tmc internet telephony show leveraging ip telephony for telecommuting sip in telecommuting and...

TMC Internet Telephony Show

Leveraging IP Telephony for Telecommuting

SIP in Telecommuting and Teleworking

Internet Telephony Show, Long Beach CA 10/14/03-10/16/03


Internet Telephony Show Long Beach, CA 10/14/03-10/16/03

• Robert Messer, ABP International, Inc.Introduction and Panel Host

• Nicolas Pohland, snom technology AGSIP IP Phones for Telecommuting

• Steve Johnson, Ingate Systems Inc.IP Security in Telecommuting

• Brit Vickner, Interactive Intelligence, Inc. Telecommuting Application support


IP Telephony in Telecommuting


A growing trend


20 years later 42 million work at home—but not every day

42.7 43.545.8

41.6

45.5 6.6 7.3

9.1 8.5 8.711.6

14.416.8

23.5

15.818.3 19 19.9

23.4

16.5

0

5

10

15

20

25

30

35

40

45

50

1980 1985 1990 1991 1992 1993 1994 1995 1996 1997 1998 1999 2000 2001 2002 2003

Self-employed

Employees + contractors

WAH business hours

Any employed work at home

Sources: The Dieringer Research Group, ITAC, U.S. Census

2.2

Joanne H. Pratt AssociatesCopyright 2003 Joanne H. Pratt Associates


Demographics of Telework

* 39% of US workers would like to telework, but only 31 feel there employers will let them.

U. of Connecticut Study

* 17% or the workers in Finland telework. Eustats

* It is estimated that 100MM US workers will Telecommute by 2010. Kiplinger, 12/00

* The number of teleworkers worldwide in 2003 is expected to be 137 million. Source, Gartner Group


Examples of Economic Benefits

• 17% of AT&T managers work full time from home in Virtual Offices, while the operational benefit of telework to AT&T exceeds $150 million annually.

• AT&T realizes approximately $150,000,000 in annual savings by teleworking $100,000,000 through direct employee productivity, $35,000,000 through reduced real estate costs, and $15,000,000 through enhanced retention and Productivity increase. AT&T 2002-2003 Employee Telework Survey

• The manager/staff ratio in a virtual organization is 1:40. It's 1:4 in a traditional office. Ft. Lauderdale Sentinel


Ecological & Time Benefits

• A 40 minute commute equates to 8 working weeks per year. Colorado Telework Coalition

• Every week 32,000,000 Americans could be telecommuting at least one day. They would not drive 1,260,800,000 miles (equal to 51,000 times round the Earth)

• POLLUTION SAVINGS would be 1,081,955,230 lbs, or 540,978 tons of a mix of Carbon Monoxide, Carbon Dioxide, Nitrogen Oxide, Particulate Matter and Hydrocarbons.


Virtual Organizations

• IP telephony specially SIP is the enabling technology

• Reduced cost of communications

• International Outsourcing is made possible but alsonew domestic organizations are emerging based ontechnological advances and cost reduction.


Disaster Recovery• Business Continuity

Disaster Management When disaster strikes, key company locations may go offline or be physically inaccessible. Remote work capability will keep businesses running. Gartner

Business continues after Seattle quake though some of it from home

Telework allowed many to continue working during the Great Ice storm of '98 which cut power for millions for up to several weeks

http://www.nwfusion.com/news/2001/0301quake.html?nf

http://www.nwfusion.com/news/2001/0301quake.html?nf

http://www.ivc.ca/emergencies/icestorm.htm





The IP Phone


The IP Phone in Telecommuting

Nicolas Pohland, snom technology AG

What requirements and issues does the IP phone need to possess and address in a telecommuting environment?


The IP Phone

• The phone as a specialized communication device is here to stay.

• The IP phone supports the telecommuters needs and makes his environment more office like.

• Telecommuting is the major driving force for VoIP in general, especially Western Europe.

• Not all SIP implementations are equal.


Issues

• Phone number transparency• Encryption• NAT Traversal• Quality of Service• Maintenance• Security• Legal Issues


Phone number transparency

• User needs to be reached under the same number whether at home, work, hotel or at a café, i.e. regardless of destination.

• SIP inherently provides that with proxy capable of forking.

• Transparency should also be independent of origin of call, i.e. whether call is done from PSTN or Internet.

• ENUM extension ensures this.


Encryption

• By default voice is only encoded but not encrypted.

• An intelligent access device, e.g. VPN capable router can be used.

• Or the phones support encryption directly.

• This is slowly becoming reality.

• May be a legal “challenge” for the VoIP industry.


NAT Traversal

• Most SOHO environments are small LANs that are connected to the internet with a NAT router.

• Problem: Phone normally has a local IP address and is not “visible” from the Internet. It cannot be called.

• There are several solutions to this. E.g. SIP aware firewalls, B2BUAs, session border controllers, STUN and UPnP.

• An IP phone supporting STUN or UPNP is a good solution for the home office since the already existing low cost asymmetrical NAT router does not need to be replaced.

• SIP aware firewall is good solution to improve security.


Quality of Service

• Voice is very sensitive to interruptions, latency (delay) and jitter (delay variance)

• LAN side is not the problem. • In most countries the backbone is not the problem.• The access point is critical. Enough bandwidth must be

available for voice. Depends on used codecs, packet size and max. number of simultaneous calls.

• Preferably access device AND ISP should support QoS mechanisms. Not always available and not cheap, yet.

• Separate VLANs and access points also a pragmatic solution. See security.

• IP Phones should also implement DNS SRV to support redundant SIP proxies. This increases reliability a lot.


Security

• SOHOs are not well protected.

• IP Phones are not as vulnerable to attacks as PCs. Separate VLANs possible but CTI benefit is lost.

• SIP aware firewall can help improve security immensely.

• Global proxies need to implement authentication.


Maintenance

• Central and remote configuration and management a must for mass deployment, e.g. bigger corporation or IP Centrex provider.

• PSTN makes deployment easy because phone number belongs to physical lines (normally) and configuration options quite limited for residential phone.

• But home workers expect PBX functionality, global phone books, etc. A lot more parameters need to be setup.

• Mass deployment, e.g. remote settings management critical for larger deployments.

• This is not well standardized in SIP, yet. We are working on it …


Legal Issues

• Encryption makes the intelligence community nervous

• Emergency call (“911”) origin may pose a problem in some countries and require a PSTN backup. How convenient for PSTN operators …

• Some countries forbid VoIP directly to protect telecom monopoly.


Summary

• Telecommuting with SIP lowers costs and increases functionality.

• But SIP deployment is not trivial in the home environment.

• But with intelligent IP Phones telecommuting can be made easy, reliable and secure.


Security


IP Security in Telecommuting

Steve Johnson, Ingate Systems, Inc.


The Third Wave of the Internet

HTTP created the Web

SMTP created Email

SIP enables universal communications over the Internet and the ability to telecommute when desired


It’s all there – almost…

A single network (IP)

Everyone has a connection

High capacity and good performance

A single protocol (SIP)

But:Firewalls are meant to exclude inbound communicationsSIP does not traverse common firewalls and NATs


What’s the difference?Typical Internet protocol (SMTP, HTTP…)

Internet

HOSTSERVER

SIP (and H.323…) connects person-to-person

Internet

PERSON

PERSON

Firewalls support communications from the inside out to reach application servers

Realtime Communications requires bi-directional connections which most firewalls don’t support


One Way: VoIP Islands…

PSTN

No connectivity between the IP clouds

Europe

IP

US

VPNTunnel

IP

Gateway

Gateway

Gateway

TollBypass

SOFTSWITCH

MGCP


The Global All IP Way

SIP-capable firewalls make the differenceMain Office

Home Office

Home Office

Branch Office

PresenceIMAudioVideoData Col.

Firewall

PresenceIM

Edge Proxy

DMZ

Firewall

PresenceIM

GreenwichEdge Proxy

DMZ

PresenceIMAudioVideoData Col.

TLS


Suggested SolutionsSTUN TURN ICE

– Can cope with certain types of existing NATs– Complexity has grown to increase reliability and handle more NATs– Needs to be implemented in the SIP clients and servers on the Net– Tight firewalls cannot be traversed

Dynamically-controlled firewalls/NATs – Midcom: By Firewall Control Proxy (no activity known at this time)– UPnP: By the client (Windows) (Microsoft)

Tunnelling - Brings the SIP-client to an operator or a corporate LAN– Requires ALG for each client on LAN with own address space– IPSec, Proprietary

ALG (non-Proxy) SIP-aware firewall– TLS not possible

Proxy-based SIP-aware firewall/NATs – General, handles complex scenarios, PBX functionality


STUN TURN ICE

• Evolving IETF Standard• Requires client on the inside of the LAN and “reflector” in the

network• Client “pings” the reflector which returns the internal IP address that

is being broadcast by the SIP end point• Once the internal IP address is known, then all communications

carry that IP address in the header information


STUN TURN ICE

Benefits• Simple solution to NAT traversal• Offers alternative to home users

and small businesses that don’t wish to incorporate a full firewall solution

Problems• Exposes the internal IP

addressing scheme• Circumvents the protection

offered by the firewall• Inappropriate for enterprises

and others with valuable information to protect on their LAN

• Only works for certain types of NATs


Midcom

• Developing IETF standard for managing controllable firewalls with a Firewall Control Proxy

• Elegant solution that puts the solution at the point where the problem occurs

• Firewall Control Proxy would dynamically control the firewall to accept SIP media only when authorized

• Control resides with the Firewall Control Proxy and the existing firewall takes care of all of the logging


Midcom

Benefits• Based on an IETF Standard• Leaves the firewall in place • Offers a separate device to

just manage SIP sessions

Problems• No companies are currently

developing this technology• There are currently no firewalls

that are controllable by an outside agent

• Leaves vulnerabilities on the Firewall Control Proxy which could result in a violation of network security


UPnP

• Universal Plug and Play• Proposed by Microsoft• Allows all end points to be controlled by the Microsoft agent


UPnP

Benefits• Simple implementation• Nothing to set up or configure• Excellent implementation for

home users• Would expand the use of SIP

Problems• Limited utility for enterprises of

any size• Cannot handle complex call

scenarios• Solution handles NAT only• Cannot handle hard phones,

only soft clients• Security of the network

controlled by Windows server


Tunneling

• Network based NAT traversal solution• Minimizes infrastructure upgrades• Provides quick solution for remote clients


Tunneling

Benefits• Simple implementation• No firewall upgrades

necessary• Network based solutions

available

Problems• Depends on “teasing” ports to

remain open• Some implementations only

allow outbound calling• May require a client inside the

LAN and on the end point• Non-standards based

solutions• Limitations for supporting

advanced calling features


ALG (non-Proxy) SIP-Aware Firewall

• Implementation which sits between two hosts and modifies the information flow between them on the fly

• ALGs normally do small modifications to the packets


ALG (non-Proxy) SIP-Aware Firewall

Benefits• Theoretically faster processing

times than proxy-based solutions

• Performs most of the important functions of allowing traversal of the NATed firewall

• Able to dynamically open and close ports for media

Problems• Cannot read deeply into the

packet headers• Cannot support encryption

(TLS); ALGs see everything in the clear so modifying authenticated packets is impossible

• Setup of complex call scenarios a problem

• Current implementations do not support soft clients


Proxy-Based SIP-Aware Firewall/NATs

• Full proxy sits between two hosts• Proxy terminates a packet flow, then reinitiates flow to the destination address

– Records SIP client address to locate behind NAT– Digest authentication– Rewrites headers to destination on the LAN– Rewrites headers of outgoing messages to mask internal IP addresses

• Proxies can look deeply into the header information because it stops packet briefly

– Inspection of SIP signaling (including Instant Messages)• Support for Transport Layer Security (TLS)

– Adds privacy and authentication to communications– TLS is being used for adding security to Microsoft Office Live Communications

Server, Avaya, Reuters and others• Can also be used as a separate SIP firewall when all data ports are

permanently closed


Proxy-Based SIP-Aware Firewall/NATs

Benefits• Most flexible solution• Able to support all call

scenarios, despite complexity• Can support servers on the

inside of the LAN• Supports TLS• Flexible and adaptable• Offers a backup registration/

location server option• No degradation of voice quality• Minimal latency

Problems• Possible slower performance

than an ALG solution


Summary of Advantages

Capability Full Proxy ALG

Support for TLS Yes No

Flexible support for complex call scenarios

Yes No

Backup registrar Yes No

Support for soft clients Yes No


Internet IP

Real and Complex Scenarios

SIP/PSTNGateway

Complications for non-proxy solutions:

Tight firewalls

Call transfer

SIP server on the LAN

Trusted connections: TLS

XP

SIPServer 2

SIPServer 3

SIPServer 4

LAN

Firewall/NAT

IP Phone

SIP

TLS Sooner or later:

The NAT/Firewall Problem needs to be solved

where it occurs


Summary• Telecommuters are an extension of the

enterprise• Security should be a prime consideration• Solution should allow the user to take full

advantage of enhanced services• Compatible solutions between the telecommuter

site and the main office should be a consideration

• Products exist to make telecommuting an attractive option using the power of IP based realtime communications


Application Software


Telecommuting Application Support

Brit Vickner, Interactive Intelligence, Inc.


You may be Wondering

• Complete technology tool set• Open standards (truly)• Choices for access, devices and infrastructure• Ease of use • Feeling of being disconnected• Management (I don’t know what people are doing)• Ease of support and administration• Future Proofing• Applications to the desktop (don’t workers lose functionality)

Reality: Mobile workers work longer hours with the proper tools that enhance the Customer experience.


Composition of an Enterprise: 44%-57% out of Office

Multi-site

Teleworking

Mobile

Office56%

Traveling

44%

ITAC Estimates Teleworkers Will Grow by About a Third to 50M Workers by 2005

Total US Business Lines – Installed Base is 108 Million

Multi-site

Teleworking

MobileTraveling

57%

Office43%

51

Mobile Workforce and Devices

2003 2005


Today’s Mobile Office Challenges

Unwired

VM

On the Run

VM

Separate, Multiple Voice and Data Platforms Depending Upon Employee’s Location and Device Availability

Remote or Home Office

VM

Corp. Office

VM


Virtual Office

Virtual Office Platform

Integrated, Packaged, Mobile Business Communications Platform providing full Voice and Data Services to Mobile Employees and Workgroups

Communications Manager

Unified Message Manager

Corporate Information

Portal


The Virtual OfficeDepartmental Solution

PSTN/Internet


IP/LAN

Wireless Provider

VirtualOffice

RemoteEmployees

VirtualOffice

Corporate Employees

PBX

Digital Phones

Virtual Office Client - Analog Phone

Virtual Office Client - SIP Soft Phone

Virtual Office Client - SIP Phone

Virtual Office - SIP Phone only

Virtual Office Unwired Employee

Virtual Office Employee with PDA

Virtual Office Work at Home Employee


The Virtual OfficeEnterprise Solution

PSTN/Internet

IP/LAN

Virtual Office Client - Analog Phone

Virtual Office Client - SIP Soft Phone

Virtual Office Client - SIP Phone

Virtual Office - SIP Phone only

Virtual Office Unwired Employee

Virtual Office Employee with PDA

Wireless Provider

IP Gateway

VirtualOffice

RemoteEmployees

VirtualOffice

Corporate Employees

Virtual Office Work At Home Employee



Virtual Office

Digital Phone Analog Phone

SIP Phone

PDA RIM

Palm

CellPhone

Communications Manager

Message Manager

Web PortalConnectors

Intelligent Communications

Device Independence

Integrated Enterprise Voice and Data Platform

Smart Phone

NotebookDesktop PC

PSTN LAN


Full Remote/Mobile User Access

• Remote access by users from any location

• Turns any phone into a virtual office for Data Screen pops, conference calls, holding calls, parked calls, intercom calls, etc.

• Presence management features – in/out status


Communications ManagerCommunications Console

Extensive Call Control FeaturesExtensive Call

Control Features


Communications ManagerGraphical Status Manager

Graphically Manage Your

Status

Graphically Manage Your

Status


Presence management means faster coordination of issues

•View status of users across sites

•See that a user is on the phone just like they are down the hall

•Find available resources at alternate sites quickly

•Dial plan means 4 digit or speed dialing works regardless of user log in location


Virtual OfficeCorporate Information Portal

• Real time, Anywhere Data Access

• Increase Revenue Opportunities

• Improve Customer Service

• Greater Mobile Worker Productivity

• Make Informed, Agile Business Decisions


Strategic Products

Enterprise Interaction Center®

Communité™

CustomerInteraction Center®

Communite’Hosted Services:

Unified Communications

Network IVR

Wireless Connectivity

Contact Centers

Custom Service Offerings

EnterpriseInteraction Center50-5000 users

All-in-One Comm. Server

Voice & Chat

Conferencing

Unified Messaging

IP Telephony

Customer Interaction Center20-2000 agents per site• ACD• IVR• Screen pop• Web collaboration

• Call recording• Predictive dialing• E-mail routing• Pre/post Call Routing


SIP Communications Integrated with Corporate Data

Increase Employee Productivity

…improved access, presence management, and ease of use


Telecommuting


Internet Telephony Show Long Beach, CA 10/14/03-10/16/03

• Robert Messer, ABP International, Inc.Introduction and Panel Host

• Nicolas Pohland, snom technology AGSIP IP Phones for Telecommuting

• Steve Johnson, Ingate Systems Inc.IP Security in Telecommuting

• Brit Vickner, Interactive Intelligence, Inc. Telecommuting Application support

tmc internet telephony show leveraging ip telephony for telecommuting sip in telecommuting and...

Documents