Recently in IP Telephony Category
As part of a continuing series on Office Communications
Server 2007, this article will discuss the product's native telephony
capabilities.
As I've asserted many times, Unified Communications (UC) is an architecture
that may include many functional components, enablers and features. Presence,
Unified Messaging, Click-to-Dial, Simultaneous Ring, and mobility are just some
of the attributes that are often associated with UC. All of those play an
important role in UC but the core functional component of UC remains telephony.
In the context of this article, telephony refers to all of the features and
functionality associated with an enterprise-class business voice service.
Modern telephony services are now IP-based, either in the form of a
premise-based IP-PBX, a hosted IP Telephony service or various hybrid models.
When Microsoft announced the release of OCS in the fall of 2007 there were many
who claimed that it signaled the end of the PBX and that IP-PBX vendors such as
Cisco, Avaya, Nortel, NEC, Siemens, Mitel and others would be seriously
impacted by Microsoft's entry into the VoIP market. OCS does have VoIP
capabilities, but for most medium to large enterprise, the product's native
telephony features and functionally is inadequate. OCS can integrate with
IP-PBXs to provide the telephony requirements necessary for business. However,
the integration is not elegant (in most cases it must be done via media
gateways) and other than basic telephony features such as call origination and
transfer, the bulk of the enterprise telephony functionality will be provided
by the PBX; not OCS.
What follows is a partial list of telephony features and functionality required
(or expected) by most medium and large enterprise that are not available from a
standalone OCS solution:
E911
E911(as a telephony feature) refers to the ability of a telephony system to accurately identify the
location of the 911 caller and to accurately deliver that information to the
correct emergency dispatch location. That can be tricky in the world of IP
Telephony since IP Phones can easily be moved from one location to another.
However, there are proven and reliable ways to address the challenge. While
there are a variety of approaches, all major IP Telephony vendors have E911
functionality natively or have integrated 3rd party products into their
solutions.
In some cases, it is acceptable to have one or more analogue circuits to
provide E911 functionality. Also, an IP-PBX system installed in a small office
may not require E911 functionality if it is connected to the PSTN directly
since the telephone company would take care of the 911 location and routing
functionality.
However, in any large enterprise environment, E911 functionality is mandatory.
I've heard the argument that whether E911 functionality is required or not is
based on regulatory requirements for the location in question: nonsense! A
telephony architect or implementer has a moral responsibility to ensure that a
caller can place an emergency call when needed and that the call will be routed
to the correct location with the correct information.
SIP Trunking
IP Trunking, commonly referred to as SIP Trunking (since SIP has become the de facto
signaling protocol), is a relatively new method of connecting IP Telephony
systems to the PSTN. Traditionally, and still the most common approach, IP
Telephony systems are connected to the PSTN via Media Gateways. These devices
also known as IP Gateways, PSTN Gateways or VoIP Gateways, convert VoIP from
the IP Telephony system to ISDN or analogue circuits from the PSTN.
IP Trunking has many advantages, over the gateway approach including the fact
that it can improve the quality of voice calls by reducing, or eliminating,
conversions from one audio encapsulation method to another. Other advantages
are cost, eliminating points of failure, maintenance and other advantages which
I have listed in one of my previous articles on the subject.
Remote Survivability
Remote Survivability refers to the ability of a site, geographically separated
from centralized call control or PSTN connectivity or both, to remain
functional even if the site becomes isolated from the rest of the telephony
system. For example, if the network link between a branch office and the IP-PBX,
located at a company's head office is severed, the branch office may have a
requirement for telephony services to remain functional. The level of required
functionality will be dictated by the business requirements. IP-PBX vendors use a variety of methods
to provide remote survivability to their IP Telephony solutions which involves
distributing some, or all call processing functionality and PSTN connectivity.
Music on Hold
Most enterprises expect their telephony systems to play music, or some other
source of audio, to callers when placed on hold or when a call is transferred.
It is a basic functional component of any legacy or IP-PBX. In fact, most
enterprise systems support Music on Hold from a variety of sources and in some
cases, custom audio announcements whose content may be based on geographic
location or other criteria.
Hunt Groups
A common feature of a PBX is the ability to have incoming calls directed to a
queue where calls will be answered by agents based on a variety of criteria
including but not limited to first available agent, least busy agent, round
robin and others.
Attendant Console
While becoming less popular, many organizations still require that a live
person process all incoming calls for an organization or an enterprise
department. An Attendant Console will usually support many incoming calls and
will provide the attendant with visual and audio prompts and queues to aid in
the efficient processing of calls.
Admission Control
Admission Control allows a telephony system to refuse call attempts or to redirect
calls when it detects that insufficient network resources are available to
provide a quality voice path. I've heard Microsoft representatives make claims
that Call Admission Control is not required, but for the reasons discussed in
this previous article, I disagree.
Standards
One of the benefits IP Telephony systems is that many vendors support industry
standards such as SIP for signaling, and CODECS such as G.711 and G.729. While
not perfect, interoperability among vendors has been steadily improving for the
last several years. As a result it is now possible, for example to install an
IP-PBX from one vendor and select lower cost IP Phones from a different
vendor. Not so with Microsoft since they have chosen to implement their own
spin on SIP and have chosen their own proprietary CODEC called RTAudio. To date,
the only supported OCS phones are a model by Nortel/LG and a model by Polycom.
Neither phone supports LLDP-MED, a link discovery protocol that can play an important role with respect to VLAN, DHCP and Power over Ethernet configuration. The proprietary nature of the product also excludes the possibility of using 3rd party softphones such as the very popular X-Lite.
Geographic Diversity
A benefit for many large organizations deploying IP Telephony is that the
any-to-any nature of IP networks allows IP Telephony systems to be designed
with a high degree of redundancy by separating the call control functions
geographically. The business continuity benefits of such architecture can be
very compelling. OCS does not support geographic diversity.
Conclusion
I remember when Cisco first got into the telephony market approximately 10
years ago. Relative to the features and functionality available from TDM-based PBXs
(not to mention service quality and reliability), their product had minimal
functionality. As a result, it took many years of product development for their
IP Telephony product to move beyond the early adopters and into the mainstream
marketplace we see today.
Microsoft will, I am confident, continually improve their telephony
capabilities, but like Cisco, it won't happen overnight. Meanwhile, the IP-PBX
will remain alive and well for quite some time. And while Microsoft adds
telephony features to OCS, the PBX vendors will continue to evolve and improve
their own products; both from a telephony and an overall UC perspective.
The PBX is alive and well. And while it will continue to evolve, the PBX and
its leading vendors won't be disappearing any time soon.
Rick McCharles
Unified Communications Practice Principal
RIC Services,
Stumble It!
OCS is a Unified Communications (UC) product that integrates with Microsoft applications. It provides voice, presence, web/audio/video conferencing and integration with messaging systems. OCS can also integrate with PBXs, both TDM and IP-PBX. The introduction of OCS in the fall of 2007 created a lot of market hype and in my view, confusion. Microsoft marketing did a great job of capturing media attention and giving the impression that OCS was a revolutionary new communications technology and that enterprise communications, from that point forward, would be transformed forever. So effective was the marketing campaign, that some large organizations halted their VoIP migration planning in order to consider how OCS might alter their strategy.
The intent of this article and more that will follow, is to separate hype from reality so that you can make informed decisions about UC and how OCS should fit into your UC strategy. This first in this series of OCS articles discusses the topics of Call Admission Control (CAC) and Quality of Service (QoS).
Call Admission Control and Quality of Service – Short Tutorial
In the context of telephony, CAC refers to a telephony system's ability to decide whether a call request should be allowed or not. In the world of IP Telephony, VoIP is the common method of transporting voice. Analogue voice is converted to a digital from, encapsulated in IP packets, and then transported across a data network. A data network is made of a series of network links all of which have limits with respect to the amount of data they can carry at any give time. When a network link is oversubscribed, devices responsible for sending the data across the links will randomly drop data, which is what they are designed to do.
Quality of Service (QoS) mechanisms can be designed into networks to ensure that during periods of congestion, certain types of data will get priority over others. In IP Telephony implementations, voice and telephony-signaling data packets are marked with a priority label that informs routers that, in the event of congestion, that they should give priority to the telephony packets. However, if the amount of prioritized traffic exceeds a links capacity, then the router has no choice but to randomly drop even this high priority traffic. If the high priority traffic is telephone conversations then the quality of all calls will be affected, not just the call that exceeded the links capacity. This is where CAC steps in to avoid this situation.
CAC approaches vary but in all cases it consists of the system not allowing more calls than a resource can support. The most robust method will, in real-time, discover the available bandwidth available across the entire path of a proposed new call, then decide if the call should be allowed, and reserve the resource for the duration of the call. If insufficient resources are available the system can refuse the call or send the call across a backup path (like a PSTN gateway). More basic systems require a human to configure the system in advance with the maximum number of calls that should be allowed across a particular network path regardless of how much of the resource is available at the time of the call request.
Some of the arguments that I've heard, usually from vendors that don't support CAC, is that a network can be engineered in advance so that the over subscription problem never occurs (design for worst case). For a number of reasons, that approach is not practical in large enterprise environments. For one thing, bandwidth is not free. Second large IP networks are often designed so that automatic rerouting can occur during failures. In many instances the backup links will have less bandwidth than the primary links. So, a system designed to allow a certain number of calls based on a primary link's bandwidth could over subscribe a backup link.
OCS Support for QoS and CAC
While OCS does support marking voice payload packets for priority network treatment (DiffServ through DSCP) that functionality is not enabled by default. OCS has no Call Admission Control functionality. Microsoft claims that QoS and CAC are not required to ensure voice quality in an OCS environment. Microsoft uses a proprietary CODEC called RTAudio. The RTAudio codec is designed to detect network congestion or quality issues and to modify its bandwidth requirement accordingly. Also, the CODEC has an algorithm that allows it to send multiple duplicate packets to increase the probability that packets will arrive at their destination when network problems are encountered. As a result Microsoft argues that QoS and CAC are not required.
In my view, that logic is fine for Internet Telephony solutions. That is, if you’re transporting voice traffic across the Internet, then a CODEC that modifies its data usage and sends multiple copies of packets, makes sense. When transporting VoIP across the Internet, QoS markings will be ignored. In addition, there is no practical way of detecting in advance of call setup whether sufficient bandwidth is available along the entire call path. Even if one could determine that in advance, there is no way of ensuring that the desirable network conditions will persist for the duration of the call. And, if the fact that your throwing more packets at the problem, adversely affects other Internet traffic, who cares? One has little or no control of network conditions of random source and destination paths across the Internet. So it makes sense to use whatever means are at your disposal to ensure that your traffic gets through, and there is no point in employing mechanisms that won't make any difference.
But that logic does not fly in enterprise class telephony environments. First, while it is true that the RTAudio CODEC adjusts its bandwidth usage based on network conditions, it does not accomplish this instantaneously and therefore voice quality may be affected during the transition period since the algorithm starts with the assumption that there are no network issues. Secondly, while the CODEC can reduce its bandwidth usage, it does not reduce it to zero. When not using redundancy, the CODEC can reduce its consumption from 45Kb/s to 15Kb/s. Additionally, redundancy (sending multiple packet copies) may exacerbate a network congestion issue and potentially adversely affect competing enterprise traffic.
Additionally, what if WAN link is heavily congested? Should the system continue to process all requests across that link, even if the RTAudio CODEC is not able to compensate sufficiently to ensure adequate quality? With no CAC capability, this is exactly what OCS would do in that situation. Also, what if the business requirements dictate that a high fidelity CODEC is mandatory? The OCS approach would not be able to meet this requirement under congested network conditions. A properly engineered QoS solution with associated CAC however, could.
Conclusion
An IP Telephony solution, including OCS, when deployed in a typical large enterprise environment, cannot practically guarantee consistent voice quality without incorporating QoS and CAC mechanisms, end of story.
Notice, I did qualify the above statement with the word “practically”. It’s possible to engineer almost any technology deployment, no matter how deficient the technology may be, if one is free to ignore practical constraints such as business requirements, cost, manageability and scalability.
Rick McCharles
Unified Communications Practice Principal
RIC Services, Toronto, Ontario, Canada
Stumble It!
When it comes to service reliability, it's hard to beat Canadian residential phone service. When we pick up the phone receiver we know we will hear dialtone. Even during power outages, most of the time, the phone service works just fine, even if the outage lasts for days. Same can be said for voice quality. So when it comes to service quality and availability the bar is very high.
However, there has been very little in the way of service innovation. I do remember the transition from rotary dial to touch tone. That was an improvement in the user interface but it was done to benefit the telcos, not the consumers. And, if I remember correctly we had to pay more for the privilege. Years later I got rid of my answering machine. Having voicemail service in the cloud was certainly an improvement but once again, I had to fork out a few extra dollars for the service enhancement. Over the years, other features were introduced such as Caller ID, Call Waiting, Call Block, Call Return, and a few others. Each of them involved an additional subscription fee.
Over the course of the past 10 years, IP-based telephony services have enabled significant advances that have led to compelling new features and functionality. As a result business users, and subscribers to Internet Telephony Service Providers, now benefit from services such as Unified Messaging, Simultaneous Ring, Softphones, Visual Voicemail and many others. Meanwhile, meaningful innovation in residential phone services have been non-existent. Sure, Bell recently introduced a few new features such as voicemail to email, but once again, there is an additional subscription fee.
As a consumer, the only effective means available to express my dissatisfaction with the lack of innovation and value, is to discontinue my subscription. So today is the day. Reservations, about service reliability persist, but I am confident that my Internet Telephony Service will provide a much richer user experience at a significantly lower cost. And, with cell phone service as a backup, my service reliability concerns are satisfied.
Canadian telephone companies have already lost more that a million subscribers to their competitors. Without true innovation, the trend will continue.
Stumble It!
If you haven't already, I suggest that you read the following posts, which represent a perspective on the industry with some mild debate on the state of VoIP.
Telecosm - Ike Elliott, VoIP is Dead. Long Live VoIP
New Telephony - Kelly M. Teal, Worst of 2007: VoIP
Unified Communications - Ken Camp, A Brief Look at 2007 - The Good, the Bad and the Ugly
Conversationware - Matt Lamber, VoIP is plumbing
Digital Common Sense - Ken Camp, More on VoIP as Plumbing
FierceVoIP - VoIP crusader recants
Saunderslog.com - Alec Saunders, End of standalone IP telephony? Hogwash!
Jeff Pulver Blog - 2008: The Year VoIP is Disruptive (Again)
The postings and ensuing conversations are interesting and varied. Everything from VoIP is dead, to VoIP is just plumbing, to 2008 will be the best year yet for VoIP. Why should there be such a divergence of opinion among industry veterans? In my view, much of the debate and disagreement is related to what has become a pet peeve of mine, which is DEFINITION! We can't even begin to come close to a consensus on the subject unless we know precisely what it is we are discussing.
Many within the IP Communications business, would insist that the definitions for VoIP, IP Telephony and Unified Communications are well understood and clearly defined. However, I am convinced, that the general public, even technical savvy folks, are confused about the technology, its definitions, vendor strategies and how it all comes together to solve business problems. This is not just a matter of opinion. I've had many discussions with customers including those from medium size enterprise, government, large integrators and service providers, and all of them struggle to define the terms, and to understand the technology and its tangible benefits.
While endless debates on exact definitions are not productive, it's time we move past the marketing hype and techno babble and come to some agreement on some common definitions. Until then, how can we possibly hope to quantify market growth or business benefits?
The common use of the term Unified Communications to describe everything under the Sun is responsible for much of the confusion. For example, I've read many growth projections for Unified Communications but in my view, the numbers are meaningless without a precise definition. After all what's included in the projections? Is the integration of communications with business applications such as CRM and ERP included? What about video conferencing, audio conferencing, mobility, or good old IP Telephony?
What follows are the descriptions I use to describe VoIP, IP Telephony and Unified Communications, all of which I consider to be part of IP Communications.
VoIP
In the strictest definition, Voice over Internet Protocol, can be defined as the method by which analogue voice is digitized, transported from a source to a destination over an IP network, and converted back to analogue. Based on this definition, it is a mature and well-proven technology and can be considered a plumbing aspect of IP Telephony and Unified Communications. Other plumbing components could include the network infrastructure, QoS, ISDN circuits and other services responsible for the transport of voice. Based on this definition, VoIP is dead in terms of innovation or any new impact on the IP Communications industry. Therefore the term VoIP, should not even be part of a business conversation with an enterprise customer about the benefits of UC. It is merely an enabler and is irrelevant.
However, we all know that VoIP is used to describe much more than just voice transport. It has become the de facto definition for nearly all IP-based consumer voice services such as Vonage and Skype among many others. Based on this broader definition, VoIP is alive and well and in fact, we are still early in its evolution!
I prefer to use the term IP Telephony to describe voice services which utilize VoIP as the transport mechanisms. However, I always make a point of making a distinction between Consumer IP Telephony and Enterprise-Class IP Telephony. The former is based on best-effort delivery mechanisms while the latter is based on voice transport across a secure infrastructure with QoS enabled delivery.
IP Telephony
I replaced the term VoIP with IP Telephony in my vocabulary approximately 8 years ago when it became apparent to me, that IP-based voice, was not just about point-to-point links designed to provide enterprise with toll bypass services. IP Telephony describes all of the system components (hardware & software) that combine to produce business-class voice services.
The components may include:
- Call signaling and control
- Media services
- Media Gateways (for connection to the PSTN)
- Messaging
- Conferencing
- Advanced features (Like Find-Me / Follow-Me)
- Automatic Call Distribution
An IP Telephony system will typically use VoIP as its transport mechanism but will usually also, utilize traditional TDM or analogue circuits for voice transport.
Unified Communications
The ubiquitous use of this term and all of the associated hype is responsible for much of the current confusion and ambiguity related to IP-based Communications. I don't know the context under which the term "Unified Communications" was originally conceived, but it's virtually impossible to find a concise and precise definition of what it describes today. Part of the confusion stems from the fact that IP Telephony and IP-PBX systems were suddenly renamed to Unified Communication systems. In many instances, the change happened literally overnight even if there was no change whatsoever in functionality.
I recently wrote a post on the subject. While I wait for a better definition that I can share with my customers, I came up with:
Unified Communications is part of the continuing evolution of IP Communications technology which automates and unifies all forms of human and device communications in context and with a common experience.
I realize it is a somewhat simplistic definition, but I believe it does an adequate job of describing UC as a framework or system. VoIP, IP Telephony, Mobility, Communications Enabled Business Processes, Mashups, Contact Centres, Collaboration, Presence, Filtering are all components or attributes which may, or may not be, part of a Unified Communications system.
Conclusion
The industry as a whole will benefit if its influencers move away from the hype and technical jargon, towards consensus on definitions and quantifiable descriptions of the business benefits of IP Communications.
Rick McCharles
IP Communications Consultant
RIC Services
Stumble It!
As we transition into the New
Year, it is interesting to read about all of the predictions related to
technology. As a consultant in the communications industry, it is vital that I
recognize the trends and events that will shape the industry and potentially affect my customers. Here are a few
of my thoughts on what we can expect in IP Communications during 2008.
TelePresence / Video
Conferencing
Expect to see a decrease in
the capital expense required to implement TelePresence systems. Operational
expenses will however, remain a significant factor in the TelePresence business
justification. For many organizations, the high cost of the high-bandwidth and
the predictable / low-delay characteristics of the network circuits required to
support TelePresence will continue to negate the business justification. A
service provider, focused on providing the appropriate network connectivity with
a pay-per-use / on-demand business model, could accelerate the adoption of TelePresence
in some smaller enterprise but I don't expect to see that in 2008.
Net Neutrality
Expect to see more
controversy related to Net Neutrality as service providers continue to test the
waters with respect to public opinion and the scrutiny of regulators. My
expectation is that Canadian providers are more likely to experiment with
various control mechanisms than their
Margin pressures, increased
competition and accelerating bandwidth demands by competing applications and services
will motivate providers to find ways of tipping the scales in their favour. It
will be interesting to see how it all plays out. Public opinion and potential
apathy are likely to be the most significant influencer's.
I expect many changes in the
mobility market in 2008. Canadian mobility rates have had a reputation for
being among the highest in the world and in the last several years, mobility
has been very profitable for Canadian service providers. The downward trend in
both service pricing and associated profits will accelerate in 2008. Contributors
to the trend include:
- Innovative and new devices
like the iPhone
- New spectrum allocation and
associated competitors both in the
- The trend towards openness
will result in the Incumbents' infrastructure being leveraged by competing
applications and services with no associated increased revenue
- Increased competition among
existing providers as they compete for a larger piece of the shrinking revenue
pie
- New competitors unencumbered
by existing technology and supporting systems or the need to defend existing
revenue models
Hosted Voice Services
- A general trend by
enterprise towards acceptance of outsourced and hosted services.
- General market acceptance
that IP Telephony is ready for prime time and that the transition from TDM to
IP-based communications in inevitable.
- Service providers will
consider the errors of previous service launches. Expect services that are
targeted at very specific verticals and horizontals.
- Service offerings, where
voice is simply one component of a rich service that will include
other services such as a-la-carte on-demand software products.
- Services that hold
the promise of reducing the complexity of Unified Communication services, and include integration services.
- Increased focused by Cisco
and Microsoft on the hosted space.
IP Trunking
By the end of 2008, everyone
in the industry will acknowledge the unstoppable trend towards IP Trunking and
away from analogue and ISDN circuits. As I mentioned in one of my previous
posts, there are huge advantages to IP Trunks relative to PRI. Expect new IP
Trunking services with aggressive marketing and national service delivery
capabilities.
Residential Voice Services
The Canadian Incumbents will
see continued erosion of their share of residential voice services. Led
primarily by the cable companies and to some extent other providers such as
Vonage, the impact to Bell and Telus' revenue streams is significant with the
loss of over 1,000,000 subscribers and growing. I doubt that anything will
emerge in 2008 to slow or reverse this trend. In my view, the Incumbents have
been slow in acknowledging the threat and have been conflicted in
how to address it effectively.
Vonage will likely
experience a significant reorganization, buyout or will simply go out of
business. I'm convinced that the standalone, best-effort voice delivery
business model is not sustainable. Couple that with the seemingly never-ending
lawsuits brought on mostly by their large competitors, and something has to
give! Vonage can probably be transformed by enhancing the existing voice
service with other innovative and complementary services. However, as it is, it
cannot survive.
Unified Communications
Expect continued hype and an intensification and a more public battle between Cisco and Microsoft. Business awareness of the benefits and strategic importance of UC will grow and we are likely to see some large organizations invest significantly.
In addition, we will see related acquisitions
and investments by service providers and system integrators as they ramp up
their capabilities to address the increased complexity of communication
services as they strive to move up the value chain. Credible and quantifiable
benefits necessary for a compelling business justification of the
required investment for UC will continue to be a challenge.
Commoditization
and reduced margins will continue to challenge the operations of IP Telephony
product resellers and implementers. Those who don't make the complex transition
up the value chain and acquire the skills necessary to assist their customers with integrating UC into
their operations, business processes and applications will be relegated to the
very thin margins of the UC plumbing.
Rick McCharles
IP Communications and Telecom Consultant
Toronto, Ontario, Canada
Stumble It!
Sensational title isn't it?
Pardon the sarcasm, but once again we are being bombarded with sensationalist blog and news headlines about the vulnerability of VoIP. The headlines would have you believe that recording any VoIP call is as simple as installing a utility on your PC. Sorry but, in a secure environment that's just nonsense.
I deem the stories to be counter productive and I question the motives. It's great to raise security awareness, but how about some perspective and some helpful advice? What I don't see in these blog posts and news articles, is any description of the environment or circumstance under which these attacks are possible. Nor do I see any advice on whether protection mechanisms are available.
Several months ago, I bought and read the book Hacking Exposed VoIP since so many security presentations and articles used this book as a reference. It was interesting, and I would recommend it for those who would like to understand VoIP and SIP vulnerabilities. However, what I discovered was that nearly all of the hacks / vulnerabilities described in the book were dependent on the fact that common security best practices had not been implemented or had been compromised.
The latest flurry is related to a monitoring utility named SipTap by Peter Cox at VoIPCode.org.
While it's true that VoIP is vulnerable to a wide variety of attacks, it is also true that nearly all (including this latest one) can be mitigated by sound security practices.
I won't go into a detailed tutorial but I will provide a quick list and some references for you to pursue:
- Secure the IP Phones preventing users from viewing or changing configuration parameters
- Encryption: Signaling, Audio Path and Administrative
- Use Certificates to authenticate humans and components that use the system
- Disable root access for telephony administrators
- Deploy AAA systems and procedures (Authentication, Authorization and Accounting)
- Carefully choose who is allowed to transfer calls to an external destination
- Deploy and maintain virus protection
- Disable all unnecessary services on phones and related systems
- Expire passwords
- Disable passwords following a number of failed attempts
- Impose content and length restrictions to passwords
- Impose rate-limiting mechanisms to thwart DoS attackes
- Deploy security monitoring and alarming systems
- Phones and devices should reject unsigned or tampered firmware
- Reject 802.1q traffic destined to, or from the PC switch port of the phone
- Segment voice and data traffic on separate VLANs (PC phones violate this best practice)
- Install properly configured firewalls (duh!)
- Secure all network devices (physically and logically)
- Phones should ignore gratuitous ARPs
- Perform DHCP inspection
- Implement VPNs for remote access
Enhanced Security for Unified Communications (Cisco)
Enterprise VoIP Security Best Practices (Juniper)
VoIP Security for Dummies (Avaya)
I don't deny for a second that SIP and VoIP have vulnerabilities and that they must be addressed. But, there's no going back to TDM. IP communications is here to stay and the vast majority of risks can be adequately mitigated. Many of the security precautions should already be in place if your network and IT environment is secure.
Rick McCharles
VoIP / IP Telephony Consultant, Toronto
RIC Services
Stumble It!
Long Distance, Audio Conferencing and Hosted IP Telephony
service providers have been taking advantage of the lower cost and scalability
of IP Trunking for years. Many of the current IP Trunking circuits are based on
the H.323 protocol. Nearly all new deployments however, employ SIP as the signalling
protocol.
While not yet widely adopted, IP Trunking for enterprise PSTN
connectivity offers significant advantages to enterprise relative to the common
PRI model. I am convinced, that there will be very few, if any, new PRI circuit
deployments in Canadian urban locations, within five years.
If you are about to migrate to IP Telephony you should
seriously consider, replacing your PRI and in some cases BRI or analogue trunks
with IP Trunks.
The
following table contrasts PRI vs. IP Trunks and highlights just some of the
compelling advantages enabled by IP Trunking.
|
PRI |
IP Trunks |
|
Physical connections: Each circuit requires physical connection and costly termination hardware. |
Connections are virtual: Number of available trunks is a function of available bandwidth,
not physical termination hardware or circuits. |
|
Scaling up requires the installation of new circuits and additional termination hardware. |
Scales up or down easily and quickly (a software configuration change) and can offer automatic and on-demand burst capabilities |
|
Providing sufficient backup circuits to remote sites in an IPT-distributed architecture can negatively impact the ROI. |
Automatic IP re-routing capabilities allow practical geographic distribution of PSTN connectivity to sites with limited or no network redundancy |
|
Cost is usually per circuit per month |
A variety of pricing models (i.e. usage based) are likely to emerge, including on-demand capacity. Relative to PRI circuits and the associated supporting hardware, IP Trunking costs are likely to be significantly lower. |
|
Capacity planning & engineering is critical: Additional capacity must be planned well in advance since considerable lead time may be required for the ordering and installation of new circuits and termination hardware |
While capacity planning is still important, adding additional capacity can be as simple as a software change. Additionally, providers are likely to offer burst capabilities. |
|
Only way to accommodate loss of hardware or facility where PRI’s terminate is to build-in excess capacity with associated cost impact. |
Can be designed to retain PSTN reachability and capacity in the event of the loss of terminating hardware (or even an entire office location) without the need to build in excess capacity |
|
Including dispersed locations in most current IP Telephony deployments requires the addition of network redundancy or significant local PSTN connectivity (analogue or ISDN trunks) to ensure that individual locations can function autonomously in the event of a failure. These factors can add substantial Opex and Capex. |
Dispersed locations can be connected to the PSTN via an IP connection. Should a network failure occur incoming calls can be automatically rerouted to the isolated location. |
|
Diversity across service providers is usually cost prohibitive. |
Can accommodate diversity across service providers much like is done today with Internet access via BGP. |
Telecom Consultant, Toronto
RIC Services
Stumble It!
