127
D14049.07
March 2010
Grey Headline
(continued)
TANDBERG
VIDEO COMMUNICATION SERVER
ADMINISTRATOR GUIDE
Introduction
Overview and
status
System
configuration
VCS
configuration
Zones and
neighbors
Clustering and
peers
Call
processing
Bandwidth
control
Firewall
traversal
Appendices
Applications
Maintenance
Bandwidth control examples
Example with a firewall
If we modify the previous example deployment to include
firewalls between the offices, we can use TANDBERG’s
Expressway™ firewall traversal solution to maintain connectivity.
We do this by adding a VCS Expressway outside the firewall on
the public internet, which will work in conjunction with the VCS
Control and Home and Branch office endpoints to traverse the
firewalls.
In this example, the endpoints in the Head Office register with
the VCS Control, while those in the Branch and Home offices
register with the VCS Expressway.
The introduction of the firewalls means that there is no longer
any direct connectivity between the Branch and Home offices.
All traffic must be routed through the VCS Expressway. This is
shown by the absence of a link between the Home and Branch
subzones.
VCS Expressway subzone configuration
The VCS Expressway has subzones configured for the Home
Office and Branch Office. These are linked to the VCS
Expressway’s Traversal Subzone, with pipes placed on each link.
All calls from the VCS Expressway to the VCS Control must go
through the Traversal Subzone and will consume bandwidth from
this subzone. Note also that calls from the Home Office to the
Branch Office must also go through the Traversal Subzone, and
will also consume bandwidth from this subzone as well as the
Home and Branch subzones and Home Office, Branch Office and
Head Office pipes.
In this example we have assumed that there is no bottleneck
on the link between the VCS Expressway and the Head Office
network, so have not placed a pipe on this link. If you want to
limit the amount of traffic flowing through your firewall, you could
provision a pipe on this link.
VCS Control subzone configuration
Because the VCS Control is only managing endpoints on the
Head Office LAN, its configuration is simpler. All of the endpoints
in the Head Office are assigned to the Default Subzone. This is
linked to the Traversal Subzone, through which all calls leaving
the Head Office must pass.
HOME OFFICE
BRANCH OFFICE
Branch Office
Subzone
Default
Subzone
Traversal
Subzone
Traversal
Subzone
Traversal
Client
Zone
Traversal
Server
Zone
Pipe A
Pipe B
Home Office
Subzone
INTERNET
VCS EXPRESSWAY
VCS CONTROL
Pipe C