It is the promise of video conferencing that lures us in: easy data sharing and face-to-face conversation all without the inconvenience of travel. Such high-tech communication is the dream of many corporations and technology workers. So, for you curious tech folks who have not yet taken the plunge into video conferencing, or for those whose companies have been kicking the idea around, I’ll cover the features of Logitech’s QuickCam Express. I will also let you in on some of the pitfalls I encountered when setting up my video conferencing solution.

Back in the day
In olden days (before 1995), the video conferencing route was nothing more than a dream. You would need at least single-channel ISDN to provide 64 Kb of bandwidth for a moderately acceptable voice and data connection. You would also need a costly digital video camera and a computer with oodles of processing power (at least 200 MHz). Back in those dark ages, me and four other guys in my apartment building pooled our resources to put in a dual-channel ISDN connection and then ran Ethernet between our apartments. If we had bought just a single, high-powered, 200-MHz computer rather than our individual computers, we may have been able to scrape together enough cash for a camera. However, even with the advanced technology, we still wouldn’t have known anyone to call.

Of course, today, any decent modem connection provides some 56 Kb of bandwidth. Also, a 200-MHz computer costs about the same as a doorstop, and the Logitech QuickCam Express retails for $49.95. Not to mention, the widespread existence of residential cable modems and DSL put 256-Kb connections in reach to some 30 to 40 percent of the Internet community. So you can imagine how happy I was when a pair of these cameras was handed out for testing. My dreams were finally going to be realized; I could sleep in and not put on ties to go to work! I eagerly took home my toy with such joyous thoughts racing through my head.

Let’s see what’s inside
Opening the snazzy packaging, I found the camera, the software CD, and a few thin pamphlets. The Express is a classic, if not archetypical, Logitech QuickCam. It consists of a spherical camera with a triangular base. A screwed-in metal post, suitable for mounting the camera on a standard tripod, keeps the camera oriented vertically. A focusing ring providing improved image quality and the attached 6-foot USB cable keeps the muss to a minimum.

The CD includes the drivers, Logitech’s video recording package, which includes a Web-broadcast option, and Microsoft Net Meeting. Software installation was point, click, OK, OK, reboot. I’ve had more trouble preparing frozen pizzas.

The video software is fairly intuitive, although I think it could use a bit more hand-holding when it comes to adjusting the video quality. I went nuts trying to figure out why the picture quality was so bad until I realized that the indirect, ambient lighting pattern I’d set up to minimize screen glare kept me in a perpetual shadow. I pointed the camera at the sofa in my office and it was clear and vibrant. Learn from my mistakes, ye shadowy IT folk. If you want video conferencing to work, you’ll need to set up some illumination near your computer that targets your face.

In addition to normal video recording, the software also allows different kinds of Web cams. There is a “broadcasting” system, intended for family events or “pirate” television, which provides a one-way feed from the camera to multiple viewers. It also includes a video-only Web feed for a “classic” Web cam site.

The QuickCam Express supports resolutions of 160 x 120, 320 x 240, and 640 x 480. The high quality 640 x 480 was clear but slow. Lag was common, despite the lack of traffic on my USB bus, and the synchronization between mouth movements and spoken words was poor. The most bandwidth-friendly low-res 160 x 120 is rather small, but motion tracking is smooth and it stays reasonably synchronized with the audio. I’d recommend setting your desktop resolution to 640 x 480 or 800 x 600 while using the camera. The 320 x 240 middle setting for the camera will work best, assuming you aren’t stuck on a slow modem connection. There is some motion blurring and video isn’t always synchronized with the audio, but you probably aren’t that active in front of your computer while video conferencing.

Video conferencing and the firewall
The Internet today is a dangerous place. You have to deal with automated virus infecting services, Trojans sucking down bandwidth, and “r00t” kits that let any eight-year-old attack systems on the Net, with buffer overruns and spoofed corrupt packets that might give the tyke super-user access. Whether an onboard software firewall like ZoneAlarm, a Linux server running a firewall, or a hardware-based firewall, firewalls are a big part of IT life. However, they do not like video conferencing as it currently stands.

All Net connections work by one side making a request and the other responding. Firewalls are there to block unwanted incoming requests, like a security guard. Only if one of the firewall’s clients requested the delivery will it be allowed in. While all this is good for security, unfortunately there are many details that get in the way when it comes to video conferencing.

Each Internet service tends to listen on a port. Computers have over 65,000 ports under the TCP/IP system. Think of them as internal extensions allowing you to separate different kinds of conversations. Typically, the first 1,024 ports are reserved for primary connections, while the higher ports are used as secondary ports.

Web services initialize on port 80, mail transport on 25, POP mail delivery on 110, and the list of ports goes on while the connections do not. A Web server only has one port 80, but many people may be trying to get data, so when the client initiates a connection and makes a request to the server’s port 80, the server could say “go to port 34545 and I’ll give you what you want there.” This is a typical secondary connection, with the client then finishing the request at any free port the server decided to use at that moment. Again, the client initializes the connection to the secondary by making a request for data so the firewall is satiated.

Video conferencing doesn’t work this way because it is a series of two-way communications. When System A calls out past its firewall to System B, System A makes a request to the handshake port (port 1720 in the case of Net Meeting) on System B to start the conversation. They talk to negotiate speeds, and then System A uses one secondary port to send video and another secondary port to send audio to System B. System B does the same, using one secondary port for video and another for audio. System A, however, doesn’t get any of System B’s audio or video because the firewall blocked all of the incoming data since System A never talked to that port on System B. Meanwhile, System B is receiving all of System A’s data because the firewall doesn’t interfere with outbound data. It becomes totally dysfunctional if two firewalls are in place. Even making a gap in the firewall to allow access to the handshake port is insufficient, since the audio and video data will still be blocked.

This leaves two options: using unprotected systems for video conferencing or moving to a virtual private network (VPN) of some kind. VPNs create a special link between the client machine and the servers behind the firewall. This link is usually an authenticated process to keep out the riffraff that encapsulates all the communication to prevent eavesdropping. It also allows ports to be handled differently. The most common VPN process puts proxy software on the client. This routes all requests through the VPN software to be encapsulated and then sent to the server. The server then decapsulates them and sends them on their merry way.

Revisiting Systems A and B, let’s now suppose there’s a completely secured firewall around both systems, so we have a VPN firewall that is closed to everything except VPN connections on port 2550 (a randomly chosen port). System A logs on to the VPN by contacting System B on port 2550. The firewall lets it pass and the VPN session is started. When System A’s Net Meeting goes to talk to System B’s port 1720, it passes through the VPN software and winds up going to the firewall’s port 2550 decapsulated and is then relayed to System B’s port 1720. After the handshaking completes, the audio and video leaves B’s randomly assigned secondary ports, gets encapsulated by the VPN firewall, and is sent to System A. System A’s firewall lets the data pass because it is part of the VPN session System A initiated earlier. The same happens when System A’s audio and video gets sent through the VPN to System B.

Video conferencing is by no means the only process that works this way; two-way communications of all kinds use dynamically assigned secondary ports without an initialization stage. Even then, it wouldn’t matter when you have two firewalls in play. VPN isn’t a perfect panacea for all problems. The software requires some processing power at both ends, which can add lag. It also requires a lot of care to set up the VPN on the remote clients and still secure the servers. Opening any holes in your security is not something you’d want to do without spending enough time to consider all the ramifications. Regardless, IT staff should add VPN to their repertoire to avoid firewall issues.

Conclusion: Mission failed, but QuickCam gets thumbs-up
My goal was to set up a working video conference. I fired up Net Meeting and tried to get things going. However, through no fault of the camera, Logitech, or even Microsoft specifically, I failed. It seems the Internet environment populated with things like SirCam and Code Red just isn’t a friendly place for video conferencing software.

Unless you have absolute confidence that your computer will not be attacked, you cannot afford to run a computer without some form of firewall. Firewalls kill video conferencing dead without a lot of reconfiguration, while a decent VPN will keep out the riffraff without blocking your video conferencing. So, while I heartily endorse the Logitech QuickCam Express, as far as video conferencing goes, I think it will require either a new generation of software to deal with the Internet realities or more advanced firewalls that will recognize a video conferencing signal.