1 Step RoboPDF, ActiveEdit, ActiveTest, Authorware, Blue Sky Software, Blue Sky, Breeze, Breezo, Captivate, Central,
ColdFusion, Contribute, Database Explorer, Director, Dreamweaver, Fireworks, Flash, FlashCast, FlashHelp, Flash Lite,
FlashPaper, Flex, Flex Builder, Fontographer, FreeHand, Generator, HomeSite, JRun, MacRecorder, Macromedia, MXML,
RoboEngine, RoboHelp, RoboInfo, RoboPDF, Roundtrip, Roundtrip HTML, Shockwave, SoundEdit, Studio MX, UltraDev,
and WebHelp are either registered trademarks or trademarks of Macromedia, Inc. and may be registered in the United States or
in other jurisdictions including internationally. Other product names, logos, designs, titles, words, or phrases mentioned within
this publication may be trademarks, service marks, or trade names of Macromedia, Inc. or other entities and may be registered in
certain jurisdictions including internationally.
Third-Party Information
This guide contains links to third-party websites that are not under the control of Macromedia, and Macromedia is not
responsible for the content on any linked site. If you access a third-party website mentioned in this guide, then you do so at your
own risk. Macromedia provides these links only as a convenience, and the inclusion of the link does not imply that Macromedia
endorses or accepts any responsibility for the content on those third-party sites.
For a successful installation and configuration of Macromedia Breeze Edge Server, read the
information provided in this document. It contains the following sections:
■ “Introduction to edge servers” on page 6
■ “Connecting to Breeze through edge servers” on page 8
■ “System requirements” on page 8
■ “Installing Breeze Edge Server” on page 9
■ “The Breeze Edge Server license file” on page 14
■ “Configuring FCS for Breeze Edge Server” on page 14
■ “Mapping the DNS entry for Breeze Edge Server” on page 15
■ “Configuring FCS for SSL” on page 16
■ “Alternative SSL implementations” on page 16
■ “HTTP tunneling” on page 17
■ “Adding the required SSL tags in the Adaptor.xml file” on page 17
■ “Locating the required SSL tags in the Server.xml file” on page 17
■ “Stopping and starting Breeze Edge Server” on page 24
■ “Deploying an edge server cluster” on page 25
■ “Scheduling maintenance” on page 26
5
Introduction to edge servers
Edge servers are configured to allocate and balance access to a Breeze server by using the
existing bandwidth resources more efficiently. Once the edge servers are deployed, users access
Breeze through their edge server. Edge servers authenticate these users and authorize their
requests for web services such as Macromedia Breeze Meeting rather than forwarding every
request to the Breeze server and consuming its resources for these tasks. If the data requested is
found in the edge server’s cache, it returns the Breeze Meeting data to the requesting client
(the user’s computer) without calling upon the Breeze server. This detour to the Breeze server
is transparent to users. In this scenario, no demands are placed on the origin Breeze server.
If the data requested is not found in the edge server’s cache, it forwards the client’s request to
the Breeze server, where the user is authenticated and the request for services authorized. The
Breeze server returns the results to the requesting edge server, which in turn delivers the results
to the requesting client. The edge server also stores this information in its cache, where other
authenticated users can access it. In this scenario, fewer requests for services are forwarded to
the origin Breeze server.
6Macromedia Breeze Edge Server
An edge server is configured to intercept the requests for Breeze services from a particular
zone, to collect or aggregate these requests, and transmit them to the origin Breeze server. The
Breeze server returns the results to the edge server, which forwards the data to the user’s client
computer. A networked Breeze deployment might have multiple edge servers installed. For
example, one edge server might aggregate and forward requests from San Francisco and
another might aggregate and forward requests from Boston. Each edge server gathers the
requests from its clients and forwards them to the origin Breeze server located in a data center
in Chicago, receives the responses from the origin Breeze server, then transmits and distributes
them to the clients in its zone.
Meeting X
Meeting X
San Francisco
Breeze Edge
Boston
Breeze
Chicago
Breeze Edge
Company A
Introduction to edge servers7
Connecting to Breeze through edge
servers
When edge servers are present on an organization’s network, Breeze users connect to Breeze
Meeting indirectly through the edge (or proxy) server. This connection occurs transparently.
To Breeze users, it appears that they are connected directly to the Breeze server hosting Breeze
Meeting, but they are most likely connected through the proxy or edge server servicing their
local network. Edge servers offload traffic to the origin Breeze server caching static content
like recorded Breeze meetings and presentations.
These take place behind the network connection to the Breeze server. The client (the user’s
computer) connects to the edge (proxy) server instead of making a direct connection to Flash
Communication Server (FCS) (Breeze Meeting) directly. The edge server in turn connects to
the origin Breeze server. Many additional steps, such as user authentication and permissions
authorization, are hidden from the Breeze user.
Edge servers provide an additional layer of defense between the user’s Internet connection and
the Breeze server. All traffic coming from the Internet and with Breeze as its destination goes
through the edge server.
System requirements
This release of Edge Server is certified to support up to 500 users or 50 meeting rooms. The
following table lists the hardware requirements for edge servers.
ComponentRequirement
Operating SystemWindows Server 2000
Windows Server 2003
Server ProcessorPentium IV 3.6 GHz
Cache Processor2 MB cache processor
Memory4 GB RAM recommended
2 GB RAM minimum
Hard Drive80 GB 10K RPM recommended
40 GB 7200 RPM minimum
Network AdaptorTCP/IP Adaptor supporting 1 GB over CAT5 Ethernet
DisplaySGVA supporting 800x600 or higher resolution
DriveCD-ROM or DVD-ROM
8Macromedia Breeze Edge Server
Installing Breeze Edge Server
Use the procedures described in this section to install the Breeze Edge Server. Macromedia
recommends that you close all other applications before starting to install.
To install and configure Breeze Edge Server:
1. Insert the installation CD into the CD-ROM drive. If the Macromedia Breeze Edge Server
Setup wizard does not start automatically, double-click the setup.exe file in the installation
CD’s root
The Welcome to the Macromedia Breeze Edge Server Setup Wizard window appears.
folder.
Installing Breeze Edge Server9
2. Click Next to continue.
The License Agreement window appears.
3. Read the agreement, select I Accept the Agreement, and click Next to continue.
The Select Destination Location window appears.
10Macromedia Breeze Edge Server
4. Click Next to accept the default installation location, or click Browse to select a different
location, and then click Next.
If the wizard detects a previous installation of a Breeze Edge Server, you will see the
following screen.
5. Click Next to continue.
The Select Start Menu Folder window appears.
Installing Breeze Edge Server11
6. Accept the default shortcut, or click Browse to select a different location, and then click
Next.
The Ready to Install window alerts you that the Breeze installation is about to begin.
7. Review the choices for the destination folder where Breeze will be installed and for adding
Macromedia Breeze Edge Server to the Start Menu folder.
12Macromedia Breeze Edge Server
8. Click Back if you want to review or change these settings, or click Install to continue.
The Installing Breeze window appears. The wizard is beginning to extract the Breeze Edge
Server files on the installation CD and install them. This process takes less than two
minutes.
9. Click Cancel at any time if you want to abort or cancel the installation.
When the installation is complete, the Completing the Macromedia Breeze Edge Server
Setup Wizard window appears.
10. Click Finish to exit the Edge Server installation.
Installing Breeze Edge Server13
The Breeze Edge Server license file
When your order for Breeze Edge Server is processed, Macromedia Order Services dispatches
an e-mail with the Breeze Edge Server license file (license.lic) attached.
To install the Breeze Edge Server license file, do the following:
1. Go to c:\{install_path}\edgeserver\conf\win32\.
2. Create a folder named licenses, if it does not already exist.
3. Open the e-mail from Macromedia.
4. Save the license.lic file in the licenses folder.
With the license file in place, you can now stop and start Breeze Edge Server and FCS services
to verify that the installation was successful.
For more information, see “Stopping and starting Breeze Edge Server” on page 24.
Configuring FCS for Breeze Edge Server
Each organization configures its network differently, reflecting its business rules and
geographical distribution. The key for a successful edge server deployment is making sure that
the user’s computers (Breeze clients) receive an edge server’s IP address when resolving the
Domain Name Server (DNS) entry for the
ADMIN_HOST).
Here is a scenario for large Breeze deployments that builds upon the graphic in “Introduction
to edge servers” on page 6.
■ On-site clients (Chicago users) can access the Breeze origin server directly. The Breeze
Host DNS mapping for these clients resolves to the Breeze origin server’s IP address.
■ Edge servers collect off-site clients’ (Boston and San Francisco users) requests for services
and route the requests to the Breeze origin server.
■ The Breeze Host DNS mapping for these remote clients resolves to the appropriate edge
server’s IP address.
■ San Francisco clients access Breeze through edge server 1; Boston clients use edge server 2.
No clients in these regions communicate directly with the Breeze origin server.
Access to Breeze is determined by modifying the DNS server that is nearest to the client. To
direct Breeze users to their nearest edge server, the Breeze administrator creates a DNS entry
in the edge server’s custom.ini configuration file. For edge servers, the
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT variable contains the DNS entry.
BREEZEHOST variable (formerly known as
14Macromedia Breeze Edge Server
Mapping the DNS entry for Breeze Edge Server
Mapping the DNS entry for an edge server is comparable to mapping the BREEZE_HOST
variable for Breeze Server on the Breeze Application Management Console. For example, if
the value for BREEZE_HOST (the host name to use in a URL for accessing the Breeze origin
server) is breeze.mycompany. com , the DNS entry for an edge server maps breeze.mycompany.com to the IP address of the nearest edge server.
NOTE
The values in the custom.ini file override the values in the config.ini file. The
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT variable also appears in the
config.ini file. Do not change the values for any variable in the config.ini file.
To configure Breeze Edge Server manually:
1. Open the {install_path}\root directory.
2. Delete the custom.ini file in this directory, if there is one.
3. Create a new text file and save it as custom.ini.
4. Open the custom.ini file with a text editor, such as Notepad.
where yourbreezeserver:80 is the IP address or domain name and port number of the
machine where the Breeze server is installed.
The value for this variable configures the edge server to connect to the Breeze server at this
location.
NOTE
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT should be the only entry in the edge
server custom.ini file.
6. Save the custom.ini file.
You can now start and stop Breeze Edge Server. For more information, see “Stopping and
starting Breeze Edge Server” on page 24.
Configuring the Breeze Edge Server ports
Edge servers are configured to listen on ports 80 and 443 in addition to the default port of
1935. You configure the ports by modifying the
variable is not found in the custom.ini configuration file, you must add the following line to
the file:
DEFAULT_FCS_HOSTPORT=:1935,80,-443
DEFAULT_FCS_HOSTPORT variable. If this
Configuring FCS for Breeze Edge Server15
This tag now specifies that edge servers listen on ports 1935, 80, and 443. A port is defined as
a secure port by placing a minus sign in front of the port number in a configuration variable
or file. For example, you can configure a secure port by editing the
HostPort tag of the
Adaptor.xml file.
<HostPort>:1935,80,-443</HostPort>
Port 443 is designated as a secure port that receives only RTMPS connections. Attempting an
RTMPS connection request to ports 1935 or 80 results in a failure to connect. Similarly, an
unsecured RTMP connection request to port 443 fails to connect.
NOTE
If your Breeze Edge Server uses an external hardware accelerator, port 443 does not
have to be configured as a secure port.
Configuring FCS for SSL
To use FCS for Secure Sockets Layer (SSL)–enabled communications, a secure protocol for
transmitting private documents over the Internet, you must configure the FCS Adaptor.xml
and Server.xml files for native SSL support by defining the appropriate SSL tags.
For example, the default settings for the
Adaptor.xml configures FCS to handle only traffic with the RTMP and RTMPS protocols.
Place this section right after the end tag </HTTPTunneling> but before the </Adaptor> end
root tag.
</SSLServerCtx>
Locating the required SSL tags in the Server.xml file
The SSL-enabling tags in the Server.xml file occur in the following sequence:
■ <SSLEngine>
■ <SSLRandomSeed>
■ <SSLSessionCacheGC>
■ <SSLVerifyCertificate>
■ <SSLCACertificatePath>
■ <SSLCACertificateFile>
■ <SSLVerifyDepth>
■ <SSLCipherSuite>
Configuring FCS for SSL17
Defining the SSL tags in FCS
The following table lists alphabetically all the SSL-specific tags in both the Adaptor.xml and
Server.xml files. You must configure these tags to enable SSL in FCS.
requests are redirected to an
external server such as Breeze.
When FCS receives an
unknown request, the request is
redirected to the specified
redirect host. For redirection to
work, HTTP tunneling must be
enabled.
You can control which port on
the redirect host listens for
redirected traffic.
A request for redirection to a
specific host can be:
Redirect enable=false>
<Host port="80">:8080</Host>
<Host port="443">:8443</Host>
</Redirect>
Adaptor.xmlSSLCertificateFile[none]Specifies the location of the
certificate file to send to the
client. If an absolute path is not
specified, the certificate is
assumed to be located relative
to the Adaptor directory.
Adaptor.xmlSSLCertificateKeyFile type =
PEM
PEMSpecifies the location of the
private key file for the certificate.
If an absolute path is not
specified, the key file is assumed
to be located relative to the
Adaptor directory. If the key file
is encrypted, the pass phrase
must be specified in the
SSLPassPhrase tag.
The type attribute specifies the
type of encoding used for the
certificate key file. This can be
either
PEM or ASN1.
18Macromedia Breeze Edge Server
FCS FileXML TagDefault Description
Adaptor.xmlSSLCipherSuiteSpecifies the ciphers to use.
This is a list of colon-delimited
components. A component can
be a key exchange algorithm,
authentication method,
encryption method, digest type,
or one of a selected number of
aliases for common groupings.
For a list of components, see the
FCS documentation.
The default setting for this tag is:
ALL:!ADH:!LOW:!EXP:!MD5:@STRE
NGTH
Contact Breeze Technical
Support before changing the
default settings.
Adaptor.xmlSSLPassPhrase[none]Specifies the pass phrase to use
for decrypting the private key
file. If the private key file is not
encrypted, leave this tag empty.
Adaptor.xmlSSLSessionTimeout5Specifies in minutes how long a
session remains valid.
Configuring FCS for SSL19
FCS FileXML TagDefault Description
Server.xmlSSLCACertificateFileThis tag configures the server to
act as an SSL client (out-going
SSL connections), and is used
only when making outgoing SSL
connections.
This tag specifies the name of a
file that contains one or more
certificates issued by a valid
Certificate Authority (CA) in the
Privacy Enhanced Mail (PEM)
encryption format.
A CA is an organization such as
Verisign that issues certificates
to people. A certificate is
normally signed by a CA. The CA
is saying that the owner of the
certificate is who he says he is.
The CA has done the necessary
research and background
checks before issuing the
certificate to this person.
This directory specifies the
certificates for CA's that are
considered trusted. If you
encounter a certificate signed by
one of these CA's, you can trust
that the person is who he says
he is because you trust the
issuer of the certificate. Each
certificate in the directory must
be named by the subject name's
hash, and an extension of ".0".
20Macromedia Breeze Edge Server
FCS FileXML TagDefault Description
Server.xmlSSLCACertificatePathThis tag specifies the name of a
directory containing one or more
(CA) certificates.
Windows only: Because MS
Windows installs certificates in
the registry, there is no file
system directory that contains
all the certificates of trusted root
certificates. You must import the
certificates installed in the
Windows certificate store into
individual certificates and placed
in a directory accessible by
OpenSSL.
To import these certificates, you
run FCSMaster -console initialize. This will import the
certificates from the Windows
certificate store to the directory
specified by this configuration
tag.
If this tag is empty, the
certificates are imported to the
certs directory, which is at the
same level as the conf directory.
When verifying a certificate,
FCS will look for trusted root
certificates in the file specified
by the
SSLCACertificateFile tag
or in the directory specified by
SSLCACertificatePath tag. If
the
the
SSLCACertificatePath tag is
empty, FCS will try to find the
root cert in the default certs
directory.
Configuring FCS for SSL21
FCS FileXML TagDefault Description
Server.xmlSSLCipherSuiteSpecifies the ciphers to use.
This is a list of colon-delimited
components. A component can
be a key exchange algorithm,
authentication method,
encryption method, digest type,
or one of a selected number of
aliases for common groupings.
For a list of components, see the
FCS documentation.
The default setting for this tag is:
ALL:!ADH:!LOW:!EXP:!MD5:
@STRENGTH
Contact Breeze Technical
Support before changing the
default settings.
Server.xmlSSLEngine[none]Specifies the cryptographic
accelerator to use, if any. The
following cryptographic engines
are allowed: cswift, chil, atalla,
nuron, ubsec, aep, surewave, or
4758cca. Each item identifies a
type of cryptographic hardware
accelerator.
A cryptographic accelerator is a
piece of hardware that offloads
the CPU-intensive
cryptographic operations,
thereby reducing the demand on
resources and making the server
more scalable.
22Macromedia Breeze Edge Server
FCS FileXML TagDefault Description
Server.xmlSSLCACertificatePath[none]Specifies the name of a
directory containing CA
certificates. Each file in the
directory must contain only a
single CA certificate, and the
files must be named by the
subject name's hash and an
extension of ".0".
Win32 Only: If this tag is empty,
FCS attempts to find CA
certificates in the certs directory
located at the same level as the
conf directory. The Windows
cert store can be imported into
this directory by running
FCSMaster -console -initialize
from the command line.
Server.xmlSSLRandomSeed16Specifies the number of bytes of
entropy to use for seeding the
pseudo–random number
generator (PRNG). Entropy is a
measure of randomness. The
more entropy, the more random
numbers from the PRNG will be.
The default number is 16. You
cannot specify less than 8 bytes,
Server.xmlSSLSessionCacheGC5Specifies in minutes how often
to flush expired sessions from
the server-side session cache.
Configuring FCS for SSL23
FCS FileXML TagDefault Description
Server.xmlSSLVerifyCertificatetrueConfigures the server to act as
an SSL client (out-going SSL
connections). The tag specifies
whether or not to verify the
certificate that is returned by the
server being connected to.
Certificate verification is enabled
by default. To disable certificate
verification, specify false.
Warning: Disabling the
certificate verification can result
in a security risk.
Server.xmlSSLVerifyDepth9Configures the server to act as
an SSL client (out-going SSL
connections).
The tag specifies the maximum
depth in the certificate chain we
are willing to accept. If a selfsigned root certificate cannot be
found within this depth, the
certificate verification will fail.
Stopping and starting Breeze Edge
Server
You can verify that the installation was successful by stopping and starting Breeze Edge Server
and the FCS services that support it.
■ Locate the following services: Flash Communication Administration Server and Flash
Communication Server.
Their status should read “stopped.”
Deploying an edge server cluster
Macromedia Breeze provides support for clustering edge servers. If your license permits it, you
can set up, install, and configure a cluster of edge servers on multiple networked computers.
Deploying edge servers in a cluster has many benefits:
■ Clustered edge servers increase the users’ accessibility to Breeze and improve the
performance of the origin Breeze server’s response to users’ requests for services.
■ Clustered edge servers allow Breeze users to continue accessing Breeze without
interruption even when one of the servers in the cluster or the entire cluster fails.
Deploying an edge server cluster25
Here are the basic steps in installing and configuring a cluster of edge servers.
1. Make sure each computer in the cluster meets the hardware, software, and network
requirements, as described in
2. Install the Breeze Edge Server license file on each edge server as described in “The Breeze
“System requirements” on page 8.
Edge Server license file” on page 14.
3. Configure FCS for each edge server in the cluster, as described in “Configuring FCS for
Breeze Edge Server” on page 14.
4. If you going to use the secured SSL protocol, configure FCS, as described in “Configuring
FCS for SSL” on page 16.
5. Set up a load balancer on the network and configure it to listen on port 80.
■Consult the vendor documentation for instructions on how to configure the load
balancer.
Scheduling maintenance
Macromedia recommends that you create a weekly scheduled task to clear the edge server
cache.
To create this scheduled task:
1. Create a cache.bat file to delete the cache directory. The entry in this file should have the
following syntax:
del /Q /S <cache directory>\*.*
The default cache directory is C:\breeze\edgeserver\win32\cache\http. The command is:
del /Q /S c:\breeze\edgeserver\win32\cache\http\*.*
2. Run the cache.bat file and verify that it deletes files in the cache directory.
■Note that the directory structure remains; this is an expected behavior.
■Any files currently locked by the edge server are not deleted; this is also an expected