Today, organizations of all sizes are rethinking how they host and manage their virtual meetings – not just for security and control, but for flexibility, cost effectiveness and cost control, and the overall user experience.

The idea that self-hosted video conferencing is only suitable for large organizations stems from the early on-premise platforms which were expensive to buy, complex to install and configure, and required trained and dedicated staff to manage.

However, this is an outdated perception.

Modern, self-hosted solutions, such as the combination of Cisco Meeting Server (CMS) and VQ Conference Manager, are making it easier than ever for small and medium businesses and agencies to also take charge of their video conferencing infrastructure.

The Need for Self-Hosted Video

Let’s start here. Why would an organization self-host some or all their video conferencing?  The most obvious answers include:

• Data Security – to ensure their video, audio, chat, shared content, and other meeting data remains within their organization’s own network.
• Data Sovereignty – to control where their virtual meeting data is stored and processed.
• Regulatory Compliance – to adhere to regulations like GDPR and HIPAA.
• Data Ownership – to maintain full ownership of their virtual meeting data, associated metadata, recordings, transcripts, summaries, and more.
• Data Control and Availability – to define the data access, retention, archival, backup, and deletion policies for their virtual meeting data.
• Access Control– to manage visibility and define what meetings and information users can access.
• Customization – to tailor the solution to meet their organization’s specific needs, including branding, user experience, and feature-set.
• Integration – to integrate the video conferencing platform with other internal systems, booking platforms, and data sources.
• Reliability – to make their own decisions regarding which hardware to use to host their virtual meetings, when and how to implement software upgrades, and which architecture to use to maximize reliability.
• Cost Control – to replace or reduce ongoing subscription costs.
• Scale – to manage meetings of all sizes securely and reliably.
  
  These are a few of the reasons why an organization would self-host their video conferencing.
  

Organization Size is NOT a Factor

Self-hosted video platforms, such as a Cisco CMS / VQ Conference Manager deployment, can support the needs of both small and massive organizations.

However, the reasons why an organization would self-host some or all its video conferencing have nothing to do with its size or global footprint.

In other words, the need for data security is not limited to large entities. The same holds true for data sovereignty, ownership, control, availability, integration, reliability, and the rest of the bullet items above.

For example, a small hospital must protect patient information and comply with regulations like HIPAA the same as a large hospital.

Similarly, a mid-sized engineering firm working on confidential government contracts must keep sensitive project data on secure (internal) servers just like larger government contractors.

Self-Hosted Video Conferencing Addresses Various Use Cases

Instead, the need for self-hosted video conferencing is based on your organization’s focus and the type of information you create, handle, and share.

Here are a few examples:

• A tiny financial advisory firm must keep client information private and comply with industry regulations just like massive investment banks.
• A small startup developing proprietary technology or intellectual property needs to keep internal discussions, business plans, and other information confidential just like massive technology firms.
• A mid-sized marketing agency must offer its clients a secure, branded video conferencing experience to compete against larger firms.
• A mid-sized distance learning organization needs to integrate its video conferencing with its proprietary, back-end student database and testing engine to offer a seamless experience.
• A public sector department needs to adhere to government data protection requirements when choosing a conferencing solution
• A defense agency requires secure conferencing as well as a means to monitor and manage visibility of all calls due to the sensitive and confidential nature of meetings  

In general, the types of organizations that would benefit most from self-hosting their video conferencing include:

• Organizations creating, handling, and sharing critical or confidential information
• Organizations needing to offer their users a custom workflow or experience
• Organizations needing to integrate their video conferencing with internally-hosted systems
• Organizations wanting to make their own architectural and infrastructure decisions
• Organizations seeking absolute control of their virtual collaboration environment

The takeaway is that self-hosted video conferencing offers a range of benefits for small, medium, and large organizations alike.

Learn more about how VQ Conference Manager is able to cater for businesses of all sizes with its secure self-hosted conferencing solution.

Some cloud video conferencing platforms offer more features than self-hosted (on-premise) video conferencing platforms.

However, having fewer features is not a weakness. This is by design.

Within this blog, we’ll discuss the topic of video conferencing platform feature sets from two perspectives:

1. Core features required for high-quality video conferencing
2. Additional features that enhance the user experience

Core Features For Self-hosted Video Conferencing

Let’s start here. Self-hosted video platforms offer a significant range of features and functions.

The list below includes some of the core features offered by CMS, Cisco’s on-premise video conferencing platform when managed by Cisco’s recommended management platform, VQ Conference Manager.

Types of Meetings Supported

• Scheduled Meetings – One-time and recurring meetings can be scheduled using a web portal, an Outlook plug-in, Outlook add-in, VQ Metro or a Jabber plug-in.
• Ad-Hoc Meetings – Meetings can be initiated  from a video system or client app (e.g. Jabber or Webex registered devices).
• VMRs (Virtual Meeting Rooms) – Persistent, always-available meeting spaces that users can join at any time. Think of VMRs as your organization’s digital conference rooms. CMS supports both shared and personal (user-specific) VMRs.

Types of Participants Supported

• Meeting Rooms/Video Systems – Includes participants using Cisco or third-party room video endpoints, such as Cisco Webex Room devices or other SIP -compatible systems, to connect seamlessly to CMS-hosted meetings.
• Desktop Users – Includes individuals using applications to join meetings from their desktops or laptops.
• Browser Users – Includes participants accessing meetings via WebRTC-compatible browsers, enabling them to join without installing additional software.

Security Features

• LDAP Synchronization – Allows integration with LDAP directories for user authentication and access control, ensuring secure and centralized user management.
• SSO – Can integrate with SAML 2.0 based SSO
• Lobby – Provides a virtual waiting area for participants, enabling hosts to control who enters the meeting and prevent unauthorized access.
• Invite-Only Meetings – Restricts meeting access to specific invitees, ensuring that only authorized participants can join the session.
• PIN Codes – Requires participants to enter a PIN to access meetings or spaces, adding an extra layer of security for sensitive discussions.
• Lock Meetings – Enables hosts to lock meetings after all participants have joined, preventing additional users from entering and enhancing privacy.
• Support for Air-Gapped Deployments (Private Networks) – Allows CMS and VQCM to operate in isolated environments disconnected from public networks, ideal for highly secure or classified deployments.
• Media Encryption – Encrypts video and audio streams using industry-standard protocols like Secure Real-Time Transport Protocol (SRTP), protecting media content during transmission.
• Control Data Encryption – Secures signaling and control data using TLS and SSL encryption, ensuring that administrative and operational communications are protected.
• End-to-End Encryption (E2EE) – Provides encryption for media streams directly between participants without intermediaries, ensuring maximum confidentiality.
• Role-Based Access Control (RBAC) – Implements granular permissions based on user roles, allowing administrators to restrict access to specific features or data based on organizational policies.
• Password Complexity Enforcement – Requires strong passwords with configurable complexity rules (e.g., uppercase letters, numbers) to protect user accounts from brute-force attacks.
• Audit Logging – Tracks user actions such as logging in, joining meetings, or muting participants, providing detailed logs for security monitoring and compliance

Meeting Experience Features

• One Button to Join  – Simplifies the meeting join process by allowing participants to connect with a single click or button press, eliminating the need to enter long dialing strings or SIP URIs.
• Custom Branding  – Allows customization of the web app and meeting interface, including background images, logos, text strings, and invitation templates. Branding files can be stored locally.
• Video Quality – Supports high-resolution video , enabling crystal-clear video quality. CMS also offers high-capacity video streaming and customizable layouts  for enhanced participant visibility and meeting aesthetics.
• Audio Quality – Intelligent noise reduction for devices reduces background noise, ensuring clearer communication during meetings.
• Content Sharing – Dual-screen capability optimizes screen real estate by allowing participants to see video on one display and content on a second display. AV1 codec support offers efficient, high-quality content sharing at up to 1080p resolution.
• Customizable Layouts – Allows users or administrators to create and apply custom screen layouts (arrangements of video windows on screen), offering flexibility to meet specific meeting needs. Layouts can be dynamically adjusted based on participant count or fixed for consistent viewing experiences.
• Meeting Controls and Management – Provides tools for real-time meeting management (concierge services) including monitoring live meetings, muting/unmuting participants, adding or removing attendees, adjusting video layouts, managing participant roles, and locking/unlocking meetings
• Lobby Management – Offers advanced lobby controls where hosts can admit participants individually, in bulk, or lock meetings to prevent unauthorized access. This feature ensures greater control over meeting participation.
• Simultaneous Multi-Language Interpretation – Supports live interpreters for simultaneous interpretation in multiple languages, enhancing accessibility for global audiences.
• Meeting Recording – Enables recording of meetings for later review or distribution. Recordings are stored securely.
• Meeting Streaming – Allows live streaming of meetings to external platforms or internal audiences, extending the reach of the meeting beyond direct participants.
  

Infrastructure / Scalability Features

• High Capacity (Per Meeting) – Supports up to 450 participants on a single call bridge or up to 2,600 participants across multiple call bridges within a cluster, ensuring scalability for large meetings.
• Scalability & Load Balancing (Multiple Servers) – Enables clustering of up to 24 call bridge nodes, with intelligent load balancing to distribute calls across servers based on proximity and server load, optimizing resource utilization and resilience.
• LDAP/AD Integration – Provides integration with Lightweight Directory Access Protocol (LDAP) and Active Directory for centralized user authentication and management. CMS supports synchronization of up to 300,000 LDAP users across a 24-node cluster.
• Directory Services
  • Folder-Based Organization for Address Books – Enables hierarchical organization of address books for easier navigation and management.
  • Grouping Devices by Location – Allows devices to be grouped based on geographical locations for streamlined administration.
  • Up to Five Levels of Hierarchy – Supports multi-level hierarchical structures for organizing devices and users.
  • LDAP as Data Source for Directory Services
  • Custom Labels/Tags for Device Filtering and Grouping – Facilitates filtering and grouping devices using custom labels or tags.
  • Searchable Directories – Provides searchable directories to quickly locate users or devices within the system.
    

Monitoring & Management

• Service Configuration – Allows administrators to define meeting types, assign participant roles (e.g., host, guest), and configure PINs, passcodes, or role-based URIs to enhance call security and control access to meetings.
• Device Management – Supports auto-provisioning and configuration of devices and users, centralized device updates, and the use of device configuration templates for streamlined management.
• Integrated Analytics Dashboards
  • Meeting Performance Metrics – Provides detailed insights into meeting usage data, Call Detail Records (CDRs), participant bandwidth usage, packet loss, call quality, and other performance indicators.
  • Device Status Monitoring – Tracks device statuses (online, offline, in-call) with alerting capabilities to proactively identify issues.
• Meeting Monitoring – Displays live statistics for active meetings, including participant details, audio/video performance metrics, and content sharing status. Administrators can access this information to ensure smooth operations during meetings.
• Incident Reporting – Automatically generates reports on service disruptions or performance issues. These reports help administrators identify root causes and take corrective action.
  
  Yes. That’s a lot of features.
  
  Suffice to say that the features organizations  need to conduct high quality, secure video meetings are available within self-hosted platforms right out of the box.

Additional Features

Now that we’ve covered the basics, let’s look at the different priorities of cloud and self-hosted platforms, and the impact these differing priorities have on the release of additional features.

Cloud vs. Self-Hosted Video Platform Priorities

The table below highlights the different priorities of cloud (shared) and self-hosted (private) video conferencing platforms.

Cloud Platforms	Self-Hosted (On-Prem) Platforms
Accessibility Cost-efficient scalability User experience Ease of use Feature-set Privacy, security, and data sovereignty	Privacy, security, and data sovereignty Secure scalability User experience Ease of use Feature-set Customization

As shown above, both cloud and self-hosted platforms prioritize user experience, ease of use, and feature-set.

However, cloud video conferencing platforms prioritize accessibility and cost-efficient scalability above all else as these attributes make their offerings attractive to as many potential customers as possible.

Thus, when it comes to additional features, cloud providers work to make these features available as quickly as possible, to as many people as possible, at the lowest possible cost

For most cloud video providers, privacy, security, and data sovereignty compromises associated with additional features are considerations – but not deal breakers.

Whereas self-hosted platforms prioritize privacy, security, data sovereignty, and secure scalability as these attributes address the needs of organizations  requiring secure, large-scale video conferencing.

For most self-hosted platforms, features that compromise privacy and data sovereignty are unacceptable as they conflict with the number one priority of keeping customer data secure.

As a result, when additional features compromise security, these platforms will either choose not to offer those features to protect the virtual meeting data, or give customers the ability to deploy those features in a controlled and secure manner.

Perhaps the best way to highlight these different approaches to additional features is with a relevant example.

Feature Example – Meeting Summaries

Many cloud video conferencing platforms offer meeting summaries generated by either language models (LLMs) deployed in their cloud or public-facing AI / LLM providers.

This feature (and others such as meeting recording, transcriptions, translations, and more) requires customers’ virtual meeting data to be decrypted within the provider’s multi-customer cloud.

At  best, this is a security concern. At worst, it’s a disaster waiting to happen.

The Self-Hosted Platform Approach

Self-hosted platforms either offer these features securely or not at all.

For example, self-hosted platforms offer secure meeting recording by keeping all decrypted customer data within the customer’s private network.

To enable AI-powered features such as meeting summaries, self-hosted platforms give customers secure access to their virtual meeting data and allow them to use LLMs hosted within their private network.

For example, Cisco CMS gives customers access to their meeting recordings (which, of course, are stored securely on customer-owned, customer-controlled servers located within the customer’s private network).

The customer can then deploy their own AI / LLM models and create meeting transcriptions, summaries, and other deliverables (e.g., task lists, translations, etc.) using their own tools deployed within their own network to protect privacy, security, and data sovereignty.

Self-hosted video conferencing platforms offer a wide range of core features, including:

• Scheduled and ad-hoc meetings
• Easy meeting join
• Meeting room participants
• Desktop, laptop, mobile device and browser participants
• High quality video
• High quality audio
• High quality content sharing
• Robust meeting controls (concierge meetings)
• Strong reliability
• Exceptional security
• Massive scalability
• Meeting monitoring and management
• Device provisioning, monitoring, and management
• Reporting, analytics and alerts
• And much more

Furthermore, instead of rolling features that compromise the security of customer virtual meeting data, self-hosted platforms give customers secure access to their data and let them choose which features they want to deploy (and how to deploy them).

The net is that self-hosted platforms offer the features you need and the power to protect and control your data and user experience.

Cloud video conferencing services have taken over the headlines. They’re quick and easy to activate (just sign-up), offer a wide range of features, and generally deliver a high quality video conferencing experience.

However, cloud video platforms introduce a wide range of privacy, security, customization, and control compromises. For some organizations and users, these compromises are acceptable. For others, they’re absolute deal breakers.

Where do businesses who need absolute control of their security, their data, and their experience turn? The same place they’ve gone to for decades … on-premise (a.k.a. self-hosted) video conferencing platforms.

The Source of the Myth

Like every other for-profit company, cloud video conferencing providers want to add customers, increase their user base, and generate additional revenue. And large organizations or agencies using self-hosted video platforms represent a massive opportunity.

So … what do they do? They float the notion that on-premises video conferencing is dead – or at least dying, and that ‘wise’ organizations have already started shifting their calling to the cloud.

To be fair, you can’t blame the cloud providers for trying to land new customers. After all, they have managers, shareholders, and investors seeking ongoing growth.

But there’s fact … and there’s fiction.

The fiction is that on-premises / self-hosted video conferencing is dying or dead.

The fact is quite different.

Self-Hosted Video Conferencing is Actually Dominant

Market data shows that self-hosted video conferencing is NOT dying. In fact, self-hosted video conferencing is the dominant architecture for video conferencing.

According to a Report from Imarc Group covering 2025 – 2033, on-premises video conferencing has a 58.7% share of the video conferencing infrastructure market.

Specifically, Imarc notes that “on-premises systems continue to be favored by businesses that prioritize security, control, and long-term cost efficiency.”

Similarly, a Grandview Report covering 2023 – 2030 states that “On-premise was the largest segment with a revenue share of 57.7% in 2023.”

The bottom line is that organizations around the world invest in, use, and depend on their self-hosted video conferencing platforms.

Cisco’s on-premise stance

Maybe you don’t believe the market data. After all, data may be wrong.

Perhaps you don’t believe us either. After all, we’re selling something too. We offer the leading, Cisco-recommended and approved solution for delivering secure, high-quality, self-hosted unified communications services and managing on-premise video devices.

But would you take Cisco’s word for it?

Cisco continues to invest in and innovate its on-premise video conferencing platform, Cisco Meeting Server (CMS).

For example, in February 2025, Cisco released CMS version 3.10.2, bringing many new features such as:

• Enhanced audio quality for shared content
• Support for AV1 codec for improved video performance
• TLS 1.3 integration for enhanced security
• Additional API enhancements for better participant control during meetings

Cisco offers support for up to 24 call bridges per cluster, allowing CMS to support up to 2,600 concurrent HD calls across multiple geographical points of presence.

Other recent innovations include intelligent load balancing and resource allocation to optimize distributed deployments, and a Smart Licensing program to simplify license management and reporting for CMS deployments.

In the last two years, Cisco has reduced spending and headcount. However, the company continues to invest in Cisco CMS. This alone demonstrates the strategic importance of on-premises video conferencing to Cisco.

Self-Hosted Video Conferencing is NOT Dying – the myth has been debunked

Hyperbole and exaggeration aside, the fact is that on-premise / self-hosted video conferencing is the leading approach used to host video conferences today. There is as much innovation in on-premise as there is with cloud conferencing and this shows no signs of changing.

And Cisco, the market leader in video conferencing system sales and the company behind the Webex cloud platform, continues to invest in Cisco Meeting Server, the company’s on-premise video conferencing platform.

Anyone who says otherwise is probably trying to sell you something (e.g., a cloud video calling service).

Just because on-premise existed first doesn’t mean that it’s fallen behind or is on the way out, it’s much more about what offering works best for a business’ requirements. On-premise continues to be the chosen solution for organizations looking for secure, self-hosted video conferencing.

Learn more from the VQ team about the key differences and benefits between on-premise and cloud conferencing

In today’s connected workplace, video conferencing is essential — not just for team collaboration, but for secure, day-to-day communication and mission-critical operations. While cloud-based platforms like Microsoft Teams, Zoom, and Google Meet dominate the market, they’re not always the right choice.

For organizations that deal with sensitive data, strict regulatory requirements, or require full control over the data lifecycle, self-hosted video conferencing offers critical advantages. By running conferencing infrastructure on your own hardware or in your private cloud, you retain control over data security, data sovereignty, and access to a full suite of conferencing features — without compromise.

In this blog, we explore:

• What self-hosted video conferencing really means
• The importance of data security in virtual meetings
• How data sovereignty and localization impact your regulatory compliance
• The trade-off between cloud convenience and security — and how to avoid it
• How VQ Conference Manager enables full-featured, secure, self-hosted video conferencing

Let’s start by understanding the core of the issue: virtual meeting data.

What is Virtual Meeting Data?

Virtual meeting data (VMD) includes all the information sent to and from meeting participants and the various servers supporting a virtual meeting.

When asked about this topic, most people think virtual meeting data is just the video and audio sent back and forth during a meeting. However, there are many forms of virtual meeting data, including:

The First Line of Defense – Encryption

Encryption is essential for protecting virtual meeting data, both in transit and at rest. But not all encryption is created equal.

Types of Virtual Meeting Data Encryption

There are two types of encryption commonly used to protect virtual meeting data – standard encryption and end-to-end encryption (E2EE).

With standard encryption, cloud service providers can access your meeting data. However, with E2EE, only the sender and intended recipient can decrypt and access your information.

The table below highlights a few differences between standard encryption and end-to-end encryption of virtual meeting data.

	Encryption	End-to-End Encryption (E2EE)
Key Management	Service provider manages encryption keys	Keys are generated and managed on user devices
Access to Content	Service provider can potentially access content	Only meeting participants can access content
Availability	Usually available to all users	Sometimes available to top-tier subscribers only
Implementation	Usually enabled by default	Often an optional feature that users must enable
Feature Compatibility	Supports all platform features	May limit certain features (e.g., recording, transcription)
Server Role	Servers can decrypt and re-encrypt data	Servers relay encrypted data without ability to decrypt
Use Case	Standard security for day-to-day meetings	Enhanced privacy for sensitive discussions and content

Simply stated, end-to-end encryption means only you (meaning your meeting participants) can access your virtual meeting data.

Encryption Challenges

Fortunately, most cloud calling providers enable standard encryption by default. And many, but not all, offer end-to-end encryption. However, there are many encryption-related caveats to consider, including:

• Most cloud calling services, including some leading platforms, turn off end-to-end encryption by default.
• Some calling services only offer E2EE with their premium or top-tier subscriptions.
• Some calling services require E2EE to be selected during the meeting scheduling process.
• Some calling services offer E2EE for point-to-point (two party) calls but not for meetings.
• Some calling services encrypt video and audio traffic but do not encrypt shared content data, chat data, whiteboard data, app data, reactions data, Q&A data, transcription data, or translation data. This data is sometimes sent and stored in clear text (meaning unencrypted).
• Some calling services do not support key meeting features (e.g., meeting recording, some types of interop calling, transcription, real-time translation, etc.) when end-to-end encryption is in use.
• Some calling services do not allow certain types of endpoints (e.g., meeting room systems) to join E2EE meetings.

On the surface, encryption seems like a bulletproof way to keep your data secure. However, as described above, encryption is not a universal solution for deterring bad actors.

Can User Authentication Secure Cloud Meetings?

Usernames, passwords, passkeys, multi-factor authentication (MFA), single sign-on (SSO) and other user authentication approaches are a key part of limiting unauthorized access to critical data.

However, cloud services are accessible to anyone from the public internet. This gives threat actors around the world an opportunity to exploit login systems using phishing, credential stuffing, or social engineering.

Once the threat actor logs into the system, they gain immediate access to all meeting and account information available to that user.

Despite attempts to thwart such attacks using encryption or authentication policies, security breaches are common. For example, in 2023, hackers were able to hijack meetings, manipulate contacts, access organization-wide whiteboards, and extract sensitive chat data from one of the leading cloud calling providers.

Staying Secure with Self-Hosted

With self-hosted video conferencing, your virtual meeting data never leaves your network.

From meeting scheduling data to chat data to meeting recordings, these valuable bits travel to and from your servers on yournetwork.

And your virtual meeting data benefits from the same network security systems, tools, and procedures you use to protect the rest of your critical data.

In other words, your network security becomes an additional layer of protection on top of the encryption, authentication, and other tools within your video conferencing solution.

So, when a user forgets to enable end-to-end encryption for a critical meeting, the unencrypted data is still safe behind your firewall.

And, when encryption or E2EE must be disabled (either completely or for specific segments of the data path) to allow a meeting to be transcribed or recorded, your data is still protected from external prying eyes.

Understanding Data Residency and Data Localization

Self-hosted conferencing offers organizations more than just security — it provides confidence that their data stays where it belongs. This enables organizations to be compliant with data sovereignty regulations.

There are two key factors when weighing compliance with data privacy legislation: data residency and data localization.

Data Residency

Data residency refers to the physical or geographic location where data is stored. In most (but not all) cases, data residency is based on an organization’s wants, needs, or preferences.

It is important to understand that data residency focuses on where data is stored but does not limit where data travels or is processed.

For example, to ensure that data requests are processed quickly, an organization based in Paris might define a data residency policy that active data must be stored in data centers within 500 km.

Similarly, another organization might choose to host its data in Houston because its hosting company or storage provider offers the best rates for data stored in that location.

Notably, these data residency policies would not prohibit the transmission of the stored data to other locations to serve user requests or for other types of processing.

Data Localization

Data localization expands the concept of data residency by focusing on where the data travels, where it’s processed, and where it’s stored. Essentially, data localization is concerned with the entire data lifecycle – not just where the data is stored.

While data residency is typically an organizational choice, data localization is usually the result of government regulations requiring strict control over data movement, processing, and storage to protect citizen data or maintain national security.

For example, to comply with HIPAA regulations, a healthcare organization in the U.S. might have a data localization policy that requires patient data to always remain in the United States.

Comparing Data Residency and Data Localization

The table below highlights the key differences between data residency and data localization within the context of virtual meeting data.

	Data Residency	Data Localization
Definition	Where data is stored	Where data is stored, processed, and travels
Legal Driver	Organizational preference	Government regulations
Flexibility	High – Data can travel and be processed as required (but must be stored in the proper location)	Low – Data is prohibited from leaving the defined geographic location (e.g., country of origin)
Control	Policy is typically controlled by the host organization	Regulation or mandate typically controlled by a Government
Purpose	Transparency, compliance, operational benefits, cost savings, customer experience improvements, etc.	Compliance with laws and regulations
Example	A multi-national e-commerce company requires marketing data to be stored in regional hubs to optimize access speeds.	A government agency requires that all data be stored on servers within the United States, processed only by computing facilities within U.S. borders, and transmitted solely through networks that do not route data outside the country.

Data residency is about preference. Data localization is about compliance.

Data Sovereignty and Virtual Meeting Data

With cloud video conferencing services, each participant sends and receives data to and from the calling provider’s servers  over the public internet.

Many cloud calling providers route virtual meeting data through multiple servers for cost, reliability, and scalability reasons,. Some providers aggregate specific types of data (e.g., chat data, meeting recordings, etc.) on servers in specific geographic locations for efficiency.

For example, imagine a user based in London was invited to a meeting hosted by a user based in New York. In this case, meeting data could be distributed as follows:

• User data (email address, time zone, account settings, etc.) might be stored in servers in the US, Europe, and Asia based on the home location of each registered user.
• Meeting scheduling data might be stored in a Hong-Kong server cluster.
• Real-time meeting traffic might travel from the London user’s PC to a server in London to a server in New York and ultimately to the meeting server in Phoenix, Arizona.
• Content shared with the London user during the meeting might traverse servers in the US and London before ultimately landing in a Singapore server cluster.
• Chat data might be hosted on a New York server during the meeting and then archived within a Singapore server cluster.
• To generate meeting transcripts, audio data might be sent from the New York server hosting the meeting to a transcription server in California, and then back to each user through multiple servers, before being stored on the Singapore server cluster.
• Meeting recordings might be stored on servers in the US, Europe, and Asia.

The takeaway is that with cloud video conferencing services, your virtual meeting data could travel to and be stored on multiple servers, in multiple countries, and even on multiple continents.

What about Cloud Provider Data Location Control Features?

Some cloud calling providers allow system admins to define data routing and storage location preferences. However, these are often treated as requests – not strict rules.

For example, given the choice between re-routing meeting traffic outside a customer’s preferred geographical preference area or having that meeting fail due to network congestion, some cloud calling providers will choose the route that protects the meeting experience at the expense of your data sovereignty policy.

Similarly, some cloud calling providers offer data localization for GDPR and specific country requirements (e.g., Germany requires some types of data must remain in Germany or only travel to countries with appropriate levels of data protection).

However, some of these data localization offerings offer “best effort” instead of strict data localization compliance as there are some circumstances when data may be:

• Transmitted to, processed by, or stored on servers in other parts of the world
• Accessed by support staff or others in other locations

For regulated industries — healthcare, finance, government — this loss of control is a dealbreaker. Cloud providers may offer location ‘preferences’ but often reserve the right to reroute data to maintain service quality.

The Video Conferencing Feature Explosion

The last few years have seen an explosion of innovation with video platforms like Cisco Webex, Microsoft Teams, Zoom Meetings, and Google Meet rolling out hundreds of new features at a dizzying pace:

• Real-time transcription and translation
• AI meeting summaries
• Background noise suppression
• Smart framing and face tracking
• Join-before-host
• Breakout rooms, whiteboards, polls, and more

These modern video conferencing platforms are packed with intelligent, server-powered features that require access to meeting data — meaning encryption must be dropped or weakened.

Server-Side vs. Client-Side Processing

Video conferencing platforms distribute tasks between server-side and client-side processing to optimize performance, functionality, and scalability.

Server-side processing involves using centralized resources to handle resource-intensive tasks like video mixing, transcription, and recording.

Client-side processing uses resources on user or meeting room devices to handle latency-sensitive functions such as camera framing and initial audio/video encoding.

Modern solutions often blend both approaches by using client-side pre-processing before optimizing server-side, offering cost-effectiveness, efficiency, and experience benefits.

The Cloud Ultimatum – Feature Set vs. Security

It makes perfect sense for video conferencing platforms to use centralized, shared, server-side  resources to perform specific tasks and provide processor-intensive features.

However, this introduces a significant problem. To do their job, these server-side resources must have access to the virtual meeting data.

Unfortunately, this means the server must decrypt the virtual meeting data to provide server-side features. In other words, server-side processing and end-to-end encryption are mutually exclusive.

This is the unavoidable ultimatum between giving your users the power features they want and expect and protecting your virtual meeting data.

Video Conferencing Features Impacted by Data Security and Data Sovereignty Requirements

Not all server-dependent video conferencing features are obvious. While centralized recording clearly relies on server processing, many other popular features also depend on server-side resources — often without IT managers or users realizing.

This section identifies some of the features that normally utilize server-side processing that can impact both video conferencing security and data sovereignty.

Video Conferencing Feature	Security and Data Sovereignty Impact
Cloud Recording	Requires decrypted data on cloud servers
Transcription & Captions	Requires audio to be processed remotely
Smart Summaries	Requires AI access to full meeting data
Join Before Host	Needs persistent access to video/audio streams
Breakout Rooms	Often incompatible with E2EE
PSTN/VoIP Participants	Typically can’t join E2EE meetings

The above list includes only some examples of server-powered video conferencing features that typically introduce security or data sovereignty trade-offs.

Customers using a cloud video conferencing service provider have two options:

1. Prioritize user experience by allowing access to features that introduce data security risks and violate data sovereignty policies.
2. Prioritize data protection by denying users access to power features that significantly enhance the overall meeting experience.

Full Features Without Compromise

A common misconception is that self-hosted means stripped-down functionality. That’s simply not true.

This is especially the case with an enterprise-ready platform like VQ Conference Manager.

VQ Conference Manager enables:

• Interoperability with meeting room systems
• Sophisticated scheduling and resource management
• High availability and scalability
• Rich meeting feature sets
• Compliance with national and international data regulations

You get the best of both worlds: enterprise-grade features and total control over data. With self-hosted video conferencing solutions like VQ Conference Manager, the servers that process your virtual meeting data are under your control, processing only your data.

With self-hosted video conferencing, your data never leaves your network. Even when the virtual meeting data must be decrypted for processing (e.g. for AI noise reduction, meeting recording, or transcriptions), your data is still protected by your network security system and policies.

Why VQ Conference Manager?

You’ve spent (and still spend) a fortune creating and maintaining your secure network.

Self-hosting keeps your confidential virtual meeting data on your network, protecting your data from unauthorized access during every meeting.

VQ Conference Manager is trusted by some of the most demanding and security-conscious organizations in the world — including government agencies, healthcare institutions, and critical infrastructure providers.

It’s not just about conferencing. It’s about mission-critical communications with guaranteed compliance, resilience, and privacy.

It’s just that simple.

In today’s fast-paced and evolving business environment, organizations must ensure their communication and collaboration tools are not only effective but also future-proof. Cisco TelePresence Management Suite (TMS) has been a reliable solution for managing video conferencing infrastructure; however, with its End-of-Sale (EoS) status and no active development, businesses are now seeking more advanced alternatives.

VQ DMA (Device Management and Automation) has emerged as the Cisco recommended on-premise replacement for TMS. The solution addresses many of the limitations found in Cisco TMS, providing a modern approach to managing conferencing and device ecosystems.

In this blog, we discuss some of the top reasons and benefits of migrating from Cisco TMS to VQ DMA and explain why VQ DMA is an essential upgrade for organizations looking to enhance their operational efficiency and leverage the latest features in CMS and connected devices.

1. TMS is End of Sale

Cisco announced the End-of-Sale for TMS on 1 August 2023 taking effect on 31 January 2024. Renewals cease on 31 January 2026 with end of support set for 31 January 2027. Although these dates seem distant, it’s crucial to start planning migration efforts now as there is no active development on the existing TMS product (except security bug fixes).

Migrating to a new product involves more than just a simple switch; it requires extensive planning, tools and automation to extract data from the current deployment, prepare the new environment, and move existing data.

Keep in mind that migration from one product to another is not an apples-to-apples process. It often involves mapping tasks to bridge conceptual differences between products built by different vendors.

Additionally, a critical step before migration is validating the new product in your own environment. This involves thorough testing, ensuring it meets your needs, evaluating its return on investment, and confirming that the new product’s roadmap aligns with your long-term goals.

Starting this process early will provide enough time to navigate potential challenges and ensure a smoother transition that supports future business growth.

2. Fills the gaps in TMS’s old architecture

TMS was originally designed almost 20 years ago to meet the collaboration needs of that time. While it effectively addressed the requirements back then, the world of collaboration has evolved significantly since.

TMS was not built to handle today’s demands for scalability and distributed architecture, which have become essential for modern business operations. Fundamental architectural changes to TMS would have been necessary to keep pace with the rapidly advancing landscape of collaboration devices and technologies.

While it is challenging to anticipate future requirements and create a completely future-proof architecture, we can leverage lessons from modern cloud technologies to meet current and foreseeable demands. Technologies such as Kubernetes, containerization, ANSIBLE-based automation, and robust APIs and SDKs are designed to address scalability, flexibility, and efficient deployment.

VQ Conference Manager (VQCM) is built on these modern technologies, providing an adaptable platform that evolves to support new needs as they arise. With continuous updates and enhancements, VQCM offers the agility and support that today’s collaboration environments require, positioning it as a forward-thinking solution capable of handling the ever-changing world of communication and collaboration.

3. Eliminates Windows server dependency

To keep TMS operational organizations are having to invest resources and infrastructure that don’t contribute to core collaboration functionality.

Cisco TMS requires installation on a Windows server, which in turn demands separate management of an SQL server. This setup means administrators must handle both the TMS software and the underlying infrastructure, including Windows server maintenance, upgrades, security management, and SQL server administration. Each of these components adds a layer of complexity, including licensing requirements, increasing the overall administrative burden and cost for businesses.

Modern solutions like VQCM are built on a Linux-based platform, integrating an internal database so that administrators don’t need to configure separately. Businesses can streamline their collaboration deployments with VQCM, focusing on core management without the overhead of managing separate infrastructure or licenses, ultimately leading to more efficient use of IT resources and budget.

4. Improves integration with Exchange

Cisco TMS requires installation of TMSXE to schedule calls via Microsoft Outlook, adding another component for administrators to manage.

Another drawback of TMS scheduling is that it sends two separate emails for meeting notifications, which can be confusing for users. Over time, admins and users may have grown accustomed to this dual-email approach, but it remains an outdated and inefficient process. TMS also lacks effective integration with Outlook, limiting its usability for seamless scheduling.

VQCM significantly improves upon Microsoft Outlook integration within a single platform, reducing the number of systems to oversee. VQ Conference Manager consolidates all relevant information into a single, comprehensive email for registration  that benefits both administrators and end-users.

Powerful plugins and add-ins allow users to remain within their preferred email client while accessing full scheduling and collaboration resources, making managing recurring meetings more efficient.

5. TMS doesn’t provide support for the latest features in CMS & Devices

The growing complexity of collaboration environments has increased the demand for smarter provisioning, better device management, scalable automation, and advanced analytics that provide administrators with deeper insights into deployment performance.

Over the past few years, the development of Cisco TMS has significantly slowed down, with active engineering reportedly halted for more than five years. During this period, the world of collaboration technology has evolved rapidly, with new releases of CMS, CUCM, Expressway, and various devices reshaping the landscape.

Unfortunately, TMS has not kept pace with these changes, lacking crucial updates and integration capabilities. Notably, TMS does not integrate with key infrastructure components like Expressways, preventing comprehensive oversight of calls traversing different parts of the collaboration environment.

In contrast, VQ’s DMA is designed to meet the current demands of collaboration deployments Supporting seamless integration with CMS, CUCM, Expressway, and various devices, DMA provides administrators with a unified platform that intelligently handles device provisioning and management and enables support for scalable environments through advanced automation. Additionally, VQCM offers in-depth analytics, giving administrators comprehensive insights into their collaboration ecosystem, thus empowering them to make data-driven decisions and maintain optimal performance.

Why now is the time to migrate from TMS to DMA

As the business world continues to evolve, organizations must adapt their communication and collaboration strategies to stay ahead. With increased complexity in collaboration environments and a need for seamless integration, automation, and advanced analytics, businesses are now seeking more innovative and robust solutions.

While Cisco TMS has served as a reliable tool for managing video conferencing, its End-of-Sale status and outdated architecture mean that it is no longer sufficient for modern demands.

DMA can be purchased via your Cisco Partner and is on the Cisco GPL.

This blog provides administrators with an overview on how to best proceed with trials of VQ Conference Manager and DMA. It explains the trial setup process and why this specific setup has been chosen to effectively showcase all the features of both VQCM and DMA. 

In this blog, we have provided links to detailed step-by-step guides on configuring VQCM, complete with screenshots to guide you through the entire process seamlessly. To simplify the trial and enhance focus, the entire series is divided into multiple blog posts, each addressing a smaller, specific task. This division is designed to help administrators concentrate on individual tasks without feeling overwhelmed.

Trial Setup Components

This trial setup consists of the following components:

1. Servers – A total of three VMware hosts are required: one for CMS, one for CMM, and one for VQCM. Clustering the CMS cluster will not impact VQCM, as it communicates with only one CMS server at a time. The CMM is necessary to enable the 90-day trial license on CMS, which is sufficient to complete the VQCM trial. A single instance of VQCM is configured with both the MS and DMA services for the trial.
2. Users – A total of six users are required to test the trial functionality: three LDAP-imported users assigned to the Administrator, Video Operator, and User roles, and three local users with the same roles. The local users can serve as backups or accommodate businesses that prefer certain roles to remain local rather than LDAP-based.
3. Clients – The Outlook Plugin (available for Windows) and the Metro WebRTC client (compatible with desktop platforms such as Windows and Mac, as well as mobile platforms like iPhone and Android) can both be utilized across all three roles mentioned earlier: Administrator, Video Operator, and User.

What’s next?

We will begin with the prerequisites, ensuring all necessary items are prepared before starting the VQCM installation. Without these, the trial setup may encounter delays or issues at various stages.

Next, we will proceed with the installation of the VQCM server. Once the installation is complete, we’ll apply the required certificates to the server. Following this, we’ll activate the trial license on the VQCM server.

After licensing, we’ll configure the VQCM server. This configuration includes steps such as creating a new tenant, setting up user experience profiles, defining space templates, and configuring LDAP imports.

Finally, we’ll explore how to use VQCM effectively for managing meetings, providing a complete understanding of its functionality for end users.

The VQ Conference Manager 4.4 release builds on the 4.x story, with headline new features including additional DMA functionality.

File Server enables DMA [RoomOS] Firmware Management and hosts CMS and device branding files, solving a problem for customers using and needing to replace TMS as a file server.

The CUCM Connector‘s user interface makes importing and synchronizing devices from CUCM into DMA a breeze.

As usual, there’s a good list of bug fixes in this release and the on-going performance enhancement work continues.

The 4.x platform is performing well in the field. The installed base transition from 3.x to 4.x continues (3.x is no longer supported following end of support of CentOS).The 4.x migration process works smoothly and big, complex, systems have successfully transitioned over to 4.3.

Headline features in 4.4 include…

File Server

DMA File Server is a content storage/filing and web server built-in to the VQ Conference Manager ‘cloud-in-a-box’ platform.

File Server acts as the store for VQ Conference Manager functions such as Firmware Management, VQ branding and end user applications updates (e.g. Metro Plug-in), as well as Cisco CMS and device features (branding and macros) and customer created files (manuals, guides and utilities) or content.

Firmware Management

DMA Firmware Management is designed to enable the upgrading of Cisco Collaboration devices using RoomOS firmware images downloaded from the Cisco Software Central. These ‘on-premise’ versions of RoomOS are not available through Webex Control Hub and require a service contract login to be downloaded.

CUCM Connector

This latest release of DMA (1.3) introduces a new function for environments using Cisco Unified Communications Manager (CUCM, aka ‘Call Manager’) to provision devices and provide SIP registration/call setup. The DMA ‘CUCM Connector’ enables the use of CUCM as the ‘golden source’ of device data, while bringing all the capabilities for monitoring and managing devices to the environment.

DMA does not replace CUCM in this setup (as it does TMS) but instead brings more visibility and control to video devices.

Plus…

Metro 1.1 is available as a playbook install for 4.4 and keeps getting better and better.

Coming Soon

We plan to release the VQ Hybrid Calendar in the relatively near future. Available as a playbook, it will enable functionality with Microsoft 365 Calendaring and enable calling to external services such as Webex and Microsoft Teams CVI on the 4.4 platform.

Interested in finding out more?

Read our VQ Conference Manager 4.4 Release Notes for more detailed information about how to deploy what’s new in this latest release.

You can also watch our 4.4 release webinar recording to learn about the latest features from the VQ team.

You might be aware that the operating system that underpins the VQ Conference Manager 3.x platform is called CentOS. The formal end of support for CentOS is 30^th June 2024 by the Open Source community that maintains it.

What does this mean for VQCM customers?

The operating system that underpins the VQ Conference Manager 3.x platform is called CentOS. The formal end of support for CentOS was 30^th June 2024 by the Open Source community that maintains it.

This means that VQ Conference Manager 3.12 was the last major release on the 3.x platform. All further VQ Conference Manager and DMA development will take place on the VQ Conference Manager 4.x platform only.

Please be aware that no new feature work will be performed on 3.12.

As there is a real risk that vulnerabilities are found within the CentOS Operating System and because of the end of support and declining activities of the CentOS community, we strongly advise customers to start planning to migrate to the VQ Conference Manager 4.x platform as soon as possible.

From 31st August 2025, VQ Conference Manager 3.x will no longer be supported by VQ Communications.

How do I migrate to VQ Conference Manager 4.x?

Please email support@vqcomms.com to start your migration journey. Our support team will work with you throughout the entire migration process.

Before migrating your data from 3.x, VQ Support will supply you with a pre-migration playbook that will need to be run as one of the steps during the migration process. Please be aware that 4.x also requires a new Virtual Machine (VM). The VM requirements for 4.x are greater than for 3.x. The ‘System Requirements’ chapter in our Release Notes goes into this in greater detail.

In summary, the migration process involves creating a new VM for 4.x, installing 4.x and then copying the system state and data to the new VM from the old VM. Care is needed to ensure that your 3.x instance is in a safe state and will not interfere with your new 4.x instance.

Do I need to pay anything to migrate to 4.x?

No, you will not need to pay anything to migrate to the VQ Conference Manager 4.x platform. Your 3.x license will be converted by our licensing team to a 4.x license.

If you’ve got any questions about your migration to 4.x, please contact us at support@vqcomms.com.

VQ Conference Manager includes version 8 of Elasticsearch, and with it, the new Kibana alerting feature.

Kibana’s alerting capability provides analytics data monitoring, enabling you to take actions (like sending emails) based on defined conditions. This new feature allows you to send notifications through integrations with third-party systems.

This new feature is similar to the ‘watchers’ functionality but is easier to use and better integrated into the Kibana UI. Kibana rules, defined with pre-set types and templates, allow you to hide some of the complexity of the low-level watcher conditions that were difficult to work with.

If you are looking for more detailed information about the new alerting features, please check out the official Elastic documentation for this feature on their website.

We are here to help you understand these new features. This blog runs through an example of how to set up alerts to send an email if one of your callbridges goes into ‘offline’ status in VQCM.

Establishing the correct Elastic enterprise license

Kibana’s alerting feature requires an active Elastic enterprise license. Please see the ‘Upload ECK license’ documentation available on our customer portal for instructions to apply yours.

Please note there is also a free 30-day trial license to test with if needed, described in the ‘Trial ECK license’ documentation.

The alerting feature is accessible in the left-hand menu under Management > Stack Management > Alerts and Insights.

Some options will be greyed out if you don’t have a valid enterprise or trial license applied,   thereby stopping you from using this feature fully. See the example of the connector page when the basic license is active:

Configuring connectors to send notifications

The first step is to define the connectors for the third-party systems you want to integrate with. Doing this lets you then send notifications when the desired notification conditions are met.

A variety of connector types are available, which are defined in detail in the Kibana documentation. A few examples are:

• Email
• Jira
• ServiceNow
• Microsoft Teams
• Slack
• Webhook

In this example we will configure an ‘Email’ connector by going to Management > Stack Management > Alerts and Insights > Connectors > Create connector:

You will need to enter your SMTP server details, which will depend on your environment. Depending on your setup you may also need to allow additional rules in some cases (e.g. firewall, allowed sender, etc).

To validate your settings, you can use the ‘Save & test’ option, which lets you choose a user to send a test email to:

The test will fail if anything is misconfigured –  the error notification will hopefully help you troubleshoot the issue. In the example below the error is due to incorrect credentials:

Defining rules

The rules define what actions will trigger the notifications once the conditions you choose are met. There are multiple pre-built rules to choose from – see the Kibana documentation for more details.

In short, a rule is composed of the following:

• Input
• Schedule
• Conditions
• Actions

In our example, we will use the ‘Index Threshold’ rule type. This monitors if a value changes past a threshold and sends an email when reached. The Index Threshold monitors the number of online callbridges reported by VQCM and triggers the notification if the number drops below the expected value:

Our condition checks if the minimum number of call bridges drops below 2, (which is the normal number of call bridges online in the example). This check occurs every minute, checking if the value is below the threshold for the last minute.

If so, this triggers an action using the connector previously created:

The above is the default template for the message. The email template can include values representative of your data at the moment the notification was sent. In this case, it would show how many callbridges are online. You can update that message depending on the use case and include more data if necessary.

The ‘Elasticsearch Query’ rule type even lets you add specific fields from documents in your indices, like the message linked to a specific event in the example below.

There are several options to customise the behaviour further, including snoozing notifications on a given schedule:

Including document values

If you use a rule of type ‘Elasticsearch query’, you can include results from the query in the output.

Here is an example of a rule based on the ‘McuStateChange’ events raised by VQ, which will output the timestamp and message for each event captured:

This will iterate over each document (one per ‘McuStateChange’ event in this case) that matches the query and pull specific fields, like timestamp and message.

This rule also shows you can include a relevant dashboard link (‘Call Bridge Dashboard’ in this case, URL copied from the dashboard page) in the message template:

Example email received from the action linked to this rule:

Troubleshooting

Within the web page, you can also see the history of the previous executions of the rules and find more information about failures. See the Kibana documentation for more details on how to troubleshoot those issues.

If the above doesn’t help you to resolve the issue by yourself, you can email us at support@vqcomms.com.

Want to learn more about Kibana’s capabilities? Watch our demo video, where Ethan, one of VQ’s engineers, walks through basic setup.