Extending Video Communications Securely Beyond the Enterprise
Product Overview
The Cisco TelePresence® Video Communication Server Expressway (Cisco VCS Expressway) deployed with the Cisco TelePresence Video Communication Server (Cisco VCS) enables smooth video communications easily and securely outside the enterprise (Figure 1).
Figure 1. Cisco TelePresence Video Communication Server Expressway Firewall Traversal
The Cisco VCS Expressway enables business-to-business video collaboration, improves the productivity of remote and home-based workers, and enables service providers to provide video communications to customers. The application performs securely through standards-based and secure firewall traversal for all Session Initiation Protocol (SIP) and H.323 devices. As a result, organizations benefit from increased employee productivity and enhanced communication with partners and customers.
The Cisco VCS Expressway uses an intelligent framework that allows endpoints behind firewalls to discover paths through which they can pass media, verify peer-to-peer connectivity through each of these paths, and then select the optimum media connection path, eliminating the need to reconfigure enterprise firewalls.
The Cisco VCS Expressway is built for high reliability and scalability, supporting multivendor firewalls, and it can traverse any number of firewalls regardless of SIP or H.323 protocol.
Administrators have a choice of implementing the Cisco VCS Expressway either as an appliance or as a virtualized application on VMware or similar virtual environments, with additional support for Cisco Unified Computing System™ (Cisco UCS™) platforms.
Benefits of Cisco VCS Expressway
• Advanced firewall traversal: The Cisco VCS Expressway traverses any number of firewalls, making it easy for enterprises to collaborate more closely with external partners and suppliers.
• Optimal media routing: The Cisco VCS Expressway offers Simple Traversal of User Datagram Protocol Through Network Address Translation (STUN)-compliant firewall traversal, which provides endpoints with an intelligent framework to determine the best path for media connectivity.
• Increased competitiveness: The Cisco VCS Expressway helps enterprises become more competitive through real-time video communications across geographically dispersed teams.
• Improved productivity: The Cisco VCS Expressway empowers remote and home-based workers to collaborate more effectively with colleagues while helping cut travel costs.
• Robust security: The Cisco VCS Expressway uses standards-based device authentication for easier control over the network and safeguards external video communications.
• Flexibility: Administrators can implement the Cisco VCS Expressway either as an appliance or as a virtualized application to meet the needs of their organizations.
Features of the Cisco VCS Expressway
• Firewall traversal services: The Cisco VCS Expressway offers all the functions of Cisco VCS Control. However, its main feature is that it acts as a firewall traversal server for other Cisco networks and any traversal-enabled endpoints that are registered directly to Cisco VCS Expressway. The Cisco VCS Expressway uses SIP or H.460.18/19 for firewall traversal of signaling and media across a range of ports.
• Cisco Expressway also enables mobile worker access to collaboration services using Cisco Jabber clients registered to Cisco Unified Communications Manager.
• Registration of traversal-enabled endpoints: The Cisco VCS Expressway can register traversal-enabled endpoints directly for firewall traversal. You can configure the endpoints with a range of firewall traversal preferences such as protocols, ports, registration attempts, and keepalive intervals.
• Traversal Using Relays for NAT (TURN) relay services:
– The Cisco VCS Expressway provides TURN relay services to Interactive Connectivity Establishment (ICE)-enabled endpoints to allocate relays for the media components of the call. The endpoints perform connectivity checks through ICE to determine how they will communicate.
– For communications between the VCS and external Microsoft Lync servers and clients that are registered through a Microsoft Edge Server, a Back-to-Back User Agent for Microsoft Lync is provided with Cisco VCS Expressway.
• Call-routing services: The Cisco VCS Expressway supports a wide range of call-routing services, including alphanumeric Uniform Resource Identifier (URI) dialing. Additionally, the Cisco VCS Expressway can take advantage of the Domain Name System (DNS) Service Record (SRV) configuration to advertise availability to parties outside the local network, creating a rich peer-to-peer capability.
• Policy engine for processing calls: The Cisco VCS Expressway allows administrators to set systemwide policies that determine how incoming or outgoing calls should be allowed, rejected, or redirected to a different destination based on criteria such as time of day, source or destination address, or more complex algorithms.
Table 1 lists the features and benefits of Cisco VCS Expressway.
Table 1. Features and Benefits
Feature
Benefit
User Interface
Web browsers supported
• The web interface supports Internet Explorer 8 or 9; Firefox 3 or later; and Chrome
Management interfaces
• Support for industry standards such as HTTP and Secure HTTP (HTTPS), XML, Simple Network Management Protocol (SNMP v1, v2, and v3), Secure Copy Protocol (SCP), and Secure Shell (SSH) Protocol
• Embedded setup wizard for initial configuration
• Integration with Cisco TelePresence Management Server (TMS) Version 12.5 or later
• Support for call logging and diagnostics
• Local time-zone-aware
Language
• English, Chinese (Simplified), French, German, Japanese, Korean, Russian and Spanish
Firewall traversal
Traversal services
• Cisco TelePresence Expressway technology
• STUN discovery and STUN relay services
• Firewall traversal STUN-compliant
• H.460.18/19-compliant
• H.460.18 client-proxy support
• Support for H.460.19 multiplexed media
• SIP support
Remote Collaboration Services Supported to Unified CM
• XMPP for instant messaging
• HTTPS for Logon, Provisioning/Configuration, Contact Search, Visual Voicemail services
• SIP for Session Establishment, Register, Invite, via Unified CM
• RTP/SRTP for Audio and Video
• Binary Floor Control Protocol (BFCP) for Content Sharing
Endpoint Registration and Session Management
Supported endpoints
• Cisco VCS Expressway is compatible with any standards-compliant H.323 or SIP videoconferencing or telepresence device
• Provisioning and configuration are supported only for Cisco TelePresence endpoints
• Mobile worker access to video and unified communications (UC) services are supported by Cisco Jabber Video for TelePresence (Movi) and Cisco Jabber Unified Communications applications respectively (Note: For full details, please see the relevant release notes for the version(s) of Cisco Jabber that you are using)
• Cisco Jabber UC applications must be registered to Cisco Unified CM version 9.1.2 or later
Endpoint registration
• Support for manual registration of H.323 and SIP endpoints
• Support for registration of H.323 ID and E.164 aliases and services
• Support for Unicode (UTF-8) registration for global implementation
Session control
• Support for H.225/Q.931, H.245 call-control routed mode, and non-call routed mode
• Support for H.323-SIP Interworking Encryption
• Support for H.323-SIP Interworking DuoVideo
• Support for URI dialing
• Support for direct call signaling among neighbored Cisco VCSs, border controllers, and gatekeepers
• Support for call policy management (RFC 3880),including call policy and user policy (Cisco TelePresence FindMe)
• Support for conference hunting for multipoint-control-unit (MCU) cluster
• Support for call routed mode
• Support for call loop detection
Zone control and bandwidth management
• Support for remote zone monitoring
• Support for remote zone redundancy
• Support for up to 1000 neighbor zones (including Cisco VCSs, border controllers, gatekeepers, and SIP proxies)
• Support for subzone area definition for bandwidth management
• Support for flexible zone configuration with named zones and default zone
• Support for forwarding of requests to neighbor zones
• Support for registration control (open, specifically allow, and specifically deny)
• Support for interzone bandwidth management: Definable call by call
• Maximum bandwidth per call
• Maximum aggregate bandwidth for all neighboring zones
• Support for intrazone bandwidth management: Definable call by call
• Maximum bandwidth per call
• Maximum aggregate bandwidth
• Support for auto-down-speeding if call exceeds per-call maximum
• Support for gateway load balancing
• Support for automatic network failover
• Support for capacity warnings for users and administrators
Network
• Support for DNS addressing
• Support for IPv4 and IPv6 simultaneously
• Support for IPv4 and IPv6 translation services
Scalability and Capacity
Single VCS capacity:
(appliance or small and medium virtual-machine deployments)
• The capacity of one Cisco VCS (appliance or small and medium virtual machine) follows:
• Up to 2500 registrations
• Up to 500 nontraversal calls
• Up to 100 traversal calls
• Up to 1000 subzones
Single VCS capacity:
(large virtual-machine deployments)
• The capacity of one Cisco VCS (large virtual machine) follows:
• Up to 5000 registrations
• Up to 500 non-traversal calls
• Up to 500 traversal calls
• Up to 1000 subzones
Clustered VCS capacity
• Up to six VCS appliances or virtual machines can be clustered to increase capacity and provide redundancy.
• Clustering increases the maximum registrations, traversal, and nontraversal calls by up to four times.
Microsoft Lync Interworking Capacity
The maximum number of calls interworked to Microsoft Lync is 100. It is highly recommended that a separate VCS-Control server is deployed for use as a dedicated Microsoft Lync gateway.
System Security and Resilience
Security features
• Secure management with HTTPS, SSH, and SCP
• Secure file transfer
• Inactivity timeout
• Ability to lock down IP services
• Authentication required on HTTP(S), SSH, and SCP
• H.235 authentication support
• Transport Layer Security (TLS) for SIP signaling
• Roles-based password-protected GUI user access
• Ability to enforce strict passwords
• Ability to disable root access over SSH
• Automated intrusion protection
• Delegated credential checking across a traversal zone
• Federal Information Processing Standards (FIPS) 140-2-compliant cryptographic modules
Resilience and reliability
• Ability to deploy Cisco VCS Expressway in a redundant (six) cluster
• Ability to share licenses across a cluster
• Ability for registrations to survive system restart
• Ability to replicate configuration for clusters
• Ability for the Cisco VCS Expressway process to recycle within seconds
• Support for Cisco VCS Expressway H.225 Alternate Gatekeeper
Product Specifications
Table 2 lists the Cisco VCS Expressway virtualized application and physical appliance specifications.
Table 4. Ordering Information for Cisco VCS Expressway
Product Name
Part Number
Compliance Model Number
Cisco TelePresence Video Communication Server Expressway
(VCS Expressway Appliance)
Comes with: Cisco TelePresence Video Communication Server, Expressway feature, Gateway Feature, 1800 TURN Relay Option, Cables
Note: A minimum of 5 traversal licenses must be selected when ordering the VCS Expressway Appliance
CTI-VCS-EXPRESS-K9
TTC2-04
Cisco TelePresence Video Communication Server Expressway
(Virtualized Application)
Comes with: Cisco TelePresence Video Communication Server, Expressway Feature, Gateway Feature, 1800 TURN Relay Option, VCS-Dual Network Interface Feature
Note: A minimum of 5 traversal licenses must be selected when ordering the VCS Expressway Virtualized Application
R-VMVCS-EXPWY-K9
TTC2-04
Ordering Options for the Cisco VCS Expressway
5 Traversal Calls for Cisco VCS Expressway
LIC-VCSE-5
N/A
10 Traversal Calls for Cisco VCS Expressway
LIC-VCSE-10
N/A
20 Traversal Calls for Cisco VCS Expressway
LIC-VCSE-20
N/A
50 Traversal Calls for Cisco VCS Expressway
LIC-VCSE-50
N/A
Additional 10 Non-traversal calls for Cisco VCS Expressway
LIC-VCS-10
N/A
Additional 20 Non-traversal calls for Cisco VCS Expressway
LIC-VCS-20
N/A
Additional 50 Non-traversal calls for Cisco VCS Expressway
LIC-VCS-50
N/A
Additional 200 Non-traversal calls for Cisco VCS Expressway
LIC-VCS-200
N/A
Additional 300 Non-traversal calls for Cisco VCS Expressway
LIC-VCS-300
N/A
Enable Device Provisioning for Cisco VCS
LIC-VCS-DEVPROV
N/A
Advanced Networking for Cisco VCS Expressway (Dual Network Interface)
LIC-VCS-DI
N/A
VCS FindMe Application for Cisco VCS Expressway
LIC-VCS-FINDME
N/A
VCS Enhanced Microsoft Collaboration
LIC-VCS-OCS
N/A
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services can help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, visit Cisco Technical Support Services online.
For More Information
For more information about the Cisco Video Communication Server Family, please visit http://www.cisco.com/go/vcs or contact your local Cisco account representative or authorized Cisco partner. Product specifications are estimates and subject to change without notice.