Best practice: Scalability and resilience with ProCall Enterprise via dedicated UC MediaServers
Update status | March 2024 |
---|---|
Product relevance | estos ProCall 7 Enterprise |
Installation and setup of dedicated estos UC MediaServer services to achieve resilience and scalability even for large softphone environments.
Best Practice
The approach described in the best practice procedure requires detailed IT expertise in configuration and administration.
This article refers explicitly to estos ProCall 7 Enterprise. As of estos ProCall 8 Enterprise, these installation, configuration and operating instructions are no longer relevant, as with the release of estos ProCall DataCenter, a sister product specially designed for redundancy and load balancing is available in the estos product portfolio.
Introduction
In its basic structure, the estos UCServer system in a regular default installation consists of three individual services:
- UCServer
- WebServer
- MediaServer
In projects with many SIP extensions that are to be equipped with the estos ProCall Enterprise softphone, an estos UCServer system can sometimes reach its technical scaling limits, since all signaling and administration, as well as the audio streaming of the UC MediaServer service, must be handled by only one Windows host.
Improvements in the three components UCServer, UC MediaServer and UC WebServer in product version 7 have pushed these limits significantly upwards and achieved improvements in fail-safety.
With ProCall 7 Enterprise, the UC MediaServer can optionally be outsourced to its own runtime environment to enable scaling of the UCServer system. Not only does this distribute the processing load over more than one Windows host, but the delay and jitter-sensitive RTP voice traffic on the network interface no longer have to contend with the comparatively much larger data packets from the management interface.
Furthermore, in version 7 it is now possible to operate the estos UCServer with several UC MediaServers and thus achieve automatic load distribution of incoming and outgoing softphone calls using the round-robin method. If one of the connected UC MediaServers fails, this is automatically detected and a failover to the remaining UC MediaServers is performed for new calls.
Example diagram: UCServer with multiple MediaServers
As soon as a previously unavailable estos UC MediaServer resumes regular operation, it is also automatically addressed and used by the estos UCServer again; no further administrative intervention is required for this.
On LAN
Please note that the estos server components should only be distributed and operated within the same LAN. Since no separate measures have been taken in the inter-process communication with regard to routing, for firewalls or NAT techniques, unhindered direct IPv4 communication must be ensured between the separately operated estos server components.
Installation
The installation variant of one or more separately operated estos UC MediaServers is not yet supported by the estos ProCall 7 Enterprise installation routine. This means that when installing an estos ProCall Enterprise server, all three services are always installed and activated together, and a separate selection or deselection of the individually required services is not provided for.
Just like the consequently extraordinary installation measures, special manual configuration measures must also be taken in order to set up and connect UCServers and UC MediaServers that are separated from each other.
With reference to the diagram shown in the introduction, the desired target layout in the following example consists of the operation of an estos UCServer on WinServer 1 and one or more UC MediaServers operated remotely from the UCServer on WinServer 2 to WinServer n.
Incidentally, the estos UC WebServer service is always operated together with the estos UCServer service on the same host.
Software versions
It is mandatory that the hosts are equipped with the identical software version.
First host
On the first regularly installed host (here WinServer 1), on which the UCServer and UC WebServer are operated, the two services estos UCServer and estos UC WebServer as Automatic startup type, and the estos UC MediaServer is switched to the Disabled startup type and stopped.
More hosts
On the other hosts regularly installed with the UCServer installation package (here WinServer 2 to WinServer n), i.e. on the other hosts intended for UC MediaServer, the two services estos UCServer and estos UC WebServer are deactivated in the Microsoft Windows Services and only the estos UC MediaServer is left as Automatic startup type.
After updates
Since the installation routines do not take these separate installation variants into account and the service configuration is always reset to a default installation, please note that after installing an estos ProCall update in the Microsoft Windows Service Manager, the startup type configurations must be changed again.
Example of the distribution of estos server services
Example 1: Operation of two remote UC MediaServers
Two remote UC MediaServers are operated.
WinServer 1 performs only the control services,
WinServer 2 and WinServer 3 handles audio streaming.
Example 2: Another host for streaming
To a fully installed and operating Host WinServer 1, another host will be added for streaming purposes, with the UC MediaServer on Host WinServer 2 offloading the UC MediaServer on Host WinServer 1.
Licensing
Only the UCServer where the users login and where the lines are opened needs to be licensed. The outsourced media servers do not need a license, because the UCServer installation was only used to install the media server. The UCServer (and Web Server) there are disabled and have no function.
Configuration
Addressing the UC MediaServer
In detail, it is the estos UC WebServer service and not the estos UCServer service that controls the estos UC MediaServer service. In the installation standard, the UC WebServer expects the estos UC MediaServer under the IPv4 address 127.0.0.1, i.e. its own local host, which is why the configuration file eucwebconfig.json (in the default directory C:\Program Files\estos\UCServer\config) on WinServer 1 must be adapted accordingly. In the kurento servers section, the URL must be adapted for this, i.e. 127.0.0.1 is to be exchanged here against the IPv4 address of the WinServer 2:
eucwebconfig.json
"kurentoservers" : [
{
"url" : "ws://<IPv4 des WinServer 2>:8888/kurento"
}
],
This could also be used to adjust a port that may have been changed on the UC MediaServer side (standard 8888), but this will not be discussed further here.
If WinServer 2 has e.g. the IPv4 address 10.21.3.11, the following setting results for the eucwebconfig.json on WinServer 1:
eucwebconfig.json
"kurentoservers" : [
{
"url" : "ws://10.21.3.11:8888/kurento"
}
],
The connection of further UC MediaServers to the UC WebServer is done accordingly by further URL specifications. Please note the exact compliance with the json syntax for lines, commas and brackets:
eucwebconfig.json
"kurentoservers" : [
{
"url" : "ws://10.21.3.11:8888/kurento"
},
{
"url": "ws://10.21.3.12:8888/kurento"
}
],
Additionally, please note to keep other possibly existing filter parameters (here candkillipv6, candkilltcp and candonlyturn) in the URL sections unchanged:
eucwebconfig.json
"kurentoservers" : [
{
"url" : "ws://10.21.3.11:8888/kurento",
"candkillipv6": 0,
"candkilltcp": 0,
"candonlyturn": 0
}
],
The configuration file eucwebconfig.json is a configuration file relevant for the UC WebServer. Manual changes to this file are only made active by the UC WebServer when this service is restarted.
Activation of encryption
Since communication between UC WebServer and UC MediaServer takes place via the network and no longer localhost when the estos UC MediaServer is in remote operation, it may be necessary to activate encryption for this communication path for security reasons. This is also done manually via the configuration file eucwebconfig.json.
To enable encryption, change the protocol handler in the URL parameter from WS to WSS and change the TCP port from 8888 (default WebSocket port) to 8433 (default Secure WebSocket port). Encryption is performed in the basic installation using the defaultCertificate.pem certificate (stored in the UC MediaServer directory C:\Program Files\estos\UCServer\MediaService\emswindows\etc\kurento).
Knowledge required
In order for a remotely operated estos UC MediaServer to accept encrypted connection requests, it must be manually reconfigured to encryption mode. This reconfiguration measure requires knowledge that is not included here in this description.
For assistance with this measure, please consult your local support instance as needed.
Example of this reconfiguration
eucwebconfig.json: Encryption not enabled (default)
"kurentoservers" : [
{
"url" : "ws://10.21.3.11:8888/kurento",
"candkillipv6": 0,
"candkilltcp": 0,
"candonlyturn": 0
}
],
eucwebconfig.json: Active encryption
"kurentoservers" : [
{
"url" : "wss://10.21.3.11:8433/kurento",
"candkillipv6": 0,
"candkilltcp": 0,
"candonlyturn": 0
}
],
These manual changes to the configuration file eucwebconfig.json become active only when the UC WebServer service is restarted.