Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller



Similar documents
OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

An Oracle White Paper October Gneis Turns to Oracle to Secure and Manage SIP Trunks

Brochure. Dialogic BorderNet Session Border Controller Solutions

White Paper. avaya.com 1. Table of Contents. Starting Points

Solution Brief. Secure and Assured Networking for Financial Services

Session Border Controllers in Enterprise

Siemens OpenScape Voice V7 SIP Connectivity with OpenScape SBC V7. to Integra SIP Service

Comparing Session Border Controllers to Firewalls with SIP Application Layer Gateways in Enterprise Voice over IP and Unified Communications Scenarios

Your Voice is Critical. OpenScape Enterprise voice solutions gives power to voice

Securing SIP Trunks APPLICATION NOTE.

SIP Trunking Configuration with

SIP Trunking DEEP DIVE: The Service Provider

Oracle s Solution for Secure Remote Workers. Providing Protected Access to Enterprise Communications

1 ABSTRACT 3 2 CORAL IP INFRASTRUCTURE 4

SBC WHITE PAPER. The Critical Component

Your Voice is Critical. OpenScape Enterprise voice solutions gives power to voice

Session Control Applications for Enterprises

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Ingate Firewall/SIParator SIP Security for the Enterprise


A POLYCOM WHITEPAPER Polycom. Recommended Best Security Practices for Unified Communications

WebRTC: Why and How? FRAFOS GmbH. FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

MOBILITY & INTERCONNECTIVITY. Features SECURITY OF INFORMATION TECHNOLOGIES

Voice Over IP and Firewalls

Secure VoIP for optimal business communication

SIP Security Controllers. Product Overview

Allstream Converged IP Telephony

Security Considerations for DirectAccess Deployments. Whitepaper

Considerations In Developing Firewall Selection Criteria. Adeptech Systems, Inc.

November The Business Value of SIP Trunking

An Oracle White Paper February Centralized vs. Distributed SIP Trunking: Making an Informed Decision

What is an E-SBC? WHITE PAPER

ETM System SIP Trunk Support Technical Discussion

OpenScape UC Firewall and OpenScape Session Border Controller

SIP Trunking and the Role of the Enterprise SBC

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

OpenScape Enterprise Express is

SIP Trunking to Microsoft Lync (Skype for Business) Server

On-Demand Call Center with VMware View

PETER CUTLER SCOTT PAGE. November 15, 2011

FRAFOS GmbH Windscheidstr. 18 Ahoi Berlin Germany

Oracle s Unified Communications Infrastructure Solution. Delivering Secure, Reliable, and Scalable Unified Communications Services

QuickSpecs. Models. Features and benefits Configuration. HP VCX x3250m2 IP Telecommuting Module. HP VCX x3250m2 IP Telecommuting Module Overview

Communications Transformations 2: Steps to Integrate SIP Trunk into the Enterprise

The Business Value of SIP Trunking

Connecting MPLS Voice VPNs Enabling the Secure Interconnection of Inter-Enterprise VoIP

Beyond Quality of Service (QoS) Preparing Your Network for a Faster Voice over IP (VoIP)/ IP Telephony (IPT) Rollout with Lower Operating Costs

METHODS OF INTEGRATING mvoip IN ADDITION TO A VoIP ENVIRONMENT

Gateways and Their Roles

Load Balancing for Microsoft Office Communication Server 2007 Release 2

Current and Future Research into Network Security Prof. Madjid Merabti

SIP Trunking Interoperability

Microsoft Lync and SIP trunking - Ensuring multi-vendor technology success with Prognosis

An Oracle White Paper August What Is an Enterprise Session Border Controller?

Product Information = = = sales@te-systems.de phone

The Best Communications Solution for your business ipecs-lik

StarLeaf Connectivity Services. Deployment Guide

Recommended IP Telephony Architecture

Cisco Wide Area Application Services (WAAS) Software Version 4.0

SBC 1000/2000 Configuration Guide with Lync 2013 for Windstream/ LPAETEC SIP Trunk Deployments

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

Symantec Endpoint Protection 11.0 Architecture, Sizing, and Performance Recommendations

Your Communications Solution. The Best Communications Solution for Your Business ipecs-lik. ipecs is an Ericsson-LG Brand

Deploying Secure Enterprise Wide IP Videoconferencing Across Virtual Private Networks

Securing Unified Communications for Healthcare

Firewalls. Securing Networks. Chapter 3 Part 1 of 4 CA M S Mehta, FCA

IOCOM Whitepaper: Connecting to Third Party Organizations

VoIP Logic Platform: Peering SIP Trunking

Cconducted at the Cisco facility and Miercom lab. Specific areas examined

Configuring a Mediatrix 500 / 600 Enterprise SIP Trunk SBC June 28, 2011

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

Configuration of Applied VoIP Sip Trunks with the Toshiba CIX40, 100, 200 and 670

Internet Content Provider Safeguards Customer Networks and Services

UC and SIP Trunking Luncheon. Sponsored by:

How To Support An Ip Trunking Service

District of Columbia Courts Attachment 1 Video Conference Bridge Infrastructure Equipment Performance Specification

BlackRidge Technology Transport Access Control: Overview

Configuring the Sonus SBC 2000 with Cisco Unified Call Manager 10.5 for Verizon Deployment

Windows Server on WAAS: Reduce Branch-Office Cost and Complexity with WAN Optimization and Secure, Reliable Local IT Services

AND Recorder 5.4. Overview. Benefits. Datenblatt

Your Communications Solution. The Best Communications Solution for your business ipecs-lik. ipecs is an Ericsson-LG Brand

Altus UC Security Overview

Deploying a Secure Wireless VoIP Solution in Healthcare

Astaro Gateway Software Applications

FIREWALL. Features SECURITY OF INFORMATION TECHNOLOGIES

Deploying Firewalls Throughout Your Organization

A Model-based Methodology for Developing Secure VoIP Systems

Contents Introduction Why Fax over IP? How Real-time Fax over IP works Implementation with MessagePlus/Open Summary. About this document

Symantec Enterprise Firewalls. From the Internet Thomas Jerry Scott

NetScreen-5GT Announcement Frequently Asked Questions (FAQ)

Transcription:

Solution Review: Siemens Enterprise Communications OpenScape Session Border Controller Russell Bennett UC Insights www.ucinsights.com russell@ucinsights.com Introduction Those familiar with unified communications (UC) will be well aware of the value of rich, multi-modal, presencedriven collaboration tools in enhancing business productivity and speeding decision making within the enterprise. Siemens OpenScape Voice, which was launched in 2003, was the first end-to-end UC system to become available and is designed to match the pace of work and the dynamic nature of modern organizational structures. However, these organizational dynamics are not limited to single sites or single networks: A UC system that can only operate within the corporate network significantly limits the ROI that can be achieved with UC; Since UC is not ubiquitous, a UC system must provide access to the PSTN. Nevertheless, the well understood risks of malicious attack from the public Internet make the extension of collaboration beyond the corporate firewalls a risky and difficult undertaking. For these reasons, Siemens Enterprise Communications (Siemens) has just announced the OpenScape Session Border Controller (SBC). What is a Session Border Controller? How does it work? Why do I need one? Before addressing these questions, we will first examine the challenges and threats of wide area collaboration; and then move on to the opportunities and benefits.

Preventing Network Intrusion Corporate networks are protected from network intrusion by firewalls in a moat-like structure nicknamed the DMZ. Firewalls are designed to allow only validated traffic to traverse the DMZ, normally only email messages (SMTP) and web page requests (HTTP), both of which are easy to identify and to inspect. However, generic firewalls are wholly unsuited to managing UC data streams: UC systems such as OpenScape Voice use exotic real-time media types and complex signaling protocols (e.g. SIP messages) which can have other protocols and message types embedded within them; Real-time media (e.g. voice, video, data collaboration) occupies significant bandwidth; Inspecting encrypted data packets requires access to the encryption algorithms and the encryption keys; Determining the difference between a legitimate SIP message and, say, a virus requires a deep understanding of every potential SIP message structure. The exponential complexity and load created by UC on firewalls means that network administrators have three choices: 1. Block UC traffic from traversing the firewall (which will be the default action with most firewalls). 2. Open firewall ports to freely allow the traversal of UC (and any other) traffic. 3. Deploy a Session Border Controller (SBC). The first two options are intuitively bad ideas. But for the second option, if you ever took a look at a firewall log you would see that someone is scanning your network ports several times a day for reasons that we can only imagine. So, for the UC-enabled enterprise, the only viable choice is option three. Having worked through the issues that firewalls encounter in UC-enabled networks, you will be starting to get a sense for what a Session Border Controller actually is; how it works and why you need one. Since Siemens builds OpenScape Voice, they were able to design a Session Border Controller with a deep understanding of the OpenScape Voice SIP messages and media types. In order to provide high scalability for SIP sessions (e.g. up to 2,000 voice calls with very low latency), the OpenScape SBC first ensures the validity of the SIP session by inspecting the signaling messages and validating the user credentials. Once the session has been validated, it then allows media packets associated with that session to pass through the assigned port. This is done with very low latency by inspecting the packet header to ensure that it originates from and is destined for the IP addresses of the validated end-points, as well as inspecting the packet contents for protocol compliance. While OpenScape Voice can operate with a 3 rd party session border controller, these more generic devices are expensive to purchase and deploy and typically ship as an appliance form-factor. The OpenScape Session Border Controller is a software module that is installed on the customer s preference of off-the-shelf server hardware and is priced linearly according to the number of concurrent sessions required. Furthermore, the fact that the Siemens element is designed specifically for OpenScape Voice has allowed them to increase security by reducing the attack surface. 2

SIP Trunking One of the features of the OpenScape Session Border Controller is the ability to connect to SIP Trunking 1 services in order to gain access to the PSTN. SIP Trunking arose as a mechanism for overcoming the limitations of the existing PBX-to-Service Provider connection technology, the PRI trunk, specifically: The 23/30 channel limit; The fixed (64k) bandwidth per channel; Being tied into telephony toll rate plans for even inter-branch calls. Since OpenScape Voice natively uses SIP/RTP, the use of a SIP Trunk overcomes all of these issues and can present significant cost savings over PRI Trunks. However, ambiguity within SIP standards has caused varying implementations of SIP Trunk interfaces to be offered by service providers. The OpenScape Session Border Controller can be adapted by configuration to enable connection to all of the current SIP Trunk services and has been tested against many of the major SIP service providers 2. By mid-2012, Siemens plans to have certified against the emerging SIPconnect 1.1 standard from the SIP Forum (note that Siemens was a key contributor to this standard). Connecting Teleworkers and Remote Networks As described above, UC can only fulfill its true potential when collaboration can extend beyond the corporate DMZ to encompass the entire organizational structure. The OpenScape Session Border Controller can simultaneously connect the data center or corporate headquarters to telecommuters 3, roaming workers and remote branch offices (as well as SIP Trunk service providers) using authenticated and encrypted channels. The OpenScape SBC validates the user s credentials before opening a port to allow the passage of encrypted media: thus ensuring network security and business communications privacy. Since the network port is open only for the duration of an authenticated session, rogue packets that may attempt to access the corporate network are easily denied access. Reliability and Ease of Management The OpenScape Session Border Controller provides a high degree of reliability and seamless failover to ensure that business communications can continue in various failure scenarios. It can be deployed in a redundant, geographically distributed, active-standby pairing to mitigate the impact of local failures and hardware failure. Call state and other data are synchronized on the redundant nodes, enabling calls to be re-routed in real-time in the event of failure. As with the remainder of the OpenScape suite, the OpenScape SBC is managed from the Common Management Portal (CMP) via a browser-based graphical user interface (i.e. not a command line system). The CMP provides 1 Frost and Sullivan have forecasted that, by 2016, SIP Trunking will be a $3.9 billion market in North America, reaching 46 million workers. 2 Including (at the time of writing) Verizon, AT&T, BT, Skype, Orange, Vodafone, Telefonica, Global Crossing, Qwest, T-Systems, and Colt. 3 The US Bureau of Labor Statistics estimates that 12% of US full-time employees work from home at some point in their day. 3

the monitoring, alarm, logging, tracing, back-up and restore functions that you would expect in a system that supports mission critical business functions. Conclusion The Siemens Enterprise Communications OpenScape Session Border controller is an invaluable addition to the OpenScape technology suite. While the benefits of wide area network communications are compelling, with all of the well-publicized threats emanating from the Internet, enterprises are understandably fearful of exposing their corporate network to external attack. With the OpenScape SBC, enterprises can not only gain the benefits SIP Trunking, they can also provide remote access to remote workers and branch offices while maintaining network integrity. There are other session border controllers on the market that can interoperate with OpenScape Voice, but none of them can provide the degree of integration, the scalability, the manageability and the low cost of acquisition, deployment and operation that is provided by the native OpenScape option. This paper is sponsored by Siemens Enterprise Communications. 4

Copyright 2011 UCStrategies. All rights reserved. Information in this document is subject to change without notice. UCStrategies assumes no responsibility for any errors that may appear in this document. UCStrategies St. Helena, CA 94574 Phone: (707) 963-9966 UCStrategies.com Siemens Enterprise Communications 1881 Campus Commons Drive Reston, VA 20191 Phone: +1 (703) 262-2000 Toll free: +1 (800) 310-6308 5

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information