six ways to get more from sip trunks
TRANSCRIPT
1
SIX (6) Ways to Get More From SIP Trunks
April 20, 2016
Steve Johnson, President
Ingate Systems Inc.
+1 (603) 883-6569
Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.
Ingate Systems – Quick Facts
• Founded 2001 with Intertex heritage from the 80s
• Headquarters in Stockholm, Sweden
• North American subsidiary in Massachusetts, USA
• Japanese liaison office
• A leader in real-time SIP communications with more than 50 000 small and 10 000 business and enterprise installations in 50+ countries
• Leading innovator with patents registered and pending
• First SIParator® (SIP Proxy based firewall & E-SBC) delivered in 2001
• First E-SBC certified by the ICSA Labs for VoIP SIP security firewall
• Ingate’s SIP Trunking Seminars at ITExpo since 2006 – Bringing SIP to the Enterprisehttps://www.ingate.com/itexpo_anaheim_2015.php
3
What is SIP Trunking?
Traditional Telephony
IP-PBX Firewall
Internet
SIP Trunking
Data & VoIP LAN
PSTNSIP Trunking
Provider Network GWSIP System
Session Border Controller
Firewall
Internet
Data LAN
PSTN
PBX
PRISIParator®
Simple, but the service provider or retailer needs to provide a good SBC for the UC (Unified Communications) environment.
4
Analyst Assessments
• 30% of North American enterprises have fully implemented SIP Trunking as of the first half of 2015 representing 35% growth from 2014 (Infonetics October 2015)
• The Enterprise Session Border Controller (E-SBC) market based on SIP trunking is estimated to grow by 20% per year 2014 – 2018 (Gartner June 2014)
• New solutions / technologies such as WebRTC will add to this growth
5
Rapid ROI
• Enterprises are moving to SIP Trunking to reduce their telecom expenses by 30 to 50% - Gartner June 2014: Market Guide for Enterprise SBC
• What are the drivers?– Enhanced functionality– Single network to manage– Centralized call control assets – Purchase just the number of sessions that are needed vs. a full PRI of 23 channels– Lower long-distance charges– Support for remote workers = lower mobile phone bills
• Reasonable conversion costs– IP-PBX– SBC– Communication devices (phones)
6
How good is the ROI?
• Depends on the company current environment and investment
• Payback is generally 6 months to 2 years
• Some customer feedback:– Regional medical care group invested in new PBX equipment, SBC and phones for 25
locations – Investment paid back in 9 months– Major call center reported 13 month payback and much better functionality– Government agency found significant cost-savings and plans to double session counts
as it transitions more users
• Many online ROI calculators offered by service providers to test your own potential savings
7
Benefit #1: Local Phone Numbers with Centralized Call Management
• With PRIs the local phone numbers have to be terminated at a local address– Results in duplicate PBXs, telephony management, maintenance agreements, etc.
• SIP Trunking enables localization (geographical independence)– Customers can call a local office, but the call control and routing are centralized– Customers can call a local number and reach a centralized call center– A business can move and retain their well-known phone number
• How is this possible?– SIP uses the power of the Internet to route traffic, vs. the old technology of point-to-point
telephony circuits
• Use your SBC to reap all the benefits– Calls can be routed to the local office depending on the number from which the call was
initiated– The centralized SBC can be programmed to display a Caller ID depending on the dialed number
8
Benefit #2: Control and Security• Traditional telephony offered few protections against unwanted calls, eavesdropping
or theft of service• Every SIP Trunking installation should have an E-SBC at the customer edge• E-SBCs can:
– Securely connect the PBX / UC Solution on the private LAN• The E-SBC resolves the Firewall / NAT traversal issues• Place your PBX behind the corporate firewall on a private IP address
– Reject unwanted calls• Create blacklists and whitelists
– Prevent theft of service• Require user authentication to prevent service theft
– Prevent Denial of Service attacks • Limit the number of calls from a particular IP address or domain
– Maintain privacy• Encrypt the SIP signaling and / or media to prevent eavesdropping
9
Benefit #3: Increased productivity and collaboration• Fact: 40% or more of employees work from home
• SIP gives these employees the same communication features as if they were in the office
• With the Ingate SIParator in place, remote workers can connect to their colleagues or to the PBX by Far-End NAT Traversal (FENT)– Extends the office environment to the home worker, traveling employee and small
branch offices– Enables collaboration without incurring charges for telephone lines to the home or
excessive mobile phone charges
• Result: More productivity from the entire team of workers wherever they are situated
10
Benefit #4: Scalability
• SIP Trunks can be turned up remotely and instantly– No new cables need to be connected– As long as adequate bandwidth is available
• Who benefits?– Seasonal businesses that have a call surge during busy seasons which then falls back
for the rest of the year– Rapidly expanding businesses– Businesses that want to run a special promotion that will expand the number of calls
• Scaling is only achievable with SIP Trunking
11
Benefit #5: Faster Disaster Recovery
• SIP is routed over the Internet and doesn’t depend on point-to-point connections
• In the event of a disaster that renders the primary business location unusable, a SIP service can be rerouted to another location based on IP address alone
• With SIP Trunking-redundant PBXs, service providers and SBCs can be installed to avoid single points of failure
• Redundant components can be geographically separated for greater peace of mind
• The Ingate SIParator can automatically reroute calls between PBXs or service providers
• For larger deployments Ingate offers a 48VDC power option
– Enables longer run time with installed battery backup services
12
Benefit #6: Foundation for Unified Communications / WebRTC
• Unified Communications adds new modes of business communication:– Voicemail converted to email– Video– Screen-sharing– Instant messaging and SMS
• Enables better business collaboration
• WebRTC is a new open protocol that will enhance these communication features
• Integrating SIP and WebRTC – soon to come in some SBCs - offers the business a low-cost, robust toolset to support collaboration in a decentralized work environment, B2C environments - When communications is important!
13
WebRTC Takes UC Further – With Ingate the Future is Soon
Then delivered via a CPE (e.g. an E-SBC + WebRTC & SIP Companion Gateway) as a demarcation point. Much more than “voice”!
With mobile devices, failover, battery backup, disaster recovery of the UC can come automatically
14Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.
Q&A
15Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.
Contact us to see how we can help you adopt SIP, SIP Trunking and WebRTC
Steve Johnson +1 (603) [email protected]
16
SLIDES TO CYCLE THROUGH DURING Q&A
17
Ingate’s SIParators are sized to meet your needs
Ingate’s SIP Trunking Seminars since 2006
Ingate, the driver/educator of SIP Trunking
Learn more at: http://www.ingate.com/itexpo_anaheim_2015.php
19
More Information:
• The Ingate SIParator® / Firewalls– Brochure of Ingate's Enterprise Session Border Controllers (E-SBCs)– Orientation and Installation - Ingate Software SIParator®/Firewall.
• Ingate’s WebRTC Development’s in Progress– Ingate’s WebRTC Offerings– https://www2.ingate.com/inprogress/intro1 – Open WebRTC Test Site: https://webrtc.ingate.com (Use Chrome!)
• Ingate’s SIP Trunking Seminars at ITExpo since 2006 – Bringing SIP to the Enterprise: https://www.ingate.com/itexpo_anaheim_2015.php – Presentations available
20
• WAN SIParator recommended with shared data and voice IP-pipe:– SIParator controls QoS (traffic-shapes to favor voice over data)
• Setup of existing Firewall using LAN or DMZ SIParator:– Port Forward 5060– Port Forward Media Port range
* Ingate can also be used as the complete combined data and voice enterprise firewall
Many Customer Network Configurations Supported:SIParator® Modes Are Used Together With Existing (non SIP Aware) Firewalls*
The E-SBC Provides Many Functions
Ingate’s SIParator® is the most complete.
Why is an E-SBC required to connect a PBX / UC?1) NAT/Firewall Traversal – Must NAT to same address space!2) Basic SIP and Network Interoperability - E.g. Authentication, Registrations,
UDP/TLS/TCP, Dynamic IP address, etc. 3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. QoS, Remote Users, Administration (remote and local)5) Security - E.g. Authentication, DoS protection. PBX designed to be public?
SIP Trunk
PSTN
SIP Trunking Provider NetworkGW
SIP System
VoIP & Data LAN
IP- PBX
PBX Type 1
Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.
Signaling:Media:
1) 2) 3) 4) 5)
Data LAN only
PBX with system phones
PBX Type 1.5
SIP Trunk Interface
2) 3) 4) 5)
VoIP & Data LAN
PBX Type 2
IP- PBX
Few PBXs are of this type. and can be compiled and configured this way It requires requires a lot.
2) 3) 4) 5)
22
Aastra Avaya Brekeke Broadsoft Cisco Call Manager Dialogic Digium/Asterisk Fonality Innovaphone Interactive Intelligence Iwatsu LG Nortel Microsoft Mitel
360 Networks ANPI Airespring AT&T BandTel Bandwidth.com Broadvox BT (British Telecom) Cablecom Cbeyond Cellip Comm Partners Cordia Corporation EarthlinkGamma Telecom Global Crossing IP-Only Nectart Juma Networks Level 3 Lightpath
Netlogic Nexvortex Nuvox O1 Primus RNK Telecom TDC Telavox Tele2 Tele Pacific Telia Toplink Tritel Virgin Media Verizon VoEX Voice Flex VoIP Unlimited Voxbone Voxitas Windstream XeloQMore in pipeline.....
Carrier Equipment Acme Packet / Oracle Broadsoft Metaswitch Sonus
NexPoint SER
And many more...
Confirmed InteroperabilitySIP Trunk Providers IP-PBXs
NEC Nortel BCM Nortel SCS Panasonic Samsung SER Shoretel Siemens SIP-Gear Snom Sonus Sphere Communications Swyx Tadiran TelecomMore in pipeline....
SIP Trunking
Compliant with
Ease of installation,Startup Tool:
23
EncryptionTermination / Transcoding
AuthenticationSIP
Filte
ring
Flexible Control
Near-EndTraversal
Firewall & NAT
Outstanding Value Thanks to Extensive Feature Set
SIP Proxy,ALG, B2BUA,
Registrar
Remote SIP Connectivity
VoIP
Survi
val
Accounting
QoS
, Taffi
c M
gmt
IP-PBX
CompatibilitySIP Trunking
ITSP
Compatibilit
y
ENU
M Support
Security
Far-EndNAT Traversal
SIP-ALG-Only Firewalls Rarely Even Copes
With This
SIP Trunking Tool Set
And Other E-SBCs Are Typically B2BUAs With Only a Subset of This
Unique Ingate Values!
Let’s look at the details!
24
EncryptionTermination / Transcoding
AuthenticationSIP
Filte
ring
Flexible Control
Near-EndTraversal
Firewall & NAT
Outstanding Value Thanks to Extensive Feature Set
SIP Proxy,ALG, B2BUA,
Registrar
Remote SIP Connectivity
VoIP
Survi
val
Accounting
QoS
, Taffi
c M
gmt
IP-PBX
CompatibilitySIP Trunking
ITSP
Compatibilit
y
ENU
M Support
SIP Security Features• Topology hiding• Authentication against a RADIUS Server or local db• Access control• Intrusion Detection System / Intrusion Protection System• Protection against
o Denial of Service and Distributed Denial of Service attackso Malformed message attackso RTP session hijackingo Packet-level intrusiono Session hijacking and redirectiono Vmail bombingo SIP spam (SPIT)
SIP Functions• SIP proxy• B2BUA on a per call basis• SIP Registrar• UDP/TLS/TLS SIP signaling in any combination• Supports all SIP services• PBX and ITSP interoperability• Monitoring any SIP signaling ports• Load balancing of SIP traffic• DNS override for SIP requests• Strict SIP parser (optional, security enhancing)• Dynamic port opening/closing, controlled by SIP proxy• Maintains the state of all sessions and rejects all unrelated SIP packets• Header manipulation and regular expressions• Encryption interworking
VPN Functionality• X.509 certificate and shared secret• Generation of X.509 certificate for clients• PPTP server• IPSec (3DES, AES, NULL, MD5 and SHA1)
Firewall/Routing• Stateful inspection• Packet filtering• Provides flexible NAT and PAT• Handles all data traffic• Dynamic port forwarding• Default gateway of the LAN• DCHP proxy and server
Monitoring and Diagnostics• SNMP V1, V2, V3• Internal logging to HD• Logging to PCAP file• Syslog• E-mail events• Automatic check for new releases
Enhanced SIP SecurityProvides signaling (TLS) and media (SRTP) encryption, including transcoding