VidyoDesktop, Proxy setting and Institutes Firewalls

Dear All,

In the last (several) weeks, we observed a firm and enormous increase on the connections over the Vidyo Proxy component of the Vidyo routers on the Vidyo CERN/LHC network. The increase was so significant that some of the routers got the proxy overloaded, preventing users from connecting normally to meetings.

For information, the proxy connection setting that can be activated manually (under Configuration-Network) on the VidyoDesktop, tunnels audio/video traffic through TCP 443, to be able to overcome firewalls that are not configured with the standard set of ports of normal client operation. 

This solution is intended to be a workaround only to allow users to be connected to meetings where otherwise they would be disconnected due to strong firewall policies, firewall timeouts or other reasons due to the absence of central firewall configuration for Vidyo Desktops.

As a consequence, the overall user experience decreases a bit if used (there can be some artifacts on video), but it allows the user to follow and connect to the meeting in that given moment. 

However, and more importantly, If overused (or used by default and systematically), the result is the opposite: due to the overloading, it prevents the connection or even the authentication in case of strong overload, instead of allowing them. 

Priority should remain connecting via the standard connection (without proxy enabled), where the architecture and capacity deployed is balanced and setup as necessary.

We are working with Vidyo to be able to enhance the functionality in order to have some more intelligence added to the feature in order to better balance it and more importantly to enable it/disable it automatically in function of the need. 

This said, in the meantime, and to avoid the last issues observed where some users were not able to connect, we would like to highly recommend the following:

1) When connecting from a given location (Institute, hotel, home, conference center, etc,), you can enable the Vidyo Proxy if you experience random disconnections (specifically with the message “Connection to the Vidyo router lost” as a workaround for that given meeting. 

In case of your home institute (or location from where you are connecting most of the time), the biggest priority should remain contacting your network admin and provide him with the set of ports to be opened for standard Vidyo operation:

http://information-technology.web.cern.ch/services/fe/vidyo/info/firewall-configuration-vidyo-desktop (link can be found at the "Additional Information section on http://cern.ch/vidyo service pages)

If you prefer, please contact us at vidyo-support@cern.ch with the network admin teams address of your Institution and we can contact them and provide the necessary information.

Once the firewall is properly configured, please untick the proxy setting.

2) If you are connecting from LHC main Institutes and Laboratories (CERN, BNL, FNAL, MPI, IN2P3, Desy are some examples) please do not enable the proxy setting. These locations have the firewalls properly configured, many of them have CERN Vidyo routers running on their networks and so by enabling the proxy setting, one is just overloading it unnecessarily and even if not always, in some cases, decreasing the overall user experience.

3) Please remove the proxy setting, whenever you moved from a “firewall not configured” location/network to a “firewall configured” one. From a given location/network, if dont experience dropouts with the proxy not set, that location has the firewall properly configured (or no firewall at all).

Should you have questions on this matter, please send us a note on vidyo-support@cern.ch.

Thank you in advance for your collaboration on this topic.

Best Regards,

Joao

CERN IT

You are here