Just trying to broaden my knowledge on the Engineering side of the VTC world. Can anyone provide the path of an secure and unsecure IP based VTC infrastructure for a govt client? Doesn't have to be a drawing. Just the name of the pieces in place. However if you do have a drawing that would be great. Good example would be a drawing that I could break down propose to a potential customer of how it works. I have some knowledge but I'm trying to get more in depth
There are a couple of generalisation here, i.e. what exactly do you mean by 'secure' and 'insecure'?
I'm going to assume that by insecure you mean just that - endpoint devices on the public internet directly accessible from the outside world. This is a simple deployment and generically you could deploy an endpoint for an organisation and either assign it a public IP address, or route traffic to it from a public IP address. Whilst this is simple and requires little infrastructure, it would required you to punch a big hole in your firewall, it is not particularity scalable, and can lead to multiple attack vectors. I would suggest that this probably isn't what a government organisation would be looking to deploy.
So, what else could be done? Well, in the Cisco world you would probably be looking to deploy something like the Video Communication Servers (VCS), either separately or in conjunction with Cisco Unified Call Manager (CUCM).
The VCS's provide a way to separate you VC devices from the outside world by providing a means of tunneling you video communication traffic through your firewall without the need to open many ports. They also separate the endpoints from direct external access meaning you have a single point of entry to protect. The VCS can provide dial plan facilities, meaning that multiple devices on the inside can be access via this single point of entry. The VCS devices are able to handle registrations from both SIP and H.323 devices (the protocol/standards that are generally used in videoconferencing)
CUCM is the product Cisco is now pushing which enables a single registration point for different devices and supposedly a simpler dial plan structure. To enable communications with the outside world, or for mobile users, CUCM still use the VCSs albeit with a slightly different licences. CUCM uses the SIP protocol exclusively, which means you may need another VCS to handle H.323 registrations.
In both the 'insecure' and 'secure' cases above, the actual calls themselves can be either unencrypted or encrypted.
I would look over the Basic Configuration of a VCS deployment from the Cisco VCS Documentation, which has some great diagrams right at the beginning.