Macromedia BREEZE 5 User Manual

Installing and Configuring Breeze Edge Server
Trademarks
1 Step RoboPDF, ActiveEdit, ActiveTest, Authorware, Blue Sky Software, Blue Sky, Breeze, Breezo, Captivate, Central, ColdFusion, Contribute, Database Explorer, Director, Dreamweaver, Fireworks, Flash, FlashCast, FlashHelp, Flash Lite, FlashPaper, Flex, Flex Builder, Fontographer, FreeHand, Generator, HomeSite, JRun, MacRecorder, Macromedia, MXML, RoboEngine, RoboHelp, RoboInfo, RoboPDF, Roundtrip, Roundtrip HTML, Shockwave, SoundEdit, Studio MX, UltraDev, and WebHelp are either registered trademarks or trademarks of Macromedia, Inc. and may be registered in the United States or in other jurisdictions including internationally. Other product names, logos, designs, titles, words, or phrases mentioned within this publication may be trademarks, service marks, or trade names of Macromedia, Inc. or other entities and may be registered in certain jurisdictions including internationally.
Third-Party Information
This guide contains links to third-party websites that are not under the control of Macromedia, and Macromedia is not responsible for the content on any linked site. If you access a third-party website mentioned in this guide, then you do so at your own risk. Macromedia provides these links only as a convenience, and the inclusion of the link does not imply that Macromedia endorses or accepts any responsibility for the content on those third-party sites.
Copyright © 2005 Macromedia, Inc. All rights reserved. This manual may not be copied, photocopied, reproduced, translated, or converted to any electronic or machine-readable form in whole or in part without written approval from Macromedia, Inc. Notwithstanding the foregoing, the owner or authorized user of a valid copy of the software with which this manual was provided may print out one copy of this manual from an electronic version of this manual for the sole purpose of such owner or authorized user learning to use such software, provided that no part of this manual may be printed out, reproduced, distributed, resold, or transmitted for any other purposes, including, without limitation, commercial purposes, such as selling copies of this documentation or providing paid-for support services.
Acknowledgments
Project Management: Stephanie Gowin
Writing: John Norton
Editing: John Hammett
Production Management: Patrice O’Neill
Media Design and Production: Adam Barnett, Paul Benkman, John Francis, Mario Reynoso
Second Edition: October 2005
Macromedia, Inc. 601 Townsend St. San Francisco, CA 94103

Contents

Introduction to edge servers . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6
Connecting to Breeze through edge servers . . . . . . . . . . . . . . . . . . . . . . .8
System requirements. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8
Installing Breeze Edge Server . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . .9
The Breeze Edge Server license file . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring FCS for Breeze Edge Server . . . . . . . . . . . . . . . . . . . . . . . . 14
Configuring FCS for SSL . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 16
Stopping and starting Breeze Edge Server . . . . . . . . . . . . . . . . . . . . . . 24
Deploying an edge server cluster . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 25
Scheduling maintenance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 26
3
4Contents

Macromedia Breeze Edge Server

For a successful installation and configuration of Macromedia Breeze Edge Server, read the information provided in this document. It contains the following sections:
“Introduction to edge servers” on page 6
“Connecting to Breeze through edge servers” on page 8
“System requirements” on page 8
“Installing Breeze Edge Server” on page 9
“The Breeze Edge Server license file” on page 14
“Configuring FCS for Breeze Edge Server” on page 14
“Mapping the DNS entry for Breeze Edge Server” on page 15
“Configuring FCS for SSL” on page 16
“Alternative SSL implementations” on page 16
“HTTP tunneling” on page 17
“Adding the required SSL tags in the Adaptor.xml file” on page 17
“Locating the required SSL tags in the Server.xml file” on page 17
“Stopping and starting Breeze Edge Server” on page 24
“Deploying an edge server cluster” on page 25
“Scheduling maintenance” on page 26
5

Introduction to edge servers

Edge servers are configured to allocate and balance access to a Breeze server by using the existing bandwidth resources more efficiently. Once the edge servers are deployed, users access Breeze through their edge server. Edge servers authenticate these users and authorize their requests for web services such as Macromedia Breeze Meeting rather than forwarding every request to the Breeze server and consuming its resources for these tasks. If the data requested is found in the edge server’s cache, it returns the Breeze Meeting data to the requesting client (the user’s computer) without calling upon the Breeze server. This detour to the Breeze server is transparent to users. In this scenario, no demands are placed on the origin Breeze server.
If the data requested is not found in the edge server’s cache, it forwards the client’s request to the Breeze server, where the user is authenticated and the request for services authorized. The Breeze server returns the results to the requesting edge server, which in turn delivers the results to the requesting client. The edge server also stores this information in its cache, where other authenticated users can access it. In this scenario, fewer requests for services are forwarded to the origin Breeze server.
6 Macromedia Breeze Edge Server
An edge server is configured to intercept the requests for Breeze services from a particular zone, to collect or aggregate these requests, and transmit them to the origin Breeze server. The Breeze server returns the results to the edge server, which forwards the data to the user’s client computer. A networked Breeze deployment might have multiple edge servers installed. For example, one edge server might aggregate and forward requests from San Francisco and another might aggregate and forward requests from Boston. Each edge server gathers the requests from its clients and forwards them to the origin Breeze server located in a data center in Chicago, receives the responses from the origin Breeze server, then transmits and distributes them to the clients in its zone.
Meeting X
Meeting X
San Francisco
Breeze Edge
Boston
Breeze
Chicago
Breeze Edge
Company A
Introduction to edge servers 7

Connecting to Breeze through edge servers

When edge servers are present on an organization’s network, Breeze users connect to Breeze Meeting indirectly through the edge (or proxy) server. This connection occurs transparently. To Breeze users, it appears that they are connected directly to the Breeze server hosting Breeze Meeting, but they are most likely connected through the proxy or edge server servicing their local network. Edge servers offload traffic to the origin Breeze server caching static content like recorded Breeze meetings and presentations.
These take place behind the network connection to the Breeze server. The client (the user’s computer) connects to the edge (proxy) server instead of making a direct connection to Flash Communication Server (FCS) (Breeze Meeting) directly. The edge server in turn connects to the origin Breeze server. Many additional steps, such as user authentication and permissions authorization, are hidden from the Breeze user.
Edge servers provide an additional layer of defense between the user’s Internet connection and the Breeze server. All traffic coming from the Internet and with Breeze as its destination goes through the edge server.

System requirements

This release of Edge Server is certified to support up to 500 users or 50 meeting rooms. The following table lists the hardware requirements for edge servers.
Component Requirement
Operating System Windows Server 2000
Windows Server 2003
Server Processor Pentium IV 3.6 GHz
Cache Processor 2 MB cache processor
Memory 4 GB RAM recommended
2 GB RAM minimum
Hard Drive 80 GB 10K RPM recommended
40 GB 7200 RPM minimum
Network Adaptor TCP/IP Adaptor supporting 1 GB over CAT5 Ethernet
Display SGVA supporting 800x600 or higher resolution
Drive CD-ROM or DVD-ROM
8 Macromedia Breeze Edge Server

Installing Breeze Edge Server

Use the procedures described in this section to install the Breeze Edge Server. Macromedia recommends that you close all other applications before starting to install.
To install and configure Breeze Edge Server:
1. Insert the installation CD into the CD-ROM drive. If the Macromedia Breeze Edge Server
Setup wizard does not start automatically, double-click the setup.exe file in the installation CD’s root
The Welcome to the Macromedia Breeze Edge Server Setup Wizard window appears.
folder.
Installing Breeze Edge Server 9
2. Click Next to continue.
The License Agreement window appears.
3. Read the agreement, select I Accept the Agreement, and click Next to continue.
The Select Destination Location window appears.
10 Macromedia Breeze Edge Server
4. Click Next to accept the default installation location, or click Browse to select a different
location, and then click Next.
If the wizard detects a previous installation of a Breeze Edge Server, you will see the following screen.
5. Click Next to continue.
The Select Start Menu Folder window appears.
Installing Breeze Edge Server 11
6. Accept the default shortcut, or click Browse to select a different location, and then click
Next.
The Ready to Install window alerts you that the Breeze installation is about to begin.
7. Review the choices for the destination folder where Breeze will be installed and for adding
Macromedia Breeze Edge Server to the Start Menu folder.
12 Macromedia Breeze Edge Server
8. Click Back if you want to review or change these settings, or click Install to continue.
The Installing Breeze window appears. The wizard is beginning to extract the Breeze Edge Server files on the installation CD and install them. This process takes less than two minutes.
9. Click Cancel at any time if you want to abort or cancel the installation.
When the installation is complete, the Completing the Macromedia Breeze Edge Server Setup Wizard window appears.
10. Click Finish to exit the Edge Server installation.
Installing Breeze Edge Server 13

The Breeze Edge Server license file

When your order for Breeze Edge Server is processed, Macromedia Order Services dispatches an e-mail with the Breeze Edge Server license file (license.lic) attached.
To install the Breeze Edge Server license file, do the following:
1. Go to c:\{install_path}\edgeserver\conf\win32\.
2. Create a folder named licenses, if it does not already exist.
3. Open the e-mail from Macromedia.
4. Save the license.lic file in the licenses folder.
With the license file in place, you can now stop and start Breeze Edge Server and FCS services to verify that the installation was successful.
For more information, see “Stopping and starting Breeze Edge Server” on page 24.

Configuring FCS for Breeze Edge Server

Each organization configures its network differently, reflecting its business rules and geographical distribution. The key for a successful edge server deployment is making sure that the user’s computers (Breeze clients) receive an edge server’s IP address when resolving the Domain Name Server (DNS) entry for the
ADMIN_HOST).
Here is a scenario for large Breeze deployments that builds upon the graphic in “Introduction
to edge servers” on page 6.
On-site clients (Chicago users) can access the Breeze origin server directly. The Breeze
Host DNS mapping for these clients resolves to the Breeze origin server’s IP address.
Edge servers collect off-site clients’ (Boston and San Francisco users) requests for services
and route the requests to the Breeze origin server.
The Breeze Host DNS mapping for these remote clients resolves to the appropriate edge
server’s IP address.
San Francisco clients access Breeze through edge server 1; Boston clients use edge server 2.
No clients in these regions communicate directly with the Breeze origin server.
Access to Breeze is determined by modifying the DNS server that is nearest to the client. To direct Breeze users to their nearest edge server, the Breeze administrator creates a DNS entry in the edge server’s custom.ini configuration file. For edge servers, the
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT variable contains the DNS entry.
BREEZEHOST variable (formerly known as
14 Macromedia Breeze Edge Server

Mapping the DNS entry for Breeze Edge Server

Mapping the DNS entry for an edge server is comparable to mapping the BREEZE_HOST variable for Breeze Server on the Breeze Application Management Console. For example, if the value for BREEZE_HOST (the host name to use in a URL for accessing the Breeze origin server) is breeze.mycompany. com , the DNS entry for an edge server maps breeze.mycompany.com to the IP address of the nearest edge server.
NOTE
The values in the custom.ini file override the values in the config.ini file. The FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT variable also appears in the config.ini file. Do not change the values for any variable in the config.ini file.
To configure Breeze Edge Server manually:
1. Open the {install_path}\root directory.
2. Delete the custom.ini file in this directory, if there is one.
3. Create a new text file and save it as custom.ini.
4. Open the custom.ini file with a text editor, such as Notepad.
5. Add the following line to the custom.ini file:
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT=yourbreezeserver:80
where yourbreezeserver:80 is the IP address or domain name and port number of the machine where the Breeze server is installed.
The value for this variable configures the edge server to connect to the Breeze server at this location.
NOTE
FCS.HTTPCACHE_BREEZE_SERVER_NORMAL_PORT should be the only entry in the edge server custom.ini file.
6. Save the custom.ini file.
You can now start and stop Breeze Edge Server. For more information, see “Stopping and
starting Breeze Edge Server” on page 24.

Configuring the Breeze Edge Server ports

Edge servers are configured to listen on ports 80 and 443 in addition to the default port of
1935. You configure the ports by modifying the variable is not found in the custom.ini configuration file, you must add the following line to the file:
DEFAULT_FCS_HOSTPORT=:1935,80,-443
DEFAULT_FCS_HOSTPORT variable. If this
Configuring FCS for Breeze Edge Server 15
This tag now specifies that edge servers listen on ports 1935, 80, and 443. A port is defined as a secure port by placing a minus sign in front of the port number in a configuration variable or file. For example, you can configure a secure port by editing the
HostPort tag of the
Adaptor.xml file.
<HostPort>:1935,80,-443</HostPort>
Port 443 is designated as a secure port that receives only RTMPS connections. Attempting an RTMPS connection request to ports 1935 or 80 results in a failure to connect. Similarly, an unsecured RTMP connection request to port 443 fails to connect.
NOTE
If your Breeze Edge Server uses an external hardware accelerator, port 443 does not have to be configured as a secure port.

Configuring FCS for SSL

To use FCS for Secure Sockets Layer (SSL)–enabled communications, a secure protocol for transmitting private documents over the Internet, you must configure the FCS Adaptor.xml and Server.xml files for native SSL support by defining the appropriate SSL tags.
For example, the default settings for the Adaptor.xml configures FCS to handle only traffic with the RTMP and RTMPS protocols.
<Redirect enable="true">
<Host port="80">:8080</Host> <Host port="443">:8443</Host>
</Redirect>
The default location of the FCS files is c:\breeze\conserv. The configuration files for FCS are found in
c:\breeze\comserv\win32\conf.
Redirect tag in the HTTPTunneling section of

Alternative SSL implementations

FCS also supports the following implementations for SSL-secured transmissions:
SSL through an external hardware accelerator
SSL through an internal PCI card
NOTE
The PCI-card based implementation has not been tested at this writing.
16 Macromedia Breeze Edge Server

HTTP tunneling

For SSL to work properly, HTTP tunneling must be enabled. Clients use HTTP tunneling to connect to the server via SSL.
NOTE
HTTP tunneling is enabled by default. No user action is required.

Adding the required SSL tags in the Adaptor.xml file

All SSL tags in the Server.xml file are included by default. Not all of the required SSL tags in Adaptor.xml are present by default, however.
You need to insert the following SSL-specific tags in the Adaptor.xml file.
<SSL>
<SSLServerCtx>
<SSLCertificateFile></SSLCertificateFile> <SSLCertificateKeyFile type="PEM"></SSLCertificateKeyFile> <SSLPassPhrase></SSLPassPhrase> <SSLCipherSuite></SSLCipherSuite> <SSLSessionTimeout>5</SSLSessionTimeout>
</SSL>
Place this section right after the end tag </HTTPTunneling> but before the </Adaptor> end root tag.
</SSLServerCtx>

Locating the required SSL tags in the Server.xml file

The SSL-enabling tags in the Server.xml file occur in the following sequence:
<SSLEngine>
<SSLRandomSeed>
<SSLSessionCacheGC>
<SSLVerifyCertificate>
<SSLCACertificatePath>
<SSLCACertificateFile>
<SSLVerifyDepth>
<SSLCipherSuite>
Configuring FCS for SSL 17

Defining the SSL tags in FCS

The following table lists alphabetically all the SSL-specific tags in both the Adaptor.xml and Server.xml files. You must configure these tags to enable SSL in FCS.
FCS File XML Tag Default Description
Adaptor.xml Redirect [none] Specifies whether unknown
requests are redirected to an external server such as Breeze. When FCS receives an unknown request, the request is redirected to the specified redirect host. For redirection to work, HTTP tunneling must be enabled. You can control which port on the redirect host listens for redirected traffic. A request for redirection to a specific host can be:
Redirect enable=false>
<Host port="80">:8080</Host>
<Host port="443">:8443</Host>
</Redirect>
Adaptor.xml SSLCertificateFile [none] Specifies the location of the
certificate file to send to the client. If an absolute path is not specified, the certificate is assumed to be located relative to the Adaptor directory.
Adaptor.xml SSLCertificateKeyFile type =
PEM
PEM Specifies the location of the
private key file for the certificate. If an absolute path is not specified, the key file is assumed to be located relative to the Adaptor directory. If the key file is encrypted, the pass phrase must be specified in the
SSLPassPhrase tag.
The type attribute specifies the type of encoding used for the certificate key file. This can be either
PEM or ASN1.
18 Macromedia Breeze Edge Server
FCS File XML Tag Default Description
Adaptor.xml SSLCipherSuite Specifies the ciphers to use.
This is a list of colon-delimited components. A component can be a key exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings. For a list of components, see the FCS documentation. The default setting for this tag is:
ALL:!ADH:!LOW:!EXP:!MD5:@STRE
NGTH
Contact Breeze Technical Support before changing the default settings.
Adaptor.xml SSLPassPhrase [none] Specifies the pass phrase to use
for decrypting the private key file. If the private key file is not encrypted, leave this tag empty.
Adaptor.xml SSLSessionTimeout 5 Specifies in minutes how long a
session remains valid.
Configuring FCS for SSL 19
FCS File XML Tag Default Description
Server.xml SSLCACertificateFile This tag configures the server to
act as an SSL client (out-going SSL connections), and is used only when making outgoing SSL connections. This tag specifies the name of a file that contains one or more certificates issued by a valid Certificate Authority (CA) in the Privacy Enhanced Mail (PEM) encryption format. A CA is an organization such as Verisign that issues certificates to people. A certificate is normally signed by a CA. The CA is saying that the owner of the certificate is who he says he is. The CA has done the necessary research and background checks before issuing the certificate to this person. This directory specifies the certificates for CA's that are considered trusted. If you encounter a certificate signed by one of these CA's, you can trust that the person is who he says he is because you trust the issuer of the certificate. Each certificate in the directory must be named by the subject name's hash, and an extension of ".0".
20 Macromedia Breeze Edge Server
FCS File XML Tag Default Description
Server.xml SSLCACertificatePath This tag specifies the name of a
directory containing one or more (CA) certificates. Windows only: Because MS Windows installs certificates in the registry, there is no file system directory that contains all the certificates of trusted root certificates. You must import the certificates installed in the Windows certificate store into individual certificates and placed in a directory accessible by OpenSSL. To import these certificates, you run FCSMaster -console ­initialize. This will import the certificates from the Windows certificate store to the directory specified by this configuration tag. If this tag is empty, the certificates are imported to the certs directory, which is at the same level as the conf directory. When verifying a certificate, FCS will look for trusted root certificates in the file specified by the
SSLCACertificateFile tag
or in the directory specified by
SSLCACertificatePath tag. If
the the
SSLCACertificatePath tag is
empty, FCS will try to find the root cert in the default certs directory.
Configuring FCS for SSL 21
FCS File XML Tag Default Description
Server.xml SSLCipherSuite Specifies the ciphers to use.
This is a list of colon-delimited components. A component can be a key exchange algorithm, authentication method, encryption method, digest type, or one of a selected number of aliases for common groupings. For a list of components, see the FCS documentation. The default setting for this tag is:
ALL:!ADH:!LOW:!EXP:!MD5:
@STRENGTH
Contact Breeze Technical Support before changing the default settings.
Server.xml SSLEngine [none] Specifies the cryptographic
accelerator to use, if any. The following cryptographic engines are allowed: cswift, chil, atalla, nuron, ubsec, aep, surewave, or 4758cca. Each item identifies a type of cryptographic hardware accelerator. A cryptographic accelerator is a piece of hardware that offloads the CPU-intensive cryptographic operations, thereby reducing the demand on resources and making the server more scalable.
22 Macromedia Breeze Edge Server
FCS File XML Tag Default Description
Server.xml SSLCACertificatePath [none] Specifies the name of a
directory containing CA certificates. Each file in the directory must contain only a single CA certificate, and the files must be named by the subject name's hash and an extension of ".0". Win32 Only: If this tag is empty, FCS attempts to find CA certificates in the certs directory located at the same level as the conf directory. The Windows cert store can be imported into this directory by running FCSMaster -console -initialize from the command line.
Server.xml SSLRandomSeed 16 Specifies the number of bytes of
entropy to use for seeding the pseudo–random number generator (PRNG). Entropy is a measure of randomness. The more entropy, the more random numbers from the PRNG will be. The default number is 16. You cannot specify less than 8 bytes,
Server.xml SSLSessionCacheGC 5 Specifies in minutes how often
to flush expired sessions from the server-side session cache.
Configuring FCS for SSL 23
FCS File XML Tag Default Description
Server.xml SSLVerifyCertificate true Configures the server to act as
an SSL client (out-going SSL connections). The tag specifies whether or not to verify the certificate that is returned by the server being connected to. Certificate verification is enabled by default. To disable certificate verification, specify false. Warning: Disabling the certificate verification can result in a security risk.
Server.xml SSLVerifyDepth 9 Configures the server to act as
an SSL client (out-going SSL connections). The tag specifies the maximum depth in the certificate chain we are willing to accept. If a self­signed root certificate cannot be found within this depth, the certificate verification will fail.

Stopping and starting Breeze Edge Server

You can verify that the installation was successful by stopping and starting Breeze Edge Server and the FCS services that support it.
To start Breeze Edge Server:
Select Start > Programs > Macromedia Breeze Edge Server > Start Breeze Edge Server.
To verify that Edge Server is operating:
Go to the Control Panel.
Select the Services Panel.
Locate the following services: Flash Communication Administration Server and Flash
Communication Server.
Their status should read “started.”
24 Macromedia Breeze Edge Server
To stop Breeze Edge Server:
Select Start > Programs > Macromedia > Macromedia Breeze 5 > Stop Breeze Server.
To verify that Edge Server is not operating:
Go to the Control Panel.
Select the Services Panel.
Locate the following services: Flash Communication Administration Server and Flash
Communication Server.
Their status should read “stopped.”

Deploying an edge server cluster

Macromedia Breeze provides support for clustering edge servers. If your license permits it, you can set up, install, and configure a cluster of edge servers on multiple networked computers. Deploying edge servers in a cluster has many benefits:
Clustered edge servers increase the users’ accessibility to Breeze and improve the
performance of the origin Breeze server’s response to users’ requests for services.
Clustered edge servers allow Breeze users to continue accessing Breeze without
interruption even when one of the servers in the cluster or the entire cluster fails.
Deploying an edge server cluster 25
Here are the basic steps in installing and configuring a cluster of edge servers.
1. Make sure each computer in the cluster meets the hardware, software, and network
requirements, as described in
2. Install the Breeze Edge Server license file on each edge server as described in “The Breeze
“System requirements” on page 8.
Edge Server license file” on page 14.
3. Configure FCS for each edge server in the cluster, as described in “Configuring FCS for
Breeze Edge Server” on page 14.
4. If you going to use the secured SSL protocol, configure FCS, as described in “Configuring
FCS for SSL” on page 16.
5. Set up a load balancer on the network and configure it to listen on port 80.
Consult the vendor documentation for instructions on how to configure the load
balancer.

Scheduling maintenance

Macromedia recommends that you create a weekly scheduled task to clear the edge server cache.
To create this scheduled task:
1. Create a cache.bat file to delete the cache directory. The entry in this file should have the
following syntax:
del /Q /S <cache directory>\*.*
The default cache directory is C:\breeze\edgeserver\win32\cache\http. The command is:
del /Q /S c:\breeze\edgeserver\win32\cache\http\*.*
2. Run the cache.bat file and verify that it deletes files in the cache directory.
Note that the directory structure remains; this is an expected behavior.
Any files currently locked by the edge server are not deleted; this is also an expected
behavior.
3. Select Control Panel > Scheduled Tasks > Add Scheduled Task.
4. Select cache.bat as the new file to run.
5. Macromedia recommends that you schedule the task to run weekly during off hours, such
as early Sunday morning.
6. Replicate this procedure on each installed edge server.
26 Macromedia Breeze Edge Server
Loading...