cancel
Showing results for 
Search instead for 
Did you mean: 
cancel

Design: jabber with expressway C and E and CMS C and E connected through VPN

jaheshkhan
Enthusiast
Enthusiast

We have new deployment.

Scenario is like this.

 

All users are external users. Every user will access the datacenter through VPN concentrator. In the same datacenter we have CUCM and Cisco Meeting Server.

We have perimeter firewall and DC firewall with HA.
All users will access resources through perimeter firewall DMZ. All users will not have internet access. Nothing will be published on internet.

There is no public DNS server involved.

no physical hard phone used. users will only use jabber client only through windows 10. no jabber mobile client will be used also.


This is not a VPN less situation. There is  VPN but no internet access from DC or this network to internet.
now im really confused whether to use Expressway E and C or not. also Whether to use CMS core and Edge or not.

 

Collaboration in this scenario we have physical servers as like this.


1. BE6000H-M4 - CUCM , CUC, IMP, EXP-E, EXP-C

2. BE6000H-M4- CUCM , CUC, IMP, EXP-E, EXP-C

3. Cisco meeting server 1000 - CMS-C, CMS-E, RECORDER

There is Recorder server also.


Can you please help me in this situation which is the best way to design. Since there is DMZ i think its better to use all Edge core situation. or should we eliminate them ? what is the best practice in this situation. Security is highly concerned in this scenario too. can we do without public DNS server or any DNS for jabber.

1 ACCEPTED SOLUTION

Accepted Solutions

No, RMS are used for Business to Business video calls, so any outgoing or incoming calls to/from other organizations (DNS zone).

View solution in original post

10 REPLIES 10

Chris Deren
Hall of Fame Master Hall of Fame Master
Hall of Fame Master

Expressway with MRA config is the preferred method for connecting remote phones/Jabber clients as it's FREE and does not require any VPN license, etc. The Expressway deployment guides provide good background on how it works and how to deploy it.

Agreed. my scenario is little different. here we are using VPN. normally we use expressway for VPN-Less situation right? here there is VPN connection then we use express way. Its a must for us to use VPN. without VPN it should not work. but for security reason it should pass through DMZ ie expressway Edge.

is it ok to do that way?

i would like to know the best way expressway c and E interfaces connected to physical connection.

VPN and Expressway are 2 different things, MRA over Expressway is much newer than VPN connection for phones or Jabber clients and is the recommended solution for such connections. If you however already have working VPN connectivity for your devices that is perfectly fine.  There is no dependency on Expressways for VPN connected devices as those connections never traverse it, think of these as 2 completely different methods for connecting remote devices to your enterprise Collab environment.

As to security concern/question, bot VPN and MRA solution have their own method of security and if implemented correctly provide secured connections.

thank you for your fast reply. so what you recommend is not to use expressway in this situation?
what happens if we use expressway in a VPN situation because all users are landing on DMZ.
Even i cannot see a scope for that. but security engineer suggest to use it? will it be beneficial in security point of view?

do we need RMS license if using expressway for jabber client.
jabber will use CMS 1000 for adhoc conferencing. in that case Expressway need RMS license ? we dont have RMS license now.

No, Jabber devices using MRA for calling do not use RMS licenses.

so RMS license is only for Telepresence Devices?

No, RMS are used for Business to Business video calls, so any outgoing or incoming calls to/from other organizations (DNS zone).

im facing another issue configuring recorder with callbridge.
Postman chrome is the one im using for api configuration of callbridge.
when i do POST, GET operation it ended up with bad request of 400. it gives something like syntax error.

where should i troubleshoot. i get 200 ok for authentication page.
im following the below guide:

https://www.cisco.com/c/en/us/support/docs/conferencing/meeting-server/202722-Configure-Recorder-in-CMS-Acano-Call-Bri.html

is it becasue of xmpp connection with callbridge? deployment is single combined server one.

nobody to help?
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: