Advanced Video Applications, Session Control, and Firewall Traversal
As the workforce becomes more mobile and distributed, leaders recognize the benefits and growing impact of video as a key part of business collaboration. Video is being used to improve communications, relationships, and productivity by helping people meet face to face over distances. These meetings:
● Improve decision making by reducing communications delay
● Build trust and understanding across time zones within cross-functional and diverse teams
● Reduce employee travel, real-estate costs, and environmental impact
● Encourage information sharing and knowledge building with employees, partners, and customers
It's all part of engagement - making it easy and natural for people to collaborate - and Cisco is taking these interactions to the next level. Video collaboration experiences are available anywhere, and are as easy as voice. For many use cases, these experiences are better than being there.
Cisco TelePresence® Video Communication Server (VCS) is at the heart of these experiences. VCS delivers rich video-enabled collaboration throughout and beyond the enterprise network, and is ideal for organizations that do not have Cisco® call control environments but want to use Cisco TelePresence conferencing applications.
Cisco Expressway Series
The Cisco Expressway™ Series provides functionality similar to VCS. Expressway provides a video-centric call control and firewall traversal solution that supports registration of both Cisco and third-party endpoints. For most customers, Expressway-C and Expressway-E will provide a more flexible and extensible licensing model as well being more cost-effective, and will be preferable to VCS Control and VCS Expressway. For more information about Expressway, visit http://www.cisco.com/go/expressway or contact your Cisco account representative.
Product Overview
VCS comprises Cisco TelePresence VCS Control and Cisco TelePresence VCS Expressway to enable smooth video communications easily and securely inside and outside the enterprise.
VCS Control provides video call and session control, registrations, and enhanced security for Cisco TelePresence conferences. It enables definition of aspects such as routing, dial plans, and bandwidth usage, while allowing organizations to customize video call-management applications to their requirements.
For organizations that need video collaboration beyond the enterprise, VCS Expressway is required alongside VCS Control. VCS Expressway allows video traffic to traverse the firewall securely, enabling rich video communications with partners, customers, suppliers, mobile workers, and teleworkers.
Important use cases for Cisco VCS include:
● Business-to-business video: Using Uniform Resource Identifier (URI) dialing, you can collaborate with customers, partners, and suppliers as easily and securely as you do using email messages. No prearrangements are needed. And if your partners, suppliers, or customers have a third-party standards-based Session Initiation Protocol (SIP) or H.323, system, you can collaborate with them too, as easily as you do with the people in your own office.
● Mobile video experiences using Cisco Jabber Video™ for TelePresence (formerly Movi™) clients: Providing secure mobile access based on Transport Layer Security (TLS), Cisco Jabber Video for TelePresence mobile lets you make and receive video calls without requiring the extra step of a VPN.
● Teleworkers: Teleworkers can use their personal Cisco TelePresence endpoints for video interactions with colleagues, customers, partners, and suppliers from their home office.
● Investment protection: The solution offers video interoperability with your current standards-based SIP or H.323 systems and devices.
When VCS is deployed with Cisco Unified Communications Manager or Cisco Business Edition 9.1.2 or later, the following are also possible when remote and mobile access to Cisco Unified Communications Manager is enabled:
● Mobile experiences using any Cisco Jabber® client with access to all collaboration workloads (video, voice, content, instant messaging, and presence) without requiring the extra step of a VPN.
● VPN-less teleworker support for Cisco endpoints (Cisco TelePresence EX Series, MX Series, and SX Series; Cisco TelePresence Integrator C Series; Cisco DX Series; as well as Cisco Jabber).
● Mobile and browser-based collaboration with Cisco Jabber Guest: Realize the benefits of new ways of securely and easily interacting with “guests,” whether they are consumers, other businesses, or even temporary employees.
VCS Control and Expressway deliver exceptional scale and resilience, highly secure communications, and simplified large-scale provisioning and network administration in conjunction with Cisco TelePresence Management Suite (Cisco TMS). They can be deployed as a dedicated appliance or as a virtualized application on VMware with additional support for Cisco Unified Computing System™ (Cisco UCS™) platforms.
More features and capabilities are listed in Table 1.
Table 1. Additional VCS Features and Capabilities
Cisco VCS Control |
Cisco VCS Expressway |
● SIP registrar and SIP proxy server
● H.323 gatekeeper interoperability and interworking between SIP and H.323 standards-compliant endpoints and support for communication with IBM Lotus Sametime and Microsoft Lync environments, including Microsoft Lync 2013 (H.264 SVC) clients
● Zone and bandwidth management: VCS Control supports management of the allocation of bandwidth among sites, endpoints, and groups of endpoints
● Dial-plan and call-routing control: These features allow administrators to create dial plans to define how calls are handled within the network
● Authentication: You can configure VCS Control to allow both authenticated and unauthenticated endpoints to register to the same VCS, and to subsequently control the operation of those endpoints based on their authentication status
● Policy services
● Deployment flexibility: You can deploy VCS Control virtually or as an appliance, in clusters or standalone environments
● Advanced Joint Interoperability Test Command (JITC) security
|
● Firewall traversal services using SIP or H.460.18/19
● Call-routing services including alphanumeric URI dialing and Domain Name System (DNS) Service Record (SRV) configuration
● Policy services
● Deployment flexibility: You can deploy VCS Expressway virtually or as an appliance
● Traversal Using Relays for NAT (TURN) relay services:
◦ These services provide TURN relay services to Interactive Connectivity Establishment (ICE)-enabled endpoints to allocate relays for the media components of the call. The endpoints perform connectivity checks through ICE to determine how they will communicate
◦ For communications between VCS and external Microsoft Lync servers and clients that are registered through a Microsoft Edge Server, a back-to-back user agent for Microsoft Lync is provided with VCS Expressway
|
Figures 1 illustrates a standalone VCS deployment, and Figure 2 shows VCS deployed with Cisco Unified Communications Manager or Business Edition.
Note: Requires Cisco Unified Communications Manager with Business Edition 9.1 or later and VCS X8.1 or later with mobile and remote access to Cisco Unified Communications Manager enabled.
General Specifications
Table 2 lists general specifications for VCS Control and VCS Expressway.
Table 2. Specifications for VCS Control and VCS Expressway
Product Feature |
Product Specification |
User Interface |
|
Web browsers supported |
● Web interface support for Internet Explorer 8, 9, 10, and 11; Firefox 3 or later; and Chrome
|
Management interfaces |
● Support for industry standards such as Secure HTTP (HTTPS), XML, Simple Network Management Protocol (SNMP v2 and v3), secure copy protocol (SCP), and Secure Shell (SSH) Protocol
● Embedded setup wizard for initial configuration
● Integration with Cisco TMS Version 13.2 or later for scalable provisioning and configuration
● Call logging and advanced diagnostics support
● Local Time Zone Away (VCS Expressway only)
|
Languages supported |
● English, Chinese (Simplified), French, German, Japanese, Korean, Russian, and Spanish
|
Endpoint Registration and Session Management |
|
Supported endpoints |
● VCS Expressway is compatible with any standards-compliant H.323, H.264 SVC, or SIP video conferencing or telepresence device
● Provisioning and configuration are supported only for Cisco TelePresence endpoints
● Mobile worker access to video and unified communications services are supported by Cisco Jabber Video for TelePresence (Movi) and Cisco Jabber Unified Communications applications, respectively
(
Note: For full details, please refer to the relevant release notes for the version(s) of Cisco Jabber that you are using).
● Cisco Jabber Unified Communications applications must be registered to Cisco Unified Communications Version 9.1.2 or later
|
Endpoint registration |
● Support for manual registration of H.323 and SIP endpoints
● Support for registration of H.323 ID and E.164 aliases and services
● Support for Unicode (UTF-8) registration for global implementation
|
Session control |
● Support for H.225/Q.931 and H.245 call-control routed mode and non-call routed mode
● Support for H.323-SIP Interworking Encryption
● Support for H.323-SIP Content Interworking (H.239-BFCP)
● Support for URI dialing
● Support for direct call signaling among neighbored VCSs, border controllers, and gatekeepers
● Support for call policy management (RFC 3880), including call policy and user policy (FindMe)
● Support for conference hunting for multipoint-control-unit (MCU) clusters
● Support for call routed mode
● Support for call loop detection
|
Zone control and bandwidth management |
● Support for remote zone monitoring
● Support for remote zone redundancy
● Support for up to 1000 neighbor zones (including VCSs, border controllers, gatekeepers, and SIP proxies)
● Support for subzone area definition for bandwidth management
● Support for flexible zone configuration with named zones and default zone
● Support for forwarding of requests to neighbor zones
● Support for registration control (open, specifically allow, and specifically deny)
● Support for interzone bandwidth management: Definable call by call
◦ Maximum bandwidth per call
◦ Maximum aggregate bandwidth for all neighboring zones
● Support for intrazone bandwidth management: Definable call by call
◦ Maximum bandwidth per call
◦ Maximum aggregate bandwidth
● Support for auto-down-speeding if call exceeds per-call maximum
● Support for gateway load balancing
● Support for automatic network failover
● Support for capacity warnings for users and administrators
|
Network |
● Support for DNS addressing
● Support for IPv4 and IPv6 simultaneously
● Support for IPv4 and IPv6 translation services
● Support for differentiated services code point (DSCP) classification for quality of service
|
Scalability and Capacity |
|
Single VCS capacity |
● The capacity of one VCS (appliance or small and medium virtual machine) follows:
◦ Up to 2500 registrations
◦ Up to 500 nontraversal calls
◦ Up to 100 traversal calls
◦ Up to 1000 subzones
|
Single VCS capacity |
● The capacity of one VCS (large virtual machine) follows:
◦ Up to 5000 registrations
◦ Up to 500 nontraversal calls and up to 500 traversal calls
◦ Up to 1000 subzones
|
VCS CE1100 appliance |
● The capacity of one VCS CE1100 is as follows:
◦ 1 or 10 Gbps network interfaces
◦ Up to 5,000 registrations and up to 500 nontraversal calls
◦ Up to 500 traversal calls
Note: The maximum number of calls interworked to Microsoft Lync 2013 is 100. It is highly recommended that a separate VCS Control be deployed for use as a dedicated Microsoft Lync gateway. |
Clustered VCS capacity |
● Up to six VCS appliances or virtual machines can be clustered to increase capacity and provide redundancy
● Clustering increases the maximum registrations, traversal, and nontraversal calls by up to four times
|
Microsoft Lync interworking capacity |
● The maximum number of calls interworked to Microsoft Lync is 100. It is highly recommended that a separate VCS Control server is deployed for use as a dedicated Microsoft Lync gateway
|
System Security and Resilience |
|
Security features |
● Secure management with HTTPS, SSH, and SCP
● Secure file transfer
● Inactivity timeout
● Built-in firewall configuration rules (VCS Control)
● Ability to lock down IP services
● Requirement for authentication on HTTP(S), SSH, and SCP
● H.235 authentication support
● Transport Layer Security (TLS) for SIP signaling
● Roles-based password-protected GUI user access
● Ability to enforce strict passwords
● Ability to disable root access over SSH
● Automated intrusion protection
● Support for delegated credential checking across a traversal zone with VCS Expressway
● Federal Information Processing Standards (FIPS) 140-2-compliant cryptographic modules
|
Resilience and reliability |
● Ability to deploy in six-redundant cluster
● Ability to share licenses across a cluster
● Ability for registrations to survive system restart
● Ability to replicate configuration for clusters
● Ability for the VCS Expressway process to recycle within seconds
● Support for VCS Expressway H.225 Alternate Gatekeeper
|
Firewall Traversal |
|
Traversal services |
● Cisco Expressway technology
● Serial tunnel (STUN) discovery and STUN relay services
● Firewall traversal STUN-compliant
● H.460.18/19-compliant
● H.460.18 client-proxy support
● Support for H.460.19 multiplexed media
● SIP support
|
Remote collaboration services supported |
● Extensible Messaging and Presence Protocol (XMPP) for instant messaging
● HTTPS for logon, provisioning and configuration, contact search, and visual voicemail services
● SIP for session establishment, register, and invite using Cisco Business Edition and Cisco Unified Communications Manager Real-Time Transfer Protocol (RTP) and Secure RTP (SRTP) for audio and video
● Binary Floor Control Protocol (BFCP) for content sharing
|
Network |
● Support for DNS addressing
● Support for IPv4 and IPv6 simultaneously
● Support for IPv4 and IPv6 translation services
|
Product Specifications for Virtualized Environments
VCS Control and VCS Expressway can be deployed virtually or as an appliance. Table 3 lists the virtualized application specifications.
Table 3. VCS Control and VCS Expressway Virtualized Application Specifications
Product Feature |
Product Specification |
||
Virtualized Application Specifications |
|||
Servers for virtual environment |
● Cisco UCS B- or C-Series Servers or third-party servers that meet the minimum requirements
● VMware vSphere or vCenter server running ESXi, which includes Cisco UCS E-Series Servers on the Cisco Integrated Services Routers
For full details about host requirements, refer to the Cisco TelePresence VCS Virtual Machine deployment guide. |
||
Virtual Machine Host Requirements |
Small Deployment |
Medium Deployment |
Large Deployment |
Virtual CPU (vCPU) |
2 core |
2 core |
8 core |
Reserved CPU resource |
3600 MHz (2 x 1.8 GHz) |
4800 MHz (2 x 2.4 GHz) |
25600 MHz (8 x 3.20 GHz) |
Reserved RAM |
4 GB |
6 GB |
8 GB |
Disk space |
132 GB |
132 GB |
132 GB |
Network interface card (NIC) |
1 Gb |
1 Gb |
10 Gb |
Product Specifications When Deployed as an Appliance
VCS Control and VCS Expressway can also be deployed as an appliance on the VCS CE1100 appliance. Table 4 lists the features and benefits of these appliances. Table 5 gives the specifications for the appliance. Table 6 provides the certifications and approvals for VCS Control, VCS Expressway, and the CE1100 appliance.
Table 4. Appliance Features and Benefits
Table 5. Product Specifications for the VCS CE1100 Appliance
Item |
Platform Specifications for Cisco CE1100 |
CE1100: 2 Intel® 3.50 GHz Xeon® processors (E5-2637 v3/135W 4C/15MB Cache/DDR4 2133MHz) |
|
CE1100: 32GB (2 X 16GB DDR4-2133-MHz RDIMM/PC4-17000/dual rank/x4/1.2v) |
|
Network Interfaces |
CE1100: Intel X520 dual-port 10-Gb Small Form-Factor Pluggable Plus (SFP+) adapter |
Cisco 12G SAS Modular Raid Controller and Cisco 12Gbps SAS 1GB FBWC Cache module (Raid 1) |
|
Two 1-TB SAS 7.2K rpm 3.5-inch HDD with hot plug; drive sled mounted |
|
● Web user-interface for server management; remote keyboard, video, and mouse (KVM); virtual media; and administration
● Virtual media support for remote CD and DVD drives as if local
● Intelligent Platform Management Interface (IPMI) 2.0 support for out-of-band management through third-party enterprise management systems
● Command-line interface (CLI) for server management
Provides UCS visibility and control to management ecosystem partners using a comprehensive XML API |
|
One KVM console connector (supplies 2 USB, 1 VGA, and 1 serial connector) |
|
Indicator to help direct administrators to specific servers in large data center environments |
|
Additional interfaces including a VGA video port, 2 USB 3.0 ports, an RJ45 serial port, 1 Gigabit Ethernet management port, and dual 1 Gigabit Ethernet ports |
|
1 rack unit (1RU): 1.7 x 16.9 x 28.5 in. (4.32 x 43 x 72.4 cm) |
|
32 to 104°F (0 to 40°C) (operating, sea level, no fan fail, no CPU throttling, turbo mode) |
|
-40 to 158°F (-40 to 70°C) |
|
10 to 90% noncondensing |
|
5 to 93% noncondensing |
|
0 to 10,000 ft (0 to 3000m); maximum ambient temperature decreases by 1°C per 300m) |
|
Altitude: Nonoperating |
0 to 40,000 ft (12,000m) |
Table 6. Certifications and Approvals for VCS Control and VCS Expressway and CE1100 Appliance
Product Feature |
Product Specification |
Certifications |
● LVD 73/23/EC
● EMC 89/366/ECC
● VCS Version X7 is ICSA Labs Certified
|
Approvals and compliance |
● Directive 73/23/EEC (Low Voltage Directive)
● Directive 89/336/EEC (EMC Directive)
● Standards EN 60950, EN 55022 Class A, EN 55024, and EN 61000-3-2/-3-3
● Approved according to UL 60950 and CAN/CSA C22.2 No. 60950
● Compliance with FCC15B Class A
● Joint Interoperability Test Command (JITC)
|
Supported RFCs |
● RFCs 2543, 3261, 3264, 1889, 3265, 3325, 3515, 3891, 3892, 2327, 4566, 5626, 5627, 5389, and 5766
|
Certifications and Approvals for the CE1100 Appliance |
|
Safety |
● UL 60950-1 No. 21CFR1040 Second Edition
● GB4943 2001
|
EMC: Emissions |
● 47CFR Part 15 (CFR 47) Class A
● CNS13438 Class A
|
EMC: Immunity |
● EN55024
● KN24
|
Ordering Information
To order VCS, visit the Cisco Ordering Home Page and refer to Tables 7 and 8.
Table 7. Ordering Information for VCS Control
Product Name |
Part Numbers |
Cisco Video Communication C (VCS-C) CE1100 Appliance Bundle The following components are included in the base price of VCS-C-BDL-K9 Software Image for VCS with Encryption Version 8.X License Key - VCS Encrypted Software Image Video Comm Server 10 Add Non-traversal Network Calls VCS Advanced Networking Video Communication Server - 100 Traversal Calls Video Communication Server - FindMe application Enable GW Feature (H323-SIP) Enable Device Provisioning Free VCS Control ONLY 3.50 GHz E5-2637 v3/135W 4C/15MB Cache/DDR4 2133MHz 16GB DDR4-2133-MHz RDIMM/PC4-17000/dual rank/x4/1.2v 1TB SAS 7.2K RPM 3.5 inch HDD/hot plug/drive sled mounted Trusted Platform Module 1.2 for EXP (SPI-based) 770W AC Hot-Plug Power Supply for 1U C-Series Rack Server Cisco 12G SAS Modular Raid Controller 32GB SD Card for UCS servers Security Bezel for CE1100 1 Gigabit Ethernet SFP Module 10/100/1000BASE-T 10 Gigabit Ethernet SFP Module 10GBASE-SR SFP+ SR Optics Intel X520 Dual Port 10Gb SFP+ Adapter Enable RAID 1 Setting |
VCS-C-BDL-K9
SW-VCS-8.X-K9 LIC-VCS-BASE-K9 LIC-VCS-10 LIC-VCS-DI LIC-VCSE-100 LIC-VCS-FINDME LIC-VCS-GW LIC-VCS-DEVPROV |
Cisco TelePresence Video Communication Server Control (virtualized application) Comes with: VCS, Gateway feature, FindMe feature Note: A minimum of 10 nontraversal licenses must be selected when ordering the VCS virtualized application. |
R-VMVCS-CTRL-K9 |
Ordering Options for the Cisco VCS Control |
|
10 Non-Traversal Calls for Cisco VCS Control |
LIC-VCS-10 |
Additional 20 Non-traversal calls for Cisco VCS Control |
LIC-VCS-20 |
Additional 50 Non-traversal calls for Cisco VCS Control |
LIC-VCS-50 |
Additional 200 Non-traversal calls for Cisco VCS Control |
LIC-VCS-200 |
Additional 300 Non-traversal calls for Cisco VCS Control |
LIC-VCS-300 |
5 Traversal Calls for Cisco VCS Expressway (large .ova VMVCS or CE1K only) |
LIC-VCSE-5 |
10 Traversal Calls for Cisco VCS Expressway (large .ova VMVCS or CE1K only) |
LIC-VCSE-10 |
20 Traversal Calls for Cisco VCS Expressway (large .ova VM VCS or CE1K only) |
LIC-VCSE-20 |
50 Traversal Calls for Cisco VCS Expressway (large .ova VM VCS or CE1K only) |
LIC-VCSE-50 |
VCS Advanced Account Security (JITC) for Cisco VCS Control |
LIC-VCS-JITC |
VCS Enhanced Microsoft Collaboration for Cisco VCS Control |
LIC-VCS-OCS |
Table 8. Ordering Information for Cisco VCS Expressway
Product Name |
Part Numbers |
Cisco Video Communication E (VCS-E) CE1100 Appliance Bundle The following components are included in the base price of VCS-C-BDL-K9 Software Image for VCS with Encryption Version 8.X License Key - VCS Encrypted Software Image Video Communication Server - 5 Traversal Calls VCS Advanced Networking Video Communication Server - FindMe application Enable GW Feature (H323-SIP) Enable Expressway feature VCS 1800 TURN Relay option 3.50 GHz E5-2637 v3/135W 4C/15MB Cache/DDR4 2133MHz 16GB DDR4-2133-MHz RDIMM/PC4-17000/dual rank/x4/1.2v 1TB SAS 7.2K RPM 3.5 inch HDD/hot plug/drive sled mounted Trusted Platform Module 1.2 for EXP (SPI-based) 770W AC Hot-Plug Power Supply for 1U C-Series Rack Server Cisco 12G SAS Modular Raid Controller 32GB SD Card for UCS servers Security Bezel for CE1100 1 Gigabit Ethernet SFP Module 10/100/1000BASE-T 10 Gigabit Ethernet SFP Module 10GBASE-SR SFP+ SR Optics Intel X520 Dual Port 10Gb SFP+ Adapter Enable RAID 1 Setting |
VCS-E-BDL-K9
SW-VCS-8.X-K9 LIC-VCS-BASE-K9 LIC-VCSE-5 LIC-VCS-DI LIC-VCS-FINDME LIC-VCS-GW LIC-VCSE-E LIC-VCS-1800TURN |
Cisco TelePresence Video Communication Server Expressway (virtualized application) Comes with: Cisco TelePresence VCS, Expressway feature, Gateway feature, 1800 TURN relay option, VCS-Dual Network Interface feature Note: A minimum of 5 traversal licenses must be selected when ordering the VCS Expressway virtualized application. |
R-VMVCS-EXPWY-K9 |
5 traversal calls for VCS Expressway |
LIC-VCSE-5 |
10 traversal calls for VCS Expressway |
LIC-VCSE-10 |
20 traversal calls for VCS Expressway |
LIC-VCSE-20 |
50 traversal calls for VCS Expressway |
LIC-VCSE-50 |
Additional 10 nontraversal calls for VCS Expressway |
LIC-VCS-10 |
Additional 20 nontraversal calls for VCS Expressway |
LIC-VCS-20 |
Additional 50 nontraversal calls for VCS Expressway |
LIC-VCS-50 |
Additional 200 nontraversal calls for VCS Expressway |
LIC-VCS-200 |
Additional 300 Non-traversal calls for Cisco VCS Expressway |
LIC-VCS-300 |
VCS enhanced Microsoft collaboration |
LIC-VCS-OCS |
Service and Support
Cisco offers a wide range of services programs to accelerate customer success. These innovative services programs are delivered through a unique combination of people, processes, tools, and partners, resulting in high levels of customer satisfaction. Cisco Services can help you protect your network investment, optimize network operations, and prepare your network for new applications to extend network intelligence and the power of your business. For more information about Cisco Services, visit Cisco Technical Support Services online.
Cisco Capital
Financing to Help You Achieve Your Objectives
Cisco Capital can help you acquire the technology you need to achieve your objectives and stay competitive. We can help you reduce CapEx. Accelerate your growth. Optimize your investment dollars and ROI. Cisco Capital financing gives you flexibility in acquiring hardware, software, services, and complementary third-party equipment. And there’s just one predictable payment. Cisco Capital is available in more than 100 countries. Learn more.
For More Information
For more information about the Cisco TelePresence VCS product line, please visit http://www.cisco.com/go/vcs or contact your local Cisco account manager.