Networks ∙ Services ∙ People www.geant.org
Peter Szegedi
HEAnet Conference 2015
GÉANT: Delivering Global Real-Time Video Communication Services
Cork, Ireland
GÉANT Amsterdam
Networks ∙ Services ∙ People www.geant.org
• Why WebRTC could potentially be disruptive for R&E
• How GÉANT is engaged in WebRTC
• GÉANT federated STUN/TURN service
• GÉANT federated WebRTC infrastructure
• GÉANT federated directory and service verification
2
Outline
Networks ∙ Services ∙ People www.geant.org 3
Use cases for WebRTC in HEI
• Enable rich, high quality, RTC applications to be developed for the browser, mobile platforms, and IoTdevices, and allow them all to communicate via a common set of protocols.
• WebRTC is an API definition drafted by the World Wide Web Consortium (W3C) that supports browser-to-browser applications for voice calling, video chat, and P2P file sharing without the need of either internal or external plugins.
• WebApp integartion is the key:a) Real-time communication
b) In-context communication
Networks ∙ Services ∙ People www.geant.org 4
Rendez-vous at RENATER
• Based on Jitsi Meet
• Brings RTC to your browser
• Integrates with document and desktop sharing, Prezi, chat and others...
Let’s flip the class...
Networks ∙ Services ∙ People www.geant.org 5
In-context communication
Networks ∙ Services ∙ People www.geant.org 6
Fun and less fun...
Networks ∙ Services ∙ People www.geant.org 7
Mock-up idea for R&E
• ownCloud software has got some penetration into our community
• Enable WebRTC into the ownCloud web client
• Share the file or folder of learning materials and discuss with your students
• Share your research results and analyse them with your colleagues
File-based sync&share service with real-time communication component
Networks ∙ Services ∙ People www.geant.org
To make it happen you need a piece of infrastructure!
8
Networks ∙ Services ∙ People www.geant.org 9
STUN/TURN service
Telecom R&D: Steps for building and deploying WebRTC solution
• WebRTC is peer-to-peer but...
• STUN (Session Traversal Utilities for NAT) is a standardized set of methods and a network protocol to allow an end host to discover its public IP address if it is located behind a NAT.
• TURN (Traversal Using Relays around NAT) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.
Networks ∙ Services ∙ People www.geant.org 10
GÉANT federated STUN/TURN service
STUN/TURN Server potential users
• SIP User Agents• VoIP• Telepresence / VideoConference• Long Term Credential auth mechanism
• XMPP/Jabber/Jingle/COLIBRI Clients.• Long Term Credential auth mechanism
• Web Applications (WebRTC)• Time limited Long Term Credential (REST API)• OAuth token/assertion auth
Benefits for the community
• Better firewall traversal experience for end-users
• Smooth IPv6 transition for end-users
• IETF standard based firewall traversal instead of tunnels
• Reliable distributed STUN service for GÉANT community services• For reflexive address detection
• Reliable distributed TURN service for GÉANT community services• For media relaying
Networks ∙ Services ∙ People www.geant.org 11
Jitsi infrastructure
JipoproJIRECONfreeswitch JIGASI Jitsi Meet
JICOFO
VideobridgeVideobridge
IDPshibboleth
XMPP XMPPSIP
RTP
ACCESS LAYER
APPLICATIONLAYER
MEDIA LAYER
RTP
• Jitis Meet is the application.
• Jitsi Video ridge is a WebRTCcompatible Selective Forwarding Unit (SFU) that allows for multi-party video communication
• Jiti COnference FOcus (JICOFO) is mandatory component of JitsiMeet conferencing system. It is responsible for managing media sessions between each of the participants and the videobridge
• ice4j.org is an ICE implementation which is used to provide NAT traversal capabilities, and assistsIPv4 to IPv6 transition
Networks ∙ Services ∙ People www.geant.org 12
Multi-NREN deployment
Jitsi Meet Video-bridgeJICOFO Video-bridge Video-bridge
VPN: Private addressesRENDEZ-VOUS Out-of-band management/
network-mangement VPN
INTERNET
Video-bridge
DIRECT ACCESS TO INTERNET:SECURITY MANAGEMENT SITE BY SITE
Public addresses
Monitoring/discovery Containers OrchestrationLogsConf
managerReporting
REST ACCESS
Jitsi MeetGEANT
VideobridgeRENATER
JICOFOGEANT
VideobridgeNIIF
Video-bridge
Video-bridge
Video-bridge
Video-bridge
Create a multi-NREN, robust and scalable Jitsi infrastructure for facilitating first-hand experience with WebRTC technology and application piloting.
GÉANT WebRTC Infrastructure
Networks ∙ Services ∙ People www.geant.org 13
Application network over secure MD-VPN...
Open API for application developers
• Access to the infra back-end
• Get a snippet for your webapp
• Integrate applications
Networks ∙ Services ∙ People www.geant.org 14
GÉANT eduCONF federated directory
• eduCONF directory for video conferencing rooms, crafted together with the monitoring service
• Integration of directories• 2-stage policy adjustment: local
and central
• XML export engines: easiest way to export by remote parties
• multiple other export engines (possible: FTP, SFTP, API, JSON, ...)
• central administration
Networks ∙ Services ∙ People www.geant.org 15
GÉANT federated directory for WebRTC support
• Skype/MS, Facebook, Google, Apple, Telcos, etc... all have a directory• Everyone wants to OWN the
directory
• They have NO interest in sharing their directories
• They have no interest in federation / interoperability betweendirectories
• Rendez-vous is federated and eduGAIN-enabled but requires an e-mail address to identify admin user.• Some IdPs do not release e-mail
address....
Networks ∙ Services ∙ People www.geant.org
• Simple, reliable, one-click, plugin-free WebRTC service for R&E (~50M) to fall back to
• In-context application integration with WebRTC via open API
• Support infrastructure bits and pieces• Federated STUN/TURN service
• Multi-NREN Jitsi infrastructure
• Federated directory and service verification
Come and talk to TF-WebRTC task force of GÉANT!https://wiki.geant.org/display/WRTC/TF-WebRTC+Task+Force+on+WebRTC
https://lists.geant.org/sympa/subscribe/webrtc
16
Summary
Networks ∙ Services ∙ People www.geant.org
Thank you and any questions
Networks ∙ Services ∙ People www.geant.org
17