Enterprise Session Border Controller (E-SBC) Solutions

1. Enterprise Session Border Controller (E-SBC) Solutions June, 2010 EDGE Voice at the Enterprise

2. Overview • Different Enterprise Solutions have different Network Architectures • And therefore face different sets of Challenges – one of which is Session Border Control • Follows is an exploration of these Challenges for three common Enterprise Solutions • SIP Trunking • Hosted IP Centrex • Contact Centers SP WAN VoIP Service Provider Enterprise LAN Application Sever /IP PBX

3. SIP Trunking Solution • Solution Characteristics: • SIP Proxy in the Service Provider WAN • IP/TDM PBX in the Enterprise LAN • Solution Challenges: • Internet border security • VoIP interoperability • Isolation on WAN failure • PSTN requirements • Voice Quality Assurance VoIP Service Provider SP WAN PSTN Internet VoIP Service Provider V P N Bad Stuff IP PBX Enterprise LAN PRI Trunks Legacy TDM PBX Local End Office

4. Hosted IP Centrex Solution • Solution Characteristics: • SIP Proxy in the Service Provider WAN • User Agents in the Enterprise LAN • Solution Challenges: • Internet border security • VoIP interoperability • Isolation on WAN failure • PSTN requirements • Voice Quality Assurance Hosted IP Centrex SP WAN PSTN Internet V P N Bad Stuff Enterprise LAN PRI Legacy TDM PBX Local End Office

5. Call Center Solution • Solution Characteristics: • User Agents in the WAN • SIP Proxy in the LAN • Automated Calling • Solution Challenges: • Internet border security • Outbound Calling • Remote Agents behind NATs • Incoming traffic from PSTN • Voice Quality Assurance Remote User Agents Remote LAN PSTN Internet NAT Remote User Agents V P N Bad Stuff SRTP/TLS Local User Agents SIP Application Server Enterprise LAN PRI Media Gateway

6. Security • Security Challenge • Internet provides connectivity for both wanted and unwanted traffic • Service Providers use Session Border Controllers for protection • Service Provider SBC protects the Service Provider network, not the Enterprise • Enterprises need protection too! • AudioCodes Enterprise SBC • Call Admission Control • Encryption and Authentication • Topology Hiding, User Privacy • Traffic Separation SIP Hosted Centrex SP WAN Internet Service Provide SBC V P N Bad Stuff Enterprise SBC Enterprise LAN • Applicable to: • All solutions

7. The Demarcation Point Data Server • Demarc Defined • Where the untrusted WAN connects to the trusted LANs – inherently a Router function • Both Voice and Data (email, web, file server) traffic pass through it • Integrated Voice/Data Demarc • Distinct ALG functions required for Voice and Data traffic • Mediant 800/1000 MSBG provide integrated Router – single appliance attractive to smaller Enterprises • Decomposed Router • Larger Enterprises or ones with heavier/more complex Data traffic will want a dedicated Router with specialized DATA ALGs • Router directs all Voice traffic to the SBC for screening and mediation SP WAN SIP Hosted Centrex Service Provide SBC V O I C E D A T A Data Servers Private Subnet Public Subnet Enterprise LAN Voice Devices

8. Interoperability • Interoperability Challenge • SIP variances between vendors • Media Transcoding • Gain Equalization • DTMF, Fax, IPv4/IPv6 • AudioCodes Enterprise SBC • Configurable SIP Behavior compatible in both directions • Mature and broadly deployed SIP stack • Industry leading Codec coverage and Transcoding densities VoIP Service Provider SIP Hosted Centrex SP WAN e.g. G.729,SecureRTP e.g. SIP/TLS SIP SIP RTP RTP e.g. G.711, RTP e.g. SIP/UDP IP-PBX SIP User Agents • Applicable to: • SIP Trunking • Hosted IP Centrex Enterprise LAN

9. Voice Quality Assurance • Prioritization • TOS & Diffserv markings for real time voice packets • MSBG router prioritizes VoIP over other traffic • Call Admission Control enforces SLA limits • Measurement • Voice Quality Monitoring by Packet Island • Assessment tools for pre-installation evaluation • Monitor call quality from each connected domain • Extensive debug capabilities for root cause analysis • Impairment Mitigation • Dynamic Jitter Buffer • Packet Loss Concealment, RTP redundancy • Voice Activity Detection, Silence Suppression, Comfort Noise Generation • Hybrid Echo Cancellation (G.168-2002, 128ms tail) • Acoustic Echo Cancelation (PoI) • Supported by deep in-house DSP expertise

10. WAN Isolation VoIP Service Provider SIP Hosted Centrex • WAN Isolation Challenge • WAN connection less reliable than PSTN, often simplex • Results in isolation (SIP Trunking), • or complete voice failure (IP Centrex) • AudioCodes Enterprise SBC • PSTN Fallback • Flexible Routing Control Rules • Stand Alone Survivability Internet SP WAN PSTN SIP User Agents • Applicable to: • SIP Trunking • Hosted IP Centrex IP-PBX Enterprise LAN

11. PSTN Connectivity Emergency 911 Center SIP Service Provider • PSTN Challenges • WAN Isolation (covered) • TDM to VoIP Evolution • Legacy PBXs • Local End Office • Emergency 911 • AudioCodes Enterprise SBC • PSTN Fallback on WAN failure (covered) • Install for today’s TDM traffic, migrate to VoIP as traffic does • SIP Trunking w/out replacing TDM PBX • PSTN connection to local end office • Emergency 911 Internet SP WAN Local End Office Evolution TDM PBX IP PBX PSTN PSTN Enterprise LANs SIP App Server PRI Media Gateway • Applicable to: • All solutions Not available in competitors SBC Solutions Customers

12. Remote Agents • Remote workers with: • Connections to a Server in the Enterprise LAN • Service provided by the Enterprise IP PBX • Remote Agent Challenge • IP Addresses in SIP SDP blocks are visible only on the local LAN • Firewall blocks incoming SIP sessions • Need to secure calls crossing public internet • AudioCodes Enterprise SBC • Pinhole mtce – SBC pings User Agent to maintain “pinhole” created by User Agent’s registration (which provides NAT’s IP Address) • 1st Packet Dectection – Discover session RTP port from 1st packet arriving at SBC. • TLS and Secure RTP provide for authentication and encryption of the call. • Applicable to: • Contact Centers • SIP Trunking 192.168.10.1 Local to LAN SP WAN 29.54.23.02 Public Addr Enterprise LAN Enterprise LAN Private LAN App Svr / IP PBX Initial Registration Periodic Pings

13. Outbound Calling • Outbound Calling Challenge • Requires detection of • Voice Activity • Call Progress Tones • Answering Machines • Application only transfers calls reaching people to Call Center Agents • AudioCodes Enterprise SBC • Deep In-house DSP expertise provides configurable detection capability • Provides SIP Notification to the Application • Eliminates/offloads media server • Applicable to: • Contact Centers WAN/PSTN No Circuit Call Center Agent App Svr Enterprise LAN

14. AudioCodes E-SBC Line Mediant 3000 E-SBC Mediant 800 E-SBC Mediant 1000 E-SBC SBC SBC SBC

15. TheMulti-Service Business Gateway PBX Integration is needed • Collection of Devices • High CAPEX • High OPEX • Multiple Vendors to deal with • Cumbersome IT staff training • Separate Management methodologies • No distinct demarcation point Corporate LAN Corporate LAN E-SBC Access Firewall Router VoIP Gateway 3rd Party IP-PBX on OSN IP PBX MSBG WAN WAN

16. The AudioCodes MSBG – Featuring: AudioCodes’ best of breed VoIP Media Gateway technology The Mediant platform’s Enterprise Session Border Controller (E-SBC) technology Full-featured Enterprise-Class LAN Data Switching, Routing, Advanced QoS, Firewall and WANaccess Embedded integration of 3rd party IP-PBX hosted applications Enhanced Media Processing functionality AudioCodes MSBG Router/ Switch FireWall Network & User Access Media Processing IP-PBX VoIP SBC

17. Summary • Critical LAN Protection • Firewall and Device Security • Rich Set of Routing Options • Complete Voice Solution • Media and Signaling • HD Voice & Superior DSP Densities • VoIP and PSTN • Evergreen transition from TDM to IP • Connect TDM PBX to SIP Trunking today • Migrate to SIP Infrastructure tomorrow