Huawei TE30 Product Overview page 32

TE30 Videoconferencing Endpoint
Product Overview
System Layer Security
Security maintenance of the system layer ensures a smooth running of the operating system
and also supports stable services at the application layer. The endpoint uses Linux, which is
more secure and immune to viruses than Windows.
Network Layer Security
The on-premises, IMS hosted, and SP hosted networks have implemented different network
layer security policies.
l
l
Firewall Technology (NAT)
The firewall protects your IP network by separating the internal and external network
communication data. Using Network Address Translation (NAT) technology and exchanging
signaling between public network protocols and private network protocols, the firewall
enables sites on local area networks (LANs) in different places to enjoy the convenience of
communication through video conferences. With NAT, a device on an LAN is allocated a
dedicated internal IP address that uniquely identifies the device on the LAN, and the device
uses an external IP address to communicate with external devices. Through NAT mapping,
multiple internal IP addresses are mapped to one external IP address. NAT mapping not only
reduces the number of IP addresses that are needed for users on a private network to access
the Internet, but also enhances the security of the private network.
Secure Public-Private Network Traversal
The standard H.460, SIP Interactive Connectivity Establishment (ICE), and exclusive Super
Network Passport (SNP) firewall traversal technologies are used to set up secure connections
between the public and private networks or between different private networks through
firewalls.
Network Diagnostics
To ensure superb audio and video, you can use the diagnostic tool released with the endpoint
software version to check the network performance, including:
Issue 03 (2018-06-30)
On-premises network:
– The endpoint, SMC2.0, and MCU are deployed in the trusted zone, isolated from
the Demilitarized Zone (DMZ) and the untrusted zone. Firewalls are deployed for
security domain division and access control.
– Terminals (such as TE Desktop and TE Mobile) in the untrusted zone communicate
with NEs in the trusted zone through the Session Border Controller (SBC) or
Switch Center (SC) in the DMZ.
IMS hosted and SP hosted networks:
– The endpoint is deployed in the untrusted zone, isolated from the DMZ and the
trusted zone through the SBC or the extranet firewall.
– If the DMZ is deployed, install the SBC, SC, USM Proxy, and MediaX Proxy in the
DMZ for endpoint connections.
– If no DMZ is deployed, the endpoint connects to the trusted zone through the SBC.
The USM Proxy and MediaX Proxy are not required.
– On network borders between the DMZ and the trusted and untrusted zones,
firewalls are deployed to implement security domain division and access control.
Copyright © Huawei Technologies Co., Ltd.
5 Functions and Features
26