Configuring Cisco Unified Videoconferencing Solution Components
•Configuring a Desktop Server
•Configuring a Cisco Unified Videoconferencing 3500 Series MCU
•Configuring a Cisco Unified Videoconferencing 3500 Series Gateway
•Configuring a Cisco Unified Videoconferencing Manager
•Configuring a Gatekeeper
•How to Configure a Desktop Server to Allow Streaming
•How to Configure Third-Party Equipment
Configuring a Desktop Server
This section describes how to perform a basic Desktop Server configuration. After this configuration is performed, Desktop Server is operational and ready to be used for video calls.
Step 1 Log in.
Note The default user name and password are both "admin".
Step 2 In the Desktop Administration interface, click Settings in the sidebar.
Step 3 Change the default user name and password.
Step 4 Click OK or Apply to save the changes.
Step 5 For deployments using Cisco Unified Videoconferencing Manager, on the Meeting Control tab of the Desktop Administration interface, set the Desktop H.323 ID value.
The source H.323 ID is used only for advanced routing with Cisco Unified Videoconferencing Manager. Cisco Unified Videoconferencing Manager contains a corresponding field and uses the source H.323 ID to identify Clients from a particular Desktop Server, and then route Clients to the appropriate Cisco Unified Videoconferencing 3500 Series MCU.
Note For a single Desktop Server deployment, there is no need to configure the Desktop Server H.323 ID.
Step 6 To configure the HTTP port, enter a port number in the HTTP Port field.
Note For deployments in which Desktop Server and Cisco Unified Videoconferencing Manager are installed on the same server, it is recommended that you use the default port (8080).
Step 7 Click OK.
Step 8 On the Servers tab, define the public address (FQDN).
Note The public address must be configured for firewall-protected deployments. In this case, the FQDN parameter must point to the firewall public address. For other deployments the FQDN parameter must point to the Desktop Servers IP address.
Step 9 Click OK.
Configuring a Cisco Unified Videoconferencing 3500 Series MCU
Step 1 Access the MCU Administration web interface.
Step 2 On the sidebar, click MCU.
Step 3 On the Protocols tab, click H.323.
The H.323 Protocol Configurations dialog box appears.
Step 4 Select Enable H.323 protocol to enable the MCU to operate with the H.323 protocol.
Step 5 In the Gatekeeper Address field, enter the Cisco IOS H.323 Gatekeeper IP address.
If you use Cisco Unified Videoconferencing Manager as your meeting control server, enter the Cisco Unified Videoconferencing Manager IP address in the Gatekeeper address field so that the Cisco Unified Videoconferencing 3500 Series MCU uses the Cisco Unified Videoconferencing Manager internal gatekeeper.
Step 6 Click Upload.
Step 7 To enable High Definition Continuous Presence conferences, perform these steps:
Note Enabling High Definition Continuous Presence conferences reduces the Cisco Unified Videoconferencing 3500 Series MCU capacity. For more information see the Cisco Unified Videoconferencing Data Sheet at the following location: http://cisco.com/en/US/prod/collateral/video/ps7190/ps1870/ps6963/product_data_sheet0900aecd804bbfc0.html
and the Cisco Unified Videoconferencing Configuration Guide at the following location: http://cisco.com/en/US/products/hw/video/ps1870/prod_maintenance_guides_list.html.
a. On the Settings tab, click Basics.
b. Choose Enable High Definition Continuous Presence.
c. Click Upload.
d. On the Services tab, double-click a service to use for High Definition Continuous Presence conferences.
Note We recommend that you use the preconfigured service 81 HD/SD Continuous Presence.
e. In the Automatic Service Definition window, from the Support image size up to list, select 720p.
f. Click Upload.
Note Configuring the MCU for H.235 (secure video) is not supported by Desktop Server.
Configuring a Cisco Unified Videoconferencing 3500 Series Gateway
Configure gateways in your network to enable PSTN/ISDN/mobile terminals to join a meeting. Resource Manager uses the gateway information to provide proper dialing information for meeting participants, and to dial out to terminals to invite them to meetings. Resource Manager also manages gateway resources to allow successful call scheduling using network gateways.
When you add a gateway, settings in Resource Manager must be consistent with the actual gateway configuration. We recommend the following:
•If you make changes to the gateway, maintain the IVR and DID numbers in Resource Manager.
•To ensure that there are no gateway ports available for scheduled and ad hoc calls, maintain capacity information.
Step 1 Click Resource Management in the sidebar menu.
Step 2 Click Gateway.
Step 3 Click the link in the Name column for the gateway you require, or click Add to create a new gateway profile.
Step 4 Enter the name of the gateway in the Name field.
Step 5 Select a gateway model and enter an IP address in the relevant fields.
Note If multiple gateways are pooled together in a local network with the same access phone number, you can enter multiple IP addresses in the IP Address field to indicate the gateways in the gateway pool. IP addresses are separated by a colon (:).
Step 6 From the Registered To list, choose the gatekeeper to which the gateway is registered.
Step 7 From the Location list, choose the device island to which the MCU belongs.
The Location field is visible only when the IP Topology tab is activated in the Resource Manager Configuration Tool under System Configuration > UI Settings.
Step 8 Enter the bandwidth for the gateway or gateway pool. For example, for an E1 line, the bandwidth should be 30 B-channels (3940 Kbps).
Step 9 Indicate in the Working Mode field whether the gateway operates in IVR or DID mode.
Resource Manager works with the gateway in DID mode so that meeting participants can easily dial into a meeting. You can assign a range of DID numbers to the gateway. These numbers can be assigned to individual dial-in terminals (endpoints). If you dial one of the assigned DID numbers, you are automatically added to the meeting that the DID number is associated with. Only one terminal can dial a DID number at any given time.
If you configure the gateway in DID mode and set a DID number in the Telephone Number field, when a terminal dials this DID number Resource Manager routes the call to the appropriate meeting based on the terminal number. If no associated meeting is found, then the dial-in call is routed back to the gateway for an IVR session. After entering the meeting ID using the IVR, the terminal is permitted to join the meeting.
Step 10 Enter a gateway phone number.
a. In the Description field, enter a description of the phone number for the gateway.
b. In the International Access Code field, enter the numeric prefix required to make an international long distance call.
c. In the Domestic Long Distance Prefix field, enter the numeric prefix required to make a long distance call within the same country.
d. In the Country Code field, enter the country code for the gateway phone number. Resource Manager adds this prefix when dial-out is performed from this gateway to a terminal located in a different country than the country in which the gateway is located.
e. If Allow Out of Area Calls is not checked, only endpoints with the same area code as the gateway are allowed to reach Resource Manager via the gateway.
f. If you check Allow Out of Area Calls, the gateway accepts incoming calls to Resource Manager from terminals with a different area code than that of the gateway.
g. Enter the domestic area code of the gateway number in the Area Code field.
h. Specify a local telephone number in the Telephone Number field that you want to assign to the specific port.
i. Enter a number in the To access an outside line for local calls, dial field for a gateway with no direct access to an outside line for local calls.
j. Enter a number in the To access an outside line for long distance calls, dial field, for a gateway with no direct access to an outside line for long distance calls.
k. Assign the ISDN device island that the gateway or gateway pool belongs to. If ISDN Topology is hidden, then this field is also hidden.
Step 11 Define the DID range.
If DID is selected in the Working Mode field, define the DID range for the gateway or gateway pool.
Step 12 Click Add Service to add or modify the gateway service.
Note In the Bandwidth section, if you check Restricted Mode, 56 appears in the Kbps list. Multiples of 56 Kbps are used instead of multiples of 64. Resource Manager does not support gateway services whose bandwidth is set to "auto" since Resource Manager needs the specific bandwidth to perform resource reservation. If there is a gateway service with "auto" bandwidth, when you configure this service in Resource Manager, select a bandwidth value to best approximate the average bandwidth endpoints use when dialing that service.
Step 13 Set the Advanced Settings.
a. In the Signaling Port field, set the gateway port used for signaling. By default, it is left blank and signaling port will be negotiated dynamically on the fly.
b. In the SNMP Get/Set Community fields, set the SNMP community name required by Resource Manager to communicate with the gateway.
c. Choose Dial-in Only to mark the gateway for use only with terminals that users dial into. Resource Manager does not schedule dial-out calls on this gateway.
Step 14 Click OK to save your changes.
Configuring a Cisco Unified Videoconferencing Manager
Step 1 Access the Resource Manager Administration web interface.
When you access Resource Manager for the first time, the User Provisioning page opens.
Note For a standard installation, the URL format is http://<server address>:8080.
Step 2 Use this procedure to define the LDAP you want to work with:
a. Click Via.
b. From the Directory Server Type list, select the type of LDAP server to which Cisco Unified Videoconferencing Manager connects to import the LDAP directory information.
c. Enter the URL, login ID, and password of the LDAP server in the URL, Login ID, and Password fields respectively.
Note The user account needs to have read access to the LDAP server directory tree to synchronize Cisco Unified Videoconferencing Manager. This user account does not have to be part of the Search Base.
d. Enter the organization domain in LDAP Server Domain.
e. Enter search strings in LDAP Search Base. Search conditions include "ou" and "cn", for example.
f. Click Advanced.
g. In the Mapping Groups to User Type section, assign an LDAP group to a specific Resource Manager user role. There are four user roles to which an LDAP user can be mapped:
Note By default, all users are assigned the Organization Administrator user role.
h. In the Update Settings section, choose Do not update users without an e-mail address from the LDAP server to Cisco Unified Videoconferencing Manager.
i. To create a virtual room for each LDAP user, click the Virtual Room Number and select the unique user attribute from the list.
By default, the telephoneNumber option is used since everyone within an organization should have a unique telephone number. The resulting virtual room is the concatenation of the Cisco Unified Videoconferencing Manager Meeting ID prefix and the LDAP field that is used for generating the virtual room number.
Note The default Cisco Unified Videoconferencing Manager Meeting ID prefix is 6. If it does not suit the organization dial plan, it can be changed. For operational information, see the related topics.
j. To download a user profile from an LDAP server, define this properties for that user on the LDAP server:
•User ID and password
•First name or last name
•Belongs to OU
•Belongs to a group (if you want to assign a user role based on group)
k. From the Update Frequency list select an option to define if and how often Cisco Unified Videoconferencing Manager updates the LDAP server settings.
l. Click OK.
Step 3 Display the list of users:
a. On the sidebar, click User Management.
b. Click the Users tab.
c. Click Update.
Note The user database is updated according to advanced settings configured on the LDAP Configurations tab.
Step 4 Verify that connection to the gatekeeper is successful:
a. On the sidebar, click Resource Management.
b. Click the Gatekeeper/SIP server tab.
c. Verify that all connections are successful.
Step 5 Add Cisco Unified Videoconferencing 3500 Series MCUs:
a. Click the MCU tab, and click Add.
b. In the New MCU window, enter data and click OK.
c. Verify that all connections are successful and the status is Online. For more information, see the configuration guide for Cisco Unified Videoconferencing Manager.
Step 6 Add Cisco Unified Videoconferencing 3500 Series Gateways:
a. Click the Gateway tab, and click Add.
b. In the New Gateway window, enter data and click OK. For operational information about adding a Cisco Unified Videoconferencing 3500 Series Gateway, see the configuration guide for Cisco Unified Videoconferencing Manager.
Step 7 Configure the predefined Desktop Server:
a. Click the Desktop Server tab.
b. Change the Desktop Server name if necessary.
c. In the Web Access URL field, change the URL to the public address (FQDN) of your Desktop Server, configured on the Servers tab of the Desktop Server Administrator interface.
d. In the H.323 ID field, enter the value configured in "Configuring a Desktop Server" section.
e. Click OK.
Step 8 Add terminals if necessary. For operational information about adding terminals, see the configuration guide for Cisco Unified Videoconferencing Manager.
Step 9 If the LDAP server configuration needs to be changed, perform this configuration as described in Step 2.
Step 10 Download services:
a. On the sidebar, click Meeting Types.
b. Click the Active Meeting Types tab.
c. Click Download.
d. Verify that services are displayed on the Active Meeting Types tab.
e. Click OK.
Step 11 Assign a meeting type to a user virtual room using the Cisco Unified Videoconferencing Manager Administration interface:
a. On the sidebar, click User Management.
b. Click the Users tab.
c. Click a user.
d. On the User Profile page, click Virtual Room Settings.
e. Click Add.
f. Enter information and click OK.
Assign a meeting type to a user virtual room using Desktop Server Client:
a. In an Internet browser, enter the Desktop Server URL.
b. Without entering your user name and password, click Virtual Room Settings.
The Virtual room settings page is displayed.
c. Enter information in the fields.
Note From the Meeting Type list, select the meeting type associated with the virtual room.
d. Click OK.
Step 12 Update the Cisco Unified Videoconferencing Manager license:
a. Click Start > Programs > Cisco Unified Videoconferencing Manager > Update License.
b. Enter the license key and the supplied serial number. For more information about obtaining a license key, see the installation guide for Cisco Unified Videoconferencing Manager.
c. Click Update.
•Configuring Cisco Unified Videoconferencing Manager Prefix, page C-1
Configuring a Gatekeeper
This section describes how to set a gatekeeper to work in Call Setup (Q.931) and Call Control (H.245) Routed Mode to enable Cisco Unified Videoconferencing Solution deployments to operate correctly without Cisco Unified Videoconferencing Manager.
Note Do not configure an external gatekeeper if using a deployment with Cisco Unified Videoconferencing Manager. For more information about gatekeeper design options, see the Cisco Unified Videoconferencing Solution Reference Network Design (SRND) at http://www.cisco.com/en/US/docs/video/cuvc/design/guides/srnd/vc5xsrnd.htm.
Step 1 In the Administrator interface, on the sidebar, click Cisco IOS H.323 Gatekeeper.
Step 2 Click Settings.
Step 3 Click Calls.
Step 4 In the Routing mode field, select Call Setup (Q.931) and Call Control (H.245).
Step 5 Click Upload to save the change.
How to Configure a Desktop Server to Allow Streaming
•Desktop Server Limitations
•Enabling Streaming Over Port 7070
•How to Enable Streaming Over Port 80
Desktop Server Limitations
These are limitations of Desktop Server streaming:
•To establish synchronized moderated streaming, select a single streaming server to be used by all Desktop Servers.
•On each Desktop Server, define an alternate streaming server and URL to enable a moderator on any Desktop Server to allow streaming across all the Desktop Servers.
•An independent Desktop Server with its own streaming server can be enabled only by a moderator on that server.
•Streaming works better with TCP buffering on the Internet. Control ports on your firewall to force meeting participants to use TCP on the Streaming Server to ensure buffering and prevent packet loss.
•UDP transport provides lower latency on a local network with no packet loss.
Enabling Streaming Over Port 7070
Step 1 In the Desktop Server Administration user interface, click Streaming.
Step 2 To configure this Desktop Server to manage streaming, perform the steps below. To configure an alternate Desktop Server to manage streaming, proceed with Step 3.
a. In the Use CUVC Desktop to manage streaming area, enter the Cisco Unified Videoconferencing Streaming Server IP address in the Streaming Server Address field. This is the external accessible IP address of the Cisco Unified Videoconferencing Server installation.
Note The indicator next to the Streaming Server Address field indicates whether or not the connection to the target server is successful.
b. Enter the Cisco Unified Videoconferencing Streaming Server IP address with port 7070 specified in the Streaming Server Virtual Address field. You can use either a unique IP address or a DNS address if there is an internal and an external IP address. In both cases, you must fill in the Cisco Unified Videoconferencing Streaming Server Virtual Address field.
When the Cisco Unified Videoconferencing Streaming Server resides behind a NAT, streaming clients use the virtual Streaming Server IP address to connect to the Streaming Server because the IP address might not be resolvable.
Note You must correctly configure the DNS to allow the Cisco Unified Videoconferencing Streaming Server virtual IP address to resolve to the correct IP address.
c. In the Video Size field, select Small (QCIF) or Medium (CIF) to define the size of the video used for streaming.
d. In the Rate (KB/s) field, select a value to define the bit rate for all meetings.
Step 3 To configure an alternate Desktop Server to manage streaming, in the Use alternate Desktop Server to manage streaming area, define a server URL to redirect users to the specified Desktop Server.
Step 4 Click OK or Apply.
How to Enable Streaming Over Port 80
•Binding a Cisco Unified Videoconferencing Streaming Server
•Enabling Streaming Over Port 80
•Binding an Apache Tomcat to a Specific IP Address
Binding a Cisco Unified Videoconferencing Streaming Server
If the Cisco Unified Videoconferencing Streaming Server runs on the same server as Desktop Server, you need to bind it to a separate NIC or IP address on the PC so that it does not conflict with port 80 access to the Desktop Server portal. Alternatively, you can deploy the Cisco Unified Videoconferencing Streaming Server on a separate server.
This procedure describes how to configure the Cisco Unified Videoconferencing Streaming Server to bind to a specific IP.
Step 1 Open the streamingserver.xml file at
C:\Program Files\Darwin Streaming Server.
Step 2 Find the property bind_ip_addr:
By default, this property is set to a value of zero which indicates that all IP addresses are enabled for the server.
Step 3 Replace the zero with the IP address to which you wish to bind (for example, 126.96.36.199):
Step 4 Save the streamingserver.xml file as a plain text file (not as .rtf or any other format).
Enabling Streaming Over Port 80
Step 1 In the same streamingserver.xml file, find the section for the rtsp_port property.
Step 2 By default, these values are present:
<LIST-PREF NAME="rtsp_port" TYPE="UInt16">
Step 3 Add this entry:
To force streaming only over port 80, you can remove some of the other values but you must leave the value for port 554, as this is the port over which the Darwin Server monitors administrative functions as well as RTSP.
The code should look as follows:
<LIST-PREF NAME="rtsp_port" TYPE="UInt16">
Step 4 Save the streamingserver.xml file as a plain text file (not as .rtf or any other format).
Step 5 Restart the Darwin service (Darwin Streaming Server).
Binding an Apache Tomcat to a Specific IP Address
Step 1 Open the server.xml file at
C:\Program Files\Cisco\Cisco Unified Videoconferencing Desktop\tomcat\conf.
Step 2 In the port 80 connector definition, add the address="188.8.131.52" field as follows, and restart Tomcat:
<!-- Define a non-SSL HTTP/1.1 Connector on port 8080 -->
<Connector port="80" maxHttpHeaderSize="8192"
where 184.108.40.206 is the IP address you want to bind to.
Step 3 In the Desktop Server Administration user interface, click Streaming.
Step 4 Enter the Tomcat IP address in the Streaming Server Address field.
Step 5 Enter the IP address or DNS name in the Streaming Server Virtual Address field but do not specify a specific port.
Note Users connecting from behind an HTTP Proxy might need to modify their client-side Quicktime Player transport settings to default to HTTP tunneling.
Step 6 Save the server.xml file as a plain text file (not as .rtf or any other format).
How to Configure Third-Party Equipment
This section describes how to configure third-party communication and security equipment used in Cisco Unified Videoconferencing Solution deployments.
•Configuring a Firewall
•Load Balancing Deployments
Configuring a Firewall
Verify that the firewall is properly configured according to a topology described in Chapter 1, "Selecting a Cisco Unified Videoconferencing Solution Deployment Topology".
•Firewall Guidelines to Support the Cisco Unified Videoconferencing Solution
•Ports to Open in the Firewall to Allow Streaming
Firewall Guidelines to Support the Cisco Unified Videoconferencing Solution
•Firewall Configuration Guidelines
•NAT Configuration Guidelines
Firewall Configuration Guidelines
This section describes the simplest and most typical firewall configuration. A typical configuration allows any computer located on an private network to reach a DMZ and external networks. A computer on an external network can access some specific services in the DMZ but not the private network. In contrast to this, a host located on the DMZ can access the external networks as well as some specific services on specific servers but not the entire private network.
The firewall system uses these interfaces to control different network types:
•WAN—Controls access to and from unprotected external networks, for example a public internet or a partner organization network.
•DMZ—Controls a DMZ network protected by the firewall.
•LAN—Controls a private network protected by the firewall.
•Firewall and NAT Rules, page D-1
NAT Configuration Guidelines
Network address translation (NAT) is supported for these traffic directions:
•From DMZ to external networks
•From internal networks to external networks
Traffic is not allowed between internal networks and the DMZ because NAT configuration between internal networks and the DMZ is not supported by Cisco Unified Videoconferencing Solution version 5.5.
A firewall rule must be added for each NAT table entry described in this section to permit traffic through the NAT rule. For deployments that do not implement NAT, add a firewall rule corresponding to the following NAT table entries to permit the associated traffic.
•Firewall and NAT Rules, page D-1
Ports to Open in the Firewall to Allow Streaming
To configure the firewall to allow streaming, you must open a number of ports including:
•Ports from the user to the Cisco Unified Videoconferencing Streaming Server
•TCP port 7070 (or other port of choice) for tunneled RTSP
•Ports for Desktop Server to the Cisco Unified Videoconferencing Streaming Server
•UDP ports 6972-65535
•TCP port 554
Sometimes firewalls are configured to block packets used for streaming media. Two general options exist for crossing the firewall boundary: either configure the firewall to allow streaming packets, or reconfigure the streaming server and client to use different network protocols that cross the firewall boundary.
The Streaming Server uses the IETF RTSP/RTP protocols. RTSP runs on top of TCP, while RTP runs over UDP. Many firewalls are configured to restrict TCP packets by port number and are very restrictive on the UDP. The streaming server can tunnel RTSP/RTP traffic through HTTP (the protocol used by web servers and web browsers).
Some firewalls might inspect traffic on port 80 and not allow the tunneled RTSP/RTP on that port. For this reason, we recommend that you use an alternate TCP port for HTTP tunneling such as the QuickTime de facto standard port 7070. This is configured in the streaming server by default as long as you specify the port as part of the streaming server virtual address in the Streaming section of the Desktop Server Administration user interface.
Load Balancing Deployments
This section provides general guidelines for configuring a load balancer. For operational information, contact Cisco customer support. A load balancer is used to increase the capacity of multiple Desktop Servers beyond that of a single Desktop Server. Using a load balancer also allows the Desktop Server service to continue even in the event of a Desktop Server down time caused by server failure or server maintenance.
A Desktop Client can reach a physical Desktop Server by sending a request to the load balancer, also referred to as the virtual server (vserver) or as the director. A group of physical Desktop Servers are configured as a Desktop Server farm. Each server supplies Desktop Server services and can be accessed by the load balancer for each Desktop Server Client request. To deploy the Cisco Unified Videoconferencing Solution correctly, all traffic that reaches the load balancer must be redirected to the physical server using all TCP and UDP ports; thus, connections between Desktop Clients and Desktop Servers are managed by the load balancer, as shown in Figure 3-1. A dual-NIC configuration must be used for all servers on the farm. For more information about Dual-NIC configuration, see Appendix B, "Configuring Dual-NIC Deployments".
Figure 3-1 Load Balancer Deployment
The Desktop Client state is maintained on the Desktop Server, therefore the Layer 4 connection persistence feature must be supported by the load balancer you choose for the deployment.
When the connection persistence feature is enabled on the load balancer, subsequent requests from the same client are directed to the same server, once a physical server is selected.
A load balancer supports several methods for determining to which physical server a client request is dispatched. These dispatch methods are supported for a typical load balancer deployment:
•Least Amount of Traffic—A request is sent to the server that currently has the fewest active connections.
•Round-robin—Requests are sent to servers in a sequential and circular pattern. For example, server1, server2, server3, ..., serverN, server1, and so on.
•Fastest—Server responsiveness is dynamically measured and requests are sent to the server with the fastest current response time.
When the persistence feature is used, the load balancing methods are only used for the first request from a new client. For all later requests from the same client, the persistence feature is automatically used for directing requests to the proper server and overrides the load balancing methods.
Note We recommend that the Least Amount of Traffic dispatch method is used.
Load balancers also perform server monitoring of services in a Desktop Server farm. In the case of a service failure, the load balancer continues to perform load balancing across the remaining servers that are in a working state.
Note Load balancing Desktop server streaming services across multiple Cisco Unified Videoconferencing Streaming Servers are not supported by the Cisco Unified Videoconferencing Solution. Only the interactive connections from the Desktop clients to the Desktop Server is supported. For information about scaling the live streaming solution beyond the streaming capacity of a single server and supporting other large scale streaming video distribution technologies for enterprise networks, see the Cisco Application and Content Networking System (ACNS) solution: http://www.cisco.com/en/US/prod/contnetw/ps5680/ps491/networking_solutions_products_genericcontent0900aecd804671a7.htm.
It is recommended that both ICMP echo request and HTTP Web (TCP port 80) health checks are used to monitor Desktop Servers on the farm in your deployment.