In this post we will review the two methods that allow to connect Audio and Video Teams devices and examine the benefits of implementing a Voice VLAN
1 – Direct connection
Direct connection refers to connecting audio devices to a particular VLAN that will not require the audio-video devices to declare a proxy service. HTTPS Streams are therefore addressed directly to Microsoft Teams service points and UDP (real-time) streams are sent and forwarded directly from the device’s Teams client to Microsoft service points.
To ensure security, the Vlan in question is isolated from other VLANs and therefore makes peer-to-peer connections between users of Teams devices and Teams clients on Windows 10 connected within the company impossible.
- Audio devices connect directly to Microsoft services.
- Device configuration is simplified
- Devices must connect to a particular Vlan or socket.
- The audio device cannot connect anywhere on the corporate network (Per Port Vlan)
- The Audio Video Device Management Service must be installed on the same Vlan to be able to communicate with the peripherals.
- No point-to-point streaming between audio – video devices and Pc Teams connected on the company network
- Lack of unit visibility of network traffic generated by Teams activities
– Connection with proxy
Connecting via a proxy service consists of declaring an authenticated (or non-authenticated) proxy service within the audio and video devices to be able to output HTTPS streams. UDP streams (UDP 3478-3481) exit through the default gateway of the network devices.
- All Https activities of each device are traced by the proxy service.
- Audio and video devices can connect from any workstation running the Teams client.
- Point-to-point flows are possible
- Account and password to be declared in each device
- Account and password that never expires
- Not supported by some manufacturers. (Polycom)
Mobility of audio devices and Vlan ID.
Mobility of audio devices can be searched for to facilitate the installation and movement of devices such as Teams phones. The goal is to be able to connect a Teams phone from any location within the company (basically any network socket) with the guarantee that it connects without any particular configuration.
One of the possible options is then, to use the discovery functions of Vlan ID. The VLAN ID Discovery function allows the device to automatically determine the voice VLAN ID using DHCP. This is achieved by using an Option in the DHCP service. Once the Voice VLAN ID is acquired, the phone will use the 802.1Q tag to connect to the VLAN in question.
The picture below illustrates this setting on a Polycom TRIO 8800.
Major Benefits of Using VLANs
VLANs offer 3 major advantages when you plan to deploy your Microsoft Teams Devices listed:
- Minimize the broadcast domain: VLAN is used to minimize the broadcast domain. Creating smaller domain for phone can reduce overhead and limit resource utilization. Additionally, less traffic will need to be routed, and the latency added by routers will be reduced.
- Ease of Administration: Much of the cost associated with network additions and relocations can be saved through the use of VLANs. phone can be shifted from one workgroup or department to another without installing new network cabling and reconfiguring hubs or routers.
- Security: VLANs can be used to create secure user groups and prevent others outside of the broadcast domain from receiving sensitive data of the phone. They can also be used to enhance firewall functions and restrict network access for one or more users. By segregating phones into VLANs, security filters can be implemented in the network to prevent the phones from receiving unnecessary traffic from other devices. This helps prevent disruption due to DoS attacks or attempts to compromise the devices. It also allows locking down access to configuration and signaling servers to only allow access from the phones