Expert Roundtable: AV Meets IT
Mar 1, 2008 12:00 PM, By Jay Ankeney
Prominent systems integrators discuss the challenges of bridging gaps between the two sectors.
In an era when security is so paramount, how do you deal with firewall transversal when communicating from one corporation to another? Are you often faced with limited access to a client's IP network?
McGinniss: A lot of companies will VTC [Video Teleconference] over IP internally, then use ISDN for outside their network because of their security concerns, firewall transversal issues, and the fact that the public Internet has inconsistent QoS, so one call may come through great and the next will be all jittery, depending on the time of day. Access to any corporate client's network is usually prohibited unless an AV or VTC subnet/VLAN has been created. Universities, on the other hand, are very accommodating and willing to open ports or create subnets.
Smith: Fortunately, the manufacturers we represent, such as Polycom and Tandberg, have developed excellent firewall traversal solutions, so securely traversing a firewall is fairly straightforward. However, and with good reason, we often still have some convincing to do when it comes the IT department. It is important that we develop an understanding of a client's visual communication requirements, including the need to communicate with other organizations on disparate networks. If two separate organizations have implemented firewall traversal then it's just a matter of neighboring their respective networks by registering their firewall traversal devices to each other. For organizations that have not implemented firewall traversal, when they need to communicate outside their network the most common method is to assign a NAT [Network Address Translation] address to the videoconferencing system. Or it can be placed outside the firewall on a public IP address.
Bianchet: As they should be, companies are very protective of who has access to their network. Leading manufacturers of videoconferencing products have made devices that allow companies to traverse firewalls, but it is often a more complicated situation than technologies can solve. Many corporations have policies about who and what can touch their network, which can be more of a political discussion within their company. Some companies have even gone to the extent of setting up a secondary network to run their videoconferencing so they don't have work around getting into their data network at all.
Bellehumeur: If you have clients in the government, medical, and financial sectors, you are going to have a very tight lockdown policy, which is often rooted in law. We have some clients who just reach the breaking point after painful installations, which results in mediocre client satisfaction. They finally discover that others in their sector have maintained their legal obligations and adopted firewall traversal along with remote-management services and encrypted audio and video technologies. The irony is that some “locked down” facilities can easily be breached over older ISDN lines, simply because no one is focusing on properly configuring and maintaining that vector anymore. With IP to ISDN, gateways structured within the AV and IT domain, success and greater economy can be realized in measurable ROI.
Polly: If the client will not give us access, we try to convince them that remote control and monitoring is essential. Sometimes we have had them subscribe to DSL or Cable ISP to provide us with our own dedicated Internet access to their systems. And yes, we are often faced with limited or no access to the client's network.
Acceptable Use Policy blog comments powered by Disqus