When configuring your network for NetMeeting, you should consider how to handle standardization requirements:
The following sections describe the specific types of products and services, including clients, servers, and gateways, that interoperate with NetMeeting. Interoperability testing is described for two International Telecommunications Unions (ITU) standards that NetMeeting currently supports: T.120 for data conferencing and H.323 for audio and video conferencing. This section also discusses the elements that make T.120 and H.323 standards-based products interoperate.
For corporate and home users, many interoperability scenarios are possible between NetMeeting and compatible, standards-based clients, servers, bridges, and gateways:
Internet Locator Server (ILS) offers a standards-based, dynamic directory solution to the user location problem on the Internet. ILS supports LDAP conferencing servers and directory servers. These server types are described in following sections.
ILS provides organizations with a directory server for NetMeeting users. Like User Location Service (ULS), which was developed for NetMeeting 1.0, ILS provides a memory-resident database for storing dynamic directory information. This database enables users to find dynamic information, such as an IP address, for people currently logged on to an Internet service or site. The ILS database maintains the entries, which clients update periodically. This process ensures that clients can always access the most current information about each user's Internet location.
The following features distinguish ILS:
For information about setting up and implementing ILS, see the Microsoft Internet Locator Server Operations Guide or its companion, the Microsoft Internet Locator Service Operations Reference.
ILS supports the IETF Lightweight Directory Access Protocol (LDAP) version 2 standard for NetMeeting directory services. LDAP servers support the same LDAP protocol, but each server extends LDAP for a particular purpose. For example, ILS applies LDAP for use with dynamic records.
LDAP version 3 designers have proposed dynamic directory services as part of the LDAP protocol. When version 3 is finalized and implemented within NetMeeting, developers can access standards information from the IETF Web site for developing compatible servers. Currently, vendors can develop interoperable servers for NetMeeting by obtaining information about the LDAP extension from Microsoft.
In addition, many people use ULS for locating and connecting to other NetMeeting users. Third-party vendors have developed many interoperable ULSs, such as uls.four11.com, which users can log on to from NetMeeting.
ILS, an optional component of IIS, supports directory servers that enable NetMeeting users to locate each other on the Internet or corporate intranets. These servers create a directory of NetMeeting users. From this directory, users can select participants for real-time conferencing and collaboration. ILS provides all of the ULS functionality, as well as introducing advanced server technology not previously available. Users can benefit from enhanced features and functions, better performance, and higher scalability to support more NetMeeting users.
Microsoft NetMeeting can be configured to work with most organizations' existing firewall security. However, because of limitations in most firewall technology, few products are available that allow you to securely transport inbound and outbound NetMeeting calls containing audio, video, and data across a firewall. You might want to consider carefully the relative security risks of enabling different parts of a NetMeeting call in your firewall product. You must especially consider the security risks involved when modifying your firewall configuration to enable any component of an inbound NetMeeting call.
A firewall is a set of security mechanisms that an organization implements, both logically and physically, to prevent unsecured access to an internal network. Firewall configurations vary from organization to organization. Most often, the firewall consists of several components, which can include a combination of routers, proxy servers, host computers, gateways, and networks with the appropriate security software. Very rarely is a firewall a single component, although a number of newer commercial firewalls attempt to put all of the components in a single package.
For most organizations, an Internet connection is part of the firewall. The firewall identifies itself to the outside network as a number of IP addresses - or as capable of routing to a number of IP addresses - all associated with DNS server entries. The firewall might respond as all of these hosts (a virtual computer) or pass on packets bound for these hosts to assigned computers.
You can configure firewall components in a variety of ways, depending on your organization's specific security policies and overall operations. Although most firewalls are capable of allowing primary (initial) and secondary (subsequent) TCP and User Datagram Protocol (UDP) connections, they might be configured to support only specific connections based on security considerations. For example, some firewalls allow only primary TCP connections, which are considered the most secure and reliable.
To enable NetMeeting multipoint data conferencing (application sharing, whiteboard, file transfer, and directory lookups), your firewall only needs to pass through primary TCP connections on assigned ports. For NetMeeting to make calls that use audio and video conferencing, your firewall must be able to pass through secondary TCP and UDP connections on dynamically assigned ports. Some firewalls can pass through primary TCP connections on assigned ports, but cannot pass through secondary TCP or UDP connections on dynamically assigned ports.
Note NetMeeting audio and video features require secondary TCP and UDP connections. Therefore, when you establish connections through firewalls that accept only primary TCP connections, you are not able to use the audio or video features of NetMeeting.
When you use NetMeeting to call other users over the Internet, several IP ports are required in order to establish the outbound connection. If you use a firewall to connect to the Internet, it must be configured so that the following IP ports are not blocked.
| This port | Is used for |
|---|---|
| 389 | Internet Locator Server (TCP) |
| 522 | User Location Service (TCP) |
| 1503 | T.120 (TCP) |
| 1720 | H.323 call setup (TCP) |
| 1731 | Audio call control (TCP) |
| Dynamic | H.323 call control (TCP) |
| Dynamic | H.323 streaming (Real Time Protocol over User Datagram Protocol) |
To establish outbound NetMeeting connections through a firewall, the firewall must be configured to do the following:
The H.323 call setup protocol (over port 1720) dynamically negotiates a TCP port for use by the H.323 call control protocol. Also, both the audio call control protocol (over port 1731) and the H.323 call setup protocol (over port 1720) dynamically negotiate UDP ports for use by the H.323 streaming protocol, which is the Real Time Protocol (RTP). In NetMeeting, two UDP ports are determined on each side of the firewall for audio and video streaming, for a total of four ports for inbound and outbound audio and video. These dynamically negotiated ports are selected arbitrarily from all ports that can be assigned dynamically.
NetMeeting directory services require either port 389 or port 522, depending on the type of server you are using. ILS, which supports LDAP for NetMeeting, requires port 389. ULS, developed for NetMeeting 1.0, requires port 522.
Some firewalls cannot support an arbitrary number of virtual internal IP addresses, or cannot do so dynamically. With these firewalls, you can establish outbound NetMeeting connections from computers inside the firewall to computers outside the firewall, and you can use the audio and video features of NetMeeting. Other people, though, cannot establish inbound connections from outside the firewall to computers inside the firewall. Typically, this restriction is due to limitations in the network implementation of the firewall.
Note Some firewalls are capable of accepting only certain protocols and cannot handle TCP connections. For example, if your firewall is a Web proxy server with no generic connection-handling mechanism, you will not be able to use NetMeeting through the firewall.
