[unisog] h.323 Gatekeeper/proxy vs. direct dial to units
Kim.Cary at pepperdine.edu
Wed May 30 15:18:38 GMT 2007
Hi UNISOG colleagues,
We're ramping up our h.323 video conferencing usage here. Our current
setup is an h.323 gatekeeper/proxy. An external client enters our
gatekeeper IP into their software or video conference station, then
dials a specified h.323 number. Bing! All their traffic goes through
the gatekeeper/proxy and then to our inside endpoint.
I certainly prefer to have a single IP to watch for this kind of
traffic and not to have to poke inbound holes in the firewall all
over user space to allow inbound calls (which I view as not only poor
security but a potential for a service disaster).
Gatekeeper/proxy is also very handy in that the majority of our VC
stations currently are mobile. The station changes subnets and gets a
new IP address, then registers with the gatekeeper and its h.323
number remains constant, so its reachable wherever it goes. I'm
guessing we'll get profs with webcams wanting to conference with
students shortly (you have any of that type of use?) and it seems
like a gatekeeper/proxy is the best choice there, too.
We have a couple missing pieces at this point: published instructions
and a directory of public conference station h.323 numbers, but our
director of academic client services is working on that.
That said there's some debate here about whether requiring an inbound
caller to enter a gatekeeper address is too much of a barrier to
How do your institutions balance the risk/service equation for video
conference? How much is requiring a gatekeeper for inbound callers a
barrier to service?
Thanks for your views!
Dr. Kim Cary, CISSP
Information Security Officer
M-F 7-4 ~ 310 506 6655 ~ PCC 218
More information about the unisog