VCON SecureConnect - PowerPoint PPT Presentation

1 / 18
About This Presentation
Title:

VCON SecureConnect

Description:

SecureConnect Family Overview. Extends the benefits of IP-based communications safely beyond ... Software watchdog for services. Other SecureConnect Features ... – PowerPoint PPT presentation

Number of Views:35
Avg rating:3.0/5.0
Slides: 19
Provided by: gord102
Category:

less

Transcript and Presenter's Notes

Title: VCON SecureConnect


1
VCON SecureConnect
  • Solutions for Secure Firewall Traversal
    Encrypted Communications

2
SecureConnect Family Overview
  • Extends the benefits of IP-based communications
    safely beyond the edges of the managed data
    network
  • Remote branch offices
  • Home office workers
  • Customers and business partners
  • Solves the connectivity problems associated with
    firewalls and NAT servers without jeopardizing
    security
  • Encryption option for securing media and
    signaling streams
  • Highly scalable and centrally manageable

3
Hurdles with Firewalls and IP-Based
Communications
  • Firewalls
  • Most are closed to inbound traffic.
  • Minimize or eliminate open ports.
  • NAT
  • Used on LANs to create private IP addresses
  • Addresses cant be reached from outside the LAN.

4
The VCON ALG Proxy Server
  • Overcomes Firewall and NAT Hurdles
  • Firewall cooperation and synergy
  • No firewall ports are opened in the inward
    direction
  • Firewall does not need to accommodate requests to
    open random or dynamic ports
  • External devices never connect directly to the
    inside network
  • Internal devices never connect directly to the
    outside network
  • Seamless Address Resolution
  • Creates reachable addresses for endpoints on
    the LAN

5
The VCON ALG Proxy Server
  • Able to securely proxy
  • Gatekeeper registration
  • Call setup messages signaling
  • Media streams (audio video)
  • Neighbor gatekeeper messages
  • VCON Interactive Multicast streams
  • MXM admin console login andremote device
    administration
  • Far-end camera control messages
  • Scalable up to 100 concurrent video calls per
    server
  • Available encryption option

6
ALG Proxy Server - continued
  • Supports any standard H.323 device (endpoint,
    MCU, gateway)
  • Media streams pass directly between conference
    participants
  • Configurable QoS (DiffServ or IP Precedence) for
    audio, video and data streams
  • Single and dual-server configurationsavailable

7
Single vs Dual-Server Config
Dual-Server Config
Single-Server Config
Public Network
Private Network
Private Network
Inside Proxy
Outside Proxy
Firewall or NAT
Inside Outside Proxy
  • Inside outside proxy elements of the ALG can be
    combined or split
  • Both configurations prevent direct connections
    between private and public network entities
  • With either configuration, the outside proxy can
    be encrypted for added security

8
Typical Headquarter / NOC Configuration
PC-Based Endpoints
ALG Proxy (Inside)
ALG Proxy (Outside)
Public Network
MXM
Firewall/NAT
Settop Appliance
Video Directory
MCU
9
Typical Branch Office or Small-Medium Business
Configuration
PC-Based Endpoints
ALG Proxy (Inside)
ALG Proxy (Outside)
Public Network
Firewall/NAT
Settop Appliance
MCU
  • Local devices point to the inside proxy for GK
    registration
  • Calls between local devices does not result in
    mediastreams passing through the ALG Proxy

10
Endpoints in the Public Address Space
ALG Proxy
Firewall/NAT
  • Remote devices point to the outside ALG Proxy for
    GK registration
  • Calls between outside devices does not result in
    mediastreams passing through the ALG Proxy

11
Multi-Zone Gatekeeper Configuration
Peer-to-Peer or Meshed
Hierarchical
MXM
ALG Proxy
  • Neighbor gatekeeper zone definitions utilize
    thepublic IP address of the outside ALG Proxy
    component

12
The VCON Advanced Encryption Server
  • Supports DES, 3DES AES encryption standards
  • Establishes peer-to-peer encryptedtunnels
    between authenticated users
  • Combine with ALG Proxy to encrypt all traffic
    that leavesthe proxy
  • Scalable up to 10,000 concurrently logged in
    clients and 1,000 concurrent calls per server
  • Remote users only have access to pre-determined,
    application-specific resources
  • Versus traditional VPN solutions, which give
    theuser full access to the enterprise or service
    provider network

13
The VCON Encryption Client
  • Supports PC-based devices
  • Windows 98, NT, 2000, XP
  • UserID and Password authentication to the
    Encryption Server
  • Encrypts signaling and media streams immediately
    as they leave the PC-based device
  • DES, 3DES, AES encryption standards
  • No charge downloadable client
  • Give to customers or business partners for access
    to video network
  • Downloadable from the VCON website

14
All PC-Based Devices Configuration
Advanced Encryption Server
Encryption Client
PC-Based Endpoints
Public Network
MXM
Firewall/NAT
VCB (MCU)
  • All PC-based devices running the Encryption
    Client are logged in to the Advanced Encryption
    Server
  • Data streams flow directly between the devices
    withoutpassing through the Encryption Server
  • Unless both participants have private IP addresses

15
Leveraging the ALG Proxy for Encryption
Advanced Encryption Server
Encryption Client
PC-Based Endpoints
ALG Proxy (Inside)
ALG Proxy (Outside)
Public Network
Firewall/NAT
Non-PC Devices
MCU
  • The outside proxy is enabled with encryption
  • This proxy only counts as a single client login
    on the Encryption Server
  • Allows encryption for non-PC devices, including
    MCUs
  • All traffic across the public network is encrypted

16
Versatility of the SecureConnect Solution
Branch Office or Small Business
Headquarter / NOC
Encryption Server
ALG Proxy
MXM
Public Network
ALG Proxy
Home Office
VCB
Road Warriors
17
High Availability Features
Dual NIC cards
RAID controller mirrored hard drives
Dual memory modules
Software watchdog for services
18
Other SecureConnect Features
  • 1 year software subscription included with all
    SecureConnect servers
  • Access to all SW enhancements for a period of 1
    year
  • Scalability upgrades accomplished via a license
    key
  • No need to take the system out of service
Write a Comment
User Comments (0)
About PowerShow.com