WebEx Meetings Server 2.7 | Webex Meetings Server | Webex Meetings Server | User guide | Planning Guide and System Requirements for Cisco WebEx

Configuring an IPv6 SIP Profile

103

103

CUCM Certificate Management by Using TLS

104

Uploading Cisco WebEx Meetings Server Certificates

104

Installing a Third-Party CUCM Certificate

105

Downloading CUCM Certificates

106

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7 v

Contents

C H A P T E R 7

Generating a Certificate Signing Request (CSR) for Version 2.6 and Higher

107

Generating a Certificate Signing Request (CSR) Version 2.5 and Lower

108

Configuring a SIP Trunk

110

111

Configuring a Route Group

112

113

Configuring a Route List

114

115

CUCM Feature Compatibility and Support

115

116

Audio Endpoint Compatibility

118

Downloading and Mass Deploying Applications 121

About Application Downloads

121

Downloading Applications from the Administration Site

122

Contents of the Application ZIP Files

123

Application Language Key

123

Productivity Tools ZIP File Contents

124

WebEx Meetings Client ZIP File Contents

124

Network Recording Player ZIP File Contents

125

Mass Deployment of Cisco WebEx Productivity Tools

126

Silent Installation of Productivity Tools by Using the Command Line

126

Silent Removal of the Productivity Tools by using the Command Line Interface

127

Limitations to the Silent Installation of CWMS Applications When Using SMS

127

Advertising WebEx Productivity Tools by using the SMS Per-System Unattended

127

Removing Productivity Tools Components by Using the SMS Per-System Unattended

Program

129

Adding Productivity Tools by Using SMS Per-System Unattended

129

Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program

131

Advertising the Program to Update the New Version of WebEx Productivity Tools

131

Creating a Package from a Definition

132

Mass Deployment of the Meetings Application

132

Installing Cisco WebEx Meetings

132

Uninstall Cisco WebEx Meetings Locally

133

Silent Installation of the Meetings Application by Using the Command Line

133

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Contents

C H A P T E R 8

C H A P T E R 9

Silent Removal of the Meetings Application by using the Command Line Interface

134

Limitations to the Silent Installation of CWMS Applications When Using SMS

134

Advertising CWMS by Using SMS Per-System Unattended

135

Uninstalling the Cisco WebEx Meetings Application by Using the SMS Per-System Uninstall

Program

136

Mass Deployment of the Network Recording Player

136

Installing Network Recording Player

136

Silent Installation of the Recording Player by Using the Command Line

137

Silent Uninstallation of the Recording Player by Using the Command Line Interface

137

Installation of CWMS Applications by Using Microsoft Systems Management Server 2003

(SMS)

138

Limitations to the Silent Installation of CWMS Applications When Using SMS

138

Advertising Cisco WebEx Network Recording Player Using the SMS Per-System Unattended

Program

138

Uninstalling the Cisco WebEx Network Recording Player Using the SMS Per-System

Uninstall Program

140

Reconfiguring Settings After Performing an Update

140

SAML SSO Configuration 141

Overview of Single Sign-On

141

Benefits of Single Sign-On

142

Overview of Setting Up SAML 2.0 Single Sign-On

143

SAML SSO for End-User and Administration Sign In

144

SAML 2.0 Single Sign-On Differences Between Cloud-Based WebEx Meeting Services and

WebEx Meetings Server

144

SAML Assertion Attributes

149

Supported SAML Assertion Attributes

149

153

153

156

166

167

168

Storage Requirements

169

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7 vii

Contents

C H A P T E R 1 0

C H A P T E R 1 1

C H A P T E R 1 2

Storage Requirements for Meeting Recordings

169

Storage Requirements for System Backup Files

170

SNMP MIBs and Traps Supported

171

Supported SNMP MIBs

171

CWMS System Information MIBS

171

CPU-Related MIBs

172

CWMS Memory Information

174

175

175

176

177

User System Requirements 179

Common PC System Requirements

179

Operating System Requirements for Windows

180

Operating System Requirements for MAC

183

Operating Systems Requirements for Mobile Devices

184

Citrix XenDesktop and XenApp Support

184

Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix

185

About Host Licenses

187

CWMS Integration with CUCM and Audio Endpoint Compatibility

189

Cisco Unified Communications Manager (CUCM) Integration

189

Session Manager Edition (SME) Integration

190

Audio Endpoint Compatibility

190

viii

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

WebEx System Requirements

This section provides an overview of hardware, CPU and memory, network, and storage requirements for

Cisco WebEx Meetings Server (CWMS).

•

General System Requirements, page 1

•

WebEx Productivity Tools, page 6

•

Users, page 6

•

Deployment Sizes For Your System, page 6

•

Requirements for vCenter Co-residency , page 7

•

Virtual Machines In Your System, page 7

•

Minimum Hardware Requirements, page 8

•

System Capacity Matrix, page 24

•

Release 2.7 Upgrade and Update Matrix, page 27

General System Requirements

Cisco WebEx Meetings Server (CWMS) is compatible with Cisco UCS servers that meet or exceed the specifications presented in this section.

Important

When you perform an upgrade to a major release of CWMS, such as to Release 2.0 or Release 2.5 from

Release 1.x, the ESXi hosts (Cisco UCS server) where the Admin virtual machine is located require a minimum of 1.5-TB of free disk space. Refer to the section in this document that describes the different size user systems that begin with the

. During an upgrade, there are two sets of virtual machines on your network at the same time; the original virtual machines running Release 1.x

and the upgrade virtual machines to support the new release. For more details, see the "Upgrading the

System" section in the CWMS Administration Guide at http://www.cisco.com/en/US/products/ps12732/ prod_installation_guides_list.html

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

General System Requirements

Module

Host server and processors

Network interfaces

The NICs between the ESXi hosts (for the

Cisco WebEx Meetings Server virtual machines) and the Ethernet switch (not to the external network interface).

Requirements Notes

Note

• Cisco UCS C-series rack server or equivalent B-series blade server.

• AES-NI instruction set support.

• 2.4 GHz or faster processor clock speed.

Third-party hardware is not supported.

• Minimum 1 physical NIC for a non-redundant configuration. See the

section for special requirements where the Internet Reverse Proxy

(IRP) and Admin virtual machine are sharing a host.

• Redundant configurations must have all NIC interfaces duplicated (teamed or bonded) and connected to an independent switching fabric.

• An additional NIC for the VMware management network

(optional).

Internal (DAS) Storage for ESXi hosts where internal virtual machines are deployed

• Minimum of 4 drives in a RAID-10 or RAID-5 configuration

• Minimum of 1.5-TB usable storage for new system deployments or upgrades.

• When you upgrade to CWMS Release 2.X from Release

1.X, the ESXi hosts each require from 172 to 1118-GB free disk space depending on the size of your system and the virtual machines. Refer to the section in this document that describes the different size user systems, which begins with the

Minimum Hardware Requirements, on page 8

• Optional second array for ESXi

Note

The virtual machines must use thick provisioning for storage.

Internal (DAS) storage for ESXi hosts where IRP virtual machines are deployed

Note

• Minimum of 2 drives in a RAID-1 configuration

• Minimum of 300-GB usable storage

• Can use the same configurations as for the internal virtual machines

The virtual machines must use thick provisioning for storage.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Module

SAN storage

General System Requirements

Requirements Notes

• Can be used as a substitute for DAS. (We recommend allocating of the same amount of storage space.)

• B-series blade servers have only two hard disk drives. If you are using Cisco UCS B-series blade servers and you plan to upgrade to CWMS Release 2.X, you must use SAN storage to meet the 4 hard disk drives in either a RAID 5 or RAID 10 configuration.

• Recommended only for deployments where the support staff has experience monitoring and tuning SAN performance.

Note

You take responsibility for adding storage for new

VMware requirements and future growth of the system.

• Fiber Channel (FC) or Fiber Channel over 10-GB Ethernet

(FCoE) only.

• Performance requirements are the same as for DAS.

• Maximum permissible total latency, as measured by vSphere, is 20 ms. For further information, see the Storage section at http://docwiki.cisco.com/wiki/UC_Virtualization_

Supported_Hardware#Storage .

• Total space required for virtual machines: The sum of the storage resources reserved for each virtual machine of the

CWMS system.

Note

The virtual machines must use thick provisioning for storage.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

General System Requirements

Module

NAS storage

WebEx System Requirements

Requirements Notes

• Can be used as a substitute for DAS or SAN. (We recommend the allocation of the same amount of storage space.)

• We recommend using NAS storage servers with Cisco UCS

C-series rack servers.

• Recommended only for deployments where the support staff has experience monitoring and tuning NAS performance.

You take responsibility for adding additional storage for new VMware requirements and future growth of the system.

• Fiber Channel (FC), Network File System (NFS), or SCSI only. For further information, see http://docwiki.cisco.com/ wiki/UC_Virtualization_Storage_System_Design_

Requirements#General_Guidelines_for_SAN.2FNAS

• Performance requirements are the same as for DAS.

• Maximum permissible total latency, as measured by vSphere, is 20 ms. For further information, see http:// docwiki.cisco.com/wiki/UC_Virtualization_Supported_

Hardware#Storage .

• Total space required for virtual machines: The sum of the storage resources reserved for each virtual machine of the

CWMS system.

• File server must support vStorage APIs for Array

Integration (VAAI) and use thick provisioning.

Note

Although the default provisioning scheme for NAS storage is thin provisioning, the virtual machines must use thick provisioning for storage. (Thin provisioning is not supported.) To enable thick provisioning for deployment with NAS storage, the storage-vendor-provided plug-in for VAAI must be installed on all the UCS servers used in the Cisco WebEx Meetings Server deployment.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Module

Hypervisor

Email server

Licenses

General System Requirements

Requirements Notes

ESXi versions and vSphere licenses are described in the

section.

VMware Vsphere is required and the only product supported; other hypervisor products are not supported.

vCenter Server 5.0, 5.0 Update 1, 5.0 Update 2, 5.1, 5.1 Update

1, 5.5, and 6.0 (CWMS 2.6MR1 and higher) vSphere licenses are described in the

Minimum Hardware

Requirements

section.

One VMware license per processor socket.

Coresidency:

• vCenter can be coresident with CWMS, providing the processor and memory requirements are added to the system requirements.

• vCenter coresident configurations are supported only for

50-user and 250-user systems.

• Coresidency with Cisco Unified Communications products on the same physical ESXi host is not supported.

• Coresidency with non-CWMS virtual machines on the same physical ESXi host is not supported.

Advanced VMware vSphere features such as Distributed

Resource Scheduler (DRS), Cloning, Fault Tolerance (FT), and vMotion or Storage vMotion while the system is powered on are not supported.

• Fully qualified domain name (FQDN) of the mail server that the system uses to send emails.

• Port number—default value of the SMTP port number is

25 or 465 (secure SMTP port number).

• To use a TLS-enabled email server with third-party certificates, you must import the certificates into your system. For more information, See "Managing Certificates" in the administration guide at http://www.cisco.com/en/US/ products/ps12732/prod_installation_guides_list.html

MDC licenses—An MDC license is required for each data center in a multi-data center system. A MDC license is not required for a system with a single data center.

Host license—Each user that shall host a meeting must have a

Host license to start a WebEx Web, WebEx Audio, Blast Dial meeting, or Personal Conferencing. For more information on

Host licenses, see

About Host Licenses, on page 187

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

WebEx Productivity Tools

1 If your organization has expertise in managing a storage area network (SAN), we recommend SAN over direct attached storage (DAS). SANs can be more reliable than local disk arrays.

2 Make sure that a network file system (NFS) has enough storage capacity to store regular automatic backups of your database and meeting recordings. (CWMS supports NFS versions 2, 3, and 4.)

WebEx Productivity Tools

WebEx Productivity Tools allow users to start, schedule, or join WebEx Meetings sessions from within applications, such as Microsoft

Outlook

. Users can find more information on Cisco WebEx Productivity

Tools at http://www.webex.com/support/productivity-tools.html

Cisco WebEx Meetings Server supports the latest version of WebEx applications, available on the Settings

> Downloads page. If users are running an older version of WebEx Productivity Tools after you perform a system upgrade, they can schedule, start, and join meetings, but the latest features are not available. We recommend that you silently push the latest WebEx Productivity Tools .msi for an optimal experience. (See

Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on page 185

Users

The system supports a lifetime maximum of 400,000 user accounts. This number represents the total of both active and deactivated user accounts. This lifetime maximum number is large enough to accommodate expected growth in the user database.

Administrators cannot delete users from the system. Instead, users are deactivated. This design enables administrators to reactivate previously deactivated user accounts, even after long periods of user inactivity.

The user's meetings and other content (including recordings) are restored.

Deployment Sizes For Your System

When determining the size for your system, consider how many users you expect to be using the system at any given time. For example, in a 50-user system the maximum number of users concurrently attending meetings is 50. If more than 50 users attempt to join a meeting, an error messages displays for all users who attempt to join a meeting after the maximum number of users is exceeded, and the system prevents these users from joining the meeting.

•

250-user System, on page 13

•

•

800-user System, on page 16

•

2000-user System, on page 19

Here are some things to consider when determining the size for you system:

• Determine the largest number of users you anticipate will join a meeting at any given time, including rare or unusual occasions.

• You can expand the system size to a larger size at any time as long as your hardware meets or exceeds the minimum requirements for the larger size system; otherwise, you must purchase additional hardware.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Requirements for vCenter Co-residency

•

• If you plan to add High Availability (HA) or a Multi-data Center (MDC) to your system, include the additional virtual machines necessary to support the HA or MDC system when you purchase your hardware.

Requirements for vCenter Co-residency

VMware vCenter Server or vCenter Server Appliance can reside with other virtual machines or with Cisco

WebEx Meetings Server (CWMS) virtual machines in some instances.

On a 50– or 250–user system, VMware vCenter can reside on the same host with CWMS. However additional

RAM must be ordered or installed with the Cisco UCS server. For the exact amount of RAM required, see the requirements for that system size in

Minimum Hardware Requirements

Virtual Machines In Your System

These are the virtual machines created for your system. Some functions are combined into one virtual machine for the smaller system sizes.

• Admin—Heart node of the system. Includes the system database and provides administrative functions.

• Media—Provides media services (audio-video function, telephony and meetings services).

Included in the Admin virtual machine in a 50 concurrent users system.

• Web—Provides web services (meeting list and recordings). Enables the user to schedule future meetings.

Included in the Admin virtual machine in a 50, 250 or 800 concurrent users system.

End users sign in to the WebEx web site. Administrators sign in to the Administration web site.

• Internet Reverse Proxy (IRP)—Provides public access, enabling users to host or attend meetings from the Internet and mobile devices. The Internet Reverse Proxy is required for your mobile workforce to attend meetings.

Note

Only the IRP provided with this product may be used in this system. Internet Reverse

Proxies or web load balancers, supplied by other vendors, are not supported. The IRP provided with this product is optimized for handling real-time web, audio, and data-sharing traffic from external users joining meetings from the Internet.

Note

In this documentation, we use the term internal virtual machines to refer to the Admin virtual machine, and if applicable, the Media and Web virtual machines.

The IRP is situated in the DMZ network (non-split-horizon and split-horizon network topologies) or in the internal network (all internal network toplogy).

•

Non-Split-Horizon Network Topology, on page 41

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Minimum Hardware Requirements

•

Split-Horizon Network Topology, on page 44

•

Internal Internet Reverse Proxy (IRP) Network Topology, on page 40

Minimum Hardware Requirements

This section lists some of the Cisco UCS servers you can use for each size system. For specific requirements for each system, refer to:

•

•

•

•

See also the "Cisco WebEx Meetings Server Ordering Guide" at http://www.cisco.com/c/en/us/products/ conferencing/webex-meetings-server/sales-resources-listing.html

Table 1: ESXi Versions and License Types

System Size

50 or 250

800 or 2000

ESXi Version

5.0, 5.0 Update 1, 5.1, 5.5, or 6.0

vSphere License Type

Standard Edition, Enterprise

Edition, Enterprise Plus Edition

5.0 or 5.0 Update 1

5.1 to 5.5

Enterprise Plus Edition Only

Enterprise Edition, Enterprise Plus

Edition

5.5 or higher

6.0

Standard Edition, Enterprise

Edition, Enterprise Plus Edition

Standard Edition, Enterprise

Edition, Enterprise Plus Edition

"Or higher" references updates, not full versions. For example, 5.5 Update 1 or 5.1 Update 2.

Table 2: Host Models

Deployment Size

50 Users

Example of UCS Model

• UCS C220 M3

• UCS B200 M3

• UCS C220 M4S

• C240 M4S2

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Resources Consumed by CWMS and the ESXi Host

Deployment Size

250 Users

800 Users

2000 Users

Example of UCS Model

• UCS C220 M3

• UCS B200 M3

• UCS C220 M4S

• C240 M4S2

• UCS C460 M2

• UCS B440 M2

• UCS B420 M3 (2.0 and higher)

• UCS C460 M2

• UCS B440 M2

• UCS B420 M3 (2.0 and higher)

Co-residency with vCenter is supported with 50- and 250-user system deployments only. Co-residency with

Cisco Unified Communications products on the same physical host is not supported.

You can use older models of the UCS hardware with your system, but for a better user experience use the hardware listed in the table. For example, you can use the UCS C220 M3 for a 250-user system if you already have that hardware available.

When upgrading to Cisco WebEx Meetings Server Release 2.0 or higher, it is possible to use Cisco UCS

B200 M3 blade servers with 2x local hard drives as long as the upgraded system uses SAN storage for its virtual machines. Using SAN storage with B-series blade servers allows your system to meet the 4 hard disk drives in a RAID 5 or RAID 10 configuration requirement for Cisco WebEx Meetings Server.

Note

For 800-user and 2000-user systems running 2.0 and higher, we do not recommend deploying additional virtual machines on a DMZ host. This can result in increased packet loss and noticeable latency on media connections.

Resources Consumed by CWMS and the ESXi Host

Cisco WebEx Meetings Server is deployed on one or more virtual machines on ESXi hosts. CPU and memory resources, and storage space, is consumed by Cisco WebEx Meetings Server (CWMS)and by ESXi (VMware component that enables virtualization on the physical Cisco UCS Server). Depending on your system size, vCenter and multiple virtual machines might run on the same Cisco UCS server.

CWMS uses resource reservation for its virtual machines to guarantee system scalability. Other VMware workloads do not take CPU and other resources away from the virtual machines. The minimum requirements for each system size includes enough resources to support:

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

50-user System

• Continued quality of service for CWMS at peak system usage (maximum capacity).

• VMware ESXi.

• VMware vCenter (when co-resident).

For the requirements for vCenter Server, see Knowledge Base and search for "Installing vCenter Server

5.0 best practices," or "Installing vCenter Server 5.1 best practices," or "Installing vCenter Server 5.5

best practices" respectively.

• VMware snapshots of the virtual machine (delete these as soon as possible otherwise you may experience severe performance degradation).

Extra disk space is required for snapshots, as some snapshots may be as large as the original virtual machine. In some cases, vSphere may delete snapshots to create storage space, compromising the ability to roll back to previous snapshots.

• Use of the Cisco UCS Server over the typical life cycle of the server.

The hardware requirements specified in the OVA file are the minimum requirements that are needed to deploy

Cisco WebEx Meetings Server. These requirements do not include any CPU, memory, or storage requirements for VMware vCenter or ESXi.

Caution

Co-residency, other than the configurations listed in the tables in this document, is not supported. If you disregard our system requirements, your virtual machines might not boot. The deployment of the virtual machines can stall from within the earliest product screens during the vCenter OVA deployment.

50-user System

A 50-user system is also described as a micro system. (Multi-data Center (MDC) is not available for micro systems.) The diagram illustrates two versions of a 50-user deployment. (The "Redundant" virtual machines demonstrate support for High Availability (HA).)

The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.

The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings

Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

50-user System

Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see

General System Requirements

For information about the bandwidth requirements, see the

Advantages of Deploying a System on VMware vSphere, on page 32

Note

For IOPS information, see

Co-residency with vCenter is supported with a 50-user system deployment as configured in the following table.

Virtual Machines on

ESXi Host (Cisco UCS

Server)

Admin

CPU Cores

4 (ESXi 5.0)

6 ( ESXi 5.1

and above)

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard Drive

Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

2 for the Admin virtual machine, including 1 if

NIC teaming is used for redundancy

1.5 TB; minimum of

7,200 RPM

1 recommended for

ESXi management network

1118 GB for an automatic installation.

Admin and vCenter

(co-resident)

6 (ESXi 5.0)

8 ( ESXi 5.1

and above)

36 2 for the Admin virtual machine, including 1 if

NIC teaming is used for redundancy

1.5 TB; minimum of

7,200 RPM

1 for vCenter

1 recommended for

ESXi management network

1078 GB

This figure is based on the assumption that you have set up vCenter with 40

GB.

Internet Reverse Proxy

(IRP)

4 (ESXi 5.0)

6 ( ESXi 5.1

and above)

12 2 for the IRP virtual machine, including 1 if

NIC teaming is used for redundancy

300 GB; minimum of

7,200 RPM

1 recommended for

ESXi management network

172 GB

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

50-user System

Virtual Machines on

ESXi Host (Cisco UCS

Server)

Admin and IRP

(co-resident)

Admin and IRP and vCenter (all co-resident)

CPU Cores

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard Drive

Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

2 for the Admin virtual machine, including 1 if

NIC teaming is used for redundancy

1.5 TB; minimum of

7,200 RPM

2 for IRP virtual machine, including 1 if

NIC teaming is used for redundancy

1 recommended for

ESXi management network

990 GB

40 2 for the Admin virtual machine, including 1 if

NIC teaming is used for redundancy

1.5 TB; minimum of

7,200 RPM

2 for IRP virtual machine, including 1 if

NIC teaming is used for redundancy

1 for vCenter

1 recommended for

ESXi management network

950 GB

This figure is based on the assumption that you have set up vCenter with 40

GB.

4 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the free space as is required for Automatic Upgrade.

Note

If you plan to use a High Availability (HA) system, double the hardware requirements and quantities of the primary system to support both systems.

Resources Reserved by the Virtual Machines in a 50-user System

This section describes how much media the virtual machines use and is intended for those with expert knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware

VMkernel uses MHz cycles to control CPU scheduling.

Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared with other virtual machines on the same physical Cisco UCS Server.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

250-user System

Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS file system partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.

If you attempt to deploy a virtual machine without the minimum number of vCPUs, the OVA deployment of the virtual machine will fail. If you attempt to deploy a virtual machine without the minimum total MHz processor speed, then the virtual machine will not power on.

Important

The numbers in this table do not include resources for VMware ESXi or vCenter. See

Resources Consumed by CWMS and the ESXi Host, on page 9

Virtual Machine Type CPU

(MHz)

Admin

Internet Reverse Proxy

Virtual CPU

(vCPU)

8000

Reserved Memory/Total

Memory

(GB)

Disks (GB)

12/14 418

4/4 128

5 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The physical CPU must have a clock speed of 2.4 GHz or faster.)

6 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total

250-user System

A 250-user system is also described as a small system. This diagram illustrates two versions of a 250-user deployment. The "Redundant" virtual machines demonstrate support for High Availability (HA). If your system does not include HA support, then only deploy the Primary system.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

250-user System

WebEx System Requirements

This diagram shows the layout of a 250-user system with two data centers that form a Multi-data Center

(MDC) system with Internet Reverse Proxy (IRP) support.. The License Manager runs on only one data center.

The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.

The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings

Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings

Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see

General System Requirements .

For information about the bandwidth requirements, see the

Advantages of Deploying a System on VMware vSphere, on page 32

For IOPS information, see

Co-residency with vCenter is supported with a 250 user system deployment as configured in the following table.

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

Admin and Media 12 52 1.5 TB; minimum of

7200 RPM

990 GB

• 2 for Admin and

Media, including

1 if NIC teaming is used for redundancy

• 1 recommended for ESXi management network

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

250-user System

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

(Admin and Media) and vCenter (co-resident)

Memory

(GB)

Ethernet Ports

• 2 for Admin and

Media, including

1 if NIC teaming is used for redundancy

• 1 recommended for ESXi management network

• 1 for vCenter

Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

1.5 TB; minimum of

7200 RPM

950 GB

(This figure is based on the assumption that you have set up vCenter with 40 GB.)

Internet Reverse Proxy (IRP) 12 36

• 2 for IRP, including 1 if NIC teaming is used for redundancy

300 GB; minimum of

7200 RPM

• 1 recommended for ESXi management network

172 GB

7 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the free space as is required for Automatic Upgrade.

Note

If you plan to use a HA system, purchase the same hardware and quantities for the HA system as you did for the primary system.

Resources Reserved by the Virtual Machines in a 250-user System

This section describes how much media the virtual machines use and is intended for those with expert knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware

VMkernel uses MHz cycles to control CPU scheduling.

Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared with other virtual machines on the same physical Cisco UCS Server.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

800-user System

Important

The numbers in this table do not include resources for VMware ESXi or vCenter. See

Resources Consumed by CWMS and the ESXi Host .

Virtual Machine Type CPU

(MHz)

Admin

Media

Internet Reverse Proxy

Virtual CPU

(vCPU)

4 8000

16,480

Reserved Memory/Total

Memory

(GB)

Disks (GB)

16/16 418

13/23

6/6

128

8 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The physical CPU must have a clock speed of 2.4 GHz or faster.)

9 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total

800-user System

An 800-user system is also described as a medium system. This diagram illustrates two versions of an 800-user deployment. The "Redundant" virtual machines demonstrate support for High Availability (HA).

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

800-user System

This diagram shows the layout of an 800-user system with two data centers that form a Multi-data Center

(MDC) system with Internet Reverse Proxy (IRP) support. The License Manager runs on only one data center.

The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.

The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings

Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings

Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see

General System Requirements

For information about the bandwidth requirements, see the

Advantages of Deploying a System on VMware vSphere, on page 32

Note

Co-residency with vCenter is not supported with an 800-user system deployment.

For IOPS information, see

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

Admin and Media (combined) 40

Memory

(GB)

Ethernet Ports

• 2 for Admin and

Media, including

1 if NIC teaming is used for redundancy

• 1 recommended for ESXi management network

Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

1.5 TB; minimum of

10,000 RPM

990 GB

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

800-user System

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

Internet Reverse Proxy (IRP) 40

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

• 2 for IRP, including 1 if NIC teaming is used for redundancy

300 GB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

172 GB

10 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the free space as is required for Automatic Upgrade.

Note

If you plan to use an HA system, purchase the same hardware requirements and quantities as the primary system.

For 800 user systems, we do not recommend deploying additional virtual machines on a DMZ host. This might result in increased packet loss and noticeable latency on media connections.

Resources Reserved by the Virtual Machines in an 800-user System

This section illustrates how much media the virtual machines use and is intended for those with expert knowledge of VMware. CPU resources are specified as vCPUs (cores) and MHz (CPU cycles). The VMware

VMkernel uses MHz cycles to control CPU scheduling.

Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared with other virtual machines on the same physical Cisco UCS Server.

Disk resources (storage) are controlled in two separate areas. During the OVA build, the CentOS filesystem partition sizes determine the minimum disk size. Secondly, vCenter controls the maximum disk space available.

Important

The numbers in this table do not include resources for VMware ESXi. See

Resources Consumed by CWMS and the ESXi Host, on page 9

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

2000-user System

Virtual Machine Type

Admin

Media

Internet Reverse Proxy

Virtual CPU

(vCPU)

CPU

(MHz)

20,600

60,800

41,200

Reserved Memory/Total

Memory

(GB)

Disks (GB)

16/16 418

14/44 128

10/10 128

11 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The physical CPU must have a clock speed of 2.4 GHz or faster.)

12 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total

2000-user System

A 2000-user system is also described as a large system. This diagram shows a 2000-user system with High

Availability (HA) and Internet Reverse Proxy (IRP) support. The HA virtual machines are shown as the

Redundant virtual machines. If your system does not include HA support, then only deploy the Primary system.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

2000-user System

This diagram shows a 2000-user system deployment with two data centers that form a Multi-data Center

(MDC) system with Internet Reverse Proxy (IRP) support. The License Manager runs on only one data center.

Important

We recommend that you deploy the all virtual machines shown in the diagram. By deploying different types of virtual machines on a physical server, you can better avoid a system shutdown in the event of a hardware failure. For example, placing a Media and a Web virtual machines on a single physical server is more resilient than if you place both Web virtual machines on the same physical server.

On a large system there is an exclusion from the equal load balance rule (see

Load Balancing, on page 54

for more information), where there are SIP trunk load balancers on Media 1 and Media 2, and where Media

3 and optionally Media HA do not have load balancing. If there is a failure of both Media 1 and 2 on the primary system, all telephony service on CWMS is lost. If the system is a HA deployment, the redundancy mitigates the failure of a single virtual machine.

The table lists the minimum hardware requirements for the ESXi hosts (Cisco UCS servers) in your system.

The last two columns show the amount of disk space needed for new installations of Cisco WebEx Meetings

Server, and the free disk space needed when you use Automatic Upgrade to upgrade Cisco WebEx Meetings

Server Release 1.5MR3 to Release 2.X by using your existing Cisco UCS servers. For more information, see

General System Requirements .

For more information about the bandwidth requirements, see

Network Bandwidth Requirements, on page

48 .

If you plan to add a HA system, those virtual machines are shown as the "redundant" virtual machines. If you do not want HA, then only deploy the primary system.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

2000-user System

Note

Co-residency with vCenter is not supported with a 2000-user system deployment.

Note

For IOPS information, see

Advantages of Deploying a System on VMware vSphere, on page 32

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

Media1 and Admin

(combined)

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

• 2 for Media1 and

Admin, including

1 if NIC teaming is used for redundancy

1.5 TB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

990 GB

Media2 and Web1 (combined) 40 80

Media3 and Web2 (combined) 40 80

• 2 for Media2 and

Web1, including 1 if NIC teaming is used for redundancy

1 TB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

768 GB

• 2 for Media3 and

Web2, including 1 if NIC teaming is used for redundancy

1 TB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

768 GB

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

2000-user System

WebEx System Requirements

Virtual Machines on ESXi Host

(Cisco UCS Server)

CPU

Cores

Internet Reverse Proxy (IRP) 40

Memory

(GB)

Ethernet Ports Hard Drive

Storage

Requirement for New

Installs

Free Hard

Drive Storage

Required for

Automatic

Upgrade from

1.5MR3 to 2.X

• 2 for IRP, including 1 if NIC teaming is used for redundancy

300 GB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

172 GB

Media and Admin (combined) for HA

40 80

• 2 for Media and

Admin, including

1 if NIC teaming is used for redundancy

• 1 recommended for ESXi management network

1.5 TB; minimum of

10,000 RPM

990 GB

Web for HA

IRP for HA

• 2 for Web, including 1 if NIC teaming is used for redundancy

1 TB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

896 GB

• 2 for IRP, including 1 if NIC teaming is used for redundancy

300 GB; minimum of

10,000 RPM

• 1 recommended for ESXi management network

172 GB

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

2000-user System

13 If you choose Manual Upgrade where you manually deploy all the virtual machines and you are using the same hardware, you are required to have twice the free space as is required for Automatic Upgrade.

Note

For 2000 user systems, we do not recommend deploying additional virtual machines on a DMZ host. This might result in increased packet loss and noticeable latency on media connections.

Resources Reserved by the Virtual Machines in a 2000-user System

VMkernel uses MHz cycles to control CPU scheduling.

Memory resources are specified by maximum memory and reserved memory. Reserved memory is not shared with other virtual machines on the same physical Cisco UCS Server.

Important

The numbers in this table do not include resources for VMware ESXi. See

Resources Consumed by CWMS and the ESXi Host

Virtual Machine Type CPU

(MHz)

Admin

Media

Web

Internet Reverse Proxy

Virtual CPU

(vCPU)

20,600

60,800

20,600

41,200

Reserved Memory/Total

Memory

(GB)

Disks (GB)

16/16 418

For versions

2.6 and higher, new systems deployed by using an OVA file must be

513.

14/44

16/16

10/10

128

14 Number obtained by multiplying the number of physical CPUs with the speed of the CPU chip (MHz). Hyperthreading is not included in this calculation. (The physical CPU must have a clock speed of 2.4 GHz or faster.)

15 Virtual machines with media functionality have additional, non-reserved memory; Memory = Reserved/Total

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

System Capacity Matrix

System Capacity Matrix

Key Points:

• One of the basic assumptions for the information presented in this section is that there are at least two people participating in a meeting.

• Concurrent meeting connections is defined as the number of people participating in a meeting at any given time. For example, for a 50 user system, the maximum concurrent meeting connections can be comprised of five concurrent meetings that each have a total of 10 people in the meeting (for example, one host and nine participants).

• After the maximum number of meeting participants is reached for any point in time, the system does not allow other users to start or join meetings. Of those maximum number of meeting participants (2000,

800, 250 or 50 people), only half of the participants can use video. Video is defined as sending or receiving, meaning users might be using their WebEx webcam video or the video file share option which allows users to share a video.

• Desktop sharing is not considered video. This means with a 250 user system, 250 people can be sharing their desktops during meetings at any given time.

• The addition of High Availability or Multi-data Center does not increase the capacity of the system to hold meetings; an 800-user system is still an 800-user system.

The numbers in the table below represent the design capacity for the Cisco WebEx Meetings Server system.

Operating the system at a capacity higher than these specifications can result in a degraded user experience and may result in system instability. Cisco reserves the right to enforce capacity limits at these levels.

Note

These values in the following table remain the same regardless of whether your system is comprises a single data center or is a multi-data center system.

Table 3: System Capacity Matrix for Version 2.5 and Higher

System Capacity 2000 user system

800 user system

250 user system

Maximum Concurrent

Meeting Connections

(Audio, Video, and Web users)

2000 800 250

50 user system

Notes

50 The number of people participating in concurrent meetings at any given time.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

System Capacity Matrix

System Capacity 2000 user system

800 user system

250 user system

Maximum Simultaneous

Audio Connections

(Teleconference Phone

Calls and Voice

Connection Using

Computer From Meeting

Clients)

2000 800 250

50 user system

Notes

50 The system capacity remains the same as shown on the left, regardless of what combination of the following features are used:

• G.711, G.722, G.729 audio codecs

• IPv4 or IPv6 teleconferencing

• TLS/SRTP audio encryption

Maximum Concurrent

Video and Video File

Sharing Users

1000

Maximum Participants in One Meeting

500

400

500

125

250

These numbers show the maximum number of concurrent meeting connections (or participants) allowed to use video sharing at the same time. When the number of users with video sharing in concurrent meetings reaches this limit, then the remaining users invited to the concurrent meetings can join the meetings, but their video windows are grayed out.

Note

If one participant in a meeting uses video, then all other users in the same meeting are counted as video users, even if they are not using video themselves.

Desktop sharing is not considered video.

These numbers show the maximum number of participants who can attend a meeting.

Maximum Meetings That

Can be Recorded

Simultaneously

100

Maximum Concurrent

Recording Playback

Sessions

Maximum Number of

User Profiles

40 13 3 This is the total number of meetings that can use the Recording feature at one time.

500 200 63 12 This is the total number of recording playback sessions that can occur simultaneously. This refers to recordings that are saved on your storage system and does not include recordings that are downloaded to users' desktops.

Note

These playback sessions are not included in the concurrent meeting connections on the system.

400,000 400,000 400,000 400,000 This number includes active and deactivated users.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

System Capacity Matrix

System Capacity

Maximum Concurrent

Meetings

Maximum Call Rate

(calls/per second)

2000 user system

800 user system

250 user system

1000 400 125

50 user system

Notes

25 The number of separate meetings that can be active concurrently.

20 8 3 1 This is the average number of users who can dial into a meeting during a one second time period. After the system reaches this number, the next few users to dial into the meeting might experience an additional few seconds wait before connecting to the meeting.

Maximum Concurrent

Sign-in

Maximum Aggregate

Bandwidth Utilization

20 people per second

8 people per second

3 people per second

1 person per second

This is the average number of users who can simultaneously sign in to your WebEx site during a one second time period. After the system reaches this number, the next few users to sign in to the WebEx site might experience an additional few seconds wait before they can join a meeting.

5 Gbps 2 Gbps 625

Mbps

125

Mbps

Using our test system at its maximum bandwidth, this is the maximum bandwidth the test system could handle. For more information about bandwidth utilization see the Network Bandwidth Requirements section in the Networking Topology for Your

System chapter of the Planning Guide . You can also refer to the WebEx Network

Bandwidth White Paper .

16 800 in Federal Information Processing Standards (FIPS environments)

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Release 2.7 Upgrade and Update Matrix

Note

For new installations of Cisco WebEx Meetings Server Release 2.0 and higher, the storage requirements are:

• Disk space can be local (DAS) or external (SAN or NAS).

• ESXi hosts (Cisco UCS server) with the Admin virtual machine require 1.5 TB of disk space.

• ESXi hosts (Cisco UCS server) without an Admin virtual machine require 1 TB of disk space.

• When upgrading Cisco WebEx Meetings Server by using existing Cisco UCS servers, the ESXi hosts requires 1118 GB of free disk space if the UCS server has only the Admin virtual machine

(primary or HA system) or 990 GB of free disk space if the UCS server has one Admin and one

Media virtual machine (primary or HA system).

For complete details, see the Resources Consumed by Cisco WebEx Meetings Server and the ESXi

Host section in the http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/ products-installation-and-configuration-guides-list.html

Tip

The maximum length of a meeting is 24 hours for all size user system deployments.

Note

When considering an upgrade, plan for the increased size of the data stores, as the original system and the upgraded system share data stores until testing of the upgraded system is complete and the original system is removed.

For information about network bandwidth requirements for the various size user systems, see the "Network

Bandwidth Requirements" section in the Network Topology For Your System chapter in this book.

Release 2.7 Upgrade and Update Matrix

Use the following table to determine how to update or upgrade to Cisco WebEx Meetings Server Release 2.7.

Installed Release

1.0 to 1.1

To Release

2.8

Path

Update to 1.5.

Update to 1.5MR5 Patch 2 or later.

Upgrade to 2.8.

1.5 to 1.5MR4

2.8

Update to 1.5MR5 Patch 2 or later.

Upgrade to 2.8.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

WebEx System Requirements

Release 2.7 Upgrade and Update Matrix

Installed Release

1.5 MR5

1.5 MR5 Patch 2 or later

2.0 to 2.0MR8

2.0MR9 or later

2.5 to 2.5MR5

2.5MR6

2.6 or any 2.6MR

2.7 or any 2.7MR

To Release

2.8

2.7

Path

Update to 1.5MR5 Patch 2 or later.

Upgrade to 2.8.

Update to 2.0MR9.

Update to 2.7.

Update to 2.5MR6.

Update to 2.7.

2.7

Any 2.7MR

Update to 2.7.

Update to the 2.7MR.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Introduction and Data Center Topology For Your

System

This chapter provides an introduction, a data center overview, and VMware vCenter requirements for your system.

•

Introducing Cisco WebEx Meetings Server, page 29

•

Information for Cisco Unified MeetingPlace Customers, page 31

•

Deploying a Single Data Center, page 31

•

Joining Single Data Centers to Create a Multi-data Center (MDC) System, page 31

•

Using VMware vSphere With Your System, page 31

•

IOPS and Storage System Performance , page 34

•

Installing VMware vSphere ESXi and Configuring Storage, page 35

•

Joining Meetings, page 36

Introducing Cisco WebEx Meetings Server

Cisco Webex Meetings Server (CWMS) is a secure, fully virtualized, private cloud (on-premises) conferencing solution that combines audio, video, and internet to reduce conferencing costs and extend your investments in Cisco Unified Communications.

Like other Cisco WebEx products, it offers real-time collaboration tools, including document, application, and desktop sharing, annotation tools, full host control for effective meeting management, an integrated participant list with active talker, and video switching, recording, and playback. This product utilizes high quality video, so the video sharing experience is crisp and clear.

You can deploy and manage this conferencing solution in your private cloud, behind the firewall in your data center. It is designed for Cisco UCS servers and VMware vSphere. (For specific requirements, see

Minimum

Hardware Requirements, on page 8

.) It features a rapid virtual deployment and powerful tools for administrators to configure and manage the system and see key system metrics.

In addition, mobile users can attend and participate in meetings. For supported devices, see

Operating Systems

Requirements for Mobile Devices, on page 184

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Introducing Cisco WebEx Meetings Server

Important Considerations For Your System

Note the following:

• Forward proxies—not recommended, though you may use forward proxies with restrictions. For complete details, refer to the Cisco WebEx Meetings Server Troubleshooting Guide.

• Reverse proxies—only the Internet Reverse Proxy server included with this product is supported.

• NAT—supported when it meets the requirements for this system. For complete details, see

Using NAT

With Your System .

• Single data centers—deployments within a single data center are supported for all releases of Cisco

WebEx Meetings Server. For complete details, see

Deploying a Single Data Center .

• Multi-data centers—data centers running Cisco WebEx Meetings Server Release 2.5 or higher can be joined to create a system comprised of multiple data centers. For complete details, see the About Multi-data

Center in the Cisco WebEx Meetings Server Administration Guide .

• Storage Server—Each data center in a multi-data center system must have a separate storage server. The same storage server cannot support more than one data center.

• High-availability system—defined as a system with redundant virtual machines running the same version of Cisco WebEx Meetings Server. If the primary system (in a single data center system) fails, the high-availability system continues service. The redundant high-availability virtual machines must be co-located in the same data center with the primary virtual machines. The primary and high-availability system virtual machines must be on the same VLAN or subnet.

You cannot join high-availability systems to create a multi-data center environment.

• Internet Reverse Proxy (IRP) Server—is defined as a virtual machine placed as a proxy between the external Internet and a company's internal network to provide public access to CWMS. An Internet

Reverse Proxy server is required to allow users to schedule and attend meetings from mobile devices or to provide secured access to your WebEx Site from the Internet. An Internet Reverse Proxy server is not required if you are going to limit access to Cisco WebEx Meetings Server to your internal network.

(Deploy an IRP virtual machine by using the same OVA file you use to deploy your administration virtual machine. The IRP virtual machine must be on the same subnet as the Public Virtual IP address.)

• Virtual IP (VIP) Address—used to communicate with the Admin, Media, and Web virtual machines within a data center.

• Private Virtual IP (VIP) address—configured on the Admin virtual machine and is associated to the

Administration Site URL. The private VIP can also be associated with the WebEx Site URL if the address is configured in the internal DNS server in a Split-Horizon DNS deployment or deployments without an Internet Reverse Proxy server.

• Public Virtual IP (VIP) address—configured on the Internet Reverse Proxy virtual machine and is associated with the WebEx Site URL only. The WebEx Site URL on the external DNS servers must be resolvable to the Public Virtual IP address to provide users access to the WebEx Site from the Internet.

A public virtual IP address is not configured on the system if there is no Internet Reverse Proxy server.

Caution

If you disregard our recommendations and requirements when deploying a system, you will not receive support from Cisco. Cisco is not responsible for any problems you might encounter as a result of not following our guidance.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Information for Cisco Unified MeetingPlace Customers

New and Changed Features for Cisco WebEx Meetings Server

For a list of new and changed features, see the "New and Changed Features for Cisco WebEx Meetings Server" in the Release Notes for Cisco WebEx Meetings Server at Release Notes .

Information for Cisco Unified MeetingPlace Customers

Because of architectural differences, there is no migration path (for existing user accounts, customizations, and meetings) from Cisco Unified MeetingPlace to Cisco WebEx Meetings Server. These are two distinct products.

You can ease the transition for your users by continuing to support both Cisco Unified MeetingPlace and

Cisco WebEx Meetings Server while encouraging your users to switch to the new system.

Deploying a Single Data Center

Cisco WebEx Meeting Server (CWMS) can be deployed as a Single-data Center (SDC) system and optionally as a High Availability (HA) system or a Multi-data Center (MDC) system (see

Redundancy in HA or MDC

Deployments, on page 45

). A SDC system (including a system with HA support) requires only Host licenses after a trial period. A MDC system requires a minimum of two MDC feature licenses, Host licenses, and there is no MDC trial period.

Joining Single Data Centers to Create a Multi-data Center (MDC)

System

You can join two data centers that are running Cisco WebEx Meeting Server Release 2.5 or higher to form a single Multi-data Center (MDC) system. A maximum of two data centers can be joined. The difference between a Multi-data Center and a High Availability system is that a High Availability system must be co-located and functions as a backup system. In an MDC system, the data centers can be located in different geographic locations and both data centers contribute to system processing. See

Redundancy in HA or MDC Deployments,

on page 45 . One license must be purchased for each CWMS data center in an MDC system. MDC licenses should be purchased before you attempt to deploy an MDC system. (A system with a single data center does not need a feature license.) For details on how to prepare your data centers to be joined, the Join process, and how to carry over data from one data center to another when the Join process is complete, refer to the "Joining

Data Centers to Create a Multi-data Center (MDC) System" chapter in the Cisco WebEx Administration Guide

( http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/ products-installation-guides-list.html

Using VMware vSphere With Your System

Important

This product only installs on a VMWare vSphere virtualization platform. VMWare Tools for CWMS are automatically installed during system deployment and should not be upgraded manually. See docwiki.cisco.com/wiki/VMWare_Tools for more information on VMWare Tools.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Advantages of Deploying a System on VMware vSphere

• Cisco WebEx Meetings Server is designed to work on any equivalent Cisco UCS Server that meets or exceeds the system requirements. However, to save you time, we recommend using standard Cisco UCS servers. For complete details on the hardware and VMWare requirements, see

Minimum Hardware

Requirements, on page 8

• You must purchase VMWare vSphere 5.0, 5.0 Update 1, 5.0 Update 2, 5.1, 5.1 Update 1, 5.5, or 6.0 for use as the hypervisor platform for Cisco WebEx Meetings Server.

Note

For security reasons, 5.1 must be version 1900470 or later.

Complete one of the following:

◦Buy vSphere directly from Cisco on the GPL (Global Price List). Cisco is an approved VMWare partner and distributor.

◦Purchase vSphere directly from VMWare through enterprise agreements you have with VMWare.

Advantages of Deploying a System on VMware vSphere

This section explains why VMware vSphere and vCenter are integral to using this Cisco WebEx product and lists some considerations.

Deployment of the System

• This product is packaged as a VMware vSphere compatible OVA virtual appliance and not as a collection of software packages on a DVD. You must have vCenter to deploy the OVA or the product will not install.

• By packaging it as a virtual appliance we enable rapid deployment; in some cases in under an hour.

• To facilitate rapid installations with the OVA virtual appliance, you can select automatic system deployment for most system sizes. Simply provide vCenter credentials and we will deploy all the virtual machines for your system without manual intervention. This innovation will minimize your labor costs and time.

Note

The OVA template creates two virtual NICs for each virtual machine. However, only the Admin virtual machines uses both virtual NICs. For all other Cisco WebEx Meetings

Server (CWMS) virtual machines, only one virtual NIC is used and the other one is disconnected.

• CWMS requires you to run VMware ESXi or the corresponding VMware ESXi installable Cisco ISO

Image. Both these editions contain the necessary drivers required to support the Cisco UCS Servers that are required by CWMS. For more information, see http://www.cisco.com/en/US/docs/unified_computing/ ucs/release/notes/OL_26617.pdf

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Advantages of Deploying a System on VMware vSphere

Easy Recovery From System Errors

If the change does not meet your expectations, by using VMware Data Recovery you can revert system-impacting changes rapidly and without a system redeployment.

vSphere Considerations

Note the following considerations:

• You can move your virtual machine to another ESXi host. However, you must retain the layout of the virtual machines on the new ESXi host. In other words, if you plan to move a Media virtual machine that is co-resident with a Web virtual machine, then you must either move it to a separate ESXi host

(where it is the only virtual machine) or move it to an ESXi host that already has a Web virtual machine.

Note

Your destination ESXi host must conform to the same system requirements as the source

ESXi host.

The following VMware features are not supported with CWMS:

• VMotion and Storage VMotion (Although you can move your virtual machines, you may not do so by using these tools.)

• VMware Distributed Resource Schedule (DRS)

• vSphere High Availability (HA)

• vSphere clustering and resource sharing

• Cloning a virtual machine

vSphere Best Practices

• We recommend that you do not use virtual machine snapshots. If you decide to use snapshots, then after confirming your system changes, either commit the snapshots or remove them as soon as possible.

Keeping a snapshot for any period of time will result in severe performance degradation.

• For SAN environments, deploy disk images to a SAN with high IOPS numbers.

For an 800-user system, the average IOPS for an OVA deployment is 506 (max IOPS is 855) for the

Admin virtual machine and 475 (max IOPS is 652) for a Media virtual machine. Once these virtual machines are created and powered on, then you can enter the case-sensitive URL and continue the system deployment in a web browser. The average IOPS for a primary system is 108 (max IOPS is 1558) and

163 (max IOPS is 1736) for a secondary system.

• Verify that there is enough free space on your SAN. Snapshots are stored on the same SAN.

• Deploy a 10GB network for the quickest deployment and bandwidth for future growth.

• We recommend that you manage all virtual machines by using the same vCenter. This allows for an easier restoration should you need to recover your system.

For more information on network bandwidth, see

Resources Consumed by CWMS and the ESXi

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

IOPS and Storage System Performance vCenter Server Requirements

In addition to vSphere, vCenter Server is also required.

• To deploy this virtual appliance, you must also use vCenter to deploy and manage the virtual machines in your system. This product will not work without vCenter Server.

• Cisco recommends backups and snapshots of the system ahead of important system-impacting operations.

Creating backups permits you to roll back the changes in case the update does not meet your expectation.

You may automate backups and snapshots using vCenter.

• CWMS supports vSphere Standard Edition.

vSphere Edition For the 800 and 2000 User Systems

• The 800 and 2000 user systems comprise virtual machines that require between 30 and 40 vCPUs. These virtual machines use these vCPUs to perform very compute intensive tasks such as SSL encoding or decoding, mixing audio streams, and so on.

For complete information on vCPU requirements, see

Host, on page 9

• At minimum, you must purchase the vSphere 5.0 Enterprise Plus edition or the vSphere 5.1 Enterprise edition, as the lower-end vSphere editions do not support the number of required vCPUs.

IOPS and Storage System Performance

Expected Maximum IOPS and Throughput

The following table shows the expected maximum IOPS and throughput values for maximum load on the system for a single virtual machine.

System Size Virtual Machine

50 user system Admin

Maximum

Input/Output

Operations (IOPS)

Maximum Read

Megabytes per

Second

450 1

Maximum Write

Megabytes per

Second

DMZ 70 0.3

0.3

250 user system Admin

Media

800 user system

DMZ

Admin

1400

150

110

1400

0.4

0.6

Media

DMZ

300

150

1.5

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Installing VMware vSphere ESXi and Configuring Storage

System Size Virtual Machine

2000 user system Admin

Media

Web

DMZ

Maximum

Input/Output

Operations (IOPS)

Maximum Read

Megabytes per

Second

1600 2.5

300 1

200

1.5

Maximum Write

Megabytes per

Second

1.5

IOPS for System Reboot for a 2000 User System

The following table shows IOPS information for a 2000 user system for the boot (reboot) process.

IOPS for System Boot (Reboot) IOPS for Minor Update Virtual Machines in a 2000 User

System

Admin 2300 3000

Media

Web

2000

1500

1000

2000

IOPS for Backup for a 2000 User System

The following table shows IOPS information for a 2000 user system for a backup done during the off hours.

IOPS for Backup Admin Virtual Machine for a 2000 User System

1 GB Backup 2000

Maximum Read

Megabytes per Second

220

Maximum Write

Megabytes per Second

300

12 GB Backup 5000 320 600

Installing VMware vSphere ESXi and Configuring Storage

Cisco WebEx Meetings Server is a software-based solution. It is not a combination hardware/software package.

You have choices on how to purchase and provision your hardware platforms as long as the hardware meets or exceeds CPU, memory, and storage requirements.

You can deploy Cisco WebEx Meetings Server on Cisco UCS Servers that meet our minimum specifications.

Or you might choose to deploy this product on newer and higher-end UCS Servers that exceed our minimum specifications.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Joining Meetings

Multiple RAID controller and network options are available. You may choose to use SAN storage instead of local RAID. We do not provide details about every sort of storage configuration that you may choose.

However, since Cisco WebEx Meetings Server is deployed on Cisco UCS Servers, refer to the Cisco UCS

Servers RAID Guide at http://www.cisco.com/en/US/docs/unified_computing/ucs/c/sw/raid/configuration/ guide/RAID_GUIDE.html

• To install VMware vSphere ESXi on a UCS B-Series Back Server, see http://www.cisco.com/en/US/ docs/unified_computing/ucs/os-install-guides/vmware/b_B-Series_VMware_Install.html

• To install VMware vSphere ESXi on a UCS C-Series Rack Server, see http://www.cisco.com/en/US/ docs/unified_computing/ucs/os-install-guides/vmware/b_C-Series_VMware_Install.html

See also docwiki.cisco.com/wiki/VMware_Tools for more information.

Setting the Write Cache on a RAID Controller

For optimal system performance you should check the Default Write setting on your RAID controller. You can set Default Write to three settings: Write Back with BBU, Write Through, or Always Write Back. Some guidelines for selecting the appropriate setting for Default Write on your Cisco UCS Servers are:

• Write Back with BBU - use this setting if you have installed a battery backup unit on your RAID controller. In the event of a system power loss, the battery backup unit preserves the content of the controller cache memory.

In the event that the battery backup unit fails or goes offline to a re-learn cycle, the Write Back with

BBU setting automatically fails back to Write Through cache. Without a working battery backup unit, the Write Through setting is safer although you may notice performance degradation on the I/O subsystem of the host machine.

• Write Through - use this setting and enable the cache explicitly (using the Disk Cache option) if you need to remove the battery backup unit for repairs. This setting should give you better but not optimal performance. After you replace the faulty battery, you can safely return the Default Write setting to

Write Back with BBU mode.

• Always Write Back - use this setting if the host that houses your RAID controller is connected to an uninterruptible power supply unit.

Joining Meetings

End user experience with Cisco WebEx Meetings Server is of a website that users access to schedule and join meetings. This website includes real-time conferencing elements that facilitate online meetings. Users can join meetings through a browser or through a client on their desktops.

For complete details on the end user experience, sign in to the WebEx site and select Help.

Windows Users

The following assumes that a user has Windows Administrator privileges on their PC sufficient to allow them to join WebEx meetings. If this is not true, system administrators can push the WebEx Meetings application client to a user by using desktop management software such as IBM Tivoli. See

Downloading Applications from the Administration Site, on page 122

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Joining Meetings

• Microsoft Internet Explorer users can install an ActiveX control or Java plug-in, download the WebEx

Meetings application installer, or run the application in a temporary system folder (such as TFS). The first time the user joins a meeting, the client software is downloaded and automatically installed.

• Google Chrome and Mozilla Firefox users can install a Java plug-in, download the WebEx Meetings application, or run the application in a temporary system folder. The client software is downloaded and automatically installed the first time the user joins a meeting.

It is not necessary to change any of the ActiveX, Java plug-in, WebEx Meetings application installer, or TFS settings.

Mac Users

• If Java is enabled, the client software is downloaded and automatically installed the first time the user joins a meeting. (Java is turned off by default in Mac OS X Lion version 10.7 and OS X Mountain Lion version 10.8.)

• If Java is disabled, the user can download and install the WebEx Meetings application.

Multi-data Center System Users

If your WebEx site uses self-signed certificates instead of certificates from a well-known Certificate Authority, after your data center is joined to another data center users must install a certificate for each data center in the

Trusted Root Certification Authorities store before they start or join a meeting.

Using Chrome and FireFox Browsers

If you are using Chrome 32 and later or Firefox 27

and later, you might see a prompt to install a Cisco

WebEx plug-in. Select Download and follow the instructions to install the required plug-in.

Note

After installing the plug-in, it might be necessary to enable it.

• If you are using Chrome, select the plug-in icon that displays on the top right of your page, check the Always allow plug-ins... option and select Done.

• If you are using Firefox, select the plug-in icon that displays at the beginning of your URL (before https:) and select Allow and Remember.

If the meeting does not start automatically, refresh the page.

If you are using the Chrome 38 browser and later to start a WebEx meeting or play a WebEx recording, you might be required to complete the following one-time installation to add the Cisco WebEx extension to your

Chrome browser:

Select Add WebEx to Chrome.

Select Free on the Cisco WebEx Extension dialog.

Select Add to add the Cisco WebEx extension to your Chrome browser.

Open the Cisco_WebEx_Add-on.exe file and select Run.

17 The exact versions of Chrome and Firefox that are impacted by this policy have not been finalized as of the publishing of this document.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Introduction and Data Center Topology For Your System

Joining Meetings

The page refreshes when the installation has finished. If the meeting does not start automatically, refresh the page.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Networking Topology

•

Virtual Machine Layout in Your Network, page 39

•

Different Types of Network Topology for Your System, page 40

•

Internal Internet Reverse Proxy (IRP) Network Topology, page 40

•

Non-Split-Horizon Network Topology, page 41

•

All Internal Network Topology, page 43

•

Split-Horizon Network Topology, page 44

•

Redundancy in HA or MDC Deployments, page 45

•

Network Considerations for the Internet Reverse Proxy, page 47

•

Network Bandwidth Requirements, page 48

•

NIC Teaming for Bandwidth Aggregation, page 53

•

Load Balancing, page 54

Virtual Machine Layout in Your Network

Cisco WebEx Meetings Server (CWMS) comprises two groups of virtual machines: the internal virtual machines and the optional Internet Reverse Proxy (IRP) virtual machines. IRP is required for systems where external users are allowed to host or attend meetings through the Internet without using VPN or by using

CDMA mobile devices. Without IRP, only internal and VPN users can host or join meetings. For more information about IRP, see

Network Considerations for the Internet Reverse Proxy, on page 47

Internal Virtual Machines

Internal virtual machines refer to the Admin virtual machine, and if applicable, the Media and Web virtual machines.

• The internal virtual machines must be on a single, common VLAN or subnet. During the system deployment, you will see error messages if your IP address assignments violate this rule. The system design assumes that all the internal virtual machines, including any High Availability (HA) virtual machines, are connected through a LAN that offers high bandwidth, negligible packet loss, and a latency of under 4 ms.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Different Types of Network Topology for Your System

Voice, data, video and the SAN all rely on the network bandwidth. It is critical to deploy a network that is capable of handling the required load.

• Cisco recommends placing all the internal virtual machines on the same Ethernet switch. However, when provisioning a HA system we recommend that you deploy two Ethernet switches to ensure network redundancy.

• If you decide instead to place the virtual machines on different Ethernet switches within the same data center, then your network must meet the specific bandwidth and network latency requirements as described in

Redundancy in HA or MDC Deployments, on page 45

. In this situation, the switch-to-switch trunk must meet the same networking characteristics as the L3 latency and throughput for a single physical switch.

For additional information on systems with HA, see

Different Types of Network Topology for Your System

This product supports the following network topologies:

•

Internal Internet Reverse Proxy (IRP) Network Topology, on page 40

•

Non-Split-Horizon Network Topology, on page 41

•

All Internal Network Topology, on page 43

•

Split-Horizon Network Topology, on page 44

Important

If you want mobile users to attend meetings, select a network topology that includes the Internet Reverse

Proxy virtual machine. Deploy the Internet Reverse Proxy regardless of how mobile users attend meetings.

When using a cellular data network, mobile users join the meeting through the Internet to the Internet Reverse

Proxy. When using a local Wi-Fi connection, mobile users join the meeting using one of the following methods:

• Internet Reverse Proxy (non-split-horizon network topology)

• Directly through the internal virtual machines (split-horizon network topology)

Note

If your network topology includes forward proxies, they must meet specific requirements for the Internet

Reverse Proxy to work properly. See the Cisco WebEx Meetings Server Troubleshooting Guide for complete details.

Internal Internet Reverse Proxy (IRP) Network Topology

This section describes the network topology when all the virtual machines in your system, including the

Internet Reverse Proxy (IRP) virtual machine, are in the same internal network.

This configuration permits users to sign in and join meetings securely from the Internet without a VPN connection.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Non-Split-Horizon Network Topology

If you are using automatic deployment, then the ESXi hosts for all your virtual machines (including the IRP) must be managed from the same VMware vCenter. This vCenter information is required during an automatic system deployment.

Note

This configuration supports mobile access.

You will define the Administration URL, the WebEx Site URL, the private VIP address, and the public VIP address during the deployment of your system. For more information about these terms, and when you provide them, see the Installation section of the Cisco WebEx Meetings Server Administration Guide.

This is a diagram of an all-internal IRP network topology.

For a complete list of the port access required for this deployment, see

Port Access When All the Virtual

Machines Are in the Internal Network, on page 78

Advantages of an All Internal IRP Network Topology

Compared with the non-split-horizon network topology, there are no virtual machines in the DMZ, and the network traffic for internal users is not connected through the DMZ to host or attend meetings.

Disadvantages of an All Internal IRP Network Topology

Public access (allowing external users to access the system) requires opening inbound ports (80 and 443) directly from the Internet to the internal network.

For more information about IRP, see

Network Considerations for the Internet Reverse Proxy, on page 47

and Adding Public Access to Your System by using IRP .

Non-Split-Horizon Network Topology

This section describes the network topology when you have a non-split-horizon DNS. The internal virtual machines (Admin, and if applicable, Media and Web) are in the internal network, and the Internet Reverse

Proxy is in the DMZ network.

Note

This configuration permits users to sign in and join meetings securely from the Internet without a VPN connection.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Non-Split-Horizon Network Topology

Note

This configuration supports mobile access.

For this product, the primary difference between a split-horizon and a non-split-horizon network topology is that for a split-horizon system, internal users access the WebEx site URL using the private VIP address.

External users (outside the firewall) access the WebEx site URL using the public VIP address. For a non-split-horizon network, all users (internal and external) access the WebEx site URL using the public VIP address.

This is a schematic diagram of a non-split-horizon network topology.

Note

For a complete list of the port access required for this deployment, see

Port Access With an Internet

Reverse Proxy in the DMZ Network, on page 79

Advantages of a Non-Split-Horizon Network Topology

• Tight control on the traffic that comes in and goes out of a network.

• Addresses more common, simple DNS network requirements.

Disadvantages of a Non-Split-Horizon Topology

• Complex setup, but not as complex as the split-horizon network topology.

• Internal traffic is directed to the DMZ network. All network traffic from the Internet as well as from the internal (private network) goes to the Internet Reverse Proxy in the DMZ network, then comes back to the internal virtual machines.

• Requires more ports to be opened in the firewall between the DMZ and internal network than the all internal network topology.

• Automatic system deployment (for 50, 250, or 800 concurrent user systems only) requires a more detailed setup in vCenter.

• Of the three network topologies, this configuration most affects network performance, since all of the meetings load is through the Internet Reverse Proxy. Because there are multiple hops, network latency is affected as well.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

All Internal Network Topology

Note

Refer to

Port Access With an Internet

for details about NIC speed requirements for non-split-horizon DNS deployments.

All Internal Network Topology

This section describes the network topology when all the virtual machines in your system are in the same internal network. There is no public access; only internal and VPN users can host or join meetings.

Note

If you are using automatic deployment, then the ESXi hosts for all your virtual machines must be managed from the same VMware vCenter. This vCenter information is required during an automatic system deployment.

Note

This configuration does not support mobile access.

You will define the Administration URL, the WebEx Site URL and the private VIP address during the deployment of your system. For more information about these terms, and when you provide them, see the

Installation section of the Cisco WebEx Meetings Server Administration Guide.

This is a schematic diagram of an all internal network topology.

Advantages of an All Internal Network Topology

• Provides lower latency as there are fewer network hops between the virtual machines.

Disadvantages of an All Internal Network Topology

• There is no public access (allowing external users to access the system) and no access for mobile users.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Split-Horizon Network Topology

Split-Horizon Network Topology

This section describes the network topology when you have a split-horizon DNS. The internal virtual machines

(Admin, and if applicable, Media and Web) are in the internal network, and the Internet Reverse Proxy is in the DMZ network.

Note

This configuration permits users to sign in and join meetings securely from the Internet without a VPN connection.

Note

This configuration can only support mobile access from a public IP (internet) network. Mobile access is not supported on an internal (intranet) network.

In a split-horizon deployment, Internet-origin traffic (including mobile users employing a cellular data network) goes to the Internet Reverse Proxy. Internal-origin traffic (including mobile users employing local Wi-Fi) goes directly to the internal virtual machines.

This is a schematic diagram of a split-horizon network topology.

Note

For a complete list of the port access required for this deployment, see

Reverse Proxy in the DMZ Network, on page 79

Advantages of a Split-Horizon Network Topology

• Tight control on the traffic that comes in and goes out of a network.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Redundancy in HA or MDC Deployments

• There is a separation of network traffic hitting the system, enabling a more distributed spread of the load.

The traffic coming in from the Internet will go to the Internet Reverse Proxy. The traffic coming from the internal (private network) will go directly to the internal virtual machines (Admin, and if applicable,

Media and Web).

• Performance and network latency is better than a non-split-horizon DNS, but worse than an all internal network topology.

Disadvantages of a Split-Horizon Topology

• Of the three different network topologies, this is the most complex setup.

• Requires sophisticated DNS mapping.

• Requires more ports to be opened in the firewall between the DMZ and internal network than the all internal network topology.

• Automatic system deployment (for 50, 250, or 800 concurrent user systems only) requires a more detailed setup in vCenter.

• Because of web redirection, for internal users, the WebEx site URL is replaced with the URL exposing the hostname of the virtual machine containing the web services as well as the Media virtual machines.

Refer to

Virtual Machines In Your System, on

for details about NIC speed requirements for split-horizon DNS deployments.

Redundancy in HA or MDC Deployments

High Availability (HA) provides redundancy through failover from a faulty primary Cisco WebEx Meetings

Server (CWMS) system to a backup CWMS HA system in the same physical location.

CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users improves network performance. A CWMS system cannot support both HA and MDC.

The conditions for redundancy are:

• The HA virtual machines must be co-located in the same data center as the primary virtual machines.

All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements for connectivity between the primary and HA components are the same as defined previously for the primary virtual machines. Splitting the primary and HA components of the system between data centers is not supported.

The MDC virtual machines are not required to be co-located in the same data center.

• Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a switch or network link does not sever the connectivity between the primary and HA or MDC components.

To achieve this redundancy, each host server should have redundant connections to multiple Ethernet switches.

• The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Redundancy in HA or MDC Deployments

Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual machines.

After joining data centers in an MDC system, IRP can be enabled or disabled on the data centers. The

IRP configuration for all data center in the CWMS MDC system must match; there cannot be a mismatch.

The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an

800 user system with or without HA, the total system capacity remains the same; the maximum number of simultaneous audio connections is 800.

The HA or MDCsystem comprises redundant virtual machines for each virtual machine type in your deployment. (For a description of each type of virtual machine, see

page 7 .) For example:

• A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP) virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50 user system consists of two Admin virtual machines and two IRP virtual machines.

• A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual machines.

• A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two

Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant)

Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual machines.

In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system.

(The public VIP address and the private VIP address are different and are not shared.) When one virtual machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual machine failure is transparent to users as meetings continue without placing unusual demands on the DNS infrastructure. However, a shared VIP address can only be implemented on a single network segment or

VLAN; splitting a VLAN across two data centers creates multiple problems.

We require connectivity between the primary and HA internal virtual machines to be within the same data center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure.

Allowing a split network can result in split meeting connections and conflicting database updates. It is more practical to construct a true HA network segment within a single data center than between multiple data centers.

In an MDC system, the data is replicated across data centers (except for the License Manager). Therefore if a data center goes down or network connectivity is lost, the surviving data center continues to serve users independent of geographic location.

The best way to build a fault tolerant system is when most system components operate as “all active.” However, certain key components, notably the database service, are “active/standby." (Web servers and media components in the HA system are dependent on the primary system components.) Any latency or interruption on the connections results in delays for users, particularly when joining meetings. Latency between media service components increases audio and video latency for some users during meetings. (For Cisco WebEx Meetings

Server, 4 ms of network latency is acceptable between the internal virtual machines. For more details, see

Virtual Machine Layout in Your Network, on page 39

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Network Considerations for the Internet Reverse Proxy

Network Considerations for the Internet Reverse Proxy

The Internet Reverse Proxy virtual machines share the same general networking requirements as the internal virtual machines. For the non-split-horizon and split-horizon DNS configuration, the Internet Reverse Proxy virtual machines are deployed in your DMZ network and not the internal network.

Restriction

Even if the Cisco UCS Servers are configured with two NICs, Cisco WebEx Meetings Server does not support pointing one NIC to the Internet and the other NIC to the Intranet. This restriction applies regardless of the mappings between the physical NICs and virtual NICs used by vSphere (and the Internet Reverse

Proxy).

The Internet Reverse Proxy virtual machine always connects to a single external VLAN regardless of the number or NICs you use. If you use multiple physical NICs, and they are connected to different switches or routers, the NICs must still be connected to the same VLAN.

Therefore, you cannot use the Internet Reverse Proxy to bridge traffic between two separate network segments

(with one pointing to the Internet and the other pointing to the Intranet). The next section describes how you can accomplish this goal.

Latency Between Internal Virtual Machines and the Internet Reverse Proxy

The maximum acceptable round-trip latency on the path between the NIC on the Internet Reverse Proxy and the NIC on any of the internal virtual machines should be established at less than 4 ms. Excess latency on this path will limit the bandwidth usable by end users for audio, video, and desktop sharing. If the latency increases from 4 ms to 8 ms, for instance, the usable bandwidth will drop by half, with the experience progressively degrading as the latency increases.

Note

The 4 ms latency limit does not apply to the path between any of Cisco WebEx Meetings Server components and end users endpoints.

Note

Potentially severe delays on end user connections that pass through the Cisco WebEx Meetings Server

Internet Reverse Proxy can result when latency exceeds 4 ms between the IRP and the internal virtual machines.

Network Traffic Isolation

You may set up network traffic isolation between the Internet and your internal network by using a DMZ

Ethernet switch. The following procedure and diagram illustrate one example:

Connect the Internet Reverse Proxy to a head-end switch or router and use that switch or router to split the Internet and Intranet traffic.

Once the switch or router splits the traffic, then you can pipe those two traffic patterns to two separate physical ports on the switch or router. One port points to the Internet and other port points to the Intranet.

Here is a diagram of a sample network topology:

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Network Bandwidth Requirements

Networking Topology

For information about network bandwidth requirements, see

Considerations for the Internet Reverse Proxy, on page 47

Network Bandwidth Requirements

This section describes the bandwidth requirements for 50, 250, 800 and 2000 user systems. Meeting the bandwidth requirements outlined in the section will provide a quality end user experience for your users who host and attend WebEx meetings, and helps ensure that your network can support the traffic demands from the web sharing, audio, and video.

Estimating Bandwidth for End User Sessions

It is important to estimate the network bandwidth to support the traffic demands of video, audio, and web sharing for the size of your user system. The bandwidth requirements for this product are fundamentally the

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Network Bandwidth Requirements

same as for Cisco WebEx cloud services. If you wish to optimize your network provisioning, Cisco WebEx cloud services bandwidth usage is presented in the WebEx Network Bandwidth White Paper .

The information in the following table shows the expected bandwidth for video, audio and web sharing.

WebEx Meeting Component

Video (360p + 6 thumbnails)

Aggregate End User Session Bandwidth

1.5 Mb/s

Audio 0.1 Mb/s

0.6 Mb/s Web sharing

(This value assumes you flip a slide every 30 seconds.)

Total maximum bandwidth

2.2 Mb/s

Although 2.2 Mb/s is the maximum expected bandwidth for a single user connection, Cisco recommends using the maximum expected bandwidth of 1.5 Mb/s when calculating bandwidth requirements. Because only one-half of the maximum number of users can employ video, audio, and web sharing while the remaining users should use only audio and web sharing, this yields an average bandwidth of approximately 1.5 Mb/s per user connection.

If you refer to the WebEx Network Bandwidth White Paper, you will notice that the bandwidth values in the preceding table are based on worst-case traffic conditions. Average bandwidth utilization is much smaller, but Cisco recommends using worst case numbers for the following reasons:

• Using the worst case numbers for your calculation should help you provide the needed bandwidth to prevent a degraded user experience as a result of heavy usage.

• The Cisco WebEx Meetings Server sends the same data simultaneously to all the participants in a meeting.

When a WebEx host flips a page on a presentation, an image of that page (possibly comprising several megabytes) is sent separately to each endpoint, simultaneously, and as quickly as possible.

Bandwidth on Network Paths

Use the following process to determine the necessary bandwidth on various network paths.

Determine the averaged bandwidth for a user session using the table provided in the preceding section.

Determine the maximum number of users you expect to connect simultaneously over that link.

Multiply the total bandwidth by the maximum number of users.

Scenario examples:

• If you expect a maximum of 100 users to connect concurrently from the Internet, you will probably need

1.5 Mb/s x 100 = 150 Mb/s of available bandwidth on your ISP connection and through your external firewall to the Internet Reverse Proxy. For details about Internet Reverse Proxy, see

Network

• Assume you have a 2000 user system with all connections going through the Internet Reverse Proxy.

In this scenario, you need to assume traffic for all 2000 users will connect to the Internet Reverse Proxy, and then from the Internet Reverse Proxy to the internal virtual machines. The aggregate bandwidth

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Network Bandwidth Requirements

coming into the Internet Reverse Proxy from other parts of the network will be 2000 x 1.5 Mb/s = 3

Gb/s. For details about non-split-horizon, see

Non-Split-Horizon Network Topology, on page 41

Note

The same 3 Gb/s of traffic passes inbound and outbound through the Internet Reverse

Proxy, requiring the NIC on the Internet Reverse Proxy to handle 6 Gb/s of user traffic.

See the next section for more information about bandwidth requirements for the NIC on the Internet Reverse Proxy.

• Assume you have 2000 user system in a split-horizon DNS deployment. In this scenario, your Internet users will connect to the Internet Reverse Proxy while intranet users connect directly to the internal virtual machines. Assume ten percent of your users connect to a meeting using the Internet versus 90 percent of users connect to their meetings through the Intranet. The result is the aggregate bandwidth coming into the Internet Reverse Proxy will now be approximately 300 Mb/s (10 percent of 2000 users times 1.5 Mb/s equals 300 Mb/s). If that same 300 Mb/s of traffic passes from the Internet Reverse

Proxy, the NIC on the Internet Reverse Proxy may be required to handle 600 Mb/s of user traffic. This is a dramatically lower bandwidth requirement than with a non-split-horizon DNS deployment described in the previous scenario. The reduction in network traffic has direct bearing on the recommendations for NIC or switch interface speed (see next section) which can result in you being able to deploy less expensive 1 Gb/s NICs on the Cisco UCS Server for the Internet Reverse Proxy or 1 Gigabit Ethernet

Switch Infrastructure in DMZ network. For more details about split-horizon, see

Split-Horizon Network

Topology, on page 44

Note

You may be required to deploy 1 Gigabit Ethernet NICs configured for NIC Teaming if the Internet Reverse Proxy usage is marginally close to the 1000 Mb/s threshold.

See

NIC Teaming for Bandwidth Aggregation, on page 53

for more details.

Bandwidth on Cisco WebEx Meetings Server Network Interfaces

For direct interfaces between your switching architecture and your system, we recommend provisioning your interface NICs to the maximum speeds shown in the following table. These speeds apply to the connectivity between the Cisco UCS Servers and ports on head-end switches in your local switching infrastructure only.

These are the recommended speeds needed to support worst-case traffic requirements.

System Capacity

50 user system

NIC or Switch Interface Speed

1 Gb/s

250 user system

800 user system

2000 user system

1 Gb/s

10 Gb/s

1819

10 Gb/s

18 You may optionally choose to reduce network infrastructure costs by deploying NIC Teaming using two or more Gigabit Ethernet NICs on the UCS Server and NIC Teaming on the head-end switch.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Network Bandwidth Requirements

19 For 800 user systems, if your deployment is using internal DAS storage, you can optionally choose to reduce network infrastructure costs by deploying NIC

Teaming using two or more Gigabit Ethernet NICs on the UCS Server and NIC Teaming on the head-end switch. However, if your deployment is using SAN or NAS storage, you will need a 10 Gigabit Ethernet link.

20 If you have a non-split-horizon DNS deployment, the 10 Gb/s requirement pertains to the IRP and internal virtual machines. If you have a split-horizon DNS deployment, you may be able to reduce the network infrastructure demands on your IRP (and DMZ network), which can result in you being able to deploy less expensive 1 Gb/s NICs on the Cisco UCS Server for the Internet Reverse Proxy or 1 Gigabit Ethernet Switch Infrastructure in DMZ network, as described in the "Bandwidth on Network Paths" section. However the 10 Gb/s speed requirement holds true for the internal virtual machines (and internal network).

See the next section, "Bandwidth Considerations for Split-Horizon DNS Deployments," for more information about using 1 Gb/s NICs and Ethernet switches for a split-horizon DNS deployment.

Assumptions for NIC Speed Calculations:

• The aggregate end-user session bandwidth (1.5 Mb/s) was used to calculate the NIC speeds shown in the preceding table.

• The inter-virtual machine control traffic must be free of congestion. This especially applies to 2000 user systems and any system provisioned for high availability. Severe congestion on virtual machine links can result in system instability and consequent interruption of service.

• The connections to NAS storage, used for recording and database backup, must not be congested.

• Protocol overhead and implementation inefficiencies result in usable link bandwidth that is significantly less than the 1 Gb/s or 10 Gb/s speed labels.

• If a large percentage of your traffic will hit the Internet Reverse Proxy when users log in to meetings, you need to remember that every user connection passes twice through the NIC on the Internet Reverse

Proxy (inbound and outbound). Using the 2000 user system as an example, this means the NIC on the

Internet Reverse Proxy may be required to handle 6 Gb/s of user traffic (2000 users times 1.5 Mb/s equals 3 Gb/s, times two for inbound and outbound traffic equals 6 Gb/s).

Conservatively, we ask that the local connections be no more than 60 percent used for end user media traffic, allowing the remaining 40 percent to be available for other traffic, unusual traffic bursts, and network overhead.

Using the 800 user system as an example, we estimate the end user traffic at 1.2 Gb/s for the Admin and

Media virtual machines and 2.4 Gb/s for the Internet Reverse Proxy virtual machine. Applying the 60 percent rule, we want the NIC to be capable of handling 2 Gb/s for the Admin and Media virtual machines (1.2 Gb/s estimated user traffic for the Admin and Media virtual machines divided by 60 percent estimated normal bandwidth consumption equals 2.0 Gb/s) and 4 Gb/s for the Internet Reverse Proxy virtual machine.

Note

The NIC speeds shown in the preceding table do not account for bandwidth used for accessing SAN storage. If Fibre Channel over Ethernet (FCoE) is used for a SAN connection, it should be provisioned to use an independent network interface.

Bandwidth Considerations for Split-Horizon DNS Deployments

With a split-horizon DNS deployment, some of your users will be logging in to meetings from the Internet and that traffic will hit the Internet Reverse Proxy, while the majority of users who are on the internal network will be logging into meetings without hitting the Internet Reverse Proxy. With a split-horizon DNS deployment, if you speed up your network and segment your traffic so that most of your traffic stays within the internal network (as opposed to hitting the Internet Reverse Proxy), you can potentially use NIC Teaming and provision a lower-end NIC (1 Gb/s NIC) on the Internet Reverse Proxy and provision the switching infrastructure between the Internet Reverse Proxy and the Internet to be 1 Gb/s, or at least lower than the recommended 10

Gb/s, for a 2000 user system.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Network Requirements for Multi-data Center

For example, if a company has 100 users who want to access a 2000 port user system from the Internet concurrently, you would need a bandwidth of 150 Mb/s (1.5 Mb/s aggregate user session bandwidth * 100 users = 150 Mb/s). This implies that a network infrastructure from the DMZ network to the Internet Reverse

Proxy can be 1 Gb/s Ethernet switches, and the Ethernet NIC interface on the Internet Reverse Proxy can be

1 Gb/s, as opposed to the stated 10 Gb/s interface requirement. Even when you factor in that the Internet

Reverse Proxy sees double the traffic (meaning its NIC would have to handle 300 Mb/s of user traffic), applying the 60 percent rule (explained in the "Bandwidth on Cisco WebEx Meetings Server Network

Interfaces" section) translates to 500 Mb/s. A 1 Gb/s link is still sufficient, but it would not be sufficient if we assumed 250 users instead of 100 users.

Note

The optimization of bandwidth is only applicable for the NIC on the Internet Reverse Proxy in a split-horizon DNS deployments.

For non-split-horizon DNS deployments, you must deploy 10 Gb/s Ethernet switches and Ethernet NIC interfaces on the Internet Reverse Proxy.

Network Requirements for Multi-data Center

Requirements for a network link between two data centers:

• Guaranteed bandwidth of 4.5 Mbps for essential inter-data center communications.

• Less than 200 ms latency (round-trip time delay).

Data center network requirements for inter-data center cascaded meetings:

• Each cascaded meeting with audio and Web requires 0.16 Mbps.

• Each cascaded meeting with LQ video at 180p, audio, and Web requires 0.66 Mbps.

• Each cascaded meeting with HQ video at 360p, audio, and Web requires 1.20 Mbps.

• Less than 200 ms latency (round-trip time delay).

For example, a worst case a 2000 user system (maximum number of 1000 meetings are cascaded. Half of them can have Video, and half are without:

• HQ video : 500 x 1.2 + 500 x 0.16 = 680 Mbps

• LQ video: 500 x 0.66 + 500 x 0.16 = 410 Mbps

For an 800 user system:

• HQ video: 680 / 2000 x 800 = 272 Mbps

• LQ video: 410 / 2000 x 800 = 164 Mbps

For a 250 user system:

• HQ video: 680 / 2000 x 250 = 85 Mbps

• LQ video: 410 / 2000 x 250 = 51.25 Mbps

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

NIC Teaming for Bandwidth Aggregation

Additional information can be found at http://www.cisco.com/c/en/us/products/conferencing/ webex-meeting-center/white-paper-listing.html

NIC Teaming for Bandwidth Aggregation

Configuring NIC Teaming on your UCS Servers that contain the ESXi host with the internal virtual machines provides two advantages: NIC Teaming load balances the network traffic between physical and virtual networks, and provides failover in the event of a hardware failure or a network outage. In addition, for deployments where 10 Gb/s infrastructure is not available, it may be possible for you to team multiple 1 Gb/s NICs to achieve an equivalent result.

Note

For more information about NIC speeds required for different size user systems, see the section "Bandwidth on Cisco WebEx Meetings Server Network Interfaces" in this chapter.

Cisco supports NIC Teaming for bandwidth load balancing for all user system sizes--50, 250, 800, and 2000 user systems--but it is most useful for customers who are trying to optimize networking costs for an 800 user system. If your deployment is using internal DAS storage, the aggregate bandwidth requirements to and from

Cisco UCS Servers and the head-end switches for an 800 user system are projected to be similar to using Dual

1 Gigabit Ethernet NICs (or Quad 1 Gigabit Ethernet NICs on a system with HA) to support worst-case traffic requirements, thereby alleviating the need to provision the UCS Servers with 10 Gigabit Ethernet NICs (or to purchase 10 Gigabit Ethernet head-end switches).

Note

If your deployment is using SAN or NAS storage, the aggregate bandwidth requirements to and from

Cisco UCS Servers and the head-end switches for an 800 user system is 10 Gigabits Ethernet.

Note

For information about provisioning NIC teaming in VMware, refer to the VMware documentation at http:/

/kb.vmware.com

and search for "NIC teaming in ESXi/ESX".

Assuming the use of traditional network interfaces and Ethernet switches, you can provide redundancy by using NIC teaming and duplicate switches, as outlined in the following process:

• Set up an Ethernet switch which supports IEEE 802.3ad/IEEE 802.1ax Link Aggregation Control Protocol

(LACP).

• Using vCenter, connect the virtual machine port group associated with the Cisco WebEx Meetings Server virtual machines to both physical adapters.

• Connect both physical adapters to the switch.

• Provision the switch to statically provision the two ports as a team.

• Using VMware vSphere, set NIC Teaming to Active/Active to allow throughput on both NIC interfaces.

For example, for an 800 user deployment, two 1 Gb/s links may be substituted for each 10 Gb/s link on the

ESXi host with the internal virtual machines, and four 1 Gb/s links may be substituted for each 10 Gb/s link on the Internet Reverse Proxy. (To get fault tolerance on a system with HA, as described in the section

"Redundant Network Connections for HA Deployments", it is necessary to double the number of links.) With

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Topology

Load Balancing

the ESXi host with the internal virtual machines, connect two 1 Gb/s links to the first Ethernet switch plus two 1 Gb/s links to the second Ethernet switch.

Note

The example server configurations shown in the Cisco WebEx Meetings Server System Requirements do not include sufficient network interfaces to support NIC Teaming for this purpose.

Load Balancing

Load balancing is always done on CWMS no matter what type of traffic is being handled and it is not configurable.

The system attempts to balance the load equally on all web nodes. When the deployment is a system without

High Availability (HA), connections are balanced among all web nodes on that system. In the case of a HA deployment, the system uses the web nodes on both the primary system and the HA system for load balancing.

In the event of a failure of one, but not all web nodes, the system remains active, but capacity is reduced.

The Internet Reverse Proxy (IRP) node is an entry point and most load balancing decisions are made there.

Only one IRP node is active on a system. A system without HA deployment has only one IRP node. A system with HA deployment has two IRP nodes, one IRP is active while the other is inactive. Depending on the DNS configuration, IRP serves all external traffic (and all internal traffic in case of non-split DNS).

If there is a failure involving multiple hosts, then the functionality and capacity might be affected.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Networking Changes Required For Your

Deployment

•

Networking Checklist for Your System, page 56

•

Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public

Access, page 57

•

Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and

All Internal Virtual Machines, page 59

•

Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a Non-Split-Horizon DNS, page 62

•

Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split Horizon DNS, page 64

•

Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon DNS, page 67

•

Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a

Split-Horizon DNS, page 70

•

Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public

Access, page 73

•

Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access, page 74

•

WebEx Site and WebEx Administration URLs, page 77

•

Port Access When All the Virtual Machines Are in the Internal Network, page 78

•

Port Access With an Internet Reverse Proxy in the DMZ Network, page 79

•

VMware vCenter Ports, page 84

•

Cisco WebEx Meeting Center Ports, page 85

•

Using NAT With Your System, page 86

•

Forward Proxies, page 88

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for Your System

Networking Checklist for Your System

The networking checklist lists the networking changes required for your system, depending on your DNS configuration and whether or not you enable public access (allowing users to host or attend meetings from the Internet or a mobile device).

Choose the appropriate checklist depending on whether you are using automatic system deployment

(recommended for 50, 250, or 800 user deployments) or manual system deployment (required for a 2000 user deployment).

• All virtual machines, including the Internet Reverse Proxy, are in your internal network (easiest configuration)

◦

Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public

Access, on page 57

◦

Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal Virtual Machines, on page 59

• Non-split-horizon DNS (the most common DNS configuration)

◦

Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a Non-Split-Horizon DNS, on page 62

◦

Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split Horizon DNS, on page 64

• Split-horizon DNS

◦

Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon DNS, on page 67

◦

Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon DNS, on page 70

• Systems without public access

◦

Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public

Access, on page 73

◦

Networking Checklist For an Installation or Expansion With Manual Deployment and No Public

Access, on page 74

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public Access

Networking Checklist for an Installation or Expansion With an

Automatic Deployment and Public Access

Virtual Machine Deployment

In an automatic deployment, we deploy all the virtual machines (other than the Admin virtual machine) for you. We recommend that you choose an automatic deployment if you are deploying a 50, 250, or 800 user system.

• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.

• Verify that the Internet Reverse Proxy virtual machines are in your internal network.

• Verify that the ESXi hosts for all your virtual machines (including the Internet Reverse Proxy) are managed from the same VMware vCenter.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

IP Address

Real IP address of the Internet Reverse Proxy Internal (may be on the same subnet as Admin virtual machine)

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to the public VIP address)

Real IP address of the HA Admin virtual machine (if applicable)

Internal (same subnet as the

Internet Reverse Proxy). This IP address must be publicly routable.

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Media virtual machine (if applicable)

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

Internal [same subnet as the primary system Internet Reverse

Proxy (but can use NAT with a private IP address)]

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With an Automatic Deployment and Public Access

DNS Configuration

Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site

URL and the Administration site URL. For a list of the words that you cannot use, see

Port Access When All the Virtual Machines Are in the Internal Network, on page 78

Task

Hostnames and IP addresses of the internal virtual machines: Admin virtual machine and, if applicable, the Media virtual machine.

Examples

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Hostname and IP address for the Internet Reverse

Proxy virtual machine.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Administration site URL and Private VIP address.

• <Administration-site-URL>

<Private-VIP-address>

WebEx site URL and Public VIP address.

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate from the internal (Admin or Media) virtual machines. See

Network Routing Configuration

Task

Enable Layer 3 routing between the internal and DMZ networks.

Examples

• Internal Subnet <internal-subnet>/24

• DMZ Subnet <DMZ-subnet>/24

Verify that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet. [As you are deploying all your system virtual machines internally (the Internet Reverse Proxy is not in the DMZ), this subnet must be in the internal network.]

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal

Virtual Machines

Task

Verify that the Private VIP address and internal virtual machines are on the same subnet.

Examples

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Networking Checklist for an Installation or Expansion With a

Manual Deployment, Public Access, and All Internal Virtual

Machines

Virtual Machine Deployment

In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your vSphere client. You then install your system using a manual deployment.

You must choose a manual deployment if you are deploying a 2000 user system.

• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same subnet as the Admin virtual machine.

• Ensure that the Internet Reverse Proxy virtual machines are in your internal network.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

Real IP address of the second Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the third Media virtual machine (2000 user system only)

Real IP address of the Web virtual machine

(2000 user system only)

Real IP address of the second Web virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

IP Address

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal

Virtual Machines

Description Network Location

Real IP address of the Internet Reverse Proxy Internal (may be on the same subnet as Admin virtual machine)

IP Address

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to the public VIP address)

Internal (same subnet as the

Internet Reverse Proxy)

Note

This IP address must be publicly routable.

Real IP address of the HA Admin virtual machine (if applicable)

Real IP address of the HA Media virtual machine (if applicable)

Real IP address of the HA Web virtual machine (if applicable)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

Internal (same subnet as primary system's Admin virtual machine)

Internal—same subnet as the primary system's Internet Reverse

Proxy (but may use NAT with a private IP address)

DNS Configuration

Make the following changes to your DNS configuration.

Note

There are some limitations for the hostname portion of the WebEx site URL and the Administration site

URL. For a list of the words that you may not use, see

Port Access When All the Virtual Machines Are in the Internal

on page 77 .

Task

Update your DNS Server with the hostnames and IP

Addresses for the internal virtual machines: Admin virtual machine and if applicable, the Media and Web virtual machines.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Update your DNS server with the hostname and IP address for the Internet Reverse Proxy virtual machine.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With a Manual Deployment, Public Access, and All Internal

Virtual Machines

Task

Update your DNS server with Administration site

URL and Private VIP address information.

Example

• <Administration-site-URL>

<Private-VIP-address>

Update your DNS server with WebEx site URL and

Public VIP address information.

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from the internal (Admin, Media and Web, if applicable) virtual machines.

Although it is not recommended, we do also support placing all of your virtual machines (Internet Reverse

Proxy and internal) on the same subnet. See

Network, on page 78

Network Routing Configuration

Make the following changes to your network routing.

Task

Enable L3 (Layer 3) routing between the internal and

DMZ networks for the following virtual machines:

Admin virtual machine and if applicable, the Media and Web virtual machines

Compare These IP Addresses

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Ensure that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet.

Note

As you are deploying all your system virtual machines internally (the Internet Reverse

Proxy is not in the DMZ), then this subnet must be in the internal network.

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a

Non-Split-Horizon DNS

Task

Ensure that the Private VIP address and internal virtual machines (Admin, and Media and Web, if applicable) are on the same subnet.

Compare These IP Addresses

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Networking Checklist for an Installation or Expansion With

Automatic Deployment, Public Access, and a Non-Split-Horizon

DNS

Virtual Machine Deployment

• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.

• Verify that the Internet Reverse Proxy virtual machines are in your DMZ network.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

IP Address

Real IP address of the Internet Reverse Proxy DMZ (but can use NAT with a private IP address)

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to the public VIP address)

DMZ (same subnet as the Internet

Reverse Proxy)

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion With Automatic Deployment, Public Access, and a

Non-Split-Horizon DNS

Description

Real IP address of the HA Admin virtual machine (if applicable)

Real IP address of the HA Media virtual machine (if applicable)

Network Location

Internal (same subnet as primary system Admin virtual machine)

IP Address

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

DMZ [same subnet as the primary system Internet Reverse Proxy

(but can use NAT with a private

IP address)]

DNS Configuration

Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site

URL and the Administration site URL. For a list of the words that you cannot use, see

Port Access When All the Virtual Machines Are in the Internal Network, on page 78

Task

Hostnames and IP addresses of the internal virtual machines: Admin virtual machine and, if applicable, the Media virtual machine.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Hostname and IP address for the Internet Reverse

Proxy virtual machine.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Administration site URL and Private VIP address.

• <Administration-site-URL>

<Private-VIP-address>

WebEx site URL and Public VIP address.

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate from the internal (Admin or Media) virtual machines. See

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split

Horizon DNS

Network Routing Configuration

Make the following changes to your network routing.

Task

Enable Layer 3 routing between the internal and DMZ networks.

Compare These IP Addresses

• Internal Subnet <internal-subnet>/24

• DMZ Subnet <DMZ-subnet>/24

Verify that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet.

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Verify that the Private VIP address and internal virtual machines are on the same subnet.

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Networking Checklist For an Installation or Expansion With

Manual Deployment, Public Access, and a Non-Split Horizon

DNS

Virtual Machine Deployment

In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your vSphere client. You then install your system using a manual deployment.

You must choose a manual deployment if you are deploying a 2000 user system.

• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same subnet as the Admin virtual machine.

• Ensure that the Internet Reverse Proxy virtual machines are in your DMZ network.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

IP Address

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split

Horizon DNS

Description Network Location

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

Real IP address of the second Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the third Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the Web virtual machine

(2000 user system only)

Real IP address of the second Web virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the Internet Reverse Proxy DMZ (but may use NAT with a private IP address)

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to the public VIP address)

Real IP address of the HA Admin virtual machine (if applicable)

Real IP address of the HA Media virtual machine (if applicable)

Real IP address of the HA Web virtual machine (if applicable)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

DMZ (same subnet as the Internet

Reverse Proxy)

Internal (same subnet as primary system's Admin virtual machine)

DMZ—same subnet as the primary system's Internet Reverse

Proxy (but may use NAT with a private IP address)

IP Address

DNS Configuration

Make the following changes to your DNS configuration.

Note

There are some limitations for the hostname portion of the WebEx site URL and the Administration site

URL. For a list of the words that you may not use, see

Port Access With an Internet Reverse

on page 77 .

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment, Public Access, and a Non-Split

Horizon DNS

Task

Update your DNS Server with the hostnames and IP

Addresses for the internal virtual machines: Admin virtual machine and if applicable, the Media and Web virtual machines.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Update your DNS server with the hostname and IP address for the Internet Reverse Proxy virtual machine.

Update your DNS server with Administration site

URL and Private VIP address information.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

• <Administration-site-URL>

<Private-VIP-address>

Update your DNS server with WebEx site URL and

Public VIP address information.

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from the internal (Admin, Media and Web, if applicable) virtual machines. See

Proxy in the DMZ Network, on page 79

Network Routing Configuration

Make the following changes to your network routing.

Task

Enable L3 (Layer 3) routing between the internal and

DMZ networks for the following virtual machines:

Admin virtual machine and if applicable, the Media and Web virtual machines

Compare These IP Addresses

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon

DNS

Task

Ensure that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet.

Compare These IP Addresses

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Ensure that the Private VIP address and internal virtual machines (Admin, and Media and Web, if applicable) are on the same subnet.

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Networking Checklist For an Installation or Expansion With

Automatic Deployment, Public Access, and a Split-Horizon DNS

Virtual Machine Deployment

• Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.

• Verify that the Internet Reverse Proxy virtual machines are in your DMZ network.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

Real IP address of the Internet Reverse Proxy DMZ (but can use NAT with a private IP address)

IP Address

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon

DNS

Description Network Location

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

IP Address

WebEx site URL (used exclusively by the system. Maps to two VIP addresses):

• internal users—private VIP address

• external users—public VIP address

• Internal users—Internal

(same subnet as Admin virtual machine)

• External users—DMZ (same subnet as the Internet

Reverse Proxy)

Real IP address of the HA Admin virtual machine (if applicable)

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Media virtual machine (if applicable)

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

DMZ [same subnet as the primary system Internet Reverse Proxy

(but can use NAT with a private

IP address)]

DNS Configuration

Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site

URL and the Administration site URL. For a list of the words that you cannot use, see

Port Access When All the Virtual Machines Are in the Internal Network, on page 78

Task

Hostnames and IP addresses of the internal virtual machines: Admin virtual machine and, if applicable, the Media virtual machine.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Hostname and IP address for the DMZ virtual machine.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Automatic Deployment, Public Access, and a Split-Horizon

DNS

Task

WebEx site URL, Administration site URL, and

Private VIP address information.

Example

• <Administration-site-URL>

<Private-VIP-address>

• <WebEx-site-URL>

<Private-VIP-address>

WebEx site URL and Public VIP address.

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, we recommend that you place the Internet Reverse Proxy in a subnet that is separate from the internal (Admin or Media) virtual machines. See

Network Routing Configuration

Make the following changes to your network routing.

Task

Enable Layer 3 routing between the internal and DMZ networks.

Compare These IP Addresses

• Internal Subnet <internal-subnet>/24

• DMZ Subnet <DMZ-subnet>/24

Verify that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet.

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Verify that the Private VIP address and internal virtual machines are on the same subnet.

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon

DNS

Networking Checklist for an Installation or Expansion with

Manual Deployment, Public Access, and a Split-Horizon DNS

Virtual Machine Deployment

In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your vSphere client. You then install your system using a manual deployment.

You must choose a manual deployment if you are deploying a 2000 user system.

• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same subnet as the Admin virtual machine.

• Ensure that the Internet Reverse Proxy virtual machines are in your DMZ network.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

Real IP address of the second Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the third Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the Web virtual machine

(2000 user system only)

Real IP address of the second Web virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the Internet Reverse Proxy DMZ (but may use NAT with a private IP address)

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to two VIP addresses)

• internal users—private VIP address

• external users—public VIP address

• Internal users—Internal

(same subnet as Admin virtual machine)

• External users—DMZ (same subnet as the Internet

Reverse Proxy)

IP Address

Real IP address of the HA Admin virtual machine (if applicable)

Internal (same subnet as primary system's Admin virtual machine)

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon

DNS

Description

Real IP address of the HA Media virtual machine (if applicable)

Real IP address of the HA Web virtual machine (if applicable)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

Network Location

Internal (same subnet as primary system's Admin virtual machine)

IP Address

Internal (same subnet as primary system's Admin virtual machine)

DMZ—same subnet as the primary system's Internet Reverse

Proxy (but may use NAT with a private IP address)

DNS Configuration

Make the following changes to your DNS configuration.

Note

There are some limitations for the hostname portion of the WebEx site URL and the Administration site

URL. For a list of the words that you may not use, see

Port Access With an Internet Reverse

on page 77 .

Task

Update your DNS Server (that enables internal lookup) with the hostnames and IP Addresses for the internal virtual machines: Admin virtual machine and if applicable, the Media and Web virtual machines.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Update your DNS server (that enables internal lookup) with the hostname and IP address for the DMZ virtual machine.

Update your DNS server (that enables internal lookup) with WebEx site URL, Administration site URL, and

Private VIP address information.

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

• <Administration-site-URL>

<Private-VIP-address>

• <WebEx-site-URL>

<Private-VIP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion with Manual Deployment, Public Access, and a Split-Horizon

DNS

Task

Update your DNS server (that enables external lookup) with WebEx site URL and Public VIP address information.

Example

• <WebEx-site-URL>

<Public-VIP-address>

Firewall Configuration

For security reasons, Cisco recommends that you place the Internet Reverse Proxy in a separate subnet from the internal (Admin, Media and Web, if applicable) virtual machines. See

Proxy in the DMZ Network, on page 79

Network Routing Configuration

Make the following changes to your network routing.

Task

Enable L3 (Layer 3) routing between the internal and

DMZ networks for the following virtual machines:

Admin virtual machine and if applicable, the Media and Web virtual machines

Compare These IP Addresses

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Ensure that the Public VIP address and the Internet

Reverse Proxy virtual machines are on the same subnet.

• <Public-VIP-address>

• <IRP-vm-FQDN>

<IRP-vm-IP-address>

Ensure that the Private VIP address and internal virtual machines (Admin virtual machine and if applicable, the Media and Web virtual machines) are on the same subnet.

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist for an Installation or Expansion with Automatic Deployment and No Public Access

Networking Checklist for an Installation or Expansion with

Automatic Deployment and No Public Access

Virtual Machine Deployment

Verify that the Media virtual machine (if applicable) is on the same subnet as the Admin virtual machine.

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

IP Address

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

Real IP address of the HA Admin virtual machine (if applicable)

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Media virtual machine (if applicable)

Internal (same subnet as primary system Admin virtual machine)

Real IP address of the HA Internet Reverse

Proxy (if applicable)

Internal (same subnet as primary system Admin virtual machine)

DNS Configuration

Update the DNS server as follows. There are some limitations for the hostname portion of the WebEx site

URL and the Administration site URL. For a list of the words that you cannot use, see

Task

Hostnames and IP addresses of the internal virtual machines: Admin virtual machine and, if applicable, the Media virtual machine.

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access

Task

WebEx site URL, Administration site URL, and

Private VIP address information.

Example

• <Administration-site-URL>

<Private-VIP-address>

• <WebEx-site-URL>

<Private-VIP-address>

Firewall Configuration

Task Example

Configure all the firewalls inside your internal network to permit web browsers to access the Private

VIP address.

HTTP <Private-VIP-address>:80

HTTPS <Private-VIP-address>:443

Network Routing Configuration

Task

Verify that the Private VIP address and internal virtual machines are on the same subnet.

Compare These IP Addresses

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

Networking Checklist For an Installation or Expansion With

Manual Deployment and No Public Access

Virtual Machine Deployment

In a manual deployment, you create all the virtual machines for your system using the OVA wizard from your vSphere client. You then install your system using a manual deployment.

You must choose a manual deployment if you are deploying a 2000 user system.

• Ensure that any additional internal virtual machines (Media and Web, if applicable) are on the same subnet as the Admin virtual machine.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access

Required IP Addresses

Description Network Location

Real IP address of the Admin virtual machine Internal

Real IP address of the Media virtual machine

(if applicable)

Internal (same subnet as Admin virtual machine)

Real IP address of the second Media virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the third Media virtual machine (2000 user system only)

Real IP address of the Web virtual machine

(2000 user system only)

Internal (same subnet as Admin virtual machine)

Real IP address of the second Web virtual machine (2000 user system only)

Internal (same subnet as Admin virtual machine)

Administration URL (used exclusively by the system. Maps to the private VIP address)

Internal (same subnet as Admin virtual machine)

WebEx site URL (used exclusively by the system. Maps to the private VIP address)

Real IP address of the HA Admin virtual machine (if applicable)

Real IP address of the HA Media virtual machine (if applicable)

Real IP address of the HA Web virtual machine (if applicable)

Internal (same subnet as Admin virtual machine)

Internal (same subnet as primary system's Admin virtual machine)

IP Address

DNS Configuration

Make the following changes to your DNS configuration.

Note

There are some limitations for the hostname portion of the WebEx site URL and the Administration site

URL. For a list of the words that you may not use, see

Cisco WebEx Meeting Center Ports, on page

on page 77 .

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Networking Checklist For an Installation or Expansion With Manual Deployment and No Public Access

Task

Example

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

Update your DNS server with Administration site

URL, WebEx site URL, and Private VIP address information.

• <Administration-site-URL>

<Private-VIP-address>

• <WebEx-site-URL>

<Private-VIP-address>

Firewall Configuration

Make the following changes to your firewalls.

Task

Configure all the firewalls inside your internal network to permit web browsers to access the Private

VIP address.

Example

• HTTP <Private-VIP-address>:80

• HTTPS <Private-VIP-address>:443

Network Routing Configuration

Make the following changes to your network routing.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

WebEx Site and WebEx Administration URLs

Task

Ensure that the Private VIP address and internal virtual machines (Admin, and Media and Web, if applicable) are on the same subnet.

Compare These IP Addresses

• <Private-VIP-address>

• <admin-vm-FQDN>

<admin-vm-IP-address>

• <media-vm-FQDN>

<media-vm-IP-address>

• <web-vm-FQDN>

<web-vm-IP-address>

WebEx Site and WebEx Administration URLs

WebEx Site URL

Users access the WebEx site URL to schedule, host, or attend meetings. This URL resolves to either the private

VIP address or the public VIP address, depending on whether or not you are using a split-horizon DNS.

• Resolves to the public VIP address for all users, when you do not have split-horizon DNS.

• Resolves to the public VIP address for external users when you have split-horizon DNS.

• Resolves to the private VIP address for internal users when you have split-horizon DNS.

Note

Ports 80 and 443 must be open for the WebEx site URL.

WebEx Administration URL

Administrators access the WebEx Administration URL to configure, manage, and monitor the system. This

URL resolves to the private VIP address.

Note

Ports 80 and 443 must be open for the WebEx Administration URL.

Names for the WebEx Site and WebEx Administration URLs

You may choose almost any names for these URLs, comprising all lowercase characters. However, you cannot use the following as the hostname in the URLs:

• the same name as the hostnames for any of the virtual machines in the system

• authentication

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Port Access When All the Virtual Machines Are in the Internal Network

• client

• companylogo

• dispatcher

• docs

• elm-admin

• elm-client-services

• emails

• maintenance

• manager

• orion

• oriondata

• oriontemp

• nbr

• npp

• probe

• reminder

• ROOT

• solr

• TomcatROOT

• upgradeserver

• url0107ld

• version

• WBXService

• webex

Port Access When All the Virtual Machines Are in the Internal

Network

This section describes the port access required in the external firewall when all the system virtual machines

(Admin, and if applicable, Media, Web, and Internet Reverse Proxy) are in the internal network. This is the

Internal Internet Reverse Proxy network topology. (See also

85 .)

Ensure that the firewall or any load balancing solution redirects requests to the ports listed below to ensure end users can host and join meetings successfully.

• TCP Port 80 to the public virtual IP (VIP) address

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Port Access With an Internet Reverse Proxy in the DMZ Network

• TCP Port 443 to the public virtual IP (VIP) address

Note

The Web node and Admin node send SMTP requests to the configured Email server. If there is a firewall between the internal Web and Admin virtual machines and the Email server, SMTP traffic might be blocked. To ensure Email server configuration and Email notification work properly, port 25 or 465 (secure

SMTP port number) must be open between the Email server and the Web and the Admin virtual machines.

Port Access in the External Firewall

If you have enabled public access, then the following ports are open inbound directly from the Internet to the

Internet Reverse Proxy virtual machines in the internal network:

Port Access With an Internet Reverse Proxy in the DMZ Network

This section describes the port access required in the internal and external firewalls when you have internal virtual machines (Admin, and if applicable, Media and Web) in the internal network, and the Internet Reverse

Proxy (IRP) in the DMZ network. (See also

Cisco WebEx Meeting Center Ports, on page 85

Configure access control lists (ACLs) on the switch that permits traffic to the ESXi hosts for the system's virtual machines.

Port Access in the External Firewall

Enabled public access by opening port 80 (HTTP) in addition to port 443 (HTTPS), so users can enter the

WebEx site URL without having to remember whether it is HTTP or HTTPS. Although port 80 is open, all the network traffic flows over port 443 (SSL encrypted HTTPS).

Important

Ensure that the firewall or any load balancing solution redirects requests to the ports listed below to ensure users can host and join meetings successfully.

Restriction

Configure TCP port 64700 on the IRP machine to deny any requests that come to the public VIP address.

In the external firewall, this limits access to this port for requests only from the Admin virtual machines.

Protocol

TCP

Port

443

Source Destination Why It Is Needed

Any external clients.

Public VIP (Eth1) of the IRP.

External clients access the WebEx site URL by using

HTTPS. TCP connections are initiated from the external client machines to the IRP virtual machines.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Port Access in the Internal Firewall

Protocol

TCP

UDP

Port

8444

(Introduced in

2.5MR1, 2.6, and

2.0MR6HF.)

Source Destination Why It Is Needed

Any external clients.

Public VIP (Eth1) of the IRP.

External clients accessing the

WebEx site URL by using HTTP. TCP connections are initiated from the external client machines to the IRP virtual machines.

Any external clients.

Public VIP (Eth1) of the IRP.

External clients accessing the

WebEx recordings by using HTTPS.

TCP connections are initiated from the external client machines to the IRP virtual machines.

Real IP (Eth0) of the IRP.

DNS server.

This is needed if you have a firewall between the virtual machines and the

DNS server, for your system to deploy and operate successfully.

Port Access in the Internal Firewall

If you have restrictions on connections from the internal network to the DMZ network, then the table in this section applies. Allow TCP connections outbound from the internal network to the DMZ network segment.

Note

No TCP connections need to be allowed from the DMZ segment in to the internal network for this product to work properly.

Note

Using iptables or access control lists (ACLs), configure the firewall so that connections to port 64616 only come from the Admin virtual machine.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Port Access in the Internal Firewall

Note

SMTP port number) must be open between the Email server and the Web and the Admin virtual machines.

Note

Especially when the IRP is in the DMZ network, allow Internet Control Message Protocol (ICMP) echo requests and replies. Otherwise, the IRP detect and the DNS server availability validation might fail if the

ICMP echo reply is not received.

Protocol

TCP

Port

64001

64002

7001

Source Destination

All internal virtual machines (Eth0 IP).

Real IP (Eth0) of the IRP virtual machines.

Admin and web virtual machines

(Eth0 IP).

All internal virtual machines (Eth0 IP).

Real IP (Eth0) of the IRP virtual machines.

Why It Is Needed

Establishes reverse connections to the

IRP. TCP connections are established from the internal virtual machines to the IRP virtual machines.

Establishes reverse connections to the

IRP. TCP connections are established from the internal virtual machines to the IRP virtual machines.

Establishes reverse connections to the

IRP. TCP connections are initiated from the internal virtual machines to the IRP virtual machines.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Port Access in the Internal Firewall

Protocol

TCP

Port

64616

TCP

64700

Source Destination

Admin virtual machines (Eth0 IP).

Real IP (Eth0) of the IRP virtual machines.

Admin virtual machines (Eth0 IP).

Real IP (Eth0) of the IRP virtual machines.

Any internal client machines.

Real IP (Eth0) of the IRP virtual machines.

Why It Is Needed

Bootstrap the IRP.

TCP connections are initiated from the Admin virtual machines to the IRP virtual machines.

Note

Using iptables or access control lists

(ACLs), configure the firewall so that connections to port

64616 only come from the Admin virtual machine.

Collects logs about the IRP. TCP connections are initiated from the

Admin virtual machines to the IRP virtual machines.

Limit access to this port on all Cisco

WebEx Meetings

Server virtual machines only to other Cisco WebEx

Meetings Server virtual machines with firewall rules.

Troubleshooting the

IRP virtual machines using a

Remote Support

Account.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

TCP

Protocol

TCP

UDP

Port

443

65002

65102

Port Access in the Internal Firewall

Source

Any internal client machines.

Destination Why It Is Needed

Private VIP (Eth1) of the Admin virtual machines.

Real IP (Eth0) of the Media virtual machines.

Internal users accessing the

WebEx site URL by using HTTPS. TCP connections are established from the internal client machine to the

Admin virtual machine.

Private VIP (Eth1) of the Admin virtual machines and Real

IP (Eth0) of the

Media virtual machines.

Public VIP (Eth1) of the IRP.

Any internal client machines.

Any internal virtual machines.

Controls network traffic between internal virtual machines.

Any internal client machines.

Any internal virtual machines.

Controls network traffic between internal virtual machines.

Any internal client machines.

Private VIP (Eth1) of the Admin virtual machines.

Internal users accessing the

WebEx site URL using HTTP. TCP connections are established from the internal client machine to the

Admin virtual machine.

All internal virtual machines (Eth0 IP).

DNS server.

If you have a firewall between the virtual machines and the DNS server, for your system to deploy and operate successfully.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

VMware vCenter Ports

Protocol

TCP

Port

8443

8444

Source

Cisco WebEx

Meetings Server

Web Node.

Destination

CUCM

Why It Is Needed

For AXL traffic in a multi-data center system between

Cisco WebEx

Meetings Server and

CUCM to allow

LDAP CUCM failover.

Cisco WebEx

Meetings Server

Web Node used to download recording files.

Private VIP (Eth1) of the Admin virtual machines.

Real IP (Eth0) of the Media virtual machines.

Internal users accessing the

WebEx site URL by using HTTPS. TCP connections are established from the internal client machine to the

Admin virtual machine.

VMware vCenter Ports

Ports Open for Deployment

These are some of the ports that are used during the deployment of a Single-data Center (SDC) Cisco WebEx

Meetings Server (CWMS). Once the deployment completes, you can close any ports that were opened solely for the deployment.

TCP Port 443 should be open, in both directions, between vCenter and the Admin virtual machine for secure https management during an automatic system deployment. The Admin virtual machine uses this port to provide vCenter credentials to deploy the virtual machines automatically in vCenter.

The ports listed below are used for communication between the ESXi host and vCenter. If the ESXi host and vCenter are connected to a separate management network, you may not need to open these ports through the firewall. For a complete list of ports used by vCenter and the ESXi host, see your VMware documentation.

• UDP/TCP Port 902 in both directions between vCenter and the ESXi hosts for vCenter management

• (Optional) TCP Port 22 from the vSphere client to the ESXi hosts for SSH management

• UDP Port 514 from the ESXi hosts for your system to the internal syslog

• TCP Port 5989 in both directions between vCenter and the ESXi hosts for XML management

The default UDP port used for external clients for audio and video data transmission is SSL (port 443).

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Cisco WebEx Meeting Center Ports

Ports Open to Support Multi-data Center

Ports to be open between the internal machines tcp 8080 tcp 8081 tcp 8082 tcp 9809 tcp 9810 tcp

9811 tcp 9812 tcp 9813 tcp 9814 tcp 9815 tcp 9816 tcp 9817 tcp 9818 tcp 9819 tcp 9820 tcp 9840 tcp

6502 tcp 12340 tcp 12342 tcp 12442 tcp 7001 tcp 7003 tcp 7004 tcp 7005 tcp:5060 tcp 5061 tcp 5062 tcp 5063 tcp 22

Ports to be open between the internal machines and

Virtual IPs tcp 443 tcp 80

Ports to open between Internet Reverse Proxy IPs and the internal machines tcp 7001 tcp 64001 tcp 64700 tcp 64616

UDP ports to open between the internal machines udp range:10000:19999 udp range:16000:32000 udp range:9000:9009 udp 5060 udp 5062

Cisco WebEx Meeting Center Ports

These ports are used for communication between Cisco WebEx Meeting Center and Cisco WebEx Meetings

Server.

• The UDP ports used for internal clients for audio and video data transmission between UDP and SSL include:

• For 50 user systems, use UDP port 9000

• For 250 user systems, use UDP ports 9000, 9001, 9002, 9003

• For 800 user systems, use UDP ports 9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007, 9008, 9009

• For 2000 user systems, use UDP ports 9000, 9001, 9002, 9003, 9004, 9005, 9006, 9007

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Using NAT With Your System

• With the appropriate network settings, internal media servers allow connections through any port used by Meeting Center.

• The Internet Reverse Proxy only accepts connections from Meeting Center through TCP ports 80 and

443.

• AXL traffic from Web Node to CUCM is passed through port 8443. (See also Using CUCM to Configure

AXL Web Service and Directory Synchronization .)

Using NAT With Your System

Cisco supports Network Address Translation (NAT) traversal with this product for virtual machine IP addresses and for the virtual IP addresses (Public and Private VIPs) that are used in your system.

The following schematic diagram illustrates a typical NAT traversal for a 50 user system without High

Availability (HA). By using NAT, you can reduce the number of public IP addresses required for the product to just one IP address, instead of two (or three if you deploy HA). You can also deploy similar NAT deployments as long as these meet the overall system requirements.

Important

The use of multiple NATs and firewalls tends to increase latency, affecting the quality of real time-traffic for users.

Also, when using multiple NAT domains, routing between these various NAT domains can be challenging.

You can use NAT-ed IP addresses as long as the following requirements are met:

• All the virtual machines in the system can use NAT-ed IP addresses, with the exception of the Internet

Reverse Proxy virtual machine. NAT between the Administration virtual machine and the Internet

Reverse Proxy virtual machine is not supported. The IP address of the Internet Reverse Proxy virtual machine (its real IP address) must be reachable by the Administration virtual machine through the internal network.

• The public VIP address itself does not need to be publicly visible, but it must be translatable from the Internet.

• When deploying public access, the WebEx site URL must be mapped to an Internet-visible IP address.

This Internet-visible IP address must be accessible by external users and also map to the public VIP address you configure during the system deployment.

You can choose to make the public VIP address visible from the Internet. If you choose not to make it publicly visible, then it must be translatable from the Internet.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Using NAT With Your System

In the diagram, an external user accesses the WebEx site to join or host a meeting. Following a DNS lookup, the IP address for the WebEx site is the NAT public IP address (Eth0). This NAT public IP address is for the external NAT firewall router (Firewall and NAT router 1), between the external network and the DMZ network.

The firewall router receives this request from the external user, and internally routes the request to the NAT private IP address for the router (Eth1, exposed to the DMZ network). Eth1 then sends the request to the public

VIP address (also a NAT IP address in the private networking segment for the WebEx site).

You can use NAT IP addresses for the public VIP address, and the Internet Reverse Proxy IP addresses. The only NAT public IP address is the Eth0 IP address for the NAT firewall router.

Note

To ensure this NAT firewall router (between the Internet and DMZ network) routes the incoming packet correctly, set port mapping configuration on the NAT device, or apply other similar mechanisms to ensure the packet is routed correctly to the public VIP address and the Internet Reverse Proxy.

There is usually a second internal NAT firewall router between the DMZ network and the internal network.

Similar to the external NAT firewall router, Eth0 is a DMZ NAT private IP address and is an interface to the

DMZ network. Eth1 is also a NAT private IP address that is an interface to the internal network.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Networking Changes Required For Your Deployment

Forward Proxies

You can use NAT IP addresses for the private VIP address and the Administration virtual machine IP addresses.

For more information about NAT, see http://www.cisco.com/c/en/us/tech/ip/ip-addressing-services/ tech-tech-notes-list.html

Forward Proxies

If your network topology includes forward proxies, they must meet specific requirements for the Internet

Reverse Proxy to work properly. See "Use of Forward Proxies in Your System" in the Cisco WebEx Meetings

Server Troubleshooting Guide for complete details.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Best Practices

•

Cisco WebEx Meetings Server Best Practices, page 89

Cisco WebEx Meetings Server Best Practices

The following is a list of best practices that you should refer to when configuring and maintaining your Cisco

WebEx Meetings Server system:

• Power your virtual machine hosts by using an uninterruptible power source (UPS) to minimize power interruptions. Repeated power failures can damage host systems and virtual machines.

• Always put your system into maintenance mode before shutting down a guest operating system.

• For scheduled events and other situations that require a system shutdown, gracefully shut down your virtual machines by shutting down the guest operating system.

• The system is designed to repair itself when necessary and rebooting can interrupt this process. We do not recommend that you reboot your system to fix it. If your system is in an unhealthy state, contact the

Cisco TAC. Power off your system only when instructed to do so or during scheduled events such as data center maintenance.

• Configure network redundancy to minimize network failures. Refer to "Adding a High Availability

System" in the Cisco WebEx Meetings Server Administration Guide for more information.

• Using snapshots on your virtual machines can impair system performance in ways that affect user experience even when the system is otherwise lightly loaded.

• If your system is having problems, make sure that you check your VMware VCenter environment to determine if conditions in VCenter or the network are causing the problem.

• Configure high availability to increase the probability that your system can continue to operate if a failure occurs.

• If you have a high-availability system and your secondary system fails, you can repair it by removing the existing secondary system (refer to "Removing a High Availability System" in your Cisco WebEx

Meetings Server Administration Guide) and adding a new secondary system (refer to "Adding a High

Availability System" in your Cisco WebEx Meetings Server Administration Guide). If the primary system on a high-availability system fails, you cannot repair it using this procedure. We recommend that you restore your primary system using the disaster recovery procedure and then add a new secondary system.

Until you add a new secondary system your deployment is operating without full redundancy. This

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Best Practices

Cisco WebEx Meetings Server Best Practices

procedure helps prevent unplanned outages if any of your secondary virtual machines fails. Refer to

"Using the Disaster Recovery Feature" in the Cisco WebEx Meetings Server Administration Guide for more information.

• Since your system only keeps the latest system backup on the NFS and removes previous instances every day, we recommend that you keep several recent backups on other media.

Restriction

Do not manually create files or directories in the NFS share used by Cisco WebEx

Meetings Server, as it runs various scripts on NFS files and directories. The NFS storage server must be for the exclusive use of Cisco WebEx Meetings Server.

• Use your dashboard to monitor the health status of the NFS, CPU, and storage. We recommend enabling dashboard alarms for storage and CPU.

• If you plan to use directory integration, refer to the Configuring Directory Integration section in the

"Managing Users" chapter of the Cisco WebEx Meetings Server Administration Guide for more information.

• When using Cisco WebEx Meetings Server, the related SIP trunk on CUCM in the CallManager service interface should have the Media Termination Point Required check box unchecked on the Trunk

Configuration page. See

Configuring a SIP Trunk on a Load Balance Point, on page 111

and

Configuring a SIP Trunk for an Application Point, on page 112

for more details.

• If you are running Cisco WebEx Meetings Server Release 2.0 or higher and using B-series blade servers, you are required to use SAN storage to fulfill the hard drive requirements. See

General System

Requirements, on page 1

for more information about SAN requirements.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Configuring Cisco Unified Communications

Manager (CUCM)

•

Configuring Cisco Unified Communications Manager (CUCM), page 91

•

CUCM Configuration Checklist for Multi-data Center, page 93

•

CUCM Configuration Checklist With or Without High Availability , page 93

•

Configuring CUCM in a CWMS Multi-data Center System, page 94

•

Configuring CUCM for High-Availability and Non-High-Availability Systems, page 97

•

Configuring a SIP Trunk Security Profile, page 101

•

Configuring a SIP Profile, page 103

•

CUCM Certificate Management by Using TLS, page 104

•

Configuring a SIP Trunk, page 110

•

Configuring a Route Group, page 113

•

Configuring a Route List, page 114

•

Configuring a Route Pattern, page 115

•

Configuring a SIP Route Pattern, page 115

•

CUCM Feature Compatibility and Support, page 116

Configuring Cisco Unified Communications Manager (CUCM)

To enable teleconferencing on Cisco WebEx Meetings Server you must configure one (or more) Cisco Unified

Communications Manager (CUCM) system to manage call control. Optionally you can configure a second

CUCM system for audio high availability.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

CUCM in an MDC Environment

CUCM in an MDC Environment

The CUCM configurations in a Multi-data Center (MDC) environment are the same as in a Single-data Center

(SDC) environment. Configuration parameters modified on one data center are automatically matched on the other data center.

On CUCM, the basic configurations in a Multi-data Center (MDC) environment are the same as in a Single-data

Center (SDC) environment. However, you must configure trunks to all data centers. Each data center can have a different route pattern. If you want to use more than one CUCM, each data center must have a SIP trunk to the CUCM in the other data centers for calls to transfer.

Before You Begin

Obtain your Load Balancer Point and Application Point information from your Cisco WebEx Meetings Server

Audio page. Load balancer points manage call load balancing and application points manage calls, conference flow, and feature control. Systems of different sizes have different numbers of load balancer points and application points and the numbers are not customized. Sign into your Administration site and select Settings

> Audio to see this information.

• Size (50/250/800/2000)

• High availability

• Transport type

On the Audio page, there is a SIP Configuration Table that displays load balancer point and application point information including IP addresses and ports. This table is also displayed on the Configuring Your Audio

Settings for the First Time page that appears the first time you configure your audio settings.

To make CUCM work with Cisco WebEx Meetings Server, CUCM requires the following base and specific configurations:

• Base configuration

Note

These configurations can be shared with multiple Cisco WebEx Meetings Server systems.

◦SIP trunk security profile

◦SIP profile

• Specific configuration

Note

These configurations must be made for individual Cisco WebEx Meetings Server systems and cannot be shared by multiple systems.

◦Certificate management

◦SIP trunk

◦Route group

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

CUCM Secure Teleconferencing in an MDC Environment

◦Route list

◦Route pattern

◦SIP route pattern

CUCM Secure Teleconferencing in an MDC Environment

It is not possible to import certificates from all data centers in a Multi-data Center (MDC) into a single Cisco

Unified Call Manager (CUCM) as needed to secure teleconferencing when the common name of both certificates is the same.

By default, the common name for all data centers is the global site URL of the system. However, to make the common name unique, you can generate certificates by using

Generating a Certificate Signing Request (CSR) for Version 2.6 and Higher, on page 107

for version 2.6 and higher or

Generating a Certificate Signing Request

(CSR) Version 2.5 and Lower, on page 108

for version 2.5 and earlier. Select the local site URL instead of the global site URL to be used in the common name.

Self-signed certificates generated during any system altering procedure (such as changing the site or administration URL, changing hostnames) results in a certificate that has the global site URL in the common name, so you must manually create certificates with the local site URL after this type of operation.

CUCM Configuration Checklist for Multi-data Center

The configuration checklist displays the number of each Cisco Unified Communication Manager (CUCM) configuration type that you must configure for your system with Multi-data Center (MDC).

System Size Security

Profiles

(Base

Configuration)

SIP Profiles

(Base

Configuration)

SIP Trunks

(Specific

Configuration)

Route

Groups

(Specific

Configuration)

Route Lists

(Specific

Configuration)

Route

Patterns

(Specific

Configuration)

SIP Route

Patterns

(Specific

Configuration)

250 users

800 users

2000 users with HA

CUCM Configuration Checklist With or Without High Availability

The configuration checklist displays the number of each Cisco Unified Communication Manager (CUCM) configuration type that you must configure for your Single-data Center (SDC) system with or without High

Availability (HA).

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM in a CWMS Multi-data Center System

System Size Security

Profiles

(Base

Configuration)

SIP Profiles

(Base

Configuration)

SIP Trunks

(Specific

Configuration)

50 users 2 1 2

Route

Groups

(Specific

Configuration)

Route Lists

(Specific

Configuration)

1 1

Route

Patterns

(Specific

Configuration)

SIP Route

Patterns

(Specific

Configuration)

2 1 4 1 1 N 2 50 users with HA

250 users 2

2 250 users with HA

800 users

800 users with HA

2000 users

2000 users with HA

21 N is the number of Call-In Access Numbers that you configure in Cisco WebEx Meetings Server.

Configuring CUCM in a CWMS Multi-data Center System

Typically, each site in a Multi-data Center (MDC) environment has a dedicated CUCM cluster associated with it. CUCM clusters are connected by using inter-cluster trunks (ICT). Each CUCM cluster has call-in/in-dial trunks to the local CWMS site. Session Manager Edition (SME) is supported. CWMS can be configured behind the local CUCM clusters. Each CUCM has SIP REFER trunks to all the media virtual machines in the

MDC.

For redundancy, each CUCM cluster can have INVITE trunks to all the data centers. The call-in route pattern gives priority to the INVITE trunk associated with the local data center and uses the INVITE trunk to the remote data center only upon failure.

Table 4: CUCM SIP Trunks Configured on Each CUCM Cluster

Deployment

Small

Medium

Large

INVITE Trunks - Load Balancer

(MACC)

REFER Trunks—Application Point

(TAS)

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM on a 250- or 800-user Multi-data Center System

Configuring CUCM on a 250- or 800-user Multi-data Center System

Configure Cisco Unified Communication Manager (CUCM) for 250- or 800-user Multi-data Center systems.

Typically, each data center has a local CUCM cluster.

Before You Begin

Information required:

• One load balance point IP address for each data center

• One application point IP address for each data center

• The number of call-in access numbers you will configure on your system

Procedure

Step 1

Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 101

and

Configuring a SIP Trunk Security Profile for an Application Point, on page 102

Step 2

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure a SIP profile as described in

on page 103 .

Step 3

Configure two SIP trunks for your load balance points.

See

Step 4

Configure two SIP trunks for your application points.

See

Step 5

Configure one route group by using the SIP trunk that you configured for your load balance point.

See

Step 6

Configure one route list by using the route group that you configured in the previous step.

See

Step 7

Configure N route patterns by using the above route list.

N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See

Step 8

Configure two SIP route patterns for your application points.

See

Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 101

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM on a 2000-user Multi-data Center System

Configuring CUCM on a 2000-user Multi-data Center System

Configure Cisco Unified Communication Manager (CUCM) for a 2000-user Multi-data Center (MDC) system.

Typically, each data center has a local CUCM cluster.

Before You Begin

Information required:

• Two load balance point IP addresses for each data center

• Three application point IP addresses for each data center

• The number of call-in access numbers you will configure on your system

Procedure

Step 1

Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

and

Configuring a SIP Trunk Security Profile for an Application Point, on page 102

Step 2

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure a SIP profile as described in

Configuring a SIP Trunk on a Load Balance Point .

on page 103 .

Step 3

Configure two SIP trunks for your load balance points.

See

Step 4

Configure four SIP trunks for your application points.

See

Configuring a SIP Trunk for an Application Point .

Step 5

Configure one route group by using the SIP trunk that you configured for your load balance point.

See

Configuring a Route Group

Step 6

Configure one route list by using the route group that you configured in the previous step.

See

Configuring a Route List

Step 7

Configure N route patterns by using the above route list.

N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See

Step 8

Configure four SIP route patterns for your application points.

See

Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 101

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM for High-Availability and Non-High-Availability Systems

Configuring CUCM for High-Availability and

Non-High-Availability Systems

The following sections provide a description of the tasks required to configure high-availability and non-high-availability systems of various sizes.

Configuring CUCM on 50-, 250-, and 800-User Systems Without High Availability

Configure CUCM for 50-, 250-, and 800-user systems without High Availability.

Before You Begin

Information required:

• One load balance point IP address

• One application point IP address

• The number of call-in access numbers you will configure on your system

Procedure

Step 1

Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

and

Configuring a SIP Trunk Security Profile for an Application Point, on page 102

Step 2

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure a SIP profile as described in

on page 103 .

Step 3

Configure one SIP trunk for your load balance point.

See

Step 4

Configure one SIP trunk for your application point.

See

Step 5

Configure one route group by using the SIP trunk that you configured for your load balance point.

See

Step 6

Configure one route list by using the route group that you configured in the previous step.

See

Step 7

Configure N route patterns by using the above route list.

N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See

Step 8

Configure two SIP route patterns for your application points.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring CUCM on 50-, 250-, or 800-User Systems with High Availability

Configuring Cisco Unified Communications Manager (CUCM)

See

Trunk Security Profile for a Load Balance Point,

Configuring CUCM on 50-, 250-, or 800-User Systems with High Availability

This section describes the information required and detailed instructions on how to configure CUCM for 50-,

250-, or 800-user systems with high availability.

Information Required

• Two load balance point IP addresses

• Two application point IP addresses

• The number of call-in access numbers you will configure on your system

Configuration Procedure

Perform the following steps:

Task Description

1 Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco

WebEx Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Detailed Information

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

Configuring a SIP

on page 101 and

Configuring a SIP Trunk Security

Profile for an Application Point, on page 102

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure two SIP trunks for your load balance points.

Configure two SIP trunks for your application points.

Configure one route group by using the SIP trunk that you configured for your load balance point in

Task 3, above.

Configure one route list by using the route group that you configured in Task 5, above.

Configure a SIP profile as described in

IPv6 SIP Profile, on page 103

Configuring an

See

Configuring a SIP Trunk on a Load Balance

Point .

See

Configuring a SIP Trunk for an Application

Point .

See

See

Configuring a Route Pattern .

Configure N route patterns by using the above route list. N is the number of call-in access numbers that you configured in your audio settings on the

Administration site.

See

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM on a 2000-User System without High Availability

Task Description

8 Configure two SIP route patterns for your application points.

Detailed Information

See

Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 101

Configuring CUCM on a 2000-User System without High Availability

Configure Cisco Unified Communication Manager (CUCM) for a 2000-user system without High Availability.

Before You Begin

Information required:

• Two load balance point IP addresses

• Three application point IP addresses

• The number of call-in access numbers you will configure on your system

Procedure

Step 1

Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

and

Configuring a SIP Trunk Security Profile for an Application Point, on page 102

Step 2

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure a SIP profile as described in

on page 103 .

Step 3

Configure two SIP trunks for your load balance point.

See

Step 4

Configure three SIP trunks for your application point.

See

Step 5

Configure one route group by using the SIP trunk that you configured for your load balance point.

See

Step 6

Configure one route list by using the route group that you configured in the previous step.

See

Step 7

Configure N route patterns by using the above route list.

N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See

Step 8

Configure two SIP route patterns for your application points.

See

Configuring a SIP Trunk Security Profile for a Load Balance Point, on page 101

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring CUCM on a 2000-User System with High Availability

What to Do Next

Configuring CUCM on a 2000-User System with High Availability

Configure Cisco Unified Communication Manager (CUCM) for a 2000-user system with High Availability.

Before You Begin

Information required:

• Two load balance point IP addresses

• Four application point IP addresses

• The number of call-in access numbers you will configure on your system

Procedure

Step 1

Review the existing SIP trunk security profile and determine whether or not it satisfies your Cisco WebEx

Meetings Server setup requirement. If it does not, configure two SIP trunk security profiles.

Add a SIP trunk security profile for your load balance point and add a SIP trunk security profile for your application point. See

and

Configuring a SIP Trunk Security Profile for an Application Point, on page 102

Step 2

Review the existing SIP profile and determine whether or not it satisfies your Cisco WebEx Meetings Server setup requirement. If it does not, configure one SIP profile.

Configure a SIP profile as described in

Configuring a SIP Trunk on a Load Balance Point .

on page 103 .

Step 3

Configure two SIP trunks for your load balance points.

See

Step 4

Configure four SIP trunks for your application points.

See

Configuring a SIP Trunk for an Application Point .

Step 5

Configure one route group by using the SIP trunk that you configured for your load balance point.

See

Configuring a Route Group

Step 6

Configure one route list by using the route group that you configured in the previous step.

See

Configuring a Route List

Step 7

Configure N route patterns by using the above route list.

N is the number of call-in access numbers that you configured in your audio settings on the Administration site. See

Step 8

Configure two SIP route patterns for your application points.

See

Generating a Certificate Signing Request (CSR) for Version 2.6 and Higher

100

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Trunk Security Profile

What to Do Next

Configuring a SIP Trunk Security Profile

Configuring a SIP Trunk Security Profile for a Load Balance Point

Before You Begin

If your Cisco WebEx Meetings Server system is configured for TLS, you must import a secure teleconferencing certificate. For more information refer to the "Importing Secure Teleconferencing Certificates" section in the

Cisco WebEx Meetings Server Administration Guide at http://www.cisco.com/c/en/us/support/conferencing/ webex-meetings-server/products-installation-guides-list.html

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select System > Security > SIP Trunk Security Profile.

Step 4

Select Add New.

Step 5

Configure the following fields.

• Name—Enter a name to identify your SIP trunk security profile.

• Device Security Mode—Select No Secure if you want CUCM to communicate with Cisco WebEx

Meetings Server by using UDP/TCP. Select Encrypted if you want CUCM to communicate with Cisco

WebEx Meetings Server by using TLS.

• X.509 Subject Name— Enter your certificate name if you want CUCM to communicate with Cisco

WebEx Meetings Server by using TLS.

Note

If you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS, a different Cisco WebEx Meetings Server system cannot share the same SIP Trunk Security

Profile because each system must have a different certificate. Obtain the Cisco WebEx Meetings

Server certificate name from the Administration site. For more information refer to "Managing

Certificates" in the Administration Guide.

• Incoming Port— Enter 5060 if you want CUCM to communicate with Cisco WebEx Meetings Server using UDP/TCP. Enter 5061 if you want CUCM communicates Cisco WebEx Meetings Server using

TLS.

Note

Do not configure any of the other fields on the page; leave the default settings.

Step 6

Select Save.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

101

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Trunk Security Profile for an Application Point

Configuring a SIP Trunk Security Profile for an Application Point

Before You Begin

Cisco WebEx Meetings Server Administration Guide at http://www.cisco.com/c/en/us/support/conferencing/ webex-meetings-server/products-installation-guides-list.html

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select System > Security > SIP Trunk Security Profile.

Step 4

Select Add New.

Step 5

Configure the following fields:

• Name—Enter a name to identify your SIP trunk security profile.

• Device Security Mode—Select Non Secure if you want CUCM to communicate with Cisco WebEx

Meetings Server by using UDP/TCP. Select Encrypted if you want CUCM to communicate with Cisco

WebEx Meetings Server by using TLS.

• X.509 Subject Name— Enter your certificate name if you want CUCM to communicate with Cisco

WebEx Meetings Server by using TLS.

Note

If you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS, a different Cisco WebEx Meetings Server system cannot share the same SIP Trunk Security

Profile, because each system must have a different certificate. Obtain the Cisco WebEx Meetings

Server certificate name from the Administration site. For more information refer to "Managing

Certificates" in the Administration Guide.

• Incoming Port— Enter 5062 if you want CUCM to communicate with Cisco WebEx Meetings Server by using UDP/TCP. Enter 5063 if you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS.

Note

Do not configure any of the other fields on the page; leave the default settings.

Step 6

Select Save.

102

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Profile

Configuring a SIP Profile

Configuring a Standard SIP Profile

The standard Session Initiation Protocol (SIP) profile uses the default settings and requires no additional configuration steps.

Configuring a TLS SIP Profile

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Device > Device Settings > SIP Profile.

Step 4

Select Add New.

Step 5

Configure the following fields:

• Name—Enter a name for your SIP profile.

• Redirect by Application—Select the check box.

Do not configure any of the other fields on the page; leave the fields with their default settings.

Step 6

Select Save.

Configuring an IPv6 SIP Profile

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Device > Device Settings > SIP Profile.

Step 4

Select Add New.

Step 5

Configure the following fields:

• Name—Enter a name for your SIP profile.

• Enable ENAT—Select the check box.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

103

Configuring Cisco Unified Communications Manager (CUCM)

CUCM Certificate Management by Using TLS

Do not configure any of the other fields on the page; leave the fields with their default settings.

Step 6

Select Save.

CUCM Certificate Management by Using TLS

If you want Cisco Unified Communications Manager (CUCM) to communicate with Cisco WebEx Meetings

Server (CWMS) by using TLS, you must perform the following actions:

• Obtain a CWMS certificate from the Administration site and upload it to CUCM.

Note

If CWMS uses third-party certificates, then all certificates in the certificate chain must be uploaded to CUCM.

• Download your CUCM certificate and then upload it to CWMS Administration site.

Note

If CUCM uses third-party certificates, then only the last certificate in the certificate chain (Root Certificate Authority (CA) certificate) must be uploaded to CWMS.

If you use TLS to connect all the data centers in a Multi-data Center (MDC) system to the same CUCM,

CWMS cannot use the common site URL for the certificate common name. You must use each data center local site URL for each certificate common name, because the CUCM 10.5 and older versions treat multiple certificates with a common name as same certificate. If the names are not different, the second data center certificate replaces the first data center certificate after uploading the second data center certificate into CUCM.

Refer to "Managing Certificates" in the Administration Guide for more information. See http://www.cisco.com/ en/US/products/ps12732/prod_installation_guides_list.html

for more details.

Uploading Cisco WebEx Meetings Server Certificates

Procedure

Step 1

Download and export your Cisco WebEx Meetings Server certificate.

a) Sign in to the Cisco WebEx Meetings Server Administration site.

b) Select Settings > Security > Certificates.

c) Copy the certificate name from the SSL Certificate section.

d) Select More Options > Export SSL certificate.

104

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Installing a Third-Party CUCM Certificate

e) Save your certificate to your local hard drive.

Step 2

Unified Communications Manager server.

Step 3

Select Cisco Unified OS Administration.

Step 4

Select Security > Certificate Management.

Step 5

Select Upload Certificate/Certificate Chain.

Step 6

Select CallManager-trust in the Certificate name drop-down menu.

Step 7

Select Browse button and select the certificate that you saved to your local hard drive.

Step 8

Select Upload File.

The system displays a "Success: Certificate Uploaded" message.

Step 9

(Optional) If Cisco WebEx Meetings Server uses self-signed certificates, repeat steps 4 through 8 to upload the intermediate certificate and the root certificate authority (CA) certificate from certificate chain.

Step 10 Select Close.

What to Do Next

For more information about certificates, refer to the "Managing Certificates" section in the Administration

Guide at http://www.cisco.com/en/US/products/ps12732/prod_installation_guides_list.html

Installing a Third-Party CUCM Certificate

This procedure explains how to upload a third-party certificate to your Cisco WebEx Meetings Server.

Before You Begin

• Generate a Certificate Signing Request (CSR) and send it to a third part certificate authority to apply for certificates. See

for version 2.6 and higher or

Generating a Certificate Signing Request (CSR) Version 2.5 and Lower, on

page 108 for version 2.5 and earlier for instructions.

• The certificate authority sends you a certificate chain that can have the following:

◦Certificate 1 (user) - issued to a user entity by an intermediate certificate authority.

◦Certificate 2 (intermediate) - issued to an intermediate certificate authority by a root certificate authority.

◦Certificate 3 (Root CA) - issued by the root certificate authority.

• When you receive multiple certificates in a certificate chain, concatenate the three certificates into one file, with the user certificate first.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

105

Configuring Cisco Unified Communications Manager (CUCM)

Downloading CUCM Certificates

Procedure

Step 1

Import your third-party certificate file into your Cisco WebEx Meetings Server as described in the Cisco

WebEx Meetings Server Administration Guide at http://www.cisco.com/en/US/products/ps12732/prod_ installation_guides_list.html

Step 2

Unified Communications Manager server.

Step 3

Select Cisco Unified OS Administration.

Step 4

Select Security > Certificate Management.

Step 5

Select Upload Certificate/Certificate Chain.

Step 6

Select CallManager-trust in the Certificate name drop-down menu.

Step 7

Select Browse button and select the Root Certificate Authority (CA) certificate that you saved to your local hard drive.

This is the last, self-signed certificate from the verification chain, which is used to verify the

CallManager.pem

certificate.

Note

You can obtain the Root CA certificate from a certificate authority directly, at the same time the

CallManager.pem

certificate is created.

Step 8

Select Upload File.

Wait for your system to indicate "Success: Certificate Uploaded."

Step 9

Select Close.

What to Do Next

For more information about certificates, refer to the Managing Certificates section in the Cisco WebEx Meetings

Server Administration Guide at http://www.cisco.com/en/US/products/ps12732/prod_installation_guides_ list.html

Downloading CUCM Certificates

This procedure is required only if CUCM uses self-signed certificates. If CUCM uses third party certificates, you should upload only the last certificate (Root CA certificate) in the certificate chain to your Cisco WebEx

Meeting Server. Contact your Certificate Authority (CA) for information on how to obtain a Root CA certificate.

Refer to your CUCM documentation for more information on generating CUCM certificates.

106

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Generating a Certificate Signing Request (CSR) for Version 2.6 and Higher

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified OS Administration.

Step 3

Select Security > Certificate Management.

Step 4

Search for the certificate in "Certificate Name" field for the certificate with name "CallManager". Select the

".PEM File" field.

Step 5

Select Download to save the CUCM certificate

CallManager.pem

on your local hard drive.

What to Do Next

For more information on uploading CUCM certificates to Cisco WebEx Meetings Server, refer to "Managing

Certificates" in the Administration Guide. See http://www.cisco.com/en/US/products/ps12732/products_installation_and_configuration_guides_list.html

Generating a Certificate Signing Request (CSR) for Version 2.6 and Higher

The hashing method used to generate Certificate Signing Request (CSR) and private key for SSL certificates in CWMS 2.5 and above uses SHA2 (SHA256).

Procedure

Step 1

In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system.

Step 2

Select Settings > Security > Certificates > Certificates on CWMS System.

On a Multi-data Center system, continue with Certificates on CWMS System or Certificates on Datacenter

Step 3

Select Generate CSR for the desired type of CSR.

On November 1, 2015, Certification Authorities (e.g. VeriSign, GoDaddy, and so forth) will stop issuing certificates for internal domain names (e.g. domain.local , domain.internal). Before CWMS version 2.0MR9, you could upload only a single SSL certificate with Subject Alternative Names for all components in the deployment, but this requires you to purchase expensive SAN SSL certificates for a complete solution. As of

CWMS version 2.5MR5 you can purchase on WebEx Site URL SSL a certificate from Certification Authority for use on IRP servers, and use Self-signed SSL certificates for the internal network virtual machines.

Step 4

Complete the fields on the Generate CSR (Certificate Signing Request) page.

Option Description

Common Name

Select Local Site URL certificate, Global Site URL certificate, or Wildcard certificate.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

107

Configuring Cisco Unified Communications Manager (CUCM)

Generating a Certificate Signing Request (CSR) Version 2.5 and Lower

Option Description

Subject Alternative Names

This option appears only if you select Subject

Alternative Name for your Common Name type.

Your administration site and virtual machine names. No subject alternative names are required if you selected a wildcard common name.

Organization

Enter the organization name.

Department

Enter the department name.

City

Enter the city.

State/Province

Enter the state or province.

Country

Select the country.

Key Size

Select the key size.2048.

Hash Algorithm

Select the Hash Algorithm SHA256.

Step 5

Select Generate CSR.

The Download CSR dialog box appears.

Step 6

Select Download.

You receive a ZIP file that contains the CSR and the associated private key. The CSR file is called csr.pem

and the private key file is called csr_private_key.pem

Step 7

Back up your system by using VMware Data Recovery or VMware vSphere Data Protection. See Creating a

Backup by Using VMware vCenter .

Backing up your system preserves the private key if it becomes necessary to restore it.

Generating a Certificate Signing Request (CSR) Version 2.5 and Lower

The hashing method used to generate Certificate Signing Request (CSR) and private key for SSL certificates in CWMS 2.0 and earlier versions use SHA1. CWMS 2.5 and above uses SHA2 (SHA256).

Both internal and external application certificates and CSRs have the following options:

• Key types:

◦RSA

◦EC

• For RSA key type key length is 2048.

• RSA Hash algorithms:

108

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Generating a Certificate Signing Request (CSR) Version 2.5 and Lower

◦SHA1

◦SHA224

◦SHA256

◦SHA384

◦SHA512

• Key sizes and hash algorithms for EC certificates:

◦Key size 256:

◦SHA256

◦SHA384

◦SHA512

◦Key size 384:

◦SHA384

◦SHA512

◦Key size 512:

◦SHA512

External and Internal certificates must be the same type. The external certificate depends on the internal certificate. For example, if a system has an RSA Internal certificate then the Generate External Self-signed page has just one Key type option, RSA (same as the external certificate key type). You cannot generate or upload external certificates with a different key type than the installed internal key type.

Procedure

Step 1

In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system.

Step 2

Select Settings > Security > Certificates > Certificates on CWMS System.

On a Multi-data Center system, continue with Certificates on CWMS System or Certificates on Datacenter

Step 3

Select Generate CSR for the desired type of CSR.

On November 1, 2015, Certification Authorities (e.g. VeriSign, GoDaddy, and so forth) will stop issuing certificates for internal domain names (e.g. domain.local, domain.internal). Before CWMS version 2.0MR9, you could upload only a single SSL certificate with Subject Alternative Names for all components in the deployment, but this requires you to purchase expensive SAN SSL certificates for a complete solution. As of

Step 4

Complete the fields on the Generate CSR (Certificate Signing Request) page.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

109

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Trunk

Option

Common Name

Description

Select Local Site URL certificate, Global Site URL certificate, or Wildcard certificate.

Subject Alternative Names

This option appears only if you select Subject

Alternative Name for your Common Name type.

Your administration site and virtual machine names. No subject alternative names are required if you selected a wildcard common name.

Organization

Enter your organization name.

Department

Enter your department name.

City

Enter your city.

State/Province

Enter your state or province.

Country

Select your country.

Key Size

Select the key size 2048.

Step 5

Select Generate CSR.

The Download CSR dialog box appears.

Step 6

Select Download.

You receive a ZIP file that contains the CSR and the associated private key. The CSR file is called csr.pem

and the private key file is called csr_private_key.pem

Step 7

Back up your system by using VMware Data Recovery or VMware vSphere Data Protection. See Creating a

Backup by Using VMware vCenter .

Backing up your system preserves the private key if it becomes necessary to restore it.

Configuring a SIP Trunk

Note

When deploying a 2000-user system with High Availability (HA) and multiple load balance and application points, each load balancer and application point in the CWMS solution should have a dedicated SIP trunk; multiple destination IP addresses within the same SIP trunk is not supported.

110

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Trunk on a Load Balance Point

Configuring a SIP Trunk on a Load Balance Point

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Device > Trunk.

Step 4

Select Add New.

Step 5

On the Trunk Type drop-down menu, select SIP Trunk.

Note

Do not change any other fields on this page; leave the parameters at their default settings.

Media Termination Point Required should be unchecked on the Trunk Configuration page when

CUCM is communicating with Cisco WebEx Meeting Server. If you are not using Cisco WebEx

Meetings Server with CUCM SIP audio, select Media Termination Point Required when providing telephony services by using a third-party PBX infrastructure.

Step 6

Select Next.

Step 7

Configure the following fields:

• Device Name—Enter a name for the SIP trunk.

• Device Pool—Select an appropriate device pool from the drop-down menu.

To determine which Cisco Unified Communications Manager Group has been configured on that device pool, select System > Device Pool menu. To verify which Cisco Unified Communications Managers are part of this group, select System > Cisco Unified CM Group.

Note

Record the IP addresses of the primary and secondary server. These IP addresses are entered when you configure your audio settings in Cisco WebEx Meetings Server. See "Configuring

Your Audio Settings for the First Time" in the Administration Guide for more details. See Cisco

WebEx Meetings Server Install and Upgrade Guides .

• Destination Address—Enter your load balance point IPv4 address. Refer to the SIP Configuration table on your Administration Site Audio page for the IP address.

• Destination Address IPv6—Enter your load balance point IPv6 address if you want to enable IPv6 between CUCM and Cisco WebEx Meetings Server.

• Destination Port—Enter 5060 if you want CUCM to communicate with Cisco WebEx Meetings Server using UDP/TCP. Enter 5061 if you want CUCM to communicate with Cisco WebEx Meetings Server using TLS.

• SIP Trunk Security Profile—Select your load balance point's security profile from the drop-down menu.

• SIP Profile—Select Standard SIP Profile if you want CUCM to communicate with Cisco WebEx

Meetings Server using UDP/TCP. Select TLS SIP Profile if you want CUCM to communicate with

Cisco WebEx Meetings Server using TLS. Select IPv6 SIP Profile if you want to enable IPv6 between

CUCM and Cisco WebEx Meetings Server.

• Calling Search Space—Select a Calling Search Space that can call the phone numbers and route patterns configured in CUCM where you want Cisco WebEx Meetings Server to call out. Select Call Routing

> Class of Control > Calling Search Space. A calling search space consists of an ordered list of route

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

111

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a SIP Trunk for an Application Point

partitions that are typically assigned to devices or route patterns. Calling search spaces determine the partitions that calling devices search when they are attempting to complete a call. For more information, refer to "Calling Search Space Configuration" in the Cisco Unified Communications Manager

Administration Guide or "Partitions and Calling Search Spaces" in the Cisco Unified Communications

Manager System Guide.

• Rerouting Calling Search Space and Out-Of-Dialog Refer Calling Search Space—Select a Calling Search

Space and Out-Of-Dialog Refer Calling Search Space that contains the route partition that is configured for the SIP route pattern. See

Configuring a Route List, on page 114

. If it is set to < None >, then the system only routes calls to route patterns with the route partition set to < None >, so the SIP route pattern must have the route partition set to < None >. This configuration is necessary to enter meetings in Cisco

WebEx Meetings Server. For more information, refer to "Calling Search Space Configuration" in the

Cisco Unified Communications Manager Administration Guide or "Partitions and Calling Search Spaces" in the Cisco Unified Communications Manager System Guide for more information.

Note

Do not change any other fields on this page; leave the parameters at their default settings.

Step 8

Select Save.

Step 9

Select Reset and then select Reset and Restart in the popup window.

Configuring a SIP Trunk for an Application Point

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Device > Trunk.

Step 4

Select Add New.

Step 5

On the Trunk Type drop-down menu select SIP Trunk.

Note

Do not change any other fields on this page; leave the values at their default settings.

Step 6

Select Next.

Step 7

Configure the following fields:

• Device Name—Enter a name for your SIP trunk.

• Device Pool—Select Default from the drop-down menu.

• Destination Address—Enter the application server IPv4 address.

• Destination Address IPv6—Optionally enter the application server IPv6 address to enable IPv6 between

CUCM and Cisco WebEx Meetings Server.

• Destination Port—Enter 5062 if you want CUCM to communicate with Cisco WebEx Meetings Server by using UDP/TCP. Enter 5063 if you want CUCM to communicate with Cisco WebEx Meetings Server by using TLS.

112

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a Route Group

• SIP Trunk Security Profile—Select your application server security profile from the drop-down menu.

• SIP Profile—Select Standard SIP Profile if you want CUCM to communicate with Cisco WebEx

Meetings Server by using UDP/TCP. Select TLS SIP Profile if you want CUCM to communicate with

Cisco WebEx Meetings Server by using TLS. Select IPv6 SIP Profile if you want to enable IPv6 between

CUCM and Cisco WebEx Meetings Server.

• Calling Search Space—Select a Calling Search Space that can call the phone numbers and route patterns configured in CUCM that you want to enable Cisco WebEx Meetings Server to call. Select Call Routing

> Class of Control > Calling Search Space. A calling search space consists of an ordered list of route partitions that are typically assigned to devices or route patterns. Calling search spaces determine the partitions that calling devices search when they are attempting to complete a call. If this is set to < None

>, this will only be able to call devices or route patterns with a partition set to < None >. For more information, refer to Calling Search Space Configuration in the Cisco Unified Communications Manager

Administration Guide or Partitions and Calling Search Spaces in the Cisco Unified Communications

Manager System Guide.

Note

Do not change any other fields on this page; leave the values at their default settings.

Leave the Media Termination Point Required check box deselected on the Trunk Configuration page when CUCM is communicating with Cisco WebEx Meeting Server. If you are not using Cisco

WebEx Meetings Server with CUCM SIP audio, you can select the Media Termination Point

Required check box when providing telephony services using a third-party PBX infrastructure.

Step 8

Select Save.

Step 9

Select Reset and then select Reset and Restart in the pop-up window.

You must reset the SIP trunk to complete the configuration.

Configuring a Route Group

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Call Routing > Route/Hunt > Route Group.

Step 4

Select Add New.

Step 5

Configure the following fields

• Route Group Name—Enter a name for your route group.

• Distribution Algorithm. Select Circular in drop-down menu.

Note

By selecting Circular, you enable CUCM to distribute a call to idle or available users starting from the (N+1)th member of a route group, where the Nth member is the member to which

CUCM most recently extended a call. If the Nth member is the last member of a route group,

CUCM distributes a call starting from the top of the route group.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

113

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a Route List

• Find Devices to Add to Route Group—Select SIP trunk of Load Balance Point in the Available Devices list. Then select Add to Route Group.

Note

Do not change any other fields on this page. Leave them at their default settings.

Step 6

Select Save.

What to Do Next

Create a route list for your route group. Proceed to

Configuring a Route List

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Call Routing > Route/Hunt > Route List.

Step 4

Select Add New.

Step 5

Configure the following fields

• Name—Enter a name for your route list.

• Cisco Unified Communications Manager Group—Select Default in drop-down menu.

Note

Do not change any other fields on this page; leave the fields at their default settings.

Step 6

Select Save.

Step 7

Select Add Route Group.

The Route List Detail Configuration page appears.

Step 8

Select the previously configured route group from Route Group drop-down menu and select Save.

The Route List Configuration page appears.

Step 9

Select Save.

What to Do Next

Configure a route pattern for your route list. Proceed to

Configuring a Route Pattern, on page 115

114

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Configuring a Route Pattern

Configuring a Route Pattern

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Call Routing > Route/Hunt > Route Pattern.

Step 4

Select Add New.

Step 5

Configure the following fields

• Route Pattern—Enter a name for your route pattern.

Note

Add a route pattern for each Blast Dial group. Record this name because you must enter it on the Administration Settings > Audio > Blast Dial Group page when you create a Blast Dial group.

• Route Partition—Select a route partition that is accessible by phones or devices that can call Cisco

WebEx Meetings Server. If this set to < None > any device configured in CUCM would be able to call

Cisco WebEx Meetings Server. For more information, refer to "Calling Search Space Configuration" in the Cisco Unified Communications Manager Administration Guide or "Partitions and Calling Search

Spaces" in the Cisco Unified Communications Manager System Guide.

• Gateway/Route List—Select the previously configured route list from the drop-down menu.

Note

Do not change any other fields on this page; leave these fields at their default settings.

Step 6

Select Save.

Configuring a SIP Route Pattern

Procedure

Step 1

Unified Communications Manager server.

Step 2

Select Cisco Unified CM Administration.

Step 3

Select Call Routing > SIP Route Pattern.

Step 4

Select Add New.

Step 5

Configure the following fields

• Route Partition—Select a route partition that is included in the calling search space that is configured as the Rerouting Calling Search Space from the section "Configuring a SIP Trunk for an Application

Point" above. If this set to < None > then the Rerouting Calling Search Space configured for the SIP trunk for an application point must be set to < None >. For more information refer to "Calling Search

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

115

Configuring Cisco Unified Communications Manager (CUCM)

CUCM Feature Compatibility and Support

Space Configuration" in the Cisco Unified Communications Manager Administration Guide or "Partitions and Calling Search Spaces" in the Cisco Unified Communications Manager System Guide.

• Pattern Usage—Select IP Address Routing.

• IPv4 Pattern—Enter the application point IP address. Refer to the SIP Configuration table on your

Administration Site Audio page the IP address.

• SIP Trunk—Select the previously configured SIP trunk for the application point from the drop-down menu.

Note

Do not change any other fields on this page; leave these fields at their default settings.

Step 6

Select Save.

CUCM Feature Compatibility and Support

CUCM Feature Compatibility

Cisco WebEx Meetings Server (CWMS) supports Cisco Unified Call Manager (CUCM) 8.6 or 9.0 without

TLS/SRTP, and CUCM 9.1, 10.0, 10.5, 11.0(1a), or 11.5(1)SU1.

Important

TLS connections between CUCM and CWMS fail with releases of CUCM that do not support certificates that are signed with a signature algorithm SHA256 with RSA encryption.

Upgrade CUCM to a version that supports this signature algorithm or obtain a third-party certificate that is signed with SHA1 with RSA encryption. According to the latest National Institute of Standards and

Technology (NIST) recommendation, SHA1 should no longer be used for digital signature generation as this has a security vulnerability.

The following table provides feature compatibility for the supported versions of CUCM. Cisco WebEx

Meetings Server system capacity is not affected by any of your configuration choices.

Note

CWMS does not support any unlisted CUCM versions or other third-party SIP proxy management applications.

Table 5: Feature Compatibility for the Supported Versions of CUCM

Feature

Call out (IPv6)

Call in (IPv6)

TLS/SRTP

Pre-Conditions/Remarks

Configure CWMS with IPv6 addresses during the installation process.

Configure CWMS system security certificates.

116

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

CUCM Feature Compatibility and Support

Feature

RFC2833

KPML

Keepalive—CWMS sending

Keepalive—CWMS receiving

Quality of Service

TCP

TLS

UDP

Self-signed certificates

Third-party certificates

Pre-Conditions/Remarks

Select this option during CUCM SIP trunk configuration.

Performed by using the SIP OPTIONS message.

Control packets.

Make sure that your default ports are: 5060 for conferencing load balance points; 5062 for conferencing application points.

Make sure that your default ports are: 5061 for conferencing load balance points; 5063 for conferencing application points.

Make sure that your default ports are: 5060 for conferencing load balance points; 5062 for conferencing application points.

n/a n/a

Supported Telephony Call Features

Note

The CUCM 9.0 software that is part of the BE6K (Business Edition 6000) product is supported by CWMS.

• Call hold

• Call un-hold

• Caller ID display on EP

• Calling name display on EP

• Call transfer (IPv4 to IPv4)

• Call transfer (IPv6 to IPv4)

• Call transfer (IPv4 to IPv6)

• Call transfer (IPv6 to IPv6)

Telephony Media Features

CWMS supports participants with G.711, G.722, and G.729 codecs at the same time. Changing your codec configuration does not affect system performance. Packet sizes supported on CWMS:

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

117

Configuring Cisco Unified Communications Manager (CUCM)

Audio Endpoint Compatibility

• 10, 20, or 30ms for g.711 audio codecs

• 20ms for g.722 audio codec

• 10, 20, 30, 40, 50, or 60ms for g.729 audio codecs

Feature

Noise Compression

Comfort noise

Echo cancellation

Packet loss concealment

Automatic gain control

Quality of Service

G.711

Yes

G.722

Yes

G.729

Yes

Note

All custom audio prompts, including Blast Dial prompts, are: 8KHz, 16-bit, 64kbps, momo, CCITT u-law

(G.711).

Audio Endpoint Compatibility

You can use any standards-based audio endpoint that connects to Cisco Unified Communications Manager to join a WebEx meeting. The supported audio endpoints include the Cisco IP Phones, Telepresence endpoints, and PSTN devices such as mobile phones and land line phones. Many audio endpoints support audio and video connectivity. However, only audio connectivity to the Cisco WebEx Meetings Server is supported.

To permit users from outside the organization to join WebEx meetings by using PSTN devices, your company must deploy Analog-to-VoIP Gateways, such as Cisco Integrated Service Routers (ISR). The IP phones listed below have been tested with Cisco WebEx Meetings Server:

• Cisco 7960

• Cisco 7970

• Cisco 7971

• Cisco 7940

• Cisco 9951

• Cisco 9971

• Cisco 7980 (Tandberg)

• Cisco 7975

• Cisco E20

• Cisco Telepresence (CTS 1100)

• Cisco IP Communicator

118

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Configuring Cisco Unified Communications Manager (CUCM)

Audio Endpoint Compatibility

• Lifesize video phone

• Tandberg 1000

• Tandberg 1700

• Polycom

• Cisco Cius

• C20

• EX 60

• EX 90

Other Cisco UC-compatible endpoints should also operate normally. For a list of Cisco Unified IP Phones supported by Cisco Unified Communications Manager and the Device Packs available for each model, see

Cisco Unified IP Phone Feature and Cisco Unified Communications Manager Device Pack Compatibility

Matrix .

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

119

Audio Endpoint Compatibility

Configuring Cisco Unified Communications Manager (CUCM)

120

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

C H A P T E R

Downloading and Mass Deploying Applications

Use of this product requires additional applications that must be downloaded to your users' computers.

•

About Application Downloads, page 121

•

Downloading Applications from the Administration Site, page 122

•

Contents of the Application ZIP Files, page 123

•

Mass Deployment of Cisco WebEx Productivity Tools, page 126

•

Mass Deployment of the Meetings Application, page 132

•

Mass Deployment of the Network Recording Player, page 136

•

Reconfiguring Settings After Performing an Update, page 140

About Application Downloads

You can mass-deploy CWMS applications by using the tools available to you on the Administration site. The applications available for download include are:

• WebEx Meetings Application—The core application for scheduling, attending, or hosting meetings.

Running the WebEx Meetings application on a virtualized operating system is not supported.

If a user does not have the WebEx Meetings application installed, the first time a user joins a meeting it is downloaded to the PC. This can be configured to be done on-demand or silently. The user has the option of using the Cisco WebEx Meetings application for the duration of the meeting and having it removed when the meeting is over or performing an installation of the application to speed up the process of starting or joining future meetings. This might fail because the user does not have administrator privileges.

• WebEx Productivity Tools—Provides an interface between other applications, such as Microsoft

™

Outlook

, allowing the management of meetings through those applications.

After an update or upgrade to a system, any old versions of WebEx Productivity Tools should be removed and the latest version installed.

• WebEx Network Recording Player—Plays back the recordings of meetings. This can include any material displayed during the meeting.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

121

Downloading and Mass Deploying Applications

Downloading Applications from the Administration Site

In CWMS the .MSI installer for the applications is available from the Admin > Settings > Downloads page.

See "Downloading Applications from the Administration Site" in the CWMS Planning Guide for more information.

We recommend that you push the applications to user computers offline, before you inform those end-users that accounts have been created for them. This ensures that your users can start and join meetings and play network recordings the first time they sign in.

Where users have administrator privileges, you can enable users to download the applications from the end-user

Downloads page and install the applications themselves. No additional administrator action is required.

When upgrading to Cisco WebEx Meetings Server Release 1.5MR3 or later in a locked-down environment where user PCs do not have administrator privileges, before you start the upgrade procedure push the new version of the WebEx Meetings application to all user PCs.

Downloading Applications from the Administration Site

You can configure your system so that administrators can push Cisco WebEx desktop applications to users or you can enable users to perform their own downloads.

Procedure

Step 1

In a Multidata Center system, the DNS determines which data center Dashboard appears. Use this Dashboard to manage all the data centers in this system.

Step 2

Select Settings > Downloads.

Step 3

Select your download method:

• Permit users to download WebEx desktop applications.

Use this option to allow users who have administrator permissions for their PCs to manage the conferencing applications.

• Manually push WebEx desktop applications to user's desktop.

Use this option to enable conferencing for users who do not have administrator permissions for their

PCs.

If you selected this option the window is expanded to show the Cisco WebEx Meetings, Productivity

Tools, and Network Recording Player sections.

Step 4

(Optional) Select Auto update WebEx Productivity Tools to configure periodic, automatic updates of the

WebEx Productivity Tools. (Default: checked.)

Step 5

If you selected Manually push WebEx desktop applications to user’s desktop: a) In the WebEx Meetings section select Download and save the ZIP file to your system.

b) In the Productivity Tools section, select Download and save the ZIP file to your system.

c) In the WebEx Network Recording Player section select Download and save the ZIP file to your system.

Step 6

Select Save to save your Download settings.

This is especially important if you are permitting users to download WebEx desktop applications.

Step 7

(Optional) If you selected Manually push WebEx desktop applications to user’s desktop: a) Unzip the downloaded files.

122

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Contents of the Application ZIP Files

b) Open the ZIP file.

Each ZIP file contains the application installer for all supported languages. See

Contents of the Application

ZIP Files, on page 123

for information on the installer recommended for use.

c) Select the installer for your platform and language, and extract it to a local directory folder.

The ZIP file contains MSI installers for the Windows platform in all available languages.

The Productivity Tools and Meetings Application version that aligns with each version Cisco WebEx Meeting

Server can be found at

Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on

page 185 .

What to Do Next

Deploy the MSI installers as described in this chapter.

Contents of the Application ZIP Files

The ZIP files contain one installer application per language.

Application Language Key

The English application installer file in each ZIP file is without a language suffix. The application installer file for each of the other languages contains an abbreviation in the filename that indicates the language of the application it contains. The table lists the abbreviation used for each language:

Abbreviation Language

Traditional Chinese

German

Latin American Spanish

French

Simplified Chinese

Italian

Japanese

Korean

Dutch

Portuguese

Russian

Spanish

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

123

Downloading and Mass Deploying Applications

Productivity Tools ZIP File Contents

Productivity Tools ZIP File Contents

The Productivity Tools ZIP file contains the following files. Use the key in the Application Language Key table to determine the language of each file. Note that there is no Mac version of the Productivity Tools.

• ptools.msi

• ptools_B5.msi

• ptools_DE.msi

• ptools_ES.msi

• ptools_FR.msi

• ptools_GB.msi

• ptools_IT.msi

• ptools_JP.msi

• ptools_KO.msi

• ptools_NL.msi

• ptools_PT.msi

• ptools_RU.msi

• ptools_SP.msi

WebEx Meetings Client ZIP File Contents

Use the key in the

Application Language Key, on page 123

to determine the language of the application contained in each Zip file.

Version 2.7 and later

webexmc.msi.msi

Version 2.6 and earlier

onpremmc.msi

webexmc_allinone.msi

webexmc.msi_B5.msi

webexmc.msi_DE.msi

webexmc.msi_ES.msi

webexmc.msi_FR.msi

webexmc.msi_GB.msi

webexmc.msi_IT.msi

onpremmc_B5.msi

onpremmc_DE.msi

onpremmc_ES.msi

onpremmc_FR.msi

onpremmc_GB.msi

onpremmc_IT.msi

onpremmc_JP.msi

124

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Network Recording Player ZIP File Contents

Version 2.7 and later

webexmc.msi_JP.msi

webexmc.msi_KO.msi

webexmc.msi_NL.msi

webexmc.msi_PT.msi

webexmc.msi_RU.msi

webexmc.msi_SP.msi

webexmc_onprem.dmg (for Mac)

Version 2.6 and earlier

onpremmc_KO.msi

onpremmc_NL.msi

onpremmc_PT.msi

onpremmc_RU.msi

onpremmc_SP.msi

webexmc_onprem.dmg (for Mac)

Network Recording Player ZIP File Contents

Network Recording Player is only available for download and mass deployment if you have selected Permit

users to download WebEx desktop applications on the Downloads page. Refer to Configuring Your Download

Settings in the Cisco WebEx Meetings Server Administration Guide for more information.

The Network Recording Player ZIP file contains the following files. Use the key in the Application Language

Key table to determine the language of each file.

• nbr2player_onprem.msi

• nbr2player_onprem_B5.msi

• nbr2player_onprem_DE.msi

• nbr2player_onprem_ES.msi

• nbr2player_onprem_FR.msi

• nbr2player_onprem_GB.msi

• nbr2player_onprem_IT.msi

• nbr2player_onprem_JP.msi

• nbr2player_onprem_KO.msi

• nbr2player_onprem_NL.msi

• nbr2player_onprem_PT.msi

• nbr2player_onprem_RU.msi

• nbr2player_onprem_SP.msi

• webexnbrplayer_intel.dmg (for Mac)

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

125

Downloading and Mass Deploying Applications

Mass Deployment of Cisco WebEx Productivity Tools

Mass Deployment of Cisco WebEx Productivity Tools

This section is describes the tasks involved in installing Cisco WebEx Productivity Tools by using the ptools.ms

package. Single-computer installation and large-scale installations can be accomplished by using

Microsoft Systems Management Server 2003 (SMS).

The Productivity Tools version that aligns with each version Cisco WebEx Meeting Server can be found at

Cisco WebEx Meetings Application and Productivity Tools Compatibility Matrix, on page 185

Silent Installation of Productivity Tools by Using the Command Line

Administrators can sign in to a user’s computer and install WebEx Productivity Tools using silent mode.

Before You Begin

Before installing a maintenance release or upgrading your system to a newer release, previous versions of

Cisco WebEx Productivity Tools should be uninstalled.

Procedure

Step 1

Step 2

Download the MSI package to the computer hard drive.

Step 3

Open the Windows Command prompt.

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 4

Run the MSI command to install WebEx Productivity Tools silently.

Example:

msiexec.exe /q /i "ptools.msi" SITEURL="https://sample.webex.com" OI=1 MSN=1

Parameter Name Value Description

MSN

0 (default)

Enable Outlook Integration

Disable Outlook Integration

Enable instant messenger integration for Microsoft Office

Communicator and Lync

MSN 0 (default) Disable instant messenger integration for Microsoft Office

Communicator and Lync

Step 5

Restart the computer.

126

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Silent Removal of the Productivity Tools by using the Command Line Interface

Silent Removal of the Productivity Tools by using the Command Line Interface

Administrators can sign in to a user’s computer and uninstall the Productivity Tools by using silent mode.

Procedure

Step 1

Step 2

Download the MSI package to the computer hard drive.

Step 3

Open the Windows Command prompt.

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 4

Uninstall all components of the MSI package ptools.msi by entering the command msiexec.exe /q /x

"ptools.msi".

Limitations to the Silent Installation of CWMS Applications When Using SMS

The following limitations apply when you perform a silent installation by using Microsoft Systems Management

Server 2003 (SMS):

• SMS per-user mode cannot be supported.

• If the SMS administrator wants to add a feature for WebEx Productivity Tools, the administrator must run the REMOVE command first and then run the ADDSOURCE command, even though the feature has not been installed before.

• If a user logs on to a computer with remote desktop while their administrator advertises the package, he must restart the computer to make sure WebEx Productivity Tools work normally.

• Mass deployment is possible, but each user must enter credential information.

• Before you update to a maintenance release or upgrade to a newer release, your users must uninstall

Cisco WebEx Productivity Tools . After the update or upgrade, you can manually push the Productivity

Tools to your users or users can download Productivity Tools from the Downloads page.

• If you are using Lync integration, after a silent installation your users must restart their computers to make all of the instant messenger integrations work properly.

Advertising WebEx Productivity Tools by using the SMS Per-System Unattended

After an update or an upgrade, you can use the Administration site to manually push the Productivity Tools to your users or allow users to download Productivity Tools from the end-user Downloads page.

Refer to the "Configuring Your Download Settings" section of the Cisco WebEx Meetings Server Administration

Guide for more information.

If you are the Microsoft Systems Management Server 2003 (SMS) administrator, you can advertise the Cisco

WebEx Productivity Tools using the SMS per-system unattended program.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

127

Downloading and Mass Deploying Applications

Advertising WebEx Productivity Tools by using the SMS Per-System Unattended

Procedure

Step 1

Create a package from the definition. See

Silent Installation of Productivity Tools by Using the Command

for more information.

Step 2

Change the program options for Per-system unattended before advertisement: a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Productivity Tools 2.82 > Programs.

b) Right-click Per-system unattended and select Properties to open the Per-system unattended Program

Properties dialog box.

c) Select the Environment tab.

• For the Program can run option, select Only when a user is logged on.

• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to

interact with this program.) d) Select the General tab.

e) Append an additional parameter to the command line option to specify some options for Cisco WebEx

Productivity Tools:

• SITEURL=″http://sample.webex.com″ specifies the WebEx Site URL used by your company.

• Productivity Tools flags specify which component is enabled for WebEx Productivity Tools. The parameters should be uppercase and the default value is 0 (Disabled).

In the following example, the initial command line is msiexec.exe /q ALLUSERS=2 /m MSIZWPBY

/i "ptools.msi".

• Append Productivity Tools flags and parameters to the command line: msiexec.exe /q ALLUSERS=2

/m MSIZWPBY /i "ptools.msi" SITEURL="https://sample.webex.com" OI=1 MSN=1.

Note

See the parameters table in

Line, on page 126

for parameter definitions.

Step 3

Advertise the program.

a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Productivity Tools 2.82 English > Programs.

b) Right-click Per-system unattended.

c) Select All Tasks > Distribute Software.

d) Select Next in the Distribute Program Wizard.

e) Select the SMS Server and select Next.

f) Select the collection and select Next.

g) Enter the advertisement name in the Name field and select Next.

h) Specify whether the advertisement should apply to subcollections and select Next.

i) Specify when the program will be advertised and select Next.

j) Specify whether or not to assign the program and select Next.

k) Select Finish on the Completing the Distribute Program Wizard page.

l) Navigate to the \Site Database\System Status\Advertisement Status directory and check the advertisement status.

128

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Removing Productivity Tools Components by Using the SMS Per-System Unattended Program

If you enable notification, the user will see a message indicating that the assigned program is going to run after the program has been advertised. The assigned program will run silently.

Removing Productivity Tools Components by Using the SMS Per-System

Unattended Program

Perform the following procedure to remove Productivity Tools by using Microsoft Systems Management

Server 2003 (SMS):

Procedure

Step 1

Create a new program and copy all the options from the “per-system unattended program” as described in

Advertising WebEx Productivity Tools by using the SMS Per-System Unattended, on page 127

, and then update the command line: a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Productivity Tools 2.82 > Programs.

b) Right-click the blank area and then select New > Program.

c) Enter the program name and default command line.

d) In the Properties dialog box, select the Environment tab.

• For the Program can run option, select Only when a user is logged on.

• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to

interact with this program).

e) Update the command-line on the General tab.

f) Append REMOVE to the command line and specify the features that need to be removed.

Example:

If you want to remove OI, enter the following command: msiexec.exe /q ALLUSERS=2 /m MSII5HK3

/i "ptools.msi" REMOVE="OI"

The PTIM value is for CWMS integration to instant messengers. Example: msiexec.exe /q ALLUSERS=2 /m MSII5HK3 /i "ptools.msi" REMOVE="PTIM"

Step 2

Advertise the program to the specified collection of work machines in the domain. See

Limitations to the

Silent Installation of CWMS Applications When Using SMS, on page 127

for more information.

Cisco WebEx Productivity Tools is updated on these machines silently.

Adding Productivity Tools by Using SMS Per-System Unattended

To add a component to the Productivity Tools, you must first run REMOVE and then run ADDSOURCE, even though the component has not been installed before.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

129

Downloading and Mass Deploying Applications

Adding Productivity Tools by Using SMS Per-System Unattended

Procedure

Step 1

Create a new program named

Add-phase1

, copy all the options from the “per-system unattended program,” and then update the command line: a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Productivity Tools 2.82 > Programs.

b) Right-click the blank area and then select New > Program.

c) Enter the program name and default command line.

d) On the properties dialog, select the Environment tab.

• For the Program can run option, select Only when a user is logged on.

• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to

interact with this program.) e) Update the command-line on the General tab.

f) Append REMOVE to the command line and specify the features that must be added.

Example:

If you want to add OI and PITM (the PITM value is for the WebEx integration to instant messengers), you must REMOVE them first, even if they are not already installed: msiexec.exe /q ALLUSERS=2 /m

MSII5HK3 /i "ptools.msi" REMOVE="OI,PTIM"

Step 2

Advertise the program to the specified collection of work machines in the domain. See

Limitations to the

Silent Installation of CWMS Applications When Using SMS, on page 127

for more information.

Step 3

Create a second program name, “Add-phrase2”, and copy all the options from the “per-system unattended program” and then update the command line: a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Productivity Tools 2.82 > Programs.

b) Right-click the blank area and then select New > Program.

c) Enter the program name and default command line.

d) On the properties dialog box, select the Environment tab.

• For the Program can run option, select Only when a user is logged on.

• For the Run mode option, select Run with administrative rights. (Do not turn on Allow users to

interact with this program).

e) On the properties dialog box select, the Advanced tab.

f) Turn on Run another program first and select program Add-phase1.

g) Update the command-line on the General tab.

h) Append ADDSOURCE to the command line and specify the features that need to be added.

Example:

If you want to add OI and PITM, use this sample command: msiexec.exe /q ALLUSERS=2 /m MSII5HK3

/i "ptools.msi" ADDSOURCE="OI,PTIM" OI=1 MSN=1

Step 4

Advertise the program to the specified collection of work machines in the domain. See

Limitations to the

Silent Installation of CWMS Applications When Using SMS, on page 127

for more information.

130

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program

Cisco WebEx Productivity Tools are silently updated on these machines.

Uninstalling Productivity Tools by Using the SMS Per-System Uninstall Program

The SMS administrator can uninstall Cisco WebEx Productivity Tools by using the SMS per-system uninstall program.

Procedure

Step 1

Use the SMS Installation package created in

Step 2

Advertise the per-system uninstall program to uninstall Cisco WebEx Productivity Tools.

Cisco WebEx Productivity Tools will be uninstalled on these machines silently.

Advertising the Program to Update the New Version of WebEx Productivity

Tools

Perform the following procedure to advertise the program to update to the new version of Cisco WebEx

Productivity Tools.

Before You Begin

Before you install a maintenance release or upgrade your system to a newer release, your users must uninstall

Cisco WebEx Productivity Tools running on their desktops. After the upgrade, you can use the Administration site to manually push the Productivity Tools to your users or users can download Productivity Tools from the end-user Downloads page.

• Auto update Cisco WebEx Productivity Tools

• Permit users to download WebEx desktop applications

Procedure

Step 1

Create a new SMS installation package by using the WebEx Productivity Tools MSI package.

See

Adding Productivity Tools by Using SMS Per-System Unattended, on page 129

for more information.

Step 2

Change the program options for Per-system unattended before advertisement.

See

for more information.

Step 3

Advertise the program. See

Adding Productivity Tools by Using SMS Per-System Unattended, on page 129

for more information.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

131

Downloading and Mass Deploying Applications

Creating a Package from a Definition

The old Cisco WebEx Productivity Tools are removed and the new Cisco WebEx Productivity Tools are installed silently.

Creating a Package from a Definition

Procedure

Step 1

Open the SMS Administrator Console and select Site Database > Package.

Step 2

Right-click Package.

Step 3

Select New > Package From Definition.

Step 4

On the Create Package from Definition wizard, select Next.

Step 5

Select Browse to locate and select the WebEx Productivity Tools MSI package and then select Next.

Step 6

Select Always obtain files from a source directory and then select Next.

Step 7

Select Source directory location and then select Next.

Step 8

Select Finish.

Step 9

Select Site Database > Packages > Cisco WebEx LLC Cisco WebEx Productivity Tool 2.82 English >

Programs.

There are six programs available.

Mass Deployment of the Meetings Application

This section is designed to help your organization understand the tasks involved in installing Cisco WebEx

Meetings application. This section is a comprehensive guide that covers various types of installations, including a single-computer installation and large-scale installations using Microsoft Systems Management Server 2003

(SMS).

Note

"Silent installation" means the application can be deployed silently but end-user configuration is necessary.

Installing Cisco WebEx Meetings

Before You Begin

The following prerequisites apply to the Cisco WebEx Meetings installer:

• Installing the Cisco WebEx MSI package requires administrator privileges. The MSI package is installed to the default OS Programs folder which requires administrator privileges to access.

132

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Uninstall Cisco WebEx Meetings Locally

• The Cisco WebEx MSI package is developed for Windows Installer Service 2.0 or higher. If the local machine is configured with an older version, an error message is displayed informing the user that a newer version of the Windows Installer Service is required. Upon executing the MSI package, the user is prompted with a basic MSI interface.

Procedure

Step 1

Launch the installer on the user's computer.

The installation wizard appears with an introductory message.

Step 2

Select Next in the following dialogue boxes until you reach the installation dialogue box.

Step 3

Select Install.

Step 4

Select Finish when the installation is complete.

Uninstall Cisco WebEx Meetings Locally

You can sign in to a user's computer and uninstall the Cisco WebEx Meetings application from the Control

Panel or the WebEx folder on the local hard drive.

Before You Begin

The Cisco WebEx Meetings application is installed on a user's computer.

Procedure

Step 1

Step 2

Delete the Cisco WebEx Meetings application using one of the following methods:

• Select Start > Control Panel > Programs and Features. From the list of programs, select Cisco WebEx

Meetings and then Uninstall/Change.

• Select Start > Computer > System (C:) > ProgramData folder > WebEx folder. Right-click atcliun.exe and select Delete.

Note

When you uninstall atcliun.exe from the WebEx folder, both the on-premises and cloud versions of the Cisco WebEx Meetings application are removed, if both versions of the application were saved on the user's local hard drive. However, when you uninstall the application using the Control Panel, only the on-premises version of the application is uninstalled.

The Cisco WebEx Meetings application is unistalled from the user's computer.

Silent Installation of the Meetings Application by Using the Command Line

Administrators can sign in to a user’s computer and install the WebEx Meetings application using silent mode.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

133

Downloading and Mass Deploying Applications

Silent Removal of the Meetings Application by using the Command Line Interface

Procedure

Step 1

Step 2

Download the MSI package to the computer hard drive.

Step 3

Open the Windows Command prompt.

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 4

Enter the MSI command to install Cisco WebEx Meeting Applications silently.

Example:

Enter msiexec /i onpremmc.msi /qn.

Step 5

Restart the computer.

Silent Removal of the Meetings Application by using the Command Line

Interface

Administrators can sign in to a user’s computer and uninstall the Meetings application by using silent mode.

Procedure

Step 1

Step 2

Open the Windows Command prompt.

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 3

Uninstall all components of the MSI package onpremmc.msi by entering the command msiexec/x onpremmc.msi/qn.

Limitations to the Silent Installation of CWMS Applications When Using SMS

The following limitations apply when you perform a silent installation by using Microsoft Systems Management

Server 2003 (SMS):

• SMS per-user mode cannot be supported.

• If a user logs on to a computer with remote desktop while their administrator advertises the package, he must restart the computer to make sure WebEx Productivity Tools work normally.

• Mass deployment is possible, but each user must enter credential information.

134

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Advertising CWMS by Using SMS Per-System Unattended

• Before you update to a maintenance release or upgrade to a newer release, your users must uninstall

Cisco WebEx Productivity Tools . After the update or upgrade, you can manually push the Productivity

Tools to your users or users can download Productivity Tools from the Downloads page.

• If you are using Lync integration, after a silent installation your users must restart their computers to make all of the instant messenger integrations work properly.

Advertising CWMS by Using SMS Per-System Unattended

A Microsoft Systems Management Server 2003 (SMS) administrator can advertise the availability of the

Cisco WebEx Meetings applications by using the Per-system Unattended program.

Before You Begin

Sign in to the Administration site and configure your Download settings to manually push the WebEx desktop applications to the user's computer. Refer to the Configuring Your Download Settings section of the Cisco

WebEx Meetings Server Administration Guide for more information.

Procedure

Step 1

Create a package from the definition. See

for more information.

Step 2

Change the program options for "Per-system unattended" before advertisement: a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Meeting Application English > Programs.

b) Right click the Per-system unattended option and select Properties to open the Per-system unattended

Program Properties dialog box.

c) Select the Environment tab.

• For the Program can run option, select Only when a user is logged on.

• For the Run mode option, select Run with administrative rights. Do not select Allow users to

interact with this program.

d) Select the General tab.

e) Append an additional parameter to the command line option to specify some options for the WebEx

Meetings application:

Example:

For example, the initial command line is: msiexec /i "onpremmc.msi" /qn

Step 3

Now you can advertise the program.

a) Open the SMS administrator console and select Site Database > Packages > Cisco WebEx LLC Cisco

WebEx Meeting Application English > Programs.

b) Right-click Per-system unattended.

c) Select All Tasks > Distribute Software.

d) Select Next in the Distribute Program Wizard.

e) Select the SMS Server and select Next.

f) Select the collection and select Next.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

135

Uninstalling the Cisco WebEx Meetings Application by Using the SMS Per-System Uninstall Program

Downloading and Mass Deploying Applications

g) Enter the advertisement name in the Name field and select Next.

h) Specify whether the advertisement should apply to subcollections and select Next.

i) Specify when the program will be advertised and select Next.

j) Specify whether to assign the program and select Next.

k) Select Finish on the Completing the Distribute Program Wizard page.

l) Navigate to the \Site Database\System Status\Advertisement Status directory and check the advertisement status.

If you enable notification, the user will see a message indicating that the assigned program is going to run after the program has been advertised. The assigned program will run silently.

Uninstalling the Cisco WebEx Meetings Application by Using the SMS

Per-System Uninstall Program

The SMS administrator can uninstall the Cisco WebEx Meetings application by using the SMS per-system uninstall program.

Procedure

Step 1

Use the SMS Installation package created in

Step 2

Advertise the per-system uninstall program to uninstall the Cisco WebEx Meetings application.

The Cisco WebEx Meetings application is silently uninstalled on the specified machines.

Mass Deployment of the Network Recording Player

This section is a comprehensive guide that covers various types of installations, including a single-computer installation and large-scale installations using Microsoft Systems Management Server 2003 (SMS).

Note

Network Recording Player files greater than 4 GB can only be played when accessed from a Web browser.

Installing Network Recording Player

Before You Begin

• Verify that you have administrator privileges on the target device, because the Cisco WebEx MSI package is installed in the default OS Programs folder that requires such access.

• The Cisco WebEx MSI package was developed for Windows Installer Service 2.0 or higher. If the local machine is configured with an older version of the installer, an error message appears informing the user

136

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Silent Installation of the Recording Player by Using the Command Line

that to install this MSI package, a newer version of the Windows Installer Service is required. Upon executing the MSI package, the user is prompted through the MSI interface.

Procedure

Step 1

Launch the installer on the user's computer.

The installation wizard appears with an introductory message.

Step 2

Select Next on each of the dialogue boxes until the installation dialogue box appears.

Step 3

Select Install.

Step 4

Select Finish.

Silent Installation of the Recording Player by Using the Command Line

Administrators can sign in to a user’s computer and install the WebEx Recording Player by using silent mode.

Procedure

Step 1

Step 2

Download the MSI package to the computer hard drive.

Step 3

Open the Windows Command prompt.

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 4

Enter the MSI command to install WebEx Recording Player silently.

Example:

Enter msiexec/i nbr2player_onprem.msi/qn.

Step 5

Restart the computer.

Silent Uninstallation of the Recording Player by Using the Command Line

Interface

Administrators can sign in to a user’s computer and remove Recording Player by using silent mode.

Procedure

Step 1

Step 2

Download the MSI package to the computer hard drive.

Step 3

Open the Windows Command prompt.

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

137

Installation of CWMS Applications by Using Microsoft Systems Management Server 2003 (SMS)

Downloading and Mass Deploying Applications

On Windows 7 or Windows Vista, you must use run as administrator to open the prompt window.

Step 4

Uninstall all components of the MSI package onpremmc.msi by entering the command msiexec/i nbr2player_onprem.msi/qn.

Installation of CWMS Applications by Using Microsoft Systems Management

Server 2003 (SMS)

Limitations to the Silent Installation of CWMS Applications When Using SMS

The following limitations apply when you perform a silent installation by using Microsoft Systems Management

Server 2003 (SMS):

• SMS per-user mode cannot be supported.

• If a user logs on to a computer with remote desktop while their administrator advertises the package, he must restart the computer to make sure WebEx Productivity Tools work normally.

• Mass deployment is possible, but each user must enter credential information.

• Before you update to a maintenance release or upgrade to a newer release, your users must uninstall

Cisco WebEx Productivity Tools . After the update or upgrade, you can manually push the Productivity

Tools to your users or users can download Productivity Tools from the Downloads page.

• If you are using Lync integration, after a silent installation your users must restart their computers to make all of the instant messenger integrations work properly.

Advertising Cisco WebEx Network Recording Player Using the SMS Per-System Unattended

Program

If you are the SMS administrator, perform the following procedure to advertise the Cisco WebEx Network

Recording Player using the SMS per-system unattended program.

Before You Begin

Sign in to the Administration site and configure your Download settings to manually push the WebEx desktop applications to the user's desktop. Refer to the "Configuring Your Download Settings" section of the Cisco

WebEx Meetings Server Administration Guide for more information.

138

Planning Guide and System Requirements for Cisco WebEx Meetings Server Release 2.7

Downloading and Mass Deploying Applications

Installation of CWMS Applications by Using Microsoft Systems Management Server 2003 (SMS)

Procedure

Step 1

Create a package from the definition. See