Solved: I would suggest being honest

Amandeep Virk · ‎09-13-2016

Hello,

We have implemented a CMR hybrid solution in our Organization. We have following application on premises:

1. TMS and TMS XE on the same server

2. Conductor

3. vTS

4. Expressway C & E

And

5. WebEx CMR Hybrid enable

6. Office 365 cloud

Problem: All users connect to outlook client to schedule CMR hybrid meeting. When users are in the office then it works fine. However when user is working remotely and not connected to VPN. They can access outlook client to check the email, however can't schedule CMR hybrid meeting. They need to connect to VPN just to shedule the meeting.

Query: if we plan to put TMS XE in DMZ, Is this s supported solution?

Jonathan Robb · ‎09-15-2016

Hi Amandeep,

This is not an unsupportable deployment - from the TAC perspective it only matters that the FQDN of the TMSXE server with booking service can be found via DNS and port 443 over TCP is reachable from the outside.

If you have any additional questions feel free to ask here or even create a TAC case and let me know the number.

-Jonathan

View solution in original post

Jonathan Unger · ‎09-25-2016

Hi Amandeep,

Cisco doesn't care where the TMSXE server lives as long as the DNS and port requirements are met.

As mentioned by jorobb clients will need to be able to resolve the FQDN of the TMSXE server and communicate with it on port 443.

TMSXE will also need to be able to communicate with TMS and EWS.

Does that answer your question?

View solution in original post

Jonathan Robb · ‎09-15-2016

Hi Amandeep,

This is not an unsupportable deployment - from the TAC perspective it only matters that the FQDN of the TMSXE server with booking service can be found via DNS and port 443 over TCP is reachable from the outside.

If you have any additional questions feel free to ask here or even create a TAC case and let me know the number.

-Jonathan

Amandeep Virk · ‎09-16-2016

Thanks Jonathan.

I can't open a TAC case directly, however i want to have confirmation that Cisco supports this deployment as I want show a confirmation to my management that this is a supported deployment and Cisco will support if we have any issues.

I will really appreciate if i could get a confirmation on this.

Thanks,

Amandeep

Amandeep Virk · ‎09-19-2016

It's really important to have this confirmation before actually implementing the TMSXE in DMZ. Could anybody please help me to get confirmation OR document stating the solution OR any supportive information?

Jonathan Unger · ‎09-25-2016

Hi Amandeep,

Cisco doesn't care where the TMSXE server lives as long as the DNS and port requirements are met.

As mentioned by jorobb clients will need to be able to resolve the FQDN of the TMSXE server and communicate with it on port 443.

TMSXE will also need to be able to communicate with TMS and EWS.

Does that answer your question?

Amandeep Virk · ‎09-26-2016

Jonathan Unger, Thanks for you response.

However I am looking for document Or some kind of confirmation on this as when I raise this concern with our vendor then they say that they have confirmed with Cisco and Cisco said this deployment is not supported.

At this point, I have to raise my concern again, however I can't do without any solid confirmation.

It will be really helpful if I could get some solid confirmation on this.

Thanks.

Jonathan Unger · ‎09-26-2016

I would suggest being honest with your vendor and asking them to pass along the documentation from Cisco saying it is not supported.

That is a pretty fair ask in my opinion because there is nothing in the TMSXE documentation that I have seen saying a DMZ deployment is not supported.

At the end of the day TMSXE isn't using any crazy protocols to do it's job, mainly HTTPS 443. No obvious reason why it couldn't be dropped in a DMZ...

Amandeep Virk · ‎09-26-2016

You are right. This is really a fair ask if there is no document which says that TMSXE is supported in DMZ then there should be a document which says that TMSXE is not supported in DMZ(As per our vendor).

I am going to ask for the document from our Vendor. I will update the thread.

Thanks a lot.

Jonathan Unger · ‎10-06-2016

Just curious, was your vendor ever able to produce documentation saying that TMSXE in a DMZ is unsupported?

Amandeep Virk · ‎10-06-2016

Here is the response I got from Cisco:

unfortunately there is no documentation available however as per the BU it is strongly not recommended to put the TMS XE out on the DMZ for security concerns even though TAC may support it. From a TAC perspective, the support would be limited given that they do not care where the application lives, but they will not support the underlying OS for doing so.

Jonathan Unger · ‎10-06-2016

Thanks for posting the response on the thread!

TMS XE in DMZ supported by Cisco?