View
222
Download
4
Category
Tags:
Preview:
Citation preview
ITEXPO 2015Khris Kendrick
Vice President Business Development Khris@ingate.com
+1 978-290-0001
Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.
Solutions for SIP
The SIP enabler
We enable SIP communication for business
The Role Of The E-SBC
Who Are We?Ingate Systems – Quick Facts• Founded 2001 with Intertex heritage from the 1980s• Headquarters in Stockholm, Sweden• North American subsidiary in New
Hampshire, USA• Japanese liaison office • Leader in real-time SIP communications
with more than 50,000 small and 10,000 business and enterprise installations in 50+ countries
• Leading innovator with patents registered and pending
• First SIParator® (SIP Proxy-based firewall & E-SBC) delivered in 2001
• First E-SBC certified by the ICSA Labs for VoIP SIP security firewall
• Ingate’s SIP Trunking Seminars at ITEXPO since 2006 – Bringing SIP to the Enterprisehttps://www.ingate.com/itexpo_miami_2015.php
Why—E-SBC Growth? Gartner Market Direction
• Enterprises are moving to SIP trunking to reduce their telecom expenses by 30 to 50%
• The Enterprise Session Border Controller (E-SBC) market based on SIP trunking is estimated to grow by 20% per year 2014 – 2018.
• 80% of enterprises in North America have some SIP trunks but only 10% of them have fully completed their migration to SIP trunking
• New UC solutions / technologies such as WebRTC will add to this growth
Gartner June 2014: Market Guide for Enterprise SBC
“SIP Trunking is no longer a Nicety, it’s a Necessity” - Jonah Fink
• SIP is an important and beneficial component of the evolution of business communication• Lower cost--ROI• Single network• Centralized call management with local
numbers• Evolution to global connectivity• Revolutionary use of video and other media• Faster recovery from disasters
Implementation requires an E-SBC
Question: Would you ever drive your business into a storm?
Would you ever do this?
PSTN
Data LAN
Public Internet or
MPLS
Factoid: Unsecure network/PBX exposure to the Internet will hurt your business…not if, but when
Case Study Nationwide Processing
• Case: Nationwide provides outsourced mortgage production services to leading institutions.
• Problem: Initially connected their PBX to the Internet and continuously got Brute Force Registrations, Toll Fraud, Denial of Service (DoS) and SIPVicious attacks
• Solution: SIParator E-SBC installed by eTechHelp
PBX Exposed: Not RecommendedPSTN
Data LAN
Firewall
IP- PBX
SIP Trunking Provider Network
GWPublic
Internet or MPLS
NAT Breaks SIP: Not PossiblePSTN
Public Internet or
MPLS
Data LAN
Firewall
IP-PBX
SIP Trunking Provider Network
GW
E-SBC Resolves Firewall Traversal allowing the PBX to be on the LAN
Public Internet or
MPLS
Data & VoIP LAN
IP-PBX
SIP Trunk
Firewall
SIP Trunking Provider Network
GW
What is an E-SBC
• Device that:• Installed at the border between an
enterprise and the Wide Area Network
The Border: Where is the E-SBC installed?
14
How the E-SBC Role Has Evolved
And Why First-Gen E-SBCs Can’t Keep Up
Old World PSTN--- New World IP
Delivering Higher Order of Services
• Selling bare pipes is a race to zero
• Service providers (SP) must transform revenue stream to compete
UC Couldn’t Happen For the Masses Without an E-SBC
Mobility Remote office Collaboration--WebRTC Presence Etc.
What is an E-SBC?A edge device that is inserted into the signaling and media path between devices to provide session interworking. “Session Traffic Cop”
An E-SBC provides:• Connectivity- NAT Transversal, session aware firewall, IPv4 to IPv6• Security- DoS, IPSec and TLS origination and termination• Quality of Services- Policing, rate limiting• Media Services- DTMF• Normalizes Protocols • Policy Control• HA Resiliency and Redundancy
Ingate E-SBCVM Soft E-SBC
VM Soft E-SBC
What is an E-SBC
• Device that:• Is installed at the border between an
enterprise and the Wide Area Network• Similar to a data firewall but for SIP
and related media
What’s a session
• A M2M connection between two (devices) parties• A bi-directional phone call• A bi-directional video connection• A chat session
What is controlled?
• Dynamic and trusted pinholing• Far-END NAT traversal• Security• Routing• Quality• Statistics• SIP protocol normalization• Far-END diagnostics
What is an E-SBC
• Device that: “SIP Traffic COP”• Is installed at the border between an
enterprise and the Wide Area Network• To control how sessions are managed
• Between two end-points• Between enterprise and service
provider• Between remote user and enterprise
• Similar to a data firewall but for SIP and related media
Why does the Enterprise need an E-SBC?• Deep SIP Packet Inspection
• To keep the PBX secure
• Intrusion Detection / Prevention
• To prevent Denial of Service Attacks
• Toll Fraud prevention• Authentication processes
• Encryption• To enable private communications
An E-SBC Simplifies, Secures and Strengthens any SIP Implementation
• Firewall traversal• Enables placement of the
PBX behind the firewall
• Normalization of SIP signaling
• To insure interoperability with the service provider
• Far End NAT Traversal• Support for Remote
Workers• Disaster recovery
• To address multiple PBXs or providers
• Quality of Service• To prioritize voice
• Demarcation Point• MOS scores• Logging and Wire Shark traces
E-SBC Features 1SBC Features Brief Description SBC
DoS/DDoS Prevention Blocks attackers from taking down the network Topology Hiding “Hides” IP devices in the network from attackers
Rogue RTP Protection Prevents thieves from stealing long-distance service Media Encryption Keeps private communications private Signaling Encryption Ensures only authorized users send/receive communications NAT Traversal Enables SIP sessions with NAT-protected devices High Availability Operations Ensure no loss of active sessions or session state during SBC
failover
Protocol Interworking Translate dissimilar signaling (SIP , transport (UDP, TCP) & encryption protocols (none, TLS, IPsec, SRTP)
Call Admission & Overload Control Ensure continuous service availability and quality, even under adverse traffic loads and/or attack.
SIP Message Manipulation (SMM) Allows an enterprise or service provider to manually or automatically change the contents of a SIP messageto provide consistent communications between devices
Media transcoding Supports for multimedia, multi-device communications
E-SBC Features 2SBC Features Brief Description SBC
IPv4 and IPv6 Interworking Allows IPv4 and IPv6 networks to work together seamlessly Data and Fax Interworking When a data call is detected and routed
DTMF interworking Supports interworking between different DTMF Relay methods B2BUA Software Architecture The B2BUA application completely terminates signaling and media
transport connections on one side and relays only specific information
onto new transport connections on another interface
Lawful Intercept Supports for lawful Intercept functionality Robust SIP Interoperability Provides robust SIP interworking, offering both dynamic and static SIP
normalization between a multitude of enterprise IP devices
Radius / CDR Billing Support for Radius accounting record and generation of CDR file
Embedded Routing/Policy Engine Provide route prioritization, call screening and blocking
E-SBC Features 3SBC Features Brief Description SBC
ENUM lookups Performs ENUM queries to an external DNS to map E.164 telephone numbers to SIP trunk URIs and then performs SIP routing based on the service URIs
Direct Media Allows the SBC to set up calls between two endpoints so that media
can be exchanged directly without consuming bandwidth to and from
the SBC
Media Pinholes Preserves this privacy and security SIP DTMF Trigger Detection Looks for specific DTMF trigger patterns and to notify an external SIP
entity when such patterns are detected
Registration Relay Relays SIP endpoint registration information between these endpoints and the Registrar
E-SBC Features 4SBC Features Brief Description SBC
SIP Peer Overload Control Traffic throttling towards a SIP peer is done based on receipt of 503 response from the SIP peer.
Codec Policy Supports setting the media (including codec) policy on a call-by-call basis.
The configurable are as follow:
• allowed codecs (ordered list)
• packetization parameters
• fax handling
• modem handling
• DTMF handling
Digit Manipulation Allows you to modify digits in called party and calling party Parameter Manipulation Allows you to modify the values of important SIP parameters Username/SIP URI Routing Username/SIP URI routing allows routing of requests based on the username
and/or domain name in the SIP Request-URI
The Ingate Product Family
Benefits of Ingate E-SBC• Functionality – All capabilities needed to deliver SIP to the enterprise
• Security – Inspection, control, IDS / IPS, and more
• Interoperability – Tested with most PBXs and SIP Trunking operators
• Flexibility – six deployment options; hardware and software deliverables
• Scalability – Products supporting up to 20,000 sessions
• Simplicity – Start-up wizard reduces installation time
• Affordability – Price competitive
• Reliability – MTBF in excess of 10 plus years; failover option available
• Experience – First E-SBC delivered in 2001
• Service – Commitment to customer success
Please contact me at any time:
Khris KendrickVice PresidentMail & SIP: Khris@ingate.com
Direct: +1 978-290-0001
Recommended