Dear all.
Hi, I am Yoong Huh.
My customer has plan the CWMS SDC system migrate to MDC system. (800 user size without IRP)
I have some questions.
Q1. Packet Flow on MDC
How doest CWMS works, when two user who use different CWMS Center make a meeting on CWMS?
Can I find some document about how CWMS MDC system works?
When User A Invite User B and join the meeting, does User B use DataCenter B resource?
And what traffic flow between each Data Center?
Can I know how works it?
Q2. Firewall Port between each DataCenter
I planned the MDC configuration without IRP.
Each DataCenter will be locate different country, so there have each firewall/
What port and IP should i notice to security team for use MDC?
Is it 80, 443 ports for use MDC? or need more option?
Q3. Certification FQDN.
In Administration Guide, has words for Cert file.
" • It does not contain all the host names in the system (other than DMZ host names) or the site and administration
URLs. In a MDC system, it must contain the global site, local site, and administration URLs. "
Is that mean, when configure the MDC, Certification must have these URL
' common site URL, Local site URL, Local Administartion URL, DC1 AdminVM URL, DC1 MediaVM URL, DC2 AdminVM URL, DC2 MediaVM URL'
or
' common site URL, common Administration URL, Local site URL, Local Administartion URL, DC1 AdminVM URL, DC1 MediaVM URL, DC2 AdminVM URL, DC2 MediaVM URL'
Wait for your help.
Regards.
Yoong Huh.
Accepted Solutions
1) Please read through the MDC section to get understanding of the working of MDC.
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_010011.html#concept_3EE340559E534427896D322E2E30F131
About Multi-data Centers
The Multi-data Center (MDC) licensed feature is available in version 2.5 and higher. It allows two CWMS systems to be joined into a single MDC system. One license must be purchased for each CWMS data center in a MDC system. MDC licenses should be purchased before you attempt to deploy MDC. (A system with a single data center does not need a feature license.) MDC licenses are further described in About MDC Licenses.
 Note | Network requirements between data centers can be found in the CWMS Planning Guide at Network Requirements for Multi-data Center. |
Advantages of a Multi-data Center System
End user access to all data centers by using one URL and one set of phone numbers; the existence of MDC is transparent to end users.
Host licenses, recordings, and related management data migrate freely between joined data centers.
Users can dial into meetings without geographic restrictions; attend meetings by dialing local phone numbers.
Data centers can (optionally) be located in different geographic areas.
Zero-downtime during some planned maintenance events, when the data centers can be running different CWMS 2.5 update versions. Consult the release notes at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-release-notes-list.html to determine which CWMS versions can run simultaneously.
Occasionally, data centers in a MDC system can be running different update versions. Consult the release notes at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-release-notes-list.html to determine which CWMS versions can run simultaneously.
A disaster recovery environment that is transparent to users. If one data center fails for any reason, the other data center supports users.
Although in a MDC environment the data centers are all running CWMS and considered peers, for the purpose of joining data centers in a system, the relationship between data centers are considered primary and secondary. Before the Join, the primary data center supports the system you want to retain. The secondary data center becomes part of the MDC system. The distinction is important especially if you are joining data centers that have been actively supporting users.
Also Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_22FC5C5295A04C3A8DB393EDB445BCCD
CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users improves network performance. A CWMS system cannot support both HA and MDC.
The HA virtual machines must be co-located in the same data center as the primary virtual machines. All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements for connectivity between the primary and HA components are the same as defined previously for the primary virtual machines. Splitting the primary and HA components of the system between data centers is not supported.
The MDC virtual machines are not required to be co-located in the same data center.
Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a switch or network link will not sever the connectivity between the primary and HA or MDC components. To achieve this redundancy, each host server should have redundant connections to multiple Ethernet switches.
The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual machines.
After joining data centers in a MDC system, IRP can be configured on one or more data centers. During a Join, the IRP configuration in the CWMS system and the data center joining the CWMS system must match. During a Join either all data centers are running IRP or none of the data centers are running IRP.
The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an 800 user system with or without HA, the total system capacity remains the same; the maximum number of simultaneous audio connections is 800.
A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP) virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50 user system consists of two Admin virtual machines and two IRP virtual machines.
A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual machines.
A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant) Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual machines.
In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system. (The public VIP address and the private VIP address are different and are not shared.) When one virtual machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual machine failure is almost completely transparent to end users (as meetings will continue), without placing unusual demands on the DNS infrastructure. However, a shared VIP address can only be implemented on a single network segment or VLAN; splitting a VLAN across two datacenters creates a variety of problems.
We require connectivity between the primary and HA internal virtual machines to be within the same data center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure. Allowing a split network can result in split meeting connections and conflicting database updates. It is more practical to construct a true HA network segment within a single data center than between multiple data centers.
In an MDC system, the data is replicated across data centers (with the exception of the License Manager). Therefore if a data center goes down or network connectivity is lost, the surviving data center continues to serve users independent of geographic location.
2) Network Requirements for MDC:
REF: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_C0CA3EBD22754CE38964B52FBD9984BE
Port access:
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_125F962B1D20407186B1654C7A3F5873
http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_20DDC6256C0343BEAE8CBD0CD3844244
It would be better if you review the whole document according to your deployment and environment.
3) Also review this Thread. Search MDC, I did ask some queries about working of MDC its explained here: https://supportforums.cisco.com/discussion/12449276/ask-experts-cisco-webex-meeting-server-cwms-installconfiguration-and
This thread also has got some videos.
Once you review the above information let us know if you have got more queries.
-Terry
Please rate all helpful posts
1) Please read through the MDC section to get understanding of the working of MDC.
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_010011.html#concept_3EE340559E534427896D322E2E30F131
About Multi-data Centers
The Multi-data Center (MDC) licensed feature is available in version 2.5 and higher. It allows two CWMS systems to be joined into a single MDC system. One license must be purchased for each CWMS data center in a MDC system. MDC licenses should be purchased before you attempt to deploy MDC. (A system with a single data center does not need a feature license.) MDC licenses are further described in About MDC Licenses.
Note | Network requirements between data centers can be found in the CWMS Planning Guide at Network Requirements for Multi-data Center. |
Advantages of a Multi-data Center System
End user access to all data centers by using one URL and one set of phone numbers; the existence of MDC is transparent to end users.
Host licenses, recordings, and related management data migrate freely between joined data centers.
Users can dial into meetings without geographic restrictions; attend meetings by dialing local phone numbers.
Data centers can (optionally) be located in different geographic areas.
Zero-downtime during some planned maintenance events, when the data centers can be running different CWMS 2.5 update versions. Consult the release notes at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-release-notes-list.html to determine which CWMS versions can run simultaneously.
Occasionally, data centers in a MDC system can be running different update versions. Consult the release notes at http://www.cisco.com/c/en/us/support/conferencing/webex-meetings-server/products-release-notes-list.html to determine which CWMS versions can run simultaneously.
A disaster recovery environment that is transparent to users. If one data center fails for any reason, the other data center supports users.
Although in a MDC environment the data centers are all running CWMS and considered peers, for the purpose of joining data centers in a system, the relationship between data centers are considered primary and secondary. Before the Join, the primary data center supports the system you want to retain. The secondary data center becomes part of the MDC system. The distinction is important especially if you are joining data centers that have been actively supporting users.
Also Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_22FC5C5295A04C3A8DB393EDB445BCCD
CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users improves network performance. A CWMS system cannot support both HA and MDC.
The HA virtual machines must be co-located in the same data center as the primary virtual machines. All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements for connectivity between the primary and HA components are the same as defined previously for the primary virtual machines. Splitting the primary and HA components of the system between data centers is not supported.
The MDC virtual machines are not required to be co-located in the same data center.
Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a switch or network link will not sever the connectivity between the primary and HA or MDC components. To achieve this redundancy, each host server should have redundant connections to multiple Ethernet switches.
The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual machines.
After joining data centers in a MDC system, IRP can be configured on one or more data centers. During a Join, the IRP configuration in the CWMS system and the data center joining the CWMS system must match. During a Join either all data centers are running IRP or none of the data centers are running IRP.
The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an 800 user system with or without HA, the total system capacity remains the same; the maximum number of simultaneous audio connections is 800.
A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP) virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50 user system consists of two Admin virtual machines and two IRP virtual machines.
A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual machines.
A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant) Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual machines.
In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system. (The public VIP address and the private VIP address are different and are not shared.) When one virtual machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual machine failure is almost completely transparent to end users (as meetings will continue), without placing unusual demands on the DNS infrastructure. However, a shared VIP address can only be implemented on a single network segment or VLAN; splitting a VLAN across two datacenters creates a variety of problems.
We require connectivity between the primary and HA internal virtual machines to be within the same data center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure. Allowing a split network can result in split meeting connections and conflicting database updates. It is more practical to construct a true HA network segment within a single data center than between multiple data centers.
In an MDC system, the data is replicated across data centers (with the exception of the License Manager). Therefore if a data center goes down or network connectivity is lost, the surviving data center continues to serve users independent of geographic location.
2) Network Requirements for MDC:
REF: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_C0CA3EBD22754CE38964B52FBD9984BE
Port access:
Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_125F962B1D20407186B1654C7A3F5873
http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_20DDC6256C0343BEAE8CBD0CD3844244
It would be better if you review the whole document according to your deployment and environment.
3) Also review this Thread. Search MDC, I did ask some queries about working of MDC its explained here: https://supportforums.cisco.com/discussion/12449276/ask-experts-cisco-webex-meeting-server-cwms-installconfiguration-and
This thread also has got some videos.
Once you review the above information let us know if you have got more queries.
-Terry
Please rate all helpful posts
