Desktop video conferencing is considered to be a key element in a true virtual working place. As millions of workers are expected to telework by 2010, there’s a growing need to support desktop video conferencing from outside of the enterprise secured LAN.

A Teleworker’s Dream (CC)

VoIP and firewalls – a must-solve problem

I have already mentioned RADVISION’s desktop client, Scopia Desktop, as it is used by all RADVISION employees for daily video conferences. Scopia Desktop enables any member of the organization, as well as customers and partners outside of the organization, to participate in any corporate video conference as it incorporates a built-in firewall traversal mechanism.

Ran from “Code of Contact” next door has already explained why VoIP is so hard on firewalls and NATs. IT people are working hard on blocking anything outside of the private network, including video conferencing clients. Ran discussed ways to solve this problem, but most are pretty sophisticated and/or require an additional investment – for instance, reconfiguring the firewall (huh?) or adding a Session Border Controller (a what?!).

As a user, especially someone who just received an e-mail inviting you to a video conference on some enterprise system, you really don’t want to bother with firewalls or any other technical obstacles. All you want to have to do is double-click the link, and get connected. No downloading, no configurations, no nothing. That is just what Scopia Desktop does.

An e-mail invitation to a Scopia Desktop conference (right) and the Scopia Desktop Portal (left).

When you receive an e-mail invitation to a conference, as seen above, you receive a hyperlink for the Scopia Desktop Portal. The portal gives you access to any meeting going on in the enterprise using a browser based user interface. You simply have to log in, click on “Participate Now” and… that’s that! Every time I use it, at home or in order to talk to someone outside of RADVISION, I am quite impressed at its simplicity.

What is Scopia Desktop Doing?!

As I am a tech guy, I don’t believe in luck, and so I wanted to get to the bottom of things. I had an insightful conversation with Emmanuel Weber, System Architect in RADVISION’s New Hampshire team, in charge of Scopia Desktop. Since RADVISION applied for a patent on this piece of innovation and the application is public, I can discuss here what Manu was kind enough to explain.

You need to understand: No matter how well you setup your company’s network to allow endpoints to connect from the outside, some video participants may not be able to connect. This is because you do not control the network parameters of the other side, and some organizations apply very strict policies (for instance, not allowing any other traffic than HTTP and HTTPS to/from the outside world). In other words, firewalls are fighting with the video.

To solve this problem, our inventive R&D guys developed a method of “tunneling” stuff over HTTP and HTTPS. It involves “hijacking” the packets to be sent over the network (over a connection-less channel – UDP), encapsulating them and sending them over a secure, connection-based, firewall-friendly connection to the remote party. In this manner the firewall has no way of knowing what is sent over the connection and therefore lets the media go through.

This is quite simple and useful, but large enterprises often use an additional layer of protection over their network in order to avoid the misuse of this channel with a HTTP proxy, or a pool of such proxies that control the traffic.

Therefore, The RADVISION solution implements not only all standard HTTPS features, but also all standard features regarding working with HTTP proxies, just like any web browser. This includes HTTPS tunneling through the HTTP proxy. To reach the server through a proxy, the client first locates the proxy, and then it establishes a connection to that proxy and asks the proxy to connect via the HTTPS port of the Server.

This method has been deployed tens of thousands of times around the world and found to successfully traverse the firewalls of the most meticulous IT departments, including customers in the financial and federal markets, which are known to have strict security policies.

As RADVISION’s desktop client, Scopia Desktop, uses all of the above technologies to connect the video conferencing system, it creates a seamless experience in connecting to the Scopia Desktop Portal and joining a meeting, no matter your network settings.