Just about to embark on a pretty simple video deployment for a customer next week and I have a couple questions about the 4501 and also encrypting traffic.
8 Quickset C20's at remote locations
VCS Control, 4501 MCU, TMS - installed on common vlan at central site.
dedicated MPLS WAN for connectivity between all locations - no other traffic on these links but telepresence.
the network admin at my customer site made comment about potentially installing the bridge outside the firewall apart from the endpoints.
In all the reading material I can find, there's not much documentation on video bridges living outside of a firewall. My thought is dont do it...why complicate matters.
Other question is about the merits of enabling encryption between the C20's and the VCS, as well as the C20's and the MCU.
If all the equipment ends up on a private IP cloud - my goal is to push the customer to deploy everything behind a firewall so as not to complicate the deployment. But if he insists, we would have to poke holes through firewall for the sip signalling and the range of dynamic ports for the rtp media.
Does anyone have any strong opinion about this one way or the other?
By default Port B is disabled on the Cisco TelePresence product. The activation of the video firewall feature allows Port B to be enabled. In a video firewall deployment, one of the ports is connected to the local network (typically Port A) and the other (typically Port B because Port B cannot use DHCP) is connected to the Internet. This allows the MCU to host conferences with a mix of participants from the internal and external networks. This does not compromise your network security because the MCU will never route packets between the two ports, not even media packets.