Escolar Documentos
Profissional Documentos
Cultura Documentos
Federated
partners
To PSTN
UC
ASM
Control
Security & SLA assurance
Regulatory compliance
Private network
H.323
Regional
site
SIP
Remote
site
Internet
SIP
HQ/
campus
Nomadic/
mobile user
Teleworker
Remote
site
3. Internet border
2012 Avaya Inc. All rights reserved.
Collaboration
Solutions
Contact Center
Interaction
Solutions
Communication
Manager
Application
Enablement
Performance
Analytics
Presence
Services
Session Manager
Deskphones
Clients
System
Manager
Service
Provider
Network
SBC
Video
Endpoints
SM
SBC
SP
CM
Active/standby redundancy
Scales upto 5000 sessions
Redundant SIP connectivity to service
Applications
SIP trunking to PSTN providers
SIP trunking to hosted service providers
Security
Acme Packets proven SBC security
Evolution
Deployable on Avaya Aura System
Platform
Easily add SBC to existing installations
Flexible feature set for new applications
2012 Avaya Inc. All rights reserved.
problems
Proven configuration templates
Tested with SPs through DevConnect
Remote Worker
Mobile workspace security, secure distributed call
centers, remote workers, teleworkers
Confidently extend UC to mobile workspaces
across any network
Secure VPNless access
Core Security
Securely add various UC applications and devices
(voice, video, IM) across the corporate network
Compliance
Secured Media Replication/Forking for archiving,
logging
Presence
Server
Session Manager
Avaya
System
Manager
Communication
Manager
Aura
Avaya
SBCE
Untrusted Network
(Internet, Wireless, etc.)
VPNless Endpoint
SIP Trunking
Remote Worker
CS1000
SIP
Trunking
Avaya SBC
for Enterprise
SIP
Trunking
SIP
Trunking
Avaya SBC
for Enterprise
Avaya SBC
for Enterprise
SIP
Trunking
Avaya SBC
for Enterprise
11
Whats a DMZ?
A DMZ is used to provide a controlled separation at the edge of the
Enterprise network.
Our SBC can sit parallel to the FW or in the DMZ. Acme claims firewalls
destroy voice quality and that they are so secure they dont need it.
The security standard is to use a DMZ for Enterprise application access.
Security is about layers of protection.
CS1000
Enterprise
Avaya
SBCE
Firewall
Firewall
Internet
DMZ
SIP Trunks
Carrier
12
Enterprise
Internet
DMZ
Firewall
Firewall
Avaya
SBCE
SIP Trunks
Carrier
Carrier SIP trunks to the Avaya Session Border Controller for Enterprise
Avaya SBCE is located in a DMZ behind the Enterprise firewall
Services: security and demarcation device between the IP-PBX and the Carrier
NAT traversal,
Securely anchors signaling and media, and can
Normalize SIP protocol
2012 Avaya Inc. All rights reserved.
13
Internet
DMZ
Firewall
Firewall
Avaya
SBCE
Remote Workers
14
Carrier SBCs
SP Network
Enterprise Network
IP PBX
FW
Intranet
Carrier SBC
Carrier SBC
15
Enterprise SBC
Mobile Users,
Telecommuters
Enterprise Network
IP PBX
DMZ
Internal
FW
Avaya External
SBCE FW/NAT
Intranet
Avaya SBCE
Encryption
TLS proxy
SRTP proxy
Enablement
FW / NAT traversal
Call admission control
Signaling and media firewall
SRTP/
RTP
Remote Worker
SIP Trunking
Internet
Security
Floods and fuzzing prevention
Spoofing prevention (fingerprint verification)
Media anomaly prevention
Stealth attack prevention
Tollfraud Prevention
Anti-spam
Whitelist/Blacklist
Behavior learning
16
NAT Transversal
SBC External IP
Address
192.168.45.4
IP PBX
Enterprise
FW IP Address
96.54.23.10
Internet or Provider
Network
17
18
Call Servers
For SIP Trunking, an accepted architecture is:
Call Server + SBC
Call Server + SM + SBC
SM must be 6.x
19
Colt
Etisalat
Fastweb SPA
Frontier
Gamma
IntelePeer
KPN
Level 3
MTSAllStream
PAETEC
Phonect
QSC
Sprint
Swisscom
Tele2
Telefonica del Peru
Telenor
Teliasonera
TELUS
T-Mobile NL
UPC
Vamoin1/KPN
Verizon Business
Virgin Media
Vodafone DE
Vodafone NL
VoicePulse
Windstream
Worldnet P. Rico
XO
Rules of Thumb
SIP trunking usually 5 users per SS
Must account for higher ratio in small
Remote Worker must consider both
On-net and off-net requirements
Remember, in Dell configs, Encryption
Services impact capacity
2012 Avaya Inc. All rights reserved.
22
Two Licensed
Feature Groups
Three Hardware
Configurations
EMS
Core
Standard Service
Core
EMS + Core
Advanced Service
- Per session license
- Remote Worker, Media
repl. , Encryption
Portwell CAD-0208
EMS + Core
High
Availability
(HA)
Single
Availability
(SA)
Single
Availability
(SA)
23
23
Advanced Services
Encryption Services
SIP TLS TCP, UDP
sRTP RTP
Media replication
ACL/White/Black listing
DTMF manipulation
NAT
24
SBCE Hardware
SME offer (Portwell CAD-0208)
500 Sessions No HA
25
SBCE Hardware
SME offer (Portwell CAD-0208)
250 Encrypted Sessions No HA
26