Guest

Cisco Unified E-Mail Interaction Manager

Unified Web and E-Mail Interaction Manager: Web Server in a DMZ Configuration Example

Document ID: 113551

Updated: May 23, 2012

   Print

Introduction

Cisco Unified Web Interaction Manager (Unified WIM) application servers typically reside within a business’ internal network, which means that an external web server is required for chat sessions with customers on the Internet. Access to shared file systems and database (DB) servers on a corporate intranet is typically prohibited from external web servers in a demilitarized zone (DMZ). This means that the web server component for Cisco Unified E-Mail Interaction Manager (Unified EIM) and WIM cannot be installed using the installer.

This document describes how to manually configure a web server located in a DMZ.

Prerequisites

Requirements

Ensure that you meet these requirements before you attempt this configuration:

  • Unified WIM Installation - All the required Unified WIM components must be installed and verified on servers located within the corporate intranet.

  • DNS Requirements - An external DNS record must be created for the external web server(s). If there are multiple external web servers, the external DNS record must correspond to a load balancer.

  • Firewall Requirements - The external firewall (between the Internet and the DMZ) must be configured in order to allow access on port 80 for the hostname in the external DNS record. The internal firewall (between the DMZ and the corporate intranet) must be configured in order to allow access on ports 15006, 15007, and 15008.

All the required Unified WIM components must be installed and verified on servers located within the corporate intranet.

Components Used

This document is not restricted to specific software and hardware versions.

The information in this document was created from the devices in a specific lab environment. All of the devices used in this document started with a cleared (default) configuration. If your network is live, make sure that you understand the potential impact of any command.

Conventions

Refer to the Cisco Technical Tips Conventions for more information on document conventions.

Background Information

For this discussion, it is assumed that the configured web site is the “Default Web Site”. The steps needed in order to create a web site are not included in this document.

Configure the Default Web Site

These sections describe how to configure the Default Web Site in IIS for Cisco Unified WIM. These steps must be performed on each external web server in the Unified WIM installation.

Install Files for File Server

Since the file share on the file server cannot be accessed from the DMZ, the files on the file server must be manually installed on each external web server.

Complete these steps:

  1. On the file server, create a ZIP file of the Cisco_Home > eService folder.

  2. Copy the ZIP file to each external web server.

  3. On each external web server, create a folder named Cisco (for example, C:\Cisco).

  4. On each external web server, unzip the ZIP file into the folder created in Step 3, such that the resulting pathname is C:\Cisco\eService.

Install Files for JBoss ISAPI Filter

Unzip jboss-iis.zip in the home directory for the Default Web Site (typically, C:\Inetpub\wwwroot). This results in C:\Inetpub\wwwroot\jboss-iis. Verify that this folder contains these files:

  • isapi_redirect.dll

  • isapi_redirect.properties

  • uriworkermap.properties

  • workers.properties

Update isapi_redirect.properties

The JBoss ISAPI filter configuration file isapi_redirect.properties contains a property specifying where a log file is located. The value for this property must be updated in order to reflect the location of this log file on a local drive.

Complete these steps in order to update this value:

  1. Locate the log_file property.

  2. If required, replace C:\Cisco with the pathname of the folder created in Step 3 of Install Files for File Server.

  3. Replace hostname.egain.net with the fully qualified hostname of the external web server.

Repeat these steps on each external web server.

Update workers.properties

The JBoss ISAPI filter configuration file workers.properties contains three properties specifying the fully qualified hostname for a JBoss application server. Each external web server must be paired with a different JBoss application server. The value for this property must be updated in order to reflect the hostname for the appropriate JBoss application server.

Complete these steps in order to update these values:

  1. For the worker.default.host property, replace appserver.egain.net with the fully qualified hostname for the appropriate JBoss application server.

  2. For the worker.pushlet.host property, replace appserver.egain.net with the fully qualified hostname for the appropriate JBoss application server.

  3. For the worker.live.host property, replace appserver.egain.net with the fully qualified hostname for the appropriate JBoss application server.

Repeat these steps on each external web server.

Configure the Default Web Site

Complete these steps:

  1. Right-click Default Web Site, and choose Properties from the drop-down menu.

  2. On the Home Directory tab, verify the values for these fields:

    1. For Local path, verify that the value is C:\Inetpub\wwwroot.

    2. For Application pool, verify that the value is DefaultAppPool.

    unifiedwim-44webserver-01.gif

  3. Add application mappings for these extensions on the Default Web Site:

    • .controller

    • .egain

    • .jsp

  4. Click Configuration… in order to launch the Application Configuration window.

  5. For each application mapping:

    1. Click Add in order to launch the Add/Edit Extension Mapping window.

    2. Enter C:\Inetpub\wwwroot\jboss-iis\isapi_redirect.dll for the Executable.

    3. Enter one of the extensions listed above for the Extension.

    4. Enter GET,HEAD,POST,TRACE for the Verbs.

    5. Make sure Script engine is checked.

    6. Make sure Verify that file exists is not checked.

    unifiedwim-44webserver-02.gif

  6. On the Web Site tab, verify that the value for the IP address field is All Unassigned. This is valid as long as the Default Web Site is the only web site configured.

    unifiedwim-44webserver-03.gif

  7. On the ISAPI Filters tab, Add... an ISAPI filter with these field values:

    • jboss-iis for the Filter name

    • C:\Inetpub\wwwroot\jboss-iis\isapi_redirect.dll for the Executable

    unifiedwim-44webserver-04.gif

  8. In the HTTP Headers Tab, add these MIME Types on the Default Web Site:

    Extension MIME Type
    .css text/css
    .htm text/html
    .html text/html
    .properties application/octet-stream
    .tlx application/text
    .* application/octet-stream

    unifiedwim-44webserver-05.gif

Create Virtual Directories

Complete these steps:

  1. Create these virtual directories on the Default Web Site:

    • <partition_name> - The partition name specified when installing the application (for example, "default").

    • system

    • jboss-iis

    There is a wizard that prompts for the information required in order to create a virtual directory. The wizard is comprised of these sequence of screens:

    unifiedwim-44webserver-06.gif

  2. On the Virtual Directory Alias screen, enter the name of the virtual directory being created (for example, “system” or “jboss-iis”).

    unifiedwim-44webserver-07.gif

  3. On the Web Site Content Directory screen, enter the absolute pathname for the eService folder created in Install Files for File Server (for example, C:\Cisco\eService) when creating the “<partition_name>” or “system” virtual directories, and enter C:\Inetpub\wwwroot\jboss-iis when creating the “jboss-iis” virtual directory.

    unifiedwim-44webserver-08.gif

  4. On the Virtual Directory Access Permissions screen, accept the default configuration (“Read” permission only).

    unifiedwim-44webserver-09.gif

    unifiedwim-44webserver-10.gif

Configure Virtual Directories

Complete these steps:

  1. Right-click on the <partition_name>, system, or jboss-iis virtual directories, and select Properties from the drop-down menu.

  2. On the Virtual Directory tab, change the value for Execute permissions to Scripts and Executables.

    unifiedwim-44webserver-11.gif

  3. On the Documents tab, the list of default content pages should contain only one entry for the <partition_name> and system virtual directories:

    • <partition_name>.asp for the <partition_name> virtual directory

    • system.asp for the system virtual directory

    unifiedwim-44webserver-12.gif

  4. For the jboss-iis virtual directory, the list of default content pages should be empty. Verify that the Enable default content page checkbox is not selected.

    unifiedwim-44webserver-13.gif

Create the "jboss-iis" Web Service Extension

Complete these steps in order to create the jboss-iis Web Service Extension:

  1. Select the Web Service Extension folder.

  2. Select the Add a new Web service extension … link.

  3. Enter jboss-iis for the Extension name.

  4. Enter C:\Inetpub\wwwroot\jboss-iis\isapi_redirect.dll for the Required files.

  5. Check the Set extension status to Allowed checkbox.

unifiedwim-44webserver-14.gif

Known Caveat

Since the file share is localized to the web server in the DMZ, any changes to the application (for example, users making changes to the dictionary by adding or deleting words) need to be propagated manually from the file system to each web server in the DMZ. The same thing must be done when patches are applied to the file server.

As a best practice, make sure that these directories are synced automatically every night:

  • bin

  • config

  • l10n

  • META-INF

  • reports

  • web

  • webtemp

Verify

There is currently no verification procedure available for this configuration.

Troubleshoot

There is currently no specific troubleshooting information available for this configuration.

Related Information

Updated: May 23, 2012
Document ID: 113551