We have new deployment.
Scenario is like this.
All users are external users. Every user will access the datacenter through VPN concentrator. In the same datacenter we have CUCM and Cisco Meeting Server.
We have perimeter firewall and DC firewall with HA.
All users will access resources through perimeter firewall DMZ. All users will not have internet access. Nothing will be published on internet.
There is no public DNS server involved.
no physical hard phone used. users will only use jabber client only through windows 10. no jabber mobile client will be used also.
This is not a VPN less situation. There is VPN but no internet access from DC or this network to internet.
now im really confused whether to use Expressway E and C or not. also Whether to use CMS core and Edge or not.
Collaboration in this scenario we have physical servers as like this.
1. BE6000H-M4 - CUCM , CUC, IMP, EXP-E, EXP-C
2. BE6000H-M4- CUCM , CUC, IMP, EXP-E, EXP-C
3. Cisco meeting server 1000 - CMS-C, CMS-E, RECORDER
There is Recorder server also.
Can you please help me in this situation which is the best way to design. Since there is DMZ i think its better to use all Edge core situation. or should we eliminate them ? what is the best practice in this situation. Security is highly concerned in this scenario too. can we do without public DNS server or any DNS for jabber.
Solved! Go to Solution.
Agreed. my scenario is little different. here we are using VPN. normally we use expressway for VPN-Less situation right? here there is VPN connection then we use express way. Its a must for us to use VPN. without VPN it should not work. but for security reason it should pass through DMZ ie expressway Edge.
is it ok to do that way?
i would like to know the best way expressway c and E interfaces connected to physical connection.
VPN and Expressway are 2 different things, MRA over Expressway is much newer than VPN connection for phones or Jabber clients and is the recommended solution for such connections. If you however already have working VPN connectivity for your devices that is perfectly fine. There is no dependency on Expressways for VPN connected devices as those connections never traverse it, think of these as 2 completely different methods for connecting remote devices to your enterprise Collab environment.
As to security concern/question, bot VPN and MRA solution have their own method of security and if implemented correctly provide secured connections.