Specifications

MBG Engineering Guidelines, Release 8.0

• increased resiliency with the potential for disaster recovery configuration

2.7 Daisy-Chain Deployments

“Daisy-chaining” is a technique of pointing one MBG at another that can work around certain bandwidth and

routing restrictions. The servers are configured such that all traffic between the sets and ICPs traverses all MBG

servers in series, like following links in a chain.

A “daisy-chained” MBG is one that is configured to accept all incoming requests (authentication is disabled) and

pass them “upstream” to another MBG, where the standard authentication is performed.

Note: In this context, “upstream” refers to the direction approaching the ICP on the LAN.

Warning: Daisy-chaining is only supported for MiNet and SIP phones. SIP trunking and remote applications

have not been formally tested with MBG daisy-chain deployments.

The two main applications of daisy-chaining are to comply with certain IT deployment policies and

to reduce bandwidth for remote sites.

Special IT Policy Deployment

Daisy-chaining the DMZ MBG server to a LAN MBG server minimizes the scope of the firewall rules required to

facilitate communications between them. The firewall administrator can permit traffic only between those two

servers instead of across the entire LAN where sets may be located.

This configuration places the downstream server in the DMZ and the upstream server on the LAN. The servers

should use the network profiles of DMZ mode and LAN mode, respectively.

Note: Authentication should be disabled on the downstream (DMZ) server, and adds/changes should be made

only on the upstream (LAN) server.

Figure 9: Daisy-chained MBGs for enhanced security