Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 6.x
Installing Web Conferencing for a Segmented Meeting Access Configuration
Downloads: This chapterpdf (PDF - 237.0KB) The complete bookPDF (PDF - 1.82MB) | Feedback

Installing Web Conferencing for a Segmented Meeting Access Configuration

Table Of Contents

Installing Web Conferencing for a Segmented Meeting Access Configuration

About Segmented Meeting Access

About the SMA-2S Configuration

About the SMA-2S Configuration with SSL and Segmented DNS

About the SMA-2S Configuration and Video-Enabled Systems

Preinstallation Tasks: Web Conferencing in an SMA-2S Configuration

Installation Tasks: Web Conferencing in an SMA-2S Configuration

Copying GUIDS from the Internal Web Server to the External Web Server

Postinstallation Tasks: Web Conferencing in an SMA-2S Configuration


Installing Web Conferencing for a Segmented Meeting Access Configuration


Cisco Unified MeetingPlace Web Conferencing supports a segmented meeting access configuration that allows you to provide external access to your users while maintaining network security. Although you can provide external access to Cisco Unified MeetingPlace web conferences by simply opening ports in your firewall, we do not recommend this option because it lacks security.

This chapter contains the following sections:

About Segmented Meeting Access

Preinstallation Tasks: Web Conferencing in an SMA-2S Configuration

Installation Tasks: Web Conferencing in an SMA-2S Configuration

Postinstallation Tasks: Web Conferencing in an SMA-2S Configuration


Note Before reviewing this chapter, please read System Requirements for Cisco Unified MeetingPlace Release 6.0 at http://www.cisco.com/en/US/products/sw/ps5664/ps5669/prod_installation_guides_list.html.


About Segmented Meeting Access

While external participation is possible by controlling port access through a firewall, we highly recommend that you consider a segmented meeting access (SMA) configuration instead. SMA configurations isolate some meetings on the private corporate network while exposing others, designated as external, to the Internet. Users designate their meetings as internal or external during the scheduling process by setting the Allow External Web Participants parameter on the New Meeting scheduling page.

Typically, a Cisco MCS is placed in the demilitarized zone, or DMZ, a network segment created between the private corporate network and the Internet to host meetings for external access.


Note The Segmented Meeting Access-1 Server (SMA-1S) configuration supported in previous releases of Cisco Unified MeetingPlace Web Conferencing is no longer supported in Release 6.x.


The following sections describe the supported SMA configurations:

About the SMA-2S Configuration

About the SMA-2S Configuration with SSL and Segmented DNS

About the SMA-2S Configuration and Video-Enabled Systems

About the SMA-2S Configuration


Note For requirements, refer to the "Segmented Meeting Access Requirements" sections of System Requirements for Cisco Unified MeetingPlace at http://www.cisco.com/en/us/products/sw/ps5664/ps5669/prod_installation_guides_list.html. New installations of Cisco Unified MeetingPlace Web Conferencing Release 6.0 require a Cisco MCS.


In the Segmented Meeting Access-2 Servers (SMA-2S) configuration, Cisco Unified MeetingPlace Web Conferencing is deployed on two separate web servers or two separate clusters of web servers. One is on the internal network, behind the firewall; the other is on another network segment, such as a DMZ. The internal server or cluster is accessible only from behind the firewall, while the external server or cluster is accessible from inside or outside the firewall.

While internal users have access to the full-access Web Conferencing user interface, external users have access to an attend-only web page that allows attendance only to external meetings.

The SMA-2S configuration is the preferred and most secure deployment model if you want to provide external access to Cisco Unified MeetingPlace web conferences.

We highly recommend that you configure external web servers to use Secure Sockets Layer (SSL). This provides optimum security and resolves proxy server issues that can prevent users from joining a web conference. (For more information, refer to the "Configuring External Access to Cisco Unified MeetingPlace Web Conferencing" chapter of the Configuration Guide for Cisco Unified MeetingPlace Web Conferencing at http://www.cisco.com/en/US/products/sw/ps5664/ps5669/products_installation_and_configuration_guides_list.html.)


Note If you configure SSL on an external web server and users will access the server through a firewall, make sure that TCP port 443 is open inbound on your firewall for both of the hostnames or IP addresses on the server.


Figure 3-1 Segmented Meeting Access-2 Server Configuration

1

Internal Cisco Unified MeetingPlace web server

This web server sits inside the private corporate network.

2

External Cisco Unified MeetingPlace web server

This web server sits in a network segment, such as a DMZ.

3

Internal user

Internal users enter internal meetings through the internal web server.

Internal users enter external meetings through the external web server.

4

External user

External users can enter external meetings only.

Users enter these meetings through the external web server.


About the SMA-2S Configuration with SSL and Segmented DNS

If your Cisco Unified MeetingPlace Web Conferencing system has SSL configured on the external web server and a segmented DNS, the segmented DNS name cannot be the same as the SSL certificate name on the external or internal machine. See the following example for configuration guidelines.

Example

You have an SMA-2S configuration in which SSL is required for external users but is not required for internal users who are accessing the internal or external machine.

The segmented DNS name is meetingplace.company.com.

The SSL certificate name for the external machine is meetingplace1.company.com.

The hostname for the external machine from the internal machine is meetingplace1.

All URLs and click-to-attend links are in the form of http://meetingplace.company.com.

When users access http://meetingplace.company.com from the external network, the external machine will automatically redirect them to HTTPS plus whatever hostname is configured in the database—in this case, meetingplace1.


Note If you force SSL on all users, both internal and external users will be forced to use SSL when they access the external web server.


About the SMA-2S Configuration and Video-Enabled Systems

In a Segmented Meeting Access-2 Server (SMA-2S) deployment, note the following considerations:

If the Video Integration is deployed on the internal web server, users can schedule internal video-enabled meetings from the web. Requests to schedule external video meetings are denied. (In this case, users must make sure the Allow External Web Participants parameter on the New Meeting scheduling page is set to No.)

If the Video Integration is deployed on the external web server, users can schedule external video meetings from the web. Requests to schedule internal video meetings are denied. (In this case, users must make sure the Allow External Web Participants parameter on the New Meeting scheduling page is set to Yes.)

Preinstallation Tasks: Web Conferencing in an SMA-2S Configuration


Note If you are installing either an internal cluster or external cluster as part of your SMA-2S deployment, see Chapter 4, "Installing Web Conferencing in a Load Balancing Configuration" and follow the follow the preinstallation, installation, and post-installation tasks in that chapter rather than the tasks in this chapter.


Before attempting to install Cisco Unified MeetingPlace Web Conferencing, refer to System Requirements for Cisco Unified MeetingPlace at http://www.cisco.com/en/US/products/sw/ps5664/ps5669/prod_installation_guides_list.html for updated system requirements.

After reviewing system requirements, complete the following preinstallation tasks:

1. Install and configure the Audio Server, which will be used by both the internal and external servers. See the "Installing Cisco Unified MeetingPlace Audio Server" section on page 2-2.

2. Determine the licenses needed for Web Conferencing. See the "Planning Web Conferencing License Usage" section on page 2-2.

3. Determine the SQL Server instances that the internal and external Web Conferencing servers will be using. SQL Server can be installed locally on the web server or remotely on a separate, dedicated SQL server; however, the internal and external Web Conferencing servers must use separate SQL Server instances.

For the internal server, complete the following tasks:

4. If you will be using a remote SQL Server instance for the internal server, install it. See the "Installing SQL Server on a Remote Server" section on page 2-2.

5. Gather the values needed for the installation of the internal server. This must be a Cisco MCS inside your private corporate network. See the "Gathering Web Conferencing Installation Values" section on page 2-3

For the external server, complete the following tasks:

6. If you will be using a remote SQL Server instance for the external server, install it. See the "Installing SQL Server on a Remote Server" section on page 2-2.

7. Gather the values needed for the installation of the external server. This must be a Cisco MCS in a network segment, such as a DMZ. See the "Gathering Web Conferencing Installation Values" section on page 2-3.

Installation Tasks: Web Conferencing in an SMA-2S Configuration

1. Install the operating system on the internal web server. See the "Installing the Operating System on the Cisco MCS Server" section on page 2-5.

2. Configure network settings on the internal web server. See the "Configuring Network Settings on the Cisco MCS Server" section on page 2-5.

3. Install the Web Conferencing software on the internal web server. For Server Location, choose Internal (Full Access). See the "Installing Web Conferencing" section on page 2-9.

4. Install the operating system on the external web server. See the "Installing the Operating System on the Cisco MCS Server" section on page 2-5.

5. Configure network settings on the external web server. See the "Configuring Network Settings on the Cisco MCS Server" section on page 2-5.

6. Copy the GUIDS from the internal web server to the external server, and run the file on the external server to install registry entries. See the "Copying GUIDS from the Internal Web Server to the External Web Server" section.

7. Install the Web Conferencing software on the external web server. For Server Location, choose External (Limited Access). See the "Installing Web Conferencing" section on page 2-9.

Copying GUIDS from the Internal Web Server to the External Web Server

The GUIDS entries for site and system must match between the internal and external web servers. Make sure that you run the GUIDS.reg file on each external web server before installing Cisco Unified MeetingPlace Web Conferencing.

To Copy GUIDS from the Internal Web Server to the External Web Server


Step 1 Copy the GUIDS.reg file from the internal web server (located in the Program Files\Cisco Systems\MPWeb directory).

Step 2 Paste the GUIDS.reg file to the Temp directory on the external web server.

Step 3 On the external web server, double-click the GUIDS.reg file to install it.

Step 4 When prompted to add the information from the GUIDS.reg file to the registry, click OK.


Postinstallation Tasks: Web Conferencing in an SMA-2S Configuration

1. Perform the following postinstallation tasks as appropriate for both the internal and external web servers:

(Optional) Installing the Cisco Security Agent for Cisco Unified MeetingPlace Web Conferencing, page 2-14

(Optional) Creating and Using a Least-Privileged SQL Account for Web Conferencing, page 2-14

2. Configure the SMA-2S deployment. Refer to the "Configuring External Access to Cisco Unified MeetingPlace Web Conferencing" chapter of the Configuration Guide for Cisco Unified MeetingPlace Web Conferencing at http://www.cisco.com/en/US/products/sw/ps5664/ps5669/products_installation_and_configuration_guides_list.html.