Voice and video in the extranet for anonymous access

Topology for IBM® Sametime® deployment of voice and video in the extranet for customers with anonymous access.

Choose this deployment when you want to use IBM Sametime to collaborate with unauthenticated customers and business partners. You want to make it easy for customers by not requiring them to authenticate or install a client application.

You deploy a separate instance of the required servers in the DMZ. While it is possible to enable unauthenticated access to your intranet servers, that deployment is not secure and not recommended. If you do allow access to internal servers, use the Voice and video in the extranet for employees without VPN deployment but enable the anonymous authentication as described in Configuring anonymous authentication in the SIP Proxy/Registrar. This way the guest user is still authenticated but its not the same as from the internal directory. In this deployment employees can access either set of servers intranet or extranet.

Components required:
  • Two Sametime Media Managers
  • Two Sametime Meeting Servers
  • Two Sametime Community Servers
  • Two Sametime Proxy Servers
  • Sametime TURN Server

The graphic that follows shows how you can create a secure deployment of voice and video services outside the intranet for external, anonymous access.

The following components are deployed in the intranet:
  • LDAP Server
  • DB2® Server
  • Sametime Community Server
  • Sametime System Console
  • Sametime Proxy Server
  • Sametime Meeting Server
  • Sametime Media Manager
    • SIP/Proxy Registrar
    • Conference Manager
    • Sametime Video Manager Server
    • Sametime Video MCU
The following components in the graphic are deployed in the DMZ:
  • Sametime Proxy Server
  • Sametime Community Server
  • Sametime Meeting Server
  • Sametime TURN Server
  • Sametime Media Manager
    • SIP Proxy/Registrar
    • Conference Manager
    • Sametime Video Manager Server
    • Sametime Video MCU

The following protocols and port numbers are used between the components:
  • Sametime Community Server in the intranet to Sametime Proxy Server in the DMZ: TCP 1516
  • TCP 5080 / TLS 5081
  • LDAP and Sametime Media Manager: TCP 389 or 636
  • Sametime Community Server and Sametime Proxy Server: TCP 1516
  • Sametime Community Server and Sametime Media Manager: TCP 1516
  • DB2 in the intranet and Sametime Proxy Server and Sametime Meeting Server in the extranet: TCP 50000 or 50001
  • Internal client and Sametime Community Server: VP 1533
  • Internal client and Sametime Meeting Server: TCP 80 or 443
  • Internal client and Sametime Proxy Server: TCP 80 or 443
  • External client to Sametime Meeting Server: TCP 80 or 443
  • External client to Sametime TURN Server: TCP or UDP 3478
  • External client and Sametime Proxy Server: TCP 80 or 443
  • Internal client to Sametime Media Manager in the intranet:
    • UDP bidirectional - 40000 to 49999 (both audio and video)
    • UDP bidirectional - 20830 to 20930 (both Audio and Video)

Voice and video deployed in the extranet with anonymous access