cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
300
Views
5
Helpful
1
Replies
Highlighted
Beginner

CWMS 2.5 MDC Questions. (Packet flow ,Firewall port, Certification FQDN, )

Dear all.

 

Hi, I am Yoong Huh.

 

My customer has plan the CWMS SDC system migrate to MDC system. (800 user size without IRP)

 

I have some questions.

 

 

Q1. Packet Flow on MDC

 

How doest CWMS works, when two user who use different CWMS Center make a meeting on CWMS?

 

Can I find some document about how CWMS MDC system works?

 

 

When User A Invite User B and join the meeting, does User B use DataCenter B resource?

 

And what traffic flow between each Data Center?

 

Can I know how works it?

 

 

 

Q2. Firewall Port between each DataCenter

 

I planned the MDC configuration without IRP.

 

Each DataCenter will be locate different country, so there have each firewall/

 

What port and IP should i notice to security team for use MDC?

 

Is it  80, 443 ports for use MDC? or need more option?

 

 

Q3. Certification FQDN.

 

In Administration Guide, has words for Cert file.

" • It does not contain all the host names in the system (other than DMZ host names) or the site and administration
URLs. In a MDC system, it must contain the global site, local site, and administration URLs. "

 

Is that mean, when configure the MDC, Certification must have these URL

 ' common site URL, Local site URL, Local Administartion URL, DC1 AdminVM URL, DC1 MediaVM URL, DC2 AdminVM URL, DC2 MediaVM URL'

or

 ' common site URL, common Administration URL, Local site URL, Local Administartion URL, DC1 AdminVM URL, DC1 MediaVM URL, DC2 AdminVM URL, DC2 MediaVM URL'

 

 

 

Wait for your help.

 

 

Regards.

 

Yoong Huh.

 

 

 

 

1 ACCEPTED SOLUTION

Accepted Solutions
Highlighted
Advocate

1) Please read through the

1) Please read through the MDC section to get understanding of the working of MDC.

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_010011.html#concept_3EE340559E534427896D322E2E30F131

About Multi-data Centers

 

The Multi-data Center (MDC) licensed feature is available in version 2.5 and higher. It allows two CWMS systems to be joined into a single MDC system. One license must be purchased for each CWMS data center in a MDC system. MDC licenses should be purchased before you attempt to deploy MDC. (A system with a single data center does not need a feature license.) MDC licenses are further described in About MDC Licenses.


Note
 

Network requirements between data centers can be found in the CWMS Planning Guide at Network Requirements for Multi-data Center.


Advantages of a Multi-data Center System

The advantages include:

Although in a MDC environment the data centers are all running CWMS and considered peers, for the purpose of joining data centers in a system, the relationship between data centers are considered primary and secondary. Before the Join, the primary data center supports the system you want to retain. The secondary data center becomes part of the MDC system. The distinction is important especially if you are joining data centers that have been actively supporting users.

 

Also Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_22FC5C5295A04C3A8DB393EDB445BCCD

CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users improves network performance. A CWMS system cannot support both HA and MDC.

The conditions for redundancy are:
  • The HA virtual machines must be co-located in the same data center as the primary virtual machines. All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements for connectivity between the primary and HA components are the same as defined previously for the primary virtual machines. Splitting the primary and HA components of the system between data centers is not supported.

    The MDC virtual machines are not required to be co-located in the same data center.

  • Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a switch or network link will not sever the connectivity between the primary and HA or MDC components. To achieve this redundancy, each host server should have redundant connections to multiple Ethernet switches.

  • The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual machines.

    After joining data centers in a MDC system, IRP can be configured on one or more data centers. During a Join, the IRP configuration in the CWMS system and the data center joining the CWMS system must match. During a Join either all data centers are running IRP or none of the data centers are running IRP.

The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an 800 user system with or without HA, the total system capacity remains the same; the maximum number of simultaneous audio connections is 800.

The HA or MDCsystem comprises redundant virtual machines for each virtual machine type in your deployment. (For a description of each type of virtual machine, see Virtual Machines In Your System.) For example:
  • A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP) virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50 user system consists of two Admin virtual machines and two IRP virtual machines.

  • A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual machines.

  • A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant) Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual machines.

In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system. (The public VIP address and the private VIP address are different and are not shared.) When one virtual machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual machine failure is almost completely transparent to end users (as meetings will continue), without placing unusual demands on the DNS infrastructure. However, a shared VIP address can only be implemented on a single network segment or VLAN; splitting a VLAN across two datacenters creates a variety of problems.

We require connectivity between the primary and HA internal virtual machines to be within the same data center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure. Allowing a split network can result in split meeting connections and conflicting database updates. It is more practical to construct a true HA network segment within a single data center than between multiple data centers.

In an MDC system, the data is replicated across data centers (with the exception of the License Manager). Therefore if a data center goes down or network connectivity is lost, the surviving data center continues to serve users independent of geographic location.

 

2) Network Requirements for MDC:
REF: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_C0CA3EBD22754CE38964B52FBD9984BE

Port access:

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_125F962B1D20407186B1654C7A3F5873

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_20DDC6256C0343BEAE8CBD0CD3844244

It would be better if you review the whole document according to your deployment and environment.

 

3) Also review this Thread. Search MDC, I did ask some queries about working of MDC its explained here:  https://supportforums.cisco.com/discussion/12449276/ask-experts-cisco-webex-meeting-server-cwms-installconfiguration-and

This thread also has got some videos.

Once you review the above information let us know if you have got more queries.

 

-Terry

Please rate all helpful posts

View solution in original post

1 REPLY 1
Highlighted
Advocate

1) Please read through the

1) Please read through the MDC section to get understanding of the working of MDC.

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Administration_Guide/Administration_Guide/Administration_Guide_chapter_010011.html#concept_3EE340559E534427896D322E2E30F131

About Multi-data Centers

 

The Multi-data Center (MDC) licensed feature is available in version 2.5 and higher. It allows two CWMS systems to be joined into a single MDC system. One license must be purchased for each CWMS data center in a MDC system. MDC licenses should be purchased before you attempt to deploy MDC. (A system with a single data center does not need a feature license.) MDC licenses are further described in About MDC Licenses.


Note
 

Network requirements between data centers can be found in the CWMS Planning Guide at Network Requirements for Multi-data Center.


Advantages of a Multi-data Center System

The advantages include:

Although in a MDC environment the data centers are all running CWMS and considered peers, for the purpose of joining data centers in a system, the relationship between data centers are considered primary and secondary. Before the Join, the primary data center supports the system you want to retain. The secondary data center becomes part of the MDC system. The distinction is important especially if you are joining data centers that have been actively supporting users.

 

Also Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_22FC5C5295A04C3A8DB393EDB445BCCD

CWMS Multi-data center (MDC) deploys multiple data centers, and then joins them into a single CWMS system. Failover is similar to a HA system, except that MDC system data centers are peers both serving users and they are not geographically limited. Indeed, deploying multiple data centers geographically close to users improves network performance. A CWMS system cannot support both HA and MDC.

The conditions for redundancy are:
  • The HA virtual machines must be co-located in the same data center as the primary virtual machines. All these virtual machines must be on the same VLAN or subnet. The speed and latency requirements for connectivity between the primary and HA components are the same as defined previously for the primary virtual machines. Splitting the primary and HA components of the system between data centers is not supported.

    The MDC virtual machines are not required to be co-located in the same data center.

  • Connectivity between all the internal virtual machines must be fully redundant, so that the failure of a switch or network link will not sever the connectivity between the primary and HA or MDC components. To achieve this redundancy, each host server should have redundant connections to multiple Ethernet switches.

  • The primary and HA Internet Reverse Proxy (IRP) virtual machines must be on a common VLAN or subnet (typically not the same subnet as the internal virtual machines). Connectivity between the Internet Reverse Proxy virtual machines should also be redundant, in the same manner as the internal virtual machines.

    After joining data centers in a MDC system, IRP can be configured on one or more data centers. During a Join, the IRP configuration in the CWMS system and the data center joining the CWMS system must match. During a Join either all data centers are running IRP or none of the data centers are running IRP.

The addition of an HA or MDCsystem does not increase the total system capacity. Whether you deploy an 800 user system with or without HA, the total system capacity remains the same; the maximum number of simultaneous audio connections is 800.

The HA or MDCsystem comprises redundant virtual machines for each virtual machine type in your deployment. (For a description of each type of virtual machine, see Virtual Machines In Your System.) For example:
  • A 50 user system consists of an Admin virtual machine and optionally an Internet Reverse Proxy (IRP) virtual machine for public access. If you add a HA (MDC is not available) system, the combined 50 user system consists of two Admin virtual machines and two IRP virtual machines.

  • A primary 250 or 800 user system consists of an Admin virtual machine, a Media virtual machine, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 250 or 800 user system comprises two Admin virtual machines, two Media virtual machines, and two IRP virtual machines.

  • A primary 2000 user system consists of an Admin virtual machine, three Media virtual machines, two Web virtual machines, and optionally an IRP virtual machine. If you add a HA or MDCsystem, the combined 2000 user system comprises two Admin virtual machines, four (three plus one redundant) Media virtual machines, three (two plus one redundant) Web virtual machines, and two IRP virtual machines.

In an HA or MDCsystem, the public VIP address and private VIP address are shared with the primary system. (The public VIP address and the private VIP address are different and are not shared.) When one virtual machine is down, the other virtual machine uses the same VIP address. Because of this behavior, a virtual machine failure is almost completely transparent to end users (as meetings will continue), without placing unusual demands on the DNS infrastructure. However, a shared VIP address can only be implemented on a single network segment or VLAN; splitting a VLAN across two datacenters creates a variety of problems.

We require connectivity between the primary and HA internal virtual machines to be within the same data center, greatly reducing the problem of distinguishing between a virtual machine failure and a network failure. Allowing a split network can result in split meeting connections and conflicting database updates. It is more practical to construct a true HA network segment within a single data center than between multiple data centers.

In an MDC system, the data is replicated across data centers (with the exception of the License Manager). Therefore if a data center goes down or network connectivity is lost, the surviving data center continues to serve users independent of geographic location.

 

2) Network Requirements for MDC:
REF: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_010.html#reference_C0CA3EBD22754CE38964B52FBD9984BE

Port access:

Ref: http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_125F962B1D20407186B1654C7A3F5873

http://www.cisco.com/c/en/us/td/docs/collaboration/CWMS/2_5/Planning_Guide/Planning_Guide/Planning_Guide_chapter_0100.html#reference_20DDC6256C0343BEAE8CBD0CD3844244

It would be better if you review the whole document according to your deployment and environment.

 

3) Also review this Thread. Search MDC, I did ask some queries about working of MDC its explained here:  https://supportforums.cisco.com/discussion/12449276/ask-experts-cisco-webex-meeting-server-cwms-installconfiguration-and

This thread also has got some videos.

Once you review the above information let us know if you have got more queries.

 

-Terry

Please rate all helpful posts

View solution in original post

CreatePlease to create content