requirements and installation of the nefsis dedicated server

NEFSIS TRAINING SERIES
Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document)
Requirements and Implementation Guide (Rev5-113009)
REQUIREMENTS AND INSTALLATION OF THE
NEFSIS DEDICATED SERVER
Nefsis® Training Series
© 2008-2009 Nefsis. All Rights Reserved
9350 Waxie Way • Suite 100
San Diego, CA 92123
Table of Contents
Minimum Hardware Requirements......................................... 4
Server hardware and software ............................................... 4
Virtualization environments .................................................... 4
Network Requirements .......................................................... 4
Before you being the installation ............................................ 5
Overview ............................................................................... 6
Designing the server placement ............................................ 7
Preparing the server(s) for deployment ........................................ 7
Installing the server ...................................................................... 7
Caveats: ....................................................................................... 8
Configure NAT to the APS and VCS ...................................... 9
Firewall NAT mappings ................................................................ 9
Publish Using DNS NAT mappings ............................................ 10
Using the default Nefsis parent domain URL ....................... 11
Using a custom parent domain in your URL......................... 12
URL in the web browsers ........................................................... 13
How to define your custom URL ................................................ 13
Defining the URL in the Nefsis portal ............................................. 14
URL in the Nefsis Conferencing Client ....................................... 14
What next? .......................................................................... 16
2
Testing and using your Nefsis Dedicated server ........................ 16
Creating Nefsis accounts ........................................................... 16
Methods to enter a conference .................................................. 17
Alternative method for hosting or entering a conference ............ 17
How does the dedicated server work? ................................. 18
Deployment diagrams .......................................................... 19
3
Minimum Hardware Requirements
This document covers the requirements and steps for installing the Nefsis
Dedicated Server in a customer’s datacenter. The hardware and software
requirements defined in this document are the minimum required for this
product. The installation process applies only to this version and is subject to
change.
Server hardware and software
•
•
•
•
•
•
Intel Core2Duo 2.0GHz
2GB RAM for each server component (APS & VCS)
4GB hard drive space for each server component (APS & VCS)
2 static IP addresses
Windows Server 2003
Dot NET Framework 3.5 installed with the latest updates
Virtualization environments
•
•
•
•
•
One dedicated CPU
2GB RAM available for Nefsis server components (APS & VCS)
4GB of available hard drive space for each Nefsis server component (APS &
VCS)
Windows Server 2003 SP3 or Windows Server 2008
Dot NET Framework 3.5 installed with the latest updates
2 static IP addresses - One for each Nefsis server component (APS & VCS)
Note: Organizations can split the APS and VCS components onto separate
servers as an option. In that scenario, each server can use their existing IP
address providing there are no existing web servers (IIS or Apache) running in
Windows.
Network Requirements
Below are the requirements for setting up a Nefsis Dedicated Server.
•
For internal meetings where all users are located behind the corporate
firewall, we recommend the server have at least 10 Mbps of upstream and
downstream bandwidth to all participants.
•
For meetings where there are a mix of users, some behind the firewall and
others connecting over the Internet, we recommend at least 6 Mbps of
upstream bandwidth to the Internet users.
4
TIP: Higher Internet bandwidth is preferred
•
If possible, open inbound TCP port 22, 23, 80, 443, 1270 and 37000 to the
VCS.
•
For best performance, increase TCP traffic priority for network traffic on
TCP port 22, 23, 1270 or 37000.
•
Do not turn on the deep packet inspection feature on the firewall.
The deep packet inspection feature will affect network performance and the
quality of conferences.
•
Disable the content filter feature on security devices to all Nefsis Dedicated
Servers.
Before you being the installation
Review the two emails that were sent to your primary Nefsis administrative contact.
1. The first email will contain the download links for the Nefsis dedicated server
and installation instructions.
2. The second email will contain the installation key and login information for
the Nefsis administrator.
Please contact your Nefsis account manager if you need assistance gathering this
information.
5
Overview
The information below will guide you in preparing and using your Nefsis dedicated
servers.
There are three main components needed to complete a Nefsis dedicated server
installation but you will only set up two (APS and VCS) on your network. The third
component is the managed by Nefsis in our secure datacenter. Here is an over of the
major server components;
1. The Nefsis backend (manage by the Nefsis corporation).
a. As a Nefsis administrator, you will need a Nefsis administrative
account and login credentials.
2. The Access Point Server (APS) -optional
a. Intended for users with the Nefsis Presence client application, which
is a Windows application,
b. Allow users to manage and enter conferences without using their
web browser,
c. View users in their Nefsis contact list (similar to an address list),
d. Send meeting invites.
3. The Virtual Conferencing Server (VCS) - required
a. The VCS is the central point where conferences are hosted when
active. Users who join conferences will connect directly to a VCS.
Note:
The two Nefsis server components (APS and VCS) are available in the same the setup.
The server administrator decides which component to install when the installation
starts.
The administrator can decide to install both components on the same physical server
or split the Nefsis servers onto separate Windows servers.
The information preceding this section will discuss the components in greater detail
and guide you with your decision.
6
Designing the server placement
You can deploy the Nefsis servers using one of the following layouts.
1. Placing the servers behind corporate firewall,
2. In a DMZ configured to use either NAT mode or transparent mode,
3. Co-locating the servers at a hosting center or on a leased server from any Internet
hosting company.
Preparing the server(s) for deployment
•
The server(s) assigned as Nefsis Dedicated Servers should have all the
necessary Microsoft updates applied.
•
The network adapter(s) should be configured for the highest link speed and
full duplex (100Mbps Full Duplex at a minimum.)
•
Ensure that no applications are running that could cause a port binding
conflict with either service. An example of a conflicting application would be
IIS and Apache web server.
The following TCP ports are required by each service for proper function.
•
APS: 80 (HTTP) and 443 (HTTPS) traffic.
•
VCS: 22 (Telnet), 23 (SSH), 80 (HTTP), 443 (HTTPS), 1270 (Opsman), 37000
(unregistered).
Note: The TCP port the VCS listens on.
Each service will need to bind to a unique, static IP address. You may use 2 network
adapters or a single adapter with two IP addresses assigned to it.
Installing the server
Download and run the dedicated server installer from the link that was sent to you
from customercare@nefsis.com. Please ensure you have your deployment key readily
available during the installation process.
7
Steps:
1. Start the installation.
2. Select components to install.
a. APS
b. VCS
c. Both
3. Select an installation location for the files. We strongly encourage using the
default installation path.
4. Use a descriptive name for the deployment. This should be the name of the
company or division.
5. Copy and paste your deployment key into the appropriate edit box.
6. Configure the IP address settings for the components you selected. The top
combo box only list IP addresses that are currently detected in the Windows
network configuration.
7. If you plan to publish the Nefsis server to the Internet or use a DNS reference,
you must specify the NAT IP address or FQDN in the Primary field.
8. Install or select an SSL certificate (Optional). The certificate must exist in the
Computer certificate store in the Personal folder.
9. Complete the installation.
Caveats:
•
Installations on Windows Server 2008 may require that the HTTP service is
restarted in order to properly bind to the correct IP addresses. This can be
done by either restarting the server or typing the following into a command
prompt:
a. net stop http
b. net start http
•
The APS and VCS services will require an internet connection in order to
communicate with the Nefsis database. Please ensure that the servers are
capable of accessing the internet without proxy authentication or content
filtering or your installation may be unusable.
8
Configure NAT to the APS and VCS
The Nefsis dedicated servers supports NAT to the APS and VCS. This is an advanced
section and requires a network engineer familiar with networking technologies, DNS,
IP addressing schemes, routing, and the ability to create NAT maps on a router or
firewall.
Below is an example of an APS and VCS set up in a corporate network running on two
Windows servers with NAT. The servers are configured as follows:
IP address on the Windows Servers
•
•
APS - 192.168.1.100
VCS - 192.168.1.101
Here are the additional requirements.
1. A NAT map on the router or firewall to the server’s private IP addresses,
2. Define the NAT address when installing the dedicated servers.
3. Skip this step if you plan to use the Nefsis parent domain.
If you plan to use your own parent domain name for your conferences, you
will need a custom DNS ‘A’ records on your internal DNS server.
4. Skip this step if you DO NOT plan to invite Internet users into your
conferences.
If you plan to invite Internet users into conferences, you will need to add a
custom ‘A’ record on your internal DNS server that points to the server’s
private IP address. Add a matching ‘A’ record on your Internet DNS server
that points to the server’s public NAT.
Firewall NAT mappings
NOTE: The IP addresses below labeled XXX.XXX.XXX.100 and XXX.XXX.XXX.101 are
the public IP addresses supplied by your ISP.
9
•
APS - 192.168.1.100 - NAT – Public IP ( example: XXX.XXX.XXX.100)
•
VCS - 192.168.1.101 - NAT – Public IP ( example: XXX.XXX.XXX.101)
Publish the DNS NAT mappings
Internal DNS configuration for APS
•
Create an ‘A’ record for the APS:
o conference.widgets.com – XXX.XXX.XXX.100
External DNS configuration for APS
•
Create an ‘A’ record for the APS
o conference.widgets.com – XXX.XXX.XXX.100
Internal DNS configuration for VCS
•
Create an ‘A’ record for the VCS:
o conference.widgets.com – 192.168.1.101
External DNS configuration for VCS
•
Create an ‘A’ record for the APS on an Internet DNS server:
o conference.widgets.com – XXX.XXX.XXX.101
IMPORTANT
You must confirm the route between the private and public NAT works before
continuing. One technique is to PING the public NAT IP adderss and verify if it
successful. In most NAT configurations, the only way to perform this test is to run it
from outside the networlk. In addition, you should run a continuous PING using the
PING <IP_address> -t switch to the public NAT IP and monitor the responses for any
errors or drop packets.
10
Using the default Nefsis parent domain URL
By default all Nefsis dedicated server accounts are assigned a URL consisting of
Nefsis.com as the parent domain. This setup requires minimal or no
management from the customer. It also removes the requirement for using
custom DNS records.
In this setup Nefsis will assign a sub domain supplied by the customer. Nefsis
will define the domain under the customer’s Nefsis account. Customers can
change it at a later time providing the name is available.
NOTE:
This is the recommendation configuration since Nefsis is a SaaS (Software as a
Service) solution and the dedicated server is designed to isolate real-time
conference traffics. Organizations with users distributed across geographical
locations and connected over a dedicated private line or VPN will benefit the
most from this setup.
Other additional benefits include greater network security, more control over
network bandwidth and access to encryption algorithms that complies with
NIST FIPS 140-2.
11
Using a custom parent domain in your URL
There are two primary areas in Nefsis where your URL is visible.
•
The web browser
•
The Nefsis conferencing client
12
URL in the web browsers
In this example you decide to use a non-nefsis.com parent domain. The Nefsis web
server can serve the nesseary web pages but it cannot use a HTTPS link. The main
reason for this is related with the parent domain and the CA certificate.
A note on security: The real-time conference session is not the same as a web
browser session. A Nefsis real-time conference is encrypted by default using SSL - RSA
1024 bit AES128 and the URL and FQD have no impact on client and server’s ability to
encryption network traffic. See image below.
How to define your custom URL
1. Log into the Nefsis portal using the owner account associated with the
dedicated server.
2. Click the My Personal Page link on the left side bar menu.
3. Click on the URL tab.
4. Enter your preferred domain in the Domain name field.
a. If you plan to use your own parent domain as shown in example 2,
you must, create a new DNS ‘A’ record and verify it points to the
following IP address: 128.121.149.212
b. If you plan to allow Internet users access into your conferences, the
DNS record must be resolvable on the Internet.
13
Defining the URL in the Nefsis portal
URL in the Nefsis Conferencing Client
Continuing from the above example, if you choose to use your own custom domain
and want that domain to appear in the Nefsis Conferencing Client, you must add the
URL in the domain field under section labeled My deployments. Here are the steps
for making this change.
1. Log into Nefsis with your Nefsis admin account
2. Click the My deployments link
3. Click the Edit link next to your dedicated server in the grid
14
4. Enter the URL in the Domain field.
5. Note: This field must match the URL in the My personal page section
15
What next?
Testing and using your Nefsis Dedicated server
Once the Nefsis dedicated server is set up, login into your dedicated portal with the
owner account associated with your Nefsis Dedicated server.
How to log into your Nefsis Portal
1. Open your web browser and visit your Nefsis portal (see the section titled
Custom URL).
Note: A predefined link to your Nefsis Portal is in the email that was sent to
you when you applied for the Nefsis Dedicated Server product. If you do not
have that information, please contact customercare@nefsis.com to request a
copy of the link.
2. Enter the login name and password associated with your Nefsis Dedicated
server.
Creating Nefsis accounts
Any user who wants to start and host a Nefsis conference must have an account on
the Nefsis system. Below are the steps to create new Nefsis accounts in Nefsis.
1. Log into the Nefsis.com website or the web portal assigned to your
organization,
2. Click the Add account link,
3. Enter the information. Note: The required fields are,
a. Email address,
b. Password,
c. Screen name,
d. First name,
16
e. Last name.
4. Click on Save changes to create the account,
5. After the account is created, the new user will need to validate the account
by clicking on a custom link in the confirmation email send to the user’s email
address. If you do not want your users to receive the confirmation email,
please inform your account manager for other account creation options.
Link to download the Nefsis Presence client (optional)
http://www.nefsis.com/default/deployment.html
Methods to enter a conference
After logging into the Nefsis, you can host conference on your Nefsis Dedicated server
using the options located on the left side bar menu. The options are,
1. Click the Enter personal meeting room link located in the left side navigation
menu (fastest method for entering a conference room).
2. Click Start quick conference, complete the information and select Start Now.
3. Click Schedule conference and complete the necessary information.
4. Click Join existing conference if you know the conference ID.
Note: You will enter a conference if you have an IP route to your Nefsis VCS.
Alternative method for hosting or entering a conference
The alternatively method for hosting or entering a conference is to use the Nefsis
Presence client. The Nefsis Presence client is a Windows application used for
managing conferences and contacts. Below are the steps for using the Nefsis
Presence client.
1. Start the Nefsis client.
2. Ensure that you are logged out of the client and the Login interface is visible.
17
3. Click on the ‘Connection settings’ link button below the ‘Login’ button.
4. Select ‘Use locally installed Nefsis’.
5. Enter the IP address of the APS server you installed.
6. Click on OK.
Components for hosting your Nefsis
dedicated server
There are three required components for a complete dedicated server setup and two
additional components which are optional. The five components are,
•
•
•
•
•
The Nefsis backend (required) –Managed by Nefsis
o This component is the main web services engine for web pages
(portals),
o authentication services,
o license management,
o balance load on conferencing servers,
o archives conferences (if needed),
Virtual Conferencing Server (required) – Managed by customer
o Central hub for all real-time conferences
o Acts as an intelligent real-time router
Nefsis Conferencing Client (required)
o Conferencing client for video, voice over IP, live sharing and many
more conferencing features.
Access Point Server (optional) – Managed by customer
o Managers contact list
o Message routing
o Conference management
Nefsis Presence Client (optional) – Managed by customer
o Allow host users quick access to conferences
o Manage conferences
o Manage contacts
18
Deployment diagrams
Option 1 - Placing the Nefsis server behind a corporate firewall.
Option 2 – Nefsis servers in a DMZ (transparent mode only)
Option 3 – Co-locating servers or using leased server from an Internet hosting company.
Example of setting up NAT for the Nefsis dedicated servers
Example of a transparent mode setup on a firewall
19
Option 1 – Placing the Nefsis server behind a corporate firewall
NOTE: You can use one Windows Server with two IP addresses or split the APS
and VCS on two dedicated Windows Servers.
20
Option 2 – Nefsis servers in a DMZ set for NAT or Transparent mode
21
Option 3 – Co-locating servers or using leased server from an Internet hosting
company.
22
Example of setup NAT for the Nefsis dedicated servers
23
Here is an example of a transparent mode setup for an interface on a firewall.
Note: The menu option varies with firewall manufacturers.
24
Download PDF
Similar pages