Cisco WebEx Meetings Server: Extending WebEx to the private

CloudDan Jordan

Technical Marketing Engineer

BRKCOL-2052

AbstractCWMS (Cisco WebEx Meetings Server) was released in October 2012.

CWMS is a solution bringing the Cisco WebEx conferencing solution; SaaS market leader for many years; into the company private cloud.

CWMS has been generating tremendous interest and many deals around the globe from various types of industries and geographical areas.

This session will first consist in a brief overview of CWMS from a user experience perspective.

We will then explain in deep details the CWMS building blocks and various integrations.

We will also cover the sizing and design considerations to deploy this solution.

The objective of this session is for attendees to have a sound understanding of the solution benefits in order to properly position CWMS as well as to deploy and administer it with confidence.

• Cisco WebEx Meetings Server Overview

• 2.5 New Features Configuration

• Architecture and Deployment models

• Dual Datacenter HA

• Building the Dual Datacenter

• Audio and CUCM integration

Agenda

We are transitioning to a next generation architecture for on-prem and cloud

• We think only Cisco can combine the reach of the cloud with the control of on-premise in the future.

• We call this Media Fusion: a new way to enable customers to store and manage their data locally.

Until then, we are extending MP support and continuing our CWMS roadmap

• Cisco will extend the last day of MeetingPlace’s Software Maintenance support from July 9, 2015 to January 31, 2017 (EOL date stays the same)*

The extension is only applicable to MeetingPlace 8.6 customers with Type 2 deployments. (Integrated with SaaS WebEx and uses WebEx

scheduling)

• CWMS development continues, tightly focused on security and serviceability No TP or Squared integration, Centers or 3rd party H/W support, or new deployment topologies.

• CWMS will continue to be sold for at least 2 more years while we work on new architectures to deliver new on-premise experiences. Once we have these new architectures, we will ensure there is a transition plan for current CWMS customers.

Cisco Collaboration Cloud will extend to on-premise via Media Fusion

• Media Fusion initially focused on TP, then we’ll add audio-only; intens to scale beyond today’s MP or CWMS audio.

• Team is working on commercial migration path to Media fusion for both MP & CWMS customers

•

18%Presentation Progress

• Dual Data Center HA

• JITC Certification & IPv6

• Blast dial-out

• Access-controlled meetings and recordings

• Increased System Scalability: 500 users/meeting

• SSO enhancements

• Expanded security certificate management

• IVR language selection

• CWMS API’s

• Serviceability enhancements

• Jabber for Mac, unified client

• Limited Support for Citrix VDI:

• Desktop sharing

• Application sharing

• Annotation

• Extended Branding:

• Customized audio prompts

• Page branding (e.g. logos etc.)

• Next Generation Suite B encryption:

• 128/256 bits AES

• Elliptic Curve Diffie–Hellman

• Secure Hash Algorithm 2

• Split SSL Certificate

• Compliance with PSB 5.2 – 80%

Version 2.5October 2014

Version 2.6*Summer 2015

“Compliance Market” “Serviceability & Security”

• User Management Enhancements

• Delete user

• Change username

• Compliance with PSB 5.2 – 90%

• Other features will be added as we near the Commit day

Version 2.7*December 2015

“Serviceability and Security”Phase 2

* Currently Uncommitted

Cisco WebEx Meetings Server Product Roadmap

• Cisco Collaboration Cloud will extend to on-premise via Media Fusion

• Media Fusion will focus on TP use cases initially, then add audio only use cases over time

• Fusion will support features such as TP Integration, Scalability beyond 2,000 audio ports, 3rd party H/W, High Availability etc.

• FedRAMP certified Cisco Collab Cloud + Media Fusion on-prem will address the needs of the “Compliance” market (e.g. DoD)

• This hybrid architecture will also address the needs of cost-conscious customers (filling the gap MP will leave once it reaches EOL)

• A future Commercial migration path will be available for both MP & CWMS customers

On Premise Vision Cisco Collab Cloud

FedRAMP Compliant

Media Fusion

CWMS & MP Contacts

Product Manager - Refael Zikavashvili rzikavas@cisco.com

Technical Marketing Engineer – Dan Jordan danjorda@cisco.com

Roadmap Presentation

https://cisco.box.com/s/qcarqzbjppinu4t1ocvucrdsh8awyai6

CWMS Selling Resources

http://wwwin.cisco.com/voice/products/conferencing/webex-ms/#sr1=0

MeetingPlace S/W Maintenance Support Exention

http://www.cisco.com/c/en/us/products/collateral/conferencing/unified-meetingplace/bulletin-c25-734542.html

MeetingPlace End-of-Life Announcement

http://www.cisco.com/c/en/us/products/collateral/conferencing/unified-meetingplace/eos-eol-notice-c51-730721.html

Overview

Cisco WebEx Meetings ServerAn Entirely New WebEx Deployment Model

• WebEx meetings in a private cloud

• Installed in your datacenter

• All-in-one conferencing solution

• Incorporates audio, web and video in asingle solution

• Same great WebEx user experience

• WebEx clients for PC, Mac, iPhone, iPad, and Android; high quality video; sharing, annotation, and collaboration tools; recording and playback etc.

• Software based

• Designed for Cisco UCS Servers + VMware

• BE6K and BE7K supported for certain configurations

• Integrates with Cisco UC suite

• Extends Cisco Unified Communications Manager to conferencing, and meeting escalation from Jabber.

CWMS Target MarketsReg. RestrictedCompliance Privacy Centric CapEx vs. OpEx

• Behind the firewall installation

• 100% 128 and 256 Bit SSL encrypted online meetings

• Industry-standard 2048 Bit encryption keys

• Wild-card and SAN SSL certificate support

• Optional TLS/SRTP SIP teleconferencing encryption

• Hardened ‘Virtual Appliance’ with SE/Linux extensions

• NIST FIPS 140-2 approved cryptographic algorithms supported

Target Customers - Caveats

ScalabilityCustomers with large systems (>40,000 users) will need 2+ separate systems

Audio-only Features not a direct replacement for MeetingPlace1

Focus on integrated Web conferencing

CapacityNo more than 500 participants in a single meeting

Meetings OnlyNo planned support for on-premises Events Center, Training Center, Support Center

1 CWMS supports audio-only conferencing via Personal Conferencing

Innovation is led from the Cloud, CWMS follows….Lagging on WebEx-enabled TelePresence, Productivity Tools for Mac & Lotus Notes, Client for Windows Mobile

Total Cost of Ownership is comparable between Cloud and On-Premises SolutionsParticularly when customer has more than 5,000 hosts and CCA is an option

Designed for customers worldwide

• 100% Localized

• End User and Admin User Interfaces

• Online Help and Technical Documentation posted on Cisco.com

• Support for 13 Languages• English (with Audio Prompts in US English & UK English)• Simplified and Traditional Chinese• Japanese• Korean• German• French (France)• Italian• Dutch 1

• Spanish (Spain) 1

• Spanish (Latin America)• Portuguese (Brazil)• Russian 1

WebEx & WebEx Meetings Server Comparison

WebEx SaaS

Enterprise Edition – Meetings, Trainings, Events, Support

Broad range of 3rd party Plug-Ins

Extensive Customizability

Unlimited Scalability

Flexible Subscriptions – Minutes, Ports, Hosts

Add on audio separately

CWMS

Meeting Center

Outlook Calendaring Plug-In

Limited Customizability

(Logo, PS, TOS, Legal Disclaimer)

2,000 Peak Attendees (Ports)

Perpetual User Licenses

Audio is built in (requires CUCM)

What’s new in v2.5 at a glance

• Dual Data Center – High Availability

• Blast Out-Dial

• JITC Certification & IPv6 Compliance

• Refreshed Meeting Client

• Up to 500 attendees per meeting

• New & Improved Admin Dashboard

• Scheduling APIs

• Language Selection

• Access controlled recordings

• Admin SSO

• Schedule on Behalf

WebEx Meetings Server 2.5

New Licensing in 2.5• Multi-data Center Licensing

Multi-data Center (MDC) licensing is required to join data centers to a system. Each data center requires an MDC system license; an MDC system requires a minimum of two licenses, one for each data center. A Single-data Center (SDC) does not require a system license. (See "About MDC Licensing" in the Cisco WebEx Meetings Server Administration Guide version 2.5 at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-installation-guides-list.html.)

• Host Licensing for Version 2.5A user can host a maximum of two simultaneous meetings, consuming only one license. (Previously, a user that hosted multiple meetings consumed multiple licenses.) A Host licenses is not required to schedule or attend a meeting. (See "License Status of Users" in the Cisco WebEx Meetings Server Administration Guide version 2.5 at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-installation-guides-list.html.)

Configuring new features in 2.5

1.X or 2.0 upgrade to 2.5• The following are supported upgrade/update paths to 2.5

> 2.0

MR3

2.01.X

< 2.0

MR3

2.5Update

Update

Upgrade

LDAP Integration (1.5+)LDAP directory service for User Management and User Authentication

• Set up LDAP Integration in 4 easy steps

1. Set up CUCM

2. Perform Directory Sync

3. Turn on LDAP Authentication

• Notify Users (Optional)

Cisco Call Manager (CUCM) acts as the gateway to LDAP

• No new software deployment required

• Aligns with existing UC integration model

• Secure (SOAP over HTTPS)

IPv6 Overview

In current Orion architecture the telephony servers already support IPv6. The CWMS can be enabled to use IPv6 addressing schemes to connect to telephony users. However the end users and meeting clients (like desktop/laptop clients etc.,) cannot connect to CWMS server using an IPv6 addressing scheme.

CWMS 2.5 release is providing IPv6 support for these users with a reverse-proxy based solution.

The reverse proxy (IRP Node) accepts incoming IPv6 connections and proxy them via IPv4 to internal CWMS web or media servers. The reverse proxy is providing a dual stacked solution for this. All internal and external clients (remote users) will communicate with the CWMS using reverse-proxy.

The user experience is consistent for both IPv4 and IPv6 use cases. The end users or meeting clients does not need to be aware if they’re using IPv4 or IPv6. This is a common and converged infrastructure for supporting both IPv4 and IPv6 use cases.

IPv6 Requirements/Configuration• CWMS deployed as System with Public Access and Non-Split-Horizon DNS

• All users are connected to CWMS via IRP nodes

• Administrator is connecting directly to Admin VMs from internal network in dual stacked network environment (IPv4 or IPv6)

IPv6 Configuration

IPv6 configuration via Admin web

Both Private and Public interface must be configured with IPv6 addresses

Admin and IRP virtual machines in deployment need to be configured with IPv6 addresses for VM interface.

DNS configuration

WebEx Site URL and WebEx Administration URL are extended with IPv6 addresses on DNS, along with existing IPv4 addresses.

Same applies for VM FQDN.

IVR Language Selection Configuration• Configure a route pattern on CUCM for each language for direct access

• Add the language in CWMS Settings > Audio > Global Settings

• Add the CUCM configured route pattern to CWMS to match the language

Blast Dial Group Configuration – step1 • Add CUCM route pattern specific for Blast Dial Group

• Ensure “Call In and Call Me service is enabled” on CWMS

Blast Dial Configuration - step 2• Add a Blast Dial Group

Display on phone

screen

Same with above

CUCM Blast Dial

route pattern

Display on phone

screen

Blast Dial Configuration – step 3• Add Participants

This “Host” is

web host instead of

audio host

Show the phone number

which is set on user web

“My Account”

Type one

phone number

Architecture & Deployment Layouts

High-Level System Architecture

INTERNETENTERPRISE PERIMETER ENTERPRISE NETWORK

Cisco WebEx Meetings Server

Virtual Appliance

Mobile and Internet

UsersSAML or LDAP Single Sign On

based on Corporate Directory

Credentials

SIP Trunk

Teleconferencing to

CUCMInternal Users

General RequirementsCategory System Requirements

VMware • VMware 5.0, 5.0 Update 1 & 2, 5.1, 5.1 U1, 5.5

• vSphere Standard - for 50 250 user deployments

• vSphere 5.1 Enterprise or 5.0 Enterprise Plus - for 800 2000 user deployments,

• vCenter mandatory

• One License per socket

Networking • LAN

• DNS must be configured prior to deployment

• NTP required on ESXi Host

• Redundant configurations must have all NIC interfaces duplicated and connected to

independent switching fabric to support LAN Fault tolerance

• WAN

• Similar to SaaS WebEx for HQ Video, Web Share etc.

• Plan assuming 70-30 distribution in-company users (LAN) and internet users (WAN)

Storage (Network Attached Storage) • Needed only if customer wants to record meetings and keep system snapshots (for DR)

(NFS only for recording, NAS/SAN for VMware)

Teleconferencing • CUCM 7.1, 8.6, 9.0, 9.1, 10, 10.5 for SIP Trunk based Teleconferencing

SSO (Single Sign On) • If using ADFS 2.0 as iDP then customer needs AD (Active Directory) 2010

• Other SAML 2.0 SSO Compliant iDP also supported – same as SaaS WebEx

• PingFederation V6.5.2, ADFS V2, OpenAM V9.5.4

• LDAP integration provided through CUCM (1.5+)

CUCMExternal Firewall

Internal

Users

SIP

Internal Firewall

Guest and

Mobile Users

IPv4 Web/Video

Traffic from Internal Users

PC Audio OFF

Reverse Proxy VM

DMZ

IPv4 Web/Video

Traffic from external Users

PC Audio OFF

AD LDS

AD/ (Lightweight Directory

Service)

LDAP

Authentication

Cisco WebEx Meetings Server

Virtual Appliance

PSTN

LDAP

Directory Integration Architecture using CUCM

• Synchronization via CUCM

• Authentication

LDAP

Synch

AXL

Synch

Split DNS Traffic flow

• Increased traffic through the DMZ

• Public VIP will be served to

internal & external clients

• URL does not change

Flat DNS Traffic flow

Network Port Requirements

Internet Reverse Proxy (IRP) Recommended in

the DMZ

Ports 443 and 80 will need to be open inbound to

the IRP.

Other ports (listed) will need to be open inbound

from the IRP to CWMS and outbound from CWMS

to the IRP.

System CapacitiesMedia Type 50 Port 250 Port 800 Port 2000 Port

100% SIP/PC Audio 50 250 800 2000

Encrypted Audio (sRTP) * 50 250 800 2000

Secured MC Web (SSL) 50 250 800 2000

50% HQ Video (SSL) 25 125 400 1000

Single Meeting Max Size 50 100 500 500

Recorded Meetings Max at Peak 5% of Maximum meetings

*Includes high fidelity Codecs E.g. G722

CWMS Deployment Models – Single DC options

Non-redundant Centralized (Recommended for initial deployment)

• No redundant components

• Single Data center only

• With Internet Reverse Proxy (IRP) for External Access or without IRP

• 1 hr to restore on same UCS Hardware in VMware

High Availability Single DC (HA) (Optional)

• Centralized Single Data Center – multiple servers/blades (N+1)

• Active/Active resiliency – load sharing between all like VM’s

• No Latency between VMs

• With Internet Reverse Proxy (IRP) or without IRP (no external web access, no mobile)

CWMS Deployment Models – Dual DC OptionsDisaster Recovery (DR) – (Optional)

• Centralized, Dual Data Center model – “cold standby” mode

• Multiple ways to “enable” this site

• Requires IT Manual intervention to use DR Site system

• Restore DB, Change DNS routing, Change UC Manager SIP Routing (checklist)

High Availability Dual DC (HA) (Optional)

• 2 Data Center deployment – multiple servers/blades (N+1)

• Active/Active resiliency – load sharing between all like VM’s

• Latency < 200ms

• With Internet Reverse Proxy (IRP) or without IRP (no external web access, no mobile)

• Dual DC additional license is required for this deployment

Deployment layouts50 Ports

Primary+vCenter IRP or Primary+vCenter IRP or

Primary & vCenter CoResident – IRP

separate UCSPrimary, vCenter, IRP CoResident – Dual

homed

Data

CenterESXi Host

Internal DMZ Internal DMZ

Primary+vCent

erIRP

HA Primary HA IRP

Internal DMZ

Primary+vCenter IRP

HA Primary HA IRP

Internal DMZ

or

High Availability

Options

Deployment layouts

Data

CenterESXi Host

250 Ports

or

Primary & vCenter CoResident – IRP

separate UCS High availability – single DC

• Primary can reside with vCenter

Primary+vCent

erIRP

Internal DMZPrimary+vCent

erIRP

HA Primary HA IRP

Internal DMZ

800 Ports

or

Primary – IRP separate UCS

vCenter still required cannot be CoResident

High availability – single DC

vCenter still required cannot be CoResident

Primary IRP

Internal DMZ Primary IRP

HA Primary HA IRP

Internal DMZ

Disaster Recovery or

DDC - mirror layout in

second DC

Disaster Recovery or

DDC - mirror layout in

second DC

2000 ports Deployment layouts

Data

Center

ESXi Host

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

HA Admin/Media

HA Web

IRP

High Availability Option Non Redundant Option

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

Dual Data Center Option

DC #2DC #1

CWMS Supported Deployments

Self Maintained model - The solution is sold to the customer who manages and maintains system (Customer Premise Equipment)

• Cisco UC Partner provide implementation services

• Cisco Advanced Services provide implementation services

Managed Services model – Customer owned equipment in customer DC, managed by SP

• CWMS has not been architected around Managed Service Provider’s billing or other operational needs

Hosted model (HCS) – Not supported

• No Multitenant support, HCS is supported with WebEx SaaS

Dual Data Center HA

What is Dual Data Center (DDC) HA• 2 Standalone systems are joined to create a single distributed system

• DDC ensures capacity and minimal interruptions to meetings in the event that one of the data centers (DC) goes down

• Transparent to the end users

• Available for new or existing 2.5 deployments.

• Available for 250, 800, and 2000 user deployments

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

Admin/Media

IRP

Internal DMZ

Web/Media

Web/Media

DC #1 DC #2

Dual Data Center HA• Active/Active Deployment

• Meetings can cascade between DC’s

• Looks like one system to end users

• UL handled by primary system, no change in user licenses

• Max capacity still 2000

• Available in all deployments but 50

• Feature license is required (no trial license available)

• Identical hardware in both DC

• NTP required

• NFS required for each DC (recording storage)

Less than 200ms latency required

4.5 Mbps guaranteed bandwidth

Additional bandwidth required during the failover state

User Experience during failover Because of the active-active architecture and the distribution of meetings, the impacted users and meetings will depend on where the failure occurred.

Impacted meetings have the following user experience:

The meeting clients will reconnect within 2-3 minutes.

The computer audio connections will be re-established.

The recording will be restarted.

The computer video has to be restarted by the users.

Host or presenter will have to restart the desktop share.

Host or presenter will have to restart the video share.

Telephony audio (dial-in and dial-outs) will be reestablished in most cases (depending on the CUCM configuration and the type of failure).

Building a Dual DC system

Terminology• Common site URL: The URL used by people to access the DDC. It is mapped to both DC’s and provides

continuous access to the system even if one DC is down.

• Common admin URL: The URL used by the Administrator to access the administrative interface of the DDC. It is mapped to both DC’s and provides continuous administrative access to the system even when one DC is down.

• Local site URL: These URL’s are used by the system. They are mapped to their respective DC only.

• Local admin URL: These URL’s are used by the System and by the Administrator to access the specific DC only.

• Public vIP: This is the IP Address that the Common site URL is mapped to in the DMZ (IRP).

• Private vIP: This is the IP Address that the Common site URL is mapped to inside the Company.

• Flat DNS: In flat DNS, the Common site URL is mapped to the Public vIP. All access to the system comes through the IRP. (exception for administrative access)

• Split DNS: In split DNS, the Common site URL is mapped to the Public vIP for Internet access, but mapped to the Private vIP inside the Company.

Worksheet Example Common siteURL https://meetings.cisco.comCommon adminURL https://meetings-admin.cisco.com

Local siteURL's Dc1-CWMS.cisco.com dc2-CWMS.cisco.com

Local adminURL's dc1-CWMS-admin.cisco.com dc2-CWMS-admin.cisco.com

Public vIP's

Private vIP's 10.194.105.46 10.194.105.51

DNS Server 172.27.200.199 172.27.200.199

Heart VM's dc1-Primary 10.194.105.47 dc2-Primary 10.194.105.52

Media VM's dc1-cwms-media 10.194.105.48 dc2-cwms-media 10.194.105.53

DMZ VM's

Orion Administrator cwmsadmin@cisco.com cwmsadmin@cisco.com

Password cisco123 cisco123

Remote Access root root

Password cisco123 cisco123

Call Manager's 172.27.224.190 172.27.200.180

Converting single DC system to DDC• The current site URL and admin URL = Global URLs in a DDC configuration.

• These URLs continue to provide access to the system for meetings, users, and administrators. Administrative access to the system is granted from the private VIP only. No change.

• A new local site URL needs to be created and mapped:

• Flat DNS: Map to the public VIP

• Split DNS: Map to the public VIP in external DNS, map to private VIP in internal DNS

• A new local admin URL needs to be created and mapped:

• Map to the private VIP in internal DNS for both Flat DNS and Split DNS.

• The admin URL is not available for external connections

• DMZ: An IRP can be deployed for non-administrative access to the system for external users

Audio, Call Control & CUCM Integration

Audio Parameters• There is no loss in capacity when using complex/low bitrate codecs – For the

best user experience we recommend g.722 for the best quality audio

• No echo cancellation built into WebEx Meetings Server

• ISR Voice Gateway use DSP Echo Cancellation modules

• CUBE can also be used for Echo cancellation

• Can set QoS for SIP Audio – outbound “Call-back”

• The most commonly purchased edition of CWMS has TLS/sRTP audio encryption available

• Turkish and Russian customers may only purchase the "-AU" edition which lacks TLS/SRTP and is compliant with Russian / Turkish import laws

Call Control – Inbound/Outbound • Call-back Teleconferencing

• Best End User experience to Join Web session first, then use Callback

• Controlled via SIP trunk outbound to UC Manager/Session Manager Edition

• Most efficient call processing methodology

• Can be disabled

• Dial In Operations

• UC Manager /Session Manager Edition - SIP Trunks• Tested with MGCP Trunks end to end

• Tested with SIP Telco Trunks end to end

• Inbound Calling can be from unlimited number of UC Manager clusters OR via inter-cluster trunks (ICT) between all clusters to a centralized UC Manager

• Typical customers deploy with 3 phone numbers: toll free, toll and internal dial numbers pointed to SIP trunks inbound to Cisco WebEx Meetings Server system.

• Uses SIP Refer to provide load balancing across redundant systems

CUBE CUBE

PSTN

H323MGCPSIP

Unified CM Session Management Edition Cluster or UCM Cluster

Leaf Unified CM Clusters/ Leaf UC Systems

CUCM Clusters with H323 QSIG Trunks to

SME

PBXs/ CUCM Clusters with SIP Trunks

to SME

CUCM Clusters with

H323 Trunks to SME

PBXs with MGCP Q931

Gateway Trunks

PBXs with MGCP QSIG

Trunks to SME

CUCM/PBX with SIP QSIG Trunks to SME

SME cluster can interconnect 1000’s of UC/PBX systems using SIP, H323, or

MGCP Trunks SME allows you to reduce UC system complexity by centralizing

your dial plan and call routing rules.

CiscoWebex Meetings Server

CUCM Integration – SME recommended for large systemsDial-In Examples:

800-XXX-XXXX Toll Free

919-XXX-XXXX Direct

x5000 Internal

Or Call-Back

CUCM Configuration for Dual Data Center• Typically, each Site will have a dedicated CUCM cluster associated with it. CUCM clusters

will be connected via inter-cluster trunks (ICT).

• Each CUCM cluster will have call-in/call-out trunks to the local CWMS site.

• Each CUCM will have SIP REFER trunks to all the media VMs in the DDC.

• The ‘call-in’ route pattern can be setup to have priority to the INVITE trunk to the local DC and only use the INVITE trunk to the remote DC upon failure

SJ

CUCM

Cluster

INVITEREFER

Admin-VM Media-VM

SJ DC

RTP

CUCM

Cluster

INVITEREFER

Media-VM Admin-VM

RTP DC

REFERREFER

ICT

CUCM Configuration for Dual Data Center• CWMS can be configured behind the local CUCM clusters with SME for ICT

• The refer trunks can hang off from local CUCM

SJ

CUCM

Cluster

INVITEREFER

Admin-VM Media-VM

SJ DC

RTP

CUCM

Cluster

INVITEREFER

Media-VM Admin-VM

RTP DC

REFERREFER

ICTSME ICT

CUCM Configuration for Dual Data Center• CWMS nodes can be configured behind the SME also

• The refer trunks can hang off from SME

INVITE

SJ

CUCM

Cluster

Admin-VM Media-VM

SJ DC

INVITE

RTP

CUCM

Cluster

Media-VM Admin-VM

RTP DC

REFER

REFER

ICT

SME

ICT

Key Takeaway

INTERNETENTERPRISE PERIMETER ENTERPRISE NETWORK

Optimized for 100% Secure, behind-the-firewall VPN-less Access that integrates

with your Corporate User Management and UC Infrastructure

Cisco WebEx Meetings Server

Virtual Appliance

Mobile and Internet

UsersSAML or LDAP Single Sign On

based on Corporate Directory

Credentials

SIP Trunk

Teleconferencing to

CUCMInternal Users

Online ResourcesFor Questions please use the discussion forum at

https://communities.cisco.com/community/partner/collaboration/webex

CCO Documentationhttp://www.cisco.com/go/cwms

Supported Platforms wikihttp://docwiki.cisco.com/wikiVirtualization_for_Cisco_WebEx_Meetings_Server

WebEx Network Bandwidth White Paperhttp://www.cisco.com/en/US/prod/collateral/ps10352/ps10362/ps10409/webex_video_bandwidth_gui

de.pdf

Participate in the “My Favorite Speaker” Contest

• Promote your favorite speaker through Twitter and you could win $200 of Cisco Press products (@CiscoPress)

• Send a tweet and include

• Your favorite speaker’s Twitter handle @danjorda

• Two hashtags: #CLUS #MyFavoriteSpeaker

• You can submit an entry for more than one of your “favorite” speakers

• Don’t forget to follow @CiscoLive and @CiscoPress

• View the official rules at http://bit.ly/CLUSwin

Promote Your Favorite Speaker and You Could Be a Winner

Complete Your Online Session Evaluation

Don’t forget: Cisco Live sessions will be available for viewing on-demand after the event at CiscoLive.com/Online

• Give us your feedback to be entered into a Daily Survey Drawing. A daily winner will receive a $750 Amazon gift card.

• Complete your session surveys though the Cisco Live mobile app or your computer on Cisco Live Connect.

Continue Your Education

• Demos in the Cisco campus

• Walk-in Self-Paced Labs

• Table Topics

• Meet the Engineer 1:1 meetings

• Related sessions

Thank you

Collaboration Cisco Education OfferingsCourse Description Cisco Certification

CCIE Collaboration Advanced Workshop (CIEC) Gain expert-level skills to integrate, configure, and troubleshoot complex

collaboration networks

CCIE® Collaboration

Implementing Cisco Collaboration Applications

(CAPPS)

Understand how to implement the full suite of Cisco collaboration

applications including Jabber, Cisco Unified IM and Presence, and Cisco

Unity Connection.

CCNP® Collaboration

Implementing Cisco IP Telephony and Video

Part 1 (CIPTV1)

Implementing Cisco IP Telephony and Video

Part 2 (CIPTV2)

Troubleshooting Cisco IP Telephony and Video

(CTCOLLAB)

Learn how to implement Cisco Unified Communications Manager, CUBE,

and audio and videoconferences in a single-site voice and video network.

Obtain the skills to implement Cisco Unified Communications Manager in a

modern, multisite collaboration environment.

Troubleshoot complex integrated voice and video infrastructures

CCNP® Collaboration

Implementing Cisco Collaboration Devices

(CICD)

Implementing Cisco Video Network Devices

(CIVND)

Acquire a basic understanding of collaboration technologies like Cisco Call

Manager and Cisco Unified Communications Manager.

Learn how to evaluate requirements for video deployments, and implement

Cisco Collaboration endpoints in converged Cisco infrastructures.

CCNA® Collaboration

For more details, please visit: http://learningnetwork.cisco.com

Questions? Visit the Learning@Cisco Booth or contact ask-edu-pm-dcv@cisco.com

End User RequirementsCategory System Requirements

Web User Interface Browsers

• Internet Explorer 8 - 11 (32-bit/64-bit)*

• Firefox 9+ (Mac/Windows)

• Safari for Snow Leopard and Lion, Mountain Lion (Mac)

• Chrome Latest Releases (Mac/Windows)

Desktop Operating Systems • Windows XP SP3 and later

• Windows Vista (32-bit/64-bit)

• Windows 7 (32-bit/64-bit)

• Windows Server 2008 (64-bit)

• Windows 8, 8.1(32-bit/64-bit)

• Mac OS 10.6 Snow Leopard, 10.7 Lion, and 10.8 Mountain Lion

Calendaring Interfaces • PC: Microsoft Outlook 2007 SP2+, 2010 SP1+ (32-bit/64-bit), 2013

• PC & Mac: Web Calendaring

• Mobile: iOS WebEx App, Android WebEx App

Mobile Platform • iOS v5.0(1.5) v6.0(>2.0) or later (iPhone and iPad) – same Mobile Meeting Center Client

download as SaaS WebEx

• Android 2.1 or later

* IE 11 only tested on win7 SP1

WebEx Meetings Server Sizing Guidelines

Model Size

Simultaneous Users

Company Knowledge

Workers based on usage

Average Minutes Per Month

Ranges

50 Ports ~ 500 heavy (10 to 1)

~ 1,000 avg. (20 to 1)

~ 1,500 light (30 to 1)

50-125 K

(2500 min/port)

250 Ports ~ 2,500 heavy (10 to 1)

~ 5,000 avg. (20 to 1)

~ 7,500 light (30 to 1)

130-750 K

(3000 min/port)

800 Ports ~ 8,000 heavy (10 to 1)

~ 16,000 avg. (20 to 1)

~ 24,000 light (30 to 1)

1000 K - 2.8 M

(3500 min/port)

2000 Ports ~ 20,000 heavy (10 to 1)

~ 40,000 avg. (20 to 1)

~ 60,000 light (30 to 1)

3-8 M

(4000 min/port)

Actual Usage may vary based on conferencing and growth

Common Requirements

• UCS M2 Gen or above (Westmere-EX Processor or above) w/AES-NI

• 2.4GHz Processor or above

• vSphere ESXi version 5, 5U1, 5.1 U1, 5.5

• Additional NIC recommended for VMware Management Network

• vCenter version 5 -

• DAS minimum 4 Drives - RAID 10, RAID 5

• SAN Supported

50 Port

Recommended host C220-M3, vSphere Standard, 7200RPM HDD, 100Mbps NIC, 1.5TB HDD, Built in RAID

Primary

• 6 cores

• 24 GB RAM

• 1 NIC

IRP

• 6 cores

• 12 GB RAM

• 1 NIC

Co-Resident Configurations

Primary + vCenter

• 10 cores

• 36 GB RAM

• 1 NIC

Primary + IRP

• 8 cores

• 36 GB RAM

• 2 NIC

Primary + IRP + vCenter

• 12 cores

• 40 GB RAM

• 2 NIC

250 Port

Recommended host C220-M3, vSphere Standard, 7200RPM HDD, 1GB NIC, 1.5TB HDD, Built in RAID

Primary

• 12 Cores

• 52 GB RAM

• 2 NIC

IRP

• 12 Cores

• 36 GB RAM

• 2 NIC

Co-Resident Configuration

Primary + vCenter

• 16 Cores

• 56 GB RAM

• 4 NIC

800 or 2000 Port

Recommended host C460-M2, vSphere Enterprise Plus, 10,000RPM SAS, 10Gbps NIC, 1.5TB HDD, LSI 9260-8i w/(Battery Backup)

Primary

• 40 Cores

• 80 GB RAM

• 4 NIC

IRP

• 40 Cores

• 36 GB RAM

• 4 NIC

UCS Requirements Check planning guide for latest requirements

Licensing – screenshot

1.X to 2.0 Upgrade Procedure

Overview• Customers who wish to upgrade their CWMS 1.x systems to the latest version,

CWMS 2.0, must do so using the replacement upgrade procedure. Two upgrade methods are available

• Automatic upgrade• The preferred upgrade method

• Only available if vCenter credentials (with required privileges to create/modify VMs) can be provided

• Automatically creates VMs (including IRP and HA VMs) needed for the new system

• Automatically transfers data from the old to the new system

• Manual upgrade• Must be used if vCenter credentials cannot be provided

• Very similar to CWMS 1.0/1.1/1.5 system expand procedure

Note: 2.0 to 2.5 requires an update, this process is not required for 2.0 to 2.5 update. See the administration guide for update

procedure.

Automatic Upgrade Flow• The Automatic Upgrade process can be divided into different stages. They are

• Create the CWMS 2.0 auto-upgrade admin VM *

• Start the upgrade *

• New system setup **

• Finish the upgrade **

• Licensing in the CWMS 2.0 system

• Long pauses can exist be between 1 & 2 and 2 & 3

• * Existing CWMS 1.x system remains in service

• ** Existing CWMS 1.x system not in service

New VM Type for Auto-Upgrade• Four new VM types defined

• Select the Auto-upgrade VM type that matches your existing system’s size

Create the CWMS 2.0 auto-upgrade admin VM • Overview and Steps

• No meeting service disruption during this operation

• Manually create the CWMS 2.0 auto upgrade admin VM first in vCenter using the 2.0 OVA

• Select from four new CWMS 2.0 auto-upgrade admin VM types

• VM is pre-configured to have zero CPU and memory reservations. Therefore, on some systems (e.g. a micro running on a 4-core blade) the upgrade may run slowly

• Must create it on the same ESXi host containing the primary admin VM of CWMS 1.x

• Requires a temporary IP/hostname for the VM on the same subnet as the primary admin VM of CWMS 1.x

• Power up the new 2.0 admin VM created earlier and open its console in vSphere Client

Start the upgrade - screenshot

Start the upgrade• Overview: Browser Enhancements

• No meeting service disruption during this operation

• Upgrade process status not lost if browser session is closed

• Multiple system admins can simultaneously view the upgrade status

• Continuous progress update and remaining time estimate provided (browser and VM console)

• Estimated remaining time for backend operations

• Uses the CWMS 1.x admin credentials and vCenter privileged credentials to read 1.x system information, auto create VMs

Start the upgrade

• Steps

• Type the Deployment URL displayed in the VM console into a web browser

• In the first page

• Provide access information to the CWMS 1.x system

• Provide access information to vCenter

• These are automatically reused at a later stage during the upgrade (refer screenshot)

• Click continue and the system auto-creates all the 2.0 VMs (including HA VMs, IRP VMs)

• Auto-created VMs remain powered down for now

New system setup - screenshot

New system setup• Overview

• Once the 2.0 VMs have all been auto-created successfully, user is asked to confirm proceeding to the next stage

• Upon confirmation, existing CWMS 1.x system will go down

• Continuous progress update and remaining time estimate provided (browser and VM console)

New system setup• Steps (automatically performed)

• Put old system into Maintenance Mode

• Prepare old system for upgrade

• Power down old system

• Copy archive data from source system to the target system via VMDK copy and attach.

• Reset the 2.0 Admin VM’s CPU and memory reservations

• DB Operations

• Restore the data transferred from the source system to the target system

• Update the DB schema and data

• In case the target system has HA, DB replication will be set up between the its primary and secondary admin VMs

Finish the upgrade • Congratulations on the upgrade!

• Click the “Sign-In” button to go to CWMS 2.0 administration URL

• Sign in with the same admin credentials as the 1.x system

• The 2.0 system will be in maintenance mode

• Take it out of maintenance mode when ready to use the system

• When you exit maintenance mode (causes a reboot)

• The temporary IP bound to eth0 is released

• The auto-upgrade admin VM is changed to use the original system’s primary admin hostname / IP

2.0 Manual Upgrade• Due to limited time I will not cover the manual upgrade. Video Available on

Partner Central