Acme Packet Presentation Materials for VUC June 18th 2010

Text-only Preview

Voip and Telephony User ConferenceSolution Brief June 18, 2010Acme Packet enterprise SBC solutionscontrols four IP network borders1. SIP trunking border4. Hosted services borderVoIP & UC securityContact center, IPaudio/video conferencing, subscribersSIP trunkingPSTNIP Centrex, etc.SIP & H.323 interoperability ServiceprovidersData center disaster recoveryData Remote site survivabilitycentersIP PBXUCContact center virtualizationRemote site & worker connectivity via the InternetPrivate networkInternetRegulatory compliance H.323SIPSIP– recording & privacyRegionalRemoteHQ/Nomadic/Tele-Remotesitesitecampusmobile userworkersite2. Private network border3. Internet borderProprietary and Confidential2Acme Packet market-leadingNet-Net product familySession border Multiservice Session routing controllersecurity gatewayproxySecuritySLA assuranceNet-Net OSRevenue & cost optimizationRegulatory complianceMulti-protocolService reachHigh availabilitymaximizationNet-Net 4250 &Net-Net 4500 &Net-Net 9200Net-Net ATCANet-Net Net-Net 2600Net-Net 3800 OS-E(software-only)Net-Net EMS & SASProprietary and Confidential3Net-Net platform capacity comparison Net-Net 45001 &Net-Net 92001ATCA blade1Net-Net 26001 &Net-Net OS-E2Net-Net 38001Net-Net 42501Licensed session NN2600: 150 – 4K150 – 4K250 – 32K500 – 32K4K – 128Kcapacity range NNOS-E: 25 - 500System 5 Gbps or 5 Gbps5 Gbps5 Gbps5 GbpsThroughput10 GbpsNetwork interfaces(8) 1 Gbps or (6) 1 Gbps(4) 1 Gbps(2) 1 Gbps(4) 1 Gbps(# active) (2) 10 GbpsIPsec tunnel n/a5K120K200K400KcapacityTranscoding session 400Not availableNot availableNot available0 – 16,000capacityLocal route table 1M1M1M2M1M or 2Mcapacity (# of routes)Note 1: Capacity can vary by signaling protocol, call flow, codec, configuration, feature usage and SPU and NPU optionsNote 2: Capacity of third-party platforms running Net-Net OS-E may vary depending on the server capabilities; standard NNOS-E licensing is limited to 500 sessions Proprietary and Confidential4Acme Packet Net-SAFE security framework SBC DoS/DDoS protection– Protect against SBC DoS/DDoS attacks & overloadsAccess control– Dynamic, session-aware access contro Topology hiding & privacy – Complete service infrastructure hiding user privacy support– Support for L2 and L3 VPN services, SBC DoS traffic separation and securityprotectionViruses, malware & SPIT mitigation– Deep packet inspection enables FraudAccessprotection against malicious or preventioncontrolannoying attachments / trafficInfrastructure DoS/DDoS preventionService– Prevent DoS/DDoS attack infiltration infrastructureTopology hidingDoSto service infrastructure & subscribers& privacypreventionFraud preventionViruses– Prevent misuse & fraudmalware& SPIT– Protect against service theftmitigationMonitoring and reporting– Record attacks & attackers– Provide audit trailsProprietary and Confidential5How an enterprise SBC helps with SIP trunk securityAlthough many service provider SIP trunks are delivered over private IP networks instead of public IP WANs, security issues can still ariseMost enterprise security officers will apply the “Defense in Depth” model to the SIP trunk IP flow – Just as they do for other IP flows like email and web applicationsThe enterprise SBC acts as the Application Layer Gateway (ALG) for all SIP signaling and media traffic – similar to ALGs used for other enterprise IT applications today– Features include dynamic port control, full SIP firewall, and DDOS protectionService Providers use SBCs to protect their network – shouldn’t enterprises do the same ?Enterprise InfrastructureWeb TrafficSecurity ProxyService Provider SIPTrunking InfrastructureSIP TrafficMPLS VPNPSTNSecurity ProxyEmail TrafficSecurity Proxy“Defense In Depth” Security ModelProprietary and Confidential6SBC DoS/DDoS protectionDynamic trust management– Success based trust model protects Hosted services/resourcesOther IPIP contact center ASP– Adjust resources based on real-time subscribersPSTNeventsProactive threat mitigationServiceproviders– Drop malformed sessions– Block known malicious traffic sourcesHeadquarters– Identify automated calling and reject UCCCIPTbased on defined policiesMPLS VPNInternetH.323SIPSIPSpammersROBOSOHOMobileNomadicZombie PCsuseruserProprietary and Confidential7SBCs eliminate communications barriersSession control– Unify dial plans - DNS, ENUM, Hosted services/LDAP, Local Route Tables (LRT)Other IPIP contact center ASPsubscribers– Route sessions – policies based PSTNon ToD/DoW, cost, media, etc.ServiceprovidersNAT traversal (adaptive, STUN)– Cross NAT/FW borders– Define trusted users/devicesHeadquarters– Contain unidentified/untrusted UCCCIPTusers/devicesProtocol interworking/correction– Interwork signaling, transport & encryption protocols MPLS VPNInternet– Correct protocol variations –H.323SIPSIPmalformed/non-compliant ROheadersBO– Transcode between codecsRegionalBranchSOHOMobileNomadic– Adapt IMS for enterpriseofficeofficeuseruserProprietary and Confidential8How SBC helps with SIP trunking interoperabilityPBXs are not always able to connect directly to carrier SIP trunks due to differences in SIP implementations or when H.323 is the only available IP interfaceAcme Packet solves this problem by providing: – Complete SIP header manipulation rule (HMR) capabilities to interwork different SIP dialects between PBX and carrier SIP trunking elements– Full H.323 – SIP interworking– Media transcoding & DTMF format (INFO / 2833) interworking– Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP) interworkingThese capabilities enable virtually any SIP or H.323 capable PBX or UC platform to talk to any carrier SIP trunk service– Proven interoperability with all of the major PBX and UC vendors & SIP trunk carriersEnterprise Telephony Service Provider SIPInfrastructure Trunking InfrastructureSIPMPLS VPNPSTNorH.323OCS 2007Proprietary and Confidential9How an enterprise SBC helps with SIP trunk troubleshootingA challenge for many enterprise telephony managers is to how to apply traditional TDM troubleshooting methods to SIP trunksThe enterprise SBC helps by providing an embedded probe that allows you to monitor all SIP & H.323 signaling and media traffic– Provides full signaling traces, ladder diagrams, and media statistics– Information is automatically collected and can be retrieved via EMS and can be sorted based on calling or called party number, SIP call ID, time-of-call, etc.– An embedded call recording utility is also provided– EMS allows partitioned access to control who can view what informationCall Diagram = Ladder Diagram & Detailed Message TraceStatistics = Media Quality Stats with MOS, packet loss, etc.Play = Bi-directional Media Recording Capability(on-platform Session Replication for Recording (SRR))Proprietary and Confidential10