MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
JS-1659 Jump Starting your Sametime Audio Video Deployment Pat Galvin, IBM Tony Payne, IBM
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Please Note: • IBM’s statements regarding its plans, directions, and intent are subject to change or withdrawal without notice at IBM’s
sole discretion.
• Information regarding potential future products is intended to outline our general product direction and it should not be relied on in making a purchasing decision.
• The information mentioned regarding potential future products is not a commitment, promise, or legal obligation to deliver any material, code or functionality. Information about potential future products may not be incorporated into any contract.
• The development, release, and timing of any future features or functionality described for our products remains at our sole discretion.
• Performance is based on measurements and projections using standard IBM benchmarks in a controlled environment. The actual throughput or performance that any user will experience will vary depending upon many factors, including considerations such as the amount of multiprogramming in the user’s job stream, the I/O configuration, the storage configuration, and the workload processed. Therefore, no assurance can be given that an individual user will achieve results similar to those stated here.
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Agenda • The Challenges of Audio and Video
• Architecture ! Sametime Reference Architecture
! Bill of Materials
! Component Descriptions
• Deployment ! Sample Deployment Scenarios
! Best Practices
! Downloads and Documentation
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
The Challenges of Audio and Video • Must be perfect every time!
! Every aberration noticeable, and can affect conversation
! Users have very low tolerance for problems
• Many servers ! Different requirements and clustering models
! Greatly complicates deployment
• Many protocols ! Zero tolerance for network issues, such as latency and jitter
! Firewalls can be a nightmare
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
Architecture
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Edge Services
Meeting Services
Presence / IM Services
Legend
Unified Telephony AV Services
Sametime Proxy
Conference Manager
Sametime Gateway
Video Manager
Video MCU
Conversion Server
Capture Server
Render Server
System Console
TURN Server
SIP Edge Proxy
Telephony Application Server
Telephony Control Server
Bandwidth Manager
SIP Proxy / Registrar
External Telephony
and Video
Systems
Database
Directory
Sametime
Dependency
External Chat Communities
Not all connections are shown
Community Server
Meeting Server
HTTP Reverse Proxy
Advanced Server
Same%me 9.0 Reference Architecture
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
AV Services
Edge Services
Meeting Services
Presence / IM Services
Legend
Unified Telephony
Sametime Proxy
Conference Manager
Sametime Gateway
Video Manager
Video MCU
Conversion Server
Capture Server
Render Server
System Console
TURN Server
SIP Edge Proxy
Telephony Application Server
Telephony Control Server
Bandwidth Manager
SIP Proxy / Registrar
External Telephony
and Video
Systems
Database
Directory
Sametime
Dependency
External Chat Communities
Not all connections are shown
Community Server
Meeting Server
HTTP Reverse Proxy
Advanced Server
Same%me 9.0 Reference Architecture
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Bill of Materials Type Component Required?
AV Dependencies
System Console Yes
Community Server Yes
Sametime Proxy For Web Clients
Meeting Server For Meetings (duh!)
AV Services (Media Manager, etc.)
Conference Manager Yes
SIP Proxy / Registrar Yes
Video Manager For Multipoint Video
Video MCU For Multipoint Video
Bandwidth Manager No
SIP Edge Proxy For Firewall Traversal
TURN Server For Firewall Traversal
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
AV Dependencies
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime System Console • Acts as the Deployment Manager for the entire deployment
! Centralizes WebSphere, Sametime, and Policy management
• Guided Activities to Plan ! LDAP and DB2 prerequisites
! Deployments of each product component
! Clustering of each product component
• Deployment plans are validated to ensure that the installations will be successful ! Will not let plans proceed if prerequisite conditions are not met
! Visually see status of deployments and version information
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Community Server • Provides presence and chat services to all Sametime components
and applications ! Communication with the Sametime Community Server is performed
using the VP (Virtual Places) protocol
! Places, a multi-user session service, are used in all audio/video calls
• The Community Server is required for Sametime Meetings only if audio/video or awareness are to be enabled
• The Community Server is always required for audio/video ! Both meetings and ad hoc calling
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Proxy Server • Provides an HTTP REST front end for Presence and IM Services
! Includes some other services such as Third Party Call Control, policy access, etc.
! Used by the Sametime web client and mobile clients
• Includes an SDK for building web applications that consume these services ! JavaScript libraries
! User Interface level libraries (e.g. windows, menus, etc.)
! Semantic level libraries, to access services from within a different user experience
• REST APIs are well documented to allow alternate client implementations ! This is how the mobile clients were built to be compatible
! APIs are quite stable
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Meeting Server • Provides the expected set of services
! Document sharing – Upload documents, and they are converted into slides for distribution
! Application sharing – Grab all or a portion of your screen, and share it with everyone else. This includes allowing a remote participant to take control
! Screen capture – To easily share a single screen shot
! Participant list, polling, hand raise, etc. – Miscellaneous services
• Leverages additional back-end services, as needed ! Document Conversion
! Recording Capture
! Recording Render
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
AV Services (Media Manager, etc.)
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Conference Manager • Poorly named, this server participates in the routing of ALL calls
! To make it worse, this component is often referred to as the Conference Focus
• Sametime uses a Third Party Call Control (TPCC) model ! Allows us to control calls to devices other than our client, sometimes not even SIP!
! TPCC messages flow over the VP protocol
! Clients ask the Conference Manager to create calls on their behalf
! Conference Manager initiates a call by sending an INVITE (empty SDP) to the client
• Hosts the Telephony Conferencing Service Provider Interface (TCSPI) ! Java adapters that implement the TPCC to control bridges and PBXs
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
SIP Proxy / Registrar • Forwards SIP messages to their destinations
! Maintains a registry mapping users to their current location (route)
! Active conferences are registered as well
• Requires access to LDAP for authentication • Configurable Dial Plan
! Calls can be routed based on rules matched via regular expressions
! Trunks associated with rules can be secured via certificates, etc.
• Supports insertion of Back-to-Back User Agents (B2BUA) ! Source based routing rules ensure proper routing
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Video Manager (VMGR) • Fronted by a Built-in Load Balancer
! Routes both API requests and SIP messages to the correct instance of VMGR based on Virtual Meeting Room (VMR) ID
! Assigns new VMRs to the least loaded VMGR when first started
• Manages “pools” of Video MCUs ! Assigns a VMR to the least loaded VMCU when it starts, and routes all subsequent traffic to
that VMCU
• All SIP traffic flows through the VMGR to get to the VMCU; media traffic does not
! Pools can span geographies, and the VMGR can assign a VMR to a local VMCU based on the geographic location of the moderator
• Manages all characteristics of each video conference
! Maximum line rate, codecs, etc.
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Video MCU (VMCU) • Handles all voice and video streams during a conference
! Each user has a Virtual Meeting Room (VMR) provisioned in advance that includes settings appropriate for that user
• Based on H.264 SVC ! Use of layered media means that no transcoding is necessary
! VMCU routes layers within a stream based on what a client device requests
• Also supports Scalable Audio Coding (SAC) ! This is the audio equivalent to SVC
! VMCU sends high resolution audio for active speaker, and low resolution for background speakers
• Supports interoperability with H.264 AVC by sending SVC base layer
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Video Control Routing
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Video MCU Planning
Type Configuration
Demo 4 CPU Cores and 8 GB 1 GBIT network interface, and with access to at least 10% network capacity i.e. 2690 CPU with 4 physical cores (8 logical)
Low 8 CPU cores and 8 GB 1 GBIT network interface, and with access to at least 20% network capacity i.e. 2690 CPU with 8 physical cores (16 logical)
High 16 CPU cores and 16 GB 1 GBIT network interface, and with access to at least 30% network capacity i.e. 2690 CPU with 16 physical cores (32 logical)
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
VMCU Capacity by client type Type Type of Port ST 9 Client Capacity
Demo 4 CPU Cores and 8 GB
Audio Only 100
CIF 50
SD 25
HD (720p) 10
Low 8 CPU Cores and 8 GB
Audio Only 400
CIF 200
SD 100
HD (720p) 40
High 16 CPU Cores and 16 GB
Audio Only 2000
CIF 1000
SD 500
HD (720p) 200
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Bandwidth Manager (BWM) • Acts as a SIP Back-to-Back User Agent (B2BUA)
! Looks at all call signaling within a Sametime community, and modifies or rejects it as needed to ensure that bandwidth utilization stays within acceptable levels
• Understands target network, based on Sites and Links ! Sites define a Local Area Network
! Links define the connections between them
• Administrator dictates how much bandwidth can be used ! Both within each Site, and on each Link
! BWM determines Sites and Links based on the IP addresses of the clients that are participating in a call
• User-based policies control access to available bandwidth
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
SIP Edge Proxy • Forwards all SIP messages to a SIP Proxy / Registrar behind the firewall
• Intended to sit at the edge of the network, most likely in the DMZ ! Supports connectivity from Extranet users without requiring a VPN
! All clients (internal and external) use the same host name to connect to the SIP Proxy / Registrar
! Use split-horizon DNS to provide a different IP address for that host name based on the source address of the DNS request
• Does not authenticate or authorize client traffic ! Simply acts as a two-way proxy that remembers which connection maps to
which client
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime TURN Server • Traversal Using Relay NAT • Acts as a media relay for firewall traversal
! If either or both of the clients are situated behind a firewall, and a peer-to-peer media session cannot be established, the clients will use the TURN Server to relay the media
• On the client side it supports both UDP and TCP ! Far side support only UDP
• Built as a Java application
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
Deployment
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Media Manager – Basic
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Media Manager – Extranet
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Media Manager – Clustered
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
Best Practices
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Ready to deploy? • Download needed software • Install DB2 • Install SSC • Create Deployment plans
! LDAP
! Community
! Media Manager Components
• Install the Components • Post Install Configuration steps
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Before Deployment • Carefully consider your user base
! Does it include Mobile users?
! External users?
! What will be their primary client?
! Will you need TURN?
• Consider your Network Security requirements ! Will it be easy to request rules thru the DMZ firewall to internal or just put the
equipment in the DMZ and open outbound?
• Telephony Considerations (aka SUT Lite) ! Will users be calling to/from your telephone or video infrastructures?
! If so, start talks and requirement gathering with your telephony and video admins!
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Before Deployment (continued) • Check your LDAP Server
! Got mail?
! Got telephoneNumber?
! Access from all the needed servers?
• What is your expected concurrency? ! How many users will be on audio/video at a time?
! How many users will be on audio-only at a time?
! Choose the correct type and number of AV servers • TechLine can help with this
! Talk to your Linux admins about the VMGR and VMCU requirements
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Before Deployment (continued) • If deploying a SIP Edge server
! Now is the time to plan for hostnames and get them in DNS
! If doing TLS, plan on the needed certificate updates, especially if getting them from a third party provider
• If planning for an HA (clustered environment) ! Start talking to your Load Balancer admins now!
• Decide now if you're going to cluster - splitting CF and PR is easy at this point, harder once you're in production
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Security Considerations • Session Initiation Protocol (SIP or SIPS)
! SIP (over TCP) is unsecure
• No authentication of end users @ SIP level
– Users are asserted valid by other connections
• Sometimes required when working with third party TCSPI adapters
! SIPS (over TLS) is secure and encrypted
• Users are authenticated via LTPA
• There is support for 'guest' authentication
• Real-time Transport Protocol (RTP or SRTP) ! This refers to the encryption of the media streams and is controlled by Policy
• Sametime defaults to secure (SIPS/SRTP) ! Changing to unsecure is a post-install step
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Installation Planning and Deployment Sequence • Due to interdependencies among Media Manager components, you
must create deployment plans and install servers in the required sequence. ! Order is slightly different depending on which deployment model you are
following
• Be sure to follow all of the Linux steps for VMGR and VMCU ! Requiretty
! Sudo and Root access
! Install Required RPMs
• After Installation – startup order is important on VMGR ! Start solidDB then start VMGR server
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Installation Planning and Deployment Sequence • Separate SIP Proxy/Registrar and Conference Manager
! Proxy Registrar ! Video Manager ! Conference Manager ! Video MCU
• Combined SIP Proxy/Registrar and Conference Manager ! Video Manager ! SIP Proxy Registrar/Conference Manager ! Video MCU
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
During Deployment • Validate as you build, especially in the larger, more complex builds
! We presented an Open Mic session last year on this - doing another one later this year!
• Validate Awareness in browser based meetings! ! If no awareness, no AV services
• Don't forget all the steps that are needed ! SSO/LTPA Configuration
! Certificate exchanges
! Adding the required trusted IPs
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
During Deployment (continued) • VMGR
! Don't forget that solidDB must be started before you start the STMediaServer
• VMCU ! Follow the install technotes to the letter - the order of RPM installs is
critical - don't assume anything.
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Initial Validation • Use the SSC UI to confirm registration of Conference Manager and
Users ! Sametime System Console - Sametime Servers -> SIP Proxies and
Registrars -> Registered Bindings
• If CF registered, but no users are listed ! Check CF access to Community
! Check Hostnames and FW ports are open between users and PR
! Check Policy has been set properly
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Initial Validation (continued) • Test 1x1 calls first
! If these don't work, good chance n-way will not as well
• Test Meeting Room AV or adding a user to an existing 1x1 call
• Make sure all 'internal' functions work as expected BEFORE you move on to external access.
• Most External issues boil down to three things ! Plugin issues in the browser
! PR address and port not accessible to the user (Network, FW)
! TURN not accessible (DNS, FW)
! Media Ports being blocked
MakeEvery
MomentCount
2016ConnectThe Premier Social Business and Digital Experience Conference
#ibmconnect
Downloads and Documentation
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Software Downloads - PreRequisites • http://www-01.ibm.com/support/docview.wss?uid=swg24035249
! DB2 10.1
! Websphere 8.5.5.0
! Websphere 8.5.5 FP 5 • http://www-01.ibm.com/support/docview.wss?uid=swg24039425
! Installation Manager 1.8.3 • http://www-01.ibm.com/support/docview.wss?uid=swg21688304
! Domino 9.01 • http://www-01.ibm.com/support/docview.wss?uid=swg24035441
! Domino 9.0.1 FP4
• http://www-01.ibm.com/support/docview.wss?uid=swg24037141
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Software Downloads – The Components • Use FixCentral link to get the latest releases
! http://goo.gl/TkRVed
• Sametime System Console ! 9001-ST-SSC-FP-AGAR-9RHDHN (Febuary 2015)
• Community Server ! 9001-ST-Community-FP-9.0-AAZI-9RGLXV (Febuary 2015)
• Media Manager ! 9001-ST-Media-FP-SGHH-9ZK9MK (August 2015)
• Video MCU ! 9001-ST-Media-FP-SPIR-9ZTF3Z (August 2015)
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Sametime Video MCU Installation • InfoCenter Link
! http://www-01.ibm.com/support/knowledgecenter/SSKTXQ_9.0.0/admin/install/inst_av_inst_run_vmcu.dita
• Installation Requirements and Tips ! http://www-01.ibm.com/support/docview.wss?uid=swg21964890
• Required RPMs ! http://www-01.ibm.com/support/docview.wss?uid=swg21650340
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Troubleshooting • Sorry, that's all the time we have for today! • Come see Ginni and I on Tuesday for our session on
Troubleshooting AV Deployments!
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Notices and Disclaimers Copyright © 2015 by International Business Machines Corporation (IBM). No part of this document may be reproduced or transmitted in any form without written permission from IBM.
U.S. Government Users Restricted Rights - Use, duplication or disclosure restricted by GSA ADP Schedule Contract with IBM.
Information in these presentations (including information relating to products that have not yet been announced by IBM) has been reviewed for accuracy as of the date of initial publication and could include unintentional technical or typographical errors. IBM shall have no responsibility to update this information. THIS DOCUMENT IS DISTRIBUTED "AS IS" WITHOUT ANY WARRANTY, EITHER EXPRESS OR IMPLIED. IN NO EVENT SHALL IBM BE LIABLE FOR ANY DAMAGE ARISING FROM THE USE OF THIS INFORMATION, INCLUDING BUT NOT LIMITED TO, LOSS OF DATA, BUSINESS INTERRUPTION, LOSS OF PROFIT OR LOSS OF OPPORTUNITY. IBM products and services are warranted according to the terms and conditions of the agreements under which they are provided.
Any statements regarding IBM's future direction, intent or product plans are subject to change or withdrawal without notice.
Performance data contained herein was generally obtained in a controlled, isolated environments. Customer examples are presented as illustrations of how those customers have used IBM products and the results they may have achieved. Actual performance, cost, savings or other results in other operating environments may vary.
References in this document to IBM products, programs, or services does not imply that IBM intends to make such products, programs or services available in all countries in which IBM operates or does business.
Workshops, sessions and associated materials may have been prepared by independent session speakers, and do not necessarily reflect the views of IBM. All materials and discussions are provided for informational purposes only, and are neither intended to, nor shall constitute legal or other guidance or advice to any individual participant or their specific situation.
It is the customer’s responsibility to insure its own compliance with legal requirements and to obtain advice of competent legal counsel as to the identification and interpretation of any relevant laws and regulatory requirements that may affect the customer’s business and any actions the customer may need to take to comply with such laws. IBM does not provide legal advice or represent or warrant that its services or products will ensure that the customer is in compliance with any law
2016ConnectThe Premier Social Business and Digital Experience Conference
Ma
ke Every Mom
ent Coun
t
Notices and Disclaimers cont. Information concerning non-IBM products was obtained from the suppliers of those products, their published announcements or other publicly available sources. IBM has not tested those products in connection with this publication and cannot confirm the accuracy of performance, compatibility or any other claims related to non-IBM products. Questions on the capabilities of non-IBM products should be addressed to the suppliers of those products. IBM does not warrant the quality of any third-party products, or the ability of any such third-party products to interoperate with IBM’s products. IBM EXPRESSLY DISCLAIMS ALL WARRANTIES, EXPRESSED OR IMPLIED, INCLUDING BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE.
The provision of the information contained herein is not intended to, and does not, grant any right or license under any IBM patents, copyrights, trademarks or other intellectual property right.
• IBM, the IBM logo, ibm.com, Aspera®, Bluemix, Blueworks Live, CICS, Clearcase, Cognos®, DOORS®, Emptoris®, Enterprise Document Management System™, FASP®, FileNet®, Global Business Services ®, Global Technology Services ®, IBM ExperienceOne™, IBM SmartCloud®, IBM Social Business®, Information on Demand, ILOG, Maximo®, MQIntegrator®, MQSeries®, Netcool®, OMEGAMON, OpenPower, PureAnalytics™, PureApplication®, pureCluster™, PureCoverage®, PureData®, PureExperience®, PureFlex®, pureQuery®, pureScale®, PureSystems®, QRadar®, Rational®, Rhapsody®, Smarter Commerce®, SoDA, SPSS, Sterling Commerce®, StoredIQ, Tealeaf®, Tivoli®, Trusteer®, Unica®, urban{code}®, Watson, WebSphere®, Worklight®, X-Force® and System z® Z/OS, are trademarks of International Business Machines Corporation, registered in many jurisdictions worldwide. Other product and service names might be trademarks of IBM or other companies. A current list of IBM trademarks is available on the Web at "Copyright and trademark information" at: www.ibm.com/legal/copytrade.shtml.