NEFSIS DEDICATED SERVER

NEFSIS TRAINING SERIES Nefsis Dedicated Server version 5.2.0.XXX (DRAFT Document) Requirements and Implementation Guide (Rev5-113009) REQUIREMENTS AND INSTALLATION OF THE NEFSIS DEDICATED SERVER

Nefsis Training Series 2008-2009 Nefsis. All Rights Reserved 9350 Waxie Way Suite 100 San Diego, CA 92123

Table of Contents Minimum Hardware Requirements... 4 Server hardware and software... 4 Virtualization environments... 4 Network Requirements... 4 Before you being the installation... 5 Overview... 6 Designing the server placement... 7 Preparing the server(s) for deployment... 7 Installing the server... 7 Caveats:... 8 Configure NAT to the APS and VCS... 9 Firewall NAT mappings... 9 Publish Using DNS NAT mappings... 10 Using the default Nefsis parent domain URL... 11 Using a custom parent domain in your URL... 12 URL in the web browsers... 13 How to define your custom URL... 13 Defining the URL in the Nefsis portal... 14 URL in the Nefsis Conferencing Client... 14 What next?... 16 2

Testing and using your Nefsis Dedicated server... 16 Creating Nefsis accounts... 16 Methods to enter a conference... 17 Alternative method for hosting or entering a conference... 17 How does the dedicated server work?... 18 Deployment diagrams... 19 3

Minimum Hardware Requirements This document covers the requirements and steps for installing the Nefsis Dedicated Server in a customer s datacenter. The hardware and software requirements defined in this document are the minimum required for this product. The installation process applies only to this version and is subject to change. Server hardware and software Intel Core2Duo 2.0GHz 2GB RAM for each server component (APS & VCS) 4GB hard drive space for each server component (APS & VCS) 2 static IP addresses Windows Server 2003 Dot NET Framework 3.5 installed with the latest updates Virtualization environments One dedicated CPU 2GB RAM available for Nefsis server components (APS & VCS) 4GB of available hard drive space for each Nefsis server component (APS & VCS) Windows Server 2003 SP3 or Windows Server 2008 Dot NET Framework 3.5 installed with the latest updates 2 static IP addresses - One for each Nefsis server component (APS & VCS) Note: Organizations can split the APS and VCS components onto separate servers as an option. In that scenario, each server can use their existing IP address providing there are no existing web servers (IIS or Apache) running in Windows. Network Requirements Below are the requirements for setting up a Nefsis Dedicated Server. For internal meetings where all users are located behind the corporate firewall, we recommend the server have at least 10 Mbps of upstream and downstream bandwidth to all participants. For meetings where there are a mix of users, some behind the firewall and others connecting over the Internet, we recommend at least 6 Mbps of upstream bandwidth to the Internet users. 4

TIP: Higher Internet bandwidth is preferred If possible, open inbound TCP port 22, 23, 80, 443, 1270 and 37000 to the VCS. For best performance, increase TCP traffic priority for network traffic on TCP port 22, 23, 1270 or 37000. Do not turn on the deep packet inspection feature on the firewall. The deep packet inspection feature will affect network performance and the quality of conferences. Disable the content filter feature on security devices to all Nefsis Dedicated Servers. Before you being the installation Review the two emails that were sent to your primary Nefsis administrative contact. 1. The first email will contain the download links for the Nefsis dedicated server and installation instructions. 2. The second email will contain the installation key and login information for the Nefsis administrator. Please contact your Nefsis account manager if you need assistance gathering this information. 5

Overview The information below will guide you in preparing and using your Nefsis dedicated servers. There are three main components needed to complete a Nefsis dedicated server installation but you will only set up two (APS and VCS) on your network. The third component is the managed by Nefsis in our secure datacenter. Here is an over of the major server components; Note: 1. The Nefsis backend (manage by the Nefsis corporation). a. As a Nefsis administrator, you will need a Nefsis administrative account and login credentials. 2. The Access Point Server (APS) -optional a. Intended for users with the Nefsis Presence client application, which is a Windows application, b. Allow users to manage and enter conferences without using their web browser, c. View users in their Nefsis contact list (similar to an address list), d. Send meeting invites. 3. The Virtual Conferencing Server (VCS) - required a. The VCS is the central point where conferences are hosted when active. Users who join conferences will connect directly to a VCS. The two Nefsis server components (APS and VCS) are available in the same the setup. The server administrator decides which component to install when the installation starts. The administrator can decide to install both components on the same physical server or split the Nefsis servers onto separate Windows servers. The information preceding this section will discuss the components in greater detail and guide you with your decision. 6

Designing the server placement You can deploy the Nefsis servers using one of the following layouts. 1. Placing the servers behind corporate firewall, 2. In a DMZ configured to use either NAT mode or transparent mode, 3. Co-locating the servers at a hosting center or on a leased server from any Internet hosting company. Preparing the server(s) for deployment The server(s) assigned as Nefsis Dedicated Servers should have all the necessary Microsoft updates applied. The network adapter(s) should be configured for the highest link speed and full duplex (100Mbps Full Duplex at a minimum.) Ensure that no applications are running that could cause a port binding conflict with either service. An example of a conflicting application would be IIS and Apache web server. The following TCP ports are required by each service for proper function. APS: 80 (HTTP) and 443 (HTTPS) traffic. VCS: 22 (Telnet), 23 (SSH), 80 (HTTP), 443 (HTTPS), 1270 (Opsman), 37000 (unregistered). Note: The TCP port the VCS listens on. Each service will need to bind to a unique, static IP address. You may use 2 network adapters or a single adapter with two IP addresses assigned to it. Installing the server Download and run the dedicated server installer from the link that was sent to you from customercare@nefsis.com. Please ensure you have your deployment key readily available during the installation process. 7

Steps: 1. Start the installation. 2. Select components to install. a. APS b. VCS c. Both 3. Select an installation location for the files. We strongly encourage using the default installation path. 4. Use a descriptive name for the deployment. This should be the name of the company or division. 5. Copy and paste your deployment key into the appropriate edit box. 6. Configure the IP address settings for the components you selected. The top combo box only list IP addresses that are currently detected in the Windows network configuration. 7. If you plan to publish the Nefsis server to the Internet or use a DNS reference, you must specify the NAT IP address or FQDN in the Primary field. 8. Install or select an SSL certificate (Optional). The certificate must exist in the Computer certificate store in the Personal folder. 9. Complete the installation. Caveats: Installations on Windows Server 2008 may require that the HTTP service is restarted in order to properly bind to the correct IP addresses. This can be done by either restarting the server or typing the following into a command prompt: a. net stop http b. net start http The APS and VCS services will require an internet connection in order to communicate with the Nefsis database. Please ensure that the servers are capable of accessing the internet without proxy authentication or content filtering or your installation may be unusable. 8

Configure NAT to the APS and VCS The Nefsis dedicated servers supports NAT to the APS and VCS. This is an advanced section and requires a network engineer familiar with networking technologies, DNS, IP addressing schemes, routing, and the ability to create NAT maps on a router or firewall. Below is an example of an APS and VCS set up in a corporate network running on two Windows servers with NAT. The servers are configured as follows: IP address on the Windows Servers APS - 192.168.1.100 VCS - 192.168.1.101 Here are the additional requirements. 1. A NAT map on the router or firewall to the server s private IP addresses, 2. Define the NAT address when installing the dedicated servers. 3. Skip this step if you plan to use the Nefsis parent domain. If you plan to use your own parent domain name for your conferences, you will need a custom DNS A records on your internal DNS server. 4. Skip this step if you DO NOT plan to invite Internet users into your conferences. If you plan to invite Internet users into conferences, you will need to add a custom A record on your internal DNS server that points to the server s private IP address. Add a matching A record on your Internet DNS server that points to the server s public NAT. Firewall NAT mappings NOTE: The IP addresses below labeled XXX.XXX.XXX.100 and XXX.XXX.XXX.101 are the public IP addresses supplied by your ISP. 9

APS - 192.168.1.100 - NAT Public IP ( example: XXX.XXX.XXX.100) VCS - 192.168.1.101 - NAT Public IP ( example: XXX.XXX.XXX.101) Publish the DNS NAT mappings Internal DNS configuration for APS Create an A record for the APS: o conference.widgets.com XXX.XXX.XXX.100 External DNS configuration for APS Create an A record for the APS o conference.widgets.com XXX.XXX.XXX.100 Internal DNS configuration for VCS Create an A record for the VCS: o conference.widgets.com 192.168.1.101 External DNS configuration for VCS Create an A record for the APS on an Internet DNS server: o conference.widgets.com XXX.XXX.XXX.101 IMPORTANT You must confirm the route between the private and public NAT works before continuing. One technique is to PING the public NAT IP adderss and verify if it successful. In most NAT configurations, the only way to perform this test is to run it from outside the networlk. In addition, you should run a continuous PING using the PING <IP_address> -t switch to the public NAT IP and monitor the responses for any errors or drop packets. 10

Using the default Nefsis parent domain URL By default all Nefsis dedicated server accounts are assigned a URL consisting of Nefsis.com as the parent domain. This setup requires minimal or no management from the customer. It also removes the requirement for using custom DNS records. In this setup Nefsis will assign a sub domain supplied by the customer. Nefsis will define the domain under the customer s Nefsis account. Customers can change it at a later time providing the name is available. NOTE: This is the recommendation configuration since Nefsis is a SaaS (Software as a Service) solution and the dedicated server is designed to isolate real-time conference traffics. Organizations with users distributed across geographical locations and connected over a dedicated private line or VPN will benefit the most from this setup. Other additional benefits include greater network security, more control over network bandwidth and access to encryption algorithms that complies with NIST FIPS 140-2. 11

Using a custom parent domain in your URL There are two primary areas in Nefsis where your URL is visible. The web browser The Nefsis conferencing client 12

URL in the web browsers In this example you decide to use a non-nefsis.com parent domain. The Nefsis web server can serve the nesseary web pages but it cannot use a HTTPS link. The main reason for this is related with the parent domain and the CA certificate. A note on security: The real-time conference session is not the same as a web browser session. A Nefsis real-time conference is encrypted by default using SSL - RSA 1024 bit AES128 and the URL and FQD have no impact on client and server s ability to encryption network traffic. See image below. How to define your custom URL 1. Log into the Nefsis portal using the owner account associated with the dedicated server. 2. Click the My Personal Page link on the left side bar menu. 3. Click on the URL tab. 4. Enter your preferred domain in the Domain name field. a. If you plan to use your own parent domain as shown in example 2, you must, create a new DNS A record and verify it points to the following IP address: 128.121.149.212 b. If you plan to allow Internet users access into your conferences, the DNS record must be resolvable on the Internet. 13

Defining the URL in the Nefsis portal URL in the Nefsis Conferencing Client Continuing from the above example, if you choose to use your own custom domain and want that domain to appear in the Nefsis Conferencing Client, you must add the URL in the domain field under section labeled My deployments. Here are the steps for making this change. 1. Log into Nefsis with your Nefsis admin account 2. Click the My deployments link 3. Click the Edit link next to your dedicated server in the grid 14

4. Enter the URL in the Domain field. 5. Note: This field must match the URL in the My personal page section 15

What next? Testing and using your Nefsis Dedicated server Once the Nefsis dedicated server is set up, login into your dedicated portal with the owner account associated with your Nefsis Dedicated server. How to log into your Nefsis Portal 1. Open your web browser and visit your Nefsis portal (see the section titled Custom URL). Note: A predefined link to your Nefsis Portal is in the email that was sent to you when you applied for the Nefsis Dedicated Server product. If you do not have that information, please contact customercare@nefsis.com to request a copy of the link. 2. Enter the login name and password associated with your Nefsis Dedicated server. Creating Nefsis accounts Any user who wants to start and host a Nefsis conference must have an account on the Nefsis system. Below are the steps to create new Nefsis accounts in Nefsis. 1. Log into the Nefsis.com website or the web portal assigned to your organization, 2. Click the Add account link, 3. Enter the information. Note: The required fields are, a. Email address, b. Password, c. Screen name, d. First name, 16

e. Last name. 4. Click on Save changes to create the account, 5. After the account is created, the new user will need to validate the account by clicking on a custom link in the confirmation email send to the user s email address. If you do not want your users to receive the confirmation email, please inform your account manager for other account creation options. Link to download the Nefsis Presence client (optional) http://www.nefsis.com/default/deployment.html Methods to enter a conference After logging into the Nefsis, you can host conference on your Nefsis Dedicated server using the options located on the left side bar menu. The options are, 1. Click the Enter personal meeting room link located in the left side navigation menu (fastest method for entering a conference room). 2. Click Start quick conference, complete the information and select Start Now. 3. Click Schedule conference and complete the necessary information. 4. Click Join existing conference if you know the conference ID. Note: You will enter a conference if you have an IP route to your Nefsis VCS. Alternative method for hosting or entering a conference The alternatively method for hosting or entering a conference is to use the Nefsis Presence client. The Nefsis Presence client is a Windows application used for managing conferences and contacts. Below are the steps for using the Nefsis Presence client. 1. Start the Nefsis client. 2. Ensure that you are logged out of the client and the Login interface is visible. 17

3. Click on the Connection settings link button below the Login button. 4. Select Use locally installed Nefsis. 5. Enter the IP address of the APS server you installed. 6. Click on OK. Components for hosting your Nefsis dedicated server There are three required components for a complete dedicated server setup and two additional components which are optional. The five components are, The Nefsis backend (required) Managed by Nefsis o This component is the main web services engine for web pages (portals), o authentication services, o license management, o balance load on conferencing servers, o archives conferences (if needed), Virtual Conferencing Server (required) Managed by customer o Central hub for all real-time conferences o Acts as an intelligent real-time router Nefsis Conferencing Client (required) o Conferencing client for video, voice over IP, live sharing and many more conferencing features. Access Point Server (optional) Managed by customer o Managers contact list o Message routing o Conference management Nefsis Presence Client (optional) Managed by customer o Allow host users quick access to conferences o Manage conferences o Manage contacts 18

Deployment diagrams Option 1 - Placing the Nefsis server behind a corporate firewall. Option 2 Nefsis servers in a DMZ (transparent mode only) Option 3 Co-locating servers or using leased server from an Internet hosting company. Example of setting up NAT for the Nefsis dedicated servers Example of a transparent mode setup on a firewall 19

Option 1 Placing the Nefsis server behind a corporate firewall NOTE: You can use one Windows Server with two IP addresses or split the APS and VCS on two dedicated Windows Servers. 20

Option 2 Nefsis servers in a DMZ set for NAT or Transparent mode 21

Option 3 Co-locating servers or using leased server from an Internet hosting company. 22

Example of setup NAT for the Nefsis dedicated servers 23

Here is an example of a transparent mode setup for an interface on a firewall. Note: The menu option varies with firewall manufacturers. 24