• Like
  • Save

UC Expo 2010 - Scaling and Securing your Microsoft OCS investment

  • 781 views
Uploaded on

 

More in: Technology , Business
  • Full Name Full Name Comment goes here.
    Are you sure you want to
    Your message goes here
    Be the first to comment
No Downloads

Views

Total Views
781
On Slideshare
0
From Embeds
0
Number of Embeds
0

Actions

Shares
Downloads
0
Comments
0
Likes
1

Embeds 0

No embeds

Report content

Flagged as inappropriate Flag as inappropriate
Flag as inappropriate

Select your reason for flagging this presentation as inappropriate.

Cancel
    No notes for slide
  • While easier to configure and manage a deployment without failover capability, if one unit fails, the entire Unified Communications environment goes down; no VOIP, no IM, no presence, and/or conferencing High Availability pairing allows a second Brocade ADX to provide uninterrupted server accessThere are three ways to deploy ADX in HA modeActive-Hot Standby – One active ADX, another ADX in standby (supported only with switch code)Active-Standby VIP – Both ADX’s can receive traffic but only the Active VIP handles the L4-7 traffic, the other VIP is in Standby (supported by router or switch code)Active-Active – Both ADX’s are active for the same VIP, where the ADX that receives the request, services it, and during failure, the remaining ADX handles all requests (supported by router or switch code)

Transcript

  • 1. Infrastructure & Delivery Management Theatre
    SCALING AND SECURING YOUR OCS InvestmentIs your Network Infrastructure Ready for Voice and UC Services?
    Harry PettyDirector, Product Marketing
    UC EXPO
    March 11, 2010
    © 2010 Brocade Communications Systems, Inc.
  • 2. Legal Disclaimer
    All or some of the products detailed in this presentation may still be under development and certain specifications, including but not limited to, release dates, prices, and product features, may change. The products may not function as intended and a production version of the products may never be released. Even if a production version is released, it may be materially different from the pre-release version discussed in this presentation.
    NOTHING IN THIS PRESENTATION SHALL BE DEEMED TO CREATE A WARRANTY OF ANY KIND, EITHER EXPRESS OR IMPLIED, STATUTORY OR OTHERWISE, INCLUDING BUT NOT LIMITED TO, ANY IMPLIED WARRANTIES OF MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE, OR NONINFRINGEMENT OF THIRD-PARTY RIGHTS WITH RESPECT TO ANY PRODUCTS AND SERVICES REFERENCED HEREIN.
    Brocade, the B-wing symbol, BigIron, DCX, Fabric OS, FastIron, File Lifecycle Manager, IronPoint, IronShield, IronView, IronWare, JetCore, MyView, NetIron, SecureIron, ServerIron, StorageX, and TurboIron are registered trademarks, and DCFM and SAN Health are trademarks of Brocade Communications Systems, Inc., in the United States and/or in other countries. All other brands, products, or service names are or may be trademarks or service marks of, and are used to identify, products or services of their respective owners.
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    March 11, 2010
    2
  • 3. Abstract
    Is Your Network Infrastructure Ready for Voice and UC Services?
    OCS includes VoIP and conferencing components, protocols and call flow configuration in frontend server pools and perimeter networks
    To underpin real-time video conferencing, VoIP and PBX capabilities hosted on servers inside your organization’s firewall, you need a network infrastructure that is smart, secure and scalable
    This session will describe the latest techniques to ensure high-availability, while protecting your communications investment from capacity-limited obsolescence, as well as malicious threats and attack
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    3
  • 4. Agenda
    Case Study: Fabrikam Sports
    Network Design Considerations
    Ensuring Scalability and High-Availability
    Load Balancing OCS Frontend, Director, and Edge Servers
    Securing the OCS Infrastructure Against Attacks
    • The Best Practice for the Best ROI
    Is your Network Infrastructure Ready for Voice and UC Services?
    4
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
  • 5. OCS Case Study
    Fabrikam Sports
    5
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    “We’re consolidating telephony, conferencing, collaboration tools and email to reduce management costs for our rapidly growing mobile workforce, and to allow our communications infrastructure to scale to reach the company’s potential”
    −Fabrikam Sports
    This high-end sports apparel manufacturer’s popularity has created pressure to scale their IT infrastructure
  • 6. Fabrikam Sports
    OCS Case Study
    Headquartered in San Francisco, the company was challenged to collaborate effectively with 4,500 employees, apparel designed in Seattle, manufactured in Texas, with a regional New York sales office, 200 US-based reps and 50 reps split between Europe and Asia
    They needed a solution that would support VoIP-based telephony, presence detection, mobile clients, and conferencing, to streamline and dramatically reduce the cost of communications
    Easily integrated with their existing Exchange platform, the IT department chose Office Communicator 2007 R2
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
  • 7. A sound network infrastructure is required for OCS deployments so Fabrikam made Brocade products their standard for Ethernet load balancing, switching and routing, and Fibre Channel switching for storage, because they deliver the highest performance at the lowest cost and the lowest power consumption.
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    OCS Case Study
    Building the right OCS infrastructure
    Fabrikam Sports
  • 8. Layer 2-3 Network Objectives
    A 3-tiered network architecture at the HQ, Seattle, and Austin offices, using Brocade FastIron CX at the access layer, FastIron SX at the aggregation layer, and NetIron MLX at the core, with 10 GbE 802.1ad trunks between each switch and the upper layer
    The remote sales office in New York would deploy the FSX and FCX also with 10GbE 802.1ad trunks to the upper layer
    SIP trunks would be purchased from the ISP allowing the company to take advantage of all the features of OCS across all offices and mobile users
    Complete redundancy is implemented at each layer
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
  • 9. Layer 2-3 Network Objectives
    QoS would be configured on all the switches
    An 802.1p marking ACL will be configured to change the default DSCP value assigned OCS to a higher priority
    In addition, traffic will be rate limited so that video and voice does not consume all available bandwidth
    Rapid Spanning Tree will be configured on each VLAN
    The right infrastructure design for OCS
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    Use QoS, Rate Limiting, and RST on each VLAN
  • 10. Layer 4-7 Network Objectives
    Complete redundancy is implemented at each layer
    One of the most critical elements in OCS deployment, ServerIron ADX switches would be configured in HA pairs before frontend, edge, and directory servers to scale performance, secure the servers and provide redundancy in the event of frontend server failure
    ADX provides all users with a single connection point to the server pool, and ensures traffic is balanced between all real servers, preventing traffic from being sent to a failed server
    ADX provides Denial of Service (DoS) attack security to all servers by ensuring hacker traffic is rejected without impairing the throughput of real traffic
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
  • 11. Branch / Remote Sites
    Internet
    New York
    Brocade MLX
    OSPF 11
    Brocade FCX
    OSPF 20 - 50ms Latency
    Corporate Site
    San Francisco
    Brocade SX
    Austin
    SQL, Exchange, and SharePoint Clusters
    Brocade ADX
    OSPF 30 - 25ms Latency
    Brocade FCX
    Brocade
    FC SAN
    OCS R2
    Monitoring
    Seattle
    OCS R2 Edge Server
    DMZ
    OSPF 40 - 5ms Latency
    Brocade FCX
    OCS R2 Director
    OCS R2 Front End
    Fabrikam Sports
    Network Topology
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    11
  • 12. OCS Enterprise Edition Considerations
    OCS Enterprise Edition Front End Server, A/V Conferencing Server, Web Conferencing Server, and Web Components Server can run on any combination of individual or separate servers
    Any OCS pool with more than one Front End Server requires a hardware load balancer
    A hardware load balancer is also required for arrays of OCS Edge Servers or even for an array of Standard Edition Servers when configured as a Director
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    12
  • 13. OCS Enterprise Edition Considerations
    Internet
    Expanded Deployment
    OCS 2007 R2 Enterprise Edition in the consolidated configuration, one or more Enterprise Edition servers are deployed, each running the Frontend Server, A/V Conferencing Server, Web Conferencing Server, and Web Components Server
    Recommended for most organizations that need high performance and high availability with easy scalability
    A Layer 4-7 load balancer is required when multiple Enterprise Edition servers are pooled
    Firewall
    Access – FastIron CX
    DMZ
    OCS Edge
    OCS Edge
    OCS Antivirus
    OCS Antivirus
    Firewall
    Core - NetIron MLX
    Internal Network
    Aggregation – FastIron SX
    Load Balance – ServerIron ADX
    OCS Frontend, AV, Monitoring, Web Conferencing
    SQL Server
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    March 11, 2010
    13
  • 14. Layer 2-3 OCS Network Design Considerations
    Campus Core
    Multi-tier
    Depending on size of network, use three-tier architecture
    Redundancy
    Provide redundancy at all levels
    Link Aggregation Groups
    Provide at least 10GbE dynamic LAGs between each layer
    Monitor LAGs and WAN link to see if congestion is occurring
    Configure loopback interfaces to reduce port flapping
    NetIron MLX
    Core
    FastIron SX
    Aggregation
    ServerIron ADX
    OCS Servers
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    March 11, 2010
    14
  • 15. Layer 4-7 OCS Network Design Considerations
    High Availability
    ServerIron ADX switch pairs in front of Enterprise Edition pools of OCS Directors, Frontend and Edge servers maximize application uptime and server farm utilization
    Security
    Shield applications from malicious attack without performance degradation
    Scalability
    ADX receives all client requests, performs health checks to identify outages and directs client connections to the most available resource, while servers can be added to or subtracted from the network in real time
    ServerIron ADX HA Pair
    server virtual EDVIP 10.5.57.90
    server virtual DIRVIP 10.5.57.90
    server virtual FEVIP 10.10.57.13
    OCS 2007 R2
    Edge Servers
    server real ED1 10.5.57.11
    server real ED2 10.5.57.12
    OCS 2007 R2
    Directors
    server real DIR1 10.10.57.8
    server real DIR2 10.10.57.9
    OCS 2007 R2
    Frontend Servers
    server real FE1 10.10.57.11
    server real FE2 10.10.57.12
    Ports Load Balanced
    server port 5060 tcp
    server port 5061 tcp
    server port 5063tcp
    server port 135 tcp
    server port 80 tcp
    server port 443 tcp
    server port 444 tcp
    server port 5069 tcp
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    March 11, 2010
    15
  • 16. Best Practice—Layer 4-7
    Use High Availability (HA) pairs to eliminate single-point-of-failure
    Active Hot Standby—One switch active, the other is standby with shared MAC address
    Active-Standby VIP—both switches receive traffic but only one VIP is acting in standby
    Active-Active—Both switches are active, allowing for oversubscription
    Use Global Server Load Balancing (GSLB) to distribute services transparently across multiple sites of OCS R2 server farms
    Use ‘one-arm’ or Direct Server Return (DSR) mode for a less network-intrusive topology, that allows higher throughput
    Use HA, DSR , and GSLB to increase availability, reliability, and scalability
    16
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
  • 17. Best Practice—Layer 4-7
    OCS Enterprise Edition Front End Server, A/V Conferencing Server, Web Conferencing Server, and Web Components Server can run on any combination of individual or separate servers
    Any OCS pool with more than one Front End Server requires a hardware load balancer
    A hardware load balancer is also required for arrays of OCS Edge Servers or even for an array of Standard Edition Servers when configured as a Director
    March 11, 2010
    UC Expo | Scaling and Securing Your Microsoft OCS Investment
    17
  • 18. Best Practice for the Best ROI
    • Use ServerIron ADX to load balance multiple Enterprise Edition servers, maximizing server utilization and client connections scalability
    • 19. Use HA pairs of ServerIrons to eliminate single point of failure and assure stateful failover
    • 20. Defend server pools against malicious attacks with ServerIron DoS offload for the best protection and throughout while under attack
  • THANK YOU
    For more information, please visit www.brocade.com