Extending Video Communications Securely Beyond the Enterprise

Product Overview

The Cisco TelePresence ® Video Communication Server Expressway (Cisco VCS Expressway) deployed with the Cisco TelePresence Video Communication Server (Cisco VCS) enables smooth video communications easily and securely outside the enterprise (Figure 1).

Figure 1. Cisco TelePresence Video Communication Server Expressway Firewall Traversal

The Cisco VCS Expressway enables business-to-business video collaboration, improves the productivity of remote and home-based workers, and enables service providers to provide video communications to customers. The application performs securely through standards-based and secure firewall traversal for all Session Initiation Protocol (SIP) and H.323 devices. As a result, organizations benefit from increased employee productivity and enhanced communication with partners and customers.
The Cisco VCS Expressway uses an intelligent framework that allows endpoints behind firewalls to discover paths through which they can pass media, verify peer-to-peer connectivity through each of these paths, and then select the optimum media connection path, eliminating the need to reconfigure enterprise firewalls.
The Cisco VCS Expressway is built for high reliability and scalability, supporting multivendor firewalls, and it can traverse any number of firewalls regardless of SIP or H.323 protocol.
Administrators have a choice of implementing the Cisco VCS Expressway either as an appliance or as a virtualized application on VMware or similar virtual environments, with additional support for Cisco Unified Computing System (Cisco UCS ) platforms.

Benefits of Cisco VCS Expressway

• Advanced firewall traversal: The Cisco VCS Expressway traverses any number of firewalls, making it easy for enterprises to collaborate more closely with external partners and suppliers.

• Optimal media routing: The Cisco VCS Expressway offers Simple Traversal of User Datagram Protocol Through Network Address Translation (STUN)-compliant firewall traversal, which provides endpoints with an intelligent framework to determine the best path for media connectivity.

• Increased competitiveness: The Cisco VCS Expressway helps enterprises become more competitive through real-time video communications across geographically dispersed teams.

• Improved productivity: The Cisco VCS Expressway empowers remote and home-based workers to collaborate more effectively with colleagues while helping cut travel costs.

• Robust security: The Cisco VCS Expressway uses standards-based device authentication for easier control over the network and safeguards external video communications.

• Flexibility: Administrators can implement the Cisco VCS Expressway either as an appliance or as a virtualized application to meet the needs of their organizations.

Features of the Cisco VCS Expressway

• Firewall traversal services: The Cisco VCS Expressway offers all the functions of Cisco VCS Control. However, its main feature is that it acts as a firewall traversal server for other Cisco networks and any traversal-enabled endpoints that are registered directly to Cisco VCS Expressway. The Cisco VCS Expressway uses SIP or H.460.18/19 for firewall traversal of signaling and media across a range of ports.

• Cisco Expressway also enables mobile worker access to collaboration services using Cisco Jabber clients registered to Cisco Unified Communications Manager.

• Registration of traversal-enabled endpoints: The Cisco VCS Expressway can register traversal-enabled endpoints directly for firewall traversal. You can configure the endpoints with a range of firewall traversal preferences such as protocols, ports, registration attempts, and keepalive intervals.

• Traversal Using Relays for NAT (TURN) relay services:

– The Cisco VCS Expressway provides TURN relay services to Interactive Connectivity Establishment (ICE)-enabled endpoints to allocate relays for the media components of the call. The endpoints perform connectivity checks through ICE to determine how they will communicate.

– For communications between the VCS and external Microsoft Lync servers and clients that are registered through a Microsoft Edge Server, a Back-to-Back User Agent for Microsoft Lync is provided with Cisco VCS Expressway.

• Call-routing services: The Cisco VCS Expressway supports a wide range of call-routing services, including alphanumeric Uniform Resource Identifier (URI) dialing. Additionally, the Cisco VCS Expressway can take advantage of the Domain Name System (DNS) Service Record (SRV) configuration to advertise availability to parties outside the local network, creating a rich peer-to-peer capability.

• Policy engine for processing calls: The Cisco VCS Expressway allows administrators to set systemwide policies that determine how incoming or outgoing calls should be allowed, rejected, or redirected to a different destination based on criteria such as time of day, source or destination address, or more complex algorithms.

Table 1 lists the features and benefits of Cisco VCS Expressway.

Table 1. Features and Benefits



User Interface

Web browsers supported

• The web interface supports Internet Explorer 8 or 9; Firefox 3 or later; and Chrome

Management interfaces

• Support for industry standards such as HTTP and Secure HTTP (HTTPS), XML, Simple Network Management Protocol (SNMP v1, v2, and v3), Secure Copy Protocol (SCP), and Secure Shell (SSH) Protocol
• Embedded setup wizard for initial configuration
• Integration with Cisco TelePresence Management Server (TMS) Version 12.5 or later
• Support for call logging and diagnostics
• Local time-zone-aware


• English, Chinese (Simplified), French, German, Japanese, Korean, Russian and Spanish

Firewall traversal

Traversal services

• Cisco TelePresence Expressway technology
• STUN discovery and STUN relay services
• Firewall traversal STUN-compliant
• H.460.18/19-compliant
• H.460.18 client-proxy support
• Support for H.460.19 multiplexed media
• SIP support

Remote Collaboration Services Supported to Unified CM

• XMPP for instant messaging
• HTTPS for Logon, Provisioning/Configuration, Contact Search, Visual Voicemail services
• SIP for Session Establishment, Register, Invite, via Unified CM
• RTP/SRTP for Audio and Video
• Binary Floor Control Protocol (BFCP) for Content Sharing

Endpoint Registration and Session Management

Supported endpoints

• Cisco VCS Expressway is compatible with any standards-compliant H.323 or SIP videoconferencing or telepresence device
• Provisioning and configuration are supported only for Cisco TelePresence endpoints
• Mobile worker access to video and unified communications (UC) services are supported by Cisco Jabber Video for TelePresence (Movi) and Cisco Jabber Unified Communications applications respectively ( Note: For full details, please see the relevant release notes for the version(s) of Cisco Jabber that you are using)
• Cisco Jabber UC applications must be registered to Cisco Unified CM version 9.1.2 or later

Endpoint registration

• Support for manual registration of H.323 and SIP endpoints
• Support for registration of H.323 ID and E.164 aliases and services
• Support for Unicode (UTF-8) registration for global implementation

Session control

• Support for H.225/Q.931, H.245 call-control routed mode, and non-call routed mode
• Support for H.323-SIP Interworking Encryption
• Support for H.323-SIP Interworking DuoVideo
• Support for URI dialing
• Support for direct call signaling among neighbored Cisco VCSs, border controllers, and gatekeepers
• Support for call policy management (RFC 3880),including call policy and user policy (Cisco TelePresence FindMe)
• Support for conference hunting for multipoint-control-unit (MCU) cluster
• Support for call routed mode
• Support for call loop detection

Zone control and bandwidth management

• Support for remote zone monitoring
• Support for remote zone redundancy
• Support for up to 1000 neighbor zones (including Cisco VCSs, border controllers, gatekeepers, and SIP proxies)
• Support for subzone area definition for bandwidth management
• Support for flexible zone configuration with named zones and default zone
• Support for forwarding of requests to neighbor zones
• Support for registration control (open, specifically allow, and specifically deny)
• Support for interzone bandwidth management: Definable call by call
• Maximum bandwidth per call
• Maximum aggregate bandwidth for all neighboring zones
• Support for intrazone bandwidth management: Definable call by call
• Maximum bandwidth per call
• Maximum aggregate bandwidth
• Support for auto-down-speeding if call exceeds per-call maximum
• Support for gateway load balancing
• Support for automatic network failover
• Support for capacity warnings for users and administrators


• Support for DNS addressing
• Support for IPv4 and IPv6 simultaneously
• Support for IPv4 and IPv6 translation services

Scalability and Capacity

Single VCS capacity:
(appliance or small and medium virtual-machine deployments)

• The capacity of one Cisco VCS (appliance or small and medium virtual machine) follows:
• Up to 2500 registrations
• Up to 500 nontraversal calls
• Up to 100 traversal calls
• Up to 1000 subzones

Single VCS capacity:
(large virtual-machine deployments)

• The capacity of one Cisco VCS (large virtual machine) follows:
• Up to 5000 registrations
• Up to 500 non-traversal calls
• Up to 500 traversal calls
• Up to 1000 subzones

Clustered VCS capacity

• Up to six VCS appliances or virtual machines can be clustered to increase capacity and provide redundancy.
• Clustering increases the maximum registrations, traversal, and nontraversal calls by up to four times.

Microsoft Lync Interworking Capacity

The maximum number of calls interworked to Microsoft Lync is 100. It is highly recommended that a separate VCS-Control server is deployed for use as a dedicated Microsoft Lync gateway.

System Security and Resilience

Security features

• Secure management with HTTPS, SSH, and SCP
• Secure file transfer
• Inactivity timeout
• Ability to lock down IP services
• Authentication required on HTTP(S), SSH, and SCP
• H.235 authentication support
• Transport Layer Security (TLS) for SIP signaling
• Roles-based password-protected GUI user access
• Ability to enforce strict passwords
• Ability to disable root access over SSH
• Automated intrusion protection
• Delegated credential checking across a traversal zone
• Federal Information Processing Standards (FIPS) 140-2-compliant cryptographic modules

Resilience and reliability

• Ability to deploy Cisco VCS Expressway in a redundant (six) cluster
• Ability to share licenses across a cluster
• Ability for registrations to survive system restart
• Ability to replicate configuration for clusters
• Ability for the Cisco VCS Expressway process to recycle within seconds
• Support for Cisco VCS Expressway H.225 Alternate Gatekeeper

Product Specifications

Table 2 lists the Cisco VCS Expressway virtualized application and physical appliance specifications.

Table 2. Cisco VCS Expressway Virtualized Application and Physical Appliance Specifications

Product Feature

Product Specification

Virtualized Application Specifications

Servers for virtual environment

• Cisco UCS B- or C-Series servers or third-party servers that meet the minimum requirements
• VMware vSphere or vCenter server running ESXi
For full details of host requirements, refer to the Cisco TelePresence VCS Virtual Machine Deployment Guide.

Virtual-Machine Host Requirements

Small Deployment

Medium Deployment
(typical installation)

Large Deployment
(for performance and scalability)


2 core
2 core
8 core

Reserved CPU resource

3600 MHz (2 x 1.8 GHz)
4800 MHz (2 x 2.4 GHz)
26400 MHz (8 x 3.3 GHz)

Reserved RAM

4 GB
6 GB
8 GB

Disk space

132 GB
132 GB
132 GB

Network interface card (NIC)

1 Gb
1 Gb
10 Gb

Physical Appliance Specifications

Physical dimensions

(H x W x D)

• 1.72 x 16.8 x 18 in. (43.5 x 426 x 457.2 mm)
• 1-rack unit (1RU) rack-mount chassis


• 17.6 lb (8 kg) (unpacked)


• Auto-sensing 250W (maximum) 580-BTU-per-hour power supply
• 90-264 VAC full range at 47-63 Hz

Environmental data

• Operating temperatures: 32 to 104°F (0 to 40°C)
• Storage temperatures: -4 to 140°F (-20 to 60°C)
• Relative humidity: 10 to 90% (noncondensing)

Cooling system

• Five 40-millimeter fans for system cooling


• Four 10/100/1000 BASE-TX Ethernet ports (RJ-45) (front)
• One RS-232 console port (RJ-45) (front)

System control and indications

• One power LED
• One alarm LED
• One power on/off switch (rear)
• Four act/link/10/100/1000 LEDs on Ethernet ports

Table 3 lists the certification, approvals, and awards for Cisco VCS.

Table 3. Certification, Approvals, and Awards for Cisco VCS

Product Feature

Product Specification


• LVD 73/23/EC
• EMC 89/366/ECC

Note: Cisco VCS Version X7 is ICSA Labs certified.

Approvals and compliance

• Directive 73/23/EEC (Low Voltage Directive)
• Directive 89/336/EEC (EMC Directive)
• Standards EN 60950, EN 55022 Class A, EN 55024, and EN 61000-3-2/-3-3
• Approved according to UL 60950 and CAN/CSA C22.2 No. 60950
• Compliance with FCC15B Class A
• Joint Interoperability Test Command (JITC)

Supported RFCs

• RFCs 2543, 3261, 3264, 1889, 3265, 3325, 3515, 3891, 3892, 2327, 4566, 5626, 5627, 5389, and 5766


Ordering Information

To order Cisco VCS Expressway, visit the Cisco Ordering Home Page and refer to Table 4.

Table 4. Ordering Information for Cisco VCS Expressway

Product Name

Part Number

Compliance Model Number

Cisco TelePresence Video Communication Server Expressway

(VCS Expressway Appliance)

Comes with: Cisco TelePresence Video Communication Server, Expressway feature, Gateway Feature, 1800 TURN Relay Option, Cables

Note: A minimum of 5 traversal licenses must be selected when ordering the VCS Expressway Appliance



Cisco TelePresence Video Communication Server Expressway

(Virtualized Application)

Comes with: Cisco TelePresence Video Communication Server, Expressway Feature, Gateway Feature, 1800 TURN Relay Option, VCS-Dual Network Interface Feature

Note: A minimum of 5 traversal licenses must be selected when ordering the VCS Expressway Virtualized Application



Ordering Options for the Cisco VCS Expressway

5 Traversal Calls for Cisco VCS Expressway



10 Traversal Calls for Cisco VCS Expressway



20 Traversal Calls for Cisco VCS Expressway



50 Traversal Calls for Cisco VCS Expressway



Additional 10 Non-traversal calls for Cisco VCS Expressway



Additional 20 Non-traversal calls for Cisco VCS Expressway



Additional 50 Non-traversal calls for Cisco VCS Expressway



Additional 200 Non-traversal calls for Cisco VCS Expressway



Additional 300 Non-traversal calls for Cisco VCS Expressway



Enable Device Provisioning for Cisco VCS



Advanced Networking for Cisco VCS Expressway (Dual Network Interface)



VCS FindMe Application for Cisco VCS Expressway



VCS Enhanced Microsoft Collaboration



