Planning for Media Manager services

This topic provides an overview of peer-to-peer and n-way voice and video communication in IBM® Sametime®. It describes the Sametime servers and server components, and third party components, used in voice and video.

Audio and video components

The Sametime Media Manager is comprised of four server components. These servers are required components of the Sametime Media Manager, and must be installed:
SIP Proxy/Registrar
Manages location services and forwards SIP messages to their destinations. The Sametime SIP Proxy/Registrar maintains the registry between all users and their location, and maintains the registration of conferences. The SIP Proxy/Registrar routes all SIP messages inside Sametime. Every voice or video message to a user goes through the SIP Proxy/Registrar. The following components know to consult the registrar: Sametime Media Manager, SIP-based calling, and Sametime Unified Telephony. It requires access to LDAP.
Conference Manager
Administers all conferences, including point-to-point and multipoint. The Sametime Conference Manager works with the client to establish a SIP session for the call. It also hosts the internal Telephony Conferencing Service Provider Interface (TCSPI) adapter and an optional external TCSPI adapter. The TCSPI integrates with the Video MCUs and bridges. The Conference Manager works with the client to establish the SIP session for the call. The Conference Manager manages the state of audio and video calls. All audio and video features, both one-to-one A/V chat and multi-way A/V chats, depend on this component.
Video Manager
Distributes audio and video communications among the servers within a Sametime deployment according to routing rules that you define. The IBM Sametime Video Manager manages the scaling and distribution of audio and video conferences, through MCU pools and cascading. It also manages attributes for conferences, such as maximum line-rate, and the following tasks:
  • Multi-way audio and video conferencing (requires Sametime Conference Manager)
  • Multimedia transport and bandwidth control
  • Call server routing based on dial plan
  • Creates meeting rooms based on template

The Video Manager cannot be clustered, but you can have multiple servers with a load balancer in front. The Video Manager must be installed on a dedicated server.

Video MCU
Serves as the focal point for audio calls by connecting multiple users to a single conference. The Sametime Video MCU enables multi-way, audio and video conferences with continuous presence and multiple client layouts. It serves as a switch for scalable audio- and video-streams, delivering to different clients the streams that have been requested. It's not used for one-to-one sessions. This server cannot be clustered, but you can have multiple servers with a load balancer in front. The Sametime Video MCU must be installed on a dedicated server.
The Sametime Media Manager work with the following Sametime servers:
  • Sametime Bandwidth Manager: Optimizes bandwidth by calculating the call route for each call as it is initiated, and reserving the required bandwidth for the duration of that call. If sufficient bandwidth is not available, the call is either modified (through codec, bandwidth, or media reduction), or it is not allowed and the user is presented with a "resources in use" message. You can create policies that assign default bandwidth settings for users.
  • Sametime TURN Server: Directs client audio and video communications across a NAT (Network Address Translator) or firewall when direct peer-to-peer communications are not possible.
Use of the Sametime Bandwidth Manager and the Sametime TURN Server is optional.
The graphic that follows shows how the Sametime Proxy Server, Sametime Community Server, the Sametime Meeting Server, and the Bandwidth Manager can be deployed with the Media Manager, and the protocols used for server-to-server communication. The following servers are deployed:
  • Sametime Community Server
  • Sametime Proxy Server
  • Sametime Meeting Server
  • Sametime Media Manager:
    • Sametime SIP Proxy/Registrar
    • Sametime Conference Manager (with TCSPI adapter)
    • Sametime Video Manager
    • Sametime Video MCU
  • Sametime Bandwidth Manager
The following protocols are used between components:
  • LDAP and Media Manager: TCP
  • Community Server and Sametime Proxy Server: TCP
  • Community Server and Media Manager: TCP
  • Bandwidth Manager and Video Manager
  • Internal client and Community Server: VP
  • Internal client and Meeting Server: TCP
  • Internal client and Sametime Proxy Server: TCP
  • Internal client and Video Manager and SIP Proxy Registrar: UDP

Sametime servers deployed with the Media Manager and protocols used
Note: For information about audio and video network bandwidth requirements, see the article Sametime 9 Audio and Video Network Bandwidth Requirements.

How calling with audio and video works in Sametime

Calling with audio and video in Sametime uses either peer-to-peer for one-to-one messages, or the Media Manager and the Meeting Server for multi-way conversations.

In peer-to-peer communication, at login, a user's information goes to the SIP Proxy/Registrar component to establish identity and location. The SIP Proxy/Registrar is effectively a digital PBX that answers the questions who's available, who can I call, and who's calling me.

Users can send a SIP invite request to SIP Proxy/Registrar. For example, Alice sends information via the Session Description Protocol (SD) about her IP and port number and what type of call she wants to have. Bob receives the invitation, and determines what hardware he has that can support the call. Bob replies with his SDP and port number. The call begins with the media stream now flowing peer-to-peer through IPs and ports negotiated. Peer-to-peer is ideal for two-way messaging because there's less network latency when an intermediary server is involved.

What about conference calls with more than two people? A conference requires the Meeting Server. Each user contacts the Meeting Server to initiate a SIP invitation with the server. The Conference Manager (another component of the Media Manager) figures out who's on which calls. Once connected, each user begins a media stream to the Video MCU. The Video MCU sends these streams to all participants in the conference. All the media traffic goes through the Video MCU.

NAT challenges

One of the challenges for audio and video is when they have to go through a Network Address Translation (NAT) device. NAT hides the network topology, NAT adds security, and allows the connection of many internal addresses using a few IP addresses. There are many types of NAT. In Sametime, a client connects to a server from one IP address, and the server sees the request from a different IP address because of IP address allocated by the NAT device. Each user will have different IP addresses but the server will see them as the same.
  • The SIP REGISTER request contains the private address. If the SIP Proxy/Registrar tries to send SIP messages to that private address, it will fail.
  • The SDP includes the private address. If the peer will try to send a media stream to that private address, it will fail.
In addition, clients may have additional IPs such as a VPN when connecting from home. They will have two addresses, their local address as well as the address allocated to them by the corporate network. This is an issue for A/V because the SDP includes only a single IP address. Which IP address should the client include in the SDP? It may be that the address included is not reachable from the peer.

Another challenge to A/V is the DMZ firewalls. The DMZ adds security to the organization's network by preventing outside users from connecting to inside network. This is another layer of routing that needs to be traversed to get to users in the network.

Supported fixed bandwidth codecs

Audio codecs
  • SAC (Siren-LPR Scalable)
  • Siren-LPR
  • G.722.1C
  • G.722.1
  • G.711
Video codecs
  • H.263
  • H.264
  • H.264-SVC (Scalable Video Codec)

Audio and video uses either UDP or TCP protocols for transport. What's the difference between the protocols TCP and UDP? TCP is what networking people call a reliable connection. It's mathematically reliable. UDP is not acknowledged. With UDP, there's no authentication or reliability, no guarantee that the packets get to the target. Most audio and video codec use UDP. When your routers are congested, and router use is 95%, the router will drop packets. It will drop UDP packets first by design. UDP is more sensitive to network conditions and latency. TCP will say I didn't get that and will you send it again. UDP is commonly used because it's thousands and thousands of packets. UDP is about 2 bytes so a loss is not as bad.

Clients and other components used in audio and video

Sametime Clients

Clients connect via SIP and data stream data via UDP.
  • Sametime Connect Client
  • Sametime Embedded Client
  • Rich meeting client or browser-based client
  • Mobile client

Other components

Edge Servers are bridges between different network zones that need to be properly placed.
HTTP Reverse Proxy Server
The HTTP Reverse Proxy Server is not something that Sametime provides, but it is required for all HTTP clients to get from outside the firewall to inside the network
Community Mux
A Mux server is a multiplexer that can significantly increase the number of connections to the Community Server.
IBM SIP Edge Proxy Server
The SIP Edge Proxy Server acts as a relay between clients and the SIP Proxy/Registrar in Media Manager. When clients first register, they register with the SIP Edge Proxy Server. This connection becomes persistent. The client then connects to the SIP Proxy/Registrar through the SIP Edge Proxy Server. The SIP Edge Proxy Server supports SIP Outbound to ensure that outgoing messages get delivered over existing connections whenever available.
TURN Server
The TURN server has two main functions: assist the client in finding its public, visible (NAT'ed) address, and provide an extension to the client, a relay, in a different network when peer to peer communication is not possible. The TURN Server is compliant with the Interactive Connectivity Establishment (ICE) procedures defined by the IETF. These procedures allow two endpoints to discover the most efficient path for media, which may sometimes be through a relay. The two endpoints can either be two clients, or a client and a server.
Note: You need a TURN server in the DMZ if your external users need to cross a firewall or NAT to access the Sametime Media Manager to provide audio or video for meetings participants. See Planning TURN services to traverse NAT.

The following graphic shows an edge server deployment made up of Sametime servers behind a firewall in the intranet. The Sametime Proxy Server, WebSphere® HTTP Proxy Server, TURN Server, and the IBM SIP Edge Proxy Server are in the DMZ for access by external and internal clients.

The following components are deployed in the intranet:
  • LDAP Server
  • DB2®
  • Community Server
  • Sametime System Console
  • Meeting Server
  • Media Manager
The following components are deployed in the DMZ:
  • Sametime Proxy Server
  • WebSphere Proxy Server
  • Sametime TURN Server
  • IBM SIP Edge Proxy Server
The following protocols and port numbers are used between components:
  • LDAP and Community Server: TCP 389 or 636
  • LDAP and Media Manager: TCP 389 or 636
  • Community Server and Sametime Proxy Server: TCP 1516
  • Community Server and Media Manager: TCP 1516
  • Sametime Proxy Server to Apple Push Notification Service: TCP 2195, 2196
  • Internal client and Community Server: VP 1533
  • Internal client and Meeting Server: TCP 80 or 443
  • Internal client and Sametime Proxy Server: TCP 80 or 443
  • Internal client and TURN Server: TCP or UDP 3478, UDP 49152 to 65535
  • External client and WebSphere Proxy Server: TCP 80 or 443
  • External client and TURN Server: TCP or UDP 3478
  • External client and Sametime Proxy Server: TCP 80 or 443
  • Internal client to Media Manager in the intranet:
    • TCP 5080 / TLS 5081
    • UDP bidirectional - (both audio and video)
      • 40000 to 49999 UDP - (Starting with S9 GA until OpenSSL Security Bulletin released in September, 2015)
      • 49152-59151 UDP - (Starting with OpenSSL Security Bulletin released in September, 2015)
    • UDP bidirectional - 20830 to 20930 (both Audio and Video)

Edge server deployment showing Sametime servers behind a firewall and edge servers in the DMZ, accessible by internal and external clients.
SIP-based calling (formerly called Sametime Unified Telephony Lite)
  • SIP-based calling allows users to make and receive SIP-based phone calls from their installed Sametime clients with a third party audio/video bridge.
  • This feature does not include incoming call routing, device hand-off, and so on.
  • It relies on the Media Manager. No new servers required. Configure SIP trunks from the SIP Proxy/Registrar component.
The following graphic shows a SIP-based calling deployment where users can make SIP-based phone calls from their installed Sametime clients. It shows a client connecting to the Community Server, which connects to the Conference Manager. The SIP Proxy/Registrar and the client are both connected to the Audio/Video Bridge.
Deployment showing SIP-based calling