Upload
lamlien
View
294
Download
4
Embed Size (px)
Citation preview
Semana de atualização AvayaConceitos e Introdução ASBCE
Sérgio Tani – Systems Engineer
Westcon Brasil
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• Um Session Border Controller (SBC) é um
dispositivo de reconhecimento de sessão VoIP
que controla a admissão de chamada para uma
rede em sua “borda” e, opcionalmente
(dependendo do dispositivo), executa uma série
de funções de controle de chamadas para aliviar
a carga sobre os elementos de chamada dentro
da rede.
O que é um SBC?
• O Session Border Controller divide-se em duas partes logicamente distintas.
• A função Signaling SBC (SBC-SIG) controla o acesso de mensagens de sinalização VoIP para o núcleo da rede, e manipula o conteúdo dessas mensagens.
• A função Media SBC (SBC-MEDIA) controla o acesso de pacotes de mídia para a rede, oferece serviços diferenciados e de QoS para diferentes fluxos de mídia.
O que é um SBC? (cont.)
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• Funções básicas:• Proteger a borda da rede de um Service Provider
• Prover Call Admission Control.
• Funções adicionais:• QoS
• Media Bridging
• Interoperabilidade entre protocolos de sinalização
• Rastreamento de chamadas (para efeito de CDR)
Para que um SBC é usado?
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
Onde são usados os SBCs?
• Session Border Controllers normalmente são
implementados na DMZ de uma rede.
• Session Border Controllers podem ser
implementados em quaisquer dos seguintes
cenários.
Cenários possíveis
• Na borda entre um SP e seu cliente (User Network Interface –UNI)
• Na borda entre dois SPs com acordo recíproco a respeito do tráfego VoIP (Network-to-Network Interface – NNI)
• Dentro da estrutura do SP ofertando serviços VPN para seusclientes, fazendo o bridge de chamadas através das localidades VPN de seus clientes
• No core de uma rede, com o intuito de resolver problemas de topologia para comunicações internas
• Fazendo a função de “transcoding” centralizado
Cenário UNI
Cenário NNI
Cenário VPN
Resolvendo problemas internos de
topologia
Centralized codec transcoding
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• How to Order
Minimum training required for partners who already hold UC
or IP Office Sales and Design
Authorizations
Quickly ramp to expand the
collaboration capabilities of your customer beyond enterprise borders
Unified Communications Market is Primed!
The future of collaboration
is now, with massive market potential and
Avaya Market Leadership
Business Proposition
Executive Summary
It’s all about secure collaboration !
• Expand the scope of an existing Avaya collaboration solution
• SIP is inherently unsecure! Your customer is at risk! Securely leverage SIP Trunking or Remote Worker capabilities
• Enable BYOD strategies of your customers
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• How to Order
Customers Facing Rapid Technology
ChangeMore Collaboration and Mobile Devices…
More Enterprise Security Threats
Tablets by
2016
802Million
Mobile
projects will
outnumber
PC projects
4:1
Increase in
dedicated
video soft
clients by 2016
400%
Increase in
mobile
enterprise
investments
through
2015
30%
Of enterprise
will be cloud
based by 2015
16%
Source: Gartner
The business advantages to SIP are clear
• Operational efficiencies
• Collaborative communications
• Network consolidation
FBI warning VoIP attacks
TDoS attacks allow thieves to loot
bank account information
(May 2010)
Hackers phone home on our coin
Stolen calls - in just 15 days, over
$30,000 in calls made globally
(February 2012)
VoIP Attacks on The Rise!
Secure Your VoIP Servers –
blog.sipvicious.org
Cloud-initiated wave of SIPVicious
port 5060 scans lead to €11 million
loss (October 2010)
Hacker toured dozens of global conference rooms using common videoconferencing equipment. Easily hacked several top
venture capital, law firms, pharmaceutical and oil companies…(and) the Goldman Sachs boardroom. Videoconferencing
systems were designed with visual and audio clarity in mind, not security (January 2012)
Massive DDoS attack
crashes TelePacific VoIP
system. Average 34
million SIP traffic VoIP
connections requests…
shot up to 69 million
[in 1 day] flooding their
systems
(March 2011)
65% of Organizations Experience
Three DDoS Attacks a Year, But
Majority are Unprepared to Mitigate
Attacks
(November 2012)
FBI finds Philippine hackers
compromised AT&T business
customers used their phone
systems to call phone numbers -
revenues to hackers. Scheme cost
AT&T $2.0 million
(November 2011)
Communications Fraud Control
Association survey shows 34
respondents with $2.0 billion in
telecom fraud losses
(2011)
Could This Be Your Network?
SBCE
AdvancedFirewall IP-PBX
…requires intimate knowledge of VoIP and call states
IDS / IPS
Layer 3 attack
Layer 4 attack
SBCE
Standard
OS attack
Application attack
SIP protocol fuzzing
SIP denial of service/distributed denial of service
SIP spoofing
SIP advanced toll fraud (call walking, stealth attacks)
Remote Worker
Media Replication
Signaling/Media Encryption
VoIP Security is Different
The Solution – Avaya Session Border
Controller for Enterprise Portfolio
Secure VoIP
and UC over any
network to any
device, including
smartphones,
alternative devices
and SIP endpoints
Innovative VPN’less
remote worker
offering - enabling
true BYOD
Fit for purpose SME /
Enterprise solution
Not a repackaged
carrier SBC
Scalability – up to 2,000
sessions
High Availability
TCO & ROI
Rapid implementation
of safe SIP trunks,
remote workers and
advanced UC
applications
SIP trunks operational
in minutes, not months
GUI-based SIP
normalization tool
Industry Leading
Enterprise UC
Security
Price/Performance
Optimized for
Enterprise & SME
Ease of
Implementation
& Management
Service Provider Enterprise Everywhere else
MultimediaApps.Customer
Interaction
CollaborationApps.
SIP
SIP
AutomationApplications
Avaya
SBCE
Avaya
SBCE
SIP
Enterprise networks reach well past the network border
SIP
Trunks
Credit card privacy rules: other compliance laws require security
architecture specific to VoIP and other UC.1
Unified Communications Security –
Should You Care?
Increase
‘VoIP hacking at new levels2
Up to
of attacks
VoIP scanning –botnets, Cloud used
for VoIP fraud3
Reduce Deployments by
VoIP /UC security reduces VoIP / UC deployment time
by one third4
Toll fraud: yearly enterprise losses in Billions
inadequate securing of SIP trunks, UC and VoIP applications5
1 Payment Card Industry Data Security Standard (PCI DSS)2 VIPER LAB Honeypot research3 VIPER LAB Honeypot research
4 Aberdeen Group 20115 Communications Fraud Control Association (CFCS) 2008 Survey
So … why do I need to secure SIP?
• Cost reduction
• Flexibility
• Risk mitigation
• Compliance
• Encryption is needed in many apps
• BYOD (real time applications)
• Provide VPN-less encrypted sessions
It’s all about secure collaboration !
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• How to Order
Application Specific Security
Complements Existing Security Architecture
Avaya
SBCE
Firewall
FirewallApplication Level
Security Proxy(Policy Application,
Threat Protection Privacy,
Access Control)
Avaya SBCE 6.2 is further enhanced with …
Avaya Session Border Controller for EnterpriseA New But Already Proven Solution
• Substantial interoperability testing
and improvements in Avaya UC
environments especially for
VPN’less remote worker
• Testing against all Avaya UC
platforms
• Avaya Aura®
• IP Office
• CS 1000
• New hardware platform
targeted at SMEs
(GA: Jan 2013)
• New product structure
• Separation of ordering
hardware and software
• Fully integrated into Avaya
processes and tools
• Ordering and Logistics
• Services access
• Available in ASD
Avaya Session Border Controller for EnterpriseDeployment Models
• SIP Trunking (requires standard licenses)
• Enforce security policies of the enterprise
while solving demarcation issues
• Remote Worker (requires standard +
advanced licenses)
• Mobile workspace security, secure
distributed call centers, remote workers,
teleworkers
• Confidently extend UC to mobile
workspaces across any network
• Secure VPN’less access enabling true
BYOD
• Compliance (requires standard +
advanced licenses)
• Secured Media Replication/Forking for
archiving, logging
Avaya SBCE: SIP Trunking ArchitectureUse Case: SIP Trunking to Carrier
• Carrier offering SIP trunks as lower-cost alternative to TDM
• Heavy driver for Enterprise adoption of SBC
• THE DMZ IS A SECURITY RECOMMENDATION, NOT A REQUIREMENT
Avaya SBCE is located in a DMZ behind the Enterprise firewall
Services: security and demarcation device between the IP-PBX and the Carrier
− NAT traversal,
− Securely anchors signaling and media, and can
− Normalize SIP protocol
Avaya
SBCE
DMZ
SIP
Trunks
Enterprise
IP PBX
Carrier SIP trunks to the Avaya Session Border Controller for Enterprise
Carrier
InternetFire
wall
Fire
wall
Secure Remote Worker with BYOD
Personal PC, Mac or iPad devices
Avaya Flare®, Avaya one-X® SIP client app
App secured into the organization,
not the device
One number UC anywhere
Avaya
SBCEAvaya Aura®
PresenceServer
Sys
tem
Ma
na
ge
r
Communication Manager
Avaya Aura Conferencing
Aura Messaging
Session Manager
Untrusted Network(Internet, Wireless, etc.)
Introducing…Avaya SBCE – Targeted for the SME Market
• GA January 2013
• Enterprise class SIP Security for SME
• Price / performance optimized for SME
• Superior ease of implementationand management
Enterprise-Class
Priced for SME!
Enhanced DoS, Toll Fraud Protection
GUI based EMS and SIP Normalization Tool
Scalable to largest SME environments
Upgradable
Advanced Features
VPN-less SIP remote worker protection
Signaling/Media encryption
Media Replication
SME Targeted
Implementations
Ideal for IP Office, Avaya Aura® ME
and Branch implementationswith up to 500SIP sessions
Agenda
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Target Markets & Use Cases
• Competition and Positioning
Avaya SBC for Enterprise
Cross
Industry
UC
Customers
Gov’t
SME
Cost & Value conscious
customers
Enterprises evolving to
Unified Communications
more advanced in their
adoption of VoIP
Government
agencies are
transforming their
communications
infrastructures
Avaya SBCE 6.2
fully supported
by IP Office 8.1.
Avaya Session Border Controller for
Enterprise Use Case: SIP Trunking
• DoS and DDos Prevention
• Secures the Enterprise Border
• Provides SIP normalization between
the enterprise and the carrier
• A major bank adopts SIP trunking to cut telecoms costs
• SIP trunks are for in-bound call center representatives –
retail banking customers
• In hours bank’s new system has VoIP Denial of Service attack.
Effectively:
• Blocks all call center service calls
• Cuts off customer communications
Avaya Session Border Controller for Enterprise
with SIP trunk termination needs and requirements
for companies large and small
BusinessIssue
Solution
Benefits
Avaya Session Border Controller for Enterprise
Use Case: Secure Remote Workers
• Ensured ease of implementation and deployment and excellent
QoS across hundreds of locations
• Ripped and replaced VPN phones with secure SIP phones
improving convenience and support
• Enabled secure collaboration for over 20,000 employees
worldwide
• An enterprise needed to upgrade their communications
infrastructure ensuring a secure, quality driven collaboration
network that could support a large global workforce dispersed
across many locations including home based-workers
• They needed to securely manage BYOD demands for their
salespeople, IT department, and other increasingly mobile
remote and mobile employees.
The Avaya Aura core communications platform
secured by the Avaya SBCE, delivered a secure
SIP infrastructure that ensured remote and mobile
employees had secure collaboration
BusinessIssue
Solution
Benefits
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• How to Order
SBCE 6.2 with advanced
features on Dell server
with HA
SBCE 6.2 on Portwell server
SBCE 6.2 with advanced
features on Dell server
How to position Avaya SBCE
• Avaya IP Office
• Avaya Aura® solution for
Midsize Enterprise
• SIP Trunking <= 500
sessions
Any mode from any device
• Avaya IP Office
• Avaya Aura® solution for
Midsize Enterprise
• Full Avaya Aura solution
• CS 1000
Large Enterprise
• SIP Trunking > 500 sess.
• VPN-Remote Worker /
BYOD
• High Availability
• Avaya IP Office
• Avaya Aura® solution for
Midsize Enterprise
• Full Avaya Aura solution
• CS 1000
• SIP Trunking > 500 sess.
• VPN-less Remote
Worker / BYOD
Market
SegmentOfferCustomer
CharacteristicsKey Selling Points
Small Enterprise
*Remote Worker capabilities for IP Office and CS1000 will be provided post GA in a Service Pack
Avaya Session Border Controller for
Enterprise Competitive Differentiators
True Enterprise Solution
Designed fromthe ground up for enterprise needs
Advanced Threat Protection
based on active, primary research
Ease of Implementation
and Management
Innovative VPN’lessremote worker
solution -Enabling true BYOD
Simple UpgradePath for Advanced
Applications
Common Criteria Certification (EAL3+)
SBC Competitors
• Acme Packet – Carrier SBC
• Sonus – Carrier SBC
• Ingate – SME SBC
• AudioCodes – SME and Enterprise SBC
• Edgewater – Enterprise SBC
• Genband – Enterprise SBC
• Cisco – Enterprise SBC
To learn more visit the Avaya SBCE COMPETITIVE PORTAL
Agenda
• What’s a Session Border Controller?
• What’s for?
• Where we can use it?
• Executive Summary
• Enterprise SBC – Trends and Drivers
• Avaya SBC for Enterprise Offer
• Competition & Positioning
• How to order
Avaya SBCE - Simple “1,2,3” model
Avaya SBCE Product Options
• High Availability requires an extra Dell R210-II XL to run a separate EMS
(Element Management System) in addition to the 2 core servers
• The HP DL 360 is the common server hosting the AA-SBC Code and will be
supported for migrations from AA-SBC to A SBCE software
Server Max. # of Sessions –
without encryption
Max. # of Sessions –
with encryption (TLS,
SRTP)
Standard
Software
License
Advanced
Software
License
High
Availability
Portwell
CAD-0208
500 250
Dell
R210-II XL
2,000 1,000
HP DL360(migrations only)
2,000 1,000
Standard Services – Secure SIP Trunking Advanced Services
Avaya SBCE Feature Groups
• Broadly scalable based on platform
• High availability solutions with stateful failover
• EMS: well-constructed ‘craft’ interfaces for
simplicity of implementation and administration
• Advanced UC Security: Toll Fraud, Call
Walking, etc.
• Deep Packet Inspection (SIP and Media)
• DoS/DDoS (flood, resource hang/open
transaction, crash/fuzz)
• ACL/White/Black listing
• SIP Normalization – SIP trunk integration
module STIM
• Call Admission Control
• Quality of Service marking and tracking
• DTMF manipulation
• NAT
• RFC 5853 Compliant
• Remote Worker: validate and securely
support remote/mobile users for
extension of Avaya Aura UC services
• VPN-less
• Supports both near and far end NAT
• Supports Avaya hard and soft clients
per solution-tested compatibility matrix
• Encryption Services
• SIP TLS ↔ TCP, UDP
• sRTP ↔ RTP
• Media replication
• Ability to fork media
to a recording device
Avaya SBCE Software Licenses
• Standard and Advanced Licenses can reside on same SBCE as required
• # of advanced licenses needs to match # of standard licenses
• # of licenses are based on simultaneous sessions
• Configuration Examples (software only)
• Solution for 200 SIP Trunks (without encryption)
– 200 * 270137 “ASBCE R6.2 STD SVCS LIC 1-500”
• Solution for 200 SIP Trunks (with encryption)
– 200 * 270137 “ASBCE R6.2 STD SVCS LIC 1-500”
– 200 * 270390 “ASBCE R6.2 ADV SVCS LIC 1-500”
• Solution for 75 Remote Worker sessions
– 75 * 270137 “ASBCE R6.2 STD SVCS LIC 1-500”
– 75 * 270390 “ASBCE R6.2 ADV SVCS LIC 1-500”
• Solution for 200 SIP Trunks (with encryption) and 75 Remote Worker sessions
– 275 * 270137 “ASBCE R6.2 STD SVCS LIC 1-500”
– 275 * 270390 “ASBCE R6.2 ADV SVCS LIC 1-500”
Avaya Aura® Suite LicensingDriving user profile driven collaboration oriented sales conversations
Foundation Suite
Avaya Aura
CM,SM, SMGR
Avaya Aura
Presence
Flare
for PCVoice
CM
MessagingMS Lync
Plug in ACA w/ Video
ACE
ACE 6.2
Mobility Suite
Avaya Aura
CM, SM, SMGR
Avaya Aura
Presence
Flare
for PC
CM
MessagingMS Lync
Plug in ACA w/ Video
ACE
ACE 6.2
One-X
Mobile/
SIP/iOS/CES
Flare
for iPadVoice
Avaya
SBCE Avaya Aura
Messaging
Collaboration Suite
Avaya Aura
CM, SM, SMGR
Avaya Aura
Presence
Flare
for PC
CM
MessagingMS Lync
Plug in ACA w/ Video
ACE
ACE 6.2
One-X
Mobile/
SIP/iOS/CES
Flare
for iPadVoice/Web/Video
Avaya
SBCE
Scopia /user *
Desktop & Mobile
Avaya Aura Conferencing
(Audio/Web/Video)
Avaya Aura
Messaging
Mix & Match per user across the enterprise
Optional a-la-carte
Conferencing or Scopia (/port)
Optional a-la-carte
Conferencing or Scopia (/port)
Optional Video Room connectivity
* per-user Scopia ships FQ3
one-X
Communicator
w/Video
one-X
Communicator
w/Video
one-X
Communicator
w/Video
EC500
EC500
End of Sale – Avaya Aura SBC
• Effective May 6th 2013, Avaya will no longer sell (make commercially available) the Avaya Aura Session Border Controller (AA-SBC).
• The HP DL360 server which serves the AA-SBC software will be used for the A SBCE code so no hardware swap is required. If the customer has new requirements for more than 750 SIP Trunk Sessions, a new A SBCE will be required with new hardware.
• EoS Announcement -https://downloads.avaya.com/css/P8/documents/100168696
Obrigado!
Sérgio Tani
Systems Engineer – Westcon
+55 11 5525-7257
+55 11 99917-7123