Introduction
The Preferred Architecture (PA) for Cisco Webex Hybrid Services is a Cisco Validated Design (CVD) built upon the foundation of the PA for Cisco Collaboration Enterprise on-premises deployments. It requires many of the same products and infrastructure components as well as the architecture and planning incorporated in the PA for on-premises deployments. Therefore we expect you to follow and implement the latest version of the Preferred Architecture for Cisco Collaboration Enterprise On-Premises Deployments, available at https://www.cisco.com/go/pa, prior to deploying the PA for Cisco Webex Hybrid Services.
As part of implementing the PA for Webex Hybrid Services, there are a number of products and integrations covered in the latest version of the Preferred Architecture for Cisco Collaboration Enterprise On-Premises Deployments that overlap with, and thus are not part of, the PA for Webex Hybrid Services. The areas of overlap include Cisco Meeting Server, Cisco Unified Communications Manager IM and Presence Service, and Cisco Jabber. This does not mean that these products and services cannot be deployed in an environment with Webex Hybrid Services, but that this PA for Webex Hybrid Services will not discuss or treat any design considerations around these on-premises products and services when they overlap with those included in the Webex Hybrid Services solution.
Architectural Overview
The PA for Webex Hybrid Services provides end-to-end collaboration targeted for deployments where a collaboration solution based on Cisco Unified Communications Manager has been deployed. This architecture incorporates high availability for critical applications. The consistent user experience provided by the overall architecture facilitates quick user adoption. Additionally, the architecture supports an advanced set of collaboration services that extend to mobile workers, partners, and customers through the following key services:
- Voice and video communications
- Messaging
- Meetings that incorporate high-definition video, web conferencing, and content sharing capabilities
- Services for mobile and remote workers
Because of the adaptable nature of Cisco endpoints and their support for IP networks, this architecture enables an organization to use its current data network and the Internet to support both voice and video calls. The preferred architecture provides a holistic approach to bandwidth management, incorporating an end-to-end QoS architecture and video rate adaptation and resiliency mechanisms to ensure the best possible user experience for deploying pervasive video over managed and unmanaged networks.
The PA for Webex Hybrid Services, shown in Figure 1-1, provides highly available and centralized on-premises and cloud services. These services extend easily to remote offices and mobile workers, providing availability of critical services even if communication to headquarters is lost. Centralized on-premises and cloud-based services also simplify management and administration of an organization's collaboration deployment.
Figure 1-1 Preferred Architecture for Cisco Webex Hybrid Services
Table 1-1 lists the components in this architecture. For simplicity, the components are grouped into modules to help categorize and define their roles. The content in this guide is organized in the same modules.
The PA for Webex Hybrid Services provides high availability for all deployed on-premises applications by means of the underlying clustering mechanism present in all Cisco Unified Communications applications. Clustering replicates the administration and configuration of deployed applications to backup instances of those applications. Likewise, cloud services are natively redundant by virtue of elastic compute and highly available service distribution within the cloud platform.
If an instance of an application or services fails, Cisco on-premises and cloud-based services such as endpoint registration, call processing, messaging, and many others continue to operate on the remaining instance(s) of the application or service. This failover process is transparent to the users. In addition to clustering, the PA for Webex Hybrid Services provides high availability through the use of redundant power, network connectivity, and elastic storage.
Sizing a deployment can become complex for large enterprises with sophisticated requirements. This PA for Webex Hybrid Services presents some examples that simplify the sizing process. For details, see the chapter on Sizing Cisco Webex Hybrid Services.
Details about the individual licenses for the endpoints and infrastructure components in the PA for Webex Hybrid Services are beyond the scope of this document. Information about Cisco Collaboration Flex Plan licensing is available at
https://www.cisco.com/c/en/us/products/unified-communications/collaboration-flex-plan/index.html
Collaboration Endpoints
The recommendations within this Preferred Architecture assume a deployment of Cisco voice and video endpoints, including the Webex Teams application. Some of the endpoint use SIP to register to Cisco Unified Communications Manager (Unified CM) on-premises, while others use HTTPS to connect to the Webex Hybrid Services. Table 1-2 lists the preferred endpoints for optimal features, functionality, and user experience.
Webex Core Services
The PA for Webex Hybrid Services includes the following foundational components and services that underlie the entire Webex Hybrid Services solution. All of these services and components are relevant for the deployment of the PA for Webex Hybrid Services, and they are referenced as appropriate in the remainder of this document.
The web-hosted online Webex Control Hub, available at https://admin.webex.com/, is used to administer and manage an organization's Webex services.
After logging into the control hub, the administrator is presented with the overview screen, which provides a one-screen snapshot of the organization and the status and utilization of cloud services. Clickable tiles on the overview screen allow quick drill-down to more information and configuration for various features and services.
The left-hand navigation menu of the Webex Control Hub provides links to various management and provisioning areas within the web-based portal, including:
- Users — Area for managing users and provisioning them for cloud services.
- Places — Area for managing physical locations containing a device (for example, a meeting room).
- Services — Area for managing and configuring cloud services, including Webex Hybrid Services.
- Devices — Area for managing and provisioning cloud-registered room systems and Cisco Webex Boards.
- Reports — Area for viewing diagnostics and reports and reviewing and analyzing cloud and hybrid service metrics, including service and device utilization, call quality, and other statistics.
- Support — Area for finding documentation and other support resources.
- Settings — Area for managing base global organizational settings.
One of the key features of the Webex Teams application and the Webex platform is one-to-one and group messaging with file sharing. This feature delivers persistent instant messaging with Webex Teams spaces, where users can message and share files. Spaces are manually or dynamically created based on user work flows, and spaces can be grouped into teams to provide team-focused spaces across organizations.
Meetings are another key feature of the Webex platform utilized by Webex Teams applications and endpoints. Webex Meetings provides voice and video conferencing along with screen sharing by leveraging the Webex conferencing service. Webex Meetings builds upon and leverages the messaging and file sharing capabilities of Webex Messaging. Webex Meetings also enables permanent Personal Meeting Rooms (PMR) to provide users with personalized permanent voice and video meeting spaces.
Cisco Expressway-C Connector Host Management Connector
The Cisco Expressway-C Connector Host is a standard Cisco Expressway-C server deployed within the customer's organization to provide an integration point between the on-premises and cloud collaboration services. The integration between the Cisco Expressway-C server and Webex is facilitated via micro-services installed and managed on the Expressway-C Connector Host by Webex. These micro-services enable integration of Webex Hybrid Services.
The Management Connector is included in the Expressway-C base software and is used by the administrator to register Expressway to Webex and to link the Expressway interface with the Webex management interfaces.
The Management Connector plays an important role as the coordinator of all connectors running on the Expressway server or cluster. It provides the administrator with a single point of control for connector activities. The Management Connector enables Webex-based management of the on-premises connectors, handles initial registration with Webex, manages the connector software life cycle, and provides status and alarms.
The Management Connector requires that certificates of the Certification Authorities (CA) that signed the certificates in use by Webex must be in the trusted list of the Expressway-C connector host, so that the HTTPS connection can be established. The administrator can decide to allow Webex to upload CA certificates to the Expressway-C trust store. Or, in cases where security policies prevent Webex from uploading trusted CA certificates on Expressway-C, the administrator may upload them manually.