09-21-2012 11:03 PM - edited 03-17-2019 11:50 PM
Hi
I would like to know is it adivisable to place the vcs control, TMS, MCU behind the Data Center Firewall. I have see only documents related to vcs expressway behind fireall. Please let me know the best practice
Krishna.
09-22-2012 12:04 AM
Most common type of deployment would be TMS, MCU, end-points and VCS-C behind firewall with VCS-E outside the firewall either in DMZ or public. Then you create a firewall traversal zone between the VCS-C and VCS-E.
Additonal security can be achieved by using VCS-E with double NIC configuration.
Also see:
/jens
09-22-2012 02:30 AM
Hi Jens,
Thanks for your reply. Customer would like to have VCS CONTROL, MCU AND TMS behind Data Center firewall. I would like to know if this is recommended.
Krishna.
09-22-2012 03:33 AM
Hi Prakash,
can you be more clear about your requirement.
do you want this devices to put behind the firewall just for the security purpose ?? if yes, then it could be done but then you need to open the ports for proper communciation and media to pass thorugh the firewall.
Rgds,
Alok
09-22-2012 03:43 AM
I would personally use the VCS-C/VCS-E combination which will give you, among other things, secure firewall traversal.
/jens
09-22-2012 04:06 AM
Jena,
i think what prakash is looking for just for internal communication. they don't have a requirement for communication on public.
Lot of customers do this for security and even there internal endpoints in lan communicate to devices like MCU, VCS-C and TMS through the firewall.
If Prakash can elaborate what is his requirement that would be good for giving more recommendation.
cheers
Alok
09-22-2012 08:08 AM
Dear Alok,
the cusotmer requirement is to protect the MCU, VCS- C, TMS and they want to put them behind the firewall. so that endpoint commuicate through the internal datacenter firewall. is this recommened?
Krishna.
09-22-2012 08:26 AM
Hi Krishna,
I got the scenario what end customer is looking for.
I won't say is it recomended or not because no where specifically written that it can't be. I know couple of customers running same kind of setup. Specially i have seen this kind of implementation in India.
Considering your scenario, you need
- open the signaling ports for the endpoints so that it can communicate to VCS
- you also would like to consider a scenario where some one dial to MCU directly. for that as well you have to open the port
- you need to open the media ports
a) when the endpoint dial to MCU and media is send to MCU
b) when the endpoint 1 dial to endpoint 2 and its a traversal call or your forced the encryption through subzone. in this case the medai would be traversed through the VCS
c) for any communication to Lync server
- you need to open the ports for endpoint managment via TMS
Thnx
Alok
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide