04-26-2018 11:52 PM - edited 03-19-2019 01:18 PM
We have new deployment.
Scenario is like this.
All users are external users. Every user will access the datacenter through VPN concentrator. In the same datacenter we have CUCM and Cisco Meeting Server.
We have perimeter firewall and DC firewall with HA.
All users will access resources through perimeter firewall DMZ. All users will not have internet access. Nothing will be published on internet.
There is no public DNS server involved.
no physical hard phone used. users will only use jabber client only through windows 10. no jabber mobile client will be used also.
This is not a VPN less situation. There is VPN but no internet access from DC or this network to internet.
now im really confused whether to use Expressway E and C or not. also Whether to use CMS core and Edge or not.
Collaboration in this scenario we have physical servers as like this.
1. BE6000H-M4 - CUCM , CUC, IMP, EXP-E, EXP-C
2. BE6000H-M4- CUCM , CUC, IMP, EXP-E, EXP-C
3. Cisco meeting server 1000 - CMS-C, CMS-E, RECORDER
There is Recorder server also.
Can you please help me in this situation which is the best way to design. Since there is DMZ i think its better to use all Edge core situation. or should we eliminate them ? what is the best practice in this situation. Security is highly concerned in this scenario too. can we do without public DNS server or any DNS for jabber.
Solved! Go to Solution.
05-11-2018 07:42 AM
No, RMS are used for Business to Business video calls, so any outgoing or incoming calls to/from other organizations (DNS zone).
04-27-2018 06:10 AM
Expressway with MRA config is the preferred method for connecting remote phones/Jabber clients as it's FREE and does not require any VPN license, etc. The Expressway deployment guides provide good background on how it works and how to deploy it.
04-28-2018 08:49 AM
Agreed. my scenario is little different. here we are using VPN. normally we use expressway for VPN-Less situation right? here there is VPN connection then we use express way. Its a must for us to use VPN. without VPN it should not work. but for security reason it should pass through DMZ ie expressway Edge.
is it ok to do that way?
i would like to know the best way expressway c and E interfaces connected to physical connection.
04-29-2018 09:19 AM
VPN and Expressway are 2 different things, MRA over Expressway is much newer than VPN connection for phones or Jabber clients and is the recommended solution for such connections. If you however already have working VPN connectivity for your devices that is perfectly fine. There is no dependency on Expressways for VPN connected devices as those connections never traverse it, think of these as 2 completely different methods for connecting remote devices to your enterprise Collab environment.
As to security concern/question, bot VPN and MRA solution have their own method of security and if implemented correctly provide secured connections.
04-29-2018 09:36 AM
05-11-2018 07:24 AM
05-11-2018 07:28 AM
No, Jabber devices using MRA for calling do not use RMS licenses.
05-11-2018 07:29 AM
05-11-2018 07:42 AM
No, RMS are used for Business to Business video calls, so any outgoing or incoming calls to/from other organizations (DNS zone).
05-11-2018 07:51 AM
04-29-2018 09:14 AM
Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: