service-types

Putting Cisco’s WebEx Meetings Server to the Test – Part 1

Spice IT

by |

My coworker Srini Kilambi recently discussed Cisco’s new conferencing product, Cisco WebEx Meetings Server (CWMS) 1.0, from a features and licensing perspective.

My peer Jon Nelson, CDW’s UC Technical Architect, and I recently setup several CWMS systems in our Early Field Trial (EFT) lab to test various deployments and features during the CWMS Beta. This will be the first of two posts on the technical side of CWMS. In this post I’ll share a bit about the product, the virtual machines that provide its features (and their requirements), and some of the design considerations for CWMS deployments in the Enterprise.

To briefly recap, CWMS brings the power of WebEx Software-as-a-Service (SaaS) from the cloud into the Enterprise, making it a great option for:

  • Enterprises still chugging along with End-of-Life MeetingPlace and MeetingPlace Express
  • Enterprises with MeetingPlace 8.0/8.5 + WebEx SaaS looking for a more tightly integrated platform without external port or recording storage limits and potentially less outbound Internet usage from the Enterprise
  • Enterprises with WebEx SaaS using only Meeting Center and looking for lower monthly recurring costs (MRC) and greater budgetary certainty on expenses, and potentially less outbound PSTN and Internet usage from the Enterprise

To begin, let’s talk about CWMS and how it works – a technical deep dive of sorts.  Cisco forked CWMS from WebEx Meeting Center T27 and today the software provides Meeting Center equivalent features.  Meeting Center is itself three broad types of services:

  • Administration: the interface where admins add users, configure the system, etc.  If you are familiar with WebEx SaaS you’ll see a lot of similarity with a new GUI.
  • Web services: Again, if you are familiar with WebEx Saas you’ll see a lot of similar functionally, but the GUI has been entirely updated to a fresher Web 2.0 look and feel.  Cisco also updated Protools and renamed the package WebEx Assistant.  The WebEx Meeting Center client itself is essentially the same as WebEx SaaS.
  • Media services: the media services (audio, video, meeting data) are essentially the same as WebEx SaaS with minor changes.

To this mix, CWMS adds:

  • Internet reverse proxy services: with CWMS in the Enterprise network instead of the cloud, access from beyond the firewall becomes an issue.  Enter the Internet Reverse Proxy.  These services are provided by an IRP virtual machine that sits in the DMZ and facilitates external access.  The IRP allows external hosts to schedule and initiate meetings using the CWMS site over HTTPS and/or via the WebEx Assistant (no VPN required!).  External participants can of course also join meetings.

In smaller installs the admin, web and media functions collapse onto a single Admin Virtual Machine, but the largest installs feature dedicated Media and Web Virtual Machines.

Now let’s turn it around – at the lowest level, this solution depends heavily on VMware vSphere 5.0 (4.1 need not apply).  It also requires vCenter for OVA installation and deployment – if you don’t have a vCenter, you’ll need to invest in one.  The largest installs will require VMware Enterprise Plus, as the VM’s become monster compute hogs at scale (but for your trouble you get universal transcoding – no more PVDM transcoder farms or 3545 hardware media servers).  The VMs do not run the UCOS familiar to UC administrators – instead the technology runs on Cisco customized CentOS.  Sorry, SSH and console access to the command line is only available to Cisco TAC; you’ll be using VMware vCenter and the CWMS Admin web GUI to configure and maintain the solution.

Depending on the size of the deployment you’ll use vCenter to deploy (or allow the CWMS Admin VM to automatically deploy) a variety of virtual machines.  I’m going to assume you’ll want external access via an IRP to boot.

  • 50-port (Micro): services for 500 users at a 10:1 user:port ratio.
    • One (1) Admin VM (4vCPU, 14GB RAM, 418GB disk)
    • One (1) IRP VM (4vCPU, 4GB RAM, 128GB disk)
    • Fits on a C-220 or B-200 blade with vCenter (if needed)
  • 250-port (Small): services for 2500 users
    • One (1) Admin VM (4vCPU, 16GB RAM, 418GB disk)
    • One (1) Media VM (8vCPU, 23GB RAM, 128GB disk)
    • One (1) IRP VM (8vCPU, 6GB RAM, 128GB disk)
    • Fits on two C-220 or B-200 blades.
  • 800-port (Medium): services for 8000 users. Let the eye-popping compute begin.
    • One (1) Admin VM (10vCPU, 16GB RAM, 418GB disk)
    • One (1) Media VM (30vCPU, 44GB RAM, 128GB disk)
    • One (1) IRP VM (20vCPU, 10GB RAM, 128GB disk)
    • Fits on two C-460 or B-440 blades.
  • 2000-port (Large): services for 20k users.  Let the eye-exploding compute begin.
    • One (1) Admin VM (10vCPU, 16GB RAM, 418GB disk)
    • Three (3) Media VMs (30vCPU, 44GB RAM, 128GB disk)
    • Two (2) Web VMs (10vCPU, 16GB RAM, 128GB disk)
    • One (1) IRP VM (20vCPU, 10GB RAM, 128GB disk)
    • Fits on four C-460 or B-440 blades.

CWMS offers High Availability via an N+1 scheme.  If implementing HA, add the following:

  • 50-port (Micro)
    • One (1) more C-220 or B-200 (two (2) total)
    • One (1) Admin VM (4vCPU, 16GB RAM, 418GB disk)
    • One (1) Media VM (8vCPU, 23GB RAM, 128GB disk)
    • One (1) IRP VM (8vCPU, 6GB RAM, 128GB disk)
    • Two (2) more C-220 or B-200 blades (four (4) total)
  • 800-port (Medium):
    • One (1) Admin VM (10vCPU, 16GB RAM, 418GB disk)
    • One (1) Media VM (30vCPU, 44GB RAM, 128GB disk)
    • One (1) IRP VM (20vCPU, 10GB RAM, 128GB disk)
    • Two (2) more C-460 or B-440 blades (four (4) total)
  • 2000-port (Large):
    • One (1) Admin VM (10vCPU, 16GB RAM, 418GB disk)
    • One (1) Media VM (30vCPU, 44GB RAM, 128GB disk)
    • One (1) Web VMs (10vCPU, 16GB RAM, 128GB disk)
    • One (1) IRP VM (20vCPU, 10GB RAM, 128GB disk)
    • Three (3) more C-460 or B-440 blades (seven (7) total)

As you can see, that’s a lot of compute!

If HA is not initially deployed, it can easily be added at a later date as all end-user and administrative services are offered through Virtual IP Addresses (VIPs) obviating the need for re-addressing or changes to DNS.  The VIPs also allow larger installs to perform load balancing.  HA turn up is practically as simple as adding the VMs during a maintenance window and re-generating the system SSL security certificate.

Also note that deployments, HA or not, have super-tight tolerances: 1ms latency and oodles of bandwidth for all that meeting data.  Between the use of VIPs requiring L2 adjacency for HA and these tolerances, deployments likely cannot be spread over the WAN.  Geographic diversity features for HA were one of CDW’s first enhancement requests.  Cisco does offer a Cold Standby option for geographic redundancy.

Once a size and HA model is decided, the next design consideration is DNS.  The WebEx end-user site must resolve to either the internal VIP or the IRP VIP. With Split Horizon DNS, internal users can be directed to internal VIP while external users can be directed to the IRPs.  This is the most efficient model, saving the firewall a lot of work hair-pinning data streams for internal users.  If the client uses non-Split Horizon DNS, the end-user URL must resolve to the IRP VIP for both internal and external users.  This might be preferable in a limited number of design scenarios (say all remote branches have low-speed WAN but high-speed Internet access), but puts a lot of internal client load on Enterprise firewalls.  You can view more information about designs with different DNS here.

Cisco’s design guidance generally suggests usage of Public IP addresses for IRP VM(s) in the DMZ.  Depending on the client’s firewall setup and Internet access, Public IP addresses may not be available inside the DMZ.  But if configured properly, CWMS can be deployed in a DMZ that uses NAT’d private IP addressing.  This was one setup we tested heavily in CDW’s EFT lab, as many clients, even up to very large Enterprise scale, land their Public IP addresses on the outside interface of their firewalls.

Thanks for reading and stay tuned for part two in which I will discuss integration of CWMS to the rest of Cisco’s UC solution, some advanced configuration, the deployment scenarios we tested in the CDW EFT lab and some design principles we developed that help CDW’s UC Solutions Architects design deployments with customers now that the software has hit First Customer Ship (FCS).

Comments

14 Comments

  1. Dennis Robinson

    Interesting option considering the crossroads we are on with this product. we have internal MeetingPlace and external WebEx SaaS. One question, but I think I know the answer anyway…can I run the VM on a non Cisco server (we have and love HP blades)? If not we are looking to abandon WebEx completely!

  2. Nick MuellerNick Mueller

    I am afraid CWMS is only supported on UCS today.

    NPM

  3. Dennis Robinson

    And this is why I don’t like Cisco. The whole point of virtualization is to decouple hardware from software. Cisco needs to remove this restriction. What is so special about their hardware that I can’t replicate with HP’s extensive (and market leading by a wide margin) blade product line?

    1. Nick MuellerNick Mueller

      Hi Dennis,

      I am not aware of committed plans to remove this restriction from CWMS, but I can point out that similar restrictions were recently removed from many other UC platform components (they supported HP/IBM spec-based, but now support essentially any vendor spec-based).

      At some point in the relatively near future you will very likely see CWMS become spec-based as well and support some/all 3rd party servers. In fact I would suggest talking to your Cisco UC partner (or us!) and your Cisco AM (if you don’t have one, we can get you one) to get a view of CWMS’ future roadmap and I think you will find this in a planned future phase.

      As to why the restriction exists today, I understand it is purely because of the availability of time and equipment to conduct acceptance testing on 3rd party hardware, and to train Cisco TAC on procedures and troubleshooting for instances where the hardware is 3rd party.

      As I am sure you can understand they tested first on Cisco UCS, and they already have in-house capability to support the full stack when the hardware is Cisco UCS. Add 3rd party hardware into the mix and you have stuff that could go wrong, and Cisco wants to test ahead of time to validate platforms and the experience so that support issues don’t degenerate into finger pointing.

      Is there anything limiting you from installing onto HP hardware today? No, nothing except getting TAC support. But it is coming, it takes time to perform the testing, validation, and train the TAC team, and you will very likely see 3rd party hardware support soon. I hope you can understand the reasons why.

  4. Rajeev

    Is our FQDN and mail server can be in differnt domains in CWMS installation?

  5. Jaja

    Hi,

    May i inquire if your familiar with the licensing deployment on CWMS.?. How does licensing work with H.A ” a cold standby set-up”. do we need to load or purchase licenses on both server?.
    Or for the primary server only?.

    Thanks,

    1. Nick MuellerNick Mueller

      Hi Jaja,

      You only license the primary servers.

      The key to cold standby is a functional backup. You restore this functional backup to the cold standby system, including the license, as part of the disaster recovery process, to return to active operation.

      NPM

  6. Erson

    Hi Nick,

    You have very good Article for the CWMS. Just one question, this is regarding the SSO configuration on both the CWMS and ADFS 2.0. Have you successufully run the Federated SSo using IdP (Identity Provider) Initiated.?

    Erson

  7. fall

    Hi
    thanks for sharing.
    Do you have some ideas about deployement of jabber on premise with CWCM?

  8. Peterson

    Hi Nick

    For 50 user system (Admin, Web and Media in one server) I need vCenter also? is not possible do a POC only with ESXi?

    1. Nick MuellerNick Mueller

      Hi Peterson,

      Unfortunately you need vCenter in order to deploy the OVA files – this is required. If you deploy them without vCenter (direct from the vSphere client to an ESXi server) you won’t be able to set some of the installation variables. You can get a demo version of vCenter (30-day IIRC) for a POC situation from VMware. But it is required for real deployment.

      NPM

  9. Skhare

    Hello Nick,

    Can u help me to understand few queries on CWMS design.
    1# whether IRP is Cisco provided application or will be provided by client.
    2# Whether IRP needed to be on UCS only or it can be any internet reverse proxy server.
    3# For 50 user deployment can i have IRP and admin VM running on same UCS?

    Regards
    Skhare

    1. Nick Mueller

      re1: yes it is a node of CWMS provided by Cisco

      Re2: it is a VM from Cisco and must run on UCS today.

      Re3: yes

Leave a Reply

Your email address will not be published. Required fields are marked *

You may use these HTML tags and attributes: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong>