Authors: Prasad Calyam, Gregg Trueb, Nathan Howes
Addresses: Ohio Supercomputer Center, The Ohio State University, 1224 Kinnear Road, Columbus, OH 43212, USA. ' Ohio Supercomputer Center, The Ohio State University, 1224 Kinnear Road, Columbus, OH 43212, USA. ' Ohio Supercomputer Center, The Ohio State University, 1224 Kinnear Road, Columbus, OH 43212, USA
Abstract: It is common today to have H.323 and SIP videoconferencing equipment deployed behind firewalls/NATs in campus and enterprise networks. A major challenge faced by network planners is to configure firewalls and gatekeeper proxies to allow voice-and-video traffic in-and-out of the internal-network|s ports while limiting malicious access of internal-network data by intruders through the same open ports. In this paper, we first describe the strategies used with gatekeeper proxies to solve the firewall traversal challenges in securing distributed videoconferencing systems. Next, we empirically evaluate the load-handling of gatekeeper proxies for firewall traversal under low, medium and high cross-traffic loads using subjective and objective measurements. Following this, we describe the signalling-and-multimedia flow architectures and identify caveats that arise due to heterogeneous adoption of these strategies. Lastly, based on our empirical results, caveats identification and vast operations experience, we list best-practices for deploying gatekeeper proxies in small-to-large scale secure videoconferencing systems.
Keywords: secure videoconferencing; firewall traversal; network middlebox; ITU-T H.460; gatekeeper proxies; video quality measurement; videoconferencing security; firewalls; network security.
International Journal of Internet Protocol Technology, 2010 Vol.5 No.1/2, pp.32 - 43
Available online: 09 Apr 2010 *Full-text access for editors Access for subscribers Purchase this article Comment on this article