Author Archive: Frank DeRienzo

Controlling Recording Playback through the URL

When added to a Connect archive recording URL, the following suffixed commands will force the prescribed behavior. This may help with projects that include the embedding of archive recording URLs.

  • pbEIOpen=true – the event index would come up opened
  • pbEIOpen=false – the event index would come up closed
  • pbEIOverlay=true – the event index would show up in overlay mode
  • pbEIOverlay=false – the event index would show up in persistent mode
  • pbMode=normal – open in normal playback mode
  • pbMode=edit – open in editing mode
  • archiveOffset=parameter in milliseconds – open to a specific time in the recording

You can modify the URLs along these lines; use an “&” to concatenate multiple parameters.

Every recording will automatically append ?launcher=false&fcsContent=true. You cannot play a recording in the Connect Meeting addin; if you append ?launcher=true, it will toggle to ?launcher=false and open the recording in the browser:

This URL is an example of what a normal URL would look like during recording playback:

https://connect.mydomain.com/recording1/?launcher=false&fcsContent=true&pbMode=normal

To change this to open with the index closed, append pbEIOpen=false like this:

https://connect.mydomain.com/recording1/?launcher=false&fcsContent=true&pbMode=normal&pbEIOpen=false

Demystifying Mixing VoIP and Telephony in a Meeting

With Unified Voice (UV) enabled and selected from within a meeting room:

The host may choose: Meeting>Preferences>Audio Conference>Allow participants to use Microphones: When Allow participants to use Microphones is checked, participants have power to enable their own microphones within the meeting. When it is unchecked, the host must enable microphones first and then the participant can enable the microphone with host permission within the meeting:

uv-1.fw

In either case, checked or unchecked, the host needs to first start the audio conference within any meeting:

uv-1b.fw

And the participant needs to choose the microphone option and enable it (even though the host has enabled it manually within the meeting or set it as permanently enabled within the room):

uv-1a.fw

Note that by default, when UV is in use, the telephony option is checked for the participant:

UV2.fw

The participant must select the microphone option in order to use the microphone instead of the phone; this will allow the microphone to broadcast to the users in the meeting using UV telephony:

UV3.fw

With all these settings in place, VoIP microphones can talk to telephony and telephony to VoIP and both will be audible in an archive recording for playback on demand.

Using iframe to Invoke an Adobe Connect-hosted URL

Make sure that the iframe reference is formatted correctly.

When referencing an a meeting archive recording, it is best to first move an archive from under its parent meeting to the Connect Central content library before referring to it via iframe.

Do not let the URL of the archive recording redirect to Connect Central login page. To bypass the login screen you may either parse a username and password as a parameter in the URL or you may set permissions on the referenced content URL in Connect Central to allow for public viewing.  The latter option is usually the best. To avoid exposing the genuine user’s password as plain text in a GET request, it is usually best to simply make the recording public in Connect Central then link it. Alternatively, you may also create a new user in Connect Central with no other permissions except access to the referenced URL.

Referencing content in Connect Central that is set to public viewing:

<iframe src=http://connectdomainname.adobeconnect.com/customurl1″></iframe>

Referencing content by parsing a username and password:

<iframe src=”http://connectdomainname.adobeconnect.com/username?login=username@adobe.com&password=userpassword&account-id=12345678” width=”600″ height=”600″></iframe>

When referring to multiple URLs whether archives or MP4s or other Connect-hosted links, be sure to use a separate iframe reference for each Conenct URL rather than attempting to wrap all URLs in a single iframe reference. For example, two public links together in a table might look like this:

  <tr>
    <td width=”600″><iframe src=”http://connectdomainname.adobeconnect.com/customurl1″></iframe></td>
  </tr>
  <tr>
    <td><iframe src=”http://connectdomainname.adobeconnect.com/customurl2″></iframe></td>
  </tr>

Configuring Adobe Connect to take Advantage of Database Mirroring

Full redundancy requires that the Connect database be either mirrored or clustered; Adobe uses mirroring as the preferred solution.

The following example settings in the custom.ini file are needed to configure Connect to take advantage of SQL Mirroring:

DB_NAME=ConnectDBName

DB_HOST=ConnectDBPrimaryHostName

DB_BACKUP_HOST=ConnectDBSecondaryHostName

DB_URL=jdbc:macromedia:sqlserver://{DB_HOST}:{DB_PORT};databaseName={DB_NAME};user={DB_USER};password={DB_PASSWORD};AlternateServers=({DB_BACKUP_HOST}:{DB_PORT};DatabaseName={DB_NAME});ConnectionRetryCount=12;ConnectionRetryDelay=10;FailoverMode=extended;FailoverPreconnect=false;FailoverGranularity=atomic

Note: Change the first three variables as appropriate, but do not make any changes to the DB_URL.  It is all one line and it pulls the values from the other three entries in custom.ini:

The follwoing setting is always pudent whether using mirroring or clustering, but it is particularly important if you are clustering SQL. If you are running the Connect SQL database in a SQL cluster rather than in a mirrored environment, you will want to make sure that Connect makes multiple database connection attempts during SQL fail-over. If Connect loses its SQL database, the entire Connect cluster will go down and it will wait for an administrator to manually reconnect to the database through launching the Connect configuration console on port 8510. Add the following to the custom.ini file to support any delays in clustered SQL fail-over:

DB_URL_CONNECTION_RETRY_COUNT = 15
DB_URL_CONNECTION_RETRY_DELAY= 30

The actual JDBC string That invokes these variables is in the config.ini file:

DB_URL=jdbc:macromedia:sqlserver://{DB_HOST}:{DB_PORT};databaseName={DB_NAME};user={DB_USER};password={DB_PASSWORD};ConnectionRetryCount={DB_URL_CONNECTION_RETRY_COUNT};ConnectionRetryDelay={DB_URL_CONNECTION_RETRY_DELAY}

Save the custom.ini and cycle the services.

 

 

Event Template Account Logo will not Publish

Issue: The Connect Events template account logo in AEM does not change when you attempt publish a new template logo

Solution: To change the account logo on Event templates, you need to change the account logo of the Connect account from within Connect Central:

Click on the the thumbnail image to see the Customization page in Connect Central: Administration > Customization > Customize Central

Event-logo-CC.fw

 

For more information on Connect Central customization options see the following help link: Customize the Adobe Connect Central user interface

For more customization options see the following resource: Extensions : Solution extensions

For more information on Events Templates see the following tutorials:

Creating and Editing Event Templates

Resetting the Default Event Templates in Adobe Connect

Creating a Two Person Event Template with Adobe Connect

Event Administration in Adobe Connect 9

Adobe Connect 9: Event Migration Guide

Improving the Performance of Connect Meeting Clustered Fail-over

To improve the performance of Connect Meeting fail-over in a cluster, make the following changes to the custom.ini file and cycle the FMS and Connect services or reboot the connect servers:

The installation documentation for clustering originally prescribed setting the MEETING_TIMEOUT variable to 0 as shown:

#For Connect 8&9 Cluster fail-over add the following
MEETING_TIMEOUT=0
MEETING_CONNECT_BACK_TIME=1

We have discovered that setting the MEETING_TIMEOUT variable to 1 insures that a meeting will only have one active session while setting the MEETING_TIMEOUT variable to 0 opens the possibility (although rare) of a meeting having more than one active session. The result is a bit odd. Everyone could be happily in an ongoing Connect meeting while one attendee is alone in what appears to be the same meeting. This is usually triggered by an some form interruption in the isolated users meeting session such as from a brief outage in the network connection of the isolated user.

The new recommended custom.ini setting looks follows:

#For Connect 9 Cluster fail-over add the following
MEETING_TIMEOUT=1
MEETING_CONNECT_BACK_TIME=1

Save the custom.ini after making the change and cycle the Flash Management Sever and Adobe Connect Server services.

In Connect version 9.2, the meeting timeout session may be set back to 0 as we have made the appropriate code changes to insure the functionality works as originally intended even if a user experiences network interruptions and must reconnect to the meeting.

SSL Configuration Checklist for Connect with AEM-based Events

This supplemental checklist alongside the  Adobe Connect installation guide and the SSL Configuration guide, will help expedite your SSL implementation of Connect with AEM-Events:

1. Always begin with a fully functional installation of Connect and AEM-based Events before adding SSL; Do not attempt to secure a server that is not fully tested to run all features without SSL: A server running all features in the clear with no problems manifested is the only place to begin.

2. Decide whether to use hardware-based or software-based SSL and obtain appropriate public certificates and FQDN’s. If needed, see Mohit’s excellent instructions to generate CSRs. If you are using software-based SSL, stunnel can either be installed locally or on a separate server. If you are using hardware-based SSL you will want to refer to the relevant third-party documentation along with that provided by Adobe. For F5 BIG-IP LTM, the following articles along with this blog article and the resources aforementioned will help:

For information about stunnel installation options with Connect 9, see Jim’s blog post on Adobe Connect 9.0.0.1 and 9.1 stunnel installation options. Within the 9.0.0.1 installation folder, under  \Adobe Connect 9.0.0.1\Adobe Connect\Merge_Modules, we provide the installer for  stunnel-4.53.  From there, you can install Stunnel 4.53 for your SSL deployment. Adobe QE has tested stunnel version 4.56 collocated with Connect – installed within the Connect installation directory. These days it is arguably prudent to use the latest security option tested. Depending on the version of Connect you are running, if you wish to use stunnel locally, then you would create and/or populate the stunnel directory under the root install directory: Connect\9.1.2\stunnel.

Click on this thumbnail diagram below to see what it would look like with a hardware-based SSL accelerator:

C9SSLAEMSingle

Click on this thumbnail diagram below to see what it would look like with stunnel collocated with Connect:

C9SSLAEMStunnel

The rest of this checklist & summary will assume stunnel is being used collocated with Connect, but the configuration variables will apply to hardware-based external SSL acceleration options as well and even a casual glance back at these diagrams will help you infer the differences.

The sample file editing offered herein will be based on the single server stunnel example depicted in the diagram above.

3. Four FQDN’s are required: This is how our working example FQDN list would appear in a host file.

  • 192.167.21.176  connectmtg.domain.com
  • 192.167.21.175 connect.domain.com
  • 192.167.21.174:443  cqauthor.domain.com
  • 192.167.21.173:443  cqpublisher.domain.com

4. Four certificates (or a wildcard certificate) is needed; here is the list of certificates for SSL following our example:

  • connectmtg.domain.com
  • connect.domain.com
  • cqauthor.domain.com
  • cqpublisher.domain.com

Note: These are depicted in our working example as a wildcard certificate: domain.com. If the certificates are not trusted public certificates, then meeting rooms will not open; self-signed certificates will not work with meeting unless they are installed on all clients. Place the certificates into the stunnel installation directory: \Connect\9.1.2\stunnel\

5. Backup and edit the stunnel.conf file: in the \Connect\9.1.2\stunnel\ directory to set up the four VIPs and pools:

stunnel.conf for four servers on one
; Protocol version (all, SSLv2, SSLv3, TLSv1)
sslVersion = all
; Some performance tunings
socket = l:TCP_NODELAY=1
socket = r:TCP_NODELAY=1
TIMEOUTclose=0
options = DONT_INSERT_EMPTY_FRAGMENTS
; Service-level configuration
[https-vip]
; incoming vip for https (to secure Connect Application Traffic)
; ip address of the server with stunnel on it
; listens on port 443
accept =192.167.21.175:443
; ip of the connect server
; send the unecrypted request to port 8443
connect =127.0.0.1:8443
; Certificate info for Connect cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[rtmps-vip]
; incoming vip for fms (to secure Connect Meeting Traffic)
accept = 192.167.21.176:443
; ip of the fms server
; Send unencrypted request to 1935
connect = 127.0.0.1:1935
; Certificate info for Connect meeting cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[CQ_Author-vip]
; incoming vip for CQ-Author (to secure AEM-based Events Authoring)
accept = 192.167.21.174:443
; ip of the CQ Author server
; Send unencrypted request to 4502
connect = 127.0.0.1:4502
; Certificate info for CQ Author cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem
[CQ_Publisher-vip]
; incoming vip for CQ-Publisher (to secure AEM-based Events Publishing)
accept = 192.167.21.173:443
; ip of the CQ Publisher server
; Send unencrypted request to 4503
connect = 127.0.0.1:4503
; Certificate info for CQ Publisher cert key in stunnel root
cert = domain.com.cert.pem
key = domain.com.key.pem

6. Next backup and edit the custom.ini file: By default, the custom.ini will point to 4502 and 4502 for CQ Author and Publisher respectively; you must change the links to reflect https rather than http and also change the  names to the correct FQDNs and also enable SSL for Connect with these following entries:

CQ_AUTHOR_SERVER=https://author.adobeconnect.com
CQ_PUBLISH_SERVER=https://publisher.adobeconnect.com
DOMAIN_COOKIE=adobeconnect.com
ADMIN_PROTOCOL=https://
SSL_ONLY=yes
RTMP_SEQUENCE=rtmps://external-host:443/?rtmp://localhost:8506/

7. Next backup and edit the server.xml file; in the \appserv\conf\ directory; uncomment two sections depicted here to enable SSL:

<Executor name=”httpsThreadPool”
namePrefix=”https-8443-”
maxThreads=”350″
minSpareThreads=”25″/>

<Connector port=”8443″ protocol=”HTTP/1.1″
executor=”httpsThreadPool”
enableLookups=”false”
acceptCount=”250″
connectionTimeout=”20000″
SSLEnabled=”false”
scheme=”https”
secure=”true”
proxyPort=”443″
URIEncoding=”utf-8″/>

Note: Be sure to test the server.xml file for correct editing by opening it in a browser and viewing any syntax errors.

8. After configuring the stunnel.conf, the custom.ini and the server.xml file for all four server instances, stop all five the services in the following order:

  • Adobe Connect CQ Author
  • Adobe Connect CQ Publisher
  • Adobe Connect Server
  • Adobe Flash Media Server
  • stunnel

9. After all services are completely stopped, start all five services in reverse order; do not cheat and just restart each one successively.

  • stunnel
  • Adobe Flash Media Server
  • Adobe Connect Server
  • Adobe Connect CQ Publisher
  • Adobe Connect CQ Author

10. Open a browser on the Connect server; go to localhost:4502 and log into CQ5 Author as an administrator and edit the URL

  • Select CRXDE Lite on the menu list on the right side of the screen
  • Go to: content>connect>c1>jcr:content
  • Scroll to the serverURL line
    • Edit the URL for https
    • https://cqauthor.domain.com

11. Open a browser on the Connect server and go to localhost:4503 and log into CQ5 Publisher as an administrator and edit the URL

  • Select CRXDE Lite on the right menu list
  • Go to content>connect>c1>jcr content
  • Scroll to the serverURL line
    • Edit the URL for https
    • https://cqpublisher.domain.com

12. Open a browser on the Connect server and go to localhost:4502/system/console/configmgr and log in as an administrator and edit the author externalizer name and statistics URL

  • Scroll to and edit the Day CQ Link Externalizer and edit the hostname value to reflect the FQDN of the Author server
  • cqauthor.domain.com
  • Scroll to and edit the Day CQ WCM Page Statistics and edit the localhost:4502 URL to reflect the FQDN of the Author server and HTTPS
  • https://cqauthor.domain.com/libs/wcm/stats/tracker

13. Open a browser on the Connect server and go to localhost:4503/system/console/configmgr and log in as an administrator and edit the publisher externalizer name and statistics URL

  • Scroll to and edit the Day CQ Link Externalizer and edit the hostname value to reflect the FQDN of the Publisher server
  • cqpublisher.domain.com
  • Scroll to and edit the Day CQ WCM Page Statistics and edit the localhost:4503 URL to reflect the FQDN of the Author server and HTTPS
  • https://cqpublisher.domain.com/libs/wcm/stats/tracker

14. Stop all services and and restart as shown in steps 8 & 9 or reboot the server

15. Log into Connect and test all features including the Events module.

Troubleshooting appendix:

  • Check to make sure all five  services are running and start any that are not running.
  • Once all the services are up, click on the stunnel.exe icon in the stunnel directory and insure that stunnel runs without errors
    • If stunnel.exe throws an error then examine the stunnel.conf for syntax problems
    • If stunnel.exe starts successfully then look elsewhere for problems
  • If  Firefox browsers Fail to Connect when stunnel is used to secure Adobe Connect, then double check to be sure that the
    • sslVersion = all
    • fips = no
  • To make certain the help files are served via SSL, follow the instructions in Jim’s blog article: Changing the Help Links to use HTTPS://
  • Make sure there is not a passphrase on stunnel: see Jim’s blog article Adobe Connect Stunnel prompting for passphrase when server/services restarts
  • If stunnel does not start with Connect upon reboot, this technique will help: Stunnel does not Startup with Connect
  • Depending on the version of Connect you are running, you may need to add the certificate to the java CA certificates in Connect in order to allow images in the AEM-based Events module to appear in Connect. Ignore this step unless you are running Connect 9.0.0.1 and even then, if at all possible, simply use a later version of Connect instead as this issue has been fixed and this workaround is made superfluous for later versions:
    • For 9.0.0.1, export and then import the SSL certificate: Log into Connect and click on the lock in the URL line to the left of HTTPS and click the button in the pop-up: More Information>View Certificates>Details>Export to export the SSL certificate. Save the certificate in the jre\bin directory in the root install directory for Connect: Connect\9.1.2\jre\bin
    • Use the command prompt to complete the importation: F:\Connect\9.1.2\jre\bin> keytool -import -trustcacerts -alias connect -file certificate-name -keystore cacerts
      • The default password is changeit.
      • Overwrite any existing certificate.
      • The italicized alias connect is a variable
      • The italicized certificate-name must match the name of the certificate

Adobe Connect Server Licensing for Disaster Recovery

This question is commonly asked: Does my license for On-Premise Adobe Connect allow me install Adobe Connect servers for disaster recovery purposes?

First let’s define the terms: Disaster Recovery Environment refers to your technical environment designed solely to allow you to respond to an interruption in service due to an event beyond your control that creates an inability on your part to provide critical business functions for a material period of time. That is to say, it refers to a secondary site that would not be utilized in production unless the primary site went offline due to a natural or human-inflicted disaster that is beyond your control. Use of Adobe Connect servers in Disaster Recovery Environments is within the scope of your license and no additional fees are due to Adobe Systems Incorporated. For example, for the architecture depicted here, you would need four Adobe Connect server licenses. 

 

Connect_DR_cluster

 

However, adding one or more Adobe Connect servers to a local cluster is outside the scope of your license, and you will need to purchase additional licenses from Adobe Systems Incorporated to accomplish this.  Additional licenses are needed when adding any Adobe Connect servers that increase scalability in the form of:

  • Availability — What percentage of time is Connect available to geographically distributed users?
  • Reliability — How often does Connect experience problems that affect availability?
  • Performance — How fast does Connect consistently and qualitatively respond to user requests?
  • Concurrency – How many users can a Connect deployment handle concurrently?

Information around cluster expansion is here: Adobe® Connect™ server pools/clusters and hardware-based load-balancing devices with SSL acceleration

If you were to geographically distribute an active Connect cluster by placing Adobe Connect servers into two separate data centers, that would also require additional licensing. Connect servers in a cluster cannot have more than 2-3ms of latency between and among Connect servers.  Generally you would not geographically distribute Adobe Connect servers into different data centers, however, there is a chapter in the aforementioned clustering article on the topic. With that said, the architecture depicted below, is an example of a distributed active Adobe Connect cluster that is is spread between two local data-centers with nominal latency between those data-centers (less than 3ms of latency). All four servers are in production and all are actively hosting meetings and serving on-demand content.  This Connect architecture example depicted in the diagram below requires a four-server Connect cluster license:

 

Cross-DC-CLUSTER

 

Where is the Connect Meeting Add-in Installed?

Here are the client-side installation locations for files required by Connect Meeting add-in and its mms.cfg configuration file.

1. In Connect version 9, the default installation directories on each client platform are:

Windows (32 and 64 bit machines)

  • %appdata%\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin
  • or   C:\Users\<username>\AppData\Roaming\Macromedia\Flash Player\www.macromedia.com\bin\adobeconnectaddin

Macintosh :

  •  ~/Library/Preferences/Macromedia/Flash Player/www.macromedia.com/bin/adobeconnectaddin

2. The  configuration file, mms.cfg, for the add-in is located here: :

Windows (32 bit) :

  •  C:\Windows\System32\Macromed\Flash\mms.cfg
  • or C:\Windows\System32\mms.cfg

Windows 7 64 bit

  • In: c:\Windows\SysWOW64\Macromed\Flash\mms.cfg
  • or c:\Windows\SysWOW64\mms.cfg

Macintosh OS

  • <hard drive>/Library/Application Support/Macromedia/mms.cfg

Adding the Passcode Feature for Connect Meetings

You may add a passcode feature as an additional security option for Connect Meeting room access in Connect versions 8 and 9. Each Meeting room can have its own passcode.  The parameter will appear under the Edit Information tab of the Connect Meeting:

pc2.fw

This is a great option. For example, it allows you to pop up a fast ad hoc meeting with full guest access while requiring guests to apply a pass-code to enter:

pc.fw

It also allows an additional layer of security for registered users as well; they also would need to enter a passcode in addition to any permissions (even host-level) granted to the room.

pc1.fw

Once applied, when a users hits the Meeting URL they will be presented with the passcode field:

pc3.fw

To add this feature, simple log onto your on-premise adobe Connect server as a Connect Administrator and enter the following into the URL line in Connect Central:

http://YOURDOMAINNAME/api/xml?action=meeting-feature-update&account-id=7&feature-id=fid-meeting-passcode-notallowed&enable=false

Where “YOURDOMAINNAME” is actually your domain name.

If this executes correctly, you will see the following output when you follow-up by entering this command into the same URL line in Connect Central:

http://YOURDOMAINNAME/api/xml?action=meeting-feature-info&account-id=7

Output: feature-id=fid-meeting-passcode-notallowed

Alternatively you could simply check and see if the feature is available under the Edit Information tab of any Meeting.

Note: Your Meeting passcode can be up to 16 letters or numbers; keep in mind that it is a convenient supplementary security mechanism rather than a primary means. You will see this warning if your passcode is not supported go over that: Your passcode must be between 1 and 16 characters long (letters or numbers, no spaces).

In adding this feature you have invoked the Web Services API in Connect. If you are not familiar with the API see the following document; it is rich with options: http://help.adobe.com/en_US/connect/9.0/webservices/connect_9_webservices.pdf

Note also that with Connect 9.2, in Connect Central under Administration > Users and Groups > Edit Login and Password Policies, there are two relevant check boxes, one to enable and the other one to force the use of the passcode:

passcode.fw