I have a CMA5000 and I am looking to make VC available to our users externally and ideally I would like them to have to authenticate. Additionally, I am also looking to have different groups use the CMA that shouldn't be able to talk to each other (multi-tenant) and I was wondering what I need.
Based on my high level understanding I think I need a 5300 ST configured with LAN side GK subscriber targeting the CMA5000 and then I need a 5300E (or lower E model) for each customer. I will then need to create multiple sites for the various IP subnets and configure site links to allow certain groups to communicate.
I was under the impression you could configure restrictions on the VBP also to determine who could talk to who. Any advice would be helpful.
You do not necessarely need an E-box for each customer.
If you should go for the ST-box you can let your users login with the CMAD onto your network and call each other and endpoints that have also registered with that ST-box.
So every customer you want to dial has to register to this box.
If you want to dial outside of your (video-) network you will need an E-box.
So customers that are not registered to your (video) network can call your endpoints/client within your (video)network via the E-box.
Also for dialing out an E-box will be quite helpful.
If you want to do both, you need both.
Hope this helps,
in regards to your question about customer separation on your network, you do have certain restriction and profiling capabilities within your CMA. By configuring your dial plan and sites, you can define certain access restrictions this way, as well as, bandwidth management functionality between sites.
If you do require complete separation of customers, ie., multi tenant functionality via complete partition, Polycom's Real Presence Resource Manager can provide this functionality. There is a migration path from CMA to Real Presence Resource Manager.