London :   
Product Locator :   
 Home>Video Networking >TANDBERG Border Controller
video networking left menu


Sales
0118 9740125





TANDBERG Border Controller
 
TANDBERG Border Controller
  
 
TANDBERG MCU
Authorised Reseller
  
 

As part of the TANDBERG Expressway firewall traversal solution, the TANDBERG Border Controller is designed to simplify dialing and firewall traversal for all H.323 devices.

  
 
Choose an option.....
 
 
 
 

Firewalls, a word synonymous with the Internet and as such, the applications we try to use over it, particularly communications. With connections to the Internet increasing every day, the world’s largest network is getting bigger and bigger.

Firewalls provide two important functions to the user: firstly, they prevent access from the public Internet to your private PC or network. Secondly, many firewalls offer a feature called NAT (Network Address Translation) that allows you to have only one IP address on the public Internet whilst having as many as you wish on your own private intranet.

Firewalls are therefore the heart of your network security policy, and changing the policies used on these systems to allow certain ‘extra’ capabilities is often a dangerous occupation for the uninitiated, and most circumstances will result in a strong word or two from the network managers.

With the proliferation of video and voice over IP however, firewalls have become a major obstacle. If you bypass it, using some form of proxy, then you leave yourself with a possible vulnerability to the outside world. If you try to alter the rules of operation of the firewall to allow video and audio traffic, once again, you increase your exposure to the outside.

Additionally, of course, with a NAT firewall, incoming calls can only address the public IP – trying to find the private IP behind the firewall is difficult and if you provision things to allow this, such as opening “pin-holes” in the firewall, are likely to create yet another vulnerability.

  
 

From the network manager’s perspective IP video and firewalls don’t mix for two good reasons: firstly, real time protocols such as H.323 and SIP assign ports dynamically.

Consequently to pass IP video, all the ports above 1024 need to be open which, of course, significantly compromises the integrity of the network.

 
Port Type Assignment
1719 Static TCP Gatekeeper RAS
1720 Static TCP H.323 Call Setup
1731 Static TCP Audio Call Control
1024 - 64K Dynamic TCP H.245 (Call Parameters)
1024 - 64K Dynamic UDP RTCP (Control Information)
1024 - 64K Dynamic UDP RTP (Video Data)
1024 - 64K Dynamic UDP RTP (Audio Data)

Secondly, in order to make a call to an IP voice or video endpoint behind a firewall (setting aside the problems with NAT for the time being!) requires that the firewall is open for inbound connections.

Once again this compromises the integrity of the network and is something which most good network managers will strongly resist.

This is where TANDBERG's EXPRESSWAY™ comes in. Expressway is the core technology behind TANDBERGs Border Controller. TANDBERG Expressway overcomes the firewall and NAT problems without requiring changes to your security policy. TANDBERG Expressway also provides end-to-end voice/video connectivity regardless of IP addresses.

The key to how TANDBERG's Expressway works is the client/server model.

There are two main parts to TANDBERG Expressway: the Server software, which resides on a publicly addressable server on the network (the TANDBERG Border Controller), and the Client software that reside in the private network (built into MXP endpoints, and the TANDBERG Gatekeeper for non-MXP endpoints or third party endpoints).

 
TANDBERG EXPRESSWAY
In the public domain a TANDBERG Border Controller is installed on a high bandwidth pipe. The bandwidth to the server is very important, as all video/audio traffic passes through the server on its way to the destination. Therefore, a 384K videoconference between two remote sites requires 384K x 2 (768K) + IP overhead on a full duplex pipe. The Border Controller, together with its onboard gatekeeper application is the key to the functionality of the system.

When a Client is connected to the network, it registers to the Border Controller with an E.164, H.323 Alias or ULI (xxx@company.com). The connection occurs through the firewall on the Gatekeeper Registration (RAS) port 1719. It is important to note here that the connection is ‘outbound’, allowing systems on the private network to be uniquely recognised by the Server.

TANDBERG EXPRESSWAY

When a call is made from outside the firewall, the calling system (which must be registered to the TANDBERG Border Controller) sends an Admission Request containing the E.164, H.323 Alias or ULI of the local system. As these addresses are mapped internally by the TANDBERG Border Controller, the TANDBERG Border Controller is now able to initaite a call with the local system behind the firewall by communicating on the already established session on port 1719.

Subsequently, the call setup, negotation and media transmission are established over IANA registered ports 2776 (RTP & Control) and 2777 (RTCP).

 

Call from TANDBERG MXP B (Remote Domain) to TANDBERG MXP A (Local Domain) via Border Controller

TANDBERG EXPRESSWAY
 
 
Features
 
 
  • Appliance-based architecture allows for easy deployment and high reliability
  • Designed to work with any H.323 device
  • Designed to work with any firewall
  • Full multi vendor support
  • Secure and reliable
  • 1U rack mountable
  • Easy setup and installation
  • Automatic registration of ExpresswayTM-enabled H.323 devices
  • Traverse any number of firewalls
  • Uses only solid state memory for high reliability
  • Supports up to 100 registered devices and 20 concurrent calls
  • Allows URI dialing for massive scalability
  • HTTPS, SSH, and SCP for secure management
  
 
Technical Specifications
 
 

Model: TANDBERG BORDER CONTROLLER

Architecure
Secure appliance based architecture
Flash memory (diskless and no hard drive)
ITU-T H.323 v5 compliant
ITU-T H.225 v4 compliant
TANDBERG Expressway Technology
H.323 v5 Annex O (for DNS dialing support)
H.460.18/.19 compliant
H.460.18 client proxy support
Supports H.460.19 multiplexed media

Reliability
Registrations survive system restart
Fast start-up time
Border Controller process recycling within seconds
H.225 Alternate Gatekeeper Support

Security
Secure Management with HTTPS, SSH, and SCP
- Secure File Transfer
- Inactivity Timeout
Can lock-down IP services
Authentication required on HTTP(S), Telnet, SSH, SCP, and serial port
Compatible with H.235 v2 and v3 enabled H.323 devices
H.235 Authentication support

Management
Supports industry standards such as RS-232, Telnet, HTTP(S), XML, SNMP, SCP, and SSH
Embedded setup wizard on serial port for initial configuration
Management support through TANDBERG Management Suite 9.5 or newer
Advanced management support and configuration with
TANDBERG Management Suite 11.0 or newer
Call logging and diagnostics
Support for logging to a syslog server
Local time zone aware

Call Control and Registrations
Supports manual registration of Expressway enabled endpoints and API call control
Supports H.225/Q.931, H.245 call control routed mode
Registration of H.323 ID, E.164 aliases and services
Supports Unicode (UTF-8) registration for global implementation
Initiate, disconnect and transfer H.323 calls from the Border Controller API interface
URI Dialing
Up to 100 traversal calls
Up to 100 services for a single device
Up to 500 registered Expressway Devices
Direct call signaling between neighbored border controllers and gatekeepers
Call Policy Management (RFC 3880)

 

 

 

Zone Control
Supports Remote Zone monitoring
Supports Remote Zone redundancy
Supports up to 100 neighboring Border Controllers and gatekeepers
Up to 50 traversal zones
Supports sub-zone area definition for bandwidth management
Flexible zone configuration with named zones and default zone
Supports forwarding of requests to neighboring border controllers and gatekeepers
Can disable automatic discovery and forwarding of LRQ’s
Registration Control (open, specifically allow, specifically deny)

Bandwidth Management
Interzone — definable call by call
– Max bandwidth per call
– Max aggregate bandwidth for all neighboring zones
Intrazone — definable call by call
– Max bandwidth per call
– Max aggregate bandwidth
Auto downspeeding if call exceeds per-call maximum
Gateway load balancing (requires TANDBERG Gateway running software version G3.0 or later)

Interfaces
3x LAN/Ethernet (RJ-45), 10/100 Base-TX port
2X RS232 DB-9 (front + rear)
1x USB (rear)

Power
Auto-sensing 250W (Max) power supply
90–264V AC full range @ 47–63Hz

Cooling System
Two 40mm fans for system cooling

System Control and Indications
1x Power LED
1x Power on/off switch (rear)
3x Act/Link/10/100 LEDs on RJ-45
3x Act/Link/10/100 LEDs on RJ-45

Network
Supports DNS Addressing
Supports IPv4 and IPv6 simultaneously
Provides IPv4/v6 Translation Services

Approvals
Directive 73/23/EEC (Low Voltage Directive)
– Standard EN 60950
Directive 89/336/EEC (EMC Directive)
– Standard EN 55022, Class A
– Standard EN 55024
– Standard EN 61000-3-2/-3-3
Approved according to UL 60950 and CAN/CSA C22.2 No. 60950
Complies with FCC15B Class A

Dimensions
426(W) x 228.6(D) x 43.5(H) mm (16.8" x 9" x 1.72")
1U rack-mount chassis

Environment
Operating temperatures: 0° C to 40° C (32° F to 104° F)
Storage temperatures: -20° C to 80° C (-4° F to 140° F)
Relative humidity: 10% to 90% (Non-condensing)

Certification
LVD 73/23/EC
EMC 89/366/ECC
 
VideoCentric is a TANDBERG Authorised Reseller
   
 
 
Quick Links