Comparison between Cloud and On-Premise video conferencing systems

Overview:

The purpose of this paper is to discuss and compare the differences (Pros & Cons) between using a Cloud based or On-Premise video conferencing system so you can decide which provides the best solution for you. It provides details about the Lifesize Cloud and generic H.323/SIP On-Premise systems, showing all the components of each in easy to follow diagrams.

It is assumed that the reader has a general knowledge of video conferencing systems and the standards involved. However, the following technical papers are available to provide more information on these topics:

Background:

Initially, video conferencing was the reserve of larger companies and organisations who could afford to invest in the endpoints, infrastructure and personnel required to successfully implement an On-Premise solution that was then made available to select employees or workgroups. Hence, the endpoints were typically for conference rooms or small project teams and would be located on the corporate intranet behind a robust firewall. For added security, some systems would be restricted to only use ISDN connectivity. In general, they were not readily available to everyone, especially not on their desktop.

Moving forward, video conferencing systems have gradually migrated down to the PC and are available on the desktop, but they typically still use the corporate intranet behind the firewall. As the number of endpoints increases, so does the bandwidth requirements, complexity of the network and associated video infrastructure; all of which needs supporting and maintaining. So whilst the cost per endpoint has reduced, the cost of supplying, supporting and maintaining the in-house network and video infrastructure has increased and can represent a significant portion of the total video conferencing costs.

This can pose a dilemma for SME and small organisations who see the benefits of video conferencing. They want to use the technology, but only need a few endpoints; they want the security of a robust video infrastructure, but either don't have the staff, don't want the cost of outsourcing support, don't have the bandwidth resources or simply don't want the hassle of managing it themselves.

One option is to use a Cloud solution. These provides all the essential video infrastructure as a fully supported hosted service charged on an annual basis. You typically choose and provide the endpoints, the Cloud provides the interconnectivity, including multipoint capability. Using a Cloud solution may also have financial benefits as it's a subscription service and not a capital expenditure.

Lifesize Cloud:

The Lifesize Cloud is a high definition video conferencing service that is truly global; powered by servers in IBM's worldwide Data Centres. The Lifesize Cloud supports calling both H.323 and SIP standards compliant devices from all the major vendors.

There are currently five editions of Lifesize Cloud; Premium, Small, Medium, Large and Enterprise. Which is best depends on the functionality you require and the size of your organisation.

BYOD - Bring Your Own Device support. You choose and provide the endpoints, the Lifesize Cloud provides the rest. For in-house users, the Lifesize Cloud is optimised to support the latest Lifesize Icon and 220 series hardware. Automatically configuring these systems to your Lifesize Cloud account with automatic software updates. Plus easy calling using the touch-screen Lifesize Phone HD.

For remote users, third-party suppliers and people on-the-road, the Lifesize Cloud application supports the latest iOS, Android™ and Windows® devices, making your video conferencing available on a broad range of tablets and smartphones. Anyone can join your call from an existing group video system, a Mac® or PC, even a web browser (WebRTC - IE and Chrome™) or telephone as depicted in the diagram below. 

Create your own Virtual Meeting Room (VMR) with up to 50 users. Starting with a minimum 10 User Lifesize Cloud Premium account, each User can create their own virtual meeting room that supports up to 40 participants. Everything works automatically. Just power up, logon to your Lifesize Cloud account and see everything sync automatically. Your company directory populates once users are added. No more wasting time and momentum fighting with the interface. Then, say farewell to dial-in numbers, access codes and video PINs. Simply dial people with a click of their name and they can join your multiparty video conference from any device. 

Cloud Large & Enterprise editions allow you to create virtual meeting rooms up to 50 participants.

Free Audio Conferencing Bridge. As mentioned, each Lifesize Cloud Premium User can create their own VMR that supports up to 40 participants. But invitees can be just audio participants using their telephone, mobile or smartphone. Instead of using a separate audio conferencing service (at additional cost), you can simply use your Lifesize Cloud account to create an audio conference. Invited participants simply call their listed Lifesize country number and when prompted, enter your quoted call extension.

No IT support necessary. With Lifesize Cloud, everything is plug and play, even firewall traversal, business-class security and data encryption. Gone are the days of needing a system administrator to support every video call. Everything is built into Lifesize Cloud.

On-Premise H.323 Systems:

To setup and use just one H.323 video conferencing endpoint is relatively simply as it should not really require or use any more network infrastructure than what you probably already have installed. That's assuming you already have an Internet connection (fast ADSL) with firewall, router, DHCP server and sufficient spare bandwidth. As well as the actual H.323 endpoint, you need a static public IP address from your ISP, then it's just a case of configuring all the devices. Basically, you configure the network devices to either directly or indirectly (via NAT), assign the public IP address to the H.323 endpoint and allow inbound traffic to that endpoint on the specific IP ports and protocols used by that endpoint.

However, having just one endpoint assigned a pubic IP address, even when behind and protected by a firewall, still leaves it open to receiving spam or getting unwanted calls.

But if you want more than one H.323 endpoint or better security, it becomes more complicated (and costly) as then you require more video network infrastructure, that obviously needs configuring, supporting and maintaining.

To have several H.323 endpoints on your network, (even just two), you should consider using an H.323 Gatekeeper in-conjunction with an H.460 NAT/Firewall Traversal solution. You should also consider if your firewall is good enough for all the rules you might need as well as ensuring that you have sufficient sustainable bandwidth for all the devices (not just the H.323 endpoints), that will use the connection. The network diagram below shows examples of H.460 NAT/Firewall Traversal solutions with associated H.323 Gatekeepers

Edgewater Networks have a one box solution with the EdgeProtect 4550 that provides an H.323 Gatekeeper, H.460 NAT/Firewall Traversal and SIP Registrar. This is ideally suited for a small office, home office or when there are only a small number of video conferencing endpoints that need protecting.

More complicated H.460 NAT/Firewall Traversal or Session Border Controller (SBC) solutions, which also incorporate an H.323 Gatekeeper function, typically consist of two boxes; one outside the firewall in the public domain and the other behind the firewall on the internal network.

As depicted in the H.460 NAT/Firewall Traversal solutions diagram above, the ClearOne Collaborate NetPoint outside the firewall works in-conjunction with ClearOne's Collaborate VCB behind the firewall to provide a two box H.460 NAT/Firewall Traversal solution with the Collaborate VCB including Collaborate Central as its embedded H.323 Gatekeeper.

Similarly, Polycom's RealPresence Access Director (RPAD) outside the firewall works in-conjunction with their Distributed Media Application (DMA) behind the firewall to provide an H.460 NAT/Firewall Traversal solution with DMA also providing the H.323 Gatekeeper function. The Polycom DMA can also act as a Gateway and transcode H.323 <> SIP calls.

Most vendors have now implemented H.460 support into their latest endpoint software revisions. When using a Gatekeeper, H.323 endpoints behind the firewall do not use NAT; they simply register their H.323 ID with the Gatekeeper using their current internally allocated IP address. H.323 endpoints behind the firewall can then call each other using their unique H.323 ID, alias or E.164 number and it does not matter if they are on a VPN or not. External (public) H.323 endpoints would initiate a conference to an endpoint behind the firewall by calling the public IP address of the firewall solution along with the specific endpoints H.323 ID, alias or E.164 number.

On-Premise SIP Systems:

You would not usually have just one SIP endpoint behind a firewall as they generally designed to register using a secure login (User Name & Password) with a SIP Registrar. This provides each one with a unique URI that is then used to call that SIP endpoint. For example, a Polycom RealPresence Group 310 (rpg310) might be allocated a URI of rpg310@sip.polycom.net which could then be called by other SIP endpoints to initiate a conference.

The InGate SIParator models are SIP Registrars that provide a secure SIP firewall traversal solution. They have several network interfaces and would typically reside outside the firewall or in the firewall's DMZ. The public network interface would be allocated a public IP address and any internal network interfaces would be allocated a non-routeable IP address. Each User ID also defines which network interface it will use at login, hence securely separating URI and devices on either side of the firewall. Only SIP traffic is routed through the InGate SIParator and blocked by the firewall. Alternatively, you may use a hosted SIP Registrar from a service provider. 

The Polycom Distributed Media Application (DMA) can also act as a SIP Registrar and when used in-conjunction with a Polycom RealPresence Access Director (RPAD), can provide a SIP Firewall Traversal solution.

As depicted in the diagram above, the Edgewater Networks EdgeProtect is a one box solution that includes both an H.323 Gatekeeper and SIP Registrar. It has several network interfaces and would typically reside outside the firewall or in the firewall's DMZ. The EdgeProtect 4550 is ideally suited for a small office, home office or when you require only a small number of simultaneous sessions. 

Whilst the EdgeProtect 7300 is a rack-mounted one box solution that is expandable from 5 -100 users and ideal for large companies who want to host several simultaneous sessions.

SIP traffic is normally routed through the SIP Registrar, so it's the Registrar that determines which media ports will be used along with which port and protocol is used for call signalling, setup and registration; 5060 UDP, 5060 TCP or if using TLS (Transport Layer Security), 5061 TCP.

Summary:

Hopefully, this paper shows you all the components you need to consider when deciding whether to have a Cloud based or On-Premise video conferencing system. As you can see, there are Pros & Cons between using either.

We are here to help and can provide consultancy, installation and training. Once you know how many endpoints you need and where they will be located, we can help and discuss the costs and compare the differences between using a Cloud solution or implementing an On-Premise system.