VPNs
VPNs and Video Conferencing
If you have devices connecting back to your corporate network, you will need to look at the configuration when using SimplyVideo, as well as other video services.
If you are using a split tunnel VPN for the lower bandwidth requirements, this will affect the way our service works.
When using a split tunnel to access SimplyVideo or if you're joining with WebRTC (browser based conferencing), it is highly likely the HTTPS traffic (port 443) will be sent down the VPN tunnel, but the media ports will be allowed to punch out of the local/home network to the internet, or the reverse. This will cause the user to experience some or all of the following issues:
A black screen (can’t see video one or both ways)
Audio issues (either no audio, or it's just one way)
You will be able to see the user in the participant pane and only message between each other.
This causes issues with the signalling, media and other traffic are taking different routes to us, and therefore arrive at different times. This, in effect will stop the call working.
What is a split tunnel?
When you split tunnel a VPN on a remote device, you are splitting your ethernet traffic between what goes to and from your company's network, and what is allowed to reach the internet from the local internet connection.
The reason for using split tunnelling VPN is to simply give your users the ability to do their jobs from a remote location, while punching out traffic like SkyGo or Netflix through their local internet.
Using a split tunnel VPN ensures business data and corporate access is secure and any non critical data or other usage is kept off the organisation's network.
Here is a diagram below to show you:
There are pros to this, but inevitably there are a lot of cons:
Pros:
Split tunnelling the corporate data directly reduces the bandwidth needed
Corporate data is secured through IPSEC connectivity
Device and software updates can come through the IPSEC connection
If you have cloud services, those will flow out of the internet connection and not go through the corporate network.
Cons:
Web activity goes out of the internet and does not get inspected by the corporate network unless you have an advanced VPN client
Port scans can still happen to the laptop as it sits in on open Wi-Fi connections (McDonalds, motorway service stations etc.)
The device is open to exploits enabling potential access, and the ability to drop Malware and/or Spyware on the device
No change on the laptop attack surface except all traffic is encapsulated in an IPSEC tunnel.
Full VPN
In a full VPN, (Also known as a SSL VPN) connection ALL traffic goes back through the corporate firewall including your Netflix/SkyGo etc.
We have given you another digram to help visualise things:
VPN With SimplyVideo
We don't mind which VPN you choose for your organisation and we will work with both, however if using a split tunnel, you will need to choose one of the following:
Allow all media ports coming back to us (see Firewall ports and network requirements page) through your VPN.
Make sure our domains bypass your VPN completely (please see our security documentation for how we encrypt and secure traffic)
If you are using a full VPN, you will need to make sure all firewalls used for VPN access and en route through your DMZ have the correct ports open.
Any questions, just ask!
If you have devices connecting back to your corporate network, you will need to look at the configuration when using SimplyVideo, as well as other video services.
If you are using a split tunnel VPN for the lower bandwidth requirements, this will affect the way our service works.
When using a split tunnel to access SimplyVideo or if you're joining with WebRTC (browser based conferencing), it is highly likely the HTTPS traffic (port 443) will be sent down the VPN tunnel, but the media ports will be allowed to punch out of the local/home network to the internet, or the reverse. This will cause the user to experience some or all of the following issues:
A black screen (can’t see video one or both ways)
Audio issues (either no audio, or it's just one way)
You will be able to see the user in the participant pane and only message between each other.
This causes issues with the signalling, media and other traffic are taking different routes to us, and therefore arrive at different times. This, in effect will stop the call working.
What is a split tunnel?
When you split tunnel a VPN on a remote device, you are splitting your ethernet traffic between what goes to and from your company's network, and what is allowed to reach the internet from the local internet connection.
The reason for using split tunnelling VPN is to simply give your users the ability to do their jobs from a remote location, while punching out traffic like SkyGo or Netflix through their local internet.
Using a split tunnel VPN ensures business data and corporate access is secure and any non critical data or other usage is kept off the organisation's network.
Here is a diagram below to show you:
There are pros to this, but inevitably there are a lot of cons:
Pros:
Split tunnelling the corporate data directly reduces the bandwidth needed
Corporate data is secured through IPSEC connectivity
Device and software updates can come through the IPSEC connection
If you have cloud services, those will flow out of the internet connection and not go through the corporate network.
Cons:
Web activity goes out of the internet and does not get inspected by the corporate network unless you have an advanced VPN client
Port scans can still happen to the laptop as it sits in on open Wi-Fi connections (McDonalds, motorway service stations etc.)
The device is open to exploits enabling potential access, and the ability to drop Malware and/or Spyware on the device
No change on the laptop attack surface except all traffic is encapsulated in an IPSEC tunnel.
Full VPN
In a full VPN, (Also known as a SSL VPN) connection ALL traffic goes back through the corporate firewall including your Netflix/SkyGo etc.
We have given you another digram to help visualise things:
VPN With SimplyVideo
We don't mind which VPN you choose for your organisation and we will work with both, however if using a split tunnel, you will need to choose one of the following:
Allow all media ports coming back to us (see Firewall ports and network requirements page) through your VPN.
Make sure our domains bypass your VPN completely (please see our security documentation for how we encrypt and secure traffic)
If you are using a full VPN, you will need to make sure all firewalls used for VPN access and en route through your DMZ have the correct ports open.
Any questions, just ask!
Updated on: 20/01/2022