Signiant Support

12.1 Media Exchange Best Practices User's Guide Print



Media Exchange Best Practices

This guide is written for systems architects and systems administrators who want to familiarize themselves with Signiant's Media Exchange product. It also offers suggestions on planning Signiant Media Exchange deployments.


Introduction

This guide assumes the reader has basic familiarity with Signiant architecture. This document helps you understand the following:

Signiant components:

  • The purpose of each component that can be used in a Media Exchange deployment.
  • The suggested location for each of these components.

Deployment:

  • What questions should I ask before deploying Media Exchange?

Growth:

  • How can I maximize availability and performance?
  • How can I simplify future growth?
  • How can I future proof my installation?

Important

This document is updated from time to time. To ensure that you have the latest version, visit support.signiant.com. If you don't have access, contact support@signiant.com and request a login id.

Intended Audience

This document is intended for people responsible for installing Signiant Media Exchange in an organization.

Document Availability

This document makes reference to published customer documentation. A version may be distributed with the documentation set that comes with your Signiant installation bundle.


Media Exchange Agents

Media Exchange requires that certain Signiant agents are designated as a Media Exchange Agent and configured for use in a Media Exchange installation. Media Exchange Agents support uploads and downloads for Media Exchange users.

Typically, you want to locate these agents near corporate storage to facilitate high-speed data transfers. A Media Exchange Agent allows users to download or upload package content using their web-browser.

TIP: Always create load-balanced agent groups for Media Exchange Agents (even if they only have one agent in them). This simple step will help you migrate to a load-balanced configuration much more easily in the future. See the TIP on adding users to load-balanced groups below.

Media Exchange Storage Configuration

Media Exchange Agents require access to the Media Exchange repository. The Media Exchange holds all the files that make up packages that are transferred with Media Exchange. The repository must be locally accessible to the Media Exchange Agent. It can be local, SAN, or NAS (CIFS/NFS). The speed of Media Exchange transfers depends on disk read and writes. Therefore, Signiant recommends every effort be made to ensure that high-speed media is connected to Media Exchange Agents and that they have high-speed connections to ensure proper functionality.

These repositories contain the data files associated with Media Exchange packages and can grow rapidly over time. Signiant recommends the use of highly available NAS or SAN systems be used as the storage mechanisms for Media Exchange repositories.

The Media Exchange repository is configured on an agent-by-agent basis. Choose the repository path WISELY.  While it is possible to change this path in future, Signiant recommends against it since doing so may result in existing data being no longer accessible.


Media Exchange Deployments

This chapter outlines sample Media Exchange deployments, the components, and offers some key points to understand in their use.

Media Exchange Components

Media Exchange-Enabled Manager

A Media Exchange-enabled manager (also called a Media Exchange manager) is a Signiant Manager with a Media Exchange license enabled.

Media Exchange Agents

As an administrator, you will need to designate specific Signiant agents as 'Media Exchange-enabled' (Media Exchange Agents). In most situations, you want to locate these agents near corporate storage. A Media Exchange Agent allows users to download or upload package content from their web-browser.

Media Exchange-Enabled Relays

Media Exchange-enabled relays are Signiant agents that have been designated as 'routing points' for Media Exchange upload/download traffic.

Media Exchange Web Servers

In distributed, global configurations you may wish to place Media Exchange Web Servers in key geographic locations. These optional web servers are used to speed up the loading of the web pages associated with the Media Exchange and to eliminate the need for users to connect directly to the Signiant Manager.


Minimal Install for Media Exchange

A minimal Signiant Media Exchange installation requires at least these three components:

  • A Signiant Manager with Media Exchange enabled (requires a license).
  • A Media Exchange Agent.
  • At least one Media Exchange client (i.e. the browser based interface to Media Exchange).

Most installations will have more than one Media Exchange client and depending on complexity of the install, multiple Media Exchange Agents and/or Managers.

minimal_deploy.png

This simple configuration is well suited to be deployed as a test environment. It is also suited for rapid deployment or for an organization that must receive content but won’t have a large number of users.

Larger organizations may want to add further components since this configuration lacks redundancy given that both the Agent and Manager are single points of failure.

Note: Customers requiring more resilient systems should consider some of the more failure resistant options listed in this document.

Network Notes (Allow Rules):

Source Destination Protocol
Port Src (from) Port Dst (to)  
Any User 443 Manager TCP
Any Any 49221 MX Agents TCP
Any Any 49221 MX Agents UDP
Any Any 8080 MX Agents TCP

Relayed Installation for Media Exchange

Most organizations protect their Media Exchange infrastructure by adding firewalls. This often causes routing issues where two machines can no longer connect to each other. Adding a Media Exchange enabled relay allows you to secure (hide) your internal network by exposing the relay (in a DMZ) as the apparent target of a user's Signiant transfers. The relay redirects Media Exchange traffic between two Signiant hosts that otherwise may not be able to directly access each one.

relay_deploy.png

This solution is best suited when an organization wants to protect internal Signiant assets.

Signiant recommends the use of relays to separate traffic that comes from or is destined for external networks.

Capacity: A single relay agent can handle 30 relayed connections.

Note:
  • This installation has no redundancy (many single points of failure). Customers requiring more resilient systems should consider some of the more failure resistant options listed in this document.
  • Users still need access to the Signiant manager (for web traffic for Media Exchange).

Network Notes (Allow Rules):

Source Destination Protocol
Port Src (from) Port Dst (to)  
Any User 443 Manager TCP
Any Any 49221 MX Relay Agent TCP
Any Any 49221-49321 MX Relay Agent UDP
Any Any 80 MX Relay Agent TCP
49221 MX Relay Agent 49221 MX Agents TCP
49221-49231 MX Relay Agent 49221 MX Agents UDP
Any MX Relay Agent 8080 MX Agents TCP

Using Relays in Load Balanced Groups

To add further scaling, it is possible to place Media Exchange relays into Load Balanced groups. This offers two distinct benefits:

  • The original relay is no longer a single point of failure.
  • Load is spread across multiple systems (fastest responder handles the request).

minimal_deploy.png

Capacity: A single relay agent can handle 30 relayed connections.


Using Agents in Load Balanced Groups

A single Signiant agent can present a single point of failure. If this is an issue for your organization, you may want to consider Load Balancing your Agents.

loadbalanced_agents.png

When Media Exchange Agents are placed in an Agent group, the storage must be "locally" available to each agent in the group (i.e. shared storage). Signiant recommends the use of a Storage Area Network (SAN) or high speed Network Attached Storage (NAS).

Note:
  • When Agents are in a load-balanced group, they MUST share the same repository path.
  • The relay must be able to resolve each member of the load-balanced group.
  • The relay must be Media Exchange enabled.

Capacity: A single relay agent can handle 30 relayed connections. When a single relay is placed in front of a load-balanced group the relay can quickly become the bottleneck for performance.

Network Notes (Allow Rules):

Source   Destination   Protocol
Port   Src (from)   Port   Dst (to)    
Any User 443 Manager TCP
Any Any 49221 MX Relay Agent TCP
Any Any 49221-49321 MX Relay Agent UDP
Any Any 80 MX Relay Agent TCP
49221 MX Relay Agent 49221 MX Agents TCP
49221-49231 MX Relay Agent 49221 MX Agents UDP
Any MX Relay Agent 8080 MX Agents TCP

Media Exchange Web Servers

Media Exchange requires two types of traffic to be passed between users and the Signiant Manager:

  • Web page traffic to provide the interface for the user's interaction.
  • User authentication data and package metadata to provide the underlying transport and authentication.

without_web_server.png

As your Signiant installation grows, you may experience slow-downs related to the loading of web pages required for Media Exchange. To increase scalability, Signiant recommends the use of one or more Media Exchange Web Servers to eliminate the need for users to connect directly to the Signiant Manager. The Media Exchange Web Servers cache the Media Exchange client application and package information. With Media Exchange, web server users connect to a web server closer to them that in turn communicates back to the central Signiant Manager.

with_web_server.png

Media Exchange Web Servers are particularly effective when you have users in geographically dispersed sites. Using a Media Exchange Web Server reduces the amount of delay that interactive Media Exchange users experience by serving the web content closer to the user as opposed to having to "round-trip" it from your central Media Exchange manager.

remote_web_server.png

This kind of configuration is very well suited to globally distributed organizations.


Maximum Scalability

When planning for maximum scalability, and highest performance, consider using a configuration based on the following:

max_scalability.png

Note: External user content is placed directly on internal servers. Customers need to assess the risk (viruses etc) of this content. (Assigning external users to Media Exchange Agents in the DMZ and creating customized processes to pull this DMZ-delivered content into the internal network can help mitigate this).

Network Notes (Allow Rules):

Source Destination Protocol
Port Src (from) Port Dst (to)  
Any User 443 Manager TCP
Any Any 49221 MX Relay Agent TCP
Any Any 49221-49321 MX Relay Agent UDP
Any Any 80 MX Relay Agent TCP
49221 MX Relay Agent 49221 MX Agents TCP
49221-49231 MX Relay Agent 49221 MX Agents UDP
Any MX Relay Agent 8080 MX Agents TCP
Any MX Web Agent 49226-49233 MX Manager  

General Media Exchange Deployment Constraints

Users should be aware of the following Media Exchange scalability limits:

  • Up to 500 Media Exchange submissions per day
  • Up to 15,000 Media Exchange packages in total
  • Customers who have more than 300 Media Exchange submissions per day should consider changing the Maintenance job to remove inactive Media Exchange packages more frequently than the default (45 days by default).

Deployment Metrics

The following metrics are helpful for planning capacity when deploying Media Exchange to your environment.

Metric Capacity
Number of concurrent Media Exchange uploads or downloads Approximately 10 per Agent
Number of concurrent relayed connections Approximately 30 per Agent

Media Exchange Users

Media Exchange has two types of users. The first type of user is created using the Signiant Manager (or using Active Directory or LDAP). This method is intended for more permanent users of Media Exchange. The second type of user is known as a temporary or guest user. Guest users are previously non-existent users that are created indirectly by entering an email address into the Media Exchange web interface while sending or creating a package.

User Types

User Type Normal Guest
Accounts Permanent Temporary - expiry set in UI
Permissions May "see" or select any other Normal User. May only "see" or select the user responsible for creating the account.

Configuration

Assign Media Exchange enabled users to load-balanced groups rather than to single Media Exchange Agents to facilitate maintenance of hardware and future system scaling.


Business Continuity and Disaster Recovery

Contact Signiant Customer Support to access the Business Continuity and Disaster Recovery Best Practices documentation for considerations related to hardening Media Exchange installations.