Building the Lync Security Eco System in the Cloud Fact Sheet.



Similar documents
Building the Lync Security Eco System in the Cloud Fact Sheet.

Police. 21st Century Security Problem for Police Authorities.

Preparing VoIP and Unified Communications Systems for IPv6 Technical Summary September 2014

Fact Sheet. N-fon Case Study

Compliance and Unified Communication

Load Balancing for Microsoft Office Communication Server 2007 Release 2


Live Communications Server 2005 SP1 Office Communications Server Matt Newton Network Engineer MicroMenders, Inc

SIP Trunking Configuration with

SIP Trunking with Microsoft Office Communication Server 2007 R2

Core Solutions of Microsoft Lync Server 2013

Course Outline. Course 20336B: Core Solutions of Microsoft Lync Server Duration: 5 Days

Course Outline. Core Solutions of Microsoft Lync Server 2013 Course 20336B: 5 days Instructor Led. About this Course.

What is an E-SBC? WHITE PAPER

Microsoft Core Solutions of Microsoft Lync Server 2013

SIP Security Controllers. Product Overview

Core Solutions of Microsoft Lync Server 2013

Ingate Firewall/SIParator SIP Security for the Enterprise

Risk Free Migration to Lync Kevin Isacks, VP SBC & CA Development

Course 20336: Core Solutions of Microsoft Lync Server 2013

Core Solutions of Microsoft Lync Server 2013

20336B: Core Solutions of Microsoft Lync Server 2013

Software-Powered VoIP

Deploying, Configuring, and Administering Microsoft Lync Server 2010

UC & C Success Requires a Services Lead Approach

Cisco / Microsoft Unified Communications Integration Overview Cisco and/or its affiliates. All rights reserved.

An outline of the security threats that face SIP based VoIP and other real-time applications

OfficeMaster Gate (Virtual) Enterprise Session Border Controller for Microsoft Lync Server. Quick Start Guide

SBC WHITE PAPER. The Critical Component

Core Solutions of Microsoft Lync Server 2013

COLLABORATION AT WORK The New Collaboration Age

Adding Telephony to Microsoft Lync with Office 365 & Other Use Cases June 11, 2013

Cisco WebEx Meetings Server

Microsoft Lync Server Overview

Anthony Caragol Gonzalo Escarrá

An Oracle White Paper August What Is an Enterprise Session Border Controller?

SangomaSBCs Keeping Your VoIP Network Secure. Simon Horton Sangoma

ENTERPRISE SESSION BORDER CONTROLLERS: SAFEGUARDING TODAY S AND TOMORROW S UNIFIED COMMUNICATIONS

Course 10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Global Network. Whitepaper. September Page 1 of 9

Enterprise Mobility Solution Puts Unified Communications on the Smartphones Employees Love

Enterprise Voice and Online Services with Microsoft Lync Server 2013

Securing SIP Trunks APPLICATION NOTE.

Recommended IP Telephony Architecture

Microsoft Office Communications Server 2007 & Coyote Point Equalizer Deployment Guide DEPLOYMENT GUIDE

White Paper. avaya.com 1. Table of Contents. Starting Points

BT One. Analyst and consultant update, September BT One. Communications that unify 1

Enabling Users for Lync services

CHAPTER 1 INTRODUCTION

SIP SECURITY JULY 2014

Deployment Guide. Microsoft Lync 2013 and Citrix NetScaler Deployment Guide. citrix.com

KISUMU LAW COURTS: SPECIFICATIONS FOR A UNIFIED COMMUNICATION SYSTEM / VOICE OVER INTERNET PROTOCOL (VOIP) SOLUTION. Page 54 of 60

Unified Communications in a Nutshell. beronet. communication without borders

Deployment Guide July-2014 rev. a. Deploying Array Networks APV Series Application Delivery Controllers for Microsoft Lync Server 2013

Securing Unified Communications for Healthcare

Polycom Solutions For Microsoft Unified Communications ETK networks Technical Workshop 2011 Michael Ott, Distribution Manager DACH

Module 6. Designing and Deploying External Access. MVA Jump Start

10533A: Deploying, Configuring, and Administering Microsoft Lync Server 2010

Convergence: The Foundation for Unified Communications

Implementing Live Meeting with Microsoft Office Communications Server 2007

Fabrizio Volpe. MVP Directory Services MCITP Lync

Whitepaper: Microsoft Office Communications Server 2007 R2 and Cisco Unified Communications Manager Integration Options

PETER CUTLER SCOTT PAGE. November 15, 2011

Application Note. Lync 2010 deployment guide. Document version: v1.2 Last update: 12th December 2013 Lync server: 2010 ALOHA version: 5.

UC and SIP Trunking Luncheon. Sponsored by:

To IP or Not To IP That is the question

ISI Unified Communications Intelligence Tools: Infortel Select and Microsoft Lync : Driving ROI From Your Lync Investment

Why Architecture Matters

Increased Productivity

OpenScape Session Border Controller Delivering security, interoperability and cost savings to the enterprise network border

Oracle s SIP Network Consolidation Solutions. Using SIP to Reduce Expenditures and Improve Communications

SIP Trunking. Cisco Press. Christina Hattingh Darryl Sladden ATM Zakaria Swapan. 800 East 96th Street Indianapolis, IN 46240

Dialogic BorderNet Session Border Controller Solutions

Technical Configuration Notes

CONNECTING TO LYNC/SKYPE FOR BUSINESS OVER THE INTERNET NETWORK PREP GUIDE

Configuring an Etherspeak SIP Trunk in Microsoft Lync 2013

Application Note Patton SmartNode in combination with a CheckPoint Firewall for Multimedia security

Lync - phone, voice mailbox, instant messaging. Pawel Grzywaczewski CERN IT/OIS

Implementing Microsoft Office Communications Server 2007 With Coyote Point Systems Equalizer Load Balancing

WHITE PAPER. Deploying Mobile Unified Communications for Avaya

On-Demand Call Center with VMware View

collaboration Keeping people in touch efficiently

Transcription:

Building the Lync Security Eco System in the Cloud Fact Sheet. [Type text]

The need to secure all entries to the fastest growing Unified Communication application (UC) and allow for complete inter-operability when connected to legacy Unified Communication platforms, such as IPPBX or remote mobile/tablet computing inclusive of BYOD. Problem statement For effective UC deployment it must be easy and cost effective to inter-connect all Microsoft Lync environments, encrypt end to end clients that are non-microsoft and manage security with direct access to the Microsoft s Lync architecture at the closest point to their core servers. Microsoft's Lync is based on the Session Initiation Protocol (SIP) which is the preferred standard Unified Communications protocol adopted by most vendors, hosted service providers and which is used to provide SIP trunk connections from Network Service Providers (NSP). SIP trunks are direct IP connections to IP-PBXs. This combined with the architecture and design of Lync limits the connectivity, Security and interoperability between Lync and other SIP based products and services. Lync is a complex product; a typical Lync installation spans multiple servers and is dependent on a number of additional services. You need Security Investment in Unified Communications has been a major part of the IT budget in the last 5 years with many looking to use Voice over the Internet, Video and Instant Messaging as productivity tools, which improves communication, saves significant costs to the business and is the future. The introduction of Bring Your Own Devices (BYOD-Mobile) together with the adoption of Cloud computing, private or public and the variants of technologies that uses SIP, has created a natural void for security, and in this we see many gaps have occurred which add risk to the business and allows various criminal activities such as:- Denial of Service Attacks Eavesdropping Packet Spoofing Replay Attack Message Integrity Information Leakage

Microsoft Connection points for Lync. UM-Labs platform provides access and security via the Lync Edge server and Front End Server. These connection points enable full UC integration. UM Labs also offer Mediation Server connections; these are used where a lower level of integration is needed, for example for SIP trunks connections. SIP is delivered over IP networks. All data and applications on an IP network use a transport protocol to deliver data from one end-point to another, for example from a remote web site to your browser.

Lync Security Eco System in the Cloud Explaining the Solution and the over lay for Unified Communications (UC). All transport protocols run over the Internet Protocol (IP). IP s job is to deliver a series of packets. The transport protocol reassembles those packets and reconstructs the application data stream. SIP offers a choice of three different transport protocols. These are: o UDP, this is a light-weight connectionless protocol that does little more than extract data from IP packets then delivers it to an application. It is the responsibility of the receiving application to re-assemble the data stream. o TCP, this is a connection orientated protocol which delivers complete and ordered data streams to the application. Compared to UDP, there is an additional overhead particularly on servers handling large numbers of connections. o TLS, this is also a connection orientated protocol. TLS encrypts the data stream. TLS is the protocol used by secure web sites.

The SIP standard allows all 3 transport protocols. Microsoft Lync supports only TCP and TLS and uses TLS for all connections between Lync clients and servers for signalling. Lync uses a variant of TLS known as mtls (mutual TLS). TLS connections are established using certificates. The use of mtls in Lync means that the Lync server and all connecting Lync clients must each be configured with their own certificate. While Lync and supporting services such as Active Directory include functions to generate and distribute these certificates, these requirements make it difficult to connect users outside of your own organisation, and very difficult to use TLS to connect devices from other vendors. Lync s security model assumes that all users are running Lync clients, that all users are included in Active Directory, that the Active Directory schema has been defined appropriately and that the enterprise is running the latest versions of both Lync and Active Directory.

Most enterprises will want the flexibility to be able to operate outside of these constraints. The UM Labs Lync Connector establishes the same grade of connection to a Lync server as a standard Microsoft Lync client. It can connect to either the Lync Front-end Server or Edge Server (depending on network topology). The connection is fully encrypted and authenticated. The Lync Connector also establishes authenticated and encrypted connections to the standard SIP Hosted Service or Enterprise PBX. The Lync Connector then relays all calls, Instant Messaging and presence information between the Lync and standard SIP systems. SIP Trunk Services The majority of SIP trunk services provide only UDP for signalling connectivity; this makes it impossible to directly connect to a Lync server. A small number of trunk providers offer TCP connectivity. While this enables the trunk to connect to a Lync server, there is a loss of the security offered by TLS. An even smaller number of SIP trunk services offer TLS, but their connectivity requirements may be incompatible with Lync. Allowing TCP connections from an external service to a Lync server sacrifices a layer of security. Existing IP-PBX Many organisations are deploying Lync to provide an internal IP-PBX service. The Lync system will need to connect to both hardware IP phones and softphones running on tablets or mobile devices. In most cases these deployments will coexist with an existing IP-PBX or need to interconnect with an IP PBX in another location. Lync s connectivity requirements make this difficult. Mobile VoIP Clients and BYOD Many enterprises have deployed VoIP clients on smartphones to enable enterprise mobility and to adopt a Bring Your Own Device (BYOD) policy. There are a number of VoIP apps for smart-phones and for tablets which enable those clients to connect over WiFi or a cellular data connection to the corporate IP-PBX and operate as extensions on that PBX. Many of these apps offer call encryption and also support IM and presence. Organisations implementing Lync will want to retain their investment in this area, particularly as the earlier Lync client for smart-phones does not support direct VoIP calls. (Lync 2013 client has implemented this in the update.) While most VoIP apps are able to offer a choice of SIP transports and therefore request a connection to a Lync server, there are a number of practical difficulties in connecting a non-lync device to a Lync server.

Even if the device supports TLS it may not be possible or practical to meet Lync s strict mtls requirements. Using TCP as a connection option means sacrificing a layer of security and will leave the Lync server open to a range of attacks, including a potentially expensive call fraud attack. It may not be feasible or practical to use Active Directory to authenticate users running non Lync devices. Edge Server Authentication, Encryption Lync Connector Active Directory Mediation Server Front-end Server OTT Service Lync Users Voice/Video Calls Presence Instant Hosted Service Users UM Labs Software Security Platform as a Service (SSPaaS) is responsible for handling security functions which include signalling and media encryption for the back-end systems. Calls made via the service are decrypted and forwarded to a UC acting as an IP-PBX. The IP-PBX is responsible for routing calls between handsets, for providing a voice mail service for handsets that are not currently reachable and for implementing other functions including text messaging and conferencing with secure video if necessary. The UC processes clear-text audio/video streams, and so must be contained within secure perimeter with all connections to external services calls routed via the SPaaS. The UM-Labs SPaaS can also support secure connections to desk phones and connections to external systems including the corporate internal phone system and SIP trunk services to provide PSTN access. Most external connections will be made in clear-text.

The UM-Labs Innovation in Security Showcase includes: Secure Communications at the touch of a button from the desk or mobile Simple connectivity to legacy phone systems Secure SIP Trunking for better ROI Secure Voice/video for Bring Your Own Device s Secure Networking and Community Building with no Eavesdropping Secure Virtual Business applications for Unified Communications Innovation in Security showcase is the world s first authentication and Encryption Security Platform as a Service (SPaaS) for UC, which brings together Persona Management and End to End encryption across an enterprise voice network, allowing 21 st century social business to be performed in safety, protected from corruption or eavesdropping. The aims are to deliver a breakthrough environment that decreases risk, reduces costs and improves communication across the business, gaining improved ROI from the use of VOIP/Video/IM/BYOD in an Enterprise UC 21 st century environment.

About UM-Labs UM Labs is a pioneer and leader of Security Software Services for Cloud Computing in the 21st Century. We deliver advanced innovative technology which deals with major issues of criminal activity and protect businesses large or small from Fraud, Disruption attacks and hacking attacks, but maintain service between users. The unique aspects of UM-Labs Platform as a Service are that it defends Unified Communications when using voice over IP/SIP, Video/BYOD and Persona Management for all mobile/tablet devices, while making existing legacy UC Systems work together, thus protecting your existing investment. The company markets a Security Service Platform for public Cloud (SSaaS/PaaS) and a private Cloud Platform, which makes connecting VoIP/Video/BYOD/UC systems to the public internet easy and secure, in this the company provides the enterprise with a data firewall as a bonus of the architecture and therefore reduces the need for both, this is considered to be an All-in-One cloud security solution. UM-Labs as a research centre has proven the technology and developed it based on the 21st century needs for cyber security, including Cloud deployment and mobile usage. The team is made up of industry experts who have been major contributors to the current security and communications industry. Adopting UM-Labs Innovation in Security will allow for true integration across the business with single authentication in protection of Persona Management from a mobile device and protection of call fraud through encryption of all UC/SIP/VOIP/IM services and this will reduce risk, while enhancing the ROI for the business. More information at: - www.um-labs.com

2026 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information