In the upcoming report, The Inter-Company Telepresence and Video Conferencing Handbook, a collaboration between Brockmann & Company and the Human Productivity Lab, my personal experience in implementing the most trivial of enterprise video communications implementations – the home office – is reviewed. Although described as trivial, it most certainly is not trivial. Setting up a a home video communications system is easy to plug in (monitor goes here, network goes there, power goes here, camera goes there, microphone pod goes there), the configuring of the NETGEAR firewall/router is complicated and done only once (if it’s been done correctly).

Here’s an excerpt from the Handbook:

Trivial Firewall Settings for Single Station Inter-Company Video Communications

It is instructive to consider the trivial home office setting. In many small offices or home offices (SOHO) there is only one video communications endpoint so it is not necessary to implement an address manipulating solution that enable complex interactions or reporting services. To support Internet-based inter-company or inter-office communications to and from this endpoint, it is recommended to:

  • Assign a dedicated IP address from within the internal address pool to the endpoint.
  • Acquire a dedicated IP address for the SOHO router from the Internet service provider. Publish that IP address to the video communications participants.
  • Configure the firewall to forward all incoming H.323 and SIP messages to the endpoint.
  • LifeSize users: define a minimum of 8 UDP ports and 2 TCP ports in the range port 60000 – 64999 for each of the maximum number of other endpoints in a multiway conference and point the firewall to forward this traffic to the endpoint. A three-way conference from this endpoint needs 16 UDP and 4 TCP ports.
  • Polycom users: Ports 1718 with UDP, 1731 with TCP and then allow dynamic use of ports 1024-65535 with both UDP and TCP services.
  • TANDBERG users: Ports 970-973 with UDP, Ports 2326-2373 with UDP, Port 2837 UDP and Port 5587 if Multipoint Control Unit (MCU) is present and 5555-55xx TCP, forwarding to the endpoint.

More sophisticated small offices might also have an installed IP PBX server requiring SIP communications to and from the SIP trunking service provider. In these circumstances, it is not appropriate to forward all the SIP and H.323 traffic to the video endpoint so a more sophisticated solution, such as a session border controller, is in order.

As compared to the PC video implementation, the communications industry has to replace this complicated security regime with simple, built-in works-anywhere functionality if there is any hope at enabling broad market deployment. Under no circumstances should trivial implementations require any firewall configuration, let alone the specifications defined here.

If the video equipment industry expects to deploy products in a home office setting, it must throw out these unnecessarily complicated setups which are in fact barriers to adoption. This needs to be a simple transaction. Plug in and it works, please.

Two client executives that I have worked with in the past year were beneficiaries of home office video implementations, yet neither, from different companies, could get their IT dudes to make it work. Yuck.

This post has already been read 0 times!