Preferred Architecture for Cisco Webex Hybrid Services
Documentation for Preferred Architectures
The Benefits of Webex Hybrid Services
Cisco Webex Hybrid Directory Service
Cisco Webex Hybrid Calendar Service
Cisco Webex Hybrid Call Service
Call Service Connect Architecture
Considerations for Deploying Multiple Unified CM Clusters
Architecture for Webex Hybrid Services: QoS, Media Assure, and the Self-Regulating Video Network
Cisco Preferred Architectures provide tested and recommended deployment models for specific market segments based on common use cases. They incorporate a subset of products from the Cisco Collaboration portfolio that is best suited for the targeted market segment and defined use cases. These deployment models are prescriptive, out-of-the-box, and built to scale with an organization as its business needs change. This prescriptive approach simplifies the integration of multiple system-level components and enables an organization to select the deployment model that best addresses its business needs.
The following types of Cisco documents describe and explain the Preferred Architectures:
Figure 1 illustrates how to use the PA guides.
Figure 1 Preferred Architecture Documentation
 
 
  The Preferred Architecture for Cisco Webex Hybrid Services is for:
Readers of this guide should have a general knowledge of Cisco Collaboration products and services along with a basic understanding of how to deploy those products.
This guide simplifies the design and sales process by:
For detailed information about configuring, deploying, and implementing this architecture, consult the related CVD documents for the Cisco Collaboration Preferred Architectures.
 
 
 Note Please be aware that the Webex Hybrid Call Service architecture discussed in this document is currently going through a transitional phase. To better understand the future changes and how they will impact your deployment of the Webex Hybrid Services architecture, we recommend that you contact your Cisco account team before deploying the architecture described in this document.
 Please be aware that the Webex Hybrid Call Service architecture discussed in this document is currently going through a transitional phase. To better understand the future changes and how they will impact your deployment of the Webex Hybrid Services architecture, we recommend that you contact your Cisco account team before deploying the architecture described in this document.
More and more, organizations are choosing collaboration services from the cloud because cloud services:
Many organizations, however, are unable or unwilling to move all their services to the cloud. Often, they are not ready to replace everything they have on-premises, or they simply want to augment their current collaboration tools with those from the cloud. But having tools from both the cloud and the premises can create inconsistent, disjointed user experiences.
Cisco solves this problem with Webex Hybrid Services. These services connect what you have on-premises with Webex Teams in the cloud to provide a single integrated experience. If you like the capabilities of Webex Teams, you can integrate those capabilities with what you currently have deployed for an even better end-user and administrator experience.
The Preferred Architecture (PA) for Webex Hybrid Services is a Cisco Validated Design (CVD) in the Preferred Architectures umbrella that was created as a supplement to the PA for Cisco Collaboration Enterprise on-premises deployments. It requires many of the same products and infrastructure as well as the architecture and planning incorporated in the PA for on-premises deployments. Therefore we expect you to follow and implement the latest version of the Preferred Architecture for Cisco Collaboration Enterprise On-Premises Deployments, available at https://www.cisco.com/go/pa, prior to deploying the PA for Webex Hybrid Services.
As part of implementing the PA for Webex Hybrid Services, there are a number of products and integrations covered in the latest version of the Preferred Architecture for Cisco Collaboration Enterprise On-Premises Deployments that overlap with, and thus are not part of, the PA for Webex Hybrid Services. The areas of overlap include Cisco Meeting Server, Cisco Unified Communications Manager IM and Presence Service, and Cisco Jabber. This does not mean that these products and services cannot be deployed in an environment with Webex Hybrid Services, but that this PA for Webex Hybrid Services will not discuss or treat any design considerations around these on-premises products and services when they overlap with those included in the Webex Hybrid Services solution.
Organizations want to streamline their business processes, optimize employee productivity, and enhance relationships with partners and customers. The Preferred Architecture (PA) for Cisco Webex Hybrid Services delivers capabilities that enable organizations to realize immediate gains in productivity and enhanced relationships. Additionally, the following technology use cases offer organizations opportunities to develop new, advanced business processes that deliver even more value in these areas:
Cisco Webex Hybrid Services provide:
The Preferred Architecture (PA) for Cisco Webex Hybrid Services provides end-to-end collaboration targeted for deployments where a Cisco Collaboration solution based on Cisco Unified Communications Manager has been deployed. This architecture incorporates high availability for critical applications. The consistent user experience provided by the overall architecture facilitates quick user adoption. Additionally, the architecture supports an advanced set of collaboration services that extend to mobile workers, partners, and customers through the following key services:
Because of the adaptable nature of Cisco endpoints and their support for IP networks, this architecture enables an organization to use its current data network and the Internet to support both voice and video calls. The Preferred Architecture (PA) provides a holistic approach to bandwidth management, incorporating an end-to-end QoS architecture and video rate adaptation and resiliency mechanisms to ensure the best possible user experience for deploying pervasive video over managed and unmanaged networks.
The PA for Webex Hybrid Services, illustrated in Figure 2, provides highly available and centralized on-premises and cloud services. These services extend easily to remote offices and mobile workers, providing availability of critical services even if communication to headquarters is lost. Centralized on-premises and cloud-based services also simplify management and administration of an organization's collaboration deployment.
Figure 2 Preferred Architecture for Cisco Webex Hybrid Services
 
 
  Table 1 lists the products in this architecture. For simplicity, products are grouped into modules to help categorize and define their roles. The content in this guide is organized in the same modules.
The PA for Webex Hybrid Services provides high availability for all deployed on-premises applications by means of the underlying clustering mechanism present in all Cisco Unified Communications applications. Clustering replicates the administration and configuration of deployed applications to backup instances of those applications. Likewise, cloud services are natively redundant by virtue of elastic computing and highly available service distribution within the cloud platform.
If an instance of an application or service fails, Cisco on-premises and cloud-based services (such as endpoint registration, call processing, messaging, and many others) continue to operate on the remaining instance(s) of the application or service. This failover process is transparent to the users. In addition to clustering, the PA for Webex Hybrid Services provides high availability through the use of redundant power, network connectivity, and elastic storage.
In the PA for Webex Hybrid Services, the following cloud services are deployed redundantly:
Sizing a deployment can become complex for large enterprises with sophisticated requirements. The Preferred Architecture for Cisco Webex Hybrid Services, Cisco Validated Design (CVD) Guide, presents some examples that simplify the sizing process.
Details about the individual licenses for the endpoints and infrastructure components in the Preferred Architecture for Webex Hybrid Services are beyond the scope of this document. For information about licensing, see the Cisco Collaboration Flex Plan.
Cisco Collaboration endpoints provide a wide range of features, functionality, and user experiences. Because Cisco endpoints range from low-cost, single-line phones and soft clients to presentation, white board, and multi-screen Cisco TelePresence endpoints, an organization can deploy the right variety of endpoints to meet users' needs (Figure 3). Additionally, these devices enable users to access multiple communication services such as:
Figure 3 Architecture for Endpoints
 
 
 In the PA for Webex Hybrid Services, both Cisco Unified Communications Manager (Unified CM) on-premises call control and Cisco Webex provide endpoint registration and collaboration services.
We recommend the endpoints listed in the following tables because they provide optimal features for this design. Cisco has a range of Collaboration Endpoints with various features and functionality that an organization can also use to address its business needs.
| Cisco Webex DX801 | ||
| Integrator and multipurpose TelePresence endpoints with built-in single or dual screens | ||
| All-in-one presentation, white board, and audio/video multipurpose room endpoint | 
The PA for Cisco Webex Hybrid Services includes the following foundational functionality and services that underlie the entire Webex Hybrid Services solution:
The web-hosted online Webex Control Hub, available at https://admin.webex.com/, is used to administer and manage the organization's Webex Hybrid Services.
This basic feature of the Webex Teams application and the Webex platform provides one-to-one and group messaging with file sharing. This feature delivers persistent instant messaging with Webex Teams spaces, where users can message and share files.
Webex Meetings provides audio and video conferencing with content sharing by leveraging the Webex conferencing service. Webex Meetings builds upon the messaging and file sharing capabilities of Webex Teams Messaging. Webex Meetings also enables advanced features such as meeting recording and permanent Personal Meeting Rooms (PMR) to provide users with personalized permanent voice and video meeting spaces. Users can join conferences using Webex Teams devices as well as Webex Teams and Webex Meetings applications.
The Cisco Expressway-C Connector Host is a standard Cisco Expressway-C server deployed within the customer's organization to provide an integration point between the on-premises and cloud collaboration services. The integration between the Cisco Expressway-C server and Cisco Webex is facilitated via micro-services installed and managed on the Expressway-C Connector Host by Webex. These micro-services enable hybrid services integration.
The Management Connector is included in the Expressway-C base software and is used by the administrator to register Expressway to Webex and to link the Expressway interface with the Webex management interfaces.
All of these services and components are relevant for the deployment of the PA for Webex Hybrid Services and will be referenced as appropriate in the remainder of this document.
Cisco Webex Hybrid Directory Service is the common identity component for any hybrid deployment. It provides a common directory shared between the enterprise and Webex through synchronization of the on-premises Microsoft Active Directory and Cisco Webex. This enables synchronization not only of users but also of resources such as enterprise room systems.
Cisco Directory Connectors are deployed on-premises. They communicate and synchronize over the enterprise network with Microsoft Active Directory, and they communicate over the Internet to Webex (Figure 4).
Figure 4 Architecture for Cisco Webex Hybrid Directory Service
 
 
 Table 6 lists the roles of the Cisco Webex Hybrid Directory Service components in this architecture and the services they provide.
| Provides user and resource synchronization between Microsoft Active Directory and Cisco Webex | ||
| Provides the full list of corporate resources and users and their attributes | 
Webex Hybrid Directory Service enables an administrator to populate the identity store of their company's Webex Teams organization with users and resources from their corporate Microsoft Active Directory. Once the cloud identity store for the company's organization has been populated, administrators can easily manage Webex Teams corporate user accounts. Administrators may configure user accounts, enable specific features, and provision users for collaboration services within the Webex Teams organization.
As shown in Figure 5, Cisco Directory Connectors synchronize with Microsoft Active Directory using Microsoft application programming interfaces (APIs) over the on-premises network. At the same time, Cisco Directory Connectors push directory data and communicate over the Internet through the secure enterprise boundary and corporate firewall with the cloud identity service within Webex. HTTPS is used for communications between Cisco Directory Connectors and Cisco Webex.
Figure 5 Hybrid Enterprise Directory Integration
 
 
 The Directory Connector servers run on Microsoft Windows Servers and must be actively joined to the Active Directory domain. (See the Deployment Guide for Cisco Directory Connector for the latest version support information.) A read-only administrator account is used to authenticate the Directory Connector to the Windows domain.
The customer organization administrator must log in to the Webex Control Hub and download the Directory Connector software to the Windows servers. Once Directory Connectors are installed and configured, synchronization takes place and users and resources are pushed to the Webex identity store for the customer's organization through HTTPS connections. Because these are outbound connections from the Cisco Directory Connectors to the Internet, they do not require any inbound ports to be opened on the internal or external firewall.
Directory Connectors are configured to pull information from the Microsoft Active Directory. (See the Deployment Guide for Cisco Directory Connector for the latest version support information.) Directory information can be pulled from the entire domain or from specific containers and organizational units. It is also possible to create LDAP filters if more granularity is needed.
Users log in to Webex Teams via their email address, which corresponds to the mail LDAP attribute.
To deploy Webex Hybrid Directory Service in the PA for Webex Hybrid Services, we recommend the following:
Cisco Webex Hybrid Calendar Service enables enterprise calendar integration with Webex collaboration services. It provides calendar synchronization between on-premises Microsoft Exchange and Cisco Webex.
Cisco Calendar Connector is deployed on the Cisco Expressway-C Connector Host on-premises. It communicates and synchronizes over the enterprise network with Microsoft Exchange, and it communicates over the Internet to Webex (Figure 6).
Figure 6 Architecture for Cisco Webex Hybrid Calendar Service
 
 
  
 
 Note Although Webex Hybrid Calendar Service also supports integration to Microsoft Office 365 or G Suite by Google Cloud, these integrations are not discussed or covered in this PA for Webex Hybrid Services. For information about these integrations, refer to the latest version of the Deployment Guide for Cisco Webex Hybrid Calendar Service, available at https://www.cisco.com/c/en/us/support/unified-communications/spark/products-installation-guides-list.html.
 Although Webex Hybrid Calendar Service also supports integration to Microsoft Office 365 or G Suite by Google Cloud, these integrations are not discussed or covered in this PA for Webex Hybrid Services. For information about these integrations, refer to the latest version of the Deployment Guide for Cisco Webex Hybrid Calendar Service, available at https://www.cisco.com/c/en/us/support/unified-communications/spark/products-installation-guides-list.html.
Table 7 lists the roles of the Webex Hybrid Calendar Service components in this architecture and the services they provide.
Webex Hybrid Calendar Service enables a tight integration between the user's enterprise Microsoft Exchange calendar, Microsoft Outlook invitations, and Webex Teams Messaging. The Calendar Connector service provides two key features:
When @meet is added to the location field of an Outlook calendar invitation, Calendar Connector and the cloud calendar service create a Webex Teams meeting and a new Webex Teams collaboration space with a name that matches the invitation subject. All users in the calendar invitation are added to the Webex Teams space and are invited to the meeting. This facilitates collaboration and allows the meeting organizer and attendees to communicate and share material prior to, during, and even after the meeting. If a calendar invitation includes a distribution list, users on the distribution list will not be added to the Webex Teams space automatically; however, they will receive the meeting invitation.
When @webex is added to the location field of an Outlook calendar invitation, Calendar Connector automatically populates the invitation with the user's Webex Personal Room information.
Hybrid calendar integration also enables:
As shown in Figure 7, the Cisco Calendar Connector service running on the Expressway-C Connector Host synchronizes with Microsoft Exchange using Exchange Web Services (EWS) over the on-premises network. At the same time, Cisco Calendar Connector pushes calendar data and communicates over the Internet through the secure enterprise boundary and corporate firewall with the calendar service within Webex. Cisco Calendar Connector also integrates with Webex Personal Rooms for @webex functionality. HTTPS is used for communications between Cisco Calendar Connector on the Expressway-C Connector Host and Webex. Because this is an outbound connection from the Cisco Calendar Connector to the Internet, it does not require any inbound ports to be opened on the internal or external firewall.
Figure 7 Hybrid Enterprise Calendar Integration
 
 
  
 
 Note As shown in Figure 7, the Expressway-C Connector Host does not pair with the Expressway-E server and, in the case of hybrid calendar integration, does not rely on Expressway-C and Expressway-E firewall traversal capabilities to communicate with Webex.
 As shown in Figure 7, the Expressway-C Connector Host does not pair with the Expressway-E server and, in the case of hybrid calendar integration, does not rely on Expressway-C and Expressway-E firewall traversal capabilities to communicate with Webex.
Calendar Connector is configured to pull calendar and meeting information from Microsoft Exchange using an impersonation account. (For the latest version support information, see the Deployment Guide for Cisco Webex Hybrid Calendar Service.) This meeting information is used to create the appropriate Webex Teams meeting and space with all invitees (@meet) and a Webex personal meeting room (@webex).
For more information about Webex Hybrid Calendar Service, consult the Deployment Guide for Cisco Webex Hybrid Calendar Service.
To deploy Webex Hybrid Calendar Service in the PA for Webex Hybrid Services, we recommend the following:
Cisco Webex Video Mesh is a component of the PA for Cisco Webex Hybrid Services that enables organizations to deploy an instance of media processing on-premises. This means that Webex Teams room devices and clients, as well as Unified CM registered endpoints dialing into Webex meetings, can terminate media on-premises instead of sending all media to the cloud.
The benefits of Webex Video Mesh include:
The PA for Webex Hybrid Services addresses these needs with the Webex Video Mesh architecture shown in Figure 8.
The central component of Webex Video Mesh is the Video Mesh Node. Webex Video Mesh can be deployed as a virtual machine on a Cisco Unified Computing System (UCS) server or on specifications-based hardware in the organization’s data center(s). (See the Cisco Webex Video Mesh Data Sheet for more information.) The Video Mesh Node registers to Webex, and most management tasks are performed from the Webex Control Hub. The Webex Control Hub also provides automatic software updates and usage reports.
Figure 8 Architecture for Cisco Webex Video Mesh
 
 
 Table 8 lists the components and roles of Cisco Webex Video Mesh.
| Provides on-premises media processing capabilities for Webex Meetings. This includes voice, video, and desktop sharing. | ||
Every Webex Teams call is considered to be a meeting. In a Webex Teams meeting, signaling and media are sent to and from Webex. For example, Figure 9 shows a three-party Webex Teams meeting. Each party in the meeting sends and receives media to and from Webex via the Internet. As the number of concurrent calls increases, the organization’s bandwidth usage to the Internet increases. The three-party Webex Teams call in Figure 9 uses up to 7 MB of the organization’s Internet bandwidth (client bandwidth requirements shown in this example are average values).
Figure 9 Media Path of a Webex Teams Meeting
 
 
 The Video Mesh Node bridges the media locally, resulting in network edge bandwidth savings as well as decreased overall latency. Figure 10 shows the same three-party call with the media bridged locally on the Video Mesh Node within the enterprise, resulting in no bandwidth utilization for media over the Internet.
Figure 10 Media Path of a Webex Teams Meeting with Video Mesh Node
 
 
 A single Video Mesh Node can accommodate up to 100 concurrent calls. Video can scale up to 1080p at 30 frames per second. If a Video Mesh cluster is full, the next Webex Teams endpoint in the organization that joins the meeting will send its media to Webex, and the Video Mesh Node will cascade the call to the cloud media services. The cascade link carries up to 6 HD streams, which allows picture-in-picture and layout controls on specific endpoints.
A cascade link is created when a remote participant joins the call and their Webex Teams endpoint may not be able to reach the Video Mesh Node. In this scenario, shown in Figure 11, the remote Webex Teams endpoint sends media to the cloud media services, and a cascade link is created between that cloud media services and the Video Mesh Node hosting the call.
Figure 11 Cascading the Call to the Cloud for External Participants
 
 
 The Video Mesh Node can host Webex meetings that include both Webex Teams endpoints and clients as well as Unified CM registered endpoints. Webex Video Mesh bridges on-premises Unified CM registered endpoints in meetings with Webex Teams endpoints and applications. Unified CM communicates to the Video Mesh Node via SIP trunking, thus allowing on-premises registered endpoints to join Webex Meetings with media termination at the Webex Video Mesh Node. (See Figure 12.)
Figure 12 Media Path of a Webex Teams Meeting with Video Mesh Node and Unified CM Registered Endpoints
 
 
 The Video Mesh Node can be deployed on the corporate network or in the DMZ. We recommend deploying the Video Mesh Node on the corporate network. With this deployment model, internal Webex Teams endpoints will connect to available Video Mesh Nodes and external Webex Teams endpoints will connect to the cloud media services. Calls will be cascaded from Video Mesh Nodes to the cloud when Webex Teams endpoints from outside the organization’s network connect to a call with internal participants.
Recommended deployment models are discussed in brief here. For further details and use cases, refer to the Cisco Validated Design (CVD) guide for the Preferred Architecture for Cisco Webex Hybrid Services.
We recommend that you deploy Video Mesh Nodes only in large campus sites that have direct Internet access (DIA), as shown in Figure 13. This will ensure that the Video Mesh Nodes are available for large user populations. It will also ensure that media will cascade from the Video Mesh Nodes directly to the cloud instead of traveling across a WAN to another site with direct Internet access.
Figure 13 Video Mesh Nodes Deployed in a Large Site with Direct Internet Access (DIA)
 
 
  We recommend deploying Video Mesh Nodes in clusters. This provides high availability for internal users in case a single Video Mesh Node becomes unavailable. It also allows Webex Teams endpoints to overflow to a Video Mesh Node on the corporate network instead of overflowing to the cloud, thus saving bandwidth on the corporate network Internet edge (see Figure 14).
Figure 14 Multiple Video Mesh Clusters Cascading a Call to Webex
 
 
  We recommend sizing the Video Mesh cluster based on the number of calls expected for the organization’s site. There is no maximum size for a Video Mesh cluster, and each Video Mesh Node can support up to 100 concurrent calls. Avoid clustering Video Mesh Nodes over the WAN. Clustering Video Mesh Nodes over the WAN could lead to excessive consumption of WAN bandwidth as call are cascaded between nodes over the WAN.
The Video Mesh Node requires a number of open firewall ports to enable cloud management, signaling, and media traffic flow. We recommend opening media ports for both TCP and UDP traffic flows. Ensure that media is marked with appropriate QoS markings to improve call quality on the corporate network. (See the Bandwidth Management section for details.)
Cisco Webex Hybrid Call Service provides the integration of Cisco Unified Communications call services with Webex call services. The PA for Webex Hybrid Call Service includes Cisco Unified Communications Manager (Unified CM), Cisco Expressway-C and Expressway-E, and the Expressway-C Connector Host for the Hybrid Call Service solution (Figure 15).
Figure 15 Architecture for Cisco Webex Hybrid Call Service
 
 
 Table 9 lists the roles of the components in this architecture and the services they provide.
A key component of Webex Hybrid Call Service is the Call Connector, hosted on the Cisco Expressway-C Connector Host. Call Connector provides the call service (Call Service Connect) for Cisco Webex devices and Teams applications.
Call Service Connect allows integration between Webex and Cisco Unified Communications Manager (Unified CM).
If a user has an endpoint registered to Cisco Unified CM and a Webex Teams application, both the endpoint and the Webex Teams application will receive the call regardless of whether the call is initiated by another Webex Teams application or any other endpoint. Call Connector not only enables ringing on Webex Teams and Cisco Unified CM, but also allows Webex Teams users to place calls using enterprise dialing habits.
In order to achieve this, Expressway-C and Expressway-E must be deployed for firewall traversal, so that secure communications to and from the cloud will always be possible. In order to account for security requirements, the call will always be encrypted for both signaling and media.
Figure 16 illustrates the architecture for Webex Hybrid Call Service.
Figure 16 Architecture for Webex Hybrid Call Service
 
 
  The following guidelines apply to the architecture shown in Figure 16:
 – Up to 500 users with Cisco Business Edition 6000 (BE6000)
 Up to 500 users with Cisco Business Edition 6000 (BE6000)
 – Up to 2,000 users with Cisco Business Edition 7000 (BE7000) in a redundant deployment
 Up to 2,000 users with Cisco Business Edition 7000 (BE7000) in a redundant deployment
Call Service Connect enables ringing on both Webex Teams and Cisco Unified CM devices associated with the same user. In addition, it keeps the user experience consistent so that the user of Webex Teams has the same dialing habits, calling ID, and unified call history as any other user on Cisco Unified CM. To achieve this consistent user experience, Cisco Unified CM and Webex perform the following operations:
Figure 17 shows the global reachability on both the Webex Teams application and the Cisco Unified CM device when a user is provisioned for Call Service Connect.
Figure 17 Reachability of Webex Teams and Unified CM Destinations with Call Service Connect
 
 
  Media is encrypted with Secure Real-time Transport Protocol (SRTP) between Cisco Webex and Cisco Expressway. Depending on the configuration, different scenarios can be achieved:
This requires Cisco Unified CM to be in mixed mode and the endpoints and the SIP trunk to Expressway to be provisioned for encryption.
If Cisco Unified CM is not in mixed mode and uses non-encrypted RTP media traffic to send the call to Expressway-C, then Expressway-C can terminate the RTP connection from the Unified CM endpoint and open another call leg using SRTP to Webex. Any time Cisco Expressway performs RTP-to-SRTP conversion, it engages a back-to-back user agent (B2BUA). If Cisco Expressway performs RTP-to-SRTP conversion, we recommend enabling it on Expressway-C instead of Expressway-E so that the traffic in the DMZ will be encrypted.
Figure 18 illustrates these two encryption options.
Figure 18 Webex Hybrid Services: Expressway Media Encryption Options
 
 
  Webex Hybrid Call Service supports multiple Cisco Unified CM clusters. However, due to the call routing method used by Webex Hybrid Services, the calls are always sent to the Cisco Unified CM cluster where the calling user is registered, before being sent to the destination. This is called home cluster routing and is necessary for the preservation of class of service (CoS) and calling ID.
Bandwidth management is about providing the best possible user experience end-to-end for all media capable endpoints, clients, and applications in the collaboration solution. The Preferred Architecture for Cisco Webex Hybrid Services incorporates a holistic approach to bandwidth management that includes an end-to-end Quality of Service (QoS) architecture with video rate adaptation and resiliency mechanisms to provide the best possible user experience for deploying pervasive video over managed and unmanaged networks.
The PA for Webex Hybrid Services applies the bandwidth management strategy of the Preferred Architecture for Cisco Collaboration 12.x Enterprise On-Premises Deployments to the Webex Teams endpoints, clients, and infrastructure components. This bandwidth management strategy starts with QoS.
QoS ensures reliable, high-quality voice and video by reducing delay, packet loss, and jitter for media endpoints and applications. QoS provides a foundational network infrastructure technology that is required to support the transparent convergence of voice, video, and data networks. The bandwidth management strategy for Webex Hybrid Services includes identifying and marking Webex Room Device and Webex Teams client signaling and media traffic as well as updating the QoS policies in the LAN, WAN, and Internet edge equipment in the on-premises solution.
Overview of Preferred Architecture On-Premises Bandwidth Management Solution Concepts and Strategy
With the increasing amount of interactive applications – particularly voice, video, and immersive applications – real-time services are often required from the network. Because these resources are finite, they must be managed efficiently and effectively. If the number of flows contending for such priority resources were not limited, then as those resources become oversubscribed, the quality of all real-time traffic flows would degrade, eventually to the point of becoming useless. The intelligent media techniques used for media resiliency and rate adaptation in all Cisco endpoints, clients, and conferencing architecture – referred to as Media Assure – coupled with QoS, ensure that real-time applications and their related media do not oversubscribe the network or the bandwidth provisioned for those applications, thus providing efficient use of bandwidth resources.
The self-regulating video network, prioritized audio, and opportunistic video are all bandwidth management concepts as well as a combined QoS strategy. A self-regulating video network consists of leveraging the intelligent media techniques and rate adaptation mentioned previously, along with proper provisioning and QoS to allow the video endpoints to maximize their video resolution during times when video bandwidth is not fully utilized in the network and to rate-adapt or throttle down their bit rate to accommodate more video flows during the busy hour of the day. Prioritized audio for both audio-only and audio of video calls ensures that all audio is prioritized in the network and is thus not impacted by any loss that can occur in the video queues. Prioritizing voice from all types of collaboration media ensures that, even during times of extreme congestion when video is experiencing packet loss and adjusting to that loss, the audio streams are not experiencing packet loss and are allowing the users to have an uninterrupted audio experience. In addition, opportunistic video allows for a group of video endpoints to be strategically marked with a lower class of video, thus enabling them to use available bandwidth opportunistically for optimal video resolution during times when the network is less busy and more bandwidth is available, or conversely to down-speed their video more aggressively than the prioritized class of video during times of congestion when the network is in its busy hour. This concept of opportunistic video coupled with prioritized audio maintains an acceptable video experience while simultaneously ensuring that voice media for these opportunistic video calls is not compromised. This, of course, applies to the managed network, since an unmanaged network such as the Internet is not QoS-enabled and thus provides no guarantees with regard to packet loss. Nevertheless, the media resiliency and rate adaptation mechanisms also attempt to ensure that media over unmanaged networks such as the Internet has the best possible quality in the face of packet loss, delay, and jitter.
Figure 19 illustrates the approach to QoS used in the PA for the Cisco Collaboration Enterprise on-premises solution and that is followed in this Webex Hybrid Services solution:
Figure 19 Architecture for Bandwidth Management
 
 
  To deploy bandwidth management in the PA for Webex Hybrid Services, we recommend the following:
 – Mark all audio with Expedited Forwarding class EF. (This includes all audio of both voice-only and video calls.)
 Mark all audio with Expedited Forwarding class EF. (This includes all audio of both voice-only and video calls.)
 – Mark all video from clients, desktop and room devices, as well as Expressway Edge components with an Assured Forwarding class of AF41 for prioritized video or AF42 for opportunistic video. (This will depend on the strategy taken in the on-premises solution configuration.)
 Mark all video from clients, desktop and room devices, as well as Expressway Edge components with an Assured Forwarding class of AF41 for prioritized video or AF42 for opportunistic video. (This will depend on the strategy taken in the on-premises solution configuration.)
