apkt wp esbc 031813
TRANSCRIPT
-
7/27/2019 Apkt Wp Esbc 031813
1/7
W H I T E P A P E R
What is an E-SBC?
Executive Summary Enterprise communications is in a state otransormation. Businesses are replacing conventional PBX systems withVoIP and Unied Communications (UC) solutions and cloud-based servicesto improve collaboration and productivity, as well as to contain capital andoperating expenses. No longer tethered to the oce phone system, todaysmobile inormation proessionals can conduct business and interact withcolleagues and customers rom any place, at any time.
As IT organizations make the transition to VoIP and UC, they mustimplement new systems and practices to saeguard IT inrastructure, securecommunications, and preserve the high service levels users have come toexpect rom the corporate phone system and the public telephone network.The Enterprise Session Border Controller (E-SBC) is specically designedto overcome the complex security, interoperability, and service quality
challenges IT teams encounter when implementing VoIP, UC, and BringYour Own Device (BYOD) initiatives.
Operating at the session layer, E-SBCs connect the enterprisecommunications inrastructure to the public Internet, private IP networks,and to one or more Session Initiation Protocol (SIP) trunk service providers.Signicantly, they terminate and re-originate each communications session,enabling the E-SBC to manage and control trac, apply enterprise policies,and provide the cornerstone or a secure, ecient UC solution.
-
7/27/2019 Apkt Wp Esbc 031813
2/7
W H I T E P A P E R
What is an E-SBC?
Redefning Enterprise Communications
Rapid advances in mobile technology and the growing adoption o VoIP
and rich media communications are undamentally reshaping businesscommunications. The era o the oce telephone system is coming to a close.Enterprise communications is in transition rom time-division multiplexing(TDM) to IP, rom the premise to the cloud, and rom voice to multimodalcommunications.
A number o business, cultural, and technology trends are driving thetransormation o enterprise communications and impacting IT planners:
Bring Your Own Device Initiatives: The lines between home and workdevices are blurring. Workers need ull, convenient and secure accessto all their business communications and collaboration tools regardless
o what device they are using or where they are working. By 2014,80 percent o the global workorce will be eligible to participate in aBYOD program.1
Unied Communications: Traditional telephone calls are giving wayto rich multimedia, multiparty interactions that combine voice, video,chat, and web collaboration. Enterprises are leveraging HD videoconerencing and telepresence systems to conduct meetingsremotely, and are deploying unied communications (UC) solutions,such as Microsot Lync, to boost productivity and collaboration ormobile workers.
Emerging Cloud Services: A growing variety o cloud-based solutionsvideo conerencing services, customer relationship managementsystems, and contact center serviceswill enable IT organizations toeliminate capital equipment cost and complexity, accelerate servicedeployment, and ocus on business innovation rather than underlyingtelecommunications inrastructure.
Communication Enabled Business Processes (CEBP): Many enterprisesare embedding unied communications capabilitiesvoice, video,chatdirectly into business processes and line-o-business applications.By intelligently orchestrating real-time communications sessions withpresence inormation and business rules, organizations reduce processineciencies and improve decision making, employee productivity and
customer service.
Session Initiation Protocol has emerged as the predominant signalingprotocol or IP communications. Many service providers now oer SIP trunkingsolutions, which provide cost-eective and fexible alternatives to conventionalT1/E1 PRI circuits. Supported in a wide range o communications platorms(UC servers, IP PBXs, and video conerencing servers) and endpoints (deskphones, smartphones, and tablets), the SIP standard can help IT organizationsreduce expenses, eliminate vendor lock-in, and enjoy greater choice whenprovisioning end-users.
E-SBCs Enable:
Secure SIP trunking
Consolidated VoIP & UCnetworks
IP contact centers Access to cloud & hosted IP
communications services
Remote workers &branch ofces
Figure 1: Trends ShapingEnterprise Communications
2
Bring YourOwn Device
Emerging CloudServices
Multi-MediaCollaboration
CommunicationEnabled Business
Processes
UnifiedCommunications
1Creating a Bring Your Own Device Policy, Gartner, April 2011.
-
7/27/2019 Apkt Wp Esbc 031813
3/7
W H I T E P A P E R
E-SBCs Protect and Control IP Communications
Extending real-time IP communications across network borders introduces
a variety o security, interoperability, and service quality challenges.Conventional IP networking devicesrouters, rewalls, trac shapersare notdesigned to manage real-time communications and do not address the uniquesecurity vulnerabilities, interoperability issues or service quality concernsintroduced by dierent VoIP, IP-PBX and UC systems.
Typically deployed in the DMZ, E-SBCs operate at the session layer, processingtrac that uses real-time communications protocols, primarily SessionInitiation Protocol. Importantly, E-SBCs completely terminate and re-originateeach communications session; this enables the E-SBC to inspect trac andapply granular control and policies. Businesses use E-SBCs to connect andcontrol the trac fowing through the enterprise real-time communicationsinrastructure to the public Internet, other private IP networks, and to one ormore SIP trunk service providers. Through SIP trunks, E-SBCs manage and
control communication with the PSTN and cloud-hosted services. The E-SBCcan also interconnect premise-based systems, including legacy PBXs, UCsystems such as Microsot Lync, and contact center environments.
As enterprises migrate to IP communications they must nd new waysto eciently manage IT assets and saeguard communications, all whilecontinuing to deliver the quality service levels users have come to expectrom the corporate phone system and the public switched telephone network(PSTN). E-SBCs are specically designed to mitigate the complex security,interoperability and service quality issues IT organizations oten encounterwhen implementing VoIP, UC, and BYOD initiatives and extending real-timeIP communications across network borders.
Table 1: Specifc Session Functions Perormed by E-SBCs
3
Figure 2: Connecting the Enterprise to the Public Network
SIP Trunk PSTN
Internet
EnterpriseData Center
Service ProviderNetwork
Protocol manipulationFor interoperability between premise-based systems & SIP trunk services,as well as multi-vendor systems
Protocol interworking For example, SIP to H.323 interworking
Robust security Through deep packet inspection
Encryption interworking Go rom encrypted to in-the-clear communications or encrypted SRTP to IPsec
Session prioritization, classication & rate limiting For Quality o Service, emergency calling (i.e. 911), SLA assurance
Session routing For ailover, least cost routing, load balancing
Codec translation or renegotiation For bandwidth optimization
Session replication For centralized recording or compliance
What is an E-SBC?
-
7/27/2019 Apkt Wp Esbc 031813
4/7
W H I T E P A P E R
E-SBCs Do More than Firewalls
It is important to understand the undamental dierences between an
E-SBC, which is designed to manage and control real-time voice and videocommunications sessions, compared to a conventional security productlike a rewall, which is intended primarily to block or allow datacommunications fows.
IP communications sessions are composed o signaling inormation (data usedto set up and control sessions) and media inormation (digitized voice andvideo). Signaling and media inormation fow over separate paths under thedirection o dierent IP protocols.
SIP is used to establish and manage sessions. RTP (Real-time TransportProtocol) is used to deliver the associated audio and video streams. SIP servers
(there are various types) are responsible or enabling sessions between two ormore parties.
Most IP rewalls oer only basic support or SIP; they provide Access ControlLists, which can be congured, to permit or reject SIP trac based on theaddressing inormation contained in the SIP signaling streams. Firewalls cannotactively manipulate nor control real-time IP communications sessions in theway an E-SBC can.
The dierence lies in the underlying architecture. In SIP parlance, a SIP rewallis implemented as an SIP Proxy Server, which is responsible or relaying andcontrolling SIP signaling inormation, but is not actively involved in the RTPmedia path (the audio and video streams).
An E-SBC, on the other hand, is implemented as a Back-to-Back User Agent,
(B2BUA) which actively processes both the signaling and media paths. AB2BUA terminates a session rom one SIP entity (say a calling party) andestablishes a distinct session with another SIP entity (say a called party). Thisenables an E-SBC to inspect and manipulate the contents o the entire sessionto enorce security policies and eciently manage enterprise communications.
4
Figure 3: SIP Firewall Implemented as SIP Proxy
Traffic is passed or blocked by firewall
Session ControlLogic
CalledUserAgent
CallingUserAgent
What is an E-SBC?
-
7/27/2019 Apkt Wp Esbc 031813
5/7
W H I T E P A P E R
5
Figure 5: Expanding EnterpriseCommunications Pipeline
Contact CenterSystems
ConsolidatedVoIP
CEBP & WebRTC
HostedServices
Unlike a rewall, an E-SBC maintains session state and controls andmanipulates SIP signaling plus the associated RTP media streams. Forexample, an E-SBC keeps pinholes open or the duration o a communicationsession, whereas a rewall will close and reopen a pinhole using dierent portnumbers, which can disrupt a session.
Building a Foundation or Scalable, Secure Communications
IT organizations oten run into interoperability and interworking issueswhen extending real-time IP communications across network borders. SIPspecications are designed to be highly fexible; they give engineers a varietyo implementation choices and oer many optional eatures and unctions.As a result, it is not uncommon or dierent vendors (and service providers)to introduce solutions that are ully SIP-compliant, yet dicult to make worktogether. Interoperability challenges can delay VoIP and UC initiatives, lead tocost overruns, and are a continuing drain on limited IT resources.
E-SBCs allow you to build an enterprise UC architecture that can scale andaccommodate new unctions and systems, while maintaining control andsecuring your communications. With the capability to maintain session stateand manipulate RTP media streams as well as SIP signaling, the E-SBC canapply dynamic trust levels based on observed end-point behavior. The E-SBCcan execute more comprehensive, granular security controls encompassing awide variety o communications networks.
Installed at the edge o the enterprise network, the E-SBC unctions as adistinct demarcation point or external services (SIP trunking services, hostedservices, cloud-based services, etc.). The E-SBC delineates the enterprisenetwork rom the service provider network, provides a distinct security
perimeter, and makes it easier to isolate and troubleshoot problems.
In addition, by consolidating all real-time communications trac, the E-SBCprovides a central control point or classiying and prioritizing diverse tractypesvoice, video, UCprior to service provider hand-o. As such theE-SBC serves as a central point or service level agreement (SLA) monitoring,and prioritizes and allocates limited bandwidth resource across all types oapplications. Building a secure, comprehensive communications inrastructure,able to accommodate dierent existing systems, legacy applications, andemerging IP-based unctionality is no mean eat. Furthermore, satisyingincreasing security and regulatory requirements with limited IT resourcespresents an even greater challenge to the IT manager.
Figure 4: E-SBC Acts as a SIP Back-to-Back User Agent
SIP UserAgentCodec A
Encryption A
SIP Variant A
Codec B
Encryption B
SIP Variant B
SIP UserAgent
Session ControlLogic
Media ControlLogic
Traffic is inspected, controlled and manipulated
CalledUserAgent
CallingUserAgent
What is an E-SBC?
-
7/27/2019 Apkt Wp Esbc 031813
6/7
W H I T E P A P E R
6
Benefts o a True Enterprise SBC
Greater IP Network Security
E-SBCs provide IP network specic security capabilities to protect againstdenial-o-service attacks and other malicious threats such man-in-the-middleattacks. E-SBCs also provide IP address and topology concealment eaturesto saeguard privacy and condentiality; encryption capabilities to preventeavesdropping and impersonation; and access control to prevent raud andservice thet.
Platorm or Interoperability
E-SBCs provide extensive protocol normalization and mediation unctionsthat mitigate multivendor interoperability and multiprotocol interworkingissues, as well as comprehensive Network Address Translation (NAT) andrewall traversal eatures or extending VoIP and UC sessions across network
boundaries in a seamless manner. E-SBC interoperability capabilities helpIT organizations accelerate deployment, while keeping implementation andsupport costs in check.
Increased Service Quality and Availability
Given end-users service expectations, IP communications networks mustdeliver PSTN-like availability and service quality. Best-o-breed E-SBCs protectagainst service overloads by balancing loads across trunks and reroutingsessions to circumvent equipment and network problems. They also provideQuality o Service (QoS) marking, virtual LAN (VLAN) mapping, and admissioncontrol capabilities that enable network administrators to set service levels andmanage service quality.
Cost Management and Avoidance
E-SBCs help IT organizations manage costs by consolidating networkinrastructure, making more ecient use o network resources ascommunication needs increase. They support session control eatures to routecalls across trunks and service providers (least cost routing) as well as codecrenegotiation and translation capabilities to optimize WAN bandwidth.
Achieve Regulatory Compliance
Established methods and procedures or securing, controlling and recordingcircuit-switched TDM calls are not easily extended to packet-based IPcommunications. E-SBCs help healthcare organizations maintain thecondentiality and integrity o customer interactions; and nancial services
record and archive required calls or regulatory oversight.
Many organizations throughout the world are required to support emergencycalls (i.e. 911 calls). E-SBCs provide security eatures to ensure sessionprivacy and condentiality, session replication capabilities to centralize andconsolidate IP call recording, and session prioritization eatures to ensureemergency calls take precedence.
What is an E-SBC?
-
7/27/2019 Apkt Wp Esbc 031813
7/7
W H I T E P A P E R
2013 Acme Packet, Inc. All rights reserved. Acme Packet, Session-Aware Networking, Net-Net andrelated marks are trademarks o Acme Packet. All other brand names are trademarks or registeredtrademarks o their respective companies.
The content in this document is or inormational purposes only and is subject to change by AcmePacket without notice. While reasonable eorts have been made in the preparation o this publicationto assure its accuracy, Acme Packet assumes no liability resulting rom technical or editorial errors oromissions, or or any damages resulting rom the use o this inormation. Unless specically included ina written agreement with Acme Packet, Acme Packet has no obligation to develop or deliver any uturerelease or upgrade or any eature, enhancement or unction.
100 Crosby Drive
Bedord, MA 01730 USAt +1 781.328.4400 +1 781.275.8800
www.acmepacket.com03/18/13
E-SBCs enable businessesto realize all the benets ofinteractive IP comunicationsgreated productivity, improvedcollaboration, lower costswithout compromising security,reliability, or service quality.
7
Conclusion
Unied communications solutions, smartphones, and tablets are ushering in
a new era o enterprise communications where one-on-one phone calls giveway to rich multimedia, multiparty experiences. By replacing and augmentinglegacy TDM voice networks with converged IP networks that deliver voice,video and data over a common inrastructure, IT organizations can eliminateineciencies, contain equipment and operations expenses, and transorm thecorporate network into a competitive advantage.
E-SBCs provide a undamental building block or secure, scalable enterpriseUC architectures. They can extend existing investments as well as integratenew, multimodal communication systems. E-SBCs enable businesses torealize all the benets o interactive IP communicationsgreater productivity,improved collaboration, lower costswithout compromising security,
reliability, or service quality.
For More Inormation
Acme Packet
Acme Packet Enterprise Solutions
Acme Packet Enterprise Products
About Acme Packet
Acme Packet (NASDAQ: APKT), the leader in session delivery networksolutions, enables the trusted, rst-class delivery o next-generation voice,video, data, and unied communications services and applications acrossIP networks. Our Net-Net product amily ullls demanding security, serviceassurance and regulatory requirements in service provider, enterprise, andcontact center networks.
Based in Bedord, Massachusetts, Acme Packet designs and manuacturesits products in the USA, selling them through over 250 reseller partnersworldwide. More than 1,775 customers in 109 countries have deployed over19,000 Acme Packet systems, including 89 o the top 100 service providersand 45 o the Fortune 100.
What is an E-SBC?
http://www.acmepacket.com/http://www.acmepacket.com/http://www.acmepacket.com/solutions/enterprise-solutions/overviewhttp://www.acmepacket.com/products-services/enterprise-products/overviewhttp://www.acmepacket.com/http://www.acmepacket.com/products-services/enterprise-products/overviewhttp://www.acmepacket.com/products-services/enterprise-products/overviewhttp://www.acmepacket.com/solutions/enterprise-solutions/overviewhttp://www.acmepacket.com/http://www.acmepacket.com/