Background: As you know, I continue to investigate and test potential desktop videoconferencing solutions. I really want to be able to provide desktop videoconferencing to my districts (most of whom aren’t on my network or have enterprise firewalls between my network and theirs); and also to be able to bring in authors, guest speakers and others who are completely off my network and in scenarios where I have no control over the network.
Polycom CMA Desktop & Diverse Networks
I’ve learned more about how the Polycom CMA Desktop works with the client software and why there have been seemingly inconsistent results in testing it from various locations (based on my conversations and tests with others who have the server installed).
Disclaimer: I’m not a techie or an expert in this. I’m throwing this out here to stimulate conversation and to encourage clarification. Please, please comment!
The videoconference connection between the desktop client software and the server is basically an H323 call with additional services such as LDAP, presence, and provisioning. So similar firewall traversal scenarios occur with the desktop client as with a regular videoconferencing system (appliance/codec). (It’s not quite the same, but close.)
In a scenario where the Polycom CMA server and Video Border Proxy ST are installed and the desktop clients are off the server’s network, here are the likely results:
- If the desktop client is behind a soho (small office / home office) router such as a Linksys, DLink, or other dynamic router, it probably will work fine.
- If the desktop client is behind an enterprise firewall (such as most schools have installed), it probably will not connect. There are three potential solutions: (1) use a VPN to connect to CMA, (2) install a VBP at the remote site; (3) provide a public IP at the remote site; (4) open ports to allow the traffic through.
I’m guessing that any other vendor’s solution that is H323-based will be the same. Is that true? Please, please comment!
I am still learning about all these desktop VC tools work and the vendor-intended and best ways to install them. If you have further comments, please share. Be sure also to read all the comments so you benefit from the additional information.
The other variable to consider when using a 323 based pc client is the quality of the network the end point has. As you mentioned, it is essentially a 323 call just like a typical polycom end point is there. 323 is not tolerant of packet loss, jitter or low bandwdith which is why most/all video networks have a (QOS) quality of service guaranty.
Technologies such as Vidyo have unique capability that is designed to be more tolerant of packet loss, jitter and low bandwidth so QOS is not required. SVC (Scalelable Video Coding) is a key component of that functionality. Today Vidyo is not natively compatible with 323, a gateway or conversion is required. Over time it is hopped that standard’s will evolve so that 323 and SVC based products can communicate directly without a gateway device.
Have you investigated Mirial Smartphone’s interoperability?
I work for a district in VT and we are going to use it small scale (<=6 users) for our Deaf-Ed program (720p signing during VC).
Greg – it’s not the interoperability so much as the client software to be able to login from off the server’s network. That’s the piece I need. Are you doing that with Mirial? (Of course I need to connect to H323 regular units too.)
You should check Mirial ClearSea. It is basically a client-server solution (similar to Vidyo, Movi, CMA, etc).
It is natively interoperable with H.323 and SIP endpoints and addresses NAT/FW traversal and inconsistent network issues.
I have recently evaluated it (VMWare image downloaded from the website) and it worked. This was out of curiosity so I didn’t really invested that much time over it anyway.
Mike, thanks for your comment. Do you know if the client can login to the server if the client is not on the server’s network? (with ClearSea)
That’s my big question right now….
yes; that is the real reason why you install ClearSea server in the first place.
The idea is pretty straightforward: You deploy a ClearSea server instance in you network with one Ethernet card connect to the public internet (firewalled if you wish!) and the other to you office LAN.
Then, you can install and use the ClearSea client on any PC inside or outside the corporate LAN and once logged in, you can call any SIP/H.323 endpoint inside your LAN or on the Internet.
For example: you are in an hotel room (firewalled), you launch the ClearSea client and log in to your ClearSea server; then you can call any H.323/SIP endpoint inside your LAN or on the Internet.
The rule of thumb for the firewall traversal is: if skype works in a network, then ClearSea client will work on that network too and will be able to log-in to your ClearSea server.
Hope this helps!
I have not, but full disclosure is that we are a video conference service provider based on technology from Vidyo.
You’re right about the H323 firewall traversal. The concept is the same across all vendors of H323 based videoconferencing equipment, hardware or software (desktop). There are proprietary traversal technologies as well as ITU standard H.460. Supposedly the desktop client registers at the server and negotiates with the firewall to open necessary ports. However, in a stringent environment such as an enterprise, the negotiation might not be authorized and the ports remain blocked. It depends on the firewall policy.
We have been trialling CMA desktop here as our Ministry of Ed have a number of free licences we can use. I have found it such a hassle to make it work. Even though we are in a VPN, we have had to take off all our security settings, firewall, anti-virus, even take our proxy settings off. Some schools have set up a dedicated computer just for using CMA and nothing else but i have been advising my schools to pay the $200 licence for PVX and have none of the hassles. We may see big changes coming here soon as much of our equipment gets past it’s use by date. In today’s world why should you pay megabucks for expensive VC equipment when there are so many alternatives out there.
Rachel, I was sad to hear your troubles with CMA Desktop and would like to help if I can. Perhaps you could send me an email detailing the deployment and use case? I assume you are in current contact with a Polycom Sales Team since you have a trial account. Kind Regards, Marty Sexton CMA Desktop Product Marketing Manager, Polycom Inc.
[…] Diverse Networks and Desktop Videoconferencing « Videoconferencing Out on a Lim This entry was posted in keith bulluck and tagged amp, desktop videoconferencing, firewall, firewalls, scenarios, videoconferencing system. Bookmark the permalink. ← Finding The Right Web Conferencing System […]
You should really try Appia Video Communicator. It is a software PC based hosted solution. We have a gateway that can call any H323 endpoint seemlessly and we have already certified to many different distance learning programs. Here is a short list of some of them:
o MSU Museum
o Alaska Sea Life
o Discovery Center
o St Louis University School of Medicine
o Challenger Learning Center
o Cranbrook Institute of Science
o Imagination Station
So basically from a laptop or PC in the class room you can connect directly to any one of these programs or call another software endpoint.
Michael, do you know if the client software can login to the server/hosted solution if the client is not on the server’s network?
Desktop Video Conferencing is truly an emerging solution for almost all types of businesses. Collaboration is becoming much more important in the workplace and video conferences undoubtedly enable better and richer collaboration. Companies nowadays, use desktop conferencing tools like RHUB, WebEx, gotomeeting, GoMeetNow etc. n order to conduct online meetings.