Transcript Document

Polycom Conference
Firewall Solutions
The use of Video Conferencing Is Rapidly
Growing
More and More people are adopting IP conferencing
Audio and Video is improving drastically, making it easy
to conference over the internet
Increasing need to scale, manage, and deploy all while
maintaining a secure environment
The goal is to connect Anywhere, Anytime, without
boundaries
2
Continued questions in conferencing today …
Who can I call?
How do I call?
Is there a firewall involved?
What kind of endpoints do I have?
3
Video over IP Deployment Challenges
Existing networking infrastructure is not “media-aware”



Firewalls block Media (Video/Audio) calls
Network Address Translation (NAT) breaks addressing
Video/Audio and data traffic on shared WAN pipes degrades
voice and video quality
User Concerns


Dialing concerns
How do I call them? What should I dial?
– Do I have to register with them?
– Why can’t they call me?
Designing around the above problems is difficult and
expensive with legacy CPE hardware
4
How do you fix the problem?
NAT Avoidance


Uses techniques to avoid a firewall / NAT
May require additional CPE
NAT Traversal


5
Video calls traverse the firewall / NAT
Multiple methods available
One approach – Avoid the NAT problem
IP Cloud
IP Cloud
IP Cloud
VSX
3000
PROXY
Public IP
Public – Private IP
IP Cloud
TUNNELS
VSX
3000
Virtual Private
Networks (VPN)
6
Firewall Traversal Solutions
Application Layer Gateway (ALG)

Enables a firewall to become media aware without compromising
security
H.460 Based Traversal


7
ITU defined NAT/FW traversal method
Works with legacy firewalls
Application Layer Gateway (ALG)
Resolves Network Address Translations issues
Media and protocol aware

Preserves all features (Encryption/Content Sharing)
Uses Stateful Packet Inspection

Dynamically opens and closes ports
Provides topology hiding to protect the H.323 Components
(endpoints, bridges, gatekeepers) and data devices
8
Application Layer Gateway (ALG)
ALG Pros

Security (intrinsic Firewall)
– Dynamic Port utilization for call duration





Scalable - Enables Shortest Path Media Routing
Less costly – no extra bandwidth
Ideal for “fixed” video installations
Video endpoint registration not mandatory
Flexible dialing
ALG Cons

9
Not practical for mobile work force
H.460 – Traversal of H.323 across NATs and Firewalls
H.460 ITU Standard



Extension to H.323
Developed by Polycom, Radvision, Tandberg
Approved August 2005
H.460 enables H.323 signalling and media to traverse
NAT/FW installations
Utilizes a Traversal Server (TS) at a central location
Requires H.460 aware endpoints to register with Traversal
Server
All VSX systems are H.460 aware with VSX Release 8.5!
10
H.460 – Traversal Server
H.460 Pros

Allows for IP calling with legacy firewalls
– IP and Port issues resolved at Traversal Server

Simplistic for registered H.460 endpoints

Ideal for mobile users (road warriors / hot spots / home users)
H.460 Cons
11

Extra bandwidth may be needed at Traversal Server location

Requires endpoints to register with the Traversal Server

Scalability - all traffic routed through the host location (signaling and
media)

Less Secure (Traversal Server may not be a Firewall)
Choosing The Right Solution
ISDN gateway


More expensive
ISDN not available everywhere
H.323 aware firewall


Restricts the feature set – encryption
Not ISP friendly
VPN


Exposure risk for Home Offices
Not used for enterprise-to-enterprise communication
Put all video systems on public IP addresses



12
Vulnerable to attack
Limited availability of public IP addresses
Not scalable
Introducing the Polycom V2IU
6400 Series
85 Meg
Base MSRP - $42,800
5300 Series
10 Meg or 25 Meg
Base MSRP - $7,199
4300
3 Meg
Base MSRP - $1,999
V2IU Product Family – “Voice and Video Interface Unit”
Simplifies -
Inter-company video conferencing
Resolves - NAT/Firewall traversal problems for Video over IP
Protects - Video and Voice devices with an application aware
firewall
Flexible – Can be deployed as an ALG or Traversal Server (H.460)
13
V2IU Key Features And Benefits
V2IU Features
V2IU offers multiple modes
Benefits
Flexibility to solve customer networking challenges
(ALG & Traversal Server
(H.460)
Solution adapts to network requirements
Flexible dialing options
Ease of use
Security
V2IU is a media aware firewall
Cost efficient
Lower Total Cost of Ownership – Equipment and
Network charges
Shortest path routing
Improved Scalability, reduced latency (improved
video quality)
Flexible deployment options
Family of products to meet capacity needs
With VSX Release 8.5, all VSX solutions are H.460 compliant!
14
Complete Polycom
Solution
15
Thanks !
Questions?