Page 1


Current and Future Threats


How cloud services and distributed architecture is changing the visual collaboration landscape

Managed Services

Video Infrastructure

Critical questions for your managed service provider

Gear and guidance to build a next generation VNOC


Telepresence and Videoconferencing Catalog Highlights!

2012 Summer 2012

Summer ISSue


Open Standards-Based UC Solutions for Video, Voice, Telepresence, and Mobile Collaboration. Polycom has them, and they are Cisco-Ready. Your most important unified communications (UC) and collaboration strategy decision should be an educated one, not just based on what’s familiar or short-term offers, and it should be free from expensive single-vendor lock-in. Polycom has 44 unified communications solutions that Interoperate with Microsoft ® Lync™ —have video integration with IBM ® Connections—use voice triangulation and face finding technology to focus on your speaker. Cloud solutions. Mobile solutions. Solutions that work with your Cisco® investments. You choose your best solution. Polycom and our 7,000 worldwide alliance and channel partners make it work for you. For more details visit www.polycom.com/cisco.

©2012 Polycom, Inc.

keeping u in touch With or without wires, it’s what we do at AT&T. Whether you connect to immersive, desktop or mobile devices, AT&T Telepresence Solution can help you interview an IT director in India, brainstorm with the brand team in Brazil, confer with a consultant in Croatia, or settle with a supplier in Shanghai. AT&T Telepresence Solution gives customers a unique as- a-service approach and a range of flexible options – all delivered as part of an effortless video experience, and the opportunity to get the most value for their investment. Our vision is for our customers to connect whenever they want, to whomever they want, from whatever device they want. It’s a network of possibilities – helping you do what you do even better. See what’s possible for your business.

For more information, please visit www.att.com/telepresence

© 2012 AT&T Intellectual Property. All rights reserved.

Table of Contents

Telepresence Options Summer, 2012

Letter from the Publisher.............................................................6 Videoconferencing Infrastructure: A Primer..............................8 The basics of the “Big Iron” that make telepresence and videoconferencing possible


The Cloud, Videoconferencing, and You.................................. 16 Everybody’s talking about the cloud. What does it mean for videoconferencing?

The Great Debate: The Case for Building Your Own VNOC vs. The Case for Managed Services............................................... 20 A Fortune 500 videoconferencing manager with a VNOC and 500+ rooms explains why they do it all themselves


Internetworking Telepresence and Videoconferencing ............................................................. 26 Terrestrial, satellite, Internet, and mobile networks for video

Videoconferencing Security...................................................... 34 Present and future threats

The Telepresence and Videoconferencing Catalog................ 40


20 In the next issue (Spring 2013) Inter-Company Telepresence and Videoconferencing Sign up now to get your free copy at www.telepresenceoptionsmagazine.com!



Summer 2012


Publisher’s Letter


elcome again to our second edition of Telepresence Options Magazine, the only magazine focused on telepresence, videoconferencing and visual collaboration. In many ways the term “magazine” is something of a misnomer here. While we produce each issue with the best qualities of a magazine—glossy cover, portability, compelling images that illustrate and enlighten—the articles are meant to be more than transient scribbles that provide filler between ad pages. Our goal is to educate, to enlighten, to provide “news you can use” that explains complicated subjects to a sophisticated audience. Each issue is created to be a reference work that can be filed away and leaned on again and again.

Howard S. Lichtman, Publisher

Our last issue focused on “End-points and Environments,” spanning stage solutions, podiums, retail and robots. Readers responded that they had no idea there were so many different options available for telepresence, videoconferencing and visual collaboration. The goal for this issue is to provide a sophisticated tutorial on what it takes in the back-end to create an effective visual collaboration capability for your organization. Whether that organization is a five-person advertising agency looking for a cloud-based solution to better connect with potential clients or a 50,000 employee global multinational building a multi-million dollar VNOC and immersive telepresence capability.

Find Us On the Internet



www.facebook.com/pages/ Telepresence-Options/ 136909577367

www.youtube.com/user/ telepresenceoptions

With so many organizations turning to telepresence, videoconferencing and effective visual collaboration to connect with their employees, customers, partners and vendors, this issue couldn’t come at a better time. The latest research from IDC shows that while industry growth has cooled from the blistering 23-25 percent year-over-year growth rate, it maintains a very respectable 14 percent year-over-year rate in the first quarter of 2012. Even better, the industry continues to innovate. We cover that innovation in this issue, from cloud solutions that solve the interoperability between consumer solutions and standardsbased videoconferencing to the new products that keep getting listed in the Telepresence and Videoconferencing Catalog. In this issue we explain the basics of the kind of gear required for telepresence and videoconferencing. We also sponsor a debate on when it makes sense to own and manage the gear yourself and when it makes sense to outsource to a managed service provider. We then examine the dynamics of cloud-based video solutions in their many varieties. Finally, we look at the current and future threats to videoconferencing security, including tips on securing your videoconferencing environment.

EDITORS David Maldow, Steve Wilson advertising THE AMERICAS Kirk Dennis Info@TelepresenceOptions.com +1 (303) 659-2825 art & production ART DIRECTOR Everard Strong, www.Big-E-Productions.com subscriptions Telepresence Options, 43861 Laurel Ridge Drive, Ashburn, VA 20147 www.TelepresenceOptions.com/ Magazine Tel: +1-512-828-7317 (8:30am – 5 p.m. EST) Fax: +1(480) 393-5435 general inquiries Info@TelepresenceOptions.com REPRINTS & PERMISSIONS Info@TelepresenceOptions.com Telepresence Options is published twice a year at a rate of $14 by the Human Productivity Lab. Copyright © 2012 Human Productivity Lab. All rights reserved.


Check back with us next time as well, when we’ll focus on intercompany telepresence and videoconferencing and the latest and greatest in new visual collaboration solutions.

Telepresence and Videoconferencing Catalog

Telepresence Options

www.scribd.com/Telepresence %20Options


EDITORIAL EDITOR IN CHIEF Howard S. Lichtman HSL@TelepresenceOptions.com

Telepresence and Videoconferencing Catalog



• HD Broadcast Quality Video Conferencing • Available in a “Pay-As-You-Go” model • Available in all countries on land, sea and air • All-inclusive EMC Managed Services • Based on EMC patent-pending VMS


• Browse the Internet at data center speeds • Guaranteed 100Mbps upload/download speeds • Secure access for public and private cloud services • Superior performance in all latency conditions • Drastic reduction in security points and rewalls


+1 800 383 7137

VideoConferencing Infrastructure

Videoconferencing Infrastructure:

A Primer



VideoConferencing Infrastructure If you are kicking around the idea of using telepresence and videoconferencing on a large scale then you’ll need some “Big Iron.” Here is a primer on the basics:

Infrastructure Elements


he products and solutions described below form the basic elements of a complete videoconferencing infrastructure. Keep in mind that some products combine functions (a conference manager may include a gatekeeper, some bridges do recording, etc..). MCU / Video Bridge A Multipoint Control Unit (MCU) enables multipoint (or multiparty) videoconferencing. MCUs are often called “video bridges,” since they make connections between multiple videoconferencing endpoints. In most cases, when you see a videoconference with multiple people in a “Hollywood Squares” format, an MCU is receiving a video stream from each endpoint, composting those video streams into a single image, compressing the new composited image and sending it back to your videoconferencing end-point, which then displays the “Hollywood Squares.” To create successful sessions that include three or more endpoints, MCUs perform two key functions: Signaling: Controlling the flow of data to and from each connected endpoint MCUs can either accept incoming calls from video endpoints or call out to the endpoints to establish a connection. Once they make the connection, the MCU must route the incoming audio and video signals from each endpoint in a conference to all other endpoints in that conference. In the diagram above, the red, blue and purple endpoints are in one conference, while the orange, black and green endpoints are in another conference. The MCU connects to all six endpoints and routes the signals accordingly. MCUs are expected to host multiple videoconferences simultaneously, add and drop participants from conferences, block audio and/or video to or from any particular participant in any particular conference, merge conferences, etc. They perform all these tasks by signaling control. Transcoding: Decoding incoming data from one endpoint and re-encoding it in a new format before sending it to a second endpoint. Videoconferencing products vary greatly from vendor to vendor, and even from product to product, and all support some—but not all—of the many video, audio and signaling protocols in use throughout the industry. By transcoding signals, MCUs can allow two otherwise incompatible endpoints to connect. For example, if one endpoint ONLY supported AAC-LD audio and another ONLY supported G.722 audio, an MCU could transcode the AAC-LD audio to G.722 and vice

Summer 2012


VideoConferencing Infrastructure endpoint, sending high-resolution signals between high-res endpoints and transcoding it down to low resolution for the low-res endpoint. Each connected endpoint sends the bridge its highest-quality signal and the bridge sends each endpoint the highest-quality signal the endpoint can handle. Transcoding also allows for additional layout options. Early MCUs that didn’t support transcoding only offered one video layout, commonly referred to as VAS (Voice Activated Switching). Each participant would see a full-screen view of the active speaker, while non-speaking participants would be off-screen. Transcoding bridges can create CP (Continuous Presence) layouts where all participants can be seen at all times. Today’s MCUs often offer a selection of hybrid or custom layouts that can show everyone in the conference while giving the active speaker more space. 

Figure 2: MCU Signaling

versa, allowing the two endpoints to share audio. In addition to breaking incompatibility barriers, transcoding can also improve quality of experience for a videoconferencing session. Without transcoding, if one lowresolution endpoint participated in a conference, the MCU would have to use low-resolution connections between all endpoints. Each endpoint would only send the MCU a lowresolution signal so that the highest common denominator (the low-res endpoint) could handle it. By transcoding, the MCU can create a custom signal for each participating

MCUs can be hardware- or software-based and externally hosted or installed on customer premises. Like many things in life, video network infrastructure is all about trade-offs— pricing comparisons are generally made on a per port (or per connection) basis. A video bridge that costs $10,000 and can support a 10-person meeting would be considered a $1,000-perport bridge. The discussion becomes more complicated with variable capacity bridges, where all connections are not equal. These bridges may allocate more resources (processor power) to higher-resolution connections. In effect, this means the bridge’s

Figure 3: there are many cp layout options



VideoConferencing Infrastructure capacity depends on what types of calls it is hosting. For example, the Polycom RMX 4000 can support 120 HD (720p) connections, or 360 lower definition (CIF) connections, making its capacity and price-per-port calculations flexible. When comparing pricing, determine what types of connections you expect and the call volume you’ll need. You should also consider the following: • Overall call quality • Integration with other elements of the environment • Ease of use (for conference administrators and call participants) • Scalability

VidyoRouter One of the most interesting new approaches to the MCU comes from internet-friendly SVC pioneer Vidyo. Unlike traditional MCUs that receive a video stream, decompress, composit, and recompress which adds latency, the VidyoRouter acts more like a “traffic cop” directing the various video streams to their final destination where they are composited into the screen format of the end-user’s choosing. The company recently released a completely virtualized version of the VidyoRouter that runs on cloud computing platforms offered by Amazon, Rackspace, and others where clients can run multiple, geographically-diverse instances with no investment in hardware, co-location, etc ... Marty Hollander, a Senior VP at Vidyo pitches us on the advantages: “When one uses legacy infrastructure components (MCU) and a less resilient codec (H.264 AVC), a managed network helps to offset some of the weakness of the legacy solution. “But Vidyo users can deliver a higher quality solution using best efforts networks (Internet, wireless, etc.), and because they are using a routing architecture rather than a transcoding architecture and using H.264 SVC, they can deliver higher quality service without the costly overhead of a managed network service provider. And this does not need to be just desktop and mobile devices, but may include room systems and it can all be done with no upfront capital.”

Summer 2012

Management Solutions A conferencing manager is responsible for the devices in the environment, the conferences taking place between these devices, and the traffic on the network. Management solutions can be deployed as software or hardware for these functions are often bundled with other conferencing infrastructure elements.

Device Management


oday’s business-class videoconferencing and telepresence endpoints are not simple, plug-and-play consumer appliances. They are technical pieces of equipment that require IT and networking knowledge to set up and maintain, and an even higher level of expertise to truly optimize. Device management includes a wide variety of tasks that all fall roughly into three categories:

Provisioning: Configuring the software options of videoconferencing devices to meet network requirements and conferencing manager preferences. Updating: Applying software updates to devices. Monitoring: Ensuring endpoints are on line and operational. Unfortunately, configuring the software settings for a videoconferencing endpoint is not a trivial matter. Even assigning dialing addresses to the devices can be beyond the layman videoconferencing user’s ability. The administrative settings menus can contain numerous sub menus, each with their own submenus. Any incorrect settings can create hard-todiagnose call experience issues (i.e. duplex mismatch between network speed settings can cause effects resembling packet loss), or even make calls fail entirely. An unfortunate stereotype about videoconferencing is that the 3:00 meeting doesn’t really start until 3:20 because someone has to spend 20 minutes bouncing through settings menus to figure out why the call isn’t working. Without good device management, that stereotype becomes reality.


VideoConferencing Infrastructure An organization with a small videoconferencing deployment doesn’t necessarily require a device management solution. The devices generally come with remote controls and the settings can be changed on screen. In addition, most devices offer a web interface, allowing administrators to conveniently browse to the device and control it from their desktop PC. Though users can provision, update and monitor manually, management solutions provide scalability and automation. It is much more efficient to update 300 endpoints by clicking “Update Group A” on a management solution than to do by it manually by browsing to each endpoint, one by one. Just keeping track of which endpoints have and haven’t been updated is a task within itself when done manually. Administrators can also provision on a group basis, giving them an extraordinary level of control. Different groups of endpoints can be provisioned to make connections using more or less bandwidth depending on their needs and usage.

quick meeting creation. A conference template could include the call speed, network, protocols, resolution settings, layout preferences, and more. Management solutions also let administrators control meetings in progress. Conference control options can include a number of items such as the ability to mute or unmute participants, change the layout, disconnect participants, and add new participants to the meeting.

Network Management


n general, video calls use a lot of bandwidth, increasing stress on the network as more and more workers turn on to the productivity benefits of videoconferencing. The rise of highbandwidth applications such as telepresence and high-definition videoconferencing in recent years has further added to the bandwidth problem.

Management solutions also provide automated monitoring in the form of daily sweeps (or test calls) to all devices on the network. It could also include “heartbeat monitoring,” where the solution continuously pings the device to check if it is still on and connected to the network. Advanced monitoring solutions can even be alerted to specific device failures (i.e. “microphone disconnected”). All of these monitoring tools give administrators a fighting chance to address device-related issues before they can ruin a meeting. When choosing a management solution, keep in mind that not all solutions work equally well with all devices. The top videoconferencing device vendors all provide their own management solution: Polycom’s Converged Management Application (CMA), LifeSize’s LifeSize Control, and Vidyo’s VidyoPortal, to name a few. Not surprisingly, a few of these solutions have a higher level of integration with the endpoints offered by that particular vendor. It can come down to a choice between a solution that has the desired functionality or one with native integration to the devices existing in the environment.

Conference Management


sers often need help with everything from dialing a call to un-muting their microphone, to say nothing of advanced features such as sharing digital media or creating a multiparty meeting. Most leading MCUs already include a fairly comprehensive user interface allowing administrators to perform essential conference management functions. Administrators tasked with creating and controlling videoconferencing meetings may have dozens of simultaneous meetings taking place on a number of MCUs, and management solutions give them scalability and automation. These solutions let administrators manage all these meetings from a single interface. Conferences can be created ad-hoc or scheduled so that the management solution will direct the MCU to dial out to the correct endpoints at the appropriate time using the correct conference settings. Conference management solutions often leverage conference templates, or saved meetings, to allow for 12

The ScienceLogic Telepresence and Videoconferencing Management Platform provides a number of dashboard views allowing administrators to drill down on network bandwidth, individual endpoints, or video network infrastructure components. When we asked Erik Rudin at ScienceLogic why enterprise and managed service clients were using its solution to monitor and manage devices and networks, he explained: “We see customers looking for technology to help manage the rapid growth of video endpoints as well as tracking the performance of the network and video infrastructure in a one centralized tool. Reducing the complexity created by a multi-vendor video environment saves time and money versus maintaining multiple vendorsupplied management systems which don’t provide the necessary integration and data sharing flexibility they expect when monitoring mission critical applications like video.” Network management solutions help administrators protect both the network (and high-priority traffic) from the effects of network congestion. These solutions can be used to route videoconferencing traffic in a balanced way throughout the network, so that no particular network path becomes overburdened. Certain signals can even be prioritized and protected. This can be used, for example, to ensure that video traffic won’t suffer from packet loss when someone else on the network starts a large but low-priority download. www.TelepresenceOptions.com

VideoConferencing Infrastructure Gateways and Gatekeepers Gatekeepers and gateways enable connections between videoconferencing systems and devices on disparate networks. They are often bundled together and can be incorporated into a router, session border controller, MCU or management solution. Gateways: Gateways are network translators. Gateways can, for example, allow videoconferencing devices on ISDN to participate in conferences with devices on an IP network. As videoconferencing continues to shift from ISDN to IP, gateways prevent legacy deployments from becoming isolated islands. Gatekeepers: Gatekeepers are primarily used to create addressing schemes and dialing plans and to bypass the NAT. Endpoints registering to a gatekeeper can be assigned an E.164 dialing addresses. This allows for simplified intra-company calling via telephone-like numbers or e-mail addresses as opposed to IP addresses. Gatekeepers also allow endpoints behind a NAT to receive inbound calls. As described in the section on NAT/Firewall traversal below, videoconferencing endpoints behind an NAT do not have an actual internet IP address and therefore can’t be dialed from external sites. However, in a properly configured environment, external endpoints can dial the gatekeeper’s IP address (with an added extension belonging to an internal endpoint) and the gatekeeper will route the call. Gatekeepers can work in either of two modes. In direct-routed mode the gatekeeper simply assists in initiating a “direct” connection between two endpoints. In gatekeeper-routed mode the signals travel through the gatekeeper itself. When using gatekeeper-routed mode, gatekeepers can offer advanced functionality such as bandwidth management. NAT / Firewall Traversal Network Address Translation (NAT) and firewalls present a common problem for videoconferencing deployments because, in the simplest of terms, they can make videoconferencing difficult. Many people find NAT and firewall discussions confusing, and understandably so. Both NAT and firewalls involve handling traffic between the Internet and private networks, and can be bundled into one device, deployed individually, or as components of other infrastructure elements (i.e. gatekeepers, MCUs, etc.). NAT Devices on private networks do not have “real” internet IP addresses. Instead, each device is assigned a private number (often 10.10.10.X) with a NAT solution acting as a pass-through (translator) between public and private addresses. One real Internet address can be shared by a large number of devices in an NAT environment. All outgoing signals from any device on the network will appear to come from this one address. Returning data is then sent back to that address and the NAT must pass it through to the appropriate machine. This type of setup provides some protection, as the devices on the network are essentially “hidden” from the Internet. Since the Summer 2012

private IP addresses are not known to the Internet, the devices in the network should not receive any inbound traffic unless they first initiate the connection. Keep in mind that although the network may be hidden, malicious packets are not being actively blocked from entering. Therefore, NAT alone does not make a network secure.

Firewall A firewall solution can be hardware- or software-based and often incorporates NAT functionality. Firewalls actively monitor incoming packets, traffic and application data entering a private network and block incoming network transmissions that violate their policies. Many home computer users and office workers are behind firewalls without even realizing it, as hardware routers often have incorporated firewalls and operating systems (i.e. Windows) can include one as well. The Videoconferencing Problem: NAT / firewall solutions present a twofold problem for videoconferencing. In an NAT environment, videoconferencing endpoints literally will not have a number for external callers to dial. Their private IP addresses can only be dialed from within the private network, behind the firewall.

The most commonly used videoconferencing protocols require access to many ports that firewalls generally close and system administrators like to keep closed. Without some way of resolving these issues, enterprise videoconferencing deployments would be isolated communication islands, unable to conduct videoconferences with external clients, partners and associates at remote locations. Getting Through the NAT / Firewall There are a number of methodologies and protocols used to get through, or traverse, the NAT / firewall. While a discussion of IETF (Internet Engineering Task Force) traversal protocols (i.e. STUN, TURN, and ICE), is beyond the scope of this article, a network administrator must be sure to implement a methodology suited to the type of firewall in place and the type of traffic to be allowed. 13

VideoConferencing Infrastructure Many solutions implement a hardware device in the DMZ (Demilitarized Zone), which is outside of the network’s main firewall. This device establishes a trusted connection through the firewall to the videoconferencing environment. All videoconferencing traffic is then tunneled through this connection. The end result is that videoconferencing between the private network and the public Internet is now possible.

The Bottom Line


our network most likely has a NAT and/or firewall. If you want your videoconferencing deployment to be able to communicate with the outside world, you need to ensure that an element of your proposed infrastructure (gatekeeper, management system, etc.) has NAT / firewall traversal capabilities or deploy a stand-alone traversal solution. Recording and Streaming Videoconferencing devices are primarily intended to be used for live, interactive meetings. However, there are obviously a large number of potential business uses for devices with high-definition video cameras. For example, a college wishing to broadcast lectures over the Internet to remote students would naturally prefer to use its existing videoconferencing equipment, rather than purchase additional cameras. Similarly, an organization wanting a video record of an important meeting should be able to simply use the videoconferencing system already in the meeting room. Recording and streaming solutions allow organizations to leverage their existing videoconferencing infrastructure to serve as a homegrown Internet broadcast studio. Potential applications for this technology include: • Remote lectures / classes • Training videos • Sales videos / company announcements • Recording meetings (for legal compliance, etc.) • Broadcasting meetings to a larger audience. Streaming solutions address the capture, management and delivery of video content. Solutions are available in either hardware or software and may be independent capture, management and delivery solutions, or solutions with multiple elements. These features may also be bundled with other infrastructure elements. For example, some MCUs offer capture/ recording functionality. Capture solutions ingest rich media content to be recorded and streamed. They can often encode video/audio signals into formats playable by standard media players (i.e. wma, avi, etc.). Capture devices can store recorded content locally, or forward it to a content management system. In a videoconferencing environment, these solutions should also be able to capture any H.239 data (PowerPoint decks, etc.) shared during videoconferences. Capture solutions can ingest content in a number of ways. For example, some solutions can be “called” from video endpoints. Once the solution answers the call, a connection is established and the solution can then record any video and audio it receives.


Similarly, these solutions can connect to MCUs and “sit in” on multipoint videoconferences, recording all other participants. Management of rich media content includes a number of tasks including the following: • Content organization: Saving content to folders, creating channels of content • Content editing: Titling, captioning, clipping, cropping • Content access control: Allowing specific people, or groups of people, the ability to view and/or upload content • Content tagging: Associating keywords with content items for improved searching capabilities Additional features could include everything from the ability to upload and associate files (such as PDF) with content items to automatic transcription of speech-to-text within content items. In the end, proper management of rich media content results in the creation of a well organized and indexed content library which allows users to easily find and view content of interest. Delivery solutions use a variety of techniques to transmit live or recorded content across the Internet to viewers. Data can be transmitted by unicast or multicast streams. Unicast streaming servers connect directly with, and send an individual data stream to, each viewer. This type of solution is easy to deploy but does not scale well with multiple simultaneous viewers. Multicast streaming servers send out the content once, and it is replicated by “nodes” when necessary as it is passed on to groups of viewers. This is significantly more network-efficient and less burdensome on the host server, but it requires a multicast ready network. Multicast does not allow for video-on-demand as it does not start a new stream for each viewer. Instead, it functions more like a television broadcast. Content delivery networks or content distribution networks (CDN) are systems that cache copies of content in servers near the end users. When a viewer requests a content item, it is streamed from the nearest available node in order to minimize latency. Choosing the correct delivery methodology can depend on multiple factors, such as the type of content to be delivered, the size of the intended audience, and the capture and management systems in use. TPO

About the Author David Maldow is a visual collaboration technologist with extensive expertise in testing, evaluating, and explaining telepresence and other visual collaboration technologies. As a Senior Analyst at the Human Productivity Lab, David supports a wide range of consulting services for end-users looking to create visual collaboration capabilities or improve the ones they already have.


Glowpoint Ad

Your eNDpoiNts are here. Now how are you goiNg to maNage them aLL? Deployments of video conferencing and telepresence are poised to explode — both in size and numbers. Now that you’ve proven the business benefits, how will you handle the success?

ScienceLogic provides a single vendor-agnostic management platform with the visibility you need to police video and call quality.

sciencelogic.com/telepresence Summer 2012

• A global view of your video roll-out. • Real-time events and trending reports to ensure quality of experience across your networks. • Proactive management of service delivery — from endpoints to infrastructure, to the networks and systems they run on.

Get the most out of your telepresence investment. Fast track to launching telepresence and video conferencing managed services. 15

The Cloud, Videoconferencing, and You by David Maldow

The cloud has become an unstoppable force in the videoconferencing industry. Some of the hottest new startups have based their success on pioneering efforts in cloud videoconferencing, while traditional videoconferencing stalwarts are reimagining their product-based portfolios as cloudempowered platforms. If you aren’t currently facing choices regarding cloud related elements of your communications network, you will be soon.



The Cloud, Videoconferencing and You


he cloud and all it entrails is turning the traditional videoconferencing network infrastructure paradigm on its head, inspiring a heated debate in the industry over the future of hardware infrastructure. Some claim the demise of hardware infrastructure is upon us, while others believe hardware will still have a place for years to come. Regardless of how that debate resolves, there can be no doubt that cloudbased solutions will have some place at the table. At the very least, a significant portion of the expected future growth in videoconferencing will have cloud-based elements.

virtualized solution, one may be able to simply increase the number of licenses and server blades to match current demand. Future Proofing Virtualized solutions avoid issues and headaches commonly associated with upgrading and updating hardware appliances. Flexibility Enabling videoconferencing at a new location is more like turning on a service than building, maintaining, patching and constantly upgrading a hardware-based video network infrastructure.

It’s not easy to navigate the sea of marketing blurbs, press releases, demo videos and sales materials to understand the most recent offerings and how they relate to your environment. The industry’s habit of jumping on a trend and using all associated buzzwords in a somewhat loose fashion only increases the confusion. To make sense of the solutions offered in today’s videoconferencing marketplace, you must first parse out some of these key terms and concepts.

cloud computing

hosted services

Hosted videoconferencing services purchase and maintain infrastructure appliances at the provider’s location so that customers don’t need to purchase or maintain it themselves. A common example is hosted bridging. Rather than purchase, maintain, patch, and upgrade an expensive videoconferencing MCU, customers can pay for a hosted bridging service. The service provider purchases and maintains MCUs at its data center (almost always a carrier-grade facility with redundant bandwidth, power and 24 x7 x365 remote hands and support), which are used to host multipoint calls for its clients. These hosted services are often called cloud services, because from the user’s point of view the physical infrastructure is no longer in his office, and is now “in the cloud.” In reality, this is a traditional hardware-based infrastructure, just moved off premise. The hardware may be owned, maintained, and operated by your service provider, rather than your internal IT team, but it is still the same essential platform.


Virtualization occurs when a software application is divorced from its hardware and can be installed on a standard server. For example, a company might sell a physical digital stopwatch, but also sell a virtualized version of that stopwatch’s software that can run on a standard PC. In terms of videoconferencing, a virtualized MCU could be installed on a standard server in an enterprise ops center, eliminating the need for an MCU appliance. Virtualized solutions hold a number of potential advantages: Cost Dedicated hardware can be expensive, while generic PCs, servers, and server blades are getting more powerful and cost effective every year. Scalability Increasing capacity on a $100,000 piece of hardware could potentially require purchasing another $100,000 piece of hardware. To increase capacity on a Summer 2012

Cloud computing services, such as those offered by Amazon, VMware and Rackspace, offer raw computational processing and/or data storage online. Cloud computing services are, in essence, massive racks of standard servers at multiple geographically distributed server farms, configured for online access. Therefore, any program which could be installed on a standard server running in a company’s datacenter can theoretically be installed up on a cloud service. The connection between virtualized software and the cloud computing services is clear. The combination of the two can allow enterprises to support videoconferencing without hardware infrastructure or internal servers running virtualized solutions. The table below provides a simplified view of today’s infrastructure options.

On Premises

Off Premises

Hardware Infrastructure

Software Infrastructure

Traditional enterprise deployment

Internal Servers

MSP Hosted Hardware

a. MSP Hosted Software b. Cloud Computing

There is no “best” methodology for videoconferencing deployments. Certainly, virtualization and the cloud have developed as trends, but all four infrastructure options are still being deployed in the enterprise. In November 2011, Telepresence Options first reported on the pending release of Vidyo’s virtualized VidyoRouter. Vidyo, a pioneer in H.264 Scalable Video Coding (SVC), was the first company to offer a virtualized version of a key piece of video network infrastructure. The company released a virtualized version of their VidyoRouter, an MCU-like capability that routes video streams instead of recomposing them in an MCU, which runs on cloud computing services without the need for a hardware-based video network infrastructure. Vidyo is well known for pioneering the H.264 SVC protocol, which continuously monitors the performance of network quality 17

The Cloud, Videoconferencing and You and the capabilities of each endpoint device and adapts video streams in real time to provide error correction and optimize video communications. By offering the VidyoRouter in a virtualized form, Vidyo now enables customers and/or service providers to support a Vidyo visual collaboration deployment without purchasing physical infrastructure and providing significant scalability without a corresponding investment in MCUs, rack space, power and the other associated costs of current hardware-based infrastructure approaches.

Telepresence solution provider Teliris now offers its Lentaris platform, described as the “world’s first service provider, cloud-based, interoperability platform.” Lentaris notably features TIP interoperability, allowing it to link highend immersive telepresence rooms to standard meeting room systems. Beyond its strong interop, the platform provides full call-management and distribution functionality, making it very well suited for service providers. In theory, the use of Lentaris could significantly reduce the costs associated with creating a new VNOC.

Several videoconferencing providers have been making waves with new hosted services (often referred to as cloud services). LifeSize, Cisco, Polycom, Teliris, Vidtel, Blue Jeans Network, and others have been keeping tech journalists busy with service-related announcements. For the most part, these announcements have involved hosted bridging, not virtualized infrastructure. However, from the customer’s point of view, these “cloud” solutions have freed them from the burden of hardware infrastructure, and are constantly offering new features, interoperability and functionality.  Solutions like Vidtel’s cloud videoconferencing service let companies give employees their own videoconferencing meeting room without the need to invest in infrastructure. Companies sign up with a flat-rate or usage-based model and the service provides each registered employee his or her own virtual video meeting room. The service handles interoperability between standards-based videoconferencing codecs like Cisco, LifeSize, and Polycom as well as consumer and prosumer services like Skype and Google Talk. Blue Jeans Network offers a similar service. LifeSize also released their UVC Platform earlier this year. Positioned as the industry’s first integrated, virtualized software platform for video, it is significantly more than just another virtualized app. The platform includes optional modules for streaming/recording, NAT/firewall traversal, and IP routing/ call control. One clear advantage to this model is that LifeSize will easily be able to add future apps to the platform without requiring customers to purchase new hardware.


Today’s conferencing managers have a number of options when designing a videoconferencing deployment. Eventually, the continued increases in the power and affordability of generic hardware will continue to push out dedicated appliances. But for now, many enterprises with strong internal IT departments are still choosing keep things “in-house” and use traditional hardware infrastructure, or virtualized infrastructure on internal servers. In order to determine the right solution for you, carefully consider a number of factors, including the expected use of the systems as well as overall costs. Remember, not every solution advertised as “cloud” is necessarily a fully scalable virtualized solution. Be sure to look past the marketing and to get a solution that matches the needs and expectations of your users. TPO

About the Author David Maldow is a visual collaboration technologist with extensive expertise in testing, evaluating, and explaining telepresence and other visual collaboration technologies. As a Senior Analyst at the Human Productivity Lab, David supports a wide range of consulting services for end-users looking to create visual collaboration capabilities or improve the ones they already have.


The Largest Identifiable Audience in the World Interested in Telepresence, Videoconferencing, and Visual Collaboration


+1(512) 828-7317



Debate The Case for Building Your Own VNOC vs. The Case for Managed Services Organizations wanting to deploy telepresence and visual collaboration on a large scale have a couple of choices. They can build their own Video Network Operations Center (VNOC), which can be as simple as a single employee managing an MCU and fielding help desk questions or as complex as a 24x7x365 global operation. The other side of the coin is outsourcing VNOC, help desk, reservations and video network infrastructure to a managed service provider. Companies like AT&T, AVI-SPL, Glowpoint, Providea and Teliris, among others, make a business of outsourcing every aspect of managing video operations and provide access to cost-effective shared video network infrastructure, multi-language global help desk resources, and on-demand capabilities like recording, archiving and streaming. Which model is best? It depends on your priorities. Let the debate begin! 20


Artwork is a derivative of original from Rene Magritte, Unknown 2, Copyright Magritte Foundation


Summer 2012


The Great Debate The Case for Building Your Own VNOC By Anonymous


hen do you in-source a Video Network Operation Center and when do you outsource it? Telepresence Options Magazine put the question to a VNOC operator who runs conferencing for a global Fortune 500 firm and manages 500+ multi-screen, multi-codec telepresence systems and traditional videoconferencing systems. He preferred to stay anonymous, but he had a lot to say.

What’s the case for building a VNOC yourself or going to a managed service provider to get the job done? There’s a case to be made for both. It comes down to customer service excellence, volume and scale. How many video connections do you do a day? How many video systems do you have and how much money are you willing to throw at it? You weigh that against customer service excellence and individual business needs and you’ve got your formula. I believe that an internally hosted VNOC has the ability to deliver the most optimal customer experience to meet its business’ needs and culture. Whereas the managed services model, even the “white gloves providers,” has to be built and designed to manage multiple clients and has to scale the customer’s needs against their ability to produce a profit. When you look at volume, if you have five systems and they’re in 15 conferences a day, and that’s all you have, then it makes sense to avoid investing in the infrastructure resources you need to manage that and go to a service provider, white glove/ concierge or a virtual meet-me-cloud. If you have 250 systems and they’re in 1200+ conferences a day, managing this internally is going to take a lot–video infrastructure, network, necessary staff, and physical real-estate investments—but it may justify itself, since a service provider may never be able meet to your internal customer’s specific needs. The other reason companies would take this on themselves is for security. Some firms are simply not comfortable with their sensitive internal business communications transiting equipment that they do not have control over. There is a financial breakeven and gain, especially when you have lots of multiscreen immersive rooms. Those are costly to have run by a managed service provider. The specific breakeven is one that would have to be scoped separately for each enterprise. Money aside, what are the reasons someone would want to bring an operation like this in-house? For me, I would say the number one reason is to drive adoption that improves the overall ROI. Number two is to improve the customer experience. If those aren’t priorities then you might as well buy an “out-of-box solution” and let it do its thing on its own and be moderately successful. But for us it comes down to being able to manage the experience to our internal customers’ exceedingly high standards. Business-to-business needs are another reason why you may want the privacy and security of managing the conversations and interactions internally. The risk of an unwanted leak could cost your company its reputation or have financial implications. Health care, legal and other fields that use video collaboration to manage mergers and acquisitions or other private financial 22

matters may want to consider insourcing. That said, almost every cloud model offers NDAs as part of their solution. What are you specifically doing to drive adoption over what a Managed Service Provider can do? First thing is our video schedule is published to digital signs outside each room before every meeting so end-users know they are in the right place and how long the room is available. If the room isn’t being used then people can see the availability, which improves the ability to hold ad-hoc meetings. When our customers walk in the room the meeting’s ready to go, there’s nothing they have to do. The only thing they really need to know is where the mute button is. Everything else we manage for them. So if it’s a 28-seat multi-camera, multi-screen immersive room or a single screen room with a PTZ camera, the VNOC will selfframe that room. They will zoom in on the person and capture a two-thirds view so that it’s equal proportions to all the other sites. Service providers will not do that part, and if they do they charge you an astronomical fee. So it’s how we work in the support model. We know who the hosts of the meetings are. In every one of our meetings we IM our hosts as they’re sitting down to let them know which operators are assigned to their meeting to ensure they have the best experience possible. A service provider is not going to know that the person running the meeting is the global CFO; participants are just talking heads to them. For us, we take customer service very seriously—it’s the highest thing we focus on. So we’re really looking to see if the host has arrived and IMing him/her: “I’m Bob, your operator today. If you have any problems, you can contact me and I’ll make it right for you.” We manage the customer experience to a finite level. The final thing we focus on is the need for every meeting to start on time without incident. Our customers want to walk into the room, sit down, and focus on their agenda, which is frequently a revenue producing opportunity for the company. The last thing that one of our internal customers wants to do is to walk into the room worried about the technology. That is why the industry has failed for so long and adoption is low overall—failed meetings cause lost productivity, wasted time and hard money. What are the economics of bringing a VNOC in house? It’s got to be scaled on a one-off basis. I’ve got millions of capital invested in building the VNOC for our organization, and that includes bridges, infrastructure, operator equipment and real estate. In addition, I spend about million a year in operating costs to maintain everything and staff it. It’s not cheap, nor is it for the faint of heart. It requires a commitment and dedicated follow-through. Cont’d on page 24 » www.TelepresenceOptions.com

The Great Debate The Case for Managed Service By Telepresence Options Magazine


he other side of the debate is outsourcing videoconferencing operations to a video managed service provider (MSP) that specializes in telepresence, videoconferencing, streaming and other video-centric technologies. Video managed service providers offer access to shared video network infrastructure that splits up the cost over many different customers. Many providers are staffed for 24x7x365 global operations. Let’s take a look at the business case:

Enterprises implement videoconferencing and telepresence because they improve employee productivity while minimizing expenses such as business travel. The big catch is that capital and operating expenses (underestimated or simply overlooked by CIOs and IT managers) frequently undermine all those bottomline benefits. In fact, cost and complexity are two major reasons why so many enterprises—particularly small and mediumsize organizations—have either avoided implementing videoconferencing or minimized it to keep CapEx and OpEx at points they can live with. Some examples: • Although videoconferencing and telepresence systems grow increasingly intuitive and user-friendly, they still often require a lot of employee hand-holding. That means enterprises have to add staff for tasks such as troubleshooting, training and room set-up. • Multi-vendor interoperability remains a challenge, creating additional hardware and support-staff costs. Cutting corners on interoperability backfires because it limits the platform’s ability to communicate and thus undermines its ultimate ROI. • Laptops, desktops, smartphones and tablets are increasingly common endpoints, as is the use of consumer-grade video services such as Skype. Enabling videoconferences with such a wide variety of endpoints and services adds another layer of complexity and cost. There’s also another factor at play: The videoconferencing/ telepresence market has become increasingly competitive over the past few years, a trend that’s shrunk hardware and software margins. As a result, many AV integrators, carriers, and nontraditional service providers are now offering telepresence and videoconferencing as a managed service, which provides better margins, recurring revenue and the kind of long-term customer relationships that lead to upsale opportunities. That trend is good news for enterprises because the competition between these new managed service providers enables them to get all of videoconferencing’s bottom-line benefits without the ROI-busting support costs and other ongoing expenses. There are several reasons so many enterprises and other organizations are going the managed-services route: • Reduced Technology Risk: Telepresence and videoconferencing technologies are constantly changing. In the past decade we’ve seen the emergence of multi-screen, multi-codec telepresence systems, new videoconferencing standards like H.264 SVC, and an explosion of consumer and prosumer video including Skype, ooVoo and Google Talk. Managing this constantly changing landscape is a full-time job … for dozens! Summer 2012

Scott AllendeVaux, SVP of MSP Architecture at telepresence and videoconferencing provider AVI-SPL explains: “Even for large-scale enterprises, the technology risk is substantial, especially trying to manage interoperability between disparate platforms and connecting to hundreds of carrier and enterprise networks for high-quality inter-company telepresence and videoconferencing. We have a staff of dozens of professionals across multiple disciplines immersed in the industry and technology on a full-time basis. I can’t imagine trying to keep up as a side line.” • Predictable Costs: Instead of getting blindsided by the cost of upgrading codecs and hardware to maintain multivendor and multi-standard interoperability, enterprises can have those rolled into their monthly fee. That arrangement provides the kind of total-cost-of-ownership (TCO) predictability that’s been lacking in videoconferencing. Enterprise upfront and startup costs – typically at least $1 million in hardware and software – also become more affordable with managed services. “By going to the cloud, you’re saving on the entire back-end video infrastructure, [such as] the MCUs, the recording servers and the registration servers,” says Anil Balani, Glowpoint senior vice president of technology. “We recently announced a new service offering where you can bundle in the endpoints as part of the service as-well.” • On-Demand Expertise: Managed services provide the kind of hands-on expertise critical for resolving problems quickly – or avoiding them altogether. Instead of training staff to ferret out dead endpoints and anticipate firewall-traversal problems, enterprises can rely on their managed services provider’s experience. And for multinational enterprises, a managed service provider also can offer 24/7 support. • Scalability, Flexibility, and Usability: A managed service provider can help clients quickly and cost-effectively expand their room-based systems to devices such as PCs and tablets. After all, when more employees can use videoconferencing, the investment has a greater ROI. Meanwhile, the managed service provider also has the expertise to ensure the expansion goes smoothly, which is key to ensuring employees actually use what their company has paid for. “What we’ve been seeing is that if they choose a managed service provider, the adoption of video is a lot greater in the enterprise,” Balani says. “It’s all about consistency. When you go into the room, you know it’s going to work. We have a couple of clients that have a dedicated person on staff for each conference to make sure that everything is working properly. That doesn’t scale.” Cont’d on page 25 » 23

The Great Debate Did you get your reservation system off the shelf? We bought it off the shelf and paid the vendor to customize it and it sucks. It’s still the number one pain for me and the industry as a whole. This needs to be a focus area for the suppliers. What do you need to run a basic VNOC five days a week, eight hours a day and 50 weeks a year? Not knowing the exact number of sites or connections, this could differ. I would look at what’s the volume you are currently running and where you think you will grow to. Realistically you could run a basic VNOC with three to five people, if all they do is connect, triage and tear down meetings.

NOC Photo from flickr user Docklandsboy licensed under creative commons … Cont’d from page 22 Is that more or less than an MSP would cost? I would say it’s probably more. How much more? If it was truly full service, we would be looking at each multicamera, multi-codec telepresence rooms costing around $40,000 a year with an MSP. You add on our requirements for white glove service and it would probably be closer to $65,000 a room. We manage all our rooms for around $8,000, regardless of room type and are able to provide truly white glove service for every meeting. What are the economics for small or medium firms. Where’s the break-even on those? Folks with just video-conference endpoints with a smattering of multi-screen, multi-codec systems. They should outsource the whole thing. I don’t think it even makes sense until you have over 100 endpoints. It goes back to adoption, and it goes back to automation. If your rooms are being used 80 percent of the time then that could be a lot of connections and a lot of management. It would still make more sense to outsource. You’d just get more bang for the buck. What kind of gear and personnel are needed for success? There are four levels of staff. You have your operational staff and your engineering staff, which you can break into two groups. For engineering you need an engineer and an architect. You can also leverage a provider’s architect if you want. You definitely want an engineer who knows what he’s doing and can speak knowledgeably to what’s being implemented and how it’s being implemented. From the VNOC operations side, you need three groups of resources. You need customer service agents, the people who manage the phones, the IMs, the emails, the bookings, all that. The next level is you need VNOC producers, the people who set up meetings, tear down meetings, monitor meetings, and constantly look for problems, errors issues, whatever it may be. Then you need the incident management team, the team that’s opening tickets, managing tickets, dispatching vendors and triaging meetings that have incidents. 24

What advice would you give to an organization contemplating bringing VNOC in-house? Don’t do it if you don’t have to. Get an out-of-the-box solution or a managed service provider. The winner’s going to be the one who automates it. That’s your trigger point. When you get into integrating unified communications into your video conferences, that should be when you really start to look at in-sourcing VNOCs. Because there’s not a service provider out there that’s figured out how to integrate Microsoft Lync and IBM Same Time and some of these other environments seamlessly into their meetings. How did you do it? We integrated all of our MCUs directly into our unified communications environment. But I own all the MCUs, I own all the staff and it’s a manual process. What about companies looking to improve their businessto-business communications? They need to focus on reliable interconnections on the network side. The most important thing is figuring out the network piece. Most of the codecs transcode now. There’s not this huge interoperability issue there was a year ago. If you’re going to leverage the Internet to get anything outside your firewall or use a B2B exchange, you’ve got to have reliable inter-connections there. You also need to plan for at least three MBps of bandwidth for each high-definition call/connection to navigate through the firewalls properly. What else do you think is important on this topic? The one thing I would do before even engaging in this territory is to hire a vendor-neutral expert to help make the right decisions for your individual business. They’ll help you evaluate your individual business and figure it out. And they can’t be related to any of the vendors you would be working with, because you don’t want a biased opinion. You want someone that’s a reliable thirdparty looking at how your business works, how you operate, how you connect internally, how you connect externally. Are you driving revenue from this? Are you not? They’ll consider all these people and parts and then take a step back and give you an analysis of what technologies it will take, based on your business model and how you do business today. Have them create a financial model looking at costs and service levels of the various MSPs you are interested in versus the cost of building a VNOC yourself and then make an informed decision. TPO


The Great Debate … Cont’d from page 23 AT&T’s Andy Adams chimes in: “The biggest trend that leverages Cloud/Managed Services is the “personalization” of video – and proliferation of single-codec endpoints and soft clients (desktop and mobile) with the concurrent need to scale “on demand” network and MCU resources to accommodate the transition from Scheduled to “Ad-Hoc” reservation-less meetings. Video is becoming less a replacement for a trip and more as an “enhancement” to and everyday audio/web meeting. Organizations that may have 100 video or Telepresence rooms are looking to scale thousands or more personal users in the next 18-24 months. That puts too much of a burden on dedicated (internal) IT staff to scale (volumes) and geography (global). AT&T sees the break-even point at around 15% utilization – beyond that it’s overwhelmingly in favor of a service providers for Day 2 support. Little or No In-House Staff Required: Videoconferencing has unique requirements – including on the network side – that affect the user experience. Some enterprises learn that the hard way. “They find out after installing it that they don’t have the expertise in house,” Balani says. But there’s a chronic shortage of videoconferencing talent, which means they command premium salaries and benefits. Some enterprises try to save money by sending their IT staff out for videoconferencing training. Outsourcing videoconferencing frees enterprises from the hassle and expense of finding and keeping experts in VNOC operations, network architecture and other must-have roles. Meanwhile, the enterprise’s IT staff can focus on other tasks, instead of additional videoconferencing-related work such as troubleshooting and maintaining video infrastructure such as bridges. ROI-Enhancing Synergies: Managed service providers often have expertise in other AV and IT systems, so they can suggest ways to maximize a videoconferencing system’s ROI that CIOs or IT managers may not identify on their own. For example, at a law firm, a managed service provider might recommend and have experience in integrating videoconferencing and billing systems so that each conference is automatically charged to the right client. Rapid Rollouts: The ideal managed service provider has the geographic reach, partnerships and staff that, together, enable even national and multinational companies to implement videoconferencing throughout their organizations, including remote and home offices. They can enable those rollouts faster and more cost-effectively because they’ve done them hundreds of times, unlike an enterprise IT department that has to feel its way through its first videoconferencing deployment. The faster the rollout, the quicker the investment starts driving bottomline benefits.

AT&T’s Global Network Operations Center their infrastructure is almost maxed out and adding ports and other gear is prohibitively expensive. In those cases, it often makes sense to bring in a managed service provider. The provider can take over operation of the existing infrastructure and give access to the additional hardware and software necessary for growth. “We manage many enterprises’ own infrastructure,” Balani says. “They’re using the cloud as a capital augmentation to their own infrastructure.” Future Functionality: The equipment and services that you buy/ build today are not necessarily those that you will want and need in the future. The MSP community continues to innovate. One example is the growing trend of Virtual Meeting Rooms where individual employees have their own video room dial-in “number” similar to a reservationless conference call bridge where a service providers can scale “on-demand” network and MCU resources under a subscriber model. All the MSPs we interviewed for this article (AT&T, AVI-SPL, Glowpoint, and Teliris are offering or are planning on offering Virtual Meeting Room services. AT&T’s Andy Adams discusses the advantages: “ Customer implementing internal infrastructure and head-end network will forever be playing a “guessing game” of how many MCU resource (and what type) or how much bandwidth is needed to be provisioned for concurrent demand. This is inefficient, costly, and administratively difficult. AT&T’s VMR’s will be somewhat unique because of the ability to integrate with AT&T pervasive global MPLS fabric, third party VPNs, and public network access gateways. This provides the best quality of service and scale across an Enterprise (as well as outside of it). TPO

Cap and Grow: Some enterprises start out by handling videoconferencing entirely in house. Eventually they reach a point where it’s clear they can’t afford to continue that approach. Maybe usage has reached the point that adding support staff dedicated to videoconferencing isn’t financially viable. Or maybe Summer 2012


Internetworking Telepresence and Videoconferencing 26


The power feature for the current generation of collaboration solutions is video. From mobile apps to high-end immersive telepresence rooms, we expect high quality video and we expect our networking solutions (mobile, FTTH, terrestrial, satellite, etc.) to support it. Unlike other types of data that traverse networks (e-mails, web surfing, FTP), low-latency interactive video can be particularly burdensome and demanding on network resources. The relationship between video systems and the networks used to transport the signal can often be complicated and problematic. Your network had better be ready to accommodate the potentially massive traffic created by video in a way that doesn’t compromise existing traffic and allows for quality videoconferencing sessions. Summer 2012




n particular, immersive telepresence requires crystal clear high-definition video to maintain the illusion that participants are in the same physical space. Lost or delayed IP packets and/or packets that arrive out of sequence cause video codecs to seize up and display video artifacts on the screen and/ or clipped sound that can annoy and jolt participants out of the sense of immersion. While most network operators (enterprise and carrier) have the ability to maintain exceptional quality on their own networks, they are more frequently connecting to other networks to enable high-quality inter-company telepresence and videoconferencing with partners, vendors and customers.

QoS network provider MASERGY, to see why so many video managed service providers resold or private-labeled MASERGY’s network connectivity for video applications. “MASERGY has long been recognized as the gold standard for QoS among the world’s most demanding video users,” he said. ”But we are also very focused on adding new value to video applications like our new Business to Broadcast Connect service, our inbound off-net QoS functionality, and our optimized-for- H.264 SVC Limited Class of Service. These will not only preserve the value of our customer’s investments today but build new value for those investments tomorrow.”

In trying to replicate the experience of a face-to-face meeting, poor video quality will always fail the human brain’s perceptual test and the innate expectations that humans have with respect to interpersonal communications. Remote participants exhibiting jerky motion and visible screen artifacts can’t help but create an unnatural experience.

MPLS over Satellite

Here are some options to keep your video looking good and your end-users immersed and happy:

Terrestrial MPLS Networks

Video’s sensitivity to transmission defects is why Quality of Service (QoS) is such a big issue for users and IT organizations. It’s also why telepresence architects and video service providers use dedicated networks that leverage the traffic classification capabilities of Multi-Protocol Label Switching (MPLS). In an overlay MPLS network, video traffic can be segmented from other WAN traffic and/or prioritized over other non-delay sensitive traffic in a converged network scenario. This approach helps minimize packet loss, packet jitter and packet delay. Buying an MPLS service doesn’t guarantee flawless performance because not all MPLS networks are equal. Many network topologies arise from acquisitions or mergers where the operator has inherited network components (core/edge routers, switches) of various ages from various vendors, which can limit performance. We interviewed Chris Carr, director of Video Markets at

The words “satellite” and “MPLS” used to be mutually exclusive, but that is changing. Now it is possible to provide QoS network connections to any location at price points that keep getting closer and closer to terrestrial solutions. Emerging Markets Communications provides MPLS over satellite connectivity to oil rigs, humanitarian outposts, and remote government installations in 140 countries, including shipping, logistics, and on-site support. We asked Tom Luketich, vice president of video services, why so many folks were starting to run their video connections over satellite. “We are providing HD video conferencing and telepresence to places that are physically hard to reach by any other means, including conventional telecommunications,” he says. “We cross borders, war zones and political boundaries while preserving the high quality that is required by many of today’s video devices. EMC’s HD Connect is delivered as service and the ROI is often less than a single business trip.” A dish as small as 2.4 meters can provide up to 45MBps of MPLS connectivity to a remote location and can be up and operational immediately versus the time required to trench and pull fiber or copper to a site.

The Internet

In recent years, several developments have acted together to drastically improve the availability of business quality videoconferencing over the public Internet. For smaller

TIPS for Evaluating Terrestrial Network Providers


uilding a world class telepresence/HD videoconferencing capability is a lot like building a house; both must begin with a solid foundation. In the world of telepresence/HD videoconferencing, the network is the foundation on which the success of everything else depends. IT organizations should select a network based on two broad sets of criteria: • Service Level Agreements on QoS What is the guarantee around packet delivery and jitter? • Due Diligence— alk to real world customers and consultants who evaluate network performance • Enhanced Capabilities—Look for feature sets that expand the value of the application as a whole such as: • Internet-enabled QoS capabilities Does the operator have a strategy for improving off-net Internet traffic,


such as peering with multiple Tier One carriers at the POP? • Telepresence and Videoconferencing Exchange Capabilities Can the provider connect to exchange providers that maintain QoS between disparate networks, handle IP address conflicts, provide directory and other services that facilitate intercompany connections with partners, vendors, and customers? • Broadcast Media Gateways—The ability to connect to network media hubs like the Azzurro Meet-MePoint, which take HD video calls from telepresence and videoconferencing endpoints and connect them directly to the networks for broadcast quality executive interviews or other live in-house video content.


Summer 2012


Internetworking companies looking to dip their feet in the video waters without major network investments, a solution that works over the public Internet could be just the ticket. The following two factors in particular have dramatically changed the videoconferencing playing field. • Better Internet Network providers have more and better peering points while the typical broadband connections offer more bandwidth up and down at better prices than were available just a few years ago. • Better Video Codecs and Error Correction Video vendors have developed advanced codecs such as H.264 SVC and error correction technologies, which improve the quality of video sent over best-effort, lossy networks like the Internet.

method for visual collaboration with telepresence and video conferencing users in another company, on another network or serviced by another Video Managed Service Provider.

In particular, the H.264 SVC codec has shaken up the industry by proving that business class videoconferencing over the public Internet is possible and affordable.

Cellular, 4G, and LTE

Today’s mobile networks offer higher upload and download speeds than ever before. 4G LTE (the fourth generation of mobile network standards) is over 10 times faster than 3G. Root Metrics conducted a test comparing AT&T and Verizon download speeds in 15 different markets during Q1 of 2012 and found they were averaging 13.1 and 14.1 respectively and 6.0 and 7.4 Mbps for uploads. With this kind of bandwidth available on mobile devices, users will be expecting and using video-enabled apps. They will also expect these apps to work inter- and intracompany, inside and outside the firewall, anytime and anywhere. Smart organizations will support these workers with a proper inter-networking plan.

Inter-Company Visual Collaboration and Telepresence and Videoconferencing Exchange Providers

Ensuring that your data network is ready for video is only half the battle. Often people on disparate networks will wish to share video. Navigation between networks isn’t trivial. In the next section we will explain the challenges that must be overcome when creating an internetworking strategy for video. Telepresence and videoconferencing exchanges are the physical place where users on one enterprise and/or carrier telepresence and video conferencing network service can connect securely and reliably with users on one or more other telepresence and video conferencing networks. An exchange typically offers enterprise users a convenient, secure and high performance 30

Exchange providers connect together disparate networks while maintaining QoS so that video traffic can flow without compromising video quality. Many Exchange Providers provide additional services that simplify and facilitate inter-company telepresence and video sessions between partners, including the following: • directory services that schedule resources in other organizations • security services that implement policies to protect the networks and organizations that connect at the exchanges • diagnostic tools that can identity where problems arise across disparate networks and video network infrastructure elements.

Typical Inter-Company Visual Collaboration Challenges

Inter-company telepresence and video conferencing services need to overcome the following challenges and operational hurdles in order to provide a competitive offering for today’s visual collaborators: a. Network Traffic Classification If two companies, with two different MPLS carriers and two different Video Managed Service Providers try to interconnect for a telepresence session, the six companies will be faced with reconciling their disparate network traffic classification practices. However, as onerous as that sounds, many times the probability of congestion is low and the need for extensive concern is overblown if the network is fast, isolated from other applications or the telepresence/video environment isn’t utilized much. b. Addressing Some solutions, such as the Cisco TelePresence System, requires the assignment of E.164 addresses to telepresence suites so that the Cisco Unified Communications Manager IP PBX can perform the session signaling, authorization and policy treatment of suite-to-suite sessions. Other solutions are IP-only and assume E.164-defined suites as ISDN-attached calls. Session border control appliances www.TelepresenceOptions.com

Still tied down by your video conferencing system?

Vidyo gives you the freedom to connect and collaborate with everyone, using everyday devices, wherever the Internet reaches. With Vidyo, a captive audience is defined by high quality collaboration, not the hassle and high cost of old-school technology and dedicated networks. Our breakthrough software-based platform connects mobile, desktop and room systems together for telepresence quality meetings over everyday IP networks. All this at just 10% of the cost of other solutions. Vidyo gives you the ability to scale up when the time is right, and customize video conferencing to your business needs. If you’d like to spend less time managing technology and more time growing your business, bring your video conferencing needs to Vidyo. Find out why more companies are choosing Vidyo every day, at www.vidyo.com.

Internetworking are appropriate for allowing public IP addresses and private IP addresses and SIP URI-defined to participate freely. Many Cisco users have learned to configure their IP PBXs to correctly process SIP or H.323 session requests involving TelePresence suites. c. Security Session security is a concern whenever senior corporate officers from multiple companies gather and when all communications occur over networks, which is what happens in many inter-company telepresence sessions. Inter-company telepresence and video conferencing security needs to assure privacy of communication and control access. Well-known high performance encryption/decryption implementations can assure privacy, and so can leveraging SBC infrastructure that prevents unintended traffic flows through firewalls but allows properly conforming SIP and H.323 session flows to pass cleanly. d. Directory, Reservation, and Resource Scheduling Directories provide a discovery service where users and administrators discover which partners have a telepresence or visual collaboration environment/endpoint, where that capability is located, and can also reserve a session at some future time or initiate a session immediately. However, because of the topics discussed and the high levels of executives involved in many telepresence sessions, most user organizations have different levels of visibility and permission for different facilities. Some have implemented an automated reservation application that coordinates session resources—suites, catering, network operations—which often runs on independent platforms such as Microsoft Outlook, Lotus Notes, Cisco TMS or myVRM.com. Managed Service Providers want to provide information that would simplify inter-company calls with their customers, but many are leery

about releasing the contact details of the person responsible for telepresence and video conferencing services, fearing that information would help their competitors. Some providers offer directory and meet-me services including both webbased scheduling tools and a special concierge service that interacts with the technical and facilities resources in multiple organizations to get a technically challenging conference session scheduled which may include time for testing and troubleshooting if experience with the equipment and service providers involved is particularly low. e. Video Network Infrastructure Scheduling a call on the frontend between two or more organizations can create a resource problem on the back end. Whose video network infrastructure will be used? If the call requires a usage-based service like an ISDN dial-out, who pays? Some exchange providers require the customer to own the MCU or telepresence switch, and some providers include access to MCUs or telepresence switches as part of their service offerings. f. Multi-network Diagnostics and SLA Enforcement If a call between two networks experiences packet-loss, an access circuit generates bit-errors, and or an intermediary device is out-of-service, how do you know which provider to blame? How do you enforce SLAs for quality across multiple providers’ networks? Some exchange providers provide tools that give an end-to-end view of session quality to identify problem responsibility. Despite these challenges, many managed service providers are designing, reselling and implementing exchange services to facilitate the next wave of growth in telepresence and video conferencing. TPO

Internetworking Glossary H.264 SVC A videoconferencing protocol that continuously monitors the performance of network quality and the capabilities of each endpoint device, adapting video streams in real time to provide error correction and optimize video communications. The SVC stream contains substreams, or layers, which results in better performance over best-effort networks like the Internet. When the video stream runs into congestion, the codec can drop one or more “layers,” which might scale back resolution or frame rate but will otherwise maintain fluid video. H.265 High Efficiency Video Coding (HEVC) is the long awaited successor to H.264. Still under development, it is expected to increase coding efficiency, use less bandwidth and provide higher quality video (up to 4320p resolution). It is scheduled to be ratified as a standard in early 2013.


Jitter A term for when packets arrive out of sequence, which occurs when the latency of a network fluctuates. If a network has a constant latency, videoconferencing systems receive a steady stream of packets. If the latency varies, it is as if the system constantly gets randomsized bursts of packets, which must be smoothly processed to create a quality video experience.

reliability and increased performance. Packets are given labels that allow intermediary routers to prioritize certain classes of traffic (voice and video for instance) over other classes of traffic for applications which are more tolerant of delays such as FTP or web browsing. POP Point of Presence is where a T1/ T3/E1/E3/Gigabit Ethernet connections connects to a carrier’s network

FEC A method of sending redundant data (or backup data) as part of a videoconferencing stream to accommodate for lossy networks. The redundant data is used to reconstruct any missing or garbled segments of the primary stream. MPLS Multiprotocol Label Switching is a method of directing data intelligently through a network, resulting in better



Global Network Solutions Optimized for All Forms of Video......

Immersive Telepresence

High Definition

Scalable Video Coding Based Systems

Desktop/PC Masergyâ&#x20AC;&#x2122;s Commitment to Exceptional Customer Satisfaction is Backed by Unmatched Global SLAs Including: 100% Packet Delivery 100% in Sequence <1ms Maximum Jitter Sub One Second Network Recovery (Fast re-route) Easy Migration of Data and Voice to the Same Network

www.masergy.com Summer 2012

1-(866) MASERGY (627-3749)





Security Summer 2012


Videoconferencing Security


ecurity is a primary concern for any aspect of a modern IP-based data or communications network. After all, computer networks are generally connected in one way or another to the public Internet, which has no shortage of unsavory characters. We usually think of Internet security in terms of preventing unauthorized access to internal computers and files, but the basic principles of security can also be used to secure videoconferencing endpoints and infrastructure from unwelcome access. In fact, some argue that videoconferencing security is especially critical due to the power of video. It’s not hard to imagine the impact of a sensitive video meeting leaking out into the wild and appearing on YouTube or in a court of law.

The importance of video security and the vulnerability of conferencing services has also been highlighted in a recent New York Times story on security firm Rapid7’s “war dialing” videoconferencing end-points with auto-answer left on. In another recent high-profile example of a conferencing security breach, affiliates of the Internet hacker group Anonymous released an illicitly recorded audio call between the FBI and Scotland Yard. What made the call particularly embarrassing was that it concerned international investigations of Anonymous itself. The call was recorded by a 19-year-old Irish student named Donncha O’Cearrbhail (a.k.a. palladium), who was associated Anonymous and related hacker groups LulzSec and AntiSec. O’Cearrbhail hacked an Irish police officer’s Gmail account to obtain the dial-in number and passcode for the conference call. A series of human errors, rather than a failure in the conferencing technology itself, caused this breach. The call signal wasn’t tapped, decoded or hacked. O’Cearrbhail simply called into the meeting as if he was an invited guest and stayed mute while he recorded the call. The first error was made by the police officer who emailed the dial-in information from his secure police e-mail to his personal Gmail account, which defeated the purpose of having a secure email address in the first place. It is unclear how the Gmail account was compromised; it could have simply been a weak password. The second human error was the failure to monitor the conference. Most audio conferencing services have a web UI that allows a call host to see a list of conference attendees. Checking this list would have revealed an extra person on the call. Pulling off this exploit in a video meeting would generally have been more difficult, since many multipoint video meetings use a layout that displays all call participants on the screen. Even if a hacker muted his video, the other parties on the call would see some indication (a blacked out frame, etc.) of another party in the call. Stories like these have raised valid concerns about conferencing security in the minds of our readers, the perfect opportunity to for a primer in videoconferencing security.

Videoconferencing’s Inherent Security


n order to understand possible vulnerabilities, it helps to first understand the existing layers of security in today’s videoconferencing technology. Videoconferencing solutions typically use the 128-bit AES encryption security protocol to secure videoconferencing traffic as it traverses the public 36

Internet. It’s advisable to use AES encryption even when calling within a private network to secure the video traffic even if the network itself is compromised. In the simplest of terms, the videoconferencing system applies the AES algorithm to its outgoing data signal (AES works with H.323, SIP and ISDN), transforming it into ciphertext that can safely traverse the Internet to the other system in the call. Then it can be decoded back into usable video and audio. The encryption process itself is a four-round scrambling operation that efficiently creates a completely scrambled signal without adding significant latency. While leading cryptographers have designed theoretical “cracks” of AES , even the most advanced crack publicly known (published in 2011 by Andrey Bogdanov, Dmitry Khovratovich and Christian Rechberger) would take a billion computers over a billion years to process. There is no practical method for a typical hacker to break AES security, tap into your videoconferencing traffic as it traverses the public Internet and decode the signal into watchable video.

Videoconferencing’s Security Vulnerabilities


video meeting suffers from the same basic vulnerability as physical meetings: uninvited eyes and ears. A spy could potentially sneak into a video meeting through the bridge connecting participants and virtually “hide” (mute his video and audio) just as he could sneak into an actual meeting room and hide under a table. Videoconferencing security is basically the virtual equivalent of making sure there are no spies under the table, behind the curtains, in the air vents, or sitting at the table disguised as your CEO.

The Information Office of the U.S. Dept of Interior describes the general problem of IT security as follows: “People using computers and the professionals maintaining networks and systems are the source of the problem, which means that training all employees is an essential step in managing an IT security program. Users who are not trained to detect phishing and pharming attacks or spyware can open dangerous backdoors to hackers.” Here are examples of general security vulnerabilities for videoconferencing-enabled environments. Social Engineering This is a security breach obtained by manipulating people rather than computers. The victim of a social engineering hack voluntarily gives up the secure information as a result of fraud. A typical social engineering tactic is the e-mail phishing scam. A scammer could send an e-mail that appears to come from a company’s managed service provider, asking to verify information regarding video system IP addresses or user account information. A customer could innocently reply to this e-mail and potentially give some level of access to an outsider. Anyone with access to secure videoconferencing environments should be on the lookout for this type of scam.


Videoconferencing Security Corporate Espionage It should be fair to assume that any organization with security concerns already has a corporate espionage program in place. However, this program may need to be updated to account for any possible videoconferencing-specific vulnerabilities. Access to recorded video meetings should be subject to the same stringent security checks as those to restricted physical documents and files. It might even be appropriate to limit remote access for video equipment to people with physical access to those rooms. If a security breach occurs, consider the conferencing implications. For example, if a board member loses his iPad, all of his conferencing-related accounts should be disabled to prevent an imposter from calling his contacts. Vendor Vulnerabilities Videoconferencing vendors can install “back doors” in their systems to spy on clients for their own enrichment or on the orders of their sovereign governments in the name of national security. In a 2006 issue of MIT’s Technology Review, Google Director of Research Peter Norvig discussed a Google program that uses the embedded microphone in personal computers to hear sounds in a room. He said the program would help the company tailor ads— if Google hears a dog barking, it might display an ad for dog food. Regardless of the stated goals, the program highlights the potential for vendors to abuse their access to trusted microphones and video cameras.

Sovereign Government Spying Recent stories of network carriers turning over Internet traffic to the government have left some people concerned about the security of any devices connected to networks. The issue was brought to the Virtual Lie Detector forefront in 2006 when AT&T technician Mark Klein revealed to the Electronic Frontier Foundation and Wired magazine that the company was splitting off their core backbone fiber optic cables to a secret room in their San Francisco data center (Room 641A/ Study Group 3 Secure Room) where the National Security Agency took the feed and illegally and unconstitutionally wiretapped all telecommunications flowing across the wire. This isn’t simply the stuff of conspiracy theories. Wired titled a recent interview of CIA Director David Petraeus, “CIA Chief: We’ll Spy on You Through Your Dishwasher.” As Wired explains: All those new online devices are a treasure trove of data if you’re a “person of interest” to the spy community. Once upon a time, spies had to place a bug in your chandelier to hear your conversation.

What are the Vendors doing for videoconferencing security? LifeSize Communications


All LifeSize solutions ship with auto-answer disabled by default. This is true for our conferencing room endpoints, as well as our cloud-based platform, LifeSize Connections. Additionally, all LifeSize endpoints and Lifesize Connections prompt users to change their passwords at set-up. Encryption comes standard with every LifeSize video endpoint and cloud offering available. For organizations that want to manage their own infrastructure, we offer a client-server NAT/firewall traversal solution called LifeSize Transit which enables IT administrators to take control of their own endpoints and deploy them securely behind firewalls. For LifeSize Connections, the platform facilitates secure calling behind the firewall automatically, which is especially beneficial for companies without extensive IT resources. LifeSize Connections does not have a public directory, so you will only be able to contact users if you have their credentials or they are within your company’s private directory. David Morrison, Senior Product Manager, LifeSize

Polycom uses industry-standard Advanced Encryption Standard (AES) encryption to protect the privacy of videoconference calls. This is the same standard that is used by banks to protect financial transfers, is backed by the National Institute of Standards and Technology (NIST), and specified for use in the U.S. Government.  Polycom uses only encryption modules that are FIPS-140 certified for use by U. S. Federal Government agencies. Polycom products implement media and signaling encryption and authentication encryption via industry standards, either ITU H.323/H.235 or IETF SIP. Ted Doty, Security Product Manager, Polycom

Summer 2012

Vidyo Vidyo uses SSL, the same technology used by online banking, to safe guard login credentials via encrypted HTTPS channel with certificate exchange; SRTP and AES-128 bit encryption with a unique set of encryption keys for each leg of the call for maximum protection of the conference media; and encrypted signaling between network components using TLS with certificate exchange. In addition to the built-in security technologies, Vidyo users have in-call tools such as virtual room locking and PIN code protection to limit access to conferences even by credentialed users. Additionally, endpoints do not have auto-answer enabled by default like some competitive endpoints, avoiding the issue of malicious voyeurism completely. The net result is highly secured communication through every component and aspect of the system, whether running on the private corporate network or over the public Internet. – Mark Noble, Senior Director Product Marketing, Vidyo


Videoconferencing Security With the rise of the “smart home,” you’d be sending tagged, geolocated data that a spy agency can intercept in real time when you use the lighting app on your phone to adjust your living room’s ambiance.

convincingly mimicking particular voices by reconstructing their individual nuances and intonations from pre-recordings since at least 2001, even spinning off a company called Natural Voices to commercialize the technology.

If the CIA is listening to my lighting app and dishwasher, who’s to say it isn’t looking through my webcam? The bottom line is there really isn’t anything a typical IT person can do to take on the CIA. However, we can be aware of the fact that today’s technology has significantly changed our understanding of business security and act accordingly. Even if Big Brother can hack into your video camera, he can’t see through a lens cap.

Deception Detection Computer Vision is the science of computers understanding and processing video. This technology has existed for quite some time, used in such common applications as inspecting auto parts on a production line. Today’s computer vision could be used in a videoconferencing setting to detect the cues of deception. When lying, some people blink, but most look “up and to the left” when visually constructing information instead of “up and to the right” when visually remembering information. Many people also express “micro-expressions” that betray inner thoughts. Is it any wonder why so many professional poker players wear sunglasses during games? What if you could program a computer to watch a video call with you and display a visual warning on the screen anytime a remote participant exhibited deception? Imagine the advantage this would provide in business negotiations. (“Is this the absolute best price that you can provide?”) or in job interviews (“Do you have any other offers on the table?”) Of course, this technology has a tremendous potential for abuse as well.

Future Security Threats


hile most IP video security specialists are focused on the threats of today, the speed of computer processing, the rise of artificial intelligence, the capabilities of machine vision, and the desirability of anonymity are leading to potential issues just now coming into focus.

Actress Zoe Saldana wears a facial motion capture mask on the set of the 2009 film Avatar.

Verifiable Identity and Computer Generated Avatars In a world of artificial intelligence, photorealistic computergenerated graphics and super computing, how do you know if you’re actually talking to the real person whose visage appears on the screen in front of you? What if the image on the screen was computer generated? In artificial intelligence, Turing Test refers to a set of questions that allow a person to determine whether he or she is talking to another person or a computer. As of this writing, no computer has been able to successfully fool a sophisticated human interrogator. Futurist Ray Kurzweil estimates that an artificially intelligent computer will be able to pass a Turing test by 2029. However, you don’t need a completely cognizant computer to recreate passable counterfeits. For almost a decade, Hollywood has been using a combination of motion capture and computer-generated graphics to create virtual visages that mimic the nuances of facial features and human communications. What’s to keep a determined party from developing a system that creates a map of a person’s face, digitizes it and then layers that facial map over another person’s face in real time, creating a photorealistic virtual puppet mask for video calls? You eliminate the need for an artificially intelligent computer by substituting the super computer of the virtual puppeteer’s human brain, able to answer questions in real time. The ability for computers to mimic voices has been around for over a decade as well—AT&T Laboratories has been 38

Anonymity This attribute could be considered a benefit as much as a potential threat. Public Key Cryptography allows a message to be encrypted using a dual-key system that includes a public key published to the world and a private key known only to the user. The longer the length of each key, the harder the message is to crack. Many governments around the world classify long encryption key systems as munitions, making them illegal for export. In onion routing, a technique for anonymous communication over networks, message traffic is repeatedly encrypted and then sent through multiple network nodes, the onion routers. Like someone unpeeling an onion, each onion router removes a layer of encryption to uncover routing instructions and sends the message to the next router to repeat the process. These steps prevent these intermediary nodes from learning the origin, destination and content of the message. Put the two technologies together with the identity-spoofing techniques we’ve already covered and you have the ability to communicate anonymously. Anonymous users can escape taxation, work on human rights issues in authoritarian countries, and on and on. These are but a few of the potential issues that the video security specialist of the future will need to address, a future so bright you have to wear photorealistic virtual puppet shades.



he public Internet can be a rough neighborhood, and security-minded IT professionals have long demanded that all IP devices live inside the firewall. Since a videoconferencing endpoint is just another IP device, if you choose to deploy it outside of the firewall it will be open to accepting calls, and some of them may not be from friendly callers. TPO


Videoconferencing Security Securing Your Video Environment This January the Wall Street Journal published a detailed story of security firm Rapid 7’s successful penetration of multiple videoconferencing systems including high-profile boardrooms. Telepresence Options did the most sophisticated and comprehensive analysis of the exploit, which resulted in a detailed response from Rapid7 Chief Security Officer HD Moore. Here are David’s suggestions on hardening your boardroom. While professional security assessments are available for truly sensitive environments, the rest of us can get by with a few basic security measures. Whether you are an end-user or a managed service provider, here are a few simple tasks to beef up VC security. Firewalls Like any IP device, videoconferencing systems should be behind a firewall. While that can make outside calling trickier, it is manageable. If you have an extremely small deployment (one system) and insist on staying outside the firewall, just be aware that your system can be called by anyone on the Internet. Meet-Me Rooms A videoconferencing network can be configured to direct all incoming calls to a meet-me room in a video bridge, which is configured to use continuous presence layouts (all participants shown on the screen). Rather than dialing into a physical boardroom, the hackers would dial into a videoconference, where their presence would be very apparent. Auto Answer This feature is a point of contentious debate within the industry, some people arguing that systems should not be sold with it enabled by default. Users and admins should be aware of the implications of this feature and make sure that it isn’t used in a way that may compromise security. Camera Presets and Far End Camera Control Cameras can be set to focus on a painting or even an empty wall when calls are initiated. This ensures that innocent, or not so innocent “wrong numbers” will not see anything potentially compromising. Far-end camera control should be disabled to these wrong numbers from peeking around at your meeting room. Physical Lens Covers Many videoconferencing systems come with some sort of lens cap. Pop it on when the system isn’t in use.

Microphone Mute Unfortunately, the industry has not standardized microphone mute indicators. Educate your users and enforce a policy of leaving mics in a muted stated when not in use. Admins should consider configuring endpoints to answer with audio muted. Directory Protection Do not publish your directories. If you do publish any numbers (for example, to take part in a B2B exchange) be aware of how they are being distributed and who can access them. If possible, publish your meet-me bridge number rather than the direct numbers to your endpoints. Passwords VC systems can be password protected, preventing non-authorized users from browsing your directories or causing other mischief. Vulnerability Assessment If you are really security minded, you should undergo a professional vulnerability assessment every 90 days. Non Use While researching this story, Human Productivity Lab President and Telepresence Options publisher Howard Lichtman related that one of Human Productivity Lab’s consulting clients, a Fortune 100 energy company, has a policy about what types of issues can be discussed over telepresence and videoconferencing systems. The company ranks the sensitivity of various topics and refuses to allow the most sensitive issues to be discussed over video or telephony.

About the Authors Howard Lichtman is the President

David Maldow is a visual collaboration

of the Human Productivity Lab, a

technologist and analyst with the Human

telepresence consultancy and research

Productivity Lab and an associate

firm that helps organizations design

editor at Telepresence Options. David

telepresence and visual collaboration

has extensive expertise in testing,

strategies and deploy and future-proof

evaluating, and explaining telepresence

investments. He is also the publisher

and other visual collaboration

of Telepresence Options, the Editor

technologies. David is focused on

of the monthly Telepresence Options

providing third-party independent testing

Telegraph and the bi-annual Telepresence

of telepresence and visual collaboration

Options Magazine, the world’s most

endpoints and infrastructure and

widely read publication covering

helps end users better secure their

telepresence technologies.

telepresence, videoconferencing, and visual collaboration environments.

Summer 2012


telepresence and videoconferencing CATALOG

Research Brief

Highly Immersive Telepresence: The Keys to Creating Immersion Organizations are spending hundreds of thousands of dollars per room for highly immersive telepresence conferencing environments. What are the keys to creating highly immersive telepresence environments? What is the ROI for end-users? What is the future of highly immersive conferencing? This new Research Brief by Human Productivity Lab President Howard Lichtman examines what makes highly immersive telepresence environments “highly immersive” and gives a sneak peak at the first new highly immersive telepresence environment to come to market in years: SurroundPresence. The new environment features a new patent pending optics and image processing system called Equal-i that brings remote participants “up close and personal.” http://www.telepresencecatalog.com/highly-immersivetelepresence-the-keys-to-creating-immersion/



telepresence and videoconferencing CATALOG


www.vidyo.com/products/ vidyopanorama

Scan with your smartphone for more information

Summer 2012

VidyoPanorama VidyoPanorama™ is the industry’s first affordable telepresence solution that can display up to 9 screens of 1080p at 60fps resolution — at just 10% of the cost of other telepresence solutions. VidyoPanorama eliminates the need for custom-built rooms, proprietary hardware stacks and expensive QoS networks, and transforms any conference room into a dynamic hub of video collaboration. With the flexibility to use off-the-shelf hardware and connect with a full complement of form factors, VidyoPanorama can reduce up-front investment by 90% while reducing operating costs by working over low-cost and pervasive Internet and general-purpose networks.


telepresence and videoconferencing CATALOG

Teliris StartPoint Teliris StartPoint is a lightweight video solution that delivers immersive video communication through virtually any HD display. Combining industry-leading quality and competitive affordability in an easy-todeploy appliance, Teliris StartPoint is engineered to support enterprise-wide connectivity by extending an existing video estate or forming the backbone of an entirely new one.

• Connects to almost any HDMI or DVI-I display • Self-start and meet-me room capabilities to easily launch ad-hoc meetings • Built-in multipoint for ten-way HD video • Runs over general purpose networks and the internet • Built for management over Lentaris to ensure optimal experience and reliability



Scan with your smartphone for more information



www.vidyo.com/products/ vidyorouter


Scan with your smartphone for more information

VidyoRouter™ provides a modern, software-based infrastructure for video conferencing that delivers quality, reach and cost savings. This essential component makes Vidyo™Conferencing the only collaboration platform to deliver a consistent telepresence experience to everyone, over everyday broadband networks. Unlike legacy systems that rely on expensive Multipoint Control Units (MCUs) for centralized bridging and transcoding, VidyoRouter performs transcoding-free packet switching using our patented Adaptive Video Layering™ technology, and dynamically optimizes video streams to the capabilities of each individual endpoint and network conditions. This smarter infrastructure improves the overall video conferencing experience while dramatically reducing the cost of ownership to just pennies per minute. VidyoRouter Virtual Edition (VE) runs on cloud computing services. It is the only solution to virtualize the media plane, while other solutions only virtualize the signaling components or emulators of their MCU-based systems. VidyoRouter VE provides massive scalability, on demand, with low latency and high call density per virtual processing resource. Along with ease of deployment, VidyoRouter VE offers dramatic cost-savings as you grow.


telepresence and videoconferencing CATALOG

Providea Managed Services Providea Conferencing is a leading global provider of visual collaboration and telepresence technology solutions. End-to-end expertise encompasses video endpoints, infrastructure, multimedia, UC Integration and a strong portfolio of network and managed service offerings — providing flexible solutions that fit the unique communications needs of our customers. Representing the top manufacturers and network carriers in the industry, including Cisco, Polycom, LifeSize, AT&T and Masergy, we are uniquely positioned in the video conferencing and telepresence marketplace as a true single-vendor solution provider. With Providea Managed Video Solutions (MVS), we oversee our customers’ video conferencing environment in whole or in part, so they can concentrate on their core business. Solutions are customized to our clients and can include concierge services, scheduling bridge connections, launching calls, monitoring video connections and infrastructure equipment.

Providea Managed Services www.provideallc.com

Scan with your smartphone for more information

Providea Universal Connectivity Providea Conferencing is a leading global provider of visual collaboration and telepresence technology solutions. End-to-end expertise encompasses video endpoints, infrastructure, multimedia, UC Integration and a strong portfolio of network and managed service offerings — providing flexible solutions that fit the unique communications needs of our customers. Representing the top manufacturers and network carriers in the industry, including Cisco, Polycom, LifeSize, AT&T and Masergy, we are uniquely positioned in the video conferencing and telepresence marketplace as a true single-vendor solution provider. Sitting at the heart of the telepresence and video conferencing experience is the connection that brings together all the parties seamlessly. How well your provider manages this challenging and multifaceted process determines the quality of your connection. Providea’s Universal Connectivity manages access across multiple carrier networks, reduces the need for big network pipes, maintains network security and reduces the need for ISDN and public IP access.

Summer 2012

Providea Universal Connectivity www.provideallc.com

Scan with your smartphone for more information


telepresence and videoconferencing CATALOG

Clear View Innovations Portable Video Backdrop

Clear View Innovations www.clearviewinnovations.com

Scan with your smartphone for more information

Clear View Innovations (CVI) mission is in its name, Clear View. CVIs innovative line of fixed and portable backdrops provide the background to keep the focus on you, the foreground. The backdrops work in tandem with your video equipment to ensure a superb picture quality, impactful message and imageconsistency, regardless of location and condition of the space. Businesses no longer confine their video communications to the office. Video conferencing has spread to field locations, the home office and hotel rooms. You are mobile and the technology is portable; however, the proper setting and image you want to convey are not always at your back. The CVI Portable Backdrops “have your back” by providing the background.

ScienceLogic Telepresence and Videoconferencing Management ScienceLogic provides a single, centralized platform for monitoring and managing the heterogeneous components that make up video conferencing and telepresence solutions – from simple deployments to multi-tenant VNOCs. Using one solution, your engineers will be able to monitor and track performance and availability of video and telepresence instructure and call quality. Real-time fault management, visibility, and reporting ensure that you meet all your KPIs and SLAs, and your users enjoy seamless, uninterrupted video conferencing.

ScienceLogic www.sciencelogic.com/product/ technologies/video-conferencingand-telepresence



telepresence and videoconferencing CATALOG

LifeSize Unity Series The LifeSize(R) Unity™ Series is an all-in-one video conferencing solution combining telepresence-class video, audio and presentation capabilities at a price point that’s within reach. Traditionally, telepresence solutions require various components for optimal functionality, including a video system, mounted display, audio device (such as a micpod or phone), and camera as well as furniture and coordinating room makeovers for uniformity in each office. The LifeSize Unity Series removes the complexity from this model by offering an integrated solution that takes only minutes to assemble without the use of tools and without sacrificing quality. This new product line boasts best-in-class video, audio and presentation capabilities elegantly designed and powered by superior LifeSize video technology as its engine. Easy to deploy or redeploy anywhere, the Unity Series provides global uniformity for a consistent user experience across sites.

LifeSize www.lifesize.com/Products/ Integrated_Video_Systems/LifeSize_Unity/Summary.aspx

LifeSize UVC Video Center LifeSize(R) UVC Video Center™ is the most powerful one-button HD streaming, recording and auto-publishing solution on the market today. This single solution ensures that live and on-demand videos are easily accessible from any location and by hundreds, even thousands, of viewers. LifeSize UVC Video Center, now available on the LifeSize(R) UVC Platform™, supports an unrivaled number of concurrent recordings, on-demand streams and simultaneous live streams, all in 720p30 HD video. With the simple push of a button, you can record and broadcast executive updates, business presentations, sales meetings and training sessions as well as share data, charts and images.

LifeSize www.lifesize.com/Products/Integrated_Video_Systems/LifeSize_Unity/Summary.aspx

Summer 2012


Caméléon Telepresence Solution

The Evolution of Modern, Multimedia Communications What should you expect from a cutting-edge Telepresence solution? Introducing Caméléon Telepresence by AVI-SPL -- a first-of-its-kind communication system that goes beyond the single-functionality conference room. With ease, you can install Caméléon Telepresence and adapt it to your environment. Utilizing your chosen video manufacturer, Caméléon Telepresence fulfills your conferencing and presentation requirements without sacrificing quality or your budget.

With Caméléon, you’ll gain:

Contact us today! 866.559.8197 Scan here

or visit avispl.com/ cameleon-tpres to learn more about how you’ll gain from caméléon Telepresence.


A fully-immersive Telepresence experience

A quality, HD videoconferencing solution

Crisp, cutting edge audio conferencing

Local, multimedia presentation and display capabilities

Maximized use of your meeting room space

A fully functional system, regardless of the type of meeting

A competitive edge through the latest technology

Advanced, effective business communication tools


Simplicity. Caméléon Telepresence is a true plug-and-play, turnkey solution, featuring a simplified graphical user interface touch panel control system. With consistent screen layout, colorcoded functionality and clear easy to follow on screen directions, even first-time users, with all levels of technical capabilities, come into a Caméléon Telepresence room and initiate a meeting using any of the various modes within seconds.

Versatility. The Caméléon Telepresence solution is based on standards based industry-leading technology. Various model designs are available to accommodate your company’s desired video manufacturer, such as Cisco, LifeSize, Polycom and RADVISION. With customized features, such as expandable second participant row for added meeting capacity, automated room control for lighting, shades and climate, and custom tabletop color finishes, Caméléon can be easily customized to your requirements.

Affordability. Caméléon Telepresence brings full-featured capabilities without the big price tag. Many organizations have delayed Telepresence implementations because of the cost associated with the technology and complicated costly construction. Caméléon requires no room construction and can be easily fitted into most existing environments. Caméléon eliminates the high construction costs while providing a price-competitive solution.

Quality. With its expanded functionality and cost-efficiency, the Caméléon Telepresence Solution still delivers the highest quality experience your organization expects. The latest video technology allows users to see facial expressions, make eye contact and read body language with HD video supporting up to 1080p resolutions on three 60” LCD displays. While the crisp, cutting edge audio provides state-of-the-art clarity.

Why Partner with AVI-SPL? Gain the advantage of 24/7 support, highly-certified technicians, more than 700 manufacturer partnerships and 32 offices worldwide. In addition, our LEEDaccredited professionals can implement solutions that save energy, decrease travel costs and generate carbon credits.

Video conferencing has left the building. The news is out — Vidyo gives you the freedom to meet with anyone on any device, anywhere and anytime. Vidyo moves collaboration beyond conference room walls and into modern workflow where it belongs. At last, video conferencing that deploys in minutes, works alongside your enterprise apps, and connects your legacy systems with the mobile, desktop and room-based endpoints your users rely on to get work done. With Vidyo, the advantages are clear: Incredible quality — Enjoy a telepresence quality video experience for every meeting. Incredible reach — Participate from the boardroom, a branch office or the beach, with smooth video conferencing over everyday IP networks. Incredible savings — Operate at 10% of the cost of other solutions. Get the story first hand, visit www.vidyo.com to learn more.

Profile for Telepresence Options

Telepresence Options Magazine - Summer 2012  

Video Network Infrastructure - A Primer The Great Debate: The Case for Building Your Own VNOC vs. The Case for Managed Services Videoconfere...

Telepresence Options Magazine - Summer 2012  

Video Network Infrastructure - A Primer The Great Debate: The Case for Building Your Own VNOC vs. The Case for Managed Services Videoconfere...