, GMT+02:00)
22
Paris (Europe Summer Time, GMT+02:00)
23
Berlin (Europe Summer Time, GMT+02:00)
25
Athens (Greece Summer Time, GMT+03:00)
26
Cairo (Egypt Time, GMT+02:00)
28
Pretoria (South Africa Time, GMT+02:00)
29
Helsinki (Northern Europe Summer Time,
GMT+03:00)
30
Tel Aviv (Israel Daylight Time, GMT+03:00)
31
Riyadh (Saudi Arabia Time, GMT+03:00)
32
Moscow (Russian Time, GMT+04:00)
33
Nairobi (Nairobi Time, GMT+03:00)
34
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
150
SAML SSO Configuration
Time Zone Values
Time Zone
Value
Tehran (Iran Daylight Time, GMT+04:30)
35
Abu Dhabi, Muscat (Arabian Time, GMT+04:00)
36
Baku (Baku Daylight Time, GMT+05:00)
37
Kabul (Afghanistan Time, GMT+04:30)
38
Ekaterinburg (West Asia Time, GMT+06:00)
39
Islamabad (West Asia Time, GMT+05:00)
40
Mumbai (India Time, GMT+05:30)
41
Colombo (Colombo Time, GMT+05:30)
42
Almaty (Central Asia Time, GMT+06:00)
43
Bangkok (Bangkok Time, GMT+07:00)
44
Beijing (China Time, GMT+08:00)
45
Perth (Australia Western Time, GMT+08:00)
46
Singapore (Singapore Time, GMT+08:00)
47
Taipei (Taipei Time, GMT+08:00)
48
Tokyo (Japan Time, GMT+09:00)
49
Seoul (Korea Time, GMT+09:00)
50
Yakutsk (Yakutsk Time, GMT+10:00)
51
Adelaide (Australia Central Standard Time,
GMT+09:30)
52
Darwin (Australia Central Time, GMT+09:30)
53
Brisbane (Australia Eastern Time, GMT+10:00)
54
Sydney (Australia Eastern Standard Time,
GMT+10:00)
55
Guam (West Pacific Time, GMT+10:00)
56
Hobart (Tasmania Standard Time, GMT+10:00)
57
Vladivostok (Vladivostok Time, GMT+11:00)
58
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
151
SAML SSO Configuration
Country Code Values
Time Zone
Value
Solomon Is (Central Pacific Time, GMT+11:00)
59
Wellington (New Zealand Standard Time,
GMT+12:00)
60
Fiji (Fiji Time, GMT+12:00)
61
Stockholm (Sweden Summer Time, GMT+02:00)
130
Tijuana (Mexico Pacific Daylight Time, GMT-07:00) 131
Chihuahua (Mexico Mountain Daylight Time,
GMT-06:00)
132
Caracas (S. America Western Time, GMT-04:30)
133
Kuala Lumpur (Malaysia Time, GMT+08:00)
134
Recife (S. America Eastern Time, GMT-03:00)
135
Casablanca (Morocco Daylight Time, GMT+01:00) 136
Tegucigalpa (Honduras Time, GMT-06:00)
137
Nuuk (Greenland Daylight Time, GMT-02:00)
138
Amman (Jordan Daylight Time, GMT+03:00)
139
Istanbul (Eastern Europe Summer Time, GMT+03:00) 140
Kathmandu (Nepal Time, GMT+05:45)
141
Rome (Europe Summer Time, GMT+02:00)
142
West Africa (West Africa Time, GMT+01:00)
143
Madrid (Europe Summer Time, GMT+02:00)
144
Country Code Values
Country
Code
Afghanistan
93
Albania
355
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
152
SAML SSO Configuration
Country Code Values
Country
Code
Algeria
213
American Samoa
1684
Andorra
376
Angola
244
Anguilla
1264
Antarctica
672_1
Antigua (including Barbuda)
1268
Argentina
54
Armenia
374
Aruba
297
Ascension Islands
247
Australia
61
Austria
43
Azerbaijan
994
Bahamas
1242
Bahrain
973
Bangladesh
880
Barbados
1246
Belarus
375
Belgium
32
Belize
501
Benin
229
Bermuda
1441
Bhutan
975
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
153
SAML SSO Configuration
Country Code Values
Country
Code
Bolivia
591
Bosnia_Herzegovina
387
Botswana
267
Brazil
55
British Virgin Islands
1284
Brunei
673
Bulgaria
359
Burkina Faso
226
Burundi
257
Cambodia
855
Cameroon
237
Canada
1_1
Cape Verde Island
238
Cayman Islands
1_9
Central African Republic
236
Chad Republic
235
Chile
56
China
86
Colombia
57
Comoros
269_1
Cook Islands
682
Costa Rica
506
Croatia
385
Cuba
53
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
154
SAML SSO Configuration
Country Code Values
Country
Code
Cyprus
357
Czech Republic
420
Denmark
45
Diego Garcia
246
Djibouti
253
Dominica
1767
Dominican Republic
1809
Ecuador
593
Egypt outside Cairo
20
El Salvador
503
Equatorial Guinea
240
Eritrea
291
Estonia
372
Ethiopia
251
Faeroe Islands
298
Falkland Islands
500
Fiji Islands
679
Finland
358
France
33
French Depts. (Indian Ocean)
262
French Guiana
594
French Polynesia
689
Gabon Republic
241
Gambia
220
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
155
SAML SSO Configuration
Country Code Values
Country
Code
Georgia
995
Germany
49
Ghana
233
Gibraltar
350
Greece
30
Greenland
299
Grenada
1473
Guadeloupe
590
Guantanamo (U.S. Naval Base)
53_1
Guatemala
502
Guinea
224
Guinea-Bisau
245
Guyana
592
Haiti
509
Honduras
504
Hong Kong
852
Hungary
36
Iceland
354
India
91
Indonesia
62
Iran
98
Iraq
964
Ireland
353
Israel
972
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
156
SAML SSO Configuration
Country Code Values
Country
Code
Italy
39_1
Ivory Coast
225
Jamaica
1876
Japan
81
Jordan
962
Kazakhstan
7_1
Kenya
254
Kiribati
686
Korea (North)
850
Korea (South)
82
Kuwait
965
Kyrgyzstan
996
Laos
856
Latvia
371
Lebanon
961
Lesotho
266
Liberia
231
Libya
218
Liechtenstein
423
Lithuania
370
Luxembourg
352
Macao
853
Macedonia
389
Madagascar
261
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
157
SAML SSO Configuration
Country Code Values
Country
Code
Malawi
265
Malaysia
60
Maldives
960
Mali
223
Malta
356
Marshall Islands
692
Mauritania
222
Mauritius
230
Mayotte Island
269
Mexico
52
Micronesia
691
Moldova
373
Monaco
377
Mongolia
976
Montserrat
1664
Morocco
212
Mozambique
258
Myanmar
95
Namibia
264
Nauru
674
Nepal
977
Netherlands
31
Netherlands Antilles
599_2
New Caledonia
687
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
158
SAML SSO Configuration
Country Code Values
Country
Code
New Zealand
64
Nicaragua
505
Niger
227
Niue
683
Norfolk Island
672
Northern Mariana Islands
1670
Norway
47
Oman
968
Pakistan
92
Palau
680
Panama
507
Papua New Guinea
675
Paraguay
595
Peru
51
Philippines
63
Poland
48
Portugal
351
Puerto Rico
1787
Qatar
974
Romania
40
Russia
7
Rwanda
250
San Marino
378
Sao Tome
239
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
159
SAML SSO Configuration
Country Code Values
Country
Code
Saudi Arabia
966
Senegal Republic
221
Serbia
381
Seychelles Islands
248
Sierra Leone
232
Singapore
65
Slovakia
421
Slovenia
386
Solomon Islands
677
Somalia
252
South Africa
27
Spain
34
Sri Lanka
94
St. Helena
290
St. Kitts and Nevis
1869
St. Lucia
1758
St. Pierre and Miguelon
508
St. Vincent
1784
Sudan
249
Suriname
597
Swaziland
268
Sweden
46
Switzerland
41
Syria
963
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
160
SAML SSO Configuration
Country Code Values
Country
Code
Taiwan
886
Tajikistan
992
Tanzania
255
Thailand
66
Togo
228
Tonga Islands
676
Trinidad and Tobago
1868
Tunisia
216
Turkey
90
Turkmenistan
993
Turks and Caicos
1649
Tuvalu
688
Uganda
256
Ukraine
380
United Arab Emirates
971
United Kingdom
41
United States of America
1
Uruguay
598
Uzbekistan
998
Vanuatu
678
Vatican City
39
Venezuela
58
Vietnam
84
Wallis and Futuna Islands
681
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
161
SAML SSO Configuration
Region Values
Country
Code
Western Samoa
685
Yemen
967
Zambia
260
Zimbabwe
263
Region Values
Region
Value
United States
2
Australia
3
Canada
4
French Canada
5
China
6
France
7
Germany
8
Hong Kong
9
Italy
10
Japan
11
Korea
12
New Zealand
13
Spain
14
Switzerland
15
Taiwan
16
United Kingdom
17
Mexico
18
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
162
SAML SSO Configuration
Language Values
Region
Value
Argentina
19
Chile
20
Colombia
21
Venezuela
22
Brazil
23
Portugal
24
Belgium
25
Netherlands
26
Russia
28
India
29
Language Values
Language
Value
Castellon Spanish
11
Dutch
14
English
1
French
7
German
9
Italian
10
Japanese
5
Korean
6
Latin American Spanish
12
Portuguese
15
Russian
16
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
163
SAML SSO Configuration
Language Codes
Language
Value
Simplified Chinese
3
Traditional Chinese
4
Language Codes
Language
Country Code
Castellon Spanish
34
Chinese
852, 853, 886
Dutch
31, 32
French
33, 242, 243
German
41, 43, 49
Italian
39
Japanese
81
Korean
82
Latin American Spanish
52, 54, 56, 57, 58
Mandarin
86
Portuguese
55, 351
Russian
7
U.K. English
44, 61, 64, 91
U.S. English
1
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
164
CHAPTER
8
Storage Requirements
• Storage Requirements for Meeting Recordings, page 165
• Storage Requirements for System Backup Files, page 166
Storage Requirements for Meeting Recordings
You can configure a storage server of any capacity. The number of Cisco WebEx recordings saved is dependent
upon the amount of storage space configured.
When a user marks a recording for deletion, immediately it is no longer available from the user interface. It
is maintained in storage for three to six months. Therefore, recordings can be copied, backed up, or used for
up to six months despite being marked for deletion by the user. (If a user inadvertently deletes a recording
from the Cisco WebEx Meeting Recordings page, but the recording is saved on the Network File System
(NFS) storage server, you must contact the Cisco Technical Assistance Center (TAC) to recover the recording.)
If the recordings on your system do not consume over 75 percent of the allocated space in a three-month
period, recordings are deleted after six months. If the recordings consume over 75 percent of the allocated
space at any point in a three-month period, the system automatically deletes the first 10 files that have been
set for deletion by a user.
For example, a user identifies two files for deletion today, and then five files tomorrow, and then nine files
the day after tomorrow. If the storage usage exceeds the 75 percent threshold, the system deletes the first two
files after three months, the next five files the next day, and then it deletes the first three of the nine files
marked for deletion the day after that.
If your organization requires you to store more than six months of meeting recording, periodically archive
the recordings to other media.
The following table provides an estimate of the amount of storage space needed for one hour of recording.
Use these values to help you estimate the amount of storage space required by your system for six months of
meeting recordings.
Meeting Content
Approximate Storage Space Needed for a One Hour Meeting
Recording
Application sharing
36 MB
Voice
30 MB
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
165
Storage Requirements
Storage Requirements for System Backup Files
Meeting Content
Approximate Storage Space Needed for a One Hour Meeting
Recording
180p video
104 MB
360p video
337 MB
Webcam videos are stored at the original resolution for the meeting recording. However, when playing back
the recording the video resolution is restricted to 180p video.
Storage Requirements for System Backup Files
Considerations when determining the storage space required for backups:
• The number of users
• The average number of meetings held each day
• The size of your database, which will increase over time
• With HA deployments, there can be lags in transaction journal transport due to network latency or a
high system load during the replication of data. This can increase the size of a backup file.
The Dashboard shows the approximate storage requirements for a system backup. Allow enough space on
the storage server for at least three times the indicated backup size.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
166
CHAPTER
9
SNMP MIBs and Traps Supported
This section describes the MIBs available on your system. When you access your MIB data you will expose
additional MIBs not listed in this section. The additional MIBs you expose through the process are primarily
used internally for things like inter-virtual machine management. Cisco does not support customer-side
SNMP monitoring that uses these MIBs, nor is there any guarantee that these MIBs will be used in future
releases of Cisco WebEx Meetings Server.
• Supported SNMP MIBs, page 167
• Supported SNMP Traps, page 171
Supported SNMP MIBs
The SNMP MIB ftp://ftp.cisco.com/pub/mibs/v2/CISCO-WBX-MEETING-MIB.my is supported by Cisco
WebEx Meetings Server. Not all MIB variables are applicable to Cisco WebEx Meetings Server or to all
Cisco WebEx Meetings Server deployment types. For example, data center related MIBs do not apply to
Cisco WebEx Meetings Server systems.
CWMS System Information MIBS
Object
21
cwCommSystemVersion
OID
Description
.1.3.6.1.4.1.9.9.809.1.1.1
Cisco WebEx system version.
.1.3.6.1.4.1.9.9.809.1.1.2
The sysObjectID as defined in
SNMPv2-MIB.
Type: String
cwCommSystemObjectID
Type: Autonomous
21 All objects in this table are read only (RO).
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
167
SNMP MIBs and Traps Supported
CPU-Related MIBs
CPU-Related MIBs
Object
Read/Write OID
Privilege
Description
cwCommCPUTotalUsage
RO
.1.3.6.1.4.1.9.9.809.1.2.1.1
Percentage of CPU usage
by a host component. The
total CPU usage contains
CPU user usage, CPU
system usage, and CPU
nice usage. The CPU user
time: CPU time spent in
user space. The CPU
system time: CPU time
spent in kernel space. The
CPU nice time: CPU time
spent on low priority
processes.
RW
.1.3.6.1.4.1.9.9.809.1.2.1.2
Duration (in seconds)
before a notification (trap)
is sent indicating a CPU
usage has crossed a
normal/minor/major
threshold and remains at
the new threshold.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.3
Number of CPUs on the
system.
Type: Gauge32
cwCommCPUUsageWindow
Type: Gauge32
cwCommCPUTotalNumber
Type: Gauge32
cwCommCPUUsageTable
Not-accessible .1.3.6.1.4.1.9.9.809.1.2.1.4
Type: n/a
cwCommCPUIndex
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.1 Unique CPU identifier.
Each CPU has its own
usage and breakdown
values.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.2 CPU name. For example,
Intel® Xeon™ CPU
3.00GHz.
Type: Unsigned
cwCommCPUName
Type: String
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
168
A list of CPU usage
registers on the device.
SNMP MIBs and Traps Supported
CPU-Related MIBs
Object
Read/Write OID
Privilege
cwCommCPUUsage
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.3 Percentage of total CPU
resources used. Usually
GHz is used for
measuring CPU power.
Since GHz is too large for
measuring some CPU
usage categories, KHz is
used as the measuring
unit. The system speed
multiplies by the fraction
of each CPU section (for
example, idle, nice, user)
to get the CPU KHz for
each category. KHz is
used as the unit of
measure for all the CPU
categories in this table.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.4 CPU power executed in
user mode.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.5 CPU power executed on
low priority processes.
Nice is a program found
on UNIX and Linux. It
directly maps to a kernel
call of the same name.
Nice is used to invoke a
utility or shell script with
a particular priority, thus
giving a process more or
less CPU time than other
processes.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.6 CPU power executed in
kernel mode.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.7 CPU power in idle status.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.8 CPU power used when
waiting for disk I/O to
complete.
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.9 CPU power used when
handling an interrupt
request.
Type: Gauge32
cwCommCPUUsageUser
Type: Gauge32
cwCommCPUUsageNice
Type: Gauge32
cwCommCPUUsageSystem
Type: Gauge32
cwCommCPUUsageIdle
Description
Type: Gauge32
cwCommCPUUsageIOWait
Type: Gauge32
cwCommCPUUsageIRQ
Type: Gauge32
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
169
SNMP MIBs and Traps Supported
CWMS Memory Information
Object
Read/Write OID
Privilege
cwCommCPUUsageSoftIRQ
RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.10 CPU power used when
handling a software
interrupt request.
RO
Type: Gauge32
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.11 CPU power used on other
tasks when running in a
virtualized environment.
cwCommCPUUsageCapacitySubTotal RO
.1.3.6.1.4.1.9.9.809.1.2.1.4.1.12 Current total CPU power.
Type: Gauge32
cwCommCPUUsageSteal
Description
Type: Gauge32
cwCommCPUMonitoringStatus
RO
.1.3.6.1.4.1.9.9.809.1.2.1.5
Type: String
Monitoring status of CPU
resources:
• closed
(0)—Resource not
available.
• open(1)—Resource
is available.
cwCommCPUCapacityTotal
RO
.1.3.6.1.4.1.9.9.809.1.2.1.6
Overall CPU capacity.
Type: Gauge32
CWMS Memory Information
22
Object
OID
cwCommMEMUsage
.1.3.6.1.4.1.9.9.809.1.2.2.1 Physical memory usage of the virtual
machine.
Type: Gauge32
cwCommMEMMonitoringStatus
Type: String
Description
.1.3.6.1.4.1.9.9.809.1.2.2.2 Monitoring status of the memory
resource:
closed (0)—Resource not available.
open(1)—Resource is available.
cwCommMEMTotal
Type: Gauge32
cwCommMEMSwapUsage
Type: Gauge32
.1.3.6.1.4.1.9.9.809.1.2.2.3 Total physical memory size (in KB) of
the host.
.1.3.6.1.4.1.9.9.809.1.2.3.1 Physical memory usage (in percentage)
and swap memory usage of the host.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
170
SNMP MIBs and Traps Supported
Disk Usage
Object
22
OID
Description
cwCommMEMSwapMonitoringStatus .1.3.6.1.4.1.9.9.809.1.2.3.2 This object provides the monitoring
status of memory and swap memory.
Type: String
closed (0)—The memory and swap
memory status is available.
open(1)—The memory and swap
memory status is not available.
22 All objects in this table are read only (RO).
Disk Usage
Object
23
OID
Description
cwCommDiskUsageCount
.1.3.6.1.4.1.9.9.809.1.2.5.1
Count of how many disks (for
example, local disk, remote disk,
meeting recording disk) available
in the system.
cwCommDiskUsageIndex
.1.3.6.1.4.1.9.9.809.1.2.5.2.1.1
Index of entries in the table that
contain management information
generic to the disk usage.
cwCommDiskPartitionName
.1.3.6.1.4.1.9.9.809.1.2.5.2.1.2
Disk partition name. For example,
the partition /opt or /dev.
cwCommDiskUsage
.1.3.6.1.4.1.9.9.809.1.2.5.2.1.3
Current disk usage (in percentage)
on the host.
cwCommDiskTotal
.1.3.6.1.4.1.9.9.809.1.2.5.2.1.4
Total disk space size (in MB) of
this host.
cwCommDiskMonitoringStatus
1.3.6.1.4.1.9.9.809.1.2.5.3
Monitoring status of disk resources.
close (0)—The disk usage status is
not available.
open (1)—The disk usage status is
available.
23 All objects in this table are read only (RO).
Supported SNMP Traps
The SNMP traps supported by Cisco WebEx Meetings Server.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
171
SNMP MIBs and Traps Supported
Notification Events
Notification Events
cwCommSystemResourceUsageNormalEvent (.1.3.6.1.4.1.9.9.809.0.1)
Notification when a system resource usage changes from the normal status. System can send out this notification
in the event:
• The cwCommCPUUsage value of one CPU changes to be less than the value of pre-defined CPU Minor
Threshold.
• The value of cwCommMEMUsage changes to be less than the value of a pre-defined MEM Minor Threshold.
• The value of cwCommMEMSwapUsage changes to be less than in the pre-defined MEM SwapMinor Threshold.
• The value of cwCommFileUsage changes to be less than the pre-defined File Minor Threshold.
• The value of cwCommDiskUsage on one disk changes to be less than the pre-defined Disk Minor Threshold.
cwCommSystemResourceUsageMinorEvent (.1.3.6.1.4.1.9.9.809.0.2)
Notification when a system resource usage changes from the minor status. The minor notification means the
system has some issues and the system administrator must resolve them. System can send out this notification
in the event:
• The cwCommCPUUsage value of one CPU changes to be larger than or equal to the value of pre-defined
CPU Minor Threshold and be less than cwCommCPUMajorThreshold.
• The cwCommMEMUsage value changes to be larger than or equal to the value of the pre-defined MEM
Minor Threshold and be less than the pre-defined MEM Major Threshold.
• The cwCommMEMSwapUsage value changes to be larger than or equal to the value of pre-defined MEM
Swap Minor Threshold and be less than the pre-defined MEM Swap Major Threshold.
• The cwCommFileUsage value changes to be larger than or equal to the value of pre-defined File Minor
Threshold and be less than the pre-defined File Major Threshold.
• The cwCommDiskUsage value of one disk changes to be larger than or equal to the value of pre-defined
Disk Minor Threshold and be less than the pre-defined Disk Major Threshold.
cwCommSystemResourceUsageMajorEvent (.1.3.6.1.4.1.9.9.809.0.3)
This notification indicates system resource usage changes to the major status. The major notification means
the system is in critical state and it required the system administrator to take action immediately. The system
can send out this notification in the event:
• The cwCommCPUUsage value of one CPU changes to be larger than or equal to the value of pre-defined
CPU Major Threshold.
• The cwCommMEMUsage value changes to be larger than or equal to the value of pre-defined MEM Major
Threshold.
• The cwCommMEMSwapUsage value changes to be larger than or equal to the value of pre-defined MEM
Swap Major Threshold.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
172
SNMP MIBs and Traps Supported
Trap Data
• The cwCommFileUsage value changes to be larger than or equal to the value of pre-defined File Major
Threshold.
• The cwCommDiskUsage value of one disk changes to be larger than or equal to the value of pre-defined
Disk Major Threshold.
Trap Data
Supported trap data. We recommend that you set your MIB filter to only receive these traps.
Name
OID
Textual
Convention
Description
cwCommNotificationHostAddressType .1.3.6.1.4.1.9.9.809.1.2.4.1 InetAddressType
Type of the network address
made available through
cwCommNotificationHostAddress.
cwCommNotificationHostAddress .1.3.6.1.4.1.9.9.809.1.2.4.2 InetAddress
The host IP address sent with
the notification.
cwCommNotificationResName .1.3.6.1.4.1.9.9.809.1.2.4.3 CiscoWebExCommSysRes The system resource name sent
with the notification. It
indicates the named system
resource has exceeded
pre-defined warning levels.
0. cwCommTtoalCPUUsage
1. cwCommMemUsage
2. cwCommMemSwapUsage
3. open file descriptor (no MIB
data)
4. cwCommSocketUsage
5. one of the
cwCommDiskTotal
cwCommNotificationResValue .1.3.6.1.4.1.9.9.809.1.2.4.4 Unsigned32
System resource percentage
usage value with notification.
cwCommNotificationSeqNum .1.3.6.1.4.1.9.9.809.1.2.4.5 Counter32
Sequence number that tracks
the order of the notifications.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
173
SNMP MIBs and Traps Supported
Trap Data
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
174
CHAPTER
10
User System Requirements
The system requirements for end users to host and access meetings.
• Common PC System Requirements , page 175
• Operating System Requirements for Windows, page 176
• Operating System Requirements for MAC, page 177
• Operating Systems Requirements for Mobile Devices, page 178
• Citrix XenDesktop and XenApp Support , page 179
• Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, page 179
• About Host Licenses, page 181
Common PC System Requirements
Cisco WebEx Meeting Server (CWMS) system requirements common to browsers and operating systems.
The requirements for the administrator PC and the Productivity Tools user PC are the same.
Client and Browser Requirements
• JavaScript and cookies enabled
• Java 6, Java 7, or Java 8 (for web browsers that support Java) enabled
• Cisco WebEx plug-ins enabled for Chrome 32 and later or Firefox 27 and later
• Plug-ins enabled in Safari
• Active X enabled and unblocked for Microsoft Internet Explorer (recommended)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
175
User System Requirements
Operating System Requirements for Windows
Note
Because of Google and Mozilla policy changes, starting with Chrome 32 and Firefox 27, some users must
manually enable the WebEx plug-in when using these browsers24 to join a WebEx meeting or to play a
WebEx recording. For more information and instructions, visit https://support.webex.com/webex/meetings/
en_US/chrome-firefox-join-faq.htm.
If a client is using a browser other than the specified versions of Chrome or Firefox and have Java enabled,
the Cisco WebEx Meetings application automatically downloads onto the client system the first time that
client starts or joins a meeting. We recommend that you direct all clients to install the latest update for
your Java version.
TLS Requirements
Configure Internet settings on all user computers to use TLS encryption. For example, on a Windows PC
select Control Panel > Internet Options > Advanced > Security > Use TLS 1.1 and Use TLS 1.2. We
recommend selecting both options for maximum compatibility. (Use TLS 1.0 is not supported in versions 2.7
or higher.)
If your users host meetings for guests, such as people who do not work for your company, tell those meeting
guests to manually update their operating systems and browsers that they must match the TLS setting before
they join your meetings. If they do not modify their systems, they will experience compatibility issues. We
recommend that you include these instructions in your meeting invitations. You can do this by editing the
appropriate meeting invitations available on your Administration site at Settings > Email > Templates.
Operating System Requirements for Windows
Supported Windows Operating Systems
• Windows Vista (32-bit/64-bit)
• Windows 7 (32-bit/64-bit)
• Windows 8 (32-bit/64-bit)
• Windows 8.1 (32-bit/64-bit)
• Windows 10 (32-bit/64-bit) (CWMS 2.6MR1 and higher)
• Edge (Windows 10 only) 20.10240.16384.0 to 38.14393.00
Note
Support for Microsoft Windows 10 Redstone 1, also known as Windows 10 Anniversary Update (Version
1607),was added in CWMS version 2.7.
Windows Hardware Requirements
Intel Core2 Duo or AMD CPU 2.XX GHz or higher processor.
24 The exact versions of Chrome and Firefox that are impacted by this policy have not been finalized as of the publishing of this document.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
176
User System Requirements
Operating System Requirements for MAC
A minimum of 2 GB of RAM is recommended.
Supported Windows Browsers
• Mozilla Firefox: 10—50
Mozilla Firefox: 34 - 37 tested in version 2.5MR4
See the Firefox release schedule at https://wiki.mozilla.org/RapidRelease/Calendar
• Google Chrome: 23 - 54.0.2840.99
Google Chrome: 39 - 42 tested in version 2.5MR4
See the Chrome release schedule at http://www.chromium.org/developers/calendar
Microsoft Outlook Integration
• Microsoft Outlook 2007 SP2 and later
• Microsoft Outlook 2010 (32-bit and 64-bit editions; all service packs)
Cisco Jabber for Windows Integration
• Cisco Jabber for Windows 9.2.6
• Cisco Jabber for Windows 9.6.1
• Cisco Jabber for Windows 9.7
• Cisco Jabber for Windows 10.5
• Cisco Jabber for Windows 11.0
• Cisco Jabber for Windows 11.5 (CWMS 2.6MR1)
• Cisco Jabber for Windows 11.6
• Supports Cisco WebEx Meetings Server with LDAP/Active Directory integration.
Restriction
Jabber for Windows 9.2.6 supports integration with Cisco WebEx Meetings Server 1.5 and later sites that
are configured for SAML 2.0 single sign-on (SSO). Earlier versions of Jabber for Windows do not support
single sign-on.
Not all Cisco Jabber versions or platforms support integration with Cisco WebEx Meetings Server. (For
example, cloud-based Jabber and WebEx Communicator.) For information about integrating with Cisco
WebEx Meetings Server, see the Cisco Jabber for Windows documentation at http://www.cisco.com/en/US/
products/ps12511/tsd_products_support_series_home.html.
Operating System Requirements for MAC
Supported Mac Operating Systems
• Mac OS X 10.9 Mavericks
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
177
User System Requirements
Operating Systems Requirements for Mobile Devices
• OS X 10.11 El Capitan (CWMS 2.6MR1)
• OS X 10.12 Sierra (CWMS 2.7MR2)
Mac Hardware Requirements
2.0 GHz or higher CPU.
A minimum of 512 MB of RAM is recommended.
Supported Mac Browsers
• Apple Safari: 6—9.1.3
• Google Chrome: 23— 53.0.2743.116
See the Chrome release schedule at http://www.chromium.org/developers/calendar
• Mozilla Firefox: 10—48.1
Cisco Jabber for Mac Integration
The following Cisco Jabber for Mac integrations are supported for Cisco WebEx Meetings Server sites that
are configured for SAML 2.0 single sign-on (SSO) or LDAP/Active Directory.
• Cisco Jabber for Mac 11.6 supports integration with Cisco WebEx Meetings Server Release 2.6 and
later
• Cisco Jabber for Mac 10.5 supports integration with Cisco WebEx Meetings Server Release 2.5 and
later
• Cisco Jabber for Mac 9.6 supports integration with Cisco WebEx Meetings Server Release 2.0 and later
Operating Systems Requirements for Mobile Devices
After manually downloading the Cisco WebEx application into iOS or Android and the WebEx mobile feature
is enabled, a user can use the application to attend or start a meeting. A user can also access Cisco WebEx on
a mobile device by using a browser, but it might not provide the same optimal user experience.
Cisco WebEx Meeting Server version 2.0 and higher supports:
• Apple iPhones and iPads using iOS 6.0 and later.
• Android mobile devices using Android 2.1 and later.
• Jabber for iPhones and for Android 9.6 and later.
Note
You cannot playback recording on mobile device. If you started a meeting by using an Android mobile
device, you can start and manage the recording of a meeting. If you started a meeting by using an iOS
mobile device, you cannot start or manage the recording of a meeting on the iOS device.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
178
User System Requirements
Citrix XenDesktop and XenApp Support
Citrix XenDesktop and XenApp Support
Cisco Webex Meeting Server supports Citrix XenDesktop 7.6 where the host operating system and virtual
operating system are both Windows 7 or Windows 8. (The host operating system is the operating system
installed on the end user's computer. The virtual operating system is the operating system delivered by the
server.)
Known Issues and Limitations
• Due to an architectural limitation of the virtual desktop environment, sending video might not function
smoothly. In addition, when sending video in a meeting, the frame rate might be low, resulting in a
less-than-optimal user experience.
• Some video files cannot be shared in a virtual desktop environment.
• When running a Mac OS, the web cam and microphone (either external or integrated) might not be
recognized and available for use in a meeting.
• Remote Access and Access Anywhere are not supported because the Remote Access and Access
Anywhere agents are automatically removed by the underlying Citrix platform when the operating system
restarts.
• Productivity Tools users cannot start a One Click meeting or start a scheduled meeting from Outlook .
Cisco WebEx Meetings Application and Productivity Tools
Compatibility Matrix
This table lists the build numbers for the WebEx Meetings application and Productivity Tools downloads for
each release of Cisco WebEx Meetings Server.
Cisco WebEx Meetings
Server Release
ISO Number
Cisco WebEx Productivity Cisco WebEx Meetings
Tools
Application
1.5 MR3
1.5.1.323
2.80.501.321
27.32.151.321
1.5 MR4
1.5.1.402/1.5.1.400
2.80.501.401
27.32.151.401
1.5 MR5
1.5.1.503
2.80.501.503
27.32.151.503 (Windows)
orion1.5.MR3.FCS.0.0.503
(Mac)
2.025
2.0.1.2
2.82.0.1713
27.32.200.1713
2.0 MR1
2.0.1.107
2.82.0.1713
27.32.200.1713
2.0 MR2
2.0.1.205
2.82.0.1713
27.32.200.1713
2.0 MR3
2.0.1.302
2.82.1.302
27.32.200.302
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
179
User System Requirements
Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix
Cisco WebEx Meetings
Server Release
ISO Number
Cisco WebEx Productivity Cisco WebEx Meetings
Tools
Application
2.0 MR4
2.0.1.407
2.82.1.407
27.32.200.407
orion2.0.MR4.0.0.407
(MAC OS)
2.0MR5
2.0.1.507
2.82.1.507
27.32.201.507 (Windows)
orion2.0.MR5.0.0.507
(Mac)
2.0MR6
2.0.1.611
2.82.1.606
27.32.200.606 (Windows)
orion2.0.MR6.0.0.606
(Mac)
2.0MR7
2.0.1.707
2.82.1.701
27.32.201.701 (Windows)
orion2.0.MR7.0.0.701
(Mac)
2.0MR8
2.0.1.809
2.82.1.701
27.32.201.701 (Windows)
orion2.0.MR7.0.0.701
(Mac)
2.0MR8 Security patch 1 2.0.1.839
2.82.1.839
27.32.201.839 (Windows)
orion2.0.MR8.0.0.839
(Mac)
2.0MR9
2.0.1.918
2.82.1.910
27.32.201.910 (Windows)
orion2.0.MR9.0.0.910
(Mac)
2.5
2.5.1.29
2.82.500.2353
29.9.2.10085 (Windows
and Mac)
2.5MR1
2.5.1.132
2.82.500.3339
29.11.3.4858 (Windows
and Mac)
2.5MR2
2.5.1.227
2.82.501.10002
29.12.0.10076 (Windows
and Mac)
2.5MR3
2.5.1.3009
2.82.501.10008
29.12.0.10076 (Windows
and Mac)
2.5MR4
2.5.1.4378
2.82.502.8
29.13.11.10173
(Windows and Mac)
2.5MR5
2.5.1.5033
2.82.502.9
29.13.12.10182
(Windows and Mac)
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
180
User System Requirements
About Host Licenses
Cisco WebEx Meetings
Server Release
ISO Number
Cisco WebEx Productivity Cisco WebEx Meetings
Tools
Application
2.5MR6
2.5.1.6139
2.82.502.11
29.13.41.30001
(Windows and Mac)
2.6
2.6.1.39
2.82.502.1078
30.1.0.20002 (Windows
and Mac)
2.6MR1
2.6.1.1099
2.82.6501.1082
30.5.2.10002 (Windows
and Mac)
2.6MR2
2.6.1.2097
2.82.6520.1083
30.6.4.10003 (Windows
and Mac)
2.6MR3
2.6.1.3096
2.82.6520.1090
30.10.1.10008 (Windows
and Mac)
2.7
2.7.1.12
2.82.7000.1150
31.4.0.41 (Windows and
Mac)
2.7MR1
2.7.1.1073
2.82.7000.1159
31.5.20.63 (Windows and
Mac)
2.7MR2
2.7.1.2048
2.82.7000.1161
31.8.0.167 (Windows and
Mac)
2.7MR3
2.7.1.3047
2.82.7000.1178
31.14.4.5 (Windows and
Mac)
2.8
2.8.1.19
2.82.7000.1174
31.11.6.9 (Windows and
Mac)
2.8MR1
2.8.1.1023
2.82.7000.1178
31.17.1.9 (Windows and
Mac)
25 No longer available.
About Host Licenses
This product has Host-based Licensing requiring that you purchase a license for each user that hosts meetings
or is manually assigned a license. A user does not consume a Host license by attending or scheduling a meeting
on behalf of others. The license usage calculation for reporting purposes occurs once per month, for example,
once from January 1 through 31, and once from February 1 through 28, and so forth.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
181
User System Requirements
About Host Licenses
Note
When upgrading from a previous version, all licenses that were on the original system are released from
their assignment to users. Users can reacquire licenses by hosting meetings or being manually assigned
licenses. This is also true when installing a Multi-data Center (MDC) system. Host licenses are lost on
the data center joining the MDC system. Those licenses can be re-hosted on the MDC system after the
join.
From the Reports page, you can request a report that provides the total number of licenses consumed. In
addition, we recommend that you view the PDF Summary Report that shows license consumption trends. By
viewing the overall license trend, you can plan for future license purchases more effectively, to match the
growing adoption of this system within your company.
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
182
CHAPTER
11
Cisco WebEx Meetings Server Integration and
Audio Endpoint Compatibility
• Cisco Unified Communications Manager (CUCM) Integration, page 183
• Session Manager Edition (SME) Integration, page 183
• Audio Endpoint Compatibility, page 184
Cisco Unified Communications Manager (CUCM) Integration
Cisco WebEx Meetings Server Release 2.8 is compatible with the following releases of Cisco Unified
Communications Manager:
• 11.5(1)SU1
• 11.0(1a)
• 10.5.2
• 10.5
• 10.0
• 9.1
• 9.0
Note
In CWMS 2.7 and later, support for TLS 1.0 was removed (CSCuu40706). Support for TLS 1.2 was
introduced in CUCM versions 10.5 and later.
Session Manager Edition (SME) Integration
CWMS supports Session Manager Edition (SME).
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
183
Cisco WebEx Meetings Server Integration and Audio Endpoint Compatibility
Audio Endpoint Compatibility
Unified MP users can choose Cisco WebEx as the web conferencing provider when scheduling a Unified MP
meeting. Cisco WebEx integration is available in Cisco Unified MP 6.0.2 and later releases. Voice and video
conferencing are provided by Unified MP. Voice and video dial-in information must be provided to WebEx
users in order for them to join the meeting, or they can use the out-dial feature that is available in WebEx to
join the meeting.
Audio Endpoint Compatibility
You can use any standards-based audio endpoint that connects to Cisco Unified Communications Manager
to join a WebEx meeting. The supported audio endpoints include the Cisco IP Phones, Telepresence endpoints,
and PSTN devices such as mobile phones and land line phones. Many audio endpoints support audio and
video connectivity. However, only audio connectivity to the Cisco WebEx Meetings Server is supported.
To permit users from outside the organization to join WebEx meetings by using PSTN devices, your company
must deploy Analog-to-VoIP Gateways, such as Cisco Integrated Service Routers (ISR). The IP phones listed
below have been tested with Cisco WebEx Meetings Server:
• Cisco 7960
• Cisco 7970
• Cisco 7971
• Cisco 7940
• Cisco 9951
• Cisco 9971
• Cisco 7980 (Tandberg)
• Cisco 7975
• Cisco E20
• Cisco Telepresence (CTS 1100)
• Cisco IP Communicator
• Lifesize video phone
• Tandberg 1000
• Tandberg 1700
• Polycom
• Cisco Cius
• C20
• EX 60
• EX 90
Other Cisco UC-compatible endpoints should also operate normally. For a list of Cisco Unified IP Phones
supported by Cisco Unified Communications Manager and the Device Packs available for each model, see
Cisco Unified IP Phone Feature and Cisco Unified Communications Manager Device Pack Compatibility
Matrix .
Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.8
184
Download PDF
Similar pages