GÉANT: Delivering Global Real-Time Communication Services

Peter Szegedi

GÉANT Amsterdam

HEAnet Conference 2015 Cork, Ireland

Networks ∙ Services ∙ People www.geant.org Outline

• Why WebRTC could potentially be disruptive for R&E

• How GÉANT is engaged in WebRTC

• GÉANT federated STUN/TURN service • GÉANT federated WebRTC infrastructure • GÉANT federated directory and service verification

Networks ∙ Services ∙ People www.geant.org 2 Use cases for WebRTC in HEI

• Enable rich, high quality, RTC applications to be developed for the browser, mobile platforms, and IoT devices, and allow them all to communicate via a common set of protocols. • WebRTC is an API definition drafted by the World Wide Web Consortium (W3C) that supports browser-to- browser applications for voice calling, video chat, and P2P without the need of either internal or external plugins.

• WebApp integartion is the key: a) Real-time communication b) In-context communication

Networks ∙ Services ∙ People www.geant.org 3 Rendez-vous at RENATER

• Based on Meet • Brings RTC to your browser • Integrates with document and desktop sharing, Prezi, chat and others...

Let’s flip the class...

Networks ∙ Services ∙ People www.geant.org 4 In-context communication

Networks ∙ Services ∙ People www.geant.org 5 Fun and less fun...

Networks ∙ Services ∙ People www.geant.org 6 Mock-up idea for R&E

File-based sync&share service with real-time communication component

• ownCloud software has got some penetration into our community • Enable WebRTC into the ownCloud web client

• Share the file or folder of learning materials and discuss with your students • Share your research results and analyse them with your colleagues

Networks ∙ Services ∙ People www.geant.org 7 To make it happen you need a piece of infrastructure!

Networks ∙ Services ∙ People www.geant.org 8 STUN/TURN service

Telecom R&D: Steps for building and deploying WebRTC solution

• WebRTC is peer-to-peer but...

• STUN (Session Traversal Utilities for NAT) is a standardized set of methods and a network protocol to allow an end host to discover its public IP address if it is located behind a NAT. • TURN (Traversal Using Relays around NAT) is a protocol that assists in traversal of network address translators (NAT) or firewalls for multimedia applications.

Networks ∙ Services ∙ People www.geant.org 9 GÉANT federated STUN/TURN service

STUN/TURN Server potential users Benefits for the community • SIP User Agents • Better firewall traversal experience for • VoIP end-users • Telepresence / VideoConference • Long Term Credential auth mechanism • Smooth IPv6 transition for end-users • IETF standard based firewall traversal • XMPP/Jabber//COLIBRI Clients. instead of tunnels • Long Term Credential auth mechanism • Reliable distributed STUN service for GÉANT community services • Web Applications (WebRTC) • For reflexive address detection • Time limited Long Term Credential (REST API) • Reliable distributed TURN service for • OAuth token/assertion auth GÉANT community services • For media relaying

Networks ∙ Services ∙ People www.geant.org 10 Jitsi infrastructure

ACCESS • Jitis Meet is the application. LAYER • Jitsi Video ridge is a WebRTC compatible Selective Forwarding Unit (SFU) that allows for multi- SIP APPLICATION party video communication XMPP XMPP LAYER • Jiti COnference FOcus (JICOFO) is

RTP mandatory component of Jitsi Meet conferencing system. It is freeswitch JIGASI Jitsi Meet JIRECON Jipopro IDP responsible for managing media shibboleth sessions between each of the RTP JICOFO participants and the videobridge • ice4j.org is an ICE implementation MEDIA which is used to provide NAT LAYER traversal capabilities, and assists

Videobridge Videobridge IPv4 to IPv6 transition

Networks ∙ Services ∙ People www.geant.org 11 Multi-NREN deployment

INTERNET

DIRECT ACCESS TO INTERNET: Jitsi Meet SECURITY MANAGEMENT SITE BY SITE GEANT

Public addresses JICOFO GEANT

Video-bridge

Video-bridge

JICOFO Video-bridge Video-bridge Jitsi Meet Video-bridge Video-bridge Video-bridge Videobridge Videobridge RENATER NIIF Video-bridge

RENDEZ-VOUS Out-of- management/ VPN: Private addresses network-mangement VPN Create a multi-NREN, robust and scalable Jitsi infrastructure for REST ACCESS facilitating first-hand experience with WebRTC technology and Conf Logs Reporting Monitoring/discovery Containers Orchestration manager application piloting. GÉANT WebRTC Infrastructure

Networks ∙ Services ∙ People www.geant.org 12 Application network over secure MD-VPN...

Open API for application developers • Access to the infra back-end • Get a snippet for your webapp • Integrate applications

Networks ∙ Services ∙ People www.geant.org 13 GÉANT eduCONF federated directory

• eduCONF directory for video conferencing rooms, crafted together with the monitoring service

• Integration of directories • 2-stage policy adjustment: local and central • XML export engines: easiest way to export by remote parties • multiple other export engines (possible: FTP, SFTP, API, JSON, ...) • central administration

Networks ∙ Services ∙ People www.geant.org 14 GÉANT federated directory for WebRTC support

/MS, Facebook, Google, Apple, Telcos, etc... all have a directory • Everyone wants to OWN the directory • They have NO interest in sharing their directories • They have no interest in federation / interoperability between directories

• Rendez-vous is federated and eduGAIN-enabled but requires an e- mail address to identify admin user. • Some IdPs do not release e-mail address....

Networks ∙ Services ∙ People www.geant.org 15 Summary

• Simple, reliable, one-click, plugin-free WebRTC service for R&E (~50M) to fall back to • In-context application integration with WebRTC via open API • Support infrastructure bits and pieces • Federated STUN/TURN service • Multi-NREN Jitsi infrastructure • Federated directory and service verification

Come and talk to TF-WebRTC task force of GÉANT! ://wiki.geant.org/display/WRTC/TF-WebRTC+Task+Force+on+WebRTC https://lists.geant.org/sympa/subscribe/webrtc

Networks ∙ Services ∙ People www.geant.org 16 [email protected]

Thank you and any questions

Networks ∙ Services ∙ People www.geant.org

Networks ∙ Services ∙ People www.geant.org 17