Open Mic Webcast Jumpstarting Audio- Video Deployments Tony Payne March 9, 2016
Agenda The Challenges of Audio and Video Architecture Bill of Materials Component Descriptions Deployment Sample Deployment Scenarios Best Practices Downloads and Documentation 2
The Challenges of Audio and Video Must be perfect every time! Every aberration noticeable, and can affect conversation Users have very low tolerance for problems Many servers Different requirements and clustering models Greatly complicates deployment Many protocols Zero tolerance for network issues, such as latency and jitter Firewalls can be a nightmare 3
Bill of Materials Type Component Required? AV Dependencies AV Services (Media Manager, etc.) System Console Community Server Sametime Proxy Meeting Server Conference Manager SIP Proxy / Registrar Video Manager Video MCU Bandwidth Manager SIP Edge Proxy TURN Server Yes Yes For Web Clients For Meetings (duh!) Yes Yes For Multipoint Video For Multipoint Video No For Firewall Traversal For Firewall Traversal 4
Sametime System Console Acts as the Deployment Manager for the entire deployment Centralizes WebSphere, Sametime, and Policy management Guided Activities to Plan LDAP and DB2 prerequisites Deployments of each product component Clustering of each product component Deployment plans are validated to ensure that the installations will be successful Will not let plans proceed if prerequisite conditions are not met Visually see status of deployments and version information 5
Sametime Community Server Provides presence and chat services to all Sametime components and applications Communication with the Sametime Community Server is performed using the VP (Virtual Places) protocol Places, a multi-user session service, are used in all audio/video calls The Community Server is required for Sametime Meetings only if audio/video or awareness are to be enabled The Community Server is always required for audio/video Both meetings and ad hoc calling 6
Sametime Proxy Server Provides an HTTP REST front end for Presence and IM Services Includes some other services such as Third Party Call Control, policy access, etc. Used by the Sametime web client and mobile clients Includes an SDK for building web applications that consume these services JavaScript libraries User Interface level libraries (e.g. windows, menus, etc.) Semantic level libraries, to access services from within a different user experience REST APIs are well documented to allow alternate client implementations This is how the mobile clients were built to be compatible APIs are quite stable 7
Sametime Meeting Server Provides the expected set of services Document sharing Upload documents, and they are converted into slides for distribution Application sharing Grab all or a portion of your screen, and share it with everyone else. This includes allowing a remote participant to take control Screen capture To easily share a single screen shot Participant list, polling, hand raise, etc. Miscellaneous services Leverages additional back-end services, as needed Document Conversion Recording Capture Recording Render 8
AV Services (Media Manager, etc.) 2016 IBM Corporation 9
Conference Manager Poorly named, this server participates in the routing of ALL calls To make it worse, this component is often referred to as the Conference Focus Sametime uses a Third Party Call Control (TPCC) model Allows us to control calls to devices other than our client, sometimes not even SIP! TPCC messages flow over the VP protocol Clients ask the Conference Manager to create calls on their behalf Conference Manager initiates a call by sending an INVITE (empty SDP) to the client Hosts the Telephony Conferencing Service Provider Interface (TCSPI) Java adapters that implement the TPCC to control bridges and PBXs 10
SIP Proxy / Registrar Forwards SIP messages to their destinations Maintains a registry mapping users to their current location (route) Active conferences are registered as well Requires access to LDAP for authentication Configurable Dial Plan Calls can be routed based on rules matched via regular expressions Trunks associated with rules can be secured via certificates, etc. Supports insertion of Back-to-Back User Agents (B2BUA) Source based routing rules ensure proper routing 11
Video Manager (VMGR) Fronted by a Built-in Load Balancer Routes both API requests and SIP messages to the correct instance of VMGR based on Virtual Meeting Room (VMR) ID Assigns new VMRs to the least loaded VMGR when first started Manages pools of Video MCUs Assigns a VMR to the least loaded VMCU when it starts, and routes all subsequent traffic to that VMCU All SIP traffic flows through the VMGR to get to the VMCU; media traffic does not Pools can span geographies, and the VMGR can assign a VMR to a local VMCU based on the geographic location of the moderator Manages all characteristics of each video conference Maximum line rate, codecs, etc. 12
Video MCU (VMCU) Handles all voice and video streams during a conference Each user has a Virtual Meeting Room (VMR) provisioned in advance that includes settings appropriate for that user Based on H.264 SVC Use of layered media means that no transcoding is necessary VMCU routes layers within a stream based on what a client device requests Also supports Scalable Audio Coding (SAC) This is the audio equivalent to SVC VMCU sends high resolution audio for active speaker, and low resolution for background speakers Supports interoperability with H.264 AVC by sending SVC base layer 13
Video MCU Planning Type Demo Low High Configuration 4 CPU Cores and 8 GB 1 GBIT network interface, and with access to at least 10% network capacity i.e. 2690 CPU with 4 physical cores (8 logical) 8 CPU cores and 8 GB 1 GBIT network interface, and with access to at least 20% network capacity i.e. 2690 CPU with 8 physical cores (16 logical) 16 CPU cores and 16 GB 1 GBIT network interface, and with access to at least 30% network capacity i.e. 2690 CPU with 16 physical cores (32 logical) 14
VMCU Capacity by client type Type Type of Port ST 9 Client Capacity Demo 4 CPU Cores and 8 GB Low 8 CPU Cores and 8 GB High 16 CPU Cores and 16 GB Audio Only 100 CIF 50 SD 25 HD (720p) 10 Audio Only 400 CIF 200 SD 100 HD (720p) 40 Audio Only 2000 CIF 1000 SD 500 HD (720p) 200 15
Bandwidth Manager (BWM) Acts as a SIP Back-to-Back User Agent (B2BUA) Looks at all call signaling within a Sametime community, and modifies or rejects it as needed to ensure that bandwidth utilization stays within acceptable levels Understands target network, based on Sites and Links Sites define a Local Area Network Links define the connections between them Administrator dictates how much bandwidth can be used Both within each Site, and on each Link BWM determines Sites and Links based on the IP addresses of the clients that are participating in a call User-based policies control access to available bandwidth 16
SIP Edge Proxy Forwards all SIP messages to a SIP Proxy / Registrar behind the firewall Intended to sit at the edge of the network, most likely in the DMZ Supports connectivity from Extranet users without requiring a VPN All clients (internal and external) use the same host name to connect to the SIP Proxy / Registrar Use split-horizon DNS to provide a different IP address for that host name based on the source address of the DNS request Does not authenticate or authorize client traffic Simply acts as a two-way proxy that remembers which connection maps to which client 17
Sametime TURN Server Traversal Using Relay NAT Acts as a media relay for firewall traversal If either or both of the clients are situated behind a firewall, and a peer-to-peer media session cannot be established, the clients will use the TURN Server to relay the media On the client side it supports both UDP and TCP Far side support only UDP Built as a Java application 18
Deployment 2016 IBM Corporation 19
Sametime Media Manager Basic 20
Sametime Media Manager Extranet 21
Sametime Media Manager Clustered 22
Video Control Routing 23
Best Practices 2016 IBM Corporation 24
Ready to deploy? Download needed software Install DB2 Install SSC Create Deployment plans LDAP Community Media Manager Components Install the Components Post Install Configuration steps 25
Before Deployment Carefully consider your user base Does it include Mobile users? External users? What will be their primary client? Will you need TURN? Consider your Network Security requirements Will it be easy to request rules thru the DMZ firewall to internal or just put the equipment in the DMZ and open outbound? Telephony Considerations (aka SUT Lite) Will users be calling to/from your telephone or video infrastructures? If so, start talks and requirement gathering with your telephony and video admins! 26
Before Deployment (continued) Check your LDAP Server Got mail? Got telephonenumber? Access from all the needed servers? What is your expected concurrency? How many users will be on audio/video at a time? How many users will be on audio-only at a time? Choose the correct type and number of AV servers TechLine can help with this Talk to your Linux admins about the VMGR and VMCU requirements 27
Before Deployment (continued) If deploying a SIP Edge server or TURN Now is the time to plan for hostnames and get them in DNS If doing TLS, plan on the needed certificate updates, especially if getting them from a third party provider If planning for an HA (clustered environment) Start talking to your Load Balancer admins now! Decide now if you're going to cluster - splitting CF and PR is easy at this point, harder once you're in production 28
Security Considerations Session Initiation Protocol (SIP or SIPS) SIP (over TCP) is unsecure No authentication of end users @ SIP level Users are asserted valid by other connections Sometimes required when working with third party TCSPI adapters SIPS (over TLS) is secure and encrypted Users are authenticated via LTPA There is support for 'guest' authentication Real-time Transport Protocol (RTP or SRTP) This refers to the encryption of the media streams and is controlled by Policy Sametime defaults to secure (SIPS/SRTP) Changing to unsecure is a post-install step 29
Installation Planning and Deployment Sequence Due to interdependencies among Media Manager components, you must create deployment plans and install servers in the required sequence. Order is slightly different depending on which deployment model you are following Be sure to follow all of the Linux steps for VMGR and VMCU Requiretty Sudo and Root access Install Required RPMs After Installation startup order is important on VMGR Start soliddb then start VMGR server 30
Installation Planning and Deployment Sequence Separate SIP Proxy/Registrar and Conference Manager Proxy Registrar Video Manager Conference Manager Video MCU Combined SIP Proxy/Registrar and Conference Manager Video Manager SIP Proxy Registrar/Conference Manager Video MCU 31
During Deployment Validate as you build, especially in the larger, more complex builds We presented an Open Mic session last year on this - doing another one later this year! Validate Awareness in browser based meetings! If no awareness, no AV services Don't forget all the steps that are needed SSO/LTPA Configuration Certificate exchanges Adding the required trusted IPs 32
During Deployment (continued) VMGR Don't forget that soliddb must be started before you start the STMediaServer Validate hostname is what you think it is! VMCU Follow the install technotes to the letter The order of RPM installs is critical Don't assume anything. 33
Initial Validation Use the SSC UI to confirm registration of Conference Manager and Users Sametime System Console - Sametime Servers -> SIP Proxies and Registrars -> Registered Bindings If CF registered, but no users are listed Check CF access to Community Check Hostnames and FW ports are open between users and PR Check Policy has been set properly 34
Initial Validation (continued) Test 1x1 calls first If these don't work, good chance n-way will not as well Test Meeting Room AV or adding a user to an existing 1x1 call Make sure all 'internal' functions work as expected BEFORE you move on to external access. Most External issues boil down to three things Plugin issues in the browser PR address and port not accessible to the user (Network, FW) TURN not accessible (DNS, FW) Media Ports being blocked 35
Software Downloads - PreRequisites http://www.ibm.com/support/docview.wss?uid=swg24035249 DB2 10.1 Websphere 8.5.5.0 Websphere 8.5.5 FP 5 http://www.ibm.com/support/docview.wss?uid=swg24039425 Installation Manager 1.8.3 http://www.ibm.com/support/docview.wss?uid=swg21688304 Domino 9.01 http://www.ibm.com/support/docview.wss?uid=swg24035441 Domino 9.0.1 FP4 http://www.ibm.com/support/docview.wss?uid=swg24037141 36
Software Downloads The Components Use FixCentral link to get the latest releases http://goo.gl/tkrved Sametime System Console 9001-ST-SSC-FP-AGAR-9RHDHN (Febuary 2015) Community Server 9001-ST-Community-FP-9.0-AAZI-9RGLXV (Febuary 2015) Media Manager 9001-ST-Media-FP-SGHH-9ZK9MK (August 2015) Video MCU 9001-ST-Media-FP-SPIR-9ZTF3Z (August 2015) 37
Sametime Video MCU Installation InfoCenter Link http://www.ibm.com/support/knowledgecenter/ssktxq_9.0.0/admin/install/inst_a v_inst_run_vmcu.dita Installation Requirements and Tips http://www.ibm.com/support/docview.wss?uid=swg21964890 Required RPMs http://www.ibm.com/support/docview.wss?uid=swg21650340 38
Questions Press *1 on your telephone to ask a question. Visit our Support Technical Exchange page or our Facebook page for details on future events. To help shape the future of IBM software, take this quality survey and share your opinion of IBM software used within your organization: https://ibm.biz/bdxqb2 IBM Collaboration Solutions Support page http:// IBM Collaboration Solutions Support www.facebook.com/ibmlotussupport 2016 IBM Corporation http://twitter.com/ibm_icssupport 39