Session Border Controller

Transcription

Semana de atualização Avaya
Conceitos e Introdução ASBCE
Sérgio Tani – Systems Engineer
Westcon Brasil
Agenda
•
•
•
•
•
•
•
What’s a Session Border Controller?
What’s for?
Where we can use it?
Executive Summary
Enterprise SBC – Trends and Drivers
Avaya SBC for Enterprise Offer
Competition & Positioning
O que é um SBC?
• Um Session Border Controller (SBC) é um
dispositivo de reconhecimento de sessão VoIP
que controla a admissão de chamada para uma
rede em sua “borda” e, opcionalmente
(dependendo do dispositivo), executa uma série
de funções de controle de chamadas para aliviar
a carga sobre os elementos de chamada dentro
da rede.
O que é um SBC? (cont.)
• O Session Border Controller divide-se em duas
partes logicamente distintas.
• A função Signaling SBC (SBC-SIG) controla o
acesso de mensagens de sinalização VoIP para o
núcleo da rede, e manipula o conteúdo dessas
mensagens.
• A função Media SBC (SBC-MEDIA) controla o
acesso de pacotes de mídia para a rede, oferece
serviços diferenciados e de QoS para diferentes
fluxos de mídia.
Agenda
•
•
•
•
•
•
•
What’s for?
Executive Summary
Para que um SBC é usado?
• Funções básicas:
• Proteger a borda da rede de um Service Provider
• Prover Call Admission Control
.
• Funções adicionais:
•
•
•
•
QoS
Media Bridging
Interoperabilidade entre protocolos de sinalização
Rastreamento de chamadas (para efeito de CDR)
Agenda
•
•
•
•
•
•
•
What’s for?
Executive Summary
Onde são usados os SBCs?
• Session Border Controllers normalmente são
implementados na DMZ de uma rede.
• Session Border Controllers podem ser
implementados em quaisquer dos seguintes
cenários.
Cenários possíveis
• Na borda entre um SP e seu cliente (User Network Interface –
UNI)
• Na borda entre dois SPs com acordo recíproco a respeito do
tráfego VoIP (Network-to-Network Interface – NNI)
• Dentro da estrutura do SP ofertando serviços VPN para seus
clientes, fazendo o bridge de chamadas através das
localidades VPN de seus clientes
• No core de uma rede, com o intuito de resolver problemas de
topologia para comunicações internas
• Fazendo a função de “transcoding” centralizado
Cenário UNI
Cenário NNI
Cenário VPN
Resolvendo problemas internos de
topologia
Centralized codec transcoding
Agenda
•
•
•
•
•
•
•
•
What’s for?
Executive Summary
How to Order
Executive Summary
It’s all about secure collaboration !
• Expand the scope of
an existing Avaya
collaboration solution
• SIP is inherently
unsecure! Your
customer is at risk!
Securely leverage SIP
Trunking or Remote
Worker capabilities
• Enable BYOD
strategies of your
customers
Business Proposition
Unified
Communications
Market is Primed!
The future of
collaboration
is now, with massive
market potential and
Avaya Market
Leadership
Minimum training
required for partners
who already hold UC
or IP Office Sales
and Design
Authorizations
Quickly ramp to
expand the
collaboration
capabilities of your
customer beyond
enterprise borders
Agenda
•
•
•
•
•
•
•
•
What’s for?
Executive Summary
How to Order
Customers Facing Rapid Technology
Change
More Collaboration and Mobile Devices…
More Enterprise
Security 802
Threats 30%
400%
4:1
Mobile
projects will
outnumber
PC projects
Million
Increase in
dedicated
video soft
clients by 2016
Tablets by
2016
Increase in
mobile
enterprise
investments
through
2015
16%
Of enterprise
will be cloud
based by 2015
Source: Gartner
The business advantages to SIP are clear
• Operational efficiencies
• Collaborative communications
• Network consolidation
Could This Be Your Network?
Communications Fraud Control
Association survey shows 34
respondents with $2.0 billion in
telecom fraud losses
(2011)
FBI warning VoIP attacks
TDoS attacks allow thieves to loot
bank account information
(May 2010)
Hackers phone home on our coin
Stolen calls - in just 15 days, over
$30,000 in calls made globally
(February 2012)
VoIP Attacks on The Rise!
Secure Your VoIP Servers –
blog.sipvicious.org
Cloud-initiated wave of SIPVicious
port 5060 scans lead to €11 million
loss (October 2010)
Massive DDoS attack
crashes TelePacific VoIP
system. Average 34
million SIP traffic VoIP
connections requests…
shot up to 69 million
[in 1 day] flooding their
systems
(March 2011)
65% of Organizations Experience
Three DDoS Attacks a Year, But
Majority are Unprepared to Mitigate
Attacks
(November 2012)
FBI finds Philippine hackers
compromised AT&T business
customers used their phone
systems to call phone numbers revenues to hackers. Scheme cost
AT&T $2.0 million
(November 2011)
Hacker toured dozens of global conference rooms using common videoconferencing equipment. Easily hacked several top
venture capital, law firms, pharmaceutical and oil companies…(and) the Goldman Sachs boardroom. Videoconferencing
systems were designed with visual and audio clarity in mind, not security
(January 2012)
VoIP Security is Different
Layer 3 attack
Layer 4 attack
OS attack
Application attack
SIP protocol fuzzing
SIP denial of service/distributed denial of service
SIP spoofing
SIP advanced toll fraud (call walking, stealth attacks)
Remote Worker
Media Replication
Signaling/Media Encryption
Firewall
IDS / IPS
SBCE
Standard
SBCE
Advanced
IP-PBX
…requires intimate knowledge of VoIP and call states
The Solution – Avaya Session Border
Controller for Enterprise Portfolio
Industry Leading
Enterprise UC
Security
 Secure VoIP
and UC over any
network to any
device, including
smartphones,
alternative devices
and SIP endpoints
 Innovative VPN’less
remote worker
offering - enabling
true BYOD
Price/Performance
Optimized for
Enterprise & SME
 Fit for purpose SME /
Enterprise solution
 Not a repackaged
carrier SBC
 Scalability – up to 2,000
sessions
 High Availability
 TCO & ROI
Ease of
Implementation
& Management
 Rapid implementation
of safe SIP trunks,
remote workers and
advanced UC
applications
 SIP trunks operational
in minutes, not months
 GUI-based SIP
normalization tool
Enterprise networks reach well past the network border
Service Provider
Enterprise
Multimedia
Apps.
Customer
Interaction
Everywhere else
Collaboration
Automation
Apps.
Applications
SIP
SIP
SIP
Trunks
Avaya
SBCE
Avaya
SBCE
SIP
Unified Communications Security –
Should You Care?
Credit card privacy rules: other compliance laws require security
architecture specific to VoIP and other UC.1
Up to
of attacks
Increase
‘VoIP hacking at
new levels2
VoIP scanning –
botnets, Cloud used
for VoIP fraud3
Reduce
Deployments by
VoIP /UC security
reduces VoIP / UC
deployment time
by one third4
Toll fraud: yearly enterprise losses in Billions
inadequate securing of SIP trunks, UC and VoIP applications5
1
4
2
5 Communications
Payment Card Industry Data Security Standard (PCI DSS)
VIPER LAB Honeypot research
3 VIPER LAB Honeypot research
Aberdeen Group 2011
Fraud Control Association (CFCS) 2008 Survey
So … why do I need to secure SIP?
•
•
•
•
Cost reduction
Flexibility
Risk mitigation
Compliance
• Encryption is needed in many apps
• BYOD (real time applications)
• Provide VPN-less encrypted sessions
It’s all about secure collaboration !
Agenda
•
•
•
•
•
•
•
•
What’s for?
Executive Summary
How to Order
Application Specific Security
Application Level
Security Proxy
Firewall
(Policy Application,
Threat Protection Privacy,
Access Control)
Firewall
Avaya
SBCE
Complements Existing Security Architecture
Avaya Session Border Controller for Enterprise
A New But Already Proven Solution
Avaya SBCE 6.2 is further enhanced with …
• Substantial interoperability testing
and improvements in Avaya UC
environments especially for
VPN’less remote worker
• Testing against all Avaya UC
platforms
•
•
•
Avaya Aura®
IP Office
CS 1000
• New hardware platform
targeted at SMEs
(GA: Jan 2013)
• New product structure
•
Separation of ordering
hardware and software
• Fully integrated into Avaya
processes and tools
•
•
•
Ordering and Logistics
Services access
Available in ASD
Deployment Models
•
SIP Trunking (requires standard licenses)
•
•
Remote Worker (requires standard +
advanced licenses)
•
•
•
•
Enforce security policies of the enterprise
while solving demarcation issues
Mobile workspace security, secure
distributed call centers, remote workers,
teleworkers
Confidently extend UC to mobile
workspaces across any network
Secure VPN’less access enabling true
BYOD
Compliance (requires standard +
advanced licenses)
•
Secured Media Replication/Forking for
archiving, logging
Avaya SBCE: SIP Trunking Architecture
Use Case: SIP Trunking to Carrier
• Carrier offering SIP trunks as lower-cost alternative to TDM
• Heavy driver for Enterprise adoption of SBC
• THE DMZ IS A SECURITY RECOMMENDATION, NOT A REQUIREMENT
DMZ
Enterprise
Avaya
SBCE
Firewall
Firewall
IP PBX
Internet
SIP
Trunks
Carrier
Carrier SIP trunks to the Avaya Session Border Controller for Enterprise
 Avaya SBCE is located in a DMZ behind the Enterprise firewall
 Services: security and demarcation device between the IP-PBX and the Carrier
− NAT traversal,
− Securely anchors signaling and media, and can
− Normalize SIP protocol
Secure Remote Worker with BYOD
Avaya Aura
Conferencing
Aura
Messaging
Session Manager
Avaya
Presence
Server
System
Manager
Communication
Manager
Aura®
Personal PC, Mac or iPad devices
Avaya Flare®, Avaya one-X® SIP client app
App secured into the organization,
not the device
One number UC anywhere
Avaya
SBCE
Untrusted Network
(Internet, Wireless, etc.)
Introducing…
Avaya SBCE – Targeted for the SME Market
• GA January 2013
• Enterprise class SIP Security for SME
• Price / performance optimized for SME
• Superior ease of implementation
and management
Enterprise-Class
Priced for SME!
 Enhanced DoS, Toll
Fraud Protection
 GUI based EMS
and SIP
Normalization Tool
 Scalable to largest
SME environments
Upgradable
Advanced Features
 VPN-less SIP
remote worker
protection
 Signaling/Media
encryption
 Media Replication
SME Targeted
Implementations
Ideal for IP Office,
Avaya Aura® ME
and Branch
implementations
with up to 500
SIP sessions
Agenda
•
•
•
•
•
Executive Summary
Target Markets & Use Cases
Competition and Positioning
SME
Gov’t
Avaya SBCE 6.2
Avaya SBC for Enterprise
fully supported
by IP Office 8.1.
Government
agencies are
transforming their
communications
infrastructures
Enterprises evolving to
UC
Unified Communications
Customers
Cross
more
advanced in their
Cost & Value conscious
Industry
adoption of VoIP
customers
Avaya Session Border Controller for
Enterprise Use Case: SIP Trunking
Business
Issue
• A major bank adopts SIP trunking to cut telecoms costs
• SIP trunks are for in-bound call center representatives –
retail banking customers
• In hours bank’s new system has VoIP Denial of Service attack.
Effectively:
• Blocks all call center service calls
• Cuts off customer communications
Solution
with SIP trunk termination needs and requirements
for companies large and small
• DoS and DDos Prevention
Benefits
• Secures the Enterprise Border
• Provides SIP normalization between
the enterprise and the carrier
Use Case: Secure Remote Workers
Business
Issue
• An enterprise needed to upgrade their communications
infrastructure ensuring a secure, quality driven collaboration
network that could support a large global workforce dispersed
across many locations including home based-workers
• They needed to securely manage BYOD demands for their
salespeople, IT department, and other increasingly mobile
remote and mobile employees.
Solution
 The Avaya Aura core communications platform
secured by the Avaya SBCE, delivered a secure
SIP infrastructure that ensured remote and mobile
employees had secure collaboration
• Ensured ease of implementation and deployment and excellent
Benefits
QoS across hundreds of locations
• Ripped and replaced VPN phones with secure SIP phones
improving convenience and support
• Enabled secure collaboration for over 20,000 employees
worldwide
Agenda
•
•
•
•
•
•
•
•
What’s for?
Executive Summary
How to Order
How to position Avaya SBCE
Small Enterprise
Large Enterprise
Market
Segment
• Avaya IP Office
• Avaya Aura® solution for
Midsize Enterprise
• SIP Trunking <= 500
sessions
SBCE 6.2 on
Portwell server
• Avaya IP Office
Midsize Enterprise
• Full Avaya Aura solution
• CS 1000
• SIP Trunking > 500 sess.
• VPN-less Remote
Worker / BYOD
SBCE 6.2
with advanced
features on
Dell server
• Avaya IP Office
Midsize Enterprise
• Full Avaya Aura solution
• CS 1000
• SIP Trunking > 500 sess.
• VPN-Remote Worker /
Any
mode from any device
BYOD
• High Availability
SBCE 6.2
with advanced
features on
Dell server
with HA
Customer
Characteristics
Key Selling Points
*Remote Worker capabilities for IP Office and CS1000 will be provided post GA in a Service Pack
Offer
Avaya Session Border Controller for
Enterprise Competitive Differentiators
True Enterprise
Solution
Designed from
the ground up for
enterprise needs
Advanced Threat
Protection
based on active,
primary research
Ease of
Implementation
and Management
Innovative VPN’less
remote worker
solution Enabling true BYOD
Simple Upgrade
Path for Advanced
Applications
Common Criteria
Certification (EAL3+)
SBC Competitors
•
•
•
•
Acme Packet – Carrier SBC
Sonus – Carrier SBC
Ingate – SME SBC
AudioCodes – SME and
Enterprise SBC
• Edgewater – Enterprise SBC
• Genband – Enterprise SBC
• Cisco – Enterprise SBC
To learn more visit the Avaya
SBCE COMPETITIVE
PORTAL
Agenda
•
•
•
•
•
•
•
•
What’s for?
Executive Summary
How to order
Avaya SBCE - Simple “1,2,3” model
Avaya SBCE Product Options
Server
Max. # of Sessions –
without encryption
Max. # of Sessions –
with encryption (TLS,
SRTP)
Standard
Software
License
Advanced
Software
License
High
Availability
Portwell
CAD-0208
500
250



Dell
R210-II XL
2,000
1,000



HP DL360
2,000
1,000



(migrations only)
•
•
High Availability requires an extra Dell R210-II XL to run a separate EMS
(Element Management System) in addition to the 2 core servers
The HP DL 360 is the common server hosting the AA-SBC Code and will be
supported for migrations from AA-SBC to A SBCE software
Avaya SBCE Feature Groups
Standard Services – Secure SIP Trunking
• Broadly scalable based on platform
• High availability solutions with stateful failover
• EMS: well-constructed ‘craft’ interfaces for
simplicity of implementation and administration
• Advanced UC Security: Toll Fraud, Call
Walking, etc.
• Deep Packet Inspection (SIP and Media)
• DoS/DDoS (flood, resource hang/open
transaction, crash/fuzz)
• ACL/White/Black listing
• SIP Normalization – SIP trunk integration
module STIM
• Call Admission Control
• Quality of Service marking and tracking
• DTMF manipulation
• NAT
• RFC 5853 Compliant
Advanced Services
• Remote Worker: validate and securely
support remote/mobile users for
extension of Avaya Aura UC services
•
•
•
VPN-less
Supports both near and far end NAT
Supports Avaya hard and soft clients
per solution-tested compatibility matrix
• Encryption Services
•
•
SIP TLS ↔ TCP, UDP
sRTP ↔ RTP
• Media replication
•
Ability to fork media
to a recording device
Avaya SBCE Software Licenses
•
Standard and Advanced Licenses can reside on same SBCE as required
•
•
•
# of advanced licenses needs to match # of standard licenses
# of licenses are based on simultaneous sessions
Configuration Examples (software only)
•
Solution for 200 SIP Trunks (without encryption)
– 200 * 270137 “ASBCE R6.2 STD SVCS LIC 1-500”
•
Solution for 200 SIP Trunks (with encryption)
– 200 * 270390 “ASBCE R6.2 ADV SVCS LIC 1-500”
•
Solution for 75 Remote Worker sessions
•
Solution for 200 SIP Trunks (with encryption) and 75 Remote Worker sessions
Avaya Aura® Suite Licensing
Driving user profile driven collaboration oriented sales conversations
Mix & Match per user across the enterprise
Optional Video Room connectivity
Optional a-la-carte
Conferencing or Scopia (/port)
Collaboration Suite
Mobility Suite
Avaya Aura Conferencing
(Audio/Web/Video)
Optional a-la-carte
Conferencing or Scopia (/port)
Avaya
SBCE
Avaya Aura
One-X Messaging
Mobile/
SIP/iOS/CES
Flare
for iPad
EC500
Voice
Foundation Suite
Avaya Aura
CM,SM, SMGR
Avaya Aura
Presence
one-X
Communicator
w/Video
Voice
ACE 6.2
MS Lync
Plug in ACA w/ Video
CM
Messaging
Flare
for iPad
EC500
Avaya Aura
CM, SM, SMGR
Avaya Aura
Presence
ACE
ACE
Flare
for PC
Avaya
SBCE
Flare
for PC
ACE 6.2
MS Lync
one-X
Communicator
w/Video
Voice/Web/Video
Avaya Aura
CM, SM, SMGR
Scopia /user *
Desktop & Mobile
Avaya Aura
One-X
Mobile/ Messaging
SIP/iOS/CES
Avaya Aura
Presence
one-X
Communicator
w/Video
ACE
CM
Messaging
Flare
for PC
ACE 6.2
MS Lync
CM
Messaging
* per-user Scopia ships FQ3
End of Sale – Avaya Aura SBC
• Effective May 6th 2013, Avaya will no longer sell
(make commercially available) the Avaya Aura
Session Border Controller (AA-SBC).
• The HP DL360 server which serves the AA-SBC
software will be used for the A SBCE code so no
hardware swap is required. If the customer has new
requirements for more than 750 SIP Trunk Sessions,
a new A SBCE will be required with new hardware.
• EoS Announcement https://downloads.avaya.com/css/P8/documents/10
0168696
Obrigado!
Sérgio Tani
Systems Engineer – Westcon
[email protected]
+55 11 5525-7257
+55 11 99917-7123

Session Border Controller

Transcription

Similar documents

IP Office Basic Edition

Avaya B179 Conference Phone

Multichannel Contact Center - IP Office Contact Center

Avaya 1220 IP Deskphone

AvayaLive Video Fact Sheet

Transport company gets data

avaya-tenovis. the right combination to enhance your success.

Avaya Communication Server 1000E