NEC MultiSync CB651Q User Manual page 61

Amazon AWS
Amazon AWS is a market leading cloud service managed by Amazon, a trusted provider of cloud services that offers
geographical dispersion - allowing us to have a server closer to the end user, which reduces latency in cloud connectivity.
All our cloud services running on Amazon AWS are running under a Virtual Private Cloud (VPC) and each environment has its
own virtual network protected by Amazon's availability zone and firewall.
Amazon AWS servers are geographically dispersed and have many certifications and third-party assessments, including ISO/
IEC 27001:2005, SOC 1 and SOC 2 and CSA STAR certification . Further information can be found in their security whitepaper .
1 2
Mosaic Connect features
The Mosaic Connect software consumes a REST API provided by our SaaS layer which is credential secured. All
communication with the REST API and our XMPP services are over TLS (port 443) with 2048-bit asymmetric encryption and
256-bit symmetric encryption.
For video calls, STUN is used to establish a peer to peer connection. If this fails, then the client will attempt to use our relay
service using the TURN protocol.
In addition to DTLS encryption, we also encrypt data through Secure Real-Time Protocol, which safeguards IP communications
from hackers, so that your video and audio data is kept private point to point.
Meeting ID and PIN
For each meeting a unique meeting ID is generated using our SaaS layer which is used as a means for the clients to connect to
that specific meeting. If there is an Internet connection, this meeting ID will be 6 digits long.
If no Internet is available (or local connections only is enabled) the Meeting ID will be 10 digits long. This 10 digit meeting ID is
generated using the device IP address, which enables connection from different subnets on the same network.
If devices connect using the 6 digit meeting ID, connection is attempted locally, however if this is not possible then the
connection is made via XMPP. The host can also specify a PIN which is configured at the box directly, and on each client
connecting would request confirmation of the PIN.
Cloud
If Mosaic Connect has access to the Mosaic Connect Cloud, then it will be able to allow devices connecting to it from outside of
its local network – e.g. A Chromebook client on a remote network and a Windows client connected on another network within
your organisation,
This can be restricted by deactivating access to the cloud in Mosaic Connect settings. The Mosaic Connect hardware units can
also function solely using their access point with each connecting device ingbe assigned an IP address.
Updates
An Internet connection is required for updates. The updates are downloaded over a secure connection (using port 443) and are
installed on demand. A notification will appear in the Mosaic Connect user interface to indicate an available update that the user
can install.
Security
The clients and boxes are authenticated on our servers using a 4-step authentication process with SASL . At any time,
3
administrators can remove a client or box from the authorised zone temporarily and permanently.
All data transferred between the user's device and Mosaic Connect is peer to peer (P2P) and is over TLS or DTLS with 2048-bit
asymmetric encryption and 256-bit symmetric encryption. If a P2P connection fails to connect between the client and Mosaic
Connect, then the software will relay the data via our TURN server over TLS TCP port 443.
Access Point and Wi-Fi
The Mosaic Connect unit offers an internal access point, secured with WPA2 with PSK encryption, allowing clients to connect
directly to the box and in so creating a local network.
The Mosaic Connect unit can also connect as a Wi-Fi client to an external Access Point and network.
For Airplay Mirroring and Airplay Video the box publishes services on the connected networks using Zero-configuration
networking .
4
English-59