Technical Guidelines

Enterprises have particular requirements relating to events projected inside their network perimeter. ON24 offers advanced support for these requirements in the following areas:

  • Media Distribution behind the firewall
  • Media Distribution across a diverse mix of networks with different capabilities and requirements
  • Security of content
  • Authentication of participants utilizing corporate Active Directory and similar directory structure

Media Distribution

Large Enterprises have many requirements in supporting webcasts and virtual environments within the network infrastructure:

  • Methods to limit the bandwidth demands of streaming media distribution into and over the corporate network
  • Support for different media distribution methods in various portions of the network. The corporate network is typically not a homogenous whole, but made up of interconnected networks with different capacities, capabilities and levels of utilization. Each may require a different strategy to accommodate the traffic loads.
  • High level of control by the Network Engineering staff; the use must be very well controlled and not subject to issues arising from the vagaries of user selection.

Media Distribution Behind The Firewall

The most commonly used methods for distributing streaming media across a bandwidth-constrained corporate network include the options listed below. ON24 provides consoles which support Windows Media, Flash Media, and Apple HTTP Live Streaming for iOS devices.

Transparent Proxies

ON24 supports Cisco WAAS distribution capabilities, either directly from ON24 external servers or by means of internally located Head End servers. Bluecoat Proxy SG appliances support streaming media distribution very effectively; ON24 supports these devices as well.

Unicast Replication

ON24 supports use of Microsoft Windows Media Servers (2003 and 2008) configured for replicating unicast streams into each location in a corporate network. This solution has the virtue of having very highly determinant behavior. Distribution is tightly constrained, and behavior highly predictable. ON24 also supports Flash Media Server for unicast replication in the distribution of live Flash video.

Riverbed Technology has its RSP platform, which provides the ability to locate media servers on Steelhead appliances; this readily supports ON24’s Unicast Replication and multicasting capabilities.


ON24 supports multicasting utilizing Microsoft Windows Media Server for those organizations having multicast enabled networks. Multicasting utilizing live Flash video will be supported in Q2, 2012 using Adobe Flash Media Server.

Peer-to-peer methods

ON24 supports Kontiki and Octoshape peer-to-peer media distribution for those organizations having these technologies deployed. ON24 also resells Octoshape technology.

ON24 distribution solutions support and address the requirements of VPN users. Split tunneling support is provided. IP Addresses of dedicated server pools are available to address requirements for known IP addresses.

Different Methods in Portions of the Network

ON24 enables the detection of internal or external IP addresses and provides a data structure into which the network engineering personnel can load a database of network address ranges, each of which can be associated with a playlist. This allows all users in a given network address range to be provided a particular stream speed, an audio vs. a video stream, or be directed to a non-streaming version of the event.

Different languages can be supported, and higher or lower quality video streams, based on the ability to the network range to carry the traffic. Portions of the audience can be supported with multicast stream distribution, while other ranges can utilize unicast replication, or peer-to-peer, or normal CDN stream distribution.

Console Based Network Performance Information

ON24 implements console code which reports observations of the media player as to buffering behavior to the Media Metrics module. This provides real time and after-the-fact reporting of actual starvation for bits by media players in the network. This can prove an invaluable aid in characterizing issues with streaming media delivery.


ON24 provides various grades of security, depending upon the application for which the webcasting or virtual environment platform is being used:

  • “Public” – where the content supported is intended for public dissemination. In this application, the platform is carefully secured against the ability to alter the content prior to presentation.
  • “Exclude the Competition” – where the content is not confidential, but presents elements of competitive or functional behavior. In this use case, the presenter would prefer to exclude those in the audience who are associated with competing companies or solutions.
  • The two methods above rely on Registration Security, which provides the following capabilities:

    Referring URL Authentication

    This approach checks the HTTP header referring URL information when the event is accessed and validates it against an approved list provided by the customer. ON24 can set up a “referrer” pattern to limit access only to users that link from a web page on a specific domain.

    Event Passwords

    Webcast events can be assigned a password that is then required for access to the event. The password field can be enabled anywhere on the registration page. If the client is handling registration, event passwords can be passed to the ON24 system.

    Individual passwords

    Attendees of webcasts can be assigned unique passwords that are required to access the event. The password can either be chosen by the user during registration or dynamically assigned via the registration confirmation email. Additionally, a further restriction can be put in place to limit the sharing of credentials during a live event.

    ON24 can block out groups of users based upon IP address. For example, if a corporation does not want any outside groups to view the webcast, ON24 can admit a range of IP addresses specific to the corporate gateways blocking other addresses.

    Domain Block

    ON24 can whitelist select domains and block all others during registries to restrict access to a webcast. The link to the webcast is only available in the registration confirmation email.

    • “Network Perimeter” Security – this common method of securing access to content implements restrictions which have the effect of blocking access to media or static content for anyone not operating inside the corporate firewall, either directly or by virtue of a VPN connection.
    • Single Sign On/SAML – This provides a method for securely accessing the internal LDAP/Active Directory system to identify which individuals are to be provided access to an event or virtual environment. As cloud-based services have become common, large enterprises have embraced SAML as a simple method to preserve the effectiveness of its HR-based procedures to exclude non-employees from access to systems.

    The Partner of Choice for High-Growth Companies