1

SIX (6) Ways to Get More From SIP Trunks

April 20, 2016

Steve Johnson, President

Ingate Systems Inc.

+1 (603) 883-6569

Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.

Ingate Systems – Quick Facts

• Founded 2001 with Intertex heritage from the 80s

• Headquarters in Stockholm, Sweden

• North American subsidiary in Massachusetts, USA

• Japanese liaison office

• A leader in real-time SIP communications with more than 50 000 small and 10 000 business and enterprise installations in 50+ countries

• Leading innovator with patents registered and pending

• First SIParator® (SIP Proxy based firewall & E-SBC) delivered in 2001

• First E-SBC certified by the ICSA Labs for VoIP SIP security firewall

• Ingate’s SIP Trunking Seminars at ITExpo since 2006 – Bringing SIP to the Enterprisehttps://www.ingate.com/itexpo_anaheim_2015.php

3

What is SIP Trunking?

Traditional Telephony

IP-PBX Firewall

Internet

SIP Trunking

Data & VoIP LAN

PSTNSIP Trunking

Provider Network GWSIP System

Session Border Controller

Firewall

Internet

Data LAN

PSTN

PBX

PRISIParator®

Simple, but the service provider or retailer needs to provide a good SBC for the UC (Unified Communications) environment.

4

Analyst Assessments

• 30% of North American enterprises have fully implemented SIP Trunking as of the first half of 2015 representing 35% growth from 2014 (Infonetics October 2015)

• The Enterprise Session Border Controller (E-SBC) market based on SIP trunking is estimated to grow by 20% per year 2014 – 2018 (Gartner June 2014)

• New solutions / technologies such as WebRTC will add to this growth

5

Rapid ROI

• Enterprises are moving to SIP Trunking to reduce their telecom expenses by 30 to 50% - Gartner June 2014: Market Guide for Enterprise SBC

• What are the drivers?– Enhanced functionality– Single network to manage– Centralized call control assets – Purchase just the number of sessions that are needed vs. a full PRI of 23 channels– Lower long-distance charges– Support for remote workers = lower mobile phone bills

• Reasonable conversion costs– IP-PBX– SBC– Communication devices (phones)

6

How good is the ROI?

• Depends on the company current environment and investment

• Payback is generally 6 months to 2 years

• Some customer feedback:– Regional medical care group invested in new PBX equipment, SBC and phones for 25

locations – Investment paid back in 9 months– Major call center reported 13 month payback and much better functionality– Government agency found significant cost-savings and plans to double session counts

as it transitions more users

• Many online ROI calculators offered by service providers to test your own potential savings

7

Benefit #1: Local Phone Numbers with Centralized Call Management

• With PRIs the local phone numbers have to be terminated at a local address– Results in duplicate PBXs, telephony management, maintenance agreements, etc.

• SIP Trunking enables localization (geographical independence)– Customers can call a local office, but the call control and routing are centralized– Customers can call a local number and reach a centralized call center– A business can move and retain their well-known phone number

• How is this possible?– SIP uses the power of the Internet to route traffic, vs. the old technology of point-to-point

telephony circuits

• Use your SBC to reap all the benefits– Calls can be routed to the local office depending on the number from which the call was

initiated– The centralized SBC can be programmed to display a Caller ID depending on the dialed number

8

Benefit #2: Control and Security• Traditional telephony offered few protections against unwanted calls, eavesdropping

or theft of service• Every SIP Trunking installation should have an E-SBC at the customer edge• E-SBCs can:

– Securely connect the PBX / UC Solution on the private LAN• The E-SBC resolves the Firewall / NAT traversal issues• Place your PBX behind the corporate firewall on a private IP address

– Reject unwanted calls• Create blacklists and whitelists

– Prevent theft of service• Require user authentication to prevent service theft

– Prevent Denial of Service attacks • Limit the number of calls from a particular IP address or domain

– Maintain privacy• Encrypt the SIP signaling and / or media to prevent eavesdropping

9

Benefit #3: Increased productivity and collaboration• Fact: 40% or more of employees work from home

• SIP gives these employees the same communication features as if they were in the office

• With the Ingate SIParator in place, remote workers can connect to their colleagues or to the PBX by Far-End NAT Traversal (FENT)– Extends the office environment to the home worker, traveling employee and small

branch offices– Enables collaboration without incurring charges for telephone lines to the home or

excessive mobile phone charges

• Result: More productivity from the entire team of workers wherever they are situated

10

Benefit #4: Scalability

• SIP Trunks can be turned up remotely and instantly– No new cables need to be connected– As long as adequate bandwidth is available

• Who benefits?– Seasonal businesses that have a call surge during busy seasons which then falls back

for the rest of the year– Rapidly expanding businesses– Businesses that want to run a special promotion that will expand the number of calls

• Scaling is only achievable with SIP Trunking

11

Benefit #5: Faster Disaster Recovery

• SIP is routed over the Internet and doesn’t depend on point-to-point connections

• In the event of a disaster that renders the primary business location unusable, a SIP service can be rerouted to another location based on IP address alone

• With SIP Trunking-redundant PBXs, service providers and SBCs can be installed to avoid single points of failure

• Redundant components can be geographically separated for greater peace of mind

• The Ingate SIParator can automatically reroute calls between PBXs or service providers

• For larger deployments Ingate offers a 48VDC power option

– Enables longer run time with installed battery backup services

12

Benefit #6: Foundation for Unified Communications / WebRTC

• Unified Communications adds new modes of business communication:– Voicemail converted to email– Video– Screen-sharing– Instant messaging and SMS

• Enables better business collaboration

• WebRTC is a new open protocol that will enhance these communication features

• Integrating SIP and WebRTC – soon to come in some SBCs - offers the business a low-cost, robust toolset to support collaboration in a decentralized work environment, B2C environments - When communications is important!

13

WebRTC Takes UC Further – With Ingate the Future is Soon

Then delivered via a CPE (e.g. an E-SBC + WebRTC & SIP Companion Gateway) as a demarcation point. Much more than “voice”!

With mobile devices, failover, battery backup, disaster recovery of the UC can come automatically

14Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.

Q&A

15Ingate’s mission is to enable the best access for telephony, global real-time and unified person-to-person communication for everyone.

Contact us to see how we can help you adopt SIP, SIP Trunking and WebRTC

Steve Johnson +1 (603) 883-6569steve@ingate.com

16

SLIDES TO CYCLE THROUGH DURING Q&A

17

Ingate’s SIParators are sized to meet your needs

Ingate’s SIP Trunking Seminars since 2006

Ingate, the driver/educator of SIP Trunking

Learn more at: http://www.ingate.com/itexpo_anaheim_2015.php

19

More Information:

• The Ingate SIParator® / Firewalls– Brochure of Ingate's Enterprise Session Border Controllers (E-SBCs)– Orientation and Installation - Ingate Software SIParator®/Firewall.

• Ingate’s WebRTC Development’s in Progress– Ingate’s WebRTC Offerings– https://www2.ingate.com/inprogress/intro1 – Open WebRTC Test Site: https://webrtc.ingate.com (Use Chrome!)

• Ingate’s SIP Trunking Seminars at ITExpo since 2006 – Bringing SIP to the Enterprise: https://www.ingate.com/itexpo_anaheim_2015.php – Presentations available

20

• WAN SIParator recommended with shared data and voice IP-pipe:– SIParator controls QoS (traffic-shapes to favor voice over data)

• Setup of existing Firewall using LAN or DMZ SIParator:– Port Forward 5060– Port Forward Media Port range

* Ingate can also be used as the complete combined data and voice enterprise firewall

Many Customer Network Configurations Supported:SIParator® Modes Are Used Together With Existing (non SIP Aware) Firewalls*

The E-SBC Provides Many Functions

Ingate’s SIParator® is the most complete.

Why is an E-SBC required to connect a PBX / UC?1) NAT/Firewall Traversal – Must NAT to same address space!2) Basic SIP and Network Interoperability - E.g. Authentication, Registrations,

UDP/TLS/TCP, Dynamic IP address, etc. 3) SIP Repair - E.g. Call Transfer, Fragmented packets, Bugs, etc. 4) Features - E.g. QoS, Remote Users, Administration (remote and local)5) Security - E.g. Authentication, DoS protection. PBX designed to be public?

SIP Trunk

PSTN

SIP Trunking Provider NetworkGW

SIP System

VoIP & Data LAN

IP- PBX

PBX Type 1

Modern IP-PBXs are of this type. Media goes directly between phone and SIP Trunk.

Signaling:Media:

1) 2) 3) 4) 5)

Data LAN only

PBX with system phones

PBX Type 1.5

SIP Trunk Interface

2) 3) 4) 5)

VoIP & Data LAN

PBX Type 2

IP- PBX

Few PBXs are of this type. and can be compiled and configured this way It requires requires a lot.

2) 3) 4) 5)

22

Aastra Avaya Brekeke Broadsoft Cisco Call Manager Dialogic Digium/Asterisk Fonality Innovaphone Interactive Intelligence Iwatsu LG Nortel Microsoft Mitel

360 Networks ANPI Airespring AT&T BandTel Bandwidth.com Broadvox BT (British Telecom) Cablecom Cbeyond Cellip Comm Partners Cordia Corporation EarthlinkGamma Telecom Global Crossing IP-Only Nectart Juma Networks Level 3 Lightpath

Netlogic Nexvortex Nuvox O1 Primus RNK Telecom TDC Telavox Tele2 Tele Pacific Telia Toplink Tritel Virgin Media Verizon VoEX Voice Flex VoIP Unlimited Voxbone Voxitas Windstream XeloQMore in pipeline.....

Carrier Equipment Acme Packet / Oracle Broadsoft Metaswitch Sonus

NexPoint SER

And many more...

Confirmed InteroperabilitySIP Trunk Providers IP-PBXs

NEC Nortel BCM Nortel SCS Panasonic Samsung SER Shoretel Siemens SIP-Gear Snom Sonus Sphere Communications Swyx Tadiran TelecomMore in pipeline....

SIP Trunking

Compliant with

Ease of installation,Startup Tool:

23

EncryptionTermination / Transcoding

AuthenticationSIP

Filte

ring

Flexible Control

Near-EndTraversal

Firewall & NAT

Outstanding Value Thanks to Extensive Feature Set

SIP Proxy,ALG, B2BUA,

Registrar

Remote SIP Connectivity

VoIP

Survi

val

Accounting

QoS

, Taffi

c M

gmt

IP-PBX

CompatibilitySIP Trunking

ITSP

Compatibilit

y

ENU

M Support

Security

Far-EndNAT Traversal

SIP-ALG-Only Firewalls Rarely Even Copes

With This

SIP Trunking Tool Set

And Other E-SBCs Are Typically B2BUAs With Only a Subset of This

Unique Ingate Values!

Let’s look at the details!

24

EncryptionTermination / Transcoding

AuthenticationSIP

Filte

ring

Flexible Control

Near-EndTraversal

Firewall & NAT

Outstanding Value Thanks to Extensive Feature Set

SIP Proxy,ALG, B2BUA,

Registrar

Remote SIP Connectivity

VoIP

Survi

val

Accounting

QoS

, Taffi

c M

gmt

IP-PBX

CompatibilitySIP Trunking

ITSP

Compatibilit

y

ENU

M Support

SIP Security Features• Topology hiding• Authentication against a RADIUS Server or local db• Access control• Intrusion Detection System / Intrusion Protection System• Protection against

o Denial of Service and Distributed Denial of Service attackso Malformed message attackso RTP session hijackingo Packet-level intrusiono Session hijacking and redirectiono Vmail bombingo SIP spam (SPIT)

SIP Functions• SIP proxy• B2BUA on a per call basis• SIP Registrar• UDP/TLS/TLS SIP signaling in any combination• Supports all SIP services• PBX and ITSP interoperability• Monitoring any SIP signaling ports• Load balancing of SIP traffic• DNS override for SIP requests• Strict SIP parser (optional, security enhancing)• Dynamic port opening/closing, controlled by SIP proxy• Maintains the state of all sessions and rejects all unrelated SIP packets• Header manipulation and regular expressions• Encryption interworking

VPN Functionality• X.509 certificate and shared secret• Generation of X.509 certificate for clients• PPTP server• IPSec (3DES, AES, NULL, MD5 and SHA1)

Firewall/Routing• Stateful inspection• Packet filtering• Provides flexible NAT and PAT• Handles all data traffic• Dynamic port forwarding• Default gateway of the LAN• DCHP proxy and server

Monitoring and Diagnostics• SNMP V1, V2, V3• Internal logging to HD• Logging to PCAP file• Syslog• E-mail events• Automatic check for new releases

Enhanced SIP SecurityProvides signaling (TLS) and media (SRTP) encryption, including transcoding