Building the Lync Security Eco System in the Cloud Fact Sheet.



Similar documents
Building the Lync Security Eco System in the Cloud Fact Sheet.

Police. 21st Century Security Problem for Police Authorities.

Fact Sheet. N-fon Case Study

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

Core Solutions of Microsoft Lync Server 2013

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Microsoft Core Solutions of Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

Course 20336: Core Solutions of Microsoft Lync Server 2013

SIP Trunking with Microsoft Office Communication Server 2007 R2


20336B: Core Solutions of Microsoft Lync Server 2013

Compliance and Unified Communication

SIP Trunking Configuration with

Deploying, Configuring, and Administering Microsoft Lync Server 2010

Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

UC and SIP Trunking Luncheon. Sponsored by:

Course 10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Cisco / Microsoft Unified Communications Integration Overview Cisco and/or its affiliates. All rights reserved.

SIP Security Controllers. Product Overview

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development

COLLABORATION AT WORK The New Collaboration Age

What is an E-SBC? WHITE PAPER

Ingate Firewall/SIParator SIP Security for the Enterprise

To IP or Not To IP That is the question

UC & C Success Requires a Services Lead Approach

Fabrizio Volpe. MVP Directory Services MCITP Lync

An outline of the security threats that face SIP based VoIP and other real-time applications

Recommended IP Telephony Architecture

Module 4. Planning and Designing Load Balancing

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Microsoft Lync Server Overview

Enabling Users for Lync services

Software-Powered VoIP

Anthony Caragol Gonzalo Escarrá

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

Securing SIP Trunks APPLICATION NOTE.

VoIP Survivor s s Guide

Saving Money and Simplifying Architecture with the Session Initiation Protocol

Adding Telephony to Microsoft Lync with Office 365 & Other Use Cases June 11, 2013

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Course 10534A: Planning and Designing a Microsoft Lync Server 2010 Solution

Convergence: The Foundation for Unified Communications

Technical Configuration Notes

Sonus and Lync Enterprise Voice

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

10533: Deploying, Configuring, and Administering Microsoft Lync Server 2010 Duration: Five Days

Product Information = = = sales@te-systems.de phone

MS Planning and Designing a Microsoft Lync Server 2010 Solution

Global Network. Whitepaper. September Page 1 of 9

Increased Productivity

ICTTEN5168A Design and implement an enterprise voice over internet protocol and a unified communications network

Deployment Guide. Microsoft Lync 2013 and Citrix NetScaler Deployment Guide. citrix.com

An Oracle White Paper August What Is an Enterprise Session Border Controller?

Application Note. Lync 2010 deployment guide. Document version: v1.2 Last update: 12th December 2013 Lync server: 2010 ALOHA version: 5.

Your Communications Solution. The Best Communications Solution for Your Business ipecs-lik. ipecs is an Ericsson-LG Brand

Module 6. Designing and Deploying External Access. MVA Jump Start

Cisco WebEx Meetings Server

Whitepaper: Microsoft Office Communications Server 2007 R2 and Cisco Unified Communications Manager Integration Options

BT One. Analyst and consultant update, September BT One. Communications that unify 1

SBC WHITE PAPER. The Critical Component

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

White Paper. avaya.com 1. Table of Contents. Starting Points

Unified Communications in a Nutshell. beronet. communication without borders

CHAPTER 1 INTRODUCTION

Unified Trading Communications

8 REASONS MORE COMPANIES ARE MOVING THEIR BUSINESS PHONES TO THE CLOUD

Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers for Microsoft Lync Server 2013

On-Demand Call Center with VMware View

Implementing Live Meeting with Microsoft Office Communications Server 2007

Polycom Solutions For Microsoft Unified Communications ETK networks Technical Workshop 2011 Michael Ott, Distribution Manager DACH

Mobile-Convergence Solution Unified Enterprise Communications

A Brief Overview of VoIP Security. By John McCarron. Voice of Internet Protocol is the next generation telecommunications method.

Office 365 Cloud PBX. Options of Migrating to a Skype for Business Cloud Deployment

ComUnity. Move your organization s telephony from servers to service

How to Configure the Allworx 6x, 24x and 48x for use with Integra Telecom SIP Solutions

Transcription:

Building the Lync Security Eco System in the Cloud Fact Sheet. [Type text]

The need to secure and deliver a compliant cloud solution to all transactions in and out of the fastest growing Universal Communication applications (UC) and allow for complete interoperability when connected to legacy Universal Communication platforms, such as IPPBX or remote mobile/tablet computing inclusive of BYOD is crucial in the 21 st century. Cloud Computing for Universal Communications Office Box and Microsoft Lync Server provides complete presence, instant messaging, conferencing and enterprise voice capabilities through a single, user-friendly interface. The provision of data center resiliency and survivable branch security (branch flexibility) for high availability is possible. The consistent management infrastructure, new capabilities to increase availability and interoperability with existing systems work for administrators. It must be easy and cost effective to inter-connect all Microsoft Lync environments, encrypt end to end clients that are non Microsoft and manage security with direct access to the Microsoft s Lync architecture at the closest point to their core servers. Microsoft's Lync is based on the Session Initiation Protocol (SIP) which is the preferred standard Universal Communications protocol adopted by most vendors, hosted service providers and which is used to provide SIP trunk connections from Network Service Providers (NSP). SIP trunks are direct IP connections to IP-PBXs. Security and interoperability between Lync and other SIP based products and services can be complex, unless run by Office Box, Lync is a complex product; a typical Lync installation spans multiple servers and is dependent on a number of additional services. Security is a high priority for Office Box. Investment in Universal Communications has been a major part of the IT budget in the last 5 years with many looking to use Voice over the Internet, Video and Instant Messaging as productivity tools, which improves communication, saves significant costs to the business and is the future. The introduction of Bring Your Own Devices (BYOD-Mobile) together with the adoption of Cloud computing, private or public and the variants of technologies that uses SIP, has created a natural void for security, and in this we see many gaps have occurred which add risk to the business and allows various criminal activities such as:- Denial of Service Attacks Eavesdropping Packet Spoofing Replay Attack Message Integrity Information Leakage

Office Box services in the Cloud for Universal Communications. UM-Labs platform provides access and security via the Lync Edge server and Front End Server. These connection points enable full UC integration. UM Labs also offer Mediation Server connections; these are used where a lower level of integration is needed, for example for SIP trunks connections. SIP is delivered over IP networks. All data and applications on an IP network use a transport protocol to deliver data from one end-point to another, for example from a remote web site to your browser.

Lync Security Eco System in the Cloud Explaining the Solution and the over lay for Universal Communications (UC). All transport protocols run over the Internet Protocol (IP). IP s job is to deliver a series of packets. The transport protocol reassembles those packets and reconstructs the application data stream. SIP offers a choice of three different transport protocols. These are: o UDP, this is a light-weight connectionless protocol that does little more than extract data from IP packets then delivers it to an application. It is the responsibility of the receiving application to re-assemble the data stream. o TCP, this is a connection orientated protocol which delivers complete and ordered data streams to the application. Compared to UDP, there is an additional overhead particularly on servers handling large numbers of connections. o TLS, this is also a connection orientated protocol. TLS encrypts the data stream. TLS is the protocol used by secure web sites.

The SIP standard allows all 3 transport protocols. Microsoft Lync supports only TCP and TLS and uses TLS for all connections between Lync clients and servers for signalling. Lync uses a variant of TLS known as mtls (mutual TLS). TLS connections are established using certificates. The use of mtls in Lync means that the Lync server and all connecting Lync clients must each be configured with their own certificate. While Lync and supporting services such as Active Directory include functions to generate and distribute these certificates, these requirements make it difficult to connect users outside of your own organisation, and very difficult to use TLS to connect devices from other vendors. Lync s security model assumes that all users are running Lync clients, that all users are included in Active Directory, that the Active Directory schema has been defined appropriately and that the enterprise is running the latest versions of both Lync and Active Directory.

Most enterprises will want the flexibility to be able to operate outside of these constraints. The UM Labs Lync Connector establishes the same grade of connection to a Lync server as a standard Microsoft Lync client. It can connect to either the Lync Front-end Server or Edge Server (depending on network topology). The connection is fully encrypted and authenticated. The Lync Connector also establishes authenticated and encrypted connections to the standard SIP Hosted Service or Enterprise PBX. The Lync Connector then relays all calls, Instant Messaging and presence information between the Lync and standard SIP systems. SIP Trunk Services The majority of SIP trunk services provide only UDP for signalling connectivity; this makes it impossible to directly connect to a Lync server. A small number of trunk providers offer TCP connectivity. While this enables the trunk to connect to a Lync server, there is a loss of the security offered by TLS. An even smaller number of SIP trunk services offer TLS, but their connectivity requirements may be incompatible with Lync. Allowing TCP connections from an external service to a Lync server sacrifices a layer of security. Existing IP-PBX Many organisations are deploying Lync to provide an internal IP-PBX service. The Lync system will need to connect to both hardware IP phones and softphones running on tablets or mobile devices. In most cases these deployments will coexist with an existing IP-PBX or need to interconnect with an IP PBX in another location. Lync s connectivity requirements make this difficult. Mobile VoIP Clients and BYOD Many enterprises have deployed VoIP clients on smartphones to enable enterprise mobility and to adopt a Bring Your Own Device (BYOD) policy. There are a number of VoIP apps for smart-phones and for tablets which enable those clients to connect over WiFi or a cellular data connection to the corporate IP-PBX and operate as extensions on that PBX. Many of these apps offer call encryption and also support IM and presence. Organisations implementing Lync will want to retain their investment in this area, particularly as the earlier Lync client for smart-phones does not support direct VoIP calls. (Lync 2013 client has implemented this in the update.)

While most VoIP apps are able to offer a choice of SIP transports and therefore request a connection to a Lync server, there are a number of practical difficulties in connecting a non-lync device to a Lync server. Even if the device supports TLS it may not be possible or practical to meet Lync s strict mtls requirements. Using TCP as a connection option means sacrificing a layer of security and will leave the Lync server open to a range of attacks, including a potentially expensive call fraud attack. It may not be feasible or practical to use Active Directory to authenticate users running non Lync devices. Edge Server Authentication, Encryption Lync Connector Active Directory Mediation Server Front-end Server OTT Service Lync Users Voice/Video Calls Presence Instant Hosted Service Users UM Labs Software Security Platform as a Service (SSPaaS) is responsible for handling security functions which include signalling and media encryption for the back-end systems. Calls made via the service are decrypted and forwarded to a UC acting as an IP-PBX. The IP-PBX is responsible for routing calls between handsets, for providing a voice mail service for handsets that are not currently reachable and for implementing other functions including text messaging and conferencing with secure video if necessary. The UC processes clear-text audio/video streams, and so must be contained within secure perimeter with all connections to external services calls routed via the SPaaS.

The UM-Labs SPaaS can also support secure connections to desk phones and connections to external systems including the corporate internal phone system and SIP trunk services to provide PSTN access. Most external connections will be made in clear-text. UM-Labs and Office Box are part of the Innovation in Security Showcase which Includes: European cloud partnerships which must have

Innovation in Security showcase is the world s first authentication and Encryption Security Platform as a Service (SPaaS) for UC, which brings together Persona Management and End to End encryption across an enterprise voice network, allowing 21 st century social business to be performed in safety, protected from corruption or eavesdropping. The aims are to deliver a breakthrough environment that decreases risk, reduces costs and improves communication across the business, gaining improved ROI from the use of VOIP/Video/IM/BYOD in an Enterprise UC 21 st century environment.

About Office Box The ENZCOM was founded in 1997 and specializes in the provision of IT infrastructure services in the context of IT outsourcing projects and managed IT services. Since 2014, we are operating as GmbH and based in Buchholz, south of Hamburg. Under IT infrastructure management, we understand all the benefits that are associated with the design, implementation, monitoring and reliable operation of infrastructural IT systems. These offers ENZCOM services in the following areas: Monitoring Management Server Management Backup and Disaster Management Security Management Client Management Software Packaging and rollout Inventory Management 24 7 ServiceDesk LAN Management Solutions Consulting Data Center Our employees in IT infrastructure support are highly qualified and experienced system engineers. Condition for the activity in ENZCOM Operation Center (NOC) or in ENZCOM Project Center (EPC) Experience in customer-focused service, manufacturer authorizations (Microsoft MCITP, Microsoft MCP, etc.) and participation in further education in telephone support, remote management and technology.

Our system engineers are experienced in the design and implementation of complex CITRIX, Microsoft and security infrastructure systems. The ENZCOM is both technically and organizationally well equipped for the provision of service desk support and remote services. Guaranteed Telephone availability 24 7 Custom Incident assumption Mapping and monitoring of customized SLAs through the use of professional, ITIL compliant service desk tools Proprietary hardware and software for remote monitoring and remote access (RAP) Development and maintenance of customer-specific documentation databases and knowledge bases Reliable and proven escalation structures and quality monitoring ITIL compliant processes In order to meet the legitimate expectations of our customers, particularly in terms of accessibility, responsiveness, system availability, flexibility and quality full, sets the ENZCOM on a proven system: Close cooperation with all major manufacturers such as CITRIX, DELL and Microsoft Continuous accessibility for customers (24 hours / 7 days) Employees with specializations and authorizations in all relevant infrastructure and technical areas Regular developments in the field of technology and customer orientation QM system as an optimization basis for technical and administrative procedures and services (the ENZCOM operates according to the standards of ISO 9001 and ITIL) Benchmarking as the basis of price / performance comparisons

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information