03-29-2016 04:41 AM - edited 03-18-2019 05:45 AM
Hello all,
We have VCS-C/ VSC-E (x8.6.1) implementation for MRA and B2B services. VSC-C take cake of endpoint registration (SIP and H323) and aslo MCU for meeting room. VCS-C is trinked to CUCM for jabber client to be able call video enpoint and MCU meeting room.
Since VCS-C s very critical, we would like to backup this server by adding a VCS-C2 (on backup site) and create cluster. i would like to know the necessary the VCS-2 and creating cluster.
i'have attached a picture of my architecture.
thx in advance for your help
03-29-2016 07:54 AM
Not sure what happened, but your picture didn't get attached.
Refer to the VCS Cluster Creation and Maintenance Deployment Guide (X8.6) on how to create a VCS cluster, it also lists the requirements that must be met to create the cluster as well.
03-29-2016 08:03 AM
03-29-2016 09:20 AM
For certificates, refer to the VCS Certificate Creation and Use Deployment Guide (X8.6).
Refer to Appendix 6 of the cluster creation guide regarding how to setup DNS, as well as Appendix 5. You can configure the SRV records to route traffic to either VCS you choose or both.
03-30-2016 08:45 AM
hello Patrick,
i really apreciate your help.
these document describe Certificate and SRV on new installation.
in my case i have already have VCS-C/VCS-E for MRA and B2B and they are already configured with SRV (Internal and external DNS). CA trusted certifcate and Server certficat are already uploded to VCS-C (Single)
now i have brand new VCS-C2, so need to create VCS Cluster and making VCS-C as mater.
i'm confused about the follwed thing
- Do i have to upload the same CA trusted certficate on VCS-C2 and sign CSR with it?
- Since i need to configure a cluster name, should i resign server certficate for VCS-C?
- B2B SRV record that point to VCS-C, should i point them VCS Cluster name now?
regards,
03-30-2016 12:48 PM
Refer to the "Overview of certificate use on the VCS" section in the certificate guide on pg 3, it goes over what the certificate should contain. In this case, you're going to need to resign your existing VCS to include the FQDN of the cluster. Below is taken from the guide.
If the VCS is clustered, with individual certificates per VCS:
You can simply add a second SRV record along side the existing records with a lower priority that points to the backup VCS. An example is described in Appendix 6 of the cluster creation guide, note the guide's example has the SRV records for each VCS peer being equal to allow for each VCS to share the incoming load.
03-31-2016 11:43 PM
hello Patick,
By resining cert , do you mean re-impoty Root Trusted CA nad Server certificat?
Since i'm clustering only VCS Control, should resign VCE also?
regards,
04-01-2016 08:41 AM
Server certificate should be fine, as long as you get the certficate from the same CA as the existing one. You shouldn't have to do anything on the VCS-E certificate, nothing is changing there, but just in case look over the mentioned guides including the MRA guide just to be safe.
04-03-2016 02:39 AM
hello Patrick,
i was going through MRA configuration. i found these:
Build Expressway-E Traversal Server zone with the “TLS verify subject name” set to “Cluster FQDN
I don't if that would require changin on certificate on VCE.
Since These require a lot of changes (rollback more difficule). i'm thinking about Clustering wihout any changes on cetiticate. just to have replication and registration redundancy ofr endpoint.
04-10-2016 10:23 AM
hello all,
my customer need to keep the second VCS control for backup only.
i was going through MRA configuration and found that VCS-E Traversal Server zone with the “TLS verify subject name” need to be set to “Cluster FQDN" instead of VCS-C FQDN. VCS-C certificate alreay includ VCS cluster as SAN.
i have two question:
- Do i have to resign VCS-C or VCS-E on this case?
- after setting TLS verify subject name” to Cluster FQDN, how can i force MRA request to go through to the master VCS-C first not to VCS-C secondary?
regards,
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide