A Light Reading Webinar Session Border Controllers in Enterprise Thursday, October 7, 2010 Hosted by Jim Hodges Senior Analyst Heavy Reading Sponsored by:
Speakers Natasha Tamaskar VP Product Marketing - Genband Tori Downes Principal Technologist Metaswitch Networks Mykola Konrad Director Enterprise Product Management Sonus Networks
Agenda Introduction Why SBCs for Enterprise Enterprise SBC Architecture SBC Benefits SBC Service Scenarios Implementation Considerations Failover Scenarios Conclusion Q&A
Why SBCs? Main drivers Migration to IP / decline of TDM New IP services - voice (SIP Trunking), video, conferencing, social networking, cloud computing, Creates Islands of IP between Enterprises and Service Providers Service Providers - partners and peers Technologies - IP and TDM, SIP and H.323 Need to manage at the boundaries Protect resources Facilitate connectivity Opportunity to add many other functions
SBC Deployment Scenarios Service Provider 2 Service Provider 1 Enterprise Network Managed Enterprise Hosted Enterprise Call Center / Application SP KEY Media SIP Diameter H.248
Typical SBC Functions Much more than a firewall on steroids Security Hosted NAT, DoS/DDoS Prevention, Authentication, SPIT Detection, Topology Hiding, Privacy, Lawful Intercept, Interworking SIP/H.323, VPN Bridging, IPv4-IPv6, Transcoding/ Transrating, DTMF Interworking, IMS Interworking, Call Policy Call Admission Control, QoS, Bandwidth Management, ENUM, Call Routing, Number Analysis Accounting Billing, Offline charging,
Why SBCs for Enterprise? Enterprises are Becoming Islands of IP Deploying more diverse services - beyond data Same core requirements - but differences in detailed function No requirement for (say) Lawful Intercept, Billing Likely to require (say) QoS, Bandwidth Management, H.323-SIP Interworking, SIP Interworking, VPN bridging, Transcoding, Encryption, Drivers SIP Trunking Video Inhibitors Configuration and Management complexity
Enterprise SBC Architecture Where does the function reside? Enterprise alone (Integrated SBC) Hybrid = managed service - media in Enterprise, signaling/policy at Service Provider (Distributed SBC) Service Provider alone = hosted service (Integrated SBC) Enterprise considerations Survivability - system failover (expensive!), multiple SIP trunks, PSTN failover, local routing Compute/DSP power for DoS/DDoS, QoS/policy management, transcoding / transrating, Configuration and management complexity - requires investment in SBC management entity and personnel
Enterprise SBC Architecture Service Provider 1 Enterprise Network Managed Enterprise Hosted Enterprise Call Center / Application SP KEY Media SIP Diameter H.248
Enterprise SBC Cost Benefits Operational Expenditure Benefits Enables lower carrier access and feature rates from SIP Trunking Lower monthly recurring port charge Lower physical access charges Lower metered charges Fewer ports needed Network-wide Least Cost Routing (LCR) reduces telephony expenses Can route traffic across Corporate data network Can automatically choose among multiple providers Reduces labor required to support configuration and maintenance of dial plans across disparate PBXs $$ SIP Trunk $$$$ PRI Trunk SIP Provider PRI Provider
Enterprise SBC Cost Benefits Operational Expenditure Benefits (continued) Provides evidence for SLA enforcement (loss recovery) Session Detail Records QoS Reporting Reduces cost of Session Detail Record (SDR) collection / aggregation No need to go to disparate PBX All SDRs consolidated from SBCs Enables carrier bypass through enterprise to enterprise VoIP peering Enterprise Internet Enterprise Business Partner
Enterprise SBC Cost Benefits Capital Expenditure Benefits Leverages existing PBX investments through protocol and vendor interworking IP interface ports typically cost less than TDM ports Over-provisioning to ensure network supports real-time data is no longer necessary (fewer ports required) Centralized Call Admission Control Policy Decision-based routing Proactive QoS Monitoring, reporting, and notification Vendor A SIP Vendor B SIP SIP Gateway H.323 TDM
SBC Enterprise Service From Distributed PRI to Centralized SIP Trunking HQ HQ Carrier SIP or OTT Carrier MPLS Branch From PRI Trunks to SIP Trunks Carrier MPLS Branch Centralized SIP trunks and CDRs for all calls V V Limited intra site connectivity Services are provided to locations not users Every change requires carrier action Hard to aggregate bills Multiple PRIs per branch Management challenges many touch points Services are tied to users not location Equipment can be centralized Web based provisioning Single billing solution, ability track call performance Streamlined management single routing database (PSX)
SBC Enterprise Service Centralized Call Recording SIP Dialog Information about the call be recorded (Recording Call/Dialog/Session Recording Device Copy of the original RTP Streams (Tx and Rx) Information about Call Call SIP, H.323, PRI Sonus NBS9000 SIP Dialog (Original Call / Dialog / Session Application Server ACD,PBX, etc SIP Dialog SIP Endpoint Signaling Media
SBC Enterprise Service Scenarios SBCs as center of video communications Today can block sessions and allow video based on commonly set policies Future Video interworking, SIP Video features (Find me, follow me, conferencing,) Signaling Media
SBC Enterprise Service Scenarios Enterprise Site Peering HQ Joint Venture Partner SIP Trunk SIP Trunk Internet Provide Security and call routing for Enterprise to Enterprise secure routing
Audience Poll Which of the following is the main driver for SBC Enterprise deployments? SIP trunking Video services Opex savings Capex savings Enhanced security
SBC Implementation Considerations SBCs create a new kind of communication network Interworking with legacy equipment (H.323) Managing time sensitive traffic on data network(qos, VLAN) Supporting a wide range of SIP base services Voice IM/ Chat Presence Video As always security Topology hiding Use of DMZ to siphon off SIP traffic) Encryption for signalling, media IP addressing, NAT pinholes
SBC Implementation Considerations SBCs create a new kind of communication network WAN Routing Create secure, QoS enabled, connection to NOC Router Changes Interoperability and Legacy Regulatory Support Support centralized routing Ability to route calls globally based on least cost Ability to connect via IP to carriers around the world Ability to offer short digit dialing across the enterprise Regardless of infrastructure at the location Regardless of what the user actual dials Security Considerations Who owns the SBC? IT? Security? Voice engineering?
SBC Implementation Considerations Wan Routing and QOS concerns 100 s of different possible callroutes Call Media & Session are analyzed PSX Digits are analyzed, policies applied and route is defined 9-1-212-555-1001 NBS Corporate NOC & WAN PBX Balancing Security vs. Performance (QoS) Jitter, Lag, Bandwidth, Call Admission Control Use of bandwidth may increase How to troubleshoot? PBX troubleshooting tools may not be enough VoIP troubleshooting tools
Security Considerations Protection against attacks and threats Layer 2/3/4 security and DoS / DDoS protection Protection against SIP and H.323 protocol vulnerabilities Protection against media vulnerabilities such as malicious RTP Intrusion Detection and Prevention: Black list, white list management Deep Packet Inspection for Layer 7 protection Data confidentiality and privacy Screen user identities to protect against identity theft Data protection and privacy encryption of all multimedia sessions Topology hiding for corporate infrastructure Protection against unauthorized access Authentication, authorization of sessions and access control Preventing unauthorized bandwidth consumption Protection against theft of service and toll frauds Secure management of network elements (SNMP, HTTPS, SSH)
Enterprise Survivability Failover Scenario-1: SIP Trunk Failure Option A: Alternate POP from the Same Service Provider Option B: Alternate Service Provider Option C: Intra-enterprise session routing & management over SIP-aware Corporate VPN Scenario-2: WAN Link Failure Options A-C above if diverse physical routes are in place Options D PSTN Fall-back for emergency calls Scenarios PSTN Corporate VPN SIP Trunk SIP Trunk SIP Trunk Service provider A POP #1 Service provider A POP #2 Service provider B Enterprise SBC provides automatic detection of link failure & Intelligent Routing Options
Enterprise Survivability Failover Scenarios Scenario-3: Site Hardware Failure Co-located High Availability pair State information replicated on hot standby node All active calls are switched from the active node to the hot standby node with NO LOSS of signaling and media states Applies to both voice and multimedia sessions (i.e. video, web collaboration) A A State full call migration S
Conclusion Enterprise SBCs provide essential interworking with legacy networks during IP transition. Enable Enterprise peering. Deliver significant cost and operational benefits. Are optimized to support video services. Incorporate necessary security features. Support real-time failover to ensure a seamless user experience and QoS.
Q&A