Acme Packet Presentation Materials for VUC June 18th 2010

Voip and Telephony User ConferenceSolution Brief June 18, 2010

2

Data centers

VoIP & UC security

SIP trunking

SIP & H.323 interoperability

Data center disaster recovery

Remote site survivability

Contact center virtualization

Remote site & worker connectivity via the Internet

Regulatory compliance – recording & privacy

Acme Packet enterprise SBC solutionscontrols four IP network borders

Contact center, audio/video conferencing,

IP Centrex, etc.PSTN

Serviceproviders

SIP

IPsubscribers

Internet

Tele-worker

Nomadic/mobile user

H.323

Regionalsite

SIP

Remotesite

Private network

1. SIP trunking border 4. Hosted services border

2. Private network border 3. Internet border

HQ/campus

Remotesite

IP PBX UC

Proprietary and Confidential

3

Multiservice security gateway

SLA assuranceRegulatory compliance

High availabilityMulti-protocol

SecurityRevenue & cost optimization

Acme Packet market-leadingNet-Net product family

Service reachmaximization

Net-Net OS

Session border controller

Session routing proxy

Net-Net EMS & SAS

Net-Net 3800

Net-Net 4250 &Net-Net 4500 &Net-Net ATCA

Net-Net 9200

Net-Net 2600Net-Net OS-E

(software-only)


44

Licensed session capacity range

NN2600: 150 – 4KNNOS-E: 25 - 500 150 – 4K 250 – 32K 500 – 32K 4K – 128K

System Throughput 5 Gbps 5 Gbps 5 Gbps 5 Gbps 5 Gbps or

10 Gbps

Network interfaces(# active) (6) 1 Gbps (4) 1 Gbps (2) 1 Gbps (4) 1 Gbps (8) 1 Gbps or

(2) 10 Gbps

IPsec tunnel capacity n/a 5K 120K 200K 400K

Transcoding session capacity 400 Not available Not available Not available 0 – 16,000

Local route table capacity (# of routes) 1M 1M 1M 2M 1M or 2M

Net-Net platform capacity comparison

Note 1: Capacity can vary by signaling protocol, call flow, codec, configuration, feature usage and SPU and NPU optionsNote 2: Capacity of third-party platforms running Net-Net OS-E may vary depending on the server capabilities; standard NNOS-E licensing is limited to 500 sessions

Net-Net 42501

Net-Net 45001 &ATCA blade1

Net-Net 92001

Net-Net 38001Net-Net 26001 &Net-Net OS-E2


5

Acme Packet Net-SAFE security framework

SBC DoS/DDoS protection– Protect against SBC DoS/DDoS attacks & overloads

Access control– Dynamic, session-aware access contro

Topology hiding & privacy – Complete service infrastructure hiding

user privacy support– Support for L2 and L3 VPN services,

traffic separation and securityViruses, malware & SPIT mitigation

– Deep packet inspection enables protection against malicious or annoying attachments / traffic

Infrastructure DoS/DDoS prevention– Prevent DoS/DDoS attack infiltration

to service infrastructure & subscribersFraud prevention

– Prevent misuse & fraud– Protect against service theft

Monitoring and reporting– Record attacks & attackers– Provide audit trails

SBC DoS protection

Fraudprevention

Accesscontrol

Topology hiding& privacy

Serviceinfrastructure

DoSprevention

Virusesmalware& SPIT

mitigation


6

How an enterprise SBC helps with SIP trunk security

Although many service provider SIP trunks are delivered over private IP networks instead of public IP WANs, security issues can still ariseMost enterprise security officers will apply the “Defense in Depth” model to the SIP trunk IP flow

– Just as they do for other IP flows like email and web applicationsThe enterprise SBC acts as the Application Layer Gateway (ALG) for all SIP signaling and media traffic – similar to ALGs used for other enterprise IT applications today

– Features include dynamic port control, full SIP firewall, and DDOS protectionService Providers use SBCs to protect their network – shouldn’t enterprises do the same ?

Enterprise Infrastructure

Web TrafficSecurity Proxy

Email TrafficSecurity

Proxy

“Defense In Depth” Security Model

Service Provider SIPTrunking Infrastructure

PSTNMPLS VPNSIP TrafficSecurity

Proxy


7

SBC DoS/DDoS protection

Dynamic trust management– Success based trust model protects

resources– Adjust resources based on real-time

events

Proactive threat mitigation– Drop malformed sessions– Block known malicious traffic

sources– Identify automated calling and reject

based on defined policies

Hosted services/IP contact center ASP

PSTN

Serviceproviders

SIPH.323 SIP

Other IPsubscribers

BO

MPLS VPN Internet

SOHO Mobileuser

Nomadicuser

HeadquartersCC IPTUC

RO

Zombie PCs

Spammers


8

SBCs eliminate communications barriers

Session control– Unify dial plans - DNS, ENUM,

LDAP, Local Route Tables (LRT)– Route sessions – policies based

on ToD/DoW, cost, media, etc.

NAT traversal (adaptive, STUN)– Cross NAT/FW borders– Define trusted users/devices– Contain unidentified/untrusted

users/devices

Protocol interworking/correction– Interwork signaling, transport &

encryption protocols – Correct protocol variations –

malformed/non-compliant headers

– Transcode between codecs– Adapt IMS for enterprise

Hosted services/IP contact center ASP

PSTN

Serviceproviders

SIPH.323 SIP

Other IPsubscribers

Regionaloffice

Branchoffice

BO

MPLS VPN Internet

SOHO Mobileuser

Nomadicuser

HeadquartersCC IPTUC

RO


9

How SBC helps with SIP trunking interoperability

PBXs are not always able to connect directly to carrier SIP trunks due to differences in SIP implementations or when H.323 is the only available IP interface

Acme Packet solves this problem by providing: – Complete SIP header manipulation rule (HMR) capabilities to interwork

different SIP dialects between PBX and carrier SIP trunking elements– Full H.323 – SIP interworking– Media transcoding & DTMF format (INFO / 2833) interworking– Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP)

interworking

These capabilities enable virtually any SIP or H.323 capable PBX or UC platform to talk to any carrier SIP trunk service

– Proven interoperability with all of the major PBX and UC vendors & SIP trunk carriers

SIPor

H.323

Enterprise Telephony

Infrastructure Service Provider SIPTrunking Infrastructure

PSTNMPLS VPN

OCS 2007


10

How an enterprise SBC helps with SIP trunk troubleshooting

A challenge for many enterprise telephony managers is to how to apply traditional TDM troubleshooting methods to SIP trunks

The enterprise SBC helps by providing an embedded probe that allows you to monitor all SIP & H.323 signaling and media traffic

– Provides full signaling traces, ladder diagrams, and media statistics– Information is automatically collected and can be retrieved via EMS and can be

sorted based on calling or called party number, SIP call ID, time-of-call, etc.– An embedded call recording utility is also provided– EMS allows partitioned access to control who can view what information

Call Diagram = Ladder Diagram & Detailed Message Trace Statistics = Media Quality Stats with MOS, packet loss, etc.

Play = Bi-directional Media Recording Capability(on-platform Session Replication for Recording (SRR))


Technology

Acme Packet Presentation Materials for VUC June 18th 2010