cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
Announcements
603
Views
0
Helpful
7
Replies
Highlighted
Beginner

VCS-C and VCS-E deployment scenario

Hi all,

I have a Edge 95MXP with multisite option for 4 sites conference via Internet (not WAN). Now I want to use Jabber Video. As I know, VCS-C and VCS-E are required. But my scenario is a little different from deployment guide: internal network is replaced by Internet so there's no need VCS-C, only VCS-E is needed (I guess so). Does anyone give me some advices to complete this?

Thanks.

7 REPLIES 7
Highlighted
Collaborator

The VCS-E starterpack will probably be the best option:

http://www.cisco.com/en/US/prod/collateral/ps7060/ps11305/ps11315/ps11337/data_sheet_c78-697075.html

Another option could be by registering your system with a SIP registrar service and use the "free" version of JabberVideo, which is hosted by Cisco; https://www.ciscojabbervideo.com/home

If you don't register it with a SIP registrar, then JabberVideo will be able to call your end-point using the IP address, however, SIP must be turned on and the address must be prefixed by anything@, i.e. a@123.123.12.1 - however, you will not be able to call the JabberVideo client from your system.

If none of the above suits, then a cloud-based service might be the go.

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
Highlighted

Hi Jens,

I also know that VCS-E starter pack is the best choice in my case but the problem is my company has bought VCS-C and VCS-E before so I have to use these devices. 

Highlighted

So do you also have TMS and JabberVideo clients which you provision?

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
Highlighted

Yes, I have TMS and Jabber Video Client

Highlighted

Do you have provisioning option key for the VCS-C or the VCS-E - where does the TMS server sit, in the public as well? - and there is absolutely no way you could put everything apart from the VCS-E behind a firewall?

(Just trying to picture your deployment, but a bit hard if we don't know about all the pieces in the puzzle )

/jens

Please rate replies and mark question(s) as "answered" if applicable.

Please rate replies and mark question(s) as "answered" if applicable.
Highlighted

Hi Jens,

I have provisioning option key already, TMS server's behind the firewall (not in public network)

Highlighted

So you would have

a) Internet<--->VCS-C<---VCS-E--->Internet or

b) Internet<--->VCS-C<--->Internet or

c) Internet<-->VCS-E<--->Internet

Which combination you use depends on what you want to be able to do;

a) will allow you to connect to end-points which are behind a firewall and using VCS-E/VCS-C, or similar, set-up.

Provisioning would be done on the VCS-C as per normal. Your end-point and JabberVideo client registers to the VCS-C.

b) will be more restrictive, no firewall traversal available "out of the box" so to speak. Your end-point and JabberVideo client again registers to the VCS-C.

c) will require VCS-E to have the provisioning key installed, but you will have the firewall traversal ability as per a), your end-point and JabberVideo client registers to the VCS-E.

Guess the next thing to look at would be number licenses, traversal and non-traversal required in the above scenarios, in my opinion option b) will be the least expensive, but also the most restrictive.

You'll have to look at the proposed usage before deciding the most economical solution; i.e. the VCS-C will come with a number of non-traversal and traversal licenses, whereas the VCS-E will not come with any non-traversal licenses.

Take a look at this thread: https://supportforums.cisco.com/thread/2103952 re licenses.

I don't particulary like any of the above options, but I would choose c) if I absolutely had to use one of them.

What is obvious is the security side of this deployment, or more to the point; lack there-of, which I'm sure you're acutely aware of, but still...

I would disable SSH or at least, if using the VCS-E, use firewall rules to allow access from specific IP addresses.


Communication with TMS needs to be secure and VCS Root and Admin passwords needs to be seriously strong, and I would also turn off SIP UDP as these boxes will come under attack pretty quick being out there in the wild.

/jens

Please rate replies and mark question(s) as "answered" if applicable

Please rate replies and mark question(s) as "answered" if applicable.