ITEXPO 2015 Khris Kendrick Vice President Business Development
ITEXPO 2015 Khris Kendrick Vice President Business Development Khris@ingate. com +1 978 -290 -0001 Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.
The SIP enabler The Role Of The E-SBC Solutions for SIP We enable SIP communication for business
Who Are We? Ingate Systems – Quick Facts • Founded 2001 with Intertex heritage from the 1980 s • Headquarters in Stockholm, Sweden • North American subsidiary in New Hampshire, USA • Japanese liaison office • Leader in real-time SIP communications with more than 50, 000 small and 10, 000 business and enterprise installations in 50+ countries • Leading innovator with patents registered and pending • First SIParator® (SIP Proxy-based firewall & E-SBC) delivered in 2001 • First E-SBC certified by the ICSA Labs for Vo. IP SIP security firewall • Ingate’s SIP Trunking Seminars at ITEXPO since 2006 – Bringing SIP to the Enterprise https: //www. ingate. com/itexpo_miami_2015. php
Why—E-SBC Growth? Gartner Market Direction • Enterprises are moving to SIP trunking to reduce their telecom expenses by 30 to 50% • The Enterprise Session Border Controller (E-SBC) market based on SIP trunking is estimated to grow by 20% per year 2014 – 2018. • 80% of enterprises in North America have some SIP trunks but only 10% of them have fully completed their migration to SIP trunking • New UC solutions / technologies such as Web. RTC will add to this growth Gartner June 2014: Market Guide for Enterprise SBC
“SIP Trunking is no longer a Nicety, it’s a Necessity” - Jonah Fink • SIP is an important and beneficial component of the evolution of business communication • Lower cost--ROI • Single network • Centralized call management with local numbers • Evolution to global connectivity • Revolutionary use of video and other media • Faster recovery from disasters Implementation requires an E-SBC
Question: Would you ever drive your business into a storm?
Would you ever do this? Public Internet or MPLS PSTN Data LAN
Factoid: Unsecure network/PBX exposure to the Internet will hurt your business…not if, but when
Case Study Nationwide Processing • Case: Nationwide provides outsourced mortgage production services to leading institutions. • Problem: Initially connected their PBX to the Internet and continuously got Brute Force Registrations, Toll Fraud, Denial of Service (Do. S) and SIPVicious attacks • Solution: SIParator E-SBC installed by e. Tech. Help
PBX Exposed: Not Recommended PSTN Public Internet or MPLS SIP Trunking Provider Network GW Firew IPPBX all Data LAN
NAT Breaks SIP: Not Possible PSTN Public Internet or MPLS SIP Trunking Provider Network IP-PBX Firew all Data LAN GW
E-SBC Resolves Firewall Traversal allowing the PBX to be on the LAN Public Internet or MPLS SIP Trunking Provider Network SIP Trunk IP-PBX Firew all Data & Vo. IP LAN GW
What is an E-SBC • Device that: • Installed at the border between an enterprise and the Wide Area Network
The Border: Where is the E-SBC installed? 14
How the E-SBC Role Has Evolved And Why First-Gen E-SBCs Can’t Keep Up
Old World PSTN--- New World IP
Delivering Higher Order of Services • Selling bare pipes is a race to zero • Service providers (SP) must transform revenue stream to compete
UC Couldn’t Happen For the Masses Without an E-SBC § § § Mobility Remote office Collaboration--Web. RTC Presence Etc.
What is an E-SBC? A edge device that is inserted into the signaling and media path between devices to provide session interworking. “Session Traffic Cop” An E-SBC provides: • • Connectivity- NAT Transversal, session aware firewall, IPv 4 to IPv 6 Security- Do. S, IPSec and TLS origination and termination Quality of Services- Policing, rate limiting Media Services- DTMF Normalizes Protocols Policy Control HA Resiliency and Redundancy Ingate E-SBC VM Soft E-SBC
What is an E-SBC • Device that: • Is installed at the border between an enterprise and the Wide Area Network • Similar to a data firewall but for SIP and related media
What’s a session • A M 2 M connection between two (devices) parties • A bi-directional phone call • A bi-directional video connection • A chat session
What is controlled? • • Dynamic and trusted pinholing Far-END NAT traversal Security Routing Quality Statistics SIP protocol normalization Far-END diagnostics
What is an E-SBC • Device that: “SIP Traffic COP” • Is installed at the border between an enterprise and the Wide Area Network • To control how sessions are managed • Between two end-points • Between enterprise and service provider • Between remote user and enterprise • Similar to a data firewall but for SIP and related media
Why does the Enterprise need an E-SBC? • Firewall traversal • Enables placement of the PBX behind the firewall • Normalization of SIP signaling • • Far End NAT Traversal • • • To keep the PBX secure • Intrusion Detection / Prevention • To prevent Denial of Service Attacks • Toll Fraud prevention • Authentication processes • Encryption • To enable private communications To address multiple PBXs or providers Quality of Service • • Support for Remote Workers Disaster recovery • • To insure interoperability with the service provider • Deep SIP Packet Inspection To prioritize voice Demarcation Point • MOS scores • Logging and Wire Shark traces An E-SBC Simplifies, Secures and Strengthens any SIP Implementation
E-SBC Features 1 SBC Features Brief Description SBC Do. S/DDo. S Prevention Blocks attackers from taking down the network ü Topology Hiding “Hides” IP devices in the network from attackers ü Rogue RTP Protection Prevents thieves from stealing long-distance service ü Media Encryption Keeps private communications private ü Signaling Encryption Ensures only authorized users send/receive communications ü NAT Traversal Enables SIP sessions with NAT-protected devices ü High Availability Operations Ensure no loss of active sessions or session state during SBC failover ü Protocol Interworking Translate dissimilar signaling (SIP , transport (UDP, TCP) & encryption protocols (none, TLS, IPsec, SRTP) ü Call Admission & Overload Control Ensure continuous service availability and quality, even under adverse traffic loads and/or attack. ü SIP Message Manipulation (SMM) Allows an enterprise or service provider to manually or automatically change the contents of a SIP message to provide consistent communications between devices ü Media transcoding Supports for multimedia, multi-device communications ü
E-SBC Features 2 SBC Features Brief Description SBC IPv 4 and IPv 6 Interworking Allows IPv 4 and IPv 6 networks to work together seamlessly ü Data and Fax Interworking When a data call is detected and routed ü DTMF interworking Supports interworking between different DTMF Relay methods ü B 2 BUA Software Architecture The B 2 BUA application completely terminates signaling and media transport connections on one side and relays only specific information onto new transport connections on another interface Supports for lawful Intercept functionality ü Robust SIP Interoperability Provides robust SIP interworking, offering both dynamic and static SIP normalization between a multitude of enterprise IP devices ü Radius / CDR Billing Support for Radius accounting record and generation of CDR file ü Embedded Routing/Policy Engine Provide route prioritization, call screening and blocking ü Lawful Intercept ü
E-SBC Features 3 SBC Features Brief Description SBC ENUM lookups Performs ENUM queries to an external DNS to map E. 164 telephone numbers to SIP trunk URIs and then performs SIP routing based on the service URIs ü Direct Media Allows the SBC to set up calls between two endpoints so that media can be exchanged directly without consuming bandwidth to and from the SBC Preserves this privacy and security ü SIP DTMF Trigger Detection Looks for specific DTMF trigger patterns and to notify an external SIP entity when such patterns are detected ü Registration Relays SIP endpoint registration information between these endpoints and the Registrar ü Media Pinholes ü
E-SBC Features 4 SBC Features Brief Description SBC SIP Peer Overload Control Traffic throttling towards a SIP peer is done based on receipt of 503 response from the SIP peer. ü Codec Policy Supports setting the media (including codec) policy on a call-by-call basis. The configurable are as follow: • allowed codecs (ordered list) • packetization parameters • fax handling • modem handling • DTMF handling ü Digit Manipulation Allows you to modify digits in called party and calling party ü Parameter Manipulation Allows you to modify the values of important SIP parameters ü Username/SIP URI Routing Username/SIP URI routing allows routing of requests based on the username and/or domain name in the SIP Request-URI ü
The Ingate Product Family
Benefits of Ingate E-SBC • Functionality – All capabilities needed to deliver SIP to the enterprise • Security • • – Inspection, control, IDS / IPS, and more Interoperability – Tested with most PBXs and SIP Trunking operators Flexibility – six deployment options; hardware and software deliverables Scalability – Products supporting up to 20, 000 sessions Simplicity – Start-up wizard reduces installation time Affordability – Price competitive Reliability – MTBF in excess of 10 plus years; failover option available Experience – First E-SBC delivered in 2001 Service – Commitment to customer success
Please contact me at any time: Khris Kendrick Vice President Mail & SIP: Khris@ingate. com Direct: +1 978 -290 -0001
- Slides: 31