deployment planning and preparation guide - acano · deployment planning and preparation guide...
TRANSCRIPT
Contents
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 2
Contents
1 Introduction ....................................................................................................................... 4
2 Single Combined Acano Server Deployment ..................................................................... 5 2.1 VM host server .................................................................................................................. 5 2.2 Syslog server to capture logs ............................................................................................ 5 2.3 NTP server for time sync ................................................................................................... 5 2.4 LDAP server for importing users........................................................................................ 5 2.5 Customization asset server ............................................................................................... 5 2.6 Call Detail Record server................................................................................................... 5 2.7 Certificate requirements .................................................................................................... 6 2.8 Security ............................................................................................................................. 6 2.9 Port requirements .............................................................................................................. 6 2.10 Acano Manager requirements ........................................................................................... 6 2.11 DNS requirements ............................................................................................................. 6 2.12 Summary of server requirements ...................................................................................... 6
3 Single Split Acano Server Deployment .............................................................................. 8 3.1 VM host server .................................................................................................................. 8 3.2 Syslog server to capture logs ............................................................................................ 8 3.3 NTP server for time sync ................................................................................................... 8 3.4 LDAP server for importing users........................................................................................ 8 3.5 API tool ............................................................................................................................. 8 3.6 Customization asset server ............................................................................................... 8 3.7 Call Detail Record server................................................................................................... 9 3.8 Certificate requirements .................................................................................................... 9 3.9 Security ............................................................................................................................. 9 3.10 Port requirements .............................................................................................................. 9 3.11 Acano Manager requirements ........................................................................................... 9 3.12 DNS requirements ............................................................................................................. 9 3.13 Summary of server requirements ...................................................................................... 9
4 Scalable and Resilient Acano Server Deployments ......................................................... 11 4.1 VM host server ................................................................................................................ 12 4.2 VM host for coSpace database ....................................................................................... 12 4.3 coSpace database........................................................................................................... 12 4.4 Syslog server to capture logs .......................................................................................... 12 4.5 NTP server for time sync ................................................................................................. 12 4.6 LDAP server for importing users...................................................................................... 12 4.7 API tool ........................................................................................................................... 12 4.8 Customization asset server ............................................................................................. 12 4.9 Call Detail Record server................................................................................................. 13 4.10 Certificate requirements .................................................................................................. 13 4.11 Security ........................................................................................................................... 13 4.12 Port requirements ............................................................................................................ 13 4.13 Acano Manager requirements ......................................................................................... 13
Contents
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 3
4.14 DNS record requirements ................................................................................................ 13 4.15 Summary of server requirements .................................................................................... 13
Introduction
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 4
1 Introduction This document will help you plan the Acano solution deployment. For example it tells you which external prerequisites are required (e.g. NTP servers). It also lists the requirements for the Acano solution components to work together (e.g. certificates).
It provides an overview of requirements; details are sometimes in other documents because Acano’s policy is to minimize repetition of material.
Use the section that applies to your deployment topology (see the diagrams in each section if you are unsure): Section 2: Single combined Acano server deployment
Section 3: Single split Acano server deployment
Section 4: Scalable and resilient Acano server deployments
Finally, detailed steps are provided in: The two installation guides: one for an X Series server, the other for virtual hosts
The three deployment guides: single combined server deployments, single split server deployments,
and the third for scalable and resilient deployments
Acano documentation is available at www.acano.com/support/documentation/ and shown in the figure
below.
Figure 1 Overview of guides covering the Acano Solution
Single Combined Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 5
2 Single Combined Acano Server Deployment This section outlines the prerequisites, and where to find details on setting up an Acano server in a “single combined deployment”. This type of deployment requires Acano server software release R1.6 or later.
The Acano server can be an X Series server or based on a virtual (VM) host. Figure 2 shows schematically the components on an Acano server. Depending on your deployment you may find that not all of these components need to be enabled and configured.
The Call Bridge and the coSpace database are always required
The TURN server is required for media if you need NAT
traversal
The XMPP server and Web Bridge are only required in the following circumstances:
If you are using any of the Acano “thick” clients (PC Client. Mac Client, iOS Clients) then you
must install and configure the XMPP server
If you are using the Acano WebRTC Client you require the Web Bridge and the XMPP server
2.1 VM host server
If you are using a VM host it must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing
guidelines are also provided in this document.
2.2 Syslog server to capture logs
The Syslog is recommended for troubleshooting and audit logging.
2.3 NTP server for time sync
You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended.
2.4 LDAP server for importing users
If you intend to use any of the Acano clients you must have an LDAP server (currently Active Directory or OpenLDAP). User accounts are
imported from the LDAP server. You can create user names by importing fields from LDAP.
2.5 Customization asset server
If you are customizing your Acano solution
deployment, you need a web server that is reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.
2.6 Call Detail Record server
The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be
Figure 2 Components on an Acano server
Single Combined Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 6
collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.
2.7 Certificate requirements
Certificates and a certificate bundle (or intermediate certificate chain if automatically downloaded from the internet) for the: Call Bridge (If you are using Lync, this
certificate will need to be trusted by the Lync
Front End Server; the best way to achieve
this is to sign the certificate on the CA
(Certification Authority) server that has
issued the certificates for the Lync Front End
Server)
Web Bridge
XMPP server
Web Admin Interface
TURN server (if using TLS connections)
Note: It is possible to use the same certificate across multiple Edge servers but Acano does NOT recommend it.
2.8 Security
If security is paramount, then consider the following. Details are provided in the Deployment guides. User access control
Common Access Cards (CAC)
Online Certificate Status Protocol (OCSP)
FIPS
TLS certificate validation with MMP
commands
DSCP
2.9 Port requirements
Appendix B of the Deployment guides shows the required ports between each component of the Acano solution, and between them and external components.
2.10 Acano Manager requirements
There are no additional requirements for this Acano server to be monitored by Acano Manager. Acano Manager must be deployed on a separate server; see the specification in the Acano Manager Installation Guide.
2.11 DNS requirements
You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in Table 1 on this server.
2.12 Summary of server requirements
1 Acano X Series server or 1 VM host
1 Syslog server
1 NTP server
1 LDAP server (if using Acano clients)
1 CDR receiver (Acano Manager if you are
using it)
1 web server for customization assets
(optional)
1 DNS server
1 Acano Manager server
Single Combined Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 7
Table 1 Required DNS records: single combined server
Type Example Resolves to Description
SRV(*) _xmpp-client._tcp.example.com
The A record xmpp.example.com below. Usually this is port 5222
Used by clients to login. The SRV record must correspond to the domain used in your XMPP usernames
SRV(*) _xmpp-server._tcp.example.com
The A record xmpp.example.com below. Usually this is port 5269
Used to federate between XMPP servers. The SRV record must correspond to the domain used in your XMPP usernames
A xmpp.example.com IP address of the XMPP server
Used by clients to login.
A / AAAA
join.example.com IP address of the Web Bridge
This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.
A / AAAA
uk.example.com IP address of the Call Bridge Used by the Lync FE server to contact the Call Bridge
A / AAAA
ukadmin.example.com IP address of the Web Admin Interface
This record it is used purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface
SRV(*) _sipinternaltls._tcp.fe.lync-domain.com
The A record of the Lync FE server or FE Pool
If you have an FE pool, you can have multiple FE records pointing to individual FE servers within the pool
A / AAAA
fe.lync-domain.com IP address of the Lync FE server
You will need one record for each individual FE server
(*) SRV records do not resolve directly to IP addresses. You need to create associated A or AAAA name records in order to satisfy the SRV requirements
Single Split Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 8
3 Single Split Acano Server Deployment This section outlines the prerequisites and where to find details on setting up an Acano server in a “single split deployment”. This type of deployment requires Acano server software release R1.6 or later.
The Acano server can be an X Series server or based on a virtual (VM) host. Figure 3 shows schematically the components on an Acano server. Typically an X Series server is used for the Core server and a VM host for the Edge server; but this is not mandatory.
Depending on your deployment you may find that not all of these components need to be enabled and configured. The Call Bridge and the coSpace database are always required
The TURN server is required for media if you need NAT traversal
The XMPP server, Load Balancer and Web Bridge are only required in the following circumstances:
If you are using any of the Acano “thick” clients (PC Client. Mac Client, iOS Clients) then you
must install and configure the XMPP server and the Load Balancer
If you are using the Acano WebRTC Client you require the Web Bridge, the XMPP server and
the Load Balancer
3.1 VM host server
If you are using one or two VM hosts each one must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing guidelines are also provided in this
document.
3.2 Syslog server to capture logs
The Syslog is recommended for troubleshooting and audit logging. Both servers must be set up separately to use the same Syslog server.
3.3 NTP server for time sync
You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended. Both servers must be set up separately to use an NTP server.
3.4 LDAP server for importing users
You must have an LDAP server (currently Active Directory or OpenLDAP) to use the Acano solution. User accounts are imported from the LDAP server. You can create user names by importing fields from LDAP.
3.5 API tool
From 1.6 if you have more than one host server we strongly recommend using the API to configure them. Therefore you need a login account and password for the Acano API in a web API tool (such as POSTMAN)
3.6 Customization asset server
If you are customizing your Acano solution
deployment, you need a web server that is
Figure 3 Components split between the Core server and the Edge server
Single Split Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 9
reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.
3.7 Call Detail Record server
The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.
3.8 Certificate requirements
Certificates and a certificate bundle (or intermediate certificate chain if automatically downloaded from the internet) for the: Call Bridge (If you are using Lync, this
certificate will need to be trusted by the Lync
Front End Server; the best way to achieve
this is to sign the certificate on the CA
(Certification Authority) server that has
issued the certificates for the Lync Front End
Server)
Web Bridge
XMPP server
Web Admin Interface
coSpace database host server(s)
trunk(s) between Core and Edge servers
TURN server (if using TLS connections)
Note: It is possible to use the same certificate across multiple Edge servers but Acano does NOT recommend it.
3.9 Security
If security is paramount, then consider the following. Details are provided in the Deployment guides. User access control
Common Access Cards (CAC)
Online Certificate Status Protocol (OCSP)
FIPS
TLS certificate validation with MMP
commands
DSCP
3.10 Port requirements
Appendix B of the Deployment guides shows the required ports between each component of the Acano solution and between them and external components.
3.11 Acano Manager requirements
There are no additional requirements for this Acano server to be monitored by Acano Manager. Acano Manager must be deployed on a separate server; see the specification in the Acano Manager Installation Guide.
3.12 DNS requirements
You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in the table below on this server.
3.13 Summary of server requirements
2 Acano X Series servers, 1 X series server
and 1 VM host, or 2 VM hosts
1 Syslog server
1 or 2 NTP servers
1 LDAP server (if using Acano clients)
1 CDR receiver (Acano Manager if you are
using it)
1 web server for customization assets
(optional)
1 DNS server
2 Acano Manager servers
Single Split Acano Server Deployment
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 10
Table 2 Required DNS records: single split Core and Edge servers
Type Example Resolves to Description
SRV(*) _xmpp-client._tcp.example.com The A record xmpp.example.com below. Usually this is port 5222
Used by clients to login. The SRV record must correspond to the domain used in your XMPP usernames
SRV(*) _xmpp-server._tcp.example.com The A record xmpp.example.com below. Usually this is port 5269
Used to federate between XMPP servers. The SRV record must correspond to the domain used in your XMPP usernames
A xmpp.example.com The Load Balancer which is configured to trunk to the XMPP server
Used by clients to login.
A / AAAA join.example.com IP address of Web Bridge This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.
A / AAAA ukedge.example.com IP address of the Load Balancer
Used by the Core server to create a trunk to the Load Balancer running on the Edge server
A / AAAA ukcore1.example.com IP address of the Call Bridge Used by the Lync FE server to contact the Call Bridge
A / AAAA ukcoreadmin.example.com
ukedgeadmin.example.com
IP address of the MMP interface
This record it is used purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface
SRV(*) _sipinternaltls._tcp.fe.lync-domain.com
The A record of the Lync FE server or FE Pool
If you have an FE pool, you can have multiple FE records pointing to individual FE servers within the pool
A / AAAA fe.lync-domain.com IP address of the Lync FE server
You will need one record for each individual FE server
(*) SRV records do not resolve directly to IP addresses. You need to create associated A or AAAA name records in order to satisfy the SRV requirements
Scalable and Resilient Acano Server Deployments
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 11
4 Scalable and Resilient Acano Server Deployments This section outlines the prerequisites and where to find details on setting up a “scalable and resilient” Acano server deployment. This type of deployment requires Acano server software release R1.6 or later.
This deployment can be based on combined servers as shown in Figure 4 or on split Core and Edge deployments as shown in Figure 5. In both cases additional servers can be added.
Each Acano server can be an X Series server or based on a virtual (VM) host.
Figure 5 Scalable and resilient deployment using split servers
Typically an X Series server is used for the Core servers and a VM host for the Edge servers; but this is not mandatory. Note that databases can be co-located with the Call Bridge or on a separate host server – usually also a VM.
Depending on your deployment you may find that not all of these components need to be enabled and configured. The Call Bridges and the coSpace databases are always required
The TURN servers are required for media where you need NAT traversal
The XMPP servers, Load Balancers and Web Bridges are only required in the following
circumstances:
If you are using any of the Acano “thick” clients (PC Client. Mac Client, iOS Clients) then you
must:
install and configure the Load Balancers
Figure 4 Scalable and resilient deployment using combined servers
Scalable and Resilient Acano Server Deployments
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 12
If you are using the Acano WebRTC Client you require the Web Bridges, the XMPP servers and
the Load Balancers
In a large split deployment with several Core servers: it is not necessary, or even desirable, to have the same number of Edge and Core servers. For
example, one Call Bridge can manage multiple Web Bridges; those Web Bridges can be reachable
externally with a single DNS name resolving to potentially multiple separate units.
the Acano solution only supports one XMPP server per domain; multiple XMPP servers
are supported if each XMPP server is in a different domain.
it is not necessary to have a coSpace database instance for every Call Bridge; rather we recommend
one at every point of presence.
4.1 VM host server
Any VM host must comply with the host server requirements provided in the Virtualized Deployments White Paper. Sizing guidelines are
also provided in this document.
4.2 VM host for coSpace database
Each coSpace database can be co-located with other components on a Core server, but it can also be an external database, probably on a VM host (see the previous section).
4.3 coSpace database
A minimum of 3 coSpace databases is required. In a large deployment with several combined or Core servers, it is not necessary to have a coSpace database instance for every Call Bridge; rather we recommend one at every point of presence.
4.4 Syslog server to capture logs
The Syslog is recommended for troubleshooting and audit logging. Although it is possible to use more than one Syslog server, if you are using split deployments or clustering, all host servers must use the same one.
4.5 NTP server for time sync
You must configure at least one NTP server to synchronize time between the Acano solution components. Using more than one NTP server is recommended. Every host server must be set up separately to use an NTP server.
4.6 LDAP server for importing users
You must have an LDAP server (currently Active Directory or OpenLDAP) to use the Acano solution. User accounts are imported from the LDAP server. You can create user names by importing fields from LDAP.
4.7 API tool
From 1.6 if you have more than one host server we strongly recommend using the API to configure them. Therefore you need a login account and password for the Acano API in a web API tool (such as POSTMAN).
4.8 Customization asset server
If you are customizing your Acano solution
deployment, you need a web server that is reachable by the Call Bridge without performing any form of HTTP authentication. See the Customization Guidelines for details.
Scalable and Resilient Acano Server Deployments
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 13
4.9 Call Detail Record server
The Acano solution generates Call Detail Records (CDRs) internally for key call-related events. The Acano solution can be configured to send these records to a remote system to be collected and analyzed: there is no provision for records to be stored on a long-term basis on an Acano server. All CDRs must be sent to the same receiver. If you are using Acano Manager, it must be your CDR receiver.
4.10 Certificate requirements
Certificates and a certificate bundle (or intermediate certificate chain if automatically downloaded from the internet) for the: Call Bridge (If you are using Lync, this
certificate will need to be trusted by the
Lync Front End Server; the best way to
achieve this is to sign the certificate on the
CA (Certification Authority) server that has
issued the certificates for the Lync Front
End Server)
Web Bridge
XMPP server
Web Admin Interface
coSpace database host server(s)
trunk between Core and Edge servers
TURN server (if using TLS connections)
Note: It is possible to use the same certificate across multiple Edge servers but Acano does NOT recommend it.
4.11 Security
If security is paramount, then consider the following. Details are provided in the Deployment guides. User access control
Common Access Cards (CAC)
Online Certificate Status Protocol (OCSP)
FIPS
TLS certificate validation with MMP
commands
DSCP
4.12 Port requirements
Appendix B of the Deployment guides shows the required ports between each component of the Acano solution and between them and external components.
4.13 Acano Manager requirements
There are no additional requirements for this Acano server to be monitored by Acano Manager. Acano Manager must be deployed on a separate server; see the specification in the Acano Manager Installation Guide.
4.14 DNS record requirements
You require a DNS server. Verify that no A or SRV records already exist for any Acano host server before defining the records in Table 3 on this server.
4.15 Summary of server requirements
2 or more Acano X Series servers, 2 or
more VM hosts or a combination of X
Series servers and VM hosts.
1 Syslog server
More than one NTP server
1 LDAP server (if using Acano clients)
1 CDR receiver (Acano Manager if you are
using it)
1 web server for customization assets
(optional)
1 DNS server
An Acano Manager server for each Call
Bridge that you want to manage
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 14
Table 3 Required DNS records: resilient/scalable (multiple) server deployment
Type Example Resolves to Resilience considerations Description
SRV(*) _xmpp-client._tcp.example.com The A record xmpp.example.com below. Usually this is port 5222.
One SRV record can be created for each XMPP server/Load Balancer such that multiple results are returned in response to a DNS lookup. Clients choose a destination for XMPP traffic based on the priority and weight information
Used by clients to login. The SRV record must correspond to the domain used in your XMPP usernames
SRV(*) _xmpp-server._tcp.example.com
The A record xmpp.example.com below. Usually this is port 5269
One SRV record can be created for each XMPP server/Load Balancer such that multiple results are returned in response to a DNS lookup. Clients choose a destination for XMPP traffic based on the priority and weight information
Used to federate between XMPP servers. The SRV record must correspond to the domain used in your XMPP usernames
A xmpp.example.com IP address of either the XMPP server or a Load Balancer which is configured to trunk to the XMPP server.
One A record per XMPP server or Load Balancer
A / AAAA
join.example.com IP address of Web Bridge
One A and/or AAAA record per Web Bridge. The decision on which Web Bridge your browser uses is made by your web browser. Normally the choice is random
This record is not used by the Acano solution directly; however, it is common practice to provide an end user with an FQDN to type into the browser which resolves to the Web Bridge. There is no restriction or requirement on the format of this record.
A / AAAA
ukedges.example.com
nyedges.example.com
IP addresses of any local Load Balancers
Each Core server in a given datacenter should trunk to only the Edge servers within that datacenter. In our example, ukedges.example.com would return the IP address of all Load Balancers within the UK datacenter
Used in split deployments only by the Core server to create a trunk to a Load Balancer running on the Edge server
A / AAAA
ukcore1.example.com
nycore1.example.com
IP address of the Call Bridge
One record per Call Bridge. Each Call Bridge must have a unique FQDN
Used by the Lync FE server to contact the Call Bridge
A / ukcore1admin.example.com IP address of the MMP One record per Web Admin Interface. Each MMP This record it is used
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 15
Type Example Resolves to Resilience considerations Description
AAAA ukedge1admin.example.com
nycore1admin.example.com
interface interface must have a unique FQDN purely for admin purposes; when system administrators prefer a FQDN to remember for each MMP interface
SRV(*) _sipinternaltls._tcp.fe.lync-domain.com
The A record of the Lync FE server or FE Pool
If you have an FE pool, you can have multiple FE records pointing to individual FE servers within the pool
A / AAAA
fe.lync-domain.com IP address of the Lync FE server
You will need one record for each individual FE server
(*) SRV records do not resolve directly to IP addresses. You need to create associated A or AAAA name records in order to satisfy the SRV requirements
Acano solution: Deployment Planning & Preparation Guide 76-1051-01-E Page 16
© 2015 Acano (UK) Ltd. All rights reserved. This document is provided for information purposes only and its contents are subject to change without notice. This document may not be reproduced or transmitted in any form or by any means, for any purpose other than the recipient’s personal use, without our prior written permission.
Acano is a trademark of Acano (UK) Ltd. Other names may be trademarks of their respective owners.