Using Microsoft® Exchange 2000 Conferencing Server over the Internet White Paper
Published: August 2001
Table of Contents Introduction............................................................................................................. ..3 Overview............................................................................................................ .......3 Conferencing Terminology Review.................................................................... .............3 Software and Hardware Requirements......................................................................... ..5 Software Requirements............................................................ ...............................5 Hardware Requirements ........................................................... ..............................5 IP Multicasting vs. H.323 Bridge................................................................ ...................6 Bandwidth Considerations......................................................................................... ...7 Firewall Considerations........................................................................................... .....8 Cisco PIX Firewall.................................................................................................... 9 Microsoft Internet Security and Acceleration (ISA) Server 2000.................................... .9 Network Address Translation (NAT) Servers............................................... .................9 Configuring Exchange Conferencing Server for Internet Attendees....................................9 Step 1: Create an Additional Windows 2000 Site and Subnet......................................10 Step 2: Manage the Conferencing Site................................................. ....................12 Step 3: Create Conferencing Resources.................................... ...............................13 Step 4: Configure T.120 MCU Properties.......................................................... .........16 Additional Resources............................................................................... ..................17
Using Microsoft Exchange 2000 Conferencing Server over the Internet White Paper Published: August 2001 For the latest information, please see http://www.microsoft.com/exchange
Introduction This step-by-step guide provides instructions for configuring Microsoft® Exchange 2000 Conferencing Server to host attendees connecting over the Internet. This guide describes the process of configuring conferencing resources for Internet attendance. It also discusses bandwidth and firewall considerations.
Overview This paper assumes that you have installed and configured Microsoft Exchange 2000 Server and installed Exchange Conferencing Server. This paper also assumes that your Exchange deployment runs and functions properly. Before you deploy Exchange Conferencing Server, you should have an understanding of administration concepts for Microsoft Windows® 2000 Server (or Windows 2000 Advanced Server) and Exchange. This paper assumes you are familiar with these technologies. For information about each of these Microsoft products, see the online documentation for each product, Microsoft Windows 2000 Server Resource Kit, or the Microsoft.com Web site.
Conferencing Terminology Review Familiarity with various Exchange 2000 Server and Exchange 2000 Conferencing Server components and terms enhances your understanding of this paper. Table 1 lists and describes these components. Table 1
Conferencing Server components and descriptions
Component
Description
Conference Management Service
Conference Management Service coordinates and manages conferencing technologies and resources, and tracks and controls access to conferences.
Component
Description
Conference Technology Provider
Conference Technology Provider is the back-end service supporting the online meeting. Microsoft provides two Conference Technology Providers within Exchange 2000 Conferencing Server, Data Conferencing Provider and Video Conferencing Provider.
Data Conferencing Provider
Data Conferencing Provider is a conferencing technology based on the T.120 protocol stack that provides collaboration tools such as those found in Microsoft NetMeeting®. Data Conferencing Provider provides a T.120 multipoint control unit for data conferencing clients.
Video Conferencing Provider
Video Conferencing Provider is a conferencing technology that provides video and audio conferences over multicast-enabled IP networks. Video Conferencing Provider also provides an H.323 bridge that allows H.323 conferencing clients to participate in audio and video conferences.
T.120 multipoint control unit (MCU)
The T.120 MCU service runs as a component of Data Conferencing Provider and provides network connections between participants in a data conference.
Multicast Address Dynamic Client Allocation Protocol (MADCAP)
After you configure and activate a multicast scope, the DHCP service in Windows 2000 Server can provide multicast IP addresses in the same way that it provides unicast IP addresses.
Conference calendar mailbox
A conference calendar mailbox is an Exchange 2000 mailbox that stores the definitions and structure of all conferences.
Conference resources
Conference resources are Exchange 2000 mailboxes that conferencing clients invite when scheduling an online meeting. The conference properties, including the resource used, are stored in the conference calendar mailbox.
H.323 bridge
The H.323 bridge permits NetMeeting clients that are unable to connect directly to multicast conferences to connect through a H.323 unicast session.
IP multicasting
Unlike traditional Internet traffic that requires separate connections for each sourcedestination pair, IP multicasting allows many recipients to share the same connection, which means that just one set of packets is transmitted for all the destinations.
Windows 2000 site
A Windows 2000 site is defined as one or more well-connected (highly reliable and fast) TCP/IP subnets. A site allows administrators to configure the Microsoft Active Directory™ directory services access and replication topology quickly and easily to take advantage of the physical network. When users log on, Windows 2000 locates Active Directory servers in the same site as the user.
Codec
A codec (coder/decoder) is any technology for encoding and decoding data.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
4
Software and Hardware Requirements To install the Exchange 2000 Conferencing Server configuration discussed in this white paper, you must meet the following software and hardware requirements.
Software Requirements To install Conferencing Server, the following software is required: •Microsoft Windows 2000 Server or Microsoft Windows 2000 Advanced Server, Service Pack 1 or later. •Microsoft Exchange 2000 Server or Microsoft Exchange 2000 Enterprise Server. •Microsoft Exchange 2000 Conferencing Server. Note For best performance, install the latest service pack for each software requirement.
Hardware Requirements Review the hardware requirements for servers on which you plan to install Conference Management Service, Data Conferencing Provider, and Video Conferencing Provider. Also, review the hardware requirements for conferencing clients that participate in data or video conferences. Server Computers Table 2 lists the minimum and the recommended hardware requirements for server computers on which you install Conference Management Service, Data Conferencing Provider, Video Conferencing Provider, or multipoint control units (MCUs). Table 2
Minimum and recommended hardware for server computers
Minimum hardware
Recommended hardware
133-MHz Intel Pentium processor or equivalent
400–MHz or faster Intel Pentium processor or equivalent
128 megabyte (MB) of RAM
256 megabyte (MB) of RAM
An MCU installed on this hardware configuration with no other applications active can process approximately 500 simultaneous conferencing client connections. Conferencing Client Computers Review the hardware requirements for conferencing client computers to participate in data and video conferences. Data Conferencing Client
Table 3 lists the minimum and recommended hardware requirements for conferencing clients participating in a data conference.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
5
Table 3 Minimum and recommended hardware for data conferencing client computers Minimum hardware
Recommended hardware
For Windows 95 or later, a 90-MHz Intel Pentium processor or equivalent with 16 MB of RAM
For Windows 95 or later, a 133-MHz or faster Intel Pentium processor or equivalent with at least 16 MB of RAM
For Microsoft Windows NT® or later, a 90-MHz Intel Pentium processor or equivalent with 24 MB of RAM
For Windows NT or later, a 133-MHz or faster Intel Pentium processor or equivalent with at least 32 MB of RAM
Video Conferencing Client
To participate in multicast video conferences, conferencing client computers must have the same hardware as computers running Microsoft Windows 2000 Professional. Video conferences also require the following peripheral equipment: •Sound card with microphone and speakers •Video capture card and camera Table 4 lists the minimum and recommended hardware requirements for conferencing client computers that participate in multicast video conferences. Table 4
Minimum and recommended hardware for multicast video conferences
Minimum
Recommended
56 Kbps or faster modem
Local area network (LAN) connection
133-MHz Intel Pentium processor or equivalent
266-MHz or faster Intel Pentium processor or equivalent
64 MB of RAM
128 MB of RAM
Video conferencing client computers without Windows 2000 must use NetMeeting to participate in video conferences. NetMeeting uses H.323 to communicate with the MCU and to bridge participants into the conference. Table 5 lists the minimum hardware requirements for H.323 conferencing clients. Table 5 Minimum and recommended hardware for H.323 conferencing client computers Minimum
Recommended
For Windows 95 or later, a 90-MHz Intel Pentium processor or equivalent with 16 MB of RAM
For Windows 95 or later, a 133-MHz or faster Intel Pentium processor or equivalent with at least 16 MB of RAM
For Windows NT, a 90-MHz Intel Pentium processor or equivalent with 24 MB of RAM
For Windows NT, a 133-MHz or faster Intel Pentium processor or equivalent with at least 32 MB of RAM
IP Multicasting vs. H.323 Bridge IP multicasting supports a one-to-many method of packet delivery. When a conferencing client capable of multicasting joins an online conference, the conferencing client computer is assigned a multicast address. The conferencing client registers the address on its subnet and submits an Internet Group Management Protocol (IGMP) router registration packet. The routers listening for this multicast address propagate the traffic through a spanning tree type algorithm to all other routers. Any time an IGMP and Request
Using Microsoft Exchange 2000 Conferencing Server over the Internet
6
for Comments (RFC) 2236-compliant router receives a multicast packet, the router looks through its routing table and determines whether there are conferencing clients listening for that address on that particular subnet. If there are conferencing clients listening, the packets are delivered to only those conferencing clients. If no conferencing clients on that subnet or segment are listening on that address, the address is not registered with the router, and the router does not forward the packets to the specific subnet. Note This paper does not address IGMP and RFC 2236-compliant routers. For additional information about these routers, see the Microsoft Windows 2000 Server Resource Kit or documentation provided by the router manufacturer. With the exception of large corporate infrastructures and ISPs, most Internet conferencing clients do not have multicast connectivity. To work around this issue, conferencing clients without multicast connectivity need to connect across an H.323 bridge. The H.323 bridge runs on the T.120 multipoint control unit (MCU) server and permits conferencing clients that are unable to connect directly to multicast conferences to connect through an H.323 unicast session and participate in video and audio conferences. When a conferencing client participates in an online conference, the conferencing client connects directly to the T.120 MCU/H.323 bridge server, which sends the data to all the other participating conferencing clients. Conferencing clients on the Internet can participate in video and audio conferences because the H.323 protocol can be used across the Internet.
Bandwidth Considerations Because Internet conferencing clients must use the H.323 protocol to communicate, bandwidth is a major consideration for most customers. When H.323 fallback is enabled, the audio codec used is G.711, which consumes roughly 70 kilobits per second (Kbps). The video codec used is H.263, which consumes approximately 90 Kbps. Therefore, conferencing clients connecting to a conference send an average of approximately 160 Kbps for each audio/video stream. To get an estimate of the amount of bandwidth required to have a smooth audio and video conference, multiply the number of conferencing clients participating in the conference by 160 Kbps. The required bandwidth for data conferencing is difficult to determine because of the many variables involved. For example, whether or not you will be chatting, using a white board, or sharing applications affects the overall bandwidth. However, compared to the bandwidth consumed by audio and video, data conferencing uses relatively few resources. The type of connection used also has a major influence on the amount of available bandwidth. For more information about bandwidth considerations, see the following Microsoft Knowledge Base article: Q290174, “XCCC: Bandwidth Considerations for Conferencing over Internet” An administrator has several options to control the amount of bandwidth used in a conference. These options include:
Using Microsoft Exchange 2000 Conferencing Server over the Internet
7
•Select the codec to be used If you use the G.711 codec, each audio stream uses approximately 70 Kbps. But the GMS 6.11 codec reduces this bandwidth to about 20–30 Kbps. For video, the bandwidth is roughly the same for both the H.262 and the H.263 codecs. However, the H.263 codec has a smarter algorithm and uses slightly less network bandwidth. Although conferencing clients using H.323 default to the G.711 and the H.263 codec, an administrator may choose to define other codecs for any multicast conferencing resource. •Reduce conference participants Another way to control bandwidth is to reduce the number of conference participants possible for video resources. In a multicast conference, additional attendees (that is, individuals who join the conference after the maximum number is reached) connect to the conference as observers and do not send anything to the network. •Define audio-only resources Define resources that use audio only. Resources that do not use video will preserve bandwidth. •Configure the “Automatically send audio at join time” and the “Automatically send video at join time” settings If you do not select these settings, the conferencing client must manually start the audio and video streams in their client. Conferencing Server will not automatically start these streams. •Implement QoS policies Windows 2000 Quality of Service (QoS) includes enterprise and subnet policies that contain rules for your organization. You can set QoS policies to guarantee the amount of available bandwidth to your organization, subnets, or individual users. •Configure MCU visibility restrictions and site referrals Through administrative settings, you can restrict access to an MCU based on a set of subnet mask pairs. Only conferencing clients whose IP addresses match a defined subnet can connect to the MCU. In this way, administrators can divide a Windows 2000 site and direct participants to a specific MCU. •Limit videoconferences over WAN links You can limit videoconferences over WAN links which limits the network area where multicast data can go. •Restrict use of expensive resources Restrict the use of conferencing resources that are the most expensive in your organization. For more information about these options, see your Exchange 2000 Conferencing Server online documentation.
Firewall Considerations For Internet conferencing clients to participate in data, video, and audio conferences hosted inside a firewall, administrators need to open primary and secondary ports so that internal and external conferencing clients can communicate with each other. Table 6 lists these ports. Table 6
Port list for conferences hosted inside a firewall
Conference Type
Port
Data conference
1503
Video and audio conference over the Internet
1720 (H.323 video) and 1731 (H.323 audio)
Using Microsoft Exchange 2000 Conferencing Server over the Internet
8
For data conferencing without audio and video, all you need to do is open port 1503. However, issues arise when configuring your firewall to allow for audio and video conferencing because audio and video require two dynamic ports in addition to ports 1720 and 1731. Because there is not a method for predicting which ports those will be, an administrator must open all the ports on the firewall.
Cisco PIX Firewall Exchange Conferencing Server was tested behind a Cisco PIX Firewall with successful results. However, the steps necessary to configure Conferencing Server behind a Cisco PIX Firewall are beyond the scope of this paper. For more information about configuring the firewall, see the following Microsoft Knowledge Base article: Q299668, “XCCC: Configuring Exchange 2000 Conferencing Server Behind a PIX Firewall”
Microsoft Internet Security and Acceleration (ISA) Server 2000 You can also configure Exchange Conferencing Server to work with Microsoft Internet Security and Acceleration (ISA) Server 2000. For more information, see the following Microsoft Knowledge Base article: Q303098, “XCCC: How to Configure Exchange 2000 Conferencing Server and ISA Server to Allow Audio and Video”
Network Address Translation (NAT) Servers Network Address Translation (NAT) servers are being used more often, especially in small office and home office environments. Note Remote conferencing clients may participate in data conferences that are conducted behind a NAT server, but video and audio conferences behind a NAT server are not supported.
Configuring Exchange Conferencing Server for Internet Attendees To configure Exchange Conferencing Server for Internet attendees, use the following four steps. 1. Create an additional Windows 2000 site and subnet. 2. Manage the conferencing site. 3. Create conferencing resources. 4. Configure T.120 MCU properties.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
9
Step 1: Create an Additional Windows 2000 Site and Subnet You must configure more than one Windows 2000 site and subnet before the Conference Management Service can distinguish conferencing clients as either connecting locally or from the Internet. If you do not configure more than one site, all conferencing clients appear to come from the default (the internal) Windows 2000 site. Note If your topology includes a perimeter network (also known as DMZ, demilitarized zone, and screened subnet), the best practice is to create another Windows 2000 site in the perimeter network, and then install an additional Exchange Conferencing Server in the site to handle requests from Internet attendees. In the meantime, the server running Exchange Conferencing Server on the internal network is dedicated to managing requests from internal attendees. In this case, you need to create a subnet with the IP address of the server running Exchange Conferencing Server in the perimeter network and a 32-bit subnet mask, such as 255.255.255.255. If you have only one active server running Exchange Conferencing Server in your primary site and do not have a perimeter network, you must create a placeholder subnet and site as described in Task 1 and Task 2. Be aware that, if you create a placeholder site to allow Exchange Conferencing Server to distinguish Internet conferencing clients from local conferencing clients and you have Exchange 2000 running on a member server, you must also define a subnet for the default site and add that server to the Servers folder on the default site. You can only use Active Directory Sites and Services from a computer that has access to a Windows 2000 domain. The Active Directory Sites and Services snap-in is installed on all Windows 2000 domain controllers. To use Active Directory Sites and Services on a computer that is not a domain controller, such as one running Windows 2000 Professional, install the Windows 2000 Administration Tools. Task 1: Create a Placeholder Site 1. Log on to your domain controller as Domain Administrator. 2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services. 3. Right-click the Sites container and then click New Site. 4. In Name, type the name of the new site, for example Internet. 5. Click the DEFAULTIPSITELINK site link object, and then click OK (Figure 1).
Using Microsoft Exchange 2000 Conferencing Server over the Internet
10
Figure 1
New Object – Site dialog box
For detailed information about the steps in this task, see your Windows 2000 online documentation. Task 2: Create a Placeholder Subnet 1. Log on to your domain controller as Domain Administrator. 2. Click Start, point to Programs, point to Administrative Tools, and then click Active Directory Sites and Services. 3. Double-click the Sites container. 4. Right-click the Subnets container, and then click New Subnet. 5. In Address, type 1.1.1.1 for the IP address. 6.
In Mask, type 255.255.255.255 for the subnet mask.
7. Select the Internet site object for this subnet, and then click OK (Figure 2).
Using Microsoft Exchange 2000 Conferencing Server over the Internet
11
Figure 2
New Object – Subnet dialog box
For detailed information about the steps in this task, see your Windows 2000 online documentation.
Step 2: Manage the Conferencing Site In this step, you manage the conferencing site. Before you manage your conferencing site, you should create a new storage group named Conferencing Storage Group, and then create and mount a new mailbox store named Conferencing Mailbox Store Server Name. Use this mailbox store for conferencing calendar mailboxes and resources. By separating the conferencing database from your user’s database, you make it possible to perform a selective backup and restore. 1. Click Start, point to Programs, point to Microsoft Exchange, and then click System Manager. 2. Select your Exchange 2000 Server and click the Action menu, point to New, then click Storage Group. 3. Name the new storage group Conferencing Storage Group. 4. Right-click the new storage group, point to New, and then click Mailbox Store. 5. Name the new mailbox store Conferencing Mailbox Store Server Name. 6. When asked to mount the new mailbox store, click Yes.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
12
7. On the Start menu, point to Programs, point to Microsoft Exchange, and click Conferencing Manager. 8. Right-click the Exchange Conferencing container, and then click Manage. 9. Click OK to choose either the Default-First-Site-Name conferencing site or your Windows 2000 site name conferencing site if you changed the default site name. 10. When prompted to designate the conference calendar mailbox, click Yes. 11. In Conference Calendar Mailbox, click Create, and then type the account information for the mailbox. Note
Although a password is not required, you should use one.
Important Be certain to select the conferencing storage group mailbox store you created for this mailbox. For detailed information about this step, see your Exchange 2000 Server and Exchange 2000 Conferencing Server online documentation.
Step 3: Create Conferencing Resources In this step, you create conference resources. 1. Click Start, point to Programs, point to Microsoft Exchange, and then click Conferencing Manager. 2. Right-click your conferencing site, and then click Properties. 3. Click the Resources tab, and then click Add. 4. In New Resource Mailbox, type the account information. Note Select the conferencing storage group mailbox store you created for this mailbox in “Step 2: Managing the Conferencing Site.” 5. In Resource Properties, click Add, and then select Data Conferencing Provider. Note Data Conferencing Provider is necessary even for video and audio conferences because the H.323 bridge is a component of the Data Conferencing service. 6. In Technology Provider Properties for data conferences, enter the number of planned meeting participants. See Figure 3 for more information.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
13
Figure 3
Data conference Technology Provider Properties dialog box
7. In Resource Properties, click Add, and then select Video Conferencing Provider. 8. In Technology Provider Properties for video conferences, enter the number of planned meeting participants, and select Enable H.323 Data Provider fallback for Audio/Video Conferences. 9. If you are using MADCAP servers to allocate multicast addresses, in Use multicast IP addresses from the following scopes, select the scope. If you are not using MADCAP servers, Conference Management Service randomly allocates a multicast address. See Figure 4 for more information.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
14
Figure 4
Video conference Technology Provider Properties dialog box
10. On the Conference Settings tab, in Access URL for user connections, type the fully qualified domain name (FQDN) of the active host server. This name will take the form of http://servername.yourdomainname.com/conferencing, where yourdomainname is your DNS domain name. See Figure 5 for more information. Note If you configured your settings to allow external participants access the server using a URL in the form of http://www.yourdomainname.com/conferencing, you must add a CNAME record to your DNS settings so that www is mapped to the actual machine name. For information about how to add this record, see the following article in the Microsoft Knowledge Base: Q168322, “Creating a DNS Alias Record”
Using Microsoft Exchange 2000 Conferencing Server over the Internet
15
Figure 5
Conference Settings tab
Important
Do not make the FQDN longer than 32 characters.
Note The naming convention used for the conference resources should indicate the type of Conference Technology Provider used, the number of participants allowed, and, if applicable, the Windows 2000 site name. For example, FSExchConfResDV20 represents a resource with the following attributes: Site name = First site (FS) Conference Technology Provider used = Data and video (DV) Number of allowed participants = 20. For detailed information about this step, see your Exchange 2000 Conferencing Server online documentation.
Step 4: Configure T.120 MCU Properties In this step, you configure T.120 MCU properties. 1. Click Start, point to Programs, point to Microsoft Exchange, and then click Conferencing Manager. 2. In the console tree, click the Data Conferencing Provider container. 3. In the details pane, right-click the T.120 MCU server, and then click Properties. 4. On the General tab, select the Accept client connections from the Internet check box.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
16
5. In Use network name, type the FQDN of the appropriate T.120 MCU server, and then click OK. See Figure 6 for more information.
Figure 6
T.120 MCU server properties dialog box
Important
Do not make the FQDN longer than 32 characters.
6. Allow enough time for replication if you have multiple domain controllers or domains in your topology. Important If you are modifying the Use network name setting in Accept client connections from the Internet from a hostname to a FQDN, to clear the directory services cache, you must either restart the server or use the Dscflush utility from the Exchange 2000 Resource Kit. Note When you want to join an online conference across the Internet, you must enter the FQDN of the active host server in your browser's address field. For detailed information about this step, see your Exchange 2000 Conferencing Server online documentation.
Additional Resources For additional information about Exchange 2000 Conferencing Server, please see the following resources: •Exchange 2000 Conferencing Server and H.323
Using Microsoft Exchange 2000 Conferencing Server over the Internet
17
•Installing Exchange 2000 Conferencing Server in a Mixed Site •Q290174
XCCC: Bandwidth Considerations for Conferencing over Internet
•Q299668 Firewall
XCCC: Configuring Exchange 2000 Conferencing Server Behind a PIX
•Q303098 XCCC: How to Configure Exchange 2000 Conferencing Server and ISA Server to Allow Audio and Video •Q168322
Creating a DNS Alias Record
For more information: http://www.microsoft.com/exchange/
Did this paper help you? Please give us your feedback. On a scale of 1 (poor) to 5 (excellent), how would you rate this paper? mailto:
[email protected]?subject=Feedback: Using Microsoft Exchange 2000 Conferencing Server over the Internet
Using Microsoft Exchange 2000 Conferencing Server over the Internet
18
The information contained in this document represents the current view of Microsoft Corporation on the issues discussed as of the date of publication. Because Microsoft must respond to changing market conditions, it should not be interpreted to be a commitment on the part of Microsoft, and Microsoft cannot guarantee the accuracy of any information presented after the date of publication. This White Paper is for informational purposes only. MICROSOFT MAKES NO WARRANTIES, EXPRESS OR IMPLIED, AS TO THE INFORMATION IN THIS DOCUMENT. Complying with all applicable copyright laws is the responsibility of the user. Without limiting the rights under copyright, no part of this document may be reproduced, stored in or introduced into a retrieval system, or transmitted in any form or by any means (electronic, mechanical, photocopying, recording, or otherwise), or for any purpose, without the express written permission of Microsoft Corporation. Microsoft may have patents, patent applications, trademarks, copyrights, or other intellectual property rights covering subject matter in this document. Except as expressly provided in any written license agreement from Microsoft, the furnishing of this document does not give you any license to these patents, trademarks, copyrights, or other intellectual property. Unless otherwise noted, the example companies, organizations, products, domain names, e-mail addresses, logos, people, places and events depicted herein are fictitious, and no association with any real company, organization, product, domain name, email address, logo, person, place or event is intended or should be inferred. 2001 Microsoft Corporation. All rights reserved. Microsoft, Active Directory, NetMeeting, Windows, and Windows NT are either registered trademarks or trademarks of Microsoft Corporation in the United States and/or other countries. The names of actual companies and products mentioned herein may be the trademarks of their respective owners.
Using Microsoft Exchange 2000 Conferencing Server over the Internet
19