Architecting an IBM Sametime 9.0 Audio/Visual deployment 12-11-2013
Tony Payne | Senior Software Engineer – Sametime IBM Collaboration Solutions
Powered by IBM SmartCloud Meetings
© 2013 IBM Corporation
Agenda ■ ■ ■ ■ ■ ■ ■ ■ ■ ■
Getting Started Components Extending Media Services Clustering WAS Proxy Farm Model for VMGR Installation and planning Deployment models Resource Links Q&A
2 |
© 2013 IBM Corporation
Getting Started ■
My goal for you by the end of this open mic ─ Understand what each piece of a Sametime 9 Media Deployment is ─ Understand how they work together to provide media services to the end user ─ Understand high level architectural concepts such as how 'clustering' affects the channels
|
© 2013 IBM Corporation
Getting Started ■
Things you should be asking before you even get started architecting for your customer ─ number of users ─ number of actual users ─ Types of clients ─ NAT requirements? ─ external access? ─ Firewalls? ─ redundancy requirements? ─ access to LDAP? ─ Got TLS? ─ do any of the machines have multiple Ips/NICs? ─ do any of the machines have multiple Ips/NICs? ─ type of loadbalancers in customer environment
|
© 2013 IBM Corporation
Getting Started ■
Things to remember ─ No clustering over a WAN ─ SIP Proxies and Loadbalancers must be on same subnet ─ Don't try to 'save equipment' by doubling up things –
It will cost more in the end.
|
© 2013 IBM Corporation
First up – the Components ■
SIP Proxy and Registrar ─ Manages location services and forwards SIP messages to their destinations. The SIP Proxy/Registrar maintains the registry between all users and their location, and maintains the registration of conferences. The SIP Proxy/Registrar routes all SIP messages inside Sametime. Every voice or video message to a user goes through the SIP Proxy/Registrar. The following components component know to consult the registrar: Sametime Media Manager, SIP-based calling, and Sametime Unified Telephony. It requires access to LDAP.
■
Conference Manager ─ Administers all conferences, including point-to-point and multipoint. The Conference Manager works with the client to establish a SIP session for the call. It also hosts the internal Telephony Conferencing Service Provider Interface (TCSPI) adapter and an optional external TCSPI adapter. The TCSPI integrates with the Video MCUs and bridges. The Conference Manager works with the client to establish the SIP session for the call. The Conference Manager manages the state of audio and video calls. All audio and video features, both one-to-one A/V chat and multi-way A/V chats, depend on this component.
6 |
© 2013 IBM Corporation
First up – the Components ■
Video Manager (VMGR) ─ Distributes audio and video communications among the servers within a Sametime® deployment according to routing rules that you define. The Video Manager manages the scaling and distribution of audio and video conferences, through MCU pools and cascading. It also manages attributes for conferences, such as maximum line-rate, and the following tasks: –
Multi-way audio and video conferencing (requires Sametime Conferencing)
–
Multimedia transport and bandwidth control
–
Call server routing based on dial plan
–
Creates meeting rooms based on template
─ The Video Manager uses the 'farm model' – more on this in a minute ■
Video MCU (Multipoint Control Unit) ─ Serves as the focal point for audio calls by connecting multiple users to a single conference. The Video MCU enables multi-way, audio and video conferences with continuous presence and multiple client layouts. It serves as a switch for scalable audio- and video-streams, delivering to different clients the streams that have been requested. It's not used for one-to-one sessions. This server cannot be clustered, but you can have multiple servers with a load balancer in front. –
The load balancer in this case is the VMGR
7 |
© 2013 IBM Corporation
Extending Media Services ■
We need to enable External clients for ─ NAT Traversal ─ Firewall Traversal ─ SIP Registration
■
We do this thru deploying ─ Sametime TURN Server ─ Sametime SIP EDGE Proxy
■
How do web client users get Media Services? ─ When you enable the Meeting Services for awareness thru STProxy ─ The STProxy server provides the “web av” client plugin to the end user –
IF awareness is working
–
AND a conference Manager has connected to the Community Server the user is connected to (thru STproxy)
8 |
© 2013 IBM Corporation
Extending Media Services – Turn Server ■
The IBM® Sametime® TURN Server enables Sametime clients to send audio and video communications across a NAT (Network Address Translator) or firewall when direct peer-to-peer communications are not possible. –
In earlier releases, this feature was called the Sametime Reflector.
–
Traversal Using Relay NAT
■
If either or both of the clients is situated behind a NAT or a firewall and a peer-to-peer multimedia session cannot be established, the clients will utilize the Sametime TURN Server to relay the media.
■
Network considerations ─ TCP or UDP 3478 must be open to all clients ─ RTP ports must be open between the TURN server and the VMCU(s)
■
The TURN server can be installed on its own computer or on a computer shared with another service. The only requirement is that you reserve port 3478 for connecting with the clients.
■
The TURN Server cannot be clustered ─ for high availability, you can deploy multiple TURN servers behind a loadbalancer.
9 |
© 2013 IBM Corporation
Extending Media Services – Turn Server ■
New to Sametime 9 ─ TURN must have direct access to the VMCU due to limitation in ICE support for the VMCU. –
This may mean a change in 'where' you deploy TURN for an extranet deployment
–
Intranet internet client p2p will happen via TURN
–
For Intranet Clients to connect to VMCU directly we need to have a DNS entry to resolve the TURN server hostname to 0.0.0.0 for intranet clients.
–
For Internet Clients TURN would resolve to the proper IP address.
10 |
© 2013 IBM Corporation
Extending Media Services - SIP EDGE Proxy ■
The Lotus SIP Edge proxy server connects external clients to the Sametime SIP Proxy and Registrar. ─ Both external and internal clients receive a host name for the SIP Proxy/Registrar. ─ For internal clients, this host name should resolve to the IP address of the SIP Proxy and Registrar deployed in the corporate intranet, enabling internal clients to connect directly. ─ For external clients, the host name should resolve to the IP address of the SIP Edge proxy deployed in the DMZ. ─ Use a split-horizon DNS to provide these different sets of DNS information to clients based on the source address of the DNS request.
■
Network considerations ─ Clients connect to it over the SIP/SIPS ports ─ It connects to the internal SIP Proxy Registrar over the SIP/SIPS
■
Deployment ─ This will deploy as a standalone cell in your DMZ ─ This is clusterable, and follows the same rules as for clustering the internal SIP Proxy Registrar 11 |
© 2013 IBM Corporation
ST -9 High Level Diagram VP
Sametime Server
HTTP
Meeting server
SIP
Room System *
Proxy/Registrar SIP
Sametime Connect Client
Conference Manager Internal TCSPI Adapter
External TCSPI Adapter
Externa l Bridge*
SIP TCSPI
SIP REST
Video Manager TURN Server
Media
SIP
XML
VideoVideo MCU MCU Video MCU |
© 2013 IBM Corporation
Let me break that down for you ■
The Conference Focus registers with the Proxy Registrar and initiates communications with the servers in the Community Cluster ─ This is what causes the green phone icon to light up – not only has the Conference Focus established communication with the Community – but it also has information on what Media Services are available. –
If you are getting mixed results – it could be because the Conference Focus cannot talk to all of the Community servers – OR because the PR information being sent is inconsistent.
─ One key piece of information that the Conference Focus shares with the Community is the address of the Proxy Registrar
■
–
This is why in an external deployment with the SIP Edge Proxy that the hostname of the PR be in DNS correctly
–
In the web client – this information comes thru the Sametime Proxy.
When a client requests media services ─ All of the SIP signaling flows thru the Proxy Registrar to the rest of the components (and back) ─ Once the Conference Focus determines what services are needed –
The TURN server is consulted by the client(s)
–
P2P clients establish connectivity with each other (or thru TURN if required)
–
N-way services are established thru the appropriate VMGR and VMCU |
© 2013 IBM Corporation
Clustering concepts ■
Typically you cluster servers for ─ Application management ─ High availability, fail over and scalability
■
As soon as you cluster Sametime Media Manager components, a WAS SIP Proxy is required ─ Only one WAS SIP Proxy on any given node
■
Never cluster the WAS HTTP or SIP Proxies! ─ If you have multiple, you must configure a loadbalancer to front end them
■
Clustering across the WAN is not supported
■
Even a 'cluster of one' requires a WAS SIP Proxy in front of it
■
A single Video Manager can manage multiple Video MCU nodes
■
You can cluster the Video Manager behind any IP Sprayer ─ It ships with its own 'load balancer' component
■
ALWAYS PLAN FOR CLUSTERING ─ If you architect for it at the beginning of the process, it will be easier In the long run 14 |
© 2013 IBM Corporation
How a WAS Proxy determines routing ■
Important to understand when using a WAS Proxy to jump a firewall
■
The DCS_UNICAST_ADDRESS is the primary channel ─ When DCS reports a server is up – the WAS Proxy adds it to the pool ─ When DCS reports a server is down – the WAS Proxy removes it from the pool ─ If there are no available servers to route the URI – a 503 is returned to the client
■
A WAS SIP Proxy is tied to a Specific Cluster for SIP routing
■
When using a WAS Proxy the end user connect to the following ports –
PROXY_HTTP_ADDRESS
–
PROXY_HTTPS_ADDRESS
–
PROXY_SIP_ADDRESS
–
PROXY_SIPS_ADDRESS
─ And the WAS Proxy then routes the request to the appropriate back end server(s) WebContainer or SIP ports ■
A WAS proxy can be on the same node as other application servers ─ In a SIP environment –
Only one WAS SIP Proxy per node 15 |
© 2013 IBM Corporation
Architecture Overview for VMGR Farm Model
Load Balanced cluster is fronted by IP Sprayer.
VMGR Load Balancer is aware of each VMGR node and returns least loaded VMGR node.
Load Balancer maintains a mapping of VMR and host name of the DMA node.
• •
All the http and SIP communication goes through IP Sprayer. IP Sprayer selects a random LB.
Each subsequent calls to a VMGR is intercepted by the LB. LB checks the mapping of VMR and VMGR host node and redirects the call to the selected VMGR node.
Any Third Party IP Sprayer which is HTTP and SIP Complaint. Configure IP Sprayer to front end LB-VMGR Cluster. Default Ports for LB are •
HTTPS – 7443
•
SIP – 5080/5081
•
Configure SSL between IPSprayer and CF.
The VMCU is not 'clustered'
You install multiple and register them with their respective VMGR
VMGR takes care of picking/routing clients to the respective VMCU
|
© 2013 IBM Corporation
MCU Types and System Requirements IMPORTANT – If hyper threading is disabled, then the numbers of cores should be doubled!
Type Demo
Configuration 4 CPU Cores and 8 GB 1 GBIT network interface, and with access to at least 10% network capacity i.e. 2690 CPU with 4 physical cores
Low
High
8 CPU cores and 8 GB 1 GBIT network interface, and with access to at least 20% network capacity i.e. 2690 CPU with 8 physical cores 16 CPU cores and 16 GB 1 GBIT network interface, and with access to at least 30% network capacity i.e. 2690 CPU with 16 physical cores |
© 2013 IBM Corporation
Capacity per MCU type and participant type ST 9 clients capacity
Type of port
Type
100 50 25 10 400 200 100 40 2000
Audio only CIF SD HD 720 Audio only CIF SD HD 720 Audio only
Demo 4 CPU Cores and 8 GB
1000
CIF
500
SD
200
HD 720
Low 8 CPU Cores and 8 GB
High 16 CPU Cores and 16 GB
|
© 2013 IBM Corporation
Farm Model for VMGR
|
© 2013 IBM Corporation
Installation and Planning ■
Due to interdependencies among Media Manager components, you must create deployment plans and install servers in the required sequence. ─ Order is slightly different depending on which deployment model you are following
■
Be sure to follow all of the linux steps for VMGR and VMCU ─ Requiretty ─ Sudo access ─ Install Required RPMs – http://www-01.ibm.com/support/docview.wss? rs=0&context=SSCKJBV&uid=swg21649532&loc=en_US&cs=utf-8&lang=
■
After Installation – startup order is important on VMGR ─ Start solidDB then start vmgr server
■
Most common problem for video manager installations seems to be the registration and creation of default template and SIP Peer ─ http://www-10.lotus.com/ldd/stwiki.nsf/xpDocViewer.xsp? lookupName=Administering+Sametime+9.0+documentation#action=openDocument&r es_title=Troubleshooting_a_Sametime_Media_Manager_Video_Manager_installation_ st9&content=pdcontent | © 2013 IBM Corporation
Installation and Planning ■
PR and CF installed separately ─ Create PR plan ─ Create VMGR plan ─ Create CF plan ─ Create MCU plan ─ Install PR ─ Install VMGR ─ Install CF ─ Install MCU
■
PR and CF installed together ─ Create VMGR plan ─ Create PRCF plan ─ Create MCU plan ─ Install VMGR ─ Install PRCF ─ Install MCU
|
© 2013 IBM Corporation
Deployment Models ■ ■ ■ ■ ■ ■ ■
'all in one deployment' Basic Media Deployment Media traffic flow – Extranet Alternate Media Traffic flow – Extranet A cluster of SIP Components in WAS Cluster of SIP Components in WAS Behind a Loadbalancer Farm Model for VMGR
|
© 2013 IBM Corporation
'all in one deployment'
|
© 2013 IBM Corporation
Basic Media traffic flow – Extranet
|
© 2013 IBM Corporation
Alternate Media Flow – Extranet
|
© 2013 IBM Corporation
Basic Media Deployment
|
© 2013 IBM Corporation
SIP Cluster in WAS
|
© 2013 IBM Corporation
SIP Cluster Behind LoadBalancer
|
© 2013 IBM Corporation
Farm Model for VMGR
|
© 2013 IBM Corporation
Resource Links ■
IBM Sametime page on Support site: https://ibm.biz/BdRinz
■
Installation issues if Media Manager components are not planned and installed in required order: https://ibm.biz/BdRin2
■
Sametime Video Manager server components must be started and stopped in correct sequence: https://ibm.biz/BdRinY
■
Latest Hotfix available for Sametime Media Manager: https://ibm.biz/BdRinZ
■
Fix readme: "Sametime 9.0 Hot Fix 1" https://ibm.biz/BdRsbi
■
Documentation: "Administering Sametime 9.0 documentation" https://ibm.biz/BdRsbv
■
Upgrade Central: "Plan your upgrade to IBM Sametime 9.0 and Sametime Unified Telephony 9.0" https://ibm.biz/BdRsbK
■
Preventive service planning: "Sametime 8.5.2.x Migration to Sametime 9" https://ibm.biz/BdRsbf
30 |
© 2013 IBM Corporation
Press *1 on your telephone to ask a question.
Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/BdxqB2
IBM Collaboration Solutions Support page http://www.facebook.com/IBMLotusSupport
IBM Collaboration Solutions Support http://twitter.com/IBM_ICSSupport 31 |
© 2013 IBM Corporation
