Cisco Unified MeetingPlace Express, Release 2.x -- How to Configure Segmented Meeting Access (SMA)

From DocWiki

Jump to: navigation, search

Main page: Cisco Unified MeetingPlace Express, Release 2.x


Contents

Purpose of SMA

Segmented meeting access, also called SMA, allows the optional deployment of a second server in a DMZ to provide a complete separation between internal and external web meetings. SMA provides a more secure option than doing all web conferencing via service providers.


Note: Voice and video meetings continue to be hosted on a single server behind a corporate firewall.


The purpose of SMA is to divide meetings into separately-accessible segments to improve security and to allow users outside the corporate firewall to access the web collaboration feature of Cisco Unified MeetingPlace Express. Only limited access is allowed for users outside the corporate firewall. External users connect to Cisco Unified MeetingPlace Express via the User Web Lite module. The User Web Lite runs on a secondary (external) server that is outside the corporate firewall. The secondary server communicates with the primary (or internal) server to execute the requested actions. The internal server provides web services that the external server is allowed to use through a secure, remotely forwarded port. Reservationless meetings are always automatically hosted on the secondary server when SMA is enabled.


The meeting scheduler decides if the web meeting is internal or external when scheduling the meeting.


After you install the secondary server, only minimal configuration and maintenance is required. All administrative tasks for the secondary server are performed on the primary server.


Port Configuration for SMA

Complete port information for the Cisco Unified MeetingPlace Express system is in the Setting Up Firewalls and Port Configuration Settings section. The following table contains additional information.

Firewall Port Configuration

Between Intranet and DMZ


Outgoing 22 to DMZ for system communication


Outgoing 4443 to DMZ for system communication


Outgoing 80, 1935 (443 if SSL is used) for end users accessing the secondary server from the Intranet


Between DMZ and Internet


Incoming 80 for end users accessing the secondary server from the Internet via HTTP


Incoming 1935 (Optional, but recommended for more efficient web performance)


Incoming 443 for end users accessing the secondary server from the Internet via HTTPS




Enabling and Disabling SMA

By default, SMA is disabled on the Cisco Unified MeetingPlace Express system. We recommend that you disable SMA before you troubleshoot the system or before you upgrade your system.


Restrictions
  • You can disable the SMA link between the primary server and a secondary server at any time. However, for security reasons, you can only enable the SMA link between the primary server and a secondary server if the secondary server is freshly installed. The primary server can use the enable and disable functions to connect to or disconnect from several different secondary servers, but the primary server can connect to secondary servers only if those secondary servers are freshly installed.


Before You Begin
  • You must have Cisco Unified MeetingPlace Express installed on the primary server.
  • You must have Cisco Unified MeetingPlace Express installed on the secondary server. During the installation, choose Secondary (External) Server. Before you install Cisco Unified MeetingPlace Express on the secondary server, disable SMA on the primary server.
  • You must install the secondaryservers license on the primary server or else the SMA configuration pages will not be available.
  • You must know the name of the secondary server and the password for the mpxadmin user on that server.


Procedure
  1. Log in to Cisco Unified MeetingPlace Express and click Administration.
  2. Click System Configuration > SMA Configuration > SMA Host Configuration.
  3. Enter values in the fields.
  4. Click Enable SMA.
  5. To test that this configuration works, click Test Connection. The system displays four success messages.
  6. To disable SMA, click Disable SMA.
    Note: After disabling SMA, you must reinstall Cisco Unified MeetingPlace Express on the secondary server before you can enable SMA again.


Troubleshooting Tips
  • It can take up to a minute to establish the link between the primary and the secondary servers. If you get a message about services not being available, try again after a minute.
  • Test that the SMA is working correctly by scheduling and attending a reservationless meeting on the secondary server.
  • Test that you can access a web meeting on the secondary server from the Internet (non-VPN) and not through the internal network.


Related Topics


Configuring SSL for the Secondary Server

SSL does not need to be enabled for SMA to work; however, you can enable and disable SSL on each server. You configure SSL for the secondary server on the SMA Certificate Management pages of the primary server. These pages are very similar to the pages where you configure SSL for the primary server.


Prerequisites
  • You must have enabled SMA on both the primary and the secondary servers.


Procedure
  1. Log in to Cisco Unified MeetingPlace Express on the primary server and click Administration.
  2. Click System Configuration > SMA Configuration > SMA Certificate Management.
  3. Depending on what you need to do, follow the directions below:
To do this for the secondary server: See this procedure:

Generate CSRs

Generating Certificate Signing Requests (CSRs) and Obtaining Certificates

Enable SSL

Uploading Certificates and Enabling SSL

Disable SSL

Disabling SSL

Display a certificate

Displaying the Contents of a Certificate

Back up and restore the SSL configuration

Backing Up and Restoring the SSL Configuration

Rating: 0.0/5 (0 votes cast)

Personal tools