Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA
Unified Communication Design and Implementation with Advance Encryption Standard using Polycom and Skype for Business LA-UR-18-21589 Boubacar Coulibaly, bcoulibaly@lanl.gov Tim Hammock, thammock@lanl.gov May 01, 2018 Operated by Los Alamos National Security, LLC for the U.S. Department of Energy's NNSA LA-UR-18-21589
Unified communication design and Implementation with Advance Encryption Standard using Polycom and Skype for Business Unified communication is a complicated issue when encrypting communication data with Advance Encryption Standard (AES) Polycom Videoconferencing provides a great HD video and content collaboration for large conference room but it is not easy to interact with Desktop users with the same HD video and content sharing quality. Polycom and Skype for Business integration increases video adoption in multi-vendor video environments with AES and HD quality. To bring Skype for Business or any other desktop users to Polycom video conference meeting we need to transcode the communication by using Polycom real connect servers and build a trust application pool between Polycom core infrastructure and the Skype for Business front end server. This presentation will show how a secure unified communication has significant benefits for improving group collaboration and breaking down the distance barriers. 6/13/2018 3
Current Video Conferencing technology use at LANL FIPS 140-2 FIPS 140-2 6/13/2018 4 6/13/2018 4
Why Unified Communication? Technology Description Concerns FIPS 140-2 can be used both as a local collaboration space and also for videoconferencing with remote sites conferences are limited to rooms equipped for conferencing FIPS 140-2 federated between LANL and multiple Laboratories currently does not have the ability to connect to LANL video conference rooms and take advantage of Polycom VTC s enhanced presentation tools cloud based platform mostly used for desktop video and audio conferencing cannot be integrated into LANL VTC rooms or with Skype cloud based platform does not have the ability to connect to Skype or WebEx Integration of our existing VTC systems with Skype for Business/Lync will enable impactful collaboration across disparate devices for internal and external users, customers and prospective clients. With it we will be able to communicate spontaneously and fully with Advanced Encryption Standard (AES) at both ends. 6/13/2018 5
Call Types and Protocols Technology Audio Visual Content Sharing Supports (H.323, SIP, ISDN) (SIP) (SIP) (H.323, SIP, ISDN) 6/13/2018 6
Polycom Video Conferencing Approved for Unclassified Video Conferencing Polycom Unclassified Video Conferencing ensures that all unclassified protected and unclassified mandatory protected A/V Communication uses: Advance Encryption Standard (AES 128) for external & Internal calls. Protocol H.323, SIP, ISDN Content sharing High Definition 6/13/2018 7 6/13/2018 7
Current Unclassified Video Conferencing 6/13/2018 8
Proposed Unclassified Video Conferencing with AES Encryption on Both Sides 6/13/2018 9
Polycom videoconference room design Ceiling Speakers Ceiling & Table Mics Document Sharing 6/13/2018 10 6/13/2018 10
WebEx videoconferencing room 6/13/2018 11 6/13/2018 11
Skype for Business/Lync videoconferencing room 6/13/2018 12 6/13/2018 12
Current Design for Polycom Videoconferencing: FIPS 140-2 Compliant 6/13/2018 13 6/13/2018 13
New Unified Communication Design FIPS-140-2 Compliant 6/13/2018 14 6/13/2018 14
Phase 1, Testbed Testing Phase 1 testing We added 4 VM servers on IOD and resource manager. We created a test users account on Exchange, Active Directory and Skype for Business The communication was established between the DMA, Polycom content connect server and Skype for Business front end pool on test beta environment The testing was done between the new servers, Resource Manager, the Lync testbed, Polycom RMX, DMA and the Real Presence Web Suite. The DMA and RMX is part of the production Polycom unclassified conferencing. The DMA was used as a gatekeeper for the Polycom VTC system. The testing didn t allow any Lync traffic outside the DMA to any Skype for Business end point or to the RMX bridge. The testing took place only with the skype testbed devices. Phase 1, Testing was completed. 6/13/2018 15 6/13/2018 15
Phase 2, Internal Network Testing Phase 2 testing was done internally, testing did not go outside LANL. Inbound calls between Polycom Endpoints and Skype for Business test users. Outbound calls between Polycom Endpoints and Skype for Business test users. Content sharing between Polycom Endpoints and Skype for Business test users Phase 2, Internal Network Testing was completed. 6/13/2018 16 6/13/2018 16
Phase 3, Testing in Production Once Phase 2 testing was completed, the rest of testing was done in production with both internal and external users Inbound & Outbound calls between Polycom and Skype for Business users Content sharing between Polycom and Skype for Business test users Inbound & Outbound calls between Polycom Endpoints, Skype for Business and external users Content sharing between Polycom Endpoint, Skype for Business and external users Phase 3, Testing was completed. 6/13/2018 17 6/13/2018 17
Production Testing Dry Run The Meeting was initiated through Outlook and sent to the participants. The meeting was initiated through Outlook and sent to participants Tim Hammock dialed in via H.323 from the Polycom endpoint in 60-0175-104 Joey Romero dialed in via SIP from a Mac, a Windows PC, and Linux Justin Skliar dialed in via SIP from a Windows PC and Linux Ken Lawrence dialed in via H.323 from a Polycom Portable VTC unit dial Karl Pommer dialed in via SIP from a Windows PC and Polycom Phone Shawn Wallin dialed in via SIP from a Windows PC Boubacar Coulibaly dialed in via SIP from a Windows PC 6/13/2018 18 6/13/2018 18
Devices tested Call Types Devices Pass/Fail H.323 Polycom HDX 9000 SIP Windows 10 PC SIP Windows 7 PC SIP Mac OSX 10 SIP Red Hat 7 SIP Centos 7.3 SIP Polycom Phone H.239 Elmo P10HD Visual Presenter Document Camera All participants were able to join the meeting with audio and video successfully. 6/13/2018 19 6/13/2018 19
Content Sharing All the following participants were able to share content successfully: Tim shared content from a document camera and Windows PC Justin shared content from a Windows PC and Linux Shawn shared content as an external user from a Windows PC Boubacar shared content from a Windows PC Joey shared content from a Mac 6/13/2018 20 6/13/2018 20
Conference calls between Polycom endpoint and Lync/Skype users Call Types Polycom Skype Polycom & Skype Internal Users Skype for Business External Users Pass/Fail H.323 AES 128 AES 256 SIP AES 128 AES 256 ISDN AES 128 AES 256 Audio AES 128 AES 256 Content Sharing AES 128 AES 256 H.239 AES 128 AES 256 6/13/2018 21 6/13/2018 21
Conference room view on Desktop 6/13/2018 22 6/13/2018 22
Conference room view on Desktop 6/13/2018 23 6/13/2018 23
Internal users communication use AES 128 6/13/2018 24 6/13/2018 24
External users communication use 256 AES 6/13/2018 25 6/13/2018 25
Summary of Changes Four new servers for internal integration with Lync/Skype for Business No changes on existing firewall rules. A trust application pool was built between Polycom core infrastructure and the Skype for Business front End server. AES-128 encryption was verified for any internal communication. AES-256 encryption was verified for external Skype users coming through the Skype for Business Edge server which is located inside the DMZ. February 2018 ISSM approved the new integration capability into Production. 6/13/2018 26 6/13/2018 26
Project Summary Phase 1 completed Phase 2 completed Phase 3 completed AES encryption was verified during testing Audio, video and content sharing were verified on Linux, MAC, PC, Polycom February 2018 ISSM approved the new integration capability into Production. 6/13/2018 27 6/13/2018 27
Unified Communications Road Map The VTC team will work with the Mobility team and OCIO to test integration of LANL smartphones and LANL Tablets into Polycom VTC rooms and into Lync/Skype meetings. PC & Linux LANL Smartphones Polycom Conference room LANL Tablets Mac Skype for Business/Lync videoconferencing room 6/13/2018 28
Q & A 6/13/2018 29