deployment planning and preparation guide - acano · deployment planning and preparation guide...

Acano solution

Deployment Planning and Preparation Guide

September 2015

76-1051-01-C

Contents

Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E

Contents

1 Introduction ....................................................................................................................... 4

2 Single Combined Acano Server Deployment ..................................................................... 5 2.1 VM host server .................................................................................................................. 5 2.2 Syslog server to capture logs ............................................................................................ 5 2.3 NTP server for time sync ................................................................................................... 5 2.4 LDAP server for importing users........................................................................................ 5 2.5 Customization asset server ............................................................................................... 5 2.6 Call Detail Record server................................................................................................... 5 2.7 Certificate requirements .................................................................................................... 6 2.8 Security ............................................................................................................................. 6 2.9 Port requirements .............................................................................................................. 6 2.10 Acano Manager requirements ........................................................................................... 6 2.11 DNS requirements ............................................................................................................. 6 2.12 Summary of server requirements ...................................................................................... 6

3 Single Split Acano Server Deployment .............................................................................. 8 3.1 VM host server .................................................................................................................. 8 3.2 Syslog server to capture logs ............................................................................................ 8 3.3 NTP server for time sync ................................................................................................... 8 3.4 LDAP server for importing users........................................................................................ 8 3.5 API tool ............................................................................................................................. 8 3.6 Customization asset server ............................................................................................... 8 3.7 Call Detail Record server................................................................................................... 9 3.8 Certificate requirements .................................................................................................... 9 3.9 Security ............................................................................................................................. 9 3.10 Port requirements .............................................................................................................. 9 3.11 Acano Manager requirements ........................................................................................... 9 3.12 DNS requirements ............................................................................................................. 9 3.13 Summary of server requirements ...................................................................................... 9

4 Scalable and Resilient Acano Server Deployments ......................................................... 11 4.1 VM host server ................................................................................................................ 12 4.2 VM host for coSpace database ....................................................................................... 12 4.3 coSpace database........................................................................................................... 12 4.4 Syslog server to capture logs .......................................................................................... 12 4.5 NTP server for time sync ................................................................................................. 12 4.6 LDAP server for importing users...................................................................................... 12 4.7 API tool ........................................................................................................................... 12 4.8 Customization asset server ............................................................................................. 12 4.9 Call Detail Record server................................................................................................. 13 4.10 Certificate requirements .................................................................................................. 13 4.11 Security ........................................................................................................................... 13 4.12 Port requirements ............................................................................................................ 13 4.13 Acano Manager requirements ......................................................................................... 13

Contents


4.14 DNS record requirements ................................................................................................ 13 4.15 Summary of server requirements .................................................................................... 13

Introduction


1 Introduction This document will help you plan the Acano solution deployment. For example it tells you which external prerequisites are required (e.g. NTP servers). It also lists the requirements for the Acano solution components to work together (e.g. certificates).

It provides an overview of requirements; details are sometimes in other documents because Acano’s policy is to minimize repetition of material.

Use the section that applies to your deployment topology (see the diagrams in each section if you are unsure): Section 2: Single combined Acano server deployment

Section 3: Single split Acano server deployment

Section 4: Scalable and resilient Acano server deployments

Finally, detailed steps are provided in: The two installation guides: one for an X Series server, the other for virtual hosts

The three deployment guides: single combined server deployments, single split server deployments,

and the third for scalable and resilient deployments

Acano documentation is available at www.acano.com/support/documentation/ and shown in the figure

below.

Figure 1 Overview of guides covering the Acano Solution

http://www.acano.com/support/documentation/

Single Combined Acano Server Deployment


2 Single Combined Acano Server Deployment This section outlines the prerequisites, and where to find details on setting up an Acano server in a “single combined deployment”. This type of deployment requires Acano server software release R1.6 or later.

The Acano server can be an X Series server or based on a virtual (VM) host. Figure 2 shows schematically the components on an Acano server. Depending on your deployment you may find that not all of these components need to be enabled and configured.

The Call Bridge and the coSpace database are always required

The TURN server is required for media if you need NAT

traversal

The XMPP server and Web Bridge are only required in the following circumstances:

If you are using any of the Acano “thick” clients (PC Client. Mac Client, iOS Clients) then you

must install and configure the XMPP server

If you are using the Acano WebRTC Client you require the Web Bridge and the XMPP server

2.1 VM host server

If you are using a VM host it must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing

guidelines are also provided in this document.

2.2 Syslog server to capture logs

The Syslog is recommended for troubleshooting and audit logging.

2.3 NTP server for time sync

You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended.

2.4 LDAP server for importing users

If you intend to use any of the Acano clients you must have an LDAP server (currently Active Directory or OpenLDAP). User accounts are

imported from the LDAP server. You can create user names by importing fields from LDAP.

2.5 Customization asset server

If you are customizing your Acano solution

deployment, you need a web server that is reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.

2.6 Call Detail Record server

The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be

Figure 2 Components on an Acano server

http://acano.com/wp-content/uploads/2014/10/Acano-VM-White-Paper-Final.pdf



collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.

2.7 Certificate requirements

Certificates and a certificate bundle (or intermediate certificate chain if automatically downloaded from the internet) for the: Call Bridge (If you are using Lync, this

certificate will need to be trusted by the Lync

Front End Server; the best way to achieve

this is to sign the certificate on the CA

(Certification Authority) server that has

issued the certificates for the Lync Front End

Server)

Web Bridge

XMPP server

Web Admin Interface

TURN server (if using TLS connections)

Note: It is possible to use the same certificate across multiple Edge servers but Acano does NOT recommend it.

2.8 Security

If security is paramount, then consider the following. Details are provided in the Deployment guides. User access control

Common Access Cards (CAC)

Online Certificate Status Protocol (OCSP)

FIPS

TLS certificate validation with MMP

commands

DSCP

2.9 Port requirements

Appendix B of the Deployment guides shows the required ports between each component of the Acano solution, and between them and external components.

2.10 Acano Manager requirements

There are no additional requirements for this Acano server to be monitored by Acano Manager. Acano Manager must be deployed on a separate server; see the specification in the Acano Manager Installation Guide.

2.11 DNS requirements

You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in Table 1 on this server.

2.12 Summary of server requirements

1 Acano X Series server or 1 VM host

1 Syslog server

1 NTP server

1 LDAP server (if using Acano clients)

1 CDR receiver (Acano Manager if you are

using it)

1 web server for customization assets

(optional)

1 DNS server

1 Acano Manager server



Table 1 Required DNS records: single combined server

Type Example Resolves to Description

SRV(*) _xmpp-client._tcp.example.com

The A record xmpp.example.com below. Usually this is port 5222

Used by clients to login. The SRV record must correspond to the domain used in your XMPP usernames

SRV(*) _xmpp-server._tcp.example.com


Used to federate between XMPP servers. The SRV record must correspond to the domain used in your XMPP usernames

A xmpp.example.com IP address of the XMPP server

Used by clients to login.

A / AAAA

join.example.com IP address of the Web Bridge

This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.

A / AAAA

uk.example.com IP address of the Call Bridge Used by the Lync FE server to contact the Call Bridge

A / AAAA

ukadmin.example.com IP address of the Web Admin Interface

This record it is used purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface

SRV(*) _sipinternaltls._tcp.fe.lync-domain.com

The A record of the Lync FE server or FE Pool

If you have an FE pool, you can have multiple FE records pointing to individual FE servers within the pool

A / AAAA

fe.lync-domain.com IP address of the Lync FE server

You will need one record for each individual FE server

(*) SRV records do not resolve directly to IP addresses. You need to create associated A or AAAA name records in order to satisfy the SRV requirements

Single Split Acano Server Deployment


3 Single Split Acano Server Deployment This section outlines the prerequisites and where to find details on setting up an Acano server in a “single split deployment”. This type of deployment requires Acano server software release R1.6 or later.

The Acano server can be an X Series server or based on a virtual (VM) host. Figure 3 shows schematically the components on an Acano server. Typically an X Series server is used for the Core server and a VM host for the Edge server; but this is not mandatory.

Depending on your deployment you may find that not all of these components need to be enabled and configured. The Call Bridge and the coSpace database are always required

The TURN server is required for media if you need NAT traversal

The XMPP server, Load Balancer and Web Bridge are only required in the following circumstances:


must install and configure the XMPP server and the Load Balancer

If you are using the Acano WebRTC Client you require the Web Bridge, the XMPP server and

the Load Balancer

3.1 VM host server

If you are using one or two VM hosts each one must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing guidelines are also provided in this

document.


The Syslog is recommended for troubleshooting and audit logging. Both servers must be set up separately to use the same Syslog server.


You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended. Both servers must be set up separately to use an NTP server.


You must have an LDAP server (currently Active Directory or OpenLDAP) to use the Acano solution. User accounts are imported from the LDAP server. You can create user names by importing fields from LDAP.

3.5 API tool

From 1.6 if you have more than one host server we strongly recommend using the API to configure them. Therefore you need a login account and password for the Acano API in a web API tool (such as POSTMAN)



deployment, you need a web server that is

Figure 3 Components split between the Core server and the Edge server





reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.


The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.



certificate will need to be trusted by the Lync

Front End Server; the best way to achieve

this is to sign the certificate on the CA

(Certification Authority) server that has

issued the certificates for the Lync Front End

Server)

Web Bridge

XMPP server

Web Admin Interface

coSpace database host server(s)

trunk(s) between Core and Edge servers



3.9 Security




FIPS


commands

DSCP


Appendix B of the Deployment guides shows the required ports between each component of the Acano solution and between them and external components.



3.12 DNS requirements

You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in the table below on this server.


2 Acano X Series servers, 1 X series server

and 1 VM host, or 2 VM hosts

1 Syslog server

1 or 2 NTP servers



using it)


(optional)

1 DNS server

2 Acano Manager servers



Table 2 Required DNS records: single split Core and Edge servers

Type Example Resolves to Description

SRV(*) _xmpp-client._tcp.example.com The A record xmpp.example.com below. Usually this is port 5222


SRV(*) _xmpp-server._tcp.example.com The A record xmpp.example.com below. Usually this is port 5269


A xmpp.example.com The Load Balancer which is configured to trunk to the XMPP server

Used by clients to login.

A / AAAA join.example.com IP address of Web Bridge This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.

A / AAAA ukedge.example.com IP address of the Load Balancer

Used by the Core server to create a trunk to the Load Balancer running on the Edge server

A / AAAA ukcore1.example.com IP address of the Call Bridge Used by the Lync FE server to contact the Call Bridge

A / AAAA ukcoreadmin.example.com

ukedgeadmin.example.com

IP address of the MMP interface

This record it is used purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface




A / AAAA fe.lync-domain.com IP address of the Lync FE server



Scalable and Resilient Acano Server Deployments


4 Scalable and Resilient Acano Server Deployments This section outlines the prerequisites and where to find details on setting up a “scalable and resilient” Acano server deployment. This type of deployment requires Acano server software release R1.6 or later.

This deployment can be based on combined servers as shown in Figure 4 or on split Core and Edge deployments as shown in Figure 5. In both cases additional servers can be added.

Each Acano server can be an X Series server or based on a virtual (VM) host.

Figure 5 Scalable and resilient deployment using split servers

Typically an X Series server is used for the Core servers and a VM host for the Edge servers; but this is not mandatory. Note that databases can be co-located with the Call Bridge or on a separate host server – usually also a VM.

Depending on your deployment you may find that not all of these components need to be enabled and configured. The Call Bridges and the coSpace databases are always required

The TURN servers are required for media where you need NAT traversal

The XMPP servers, Load Balancers and Web Bridges are only required in the following

circumstances:


must:

install and configure the Load Balancers

Figure 4 Scalable and resilient deployment using combined servers



If you are using the Acano WebRTC Client you require the Web Bridges, the XMPP servers and

the Load Balancers

In a large split deployment with several Core servers: it is not necessary, or even desirable, to have the same number of Edge and Core servers. For

example, one Call Bridge can manage multiple Web Bridges; those Web Bridges can be reachable

externally with a single DNS name resolving to potentially multiple separate units.

the Acano solution only supports one XMPP server per domain; multiple XMPP servers

are supported if each XMPP server is in a different domain.

it is not necessary to have a coSpace database instance for every Call Bridge; rather we recommend

one at every point of presence.

4.1 VM host server

Any VM host must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing guidelines are

also provided in this document.

4.2 VM host for coSpace database

Each coSpace database can be co-located with other components on a Core server, but it can also be an external database, probably on a VM host (see the previous section).

4.3 coSpace database

A minimum of 3 coSpace databases is required. In a large deployment with several combined or Core servers, it is not necessary to have a coSpace database instance for every Call Bridge; rather we recommend one at every point of presence.


The Syslog is recommended for troubleshooting and audit logging. Although it is possible to use more than one Syslog server, if you are using split deployments or clustering, all host servers must use the same one.


You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended. Every host server must be set up separately to use an NTP server.


You must have an LDAP server (currently Active Directory or OpenLDAP) to use the Acano solution. User accounts are imported from the LDAP server. You can create user names by importing fields from LDAP.

4.7 API tool

From 1.6 if you have more than one host server we strongly recommend using the API to configure them. Therefore you need a login account and password for the Acano API in a web API tool (such as POSTMAN).



deployment, you need a web server that is reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.






The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.



certificate will need to be trusted by the

Lync Front End Server; the best way to

achieve this is to sign the certificate on the

CA (Certification Authority) server that has

issued the certificates for the Lync Front

End Server)

Web Bridge

XMPP server

Web Admin Interface

coSpace database host server(s)

trunk between Core and Edge servers



4.11 Security




FIPS


commands

DSCP


Appendix B of the Deployment guides shows the required ports between each component of the Acano solution and between them and external components.



4.14 DNS record requirements

You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in Table 3 on this server.


2 or more Acano X Series servers, 2 or

more VM hosts or a combination of X

Series servers and VM hosts.

1 Syslog server

More than one NTP server



using it)


(optional)

1 DNS server

An Acano Manager server for each Call

Bridge that you want to manage


Table 3 Required DNS records: resilient/scalable (multiple) server deployment

Type Example Resolves to Resilience considerations Description

SRV(*) _xmpp-client._tcp.example.com The A record xmpp.example.com below. Usually this is port 5222.

One SRV record can be created for each XMPP server/Load Balancer such that multiple results are returned in response to a DNS lookup. Clients choose a destination for XMPP traffic based on the priority and weight information


SRV(*) _xmpp-server._tcp.example.com


One SRV record can be created for each XMPP server/Load Balancer such that multiple results are returned in response to a DNS lookup. Clients choose a destination for XMPP traffic based on the priority and weight information


A xmpp.example.com IP address of either the XMPP server or a Load Balancer which is configured to trunk to the XMPP server.

One A record per XMPP server or Load Balancer

A / AAAA

join.example.com IP address of Web Bridge

One A and/or AAAA record per Web Bridge. The decision on which Web Bridge your browser uses is made by your web browser. Normally the choice is random

This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.

A / AAAA

ukedges.example.com

nyedges.example.com

IP addresses of any local Load Balancers

Each Core server in a given datacenter should trunk to only the Edge servers within that datacenter. In our example, ukedges.example.com would return the IP address of all Load Balancers within the UK datacenter

Used in split deployments only by the Core server to create a trunk to a Load Balancer running on the Edge server

A / AAAA

ukcore1.example.com

nycore1.example.com

IP address of the Call Bridge

One record per Call Bridge. Each Call Bridge must have a unique FQDN

Used by the Lync FE server to contact the Call Bridge

A / ukcore1admin.example.com IP address of the MMP One record per Web Admin Interface. Each MMP This record it is used


Type Example Resolves to Resilience considerations Description

AAAA ukedge1admin.example.com

nycore1admin.example.com

interface interface must have a unique FQDN purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface




A / AAAA

fe.lync-domain.com IP address of the Lync FE server




© 2015 Acano (UK) Ltd. All rights reserved. This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission.

Acano is a trademark of Acano (UK) Ltd. Other names may be trademarks of their respective owners.

deployment planning and preparation guide - acano · deployment planning and preparation guide...

Documents