IOCOM Whitepaper: Connecting to Third Party Organizations



Similar documents
Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks

Enabling Seamless Unified Communications

StarLeaf Connectivity Services. Deployment Guide

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

Zeenov Agora High Level Architecture

Secure VoIP for optimal business communication

Level 1 Technical Firewall Traversal & Security. Level 1 Technical. Firewall Traversal & Security. V3 Page 1 of 15

MULTIPOINT VIDEO CALLING

IP Telephony Deployment Models

Packetized Telephony Networks

Cisco CME Features and Functionality

IOCOM Grid Collaboration Software. Technical Paper

Application Note. Onsight Mobile Collaboration Video Endpoint Interoperability v5.0

Enterprise Video Conferencing

IOCOM Visimeet tm : Enterprise Videoconferencing and Collaboration Software. July 2012

Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

Session Border Controllers in Enterprise

Standard Information Communications Technology. Videoconferencing. January2013 Version 1.4. Department of Corporate and Information Services

IP Implementation in Private Branch Exchanges From 9:30 a.m until 4:30 p.m (7 hrs./day) 5 days / week

Integrate VoIP with your existing network

White Paper. Traversing Firewalls with Video over IP: Issues and Solutions

2- Technical Training (9 weeks) 3- Applied Project (3 weeks) 4- On Job Training (OJT) (4 weeks)

Application Note. Onsight Connect Network Requirements v6.3

Cisco Unified Videoconferencing Manager Version 5.5

Recommended IP Telephony Architecture

Prepare your IP network for HD video conferencing

Need for Signaling and Call Control

Polycom Unified Communications Deployment Guide for Cisco Environments

Enhanced Enterprise SIP Communication Solutions

Infrastructure developments to build on AARNet s VoIP and Video services. Leon Li. Overview. Enterprise UC Network. Beta program.

Main characteristics. System

Optimizing Converged Cisco Networks (ONT)

Cisco Networks (ONT) 2006 Cisco Systems, Inc. All rights reserved.

Vidyo Hosted Services Description for VidyoCloud Services

Integrating VoIP Phones and IP PBX s with VidyoGateway

Polycom Visual Communications Architecture and Design Guide

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

IP Ports and Protocols used by H.323 Devices

Video Conferencing Infrastructure and Endpoints

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Colt VoIP Access Colt Technology Services Group Limited. All rights reserved.

Application Notes for Configuring a SonicWALL VPN with an Avaya IP Telephony Infrastructure - Issue 1.0

A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

Conference Bridges. Conference Bridge Configuration Checklist CHAPTER

CISCO UNIFIED COMMUNICATIONS MANAGER SIP INTEGRATION

EXPLOITING SIMILARITIES BETWEEN SIP AND RAS: THE ROLE OF THE RAS PROVIDER IN INTERNET TELEPHONY. Nick Marly, Dominique Chantrain, Jurgen Hofkens

Application Note. Onsight TeamLink And Firewall Detect v6.3

Bridgit Conferencing Software: Security, Firewalls, Bandwidth and Scalability

OpenScape UC Suite 2011 OpenScape Video

Video Conferencing Glossary

Video Conferencing Glossary

SIP Security Controllers. Product Overview

Any to Any Connectivity Transparent Deployment Site Survivability

MyCloud Dedicated Unified Communications (UC) Transforming Business Communications

Based on the VoIP Example 1(Basic Configuration and Registration), we will introduce how to dial the VoIP call through an encrypted VPN tunnel.

Computer System Management: Hosting Servers, Miscellaneous

LifeSize Transit Deployment Guide June 2011

Extending Room Video Conferencing with Microsoft Lync

ZyXEL V100 Support Notes. ZyXEL V100. (V100 Softphone 1 Runtime License) Support Notes

Unified Communications in RealPresence Access Director System Environments

How To Use Cisco Cucm For A Test Drive

IP VIDEO TELEPHONY OVERVIEW

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

Building the Lync Security Eco System in the Cloud Fact Sheet.

StarLeaf Network Guide

4. H.323 Components. VOIP, Version 1.6e T.O.P. BusinessInteractive GmbH Page 1 of 19

Cloud Video. Data Sheet

Converged Telephony Solution. Technical White Paper

Polycom Visual Communications Architecture and Design Guide

VIDEOCONFERENCING. Video class

Development of SIP-H.323 Gateway Project

Support for Enterprise Services Virtual Meeting Rooms

Cisco TelePresence Integration with Microsoft Lync Server

Integrating Voice over IP services in IPv4 and IPv6 networks

Application Note. Onsight Connect Network Requirements V6.1

Acme Packet session border controllers in the enterprise

THE ENTERPRISE GUIDE TO VIDEO CONFERENCING. Prepared by: Steve Smith MITP MIET MIEEE Technical Director Astro Communications Ltd.

Video Conferencing and Security

Voice over IP Basics for IT Technicians

Marratech Technology Whitepaper

MINISTRY OF HEALTH CUSTOMER PROPOSAL

NETWORK ISSUES: COSTS & OPTIONS

Interoperability for Enterprise Video Communications

TECHNICAL CHALLENGES OF VoIP BYPASS

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Selecting the Right SIP Phone for Your IP PBX By Gary Audin May 5, 2014

OpenScape Business V2

Curso de Telefonía IP para el MTC. Sesión 1 Introducción. Mg. Antonio Ocampo Zúñiga

Session Initiation Protocol (SIP) The Emerging System in IP Telephony

How to Call a Phone, H.323, or SIP in a Meeting

AVer Video Conferencing Network Setup Guide

How to choose the right IP gateway for your VoIP migration strategy. Deployment note

Polycom Unified Communications in RealPresence Access Director System Environments

Transcription:

IOCOM Whitepaper: Connecting to Third Party Organizations September 2008 IOCOM www.iocom.com 312-786-9169

Table of Contents 1. Executive Summary 2. Goals 3. Scenarios for Enterprise Connectivity over IOCOM a. Connecting over IOCOM-based nodes from within the Company Firewall b. Connecting from IOCOM-based nodes over a VPN c. Connecting to Third Parties using an External UCS Federated to Internal UCS d. Internal Enterprise UCS Federated to Semi-Public WebConnect Serverf e. Internal Enterprise UCS Federated to Public IOCOM Hosted Services f. Hosted Subscription Services 4. Integrating Third-Party Systems to IOCOM Networks a. Legacy IP Videoconferencing, VoIP, and ISDN Videoconferencing

Executive Summary The IOCOM Grid (IG) multimedia collaboration platform is a scalable, adaptable, software solution enabling geographically distant users to easily and reliably meet face to face in rich collaborative environments. The IG software solution is an IP network based client and server application. The IG Unified Collaboration Server (UCS) runs on commodity hardware running the Linux operating system. The IG grid architecture can be readily scaled across commodity hardware to increase capacity while functioning as a single centralized system. The IG UCS can also be federated with additional IG UCS systems to expand the network within or outside of internal firewalls. The IOCOM WebConnect Server, or WCS, enables users to connect either through our existing client software or from a web browser using standard network connections. The WCS can federate with existing UCS systems, vastly expanding the number of users who will have easy access to successful IOCOM Visual Communication solutions. The purpose of this document is to discuss the capabilities as they pertain to existing network configurations in Enterprise environments, paying particular attention to security concerns and interoperation with third-party communication tools. Goals IOCOM s primary goals include: - Allowing everyone within internal networks to easily communicate via the IOCOM platform. - Allowing seamless, secure communication with approved users outside of internal networks via the IOCOM platform. Scenarios for Enterprise Connectivity using the IOCOM Software The following scenarios describe the process and architecture of connecting to individuals, corporations, or organizations using entirely IOCOM-based technology. These scenarios provide for the best video and audio experience, and the greatest amount of control, flexibility and security, while requiring the least amount of administration overhead. The first two scenarios focus primarily on connections for employees who have access to the internal company network or VPN. Scenarios for connecting to third parties, such as outside consultants or contractors who may not have access to the company network are illustrated in Scenarios 3, 4, and 5. Using IO- COM web clients and subscription-based services allows for connections to virtually any individual or company, while guaranteeing security and reliability. For a discussion of connections to non-iocom systems such as legacy videoconference hardware, see section four below. Scenario 1: Connecting over IOCOM-based nodes from within the Company Firewall Under this scenario, all endpoints are located within the company firewall. This allows for the greatest security, as absolutely no data must leave the company network, however it obviously presents difficulties in meeting with third parties, as it requires an internal network connection. This scenario is illustrated here as the preferred scenario for company employees who have access to the internal company network. - Providing for interoperation with third-party communication tools and protocols as necessary. In meeting each of these goals, the primary focus is on maintaining security while allowing for the greatest possible distribution of users joining via IOCOM and/or by connecting via other phone and VTC endpoints. To that end, certain cases in the following scenarios present special limitations of technology and security. These are noted as appropriate and are being worked on by our development team as priority dictates. Under this architecture, each endpoint connects directly to an IOCOM UCS sitting on the internal net-

work, and therefore accessible to each endpoint without introducing security concerns. In the case of large corporations, multiple IOCOM UCS systems can be housed internally and then federated to each other, allowing all endpoints to contact any other endpoints. This method localizes regional traffic and minimizes more expensive WAN traffic, regardless of which specific UCS the endpoint is connected to on the network. As above, each endpoint has a permanent client license obtained from IOCOM, and users authenticate to the UCS's access list. Alternately, authentication can be tied to a centralized corporate LDAP or Active Directory server for administrative convenience. Each endpoint has a permanent client license obtained from IOCOM, and users authenticate to the UCS's access list. Alternately, authentication can be tied to a centralized corporate LDAP or Active Directory server for administrative convenience. In addition to authentication control, this scenario also offers the Enterprise complete control over the meeting experience for all users. Using the UCS's limits manager allows administrators to restrict bandwidth, specify the video and audio codecs to be used, and allow or disallow the separate IGTools functionality (e.g. Recorder, IGFile, etc.) on a permeeting per-ucs, or corporate-wide basis. Scenario 2: Connecting from IOCOM-based nodes over a VPN Under this scenario, all endpoints either reside on the Enterprise's internal network, or they connect to the internal network over a VPN set up by the company. This scenario allows for a very high degree of security at low administrative cost. This is the preferred architecture for connecting to employees or contractors at remote locations when VPN connections are feasible. Each endpoint tunnels via VPN to connect to an IO- COM UCS sitting on the internal network. The UCS remains completely inaccessible to any machines not connected to the VPN or the local network. As above, multiple internal IOCOM UCS systems can be federated to each other, allowing all endpoints to contact any other endpoint, even in the case of an endpoint connected over the VPN. Because this scenario uses the company VPN, all data remains entirely within the corporate network. This allows the Enterprise to maintain its VPN and internal network according to its standard practices. In addition to authentication control, this scenario also offers the Enterprise complete control over the meeting experience for all users. Using the UCS's limits manager allows administrators to restrict bandwidth, specify the video and audio codecs to be used, and allow or disallow the separate IGTools functionality (e.g. Recorder, IGFile, etc.) on a per-room, per-ucs, or corporate-wide basis. Scenario 3: Connecting to Third Parties using an External UCS Federated to Internal UCS Endpoints and users within the corporate firewall connect to the company's internal UCS, as described in the above scenarios. External users, however, connect to a separate UCS housed outside the corporate firewall. This external UCS is federated to the Internal UCS, and proxies all external IOCOM connections through the external UCS entry point. Internal IOCOM endpoints can securely create and join meeting with external endpoints. However, external do not have direct access to the internal UCS and all traffic is routed over the federated connections. The corporate firewall can monitor the RTSP setup negotiation and dynamically open and close UDP ports during the session between the internal and external UCS. All IOCOM endpoints use client licenses purchased from IOCOM. These licenses can be purchased either by the sponsoring Enterprise or by the individual third party partners and vendors. Although client licenses

are transferable, this approach may present scalability limitations when applied to users who will only connect for one or two meetings per year. client licenses among them. The web-based client does not contain all of the features of the standard licensed client, but is able to run on most systems and allows for very low-setup or no-setup participation. Web browsers with an installed Flash component would provide richer video, audio and collaboration tools than plain standalone web browsers. Scenario 5: Internal Enterprise UCS Federated to Public IOCOM Hosted Services The user accounts and access lists on the external UCS can be managed either by IOCOM or by the sponsoring Enterprise. This approach utilizes a new server technology currently under development at IOCOM. Internal users would be able to join meetings with any current subscriber to the IOCOM hosted service. Trial software would be available at no charge for initial users. Scenario 4: Internal Enterprise UCS Federated to Semi-Public WebConnect Server This approach utilizes a new server technology currently under development at IOCOM. This new server product allows connections to fully licensed standard clients, but also to any authorized user with a standard web browser. The web clients are not licensed and the WebConnect Server will be configurable to allow a specified number of concurrent web connections as well as a specified number of licensed connections. The access list to the WebConnect Server is managed by either the Enterprise or IOCOM. The new server product can be federated to a specific Enterprise UCS or group of UCS s, as in the above scenario, and would not be part of a wider public IOCOM cloud. The Enterprise could limit federation access to a specific list of UCS s. This scenario allows for the flexibility to connect to third parties as necessary without needing to transfer The access lists to the WebConnect Servers are managed by IOCOM. Enterprise UCS or group of UCS systems, would be federated to the wider public IOCOM cloud. All traffic would be routed through the public Web- Connect servers to through the Internal Enterprise UCS and onto the internal client endpoints. This scenario allows for the flexibility to connect to third parties as necessary without needing to transfer client licenses among them. The web-based client does not contain all of the features of the standard licensed client, but is able to run on most systems and allows for very low -setup or no-setup participation. Web browsers with an installed Flash component would provide richer video, audio and collaboration tools than plain stand-alone web browsers Scenario 6: Hosted Subscription Services This is a fully hosted service. IOCOM hosts the servers and licenses are renewed via subscription payment. Various subscription plans provide different features, such as multiple video sends, Hi-Def codecs and higher encryption levels. No internal UCS is necessary as all clients

directly connect to the external IOCOM hosted UCS. The corporate firewall can monitor the RTSP setup negotiation and dynamically open and close UDP ports during the session. The public UCS may host multiple companies on the same server or cluster of servers. This approach allows both the Enterprise and third party partners and vendors to subscribe to the service as needed. Integrating Third-Party Systems to IOCOM Networks Legacy IP Videoconferencing, VoIP, and ISDN Videoconferencing The UCS can initiate and receive H.323/SIP calls as well as connect to PSTN and ISDN endpoints. H.323 and SIP endpoints directly establish a call with the UCS and do not directly connect to the IOCOM clients. The UCS does not directly establish connections with PSTN and ISDN endpoints and instead uses a gateway. PSTN traffic is routed through any standards based VoIP gateway to convert the signaling and audio traffic to IP (using either H.323 or SIP as the signaling protocol). ISDN endpoints also require a gateway to translate the signaling and media streams to SIP/H.323 and IP. The ISDN gateway, normally a MCU which supports ISDN and IP, completes the videoconferencing call between the UCS and the ISDN videoconferencing end point. An external UCS federated to an internal UCS can be used to allow third party access without needing to open potentially vulnerable h.323/sip access through the corporate firewall. Third party users join an external IOCOM UCS by entering the IP address of the UCS and entering the meeting code that was assigned by the internal enterprise user. The federated UCS system then joins the internal enterprise client and the external third party device over the secure federated link. Enterprise users wishing to dial out to external third party legacy videoconferencing devices must be directly connected (not through federation) to the external UCS. The dialer that is used to connect the IG client to the legacy device is on the UCS that the user is registered to. Attempts to dial an external device from an internal UCS would most likely fail unless firewall traversal for legacy protocols is available. Once the external UCS is connected to a legacy device, all other IG participants can join the meeting from their local federated UCS as they would any meeting. Only one IG participant is required to join the external UCS to establish the connection. Gatekeepers manage call setup, resources and bandwidth for h.323 and SIP voice and video networks. The UCS can register with a gatekeeper to work within enterprise call control processes. Once registered, the UCS will pass all dialing and call type information to the gatekeeper for processing. The gatekeeper allocates the proper resources; bandwidth, gateways, endpoints; required for the call completion and instructs the UCS how to terminate the call. For networks with multiple gatekeepers that handle different types of traffic, they must route through a single gatekeeper that will direct the UCS traffic to the appropriate network termination point. Conclusion IOCOM delivers a flexible visual communication solution that gives enterprises complete independence ofdevice, network, and location. IOCOM ensures that everyone in the company is able to securely connect both inside and outside of the corporate environment. As shown, our flexible network scenarios adapt any situation, eliminating all walled gardens. And by providing client side software solutions that scale from webbrowsers to laptops to full-featured conference centers, IOCOM solutions integrate easily into any environment and workflow.

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information