Configuration Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.
Configuring External Access to Cisco Unified MeetingPlace Web Conferencing

Table Of Contents

Configuring External Access to Cisco Unified MeetingPlace Web Conferencing

About Firewalls

Firewall Basics

Port Access Requirements with a Firewall

About Segmented Meeting Access

About the SMA-1S Configuration

About the SMA-2S Configuration

About the SMA-2S Configuration with SSL and Segmented DNS

How to Configure the SMA-1S Deployment

Understanding the SMA-1S Configuration Process for Release 5.3(104)

Understanding the SMA-1S Configuration Process for Release 5.3(235) and Later Releases

How to Configure IIS

Configuring the Default Web Site

Creating the Internal Web Site

Creating the MPWEB Virtual Directory

Configuring the MPWEB Virtual Directory

Configuring the Extensions Virtual Directory

Configuring the Scripts Virtual Directory

Configuring the WebHelp Virtual Directory

Configuring the Public Virtual Directory

Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3

How to Configure Secure Sockets Layer

Understanding the SSL Configuration Process

Creating a New Certificate File and Obtaining a .cer File

Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website

Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page

Enabling SSL in IIS

Optional Tasks for Configuring SMA-1S

Removing Cisco Unified MeetingPlace for Cisco IP Phone Integration Files

Configuring the SMA-1S Internal Site for Single Sign On-NT Authentication

How to Configure the SMA-2S Deployment

Understanding the SMA-2S Configuration Process

Configuring Redirection of External Meetings

How to Test Your Segmented Meeting Access Configuration

Testing Internal Meetings

Testing External Meetings


Configuring External Access to Cisco Unified MeetingPlace Web Conferencing


Though you can provide external access to Cisco Unified MeetingPlace web conferences by simply opening ports in your firewall, we do not recommend this option because it lacks security. Alternately, Cisco Unified MeetingPlace Web Conferencing supports two segmented meeting access configurations that allow you to provide external access to your users while maintaining network security.

This chapter contains the following sections:

About Firewalls

About Segmented Meeting Access

How to Configure the SMA-1S Deployment

How to Configure IIS

How to Configure Secure Sockets Layer

Optional Tasks for Configuring SMA-1S

How to Configure the SMA-2S Deployment

How to Test Your Segmented Meeting Access Configuration

About Firewalls

This section contains information about the following topics:

Firewall Basics

Port Access Requirements with a Firewall

Firewall Basics

A firewall is a security device set up to protect a company's local area network (LAN) from unwanted Internet access. However, you can provide limited access by opening specific TCP ports to allow inbound access to public servers while leaving other portions of the network protected. For example, when a user on the Internet connects to a company's home page, the user must pass through TCP port 80 of the company's firewall to access the web server, as shown in Figure 6-1.

Therefore, if you do nothing else, you can allow external access to Cisco Unified MeetingPlace web conferences by opening ports on your network.

Figure 6-1 Typical Firewall Setup

1

Cisco Unified MeetingPlace web server inside the private corporate network.

2

End-user system outside the private corporate network.


Port Access Requirements with a Firewall

As long as port 80 is open inbound on your organization's firewall, external users using the meeting console are able to participate in a Cisco Unified MeetingPlace web conference. However, port 80 requires "tunneling" and results in slower web-conferencing. Therefore, for an optimal web-conferencing experience, we strongly recommend that you also open TCP port 1627 inbound when using the meeting console.

If an external user wants to host a web conference using a T.120 application like NetMeeting, you must also open TCP port 1503 inbound so that the T.120 application can connect to the web server.

Figure 6-2 shows the specific ports you need to open so that the meeting console and T.120 applications can connect to the web server through a firewall. If external attendees are also located behind a firewall, they must open the same ports outbound on their end.

Figure 6-2 Port Access Requirements with a Firewall

1

Cisco Unified MeetingPlace Audio Server system

2

Cisco Unified MeetingPlace web server


About Segmented Meeting Access

While external participation is possible by controlling port access through a firewall, we highly recommend that you consider a segmented meeting access (SMA) configuration instead. SMA configurations isolate some meetings on the private corporate network while exposing others, designated as external, to the Internet. Users designate their meetings as internal or external during the scheduling process by setting the Allow Internet Access parameter on the New Meeting scheduling page.

Typically, a Cisco MCS is placed in the demilitarized zone, or DMZ, a network segment created between the private corporate network and the Internet to host meetings for external access.

Cisco Unified MeetingPlace Web Conferencing supports two SMA configurations, which you can decide upon during the Cisco Unified MeetingPlace Web Conferencing installation. For more information, see the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Regardless of which configuration you choose, we highly recommend that you configure external web servers to use Secure Sockets Layer (SSL). This provides optimum security and resolves proxy server issues that can prevent users from joining a web conference. For SSL configuration instructions, see the "How to Configure Secure Sockets Layer" section.

About the SMA-1S Configuration


Note For system requirements, see the "Segmented Meeting Access-1 Server Requirements" section of the Release Notes for your Cisco Unified MeetingPlace Web Conferencing release.


In a Segmented Meeting Access-1 Server (SMA-1S) configuration, a single web server is placed in a network segment, such as a demilitarized zone (DMZ), and two websites provide access to Cisco Unified MeetingPlace Web Conferencing. One of the sites is only accessible from behind the firewall. The other is accessible from inside or outside the firewall.

While internal users have access to the full-access Cisco Unified MeetingPlace Web Conferencing user interface, external users have limited access to an attend-only web page that only allows attendance to external meetings.

The benefits of this configuration are cost effectiveness, since you only require one web server, and a moderate level of security. However, this configuration is more complex to deploy than the Segmented Meeting Access-2 Servers (SMA-2S) configuration and involves setting up virtual websites. It also requires a segmented DNS for a single click-to-attend notification link. If you want to maintain a single click-to-attend link, more DNS work is required.

Figure 6-3 Segmented Meeting Access - 1 Server Configuration

1

Cisco Unified MeetingPlace Audio Server system.

2

Internal DNS server.

3

Cisco Unified MeetingPlace web server.

Note The web server must have two IP addresses.

4

Internal user.

Internal users enter internal meetings through the internal website.

Internal users entering an external meeting are redirected to their meeting from the internal website.

5

External user.

External users access external meetings through the external website.

External users do not have access to internal meetings.

   

About the SMA-2S Configuration


Note For system requirements, see the "Segmented Meeting Access - 2 Server Requirements" section of the of the Release Notes for your release of Cisco Unified MeetingPlace Web Conferencing.


In the Segmented Meeting Access-2 Servers (SMA-2S) configuration, Cisco Unified MeetingPlace Web Conferencing is deployed on two separate web servers or two separate clusters of web servers. One is on the internal network, behind the firewall; the other is on another network segment, such as a DMZ. The internal server or cluster is only accessible from behind the firewall while the external server or cluster is accessible from inside or outside the firewall.

While internal users have access to the full-access Cisco Unified MeetingPlace Web Conferencing user interface, external users have access to an attend-only web page that only allows attendance to external meetings.

The SMA-2S configuration is the preferred and most secure deployment model if you want to provide external access to Cisco Unified MeetingPlace web conferences.


NoteWe highly recommend that you configure external web servers to use Secure Sockets Layer (SSL). This provides optimum security and resolves proxy server issues that can prevent users from joining a web conference. For SSL configuration instructions, see the "How to Configure Secure Sockets Layer" section.

If you are deploying your Cisco Unified MeetingPlace Web Conferencing system with SSL and a segmented DNS, make sure that the DNS name is different from the SSL certificate name on the external or internal web server.


Figure 6-4 Segmented Meeting Access-2 Server Configuration

1

Internal Cisco Unified MeetingPlace web server.

This web server sits inside the private corporate network.

2

External Cisco Unified MeetingPlace web server.

This web server sits in a network segment, such as a DMZ.

3

Internal user.

Internal users enter internal meetings through the internal web server.

Internal users enter external meetings through the external web server.

4

External user.

External users can enter external meetings only.

Users enter these meetings through the external web server.


About the SMA-2S Configuration with SSL and Segmented DNS

If your Cisco Unified MeetingPlace Web Conferencing system has SSL configured on the external web server and a segmented DNS, the segmented DNS name cannot be the same as the SSL certificate name on the external or internal machine. See the following example for configuration guidelines.

Example

You have a SMA-2S configuration where SSL is required for external users, but not required for internal users who are accessing the internal or external machine.

The segmented DNS name is meetingplace.company.com.

The SSL certificate name for the external machine is meetingplace1.

The hostname for the external machine from the internal machine is meetingplace1.

All URLs and click-to-attend links are in the form of http://meetingplace.company.com.

When users access http://meetingplace.company.com from the external network, the external machine will automatically redirect them to HTTPS plus whatever hostname is configured in the database—in this case, meetingplace1.


Note If you force SSL on all users, both internal and external users will be forced to use SSL when they access the external web server.


How to Configure the SMA-1S Deployment

Topics in this section include:

Understanding the SMA-1S Configuration Process for Release 5.3(104)

Understanding the SMA-1S Configuration Process for Release 5.3(235) and Later Releases

Understanding the SMA-1S Configuration Process for Release 5.3(104)

This section provides an overview of the SMA-1S configuration process for Release 5.3(104).

Before You Begin

Read the following sections:

About Segmented Meeting Access

About the SMA-1S Configuration

Install Cisco Unified MeetingPlace Web Conferencing Release 5.3 for a SMA-1S deployment. For instructions, see Chapter 3 in the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Restrictions

This procedure is restricted to Cisco Unified MeetingPlace Web Conferencing Release 5.3(104).

Procedure


Step 1 Configure the default website.

For instructions, see the "Configuring the Default Web Site" section.

Step 2 Create a new website for internal use.

For instructions, see the "Creating the Internal Web Site" section.

Step 3 Create virtual directories.

For instructions, see the following procedures:

Creating the MPWEB Virtual Directory

Configuring the MPWEB Virtual Directory

Configuring the Extensions Virtual Directory

Configuring the Scripts Virtual Directory

Configuring the WebHelp Virtual Directory

Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3

Step 4 (Optional) If you have not already defined the web server, do so now.

For instructions, see Chapter 2 in the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Step 5 (Optional) If you are configuring the SMA-1S internal site for Single Sign On, configure the internal web site to use NT Authentication.

For instructions, see the "Configuring the SMA-1S Internal Site for Single Sign On-NT Authentication" section.

Step 6 Configure the web server for Secure Sockets Layer (SSL) support.

For instructions, see the "How to Configure Secure Sockets Layer" section.

Step 7 Test your configuration.

For instructions, see the "How to Test Your Segmented Meeting Access Configuration" section.


Understanding the SMA-1S Configuration Process for Release 5.3(235) and Later Releases

This section provides an overview of the configuration process for Release 5.3(235) and later releases.

Before You Begin

Read the following sections:

About Segmented Meeting Access

About the SMA-1S Configuration

Install Cisco Unified MeetingPlace Web Conferencing Release 5.3 for a SMA-2S deployment. For instructions, see Chapter 3 in the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Restrictions

This procedure is restricted to Cisco Unified MeetingPlace Web Conferencing Release 5.3(235) and later releases.

In a SMA-1S deployment, you see only one server defined under the Web Server Admin page. All the parameters on this configuration page control the behavior of both the external (DMZ) web site and the internal web site. This is a limitation of SMA-1S deployment; in addition, to its compromises on security relative to SMA-2S.

You cannot set up mixed http and https. For example, you cannot have the internal site use http and the external site use https.

You cannot set Allow Desktop Sharing independently. For example, you cannot allow desktop sharing for internal meetings while disabling desktop sharing for public meetings.

Parameters under Web Server Customization Values control the behavior of both the internal and external sites.

Procedure


Step 1 Configure IIS.

For instructions, see the "How to Configure IIS" section.

Step 2 (Optional) If you have not already defined the web server, do so now.

For instructions, see Chapter 2 in the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Step 3 (Optional) If you are configuring the SMA-1S internal site for Single Sign On, configure the internal web site to use NT Authentication.

For instructions, see the "Configuring the SMA-1S Internal Site for Single Sign On-NT Authentication" section.

Step 4 Configure the web server for Secure Sockets Layer (SSL) support.

For instructions, see the "How to Configure Secure Sockets Layer" section.

Step 5 Test your configuration.

For instructions, see the "How to Test Your Segmented Meeting Access Configuration" section.


How to Configure IIS

To configure IIS, complete the following tasks in the order shown:


Note If you are configuring Release 5.3(104), you will not require all of these tasks. See the task for release restrictions, if any.


Configuring the Default Web Site

Creating the Internal Web Site

Creating the MPWEB Virtual Directory

Configuring the MPWEB Virtual Directory

Configuring the Extensions Virtual Directory

Configuring the Scripts Virtual Directory

Configuring the WebHelp Virtual Directory

Configuring the Public Virtual Directory

Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3

Configuring the Default Web Site

The default Web site in IIS is automatically configured by the Cisco Unified MeetingPlace Web Conferencing installer as an external (DMZ) site. You do not need to change anything on this site other than the description and IP address.

Before You Begin

Assign the server two IP addresses. You can assign either individual IP addresses to two NICs or two IP addresses to one NIC.

Procedure


Step 1 Open the Default Web Site Properties window.

Step 2 In the Web Site Identification area Description field, enter information to reflect this site is the default site and a DMZ site. For example, you could enter Default DMZ site.

Step 3 From the IP Address drop-down list, assign an IP to this DMZ web site.

Step 4 Proceed to the "Creating the Internal Web Site" section.


Creating the Internal Web Site

Create a second web site to represent the internal web site.

Before You Begin

Complete the "Configuring the Default Web Site" section.

Procedure


Step 1 Open the Internet Information Services window.

Step 2 Right-click the server and choose New > Web Site.

Step 3 When prompted for the Web Site Description, enter MPWeb Internal Site.

Step 4 When prompted for the IP Address and Port Settings, enter the internal IP address.

Step 5 When prompted for the Web Site Home Directory, click Browse and navigate to the \inetpub\wwwroot folder.

By default, this folder is installed on the c: drive.

Step 6 When prompted for the Web Site Access Permissions, uncheck Run scripts (such as ASP).


Note Make sure that only Read access is checked.


Step 7 To complete the site creation wizard, click Next.

Step 8 Proceed to the "Creating the MPWEB Virtual Directory" section.


Creating the MPWEB Virtual Directory

Before You Begin

Complete the "Creating the Internal Web Site" section.

Procedure


Step 1 Right-click on the new site that you created when you completed the "Creating the Internal Web Site" procedure and choose New > Virtual Directory.

Step 2 When prompted for the alias of this virtual directory, enter MPWEB.

Step 3 When prompted for the Web Site Content Directory, click Browse and navigate to the directory where the Cisco Unified MeetingPlace Web Conferencing application is installed.

By default, Cisco Unified MeetingPlace Web Conferencing is installed in c:\Program Files\Cisco Systems\MPWeb.

Step 4 When prompted for the Web Site Access Permissions, uncheck Run scripts (such as ASP).


Note Make sure that only Read access is checked.


Step 5 To complete the site creation wizard, click Next.

Step 6 Proceed to the "Configuring the MPWEB Virtual Directory" section.


Configuring the MPWEB Virtual Directory

Before You Begin

Complete the "Creating the MPWEB Virtual Directory" section.

Procedure


Step 1 Right-click the newly created MPWeb virtual directory and choose Properties.

Step 2 Click the Documents tab.

Step 3 Click Add.

The Add Default Document window appears

Step 4 Enter index.htm and click OK.

Step 5 To add both index.html and index.asp to the list, repeat Step 3 and Step 4.

Step 6 Click Apply; then, click OK.

Step 7 Proceed to the "Configuring the Extensions Virtual Directory" section.


Configuring the Extensions Virtual Directory

Before You Begin

Complete the "Configuring the MPWEB Virtual Directory" section.

Procedure


Step 1 Expand the internal website MPWEB virtual directory so that all folders are visible.

Right-click the \Extensions folder and choose Properties.

Step 2 Click Create.

The Application Name field changes from grayed out to editable, and Extensions displays in the field.

Step 3 From the Execute Permissions field drop-down menu, choose Scripts and Executables.

Step 4 From the Application Protection field drop-down menu, choose Low (IIS Process).

Step 5 To accept the changes, click Apply; then, click OK.

Step 6 Proceed to the "Configuring the Scripts Virtual Directory" section.


Configuring the Scripts Virtual Directory

Before You Begin

Complete the "Configuring the Extensions Virtual Directory" section.

Procedure


Step 1 Right-click on the Scripts folder and choose Properties.

Step 2 Click Create.

The Application Name field changes from grayed out to editable, and Scripts displays in the field.

Step 3 From the Execute Permissions field drop-down menu, choose Scripts and Executables.

Step 4 From the Application Protection field drop-down menu, choose Low (IIS Process).

Step 5 To accept the changes, click Apply; then, click OK.

Step 6 Proceed to the "Configuring the WebHelp Virtual Directory" section.


Configuring the WebHelp Virtual Directory

Before You Begin

Complete the "Configuring the Scripts Virtual Directory" section.

Procedure


Step 1 Right-click the \Scripts\WebHelp subfolder and choose Properties.

Step 2 Click Create.

The Application Name field changes from grayed out to editable, and WebHelp displays in the field.

Step 3 From the Execute Permissions field drop-down menu, choose Scripts only.

Step 4 From the Application Protection field drop-down menu, choose High (Isolated).

Step 5 To accept the changes, click Apply; then, click OK.

Step 6 Complete one of the following:

For Release 5.3(104), proceed to the "Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3" section.

For Release 5.3(235) and later releases, proceed to the "Configuring the Public Virtual Directory" section.


Configuring the Public Virtual Directory

Before You Begin

Complete the "Configuring the WebHelp Virtual Directory" section.

Restriction

This procedure is restricted to Cisco Unified MeetingPlace Web Conferencing Release 5.3(235) and later releases.

Procedure


Step 1 Right-click the \Scripts\Public subfolder and choose Properties.

Step 2 Click Create.

The Application Name field changes from grayed out to editable, and Public displays in the field.

Step 3 From the Application Protection field drop-down menu, choose Low (IIS Process).

Step 4 To accept the changes, click Apply; then, click OK.

Step 5 Proceed to the "Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3" section.


Configuring the Template Virtual Directory for Cisco Unified MeetingPlace Web Conferencing Release 5.3

Before You Begin

If you are configuring Release 5.3(104), complete the "Configuring the WebHelp Virtual Directory" section.

If you are configuring Release 5.3(235) and later releases, complete the "Configuring the Public Virtual Directory" section.

Procedure


Step 1 Right-click the \Template folder and choose Properties.

Step 2 Uncheck Read.

Step 3 To accept the changes, click Apply; then, click OK.

Step 4 Complete one of the following:

For Release 5.3(104), proceed to the "Configuring the Web Server" section on page 2-32.

For Release 5.3(235) and later releases, if you are not deploying Cisco Unified MeetingPlace for Cisco IP Phone, proceed to the "Removing Cisco Unified MeetingPlace for Cisco IP Phone Integration Files" section.

For Release 5.3(235) and later releases, if you are deploying Cisco Unified MeetingPlace for Cisco IP Phone, proceed to the "Configuring the Web Server" section on page 2-32.


How to Configure Secure Sockets Layer

Secure Sockets Layer (SSL) secures information shared in a web conference by encrypting the data for travel across the network.

This section contains the following procedures:

Understanding the SSL Configuration Process

Creating a New Certificate File and Obtaining a .cer File

Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website

Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page

Enabling SSL in IIS

Understanding the SSL Configuration Process

This section provides an overview of the SSL configuration process.

Before You Begin

Read the "About Segmented Meeting Access" section.

Restrictions

You must install Cisco Unified MeetingPlace Web Conferencing before you configure SSL.

If you are using SSL on an external web server, make sure that the hostname on the SSL certificate resolves to the external web server's IP address.

If you are using SSL on a system with a segmented DNS, make sure that the hostname on the SSL certificate differs from the segmented DNS name.

Procedure


Step 1 Obtain a certificate from an authorized Certificate Authority.

For instructions, see the "Creating a New Certificate File and Obtaining a .cer File" section.

Step 2 Apply the certificate to the Cisco Unified MeetingPlace Web Conferencing website.

For instructions, see the "Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website" section.

Step 3 Enable the Require SSL field on the Web Server administrative page.

For instructions, see the "Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page" section.

Step 4 (Optional) Enable SSL security in IIS.

For instructions, see the "Enabling SSL in IIS" section.


Creating a New Certificate File and Obtaining a .cer File

Before You Begin

Read the "Understanding the SSL Configuration Process" section.

Procedure


Step 1 From the Cisco Unified MeetingPlace Web Conferencing machine, open the Internet Services Manager.

Choose Start > Programs > Administrative Tools > Internet Services Manager.

Step 2 Right-click Default Web Site and choose Properties.

The Default Web Site Properties window appears.

Step 3 Click the Directory Security tab and then Server Certificate.

The Web Server Certificate Wizard appears.

Step 4 Click Next.

Step 5 From the Server Certificate window, choose Create a new certificate; then, click Next.

Step 6 From the Delayed or Immediate Request window, choose Prepare the request now, but send it later; then, click Next.

Step 7 Follow the prompts in the wizard to complete creating your certificate file.

Step 8 When you see the Certificate Request File Name window, accept the default to create a certificate file named certreq.txt.

Step 9 Click Next.

You have created a new certificate file.

Step 10 Send this file to your certificate provider in return for a .cer file.

Step 11 Proceed to "Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website" section.


Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website

Before You Begin

You must have the .cer file from your certificate provider that you obtained by completing the procedure in the "Creating a New Certificate File and Obtaining a .cer File" section.

Procedure


Step 1 Install the .cer file on to the web server and note the install location below:

Location ________________________________________________

Step 2 Run the Web Server Certificate Wizard again.

Step 3 From the Pending Certificate Request window, choose Process the pending request and install the certificate; then, click Next.

Step 4 When prompted, enter the location of your .cer file. This is the value you entered in Step 1.

Your website is now set up with a certificate.

Step 5 Proceed to the "Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page" section.


Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page

Before You Begin

Complete the "Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website" section.

Procedure


Step 1 Sign in to Cisco Unified MeetingPlace Web Conferencing.

Step 2 From the Welcome page, click Admin; then, Web Server.

Step 3 From the "View" section of the page, click the name of the web server you want to configure.

Information about this server populates the "Edit" section of the page.

Step 4 For Require SSL, choose Yes or Either.

Choosing Either means that this web server can support both SSL and non-SSL connections.

If you choose Either, you must have configured the website to not require a secure channel (SSL). For more information, see Step 5 in the "Enabling SSL in IIS" section.

Step 5 Click Submit.

Step 6 (Optional) Proceed to the "Enabling SSL in IIS" section.


Enabling SSL in IIS

Before You Begin

Complete the "Configuring SSL From the Cisco Unified MeetingPlace Web Conferencing Administrative Page" section.

Procedure


Step 1 From the Cisco Unified MeetingPlace Web Conferencing machine, open the Internet Services Manager.

From Start > Programs > Administrative Tools, choose Internet Services Manager.

Step 2 From the left panel, right-click the website directory and choose Properties.

Step 3 From the Properties window, click the Directory Security tab.

Step 4 From the Secure Communications window, click Edit.

If Edit is disabled, you did not apply the SSL certificate to the website you are configuring. Return to "Applying the SSL Certificate to the Cisco Unified MeetingPlace Web Conferencing Website" section and apply the SSL certificate before proceeding to Step 5.

Step 5 Configure the Secure Communications window; then, click OK.

To enable only HTTPS transmission, check Require secure channel (SSL).

To enable both HTTP and HTTPS transmissions, uncheck Require secure channel (SSL).

Step 6 Right-click the website directory again and choose Properties.

Step 7 From the Properties window, click the Web Site tab.

Step 8 For SSL Port, enter 443, which is the default port used for HTTPS requests.

Step 9 Click Apply; then, OK to close the window.

Step 10 After making these changes, stop and restart the website you just configured.

a. Right-click the folder and choose Stop.

b. Right-click the folder again and choose Start.


Optional Tasks for Configuring SMA-1S

Topics in this section include:

Removing Cisco Unified MeetingPlace for Cisco IP Phone Integration Files

Configuring the SMA-1S Internal Site for Single Sign On-NT Authentication

Removing Cisco Unified MeetingPlace for Cisco IP Phone Integration Files

For security reasons, we recommend that you remove all the IP phone files under the \Scripts\Public folder if you are not deploying Cisco Unified MeetingPlace for Cisco IP Phone.

Restriction

This procedure is restricted to Release 5.3(235) and later releases.

Procedure


Step 1 Open Windows Explorer.

Step 2 Navigate to the application file location.

On the MCS server, Cisco Unified MeetingPlace Web Conferencing is installed by default in c:\Program Files\Cisco Systems\MPWeb.

Step 3 Open \Scripts\Public.

Step 4 Delete all 79****.asp files.


Configuring the SMA-1S Internal Site for Single Sign On-NT Authentication

You can configure the internal web site to use NT Authentication so that users who are already authenticated on the NT domain are automatically logged in to Cisco Unified MeetingPlace when they access the internal web site.

Before You Begin

The same NT user names must exist as Cisco Unified MeetingPlace profile user IDs in the Cisco Unified MeetingPlace profile database.

Procedure


Step 1 Configure Internet Information Services for Integrated Windows Authentication.

a. From Start > Programs > Administrative Tools, choose Internet Services Manager.

b. Right-click the \Scripts folder of the internal web site and choose Properties.

c. Choose the Directory Security tab; then, click Edit.

d. Uncheck Anonymous Access.

e. Check Integrated Windows Authentication.

f. Click OK; then, click Apply.

Step 2 Configure the web server to use NT authentication.

a. Open a web browser and go to the home page of the internal Cisco Unified MeetingPlace Web Conferencing site.

b. Sign in by using a Cisco Unified MeetingPlace profile with System Manager privileges.

c. From the Welcome page, click Admin; then, Web Server.

d. From the "View" section of the page, click the name of the web server that you want to configure.

Information about this web server populates the "Edit" section of the page.

e. Set Trust Web Server Authentication to Yes.

f. If you are configuring Release 5.3(235) or a later release, do the following:

From the Web Authentication section, set "Step 1: Directory" to Windows Integrated Authentication.

Choose a username conversion function: Lower Case automatically converts usernames to all lower case; Upper Case automatically converts usernames to all upper case.

g. Click Submit.


How to Configure the SMA-2S Deployment

This section includes the following procedures:

Understanding the SMA-2S Configuration Process

Configuring Redirection of External Meetings

Understanding the SMA-2S Configuration Process

This section provides an overview of the SMA-2S configuration process.

Before You Begin

Read the "About the SMA-2S Configuration" section.

When you install multiple web servers, make sure that you synchronize the Purge parameters. For more information, see the "About Data Storage on the Web Server" section on page 3-1.

Install Cisco Unified MeetingPlace Web Conferencing Release 5.3 on your internal web server.

For instructions, see Chapter 3 of the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Copy GUIDS from your internal web server to your external web server.

For instructions, see Chapter 3 of the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Install Cisco Unified MeetingPlace Web Conferencing Release 5.3 on your external web server.

For instructions, see Chapter 3 of the Installation and Upgrade Guide for Cisco Unified MeetingPlace Web Conferencing Release 5.3.

Procedure


Step 1 From the internal web server, configure external meeting redirection.

For instructions, see the "Configuring Redirection of External Meetings" section.

Step 2 (Optional) Configure your external web server for Secure Sockets Layer (SSL) support.

For instructions, see the "How to Configure Secure Sockets Layer" section.

Step 3 Test your configuration.

For instructions, see the "How to Test Your Segmented Meeting Access Configuration" section.


Configuring Redirection of External Meetings

External meetings are held on an external web server so that users can access their meetings from the Internet. Rather than have all of your users log in to a particular external web server, configure automatic redirection of all external meetings from your internal web servers to a designated external web server.

Before You Begin

You must have properly installed Cisco Unified MeetingPlace Web Conferencing on all of your internal and external web servers.

Procedure


Step 1 From the internal web server, sign in to Cisco Unified MeetingPlace Web Conferencing.

Step 2 From the Welcome page, click Admin; then, Web Server.

Step 3 From a blank Web Server Name field, enter the name of a new web server to represent your designated external web server.

Step 4 For Hostname, enter the fully qualified domain name (FQDN) of your external web server, that is, hostname.domain.com. If your web server is not in a Domain Name Server (DNS), enter the IP address instead.

You must be able to resolve this hostname from the internal web server.

If you are using SSL, make sure that the hostname on the SSL certificate resolves to the external web server's IP address.

If you are using SSL and a segmented DNS, make sure that the DNS name and the SSL certificate name differ.

Step 5 To add this web server to the database, click Submit.

This server now appears as part of your list of web servers on the bottom portion of the page.

If you only have one internal web server and one external web server, stop here.

If you have more than one internal web server, proceed to Step 6.

Step 6 Return to the main Admin page and click Site.

The Site administrative page appears.

Step 7 Click the Site Name that represents your cluster of internal web servers.

There should only be one site indicated on this page unless you deployed WebConnect.

Site Name should have a default value equal to the NetBIO name of the first web server you installed in this cluster.

Step 8 For DMZ Web Server, choose the external web server you just added.

This configures the internal web servers in this cluster to point to this external web server in the case of external meetings.

Step 9 Click Submit.


Tip The external cluster does not require any additional SQL Server database configurations.


Step 10 Proceed to the "How to Test Your Segmented Meeting Access Configuration" section.


How to Test Your Segmented Meeting Access Configuration

Test both internal and external meetings to ensure that your SMA configuration functions properly.

Topics in this section include:

Testing Internal Meetings

Testing External Meetings

Testing Internal Meetings

Procedure


Step 1 Open your web browser to an internal Cisco Unified MeetingPlace Web Conferencing website.

Step 2 Sign in by using a Cisco Unified MeetingPlace profile with System Manager privileges.

Step 3 Schedule a meeting with internal access and add two attachment files.

a. From the Welcome page, click Schedule Meeting.

b. Set your meeting details, including your meeting date and time.

c. For access, set the Publicly Listed Meeting parameter to No.


Note In Release 5.3(104), this parameter is called Allow Internet Access.


d. Click Attachments/Recordings and add two attachments: a document file and a Microsoft PowerPoint attachment; then, click OK.

e. Click Schedule.

Step 4 Verify that you received a notification for the meeting you scheduled in Step 3.

Step 5 From inside the private corporate network, verify that the internal click-to-attend link in your notification works.

a. Click the click-to-attend link.

b. If you attended a meeting on this web server previously, you are directed to the meeting console.

c. If you have not attended a meeting on this web server previously, the full-access Cisco Unified MeetingPlace Web Conferencing user interface appears.

Step 6 From the Internet, verify that the internal click-to-attend link in your notification does not work.

Step 7 Verify that you can attend the meeting.

If you attended a meeting on this web server previously, click the click-to-attend link to go directly in to the meeting console.

If you have not attended a meeting on this web server previously, enter the meeting ID and click Attend Meeting from the Cisco Unified MeetingPlace Web Conferencing home page.

Step 8 Verify that you are logged in as your profile by verifying that your profile name appears in the meeting console.


Testing External Meetings

Before You Begin

You must have a Cisco Unified MeetingPlace profile with System Manager privileges to complete this task.

Procedure


Step 1 Open your web browser to an internal Cisco Unified MeetingPlace Web Conferencing website.

Step 2 Sign in by using a Cisco Unified MeetingPlace profile with System Manager privileges.

Step 3 Schedule a meeting with external access, and add two attachment files by completing the following steps:

a. From the Welcome page, click Schedule Meeting.

b. Set your meeting details, including your meeting date and time.

c. For external access, set Publicly Listed Meeting to Yes.


Note In Release 5.3(104), this parameter is called Allow Internet Access.


d. Click Attachments/Recordings and add two attachments: a document file and a Microsoft PowerPoint attachment; then, click OK.

e. Click Schedule.

Step 4 Verify that you received a notification for the meeting you scheduled in Step 3.

Step 5 Verify that the external click-to-attend link in your notification works.

a. Click the click-to-attend link.

b. If you attended a meeting on this web server previously, you are directed to the meeting console.

c. If you have not attended a meeting on this web server previously, the external attend-only Cisco Unified MeetingPlace Web Conferencing user interface appears.

Step 6 Verify that you can attend the meeting.

If you attended a meeting on this web server previously, click the click-to-attend link to go directly in to the meeting console.

If you have not attended a meeting on this web server previously, enter a meeting ID and click Attend Meeting.

Step 7 Verify that you are logged in as your profile by verifying that your profile name appears in the meeting console.

Step 8 Verify that you can access the attachments and slide show from the external web server.

a. From the meeting console, click the Attachments tab to verify that you can open an attachment.

b. From the meeting console, click the Slides tab to verify that you can see the slides.

c. Switch to Presentation mode to verify that the first slide appears in the web collaboration window.