Acme Packet Presentation Materials for VUC June 18th 2010


Published on

Acme Packet Presentation Materials for VUC June 18th 2010

Published in: Technology, Business
  • Be the first to comment

  • Be the first to like this

No Downloads
Total views
On SlideShare
From Embeds
Number of Embeds
Embeds 0
No embeds

No notes for slide

Acme Packet Presentation Materials for VUC June 18th 2010

  1. 1. Voip and Telephony User Conference Solution Brief June 18, 2010
  2. 2. Acme Packet enterprise SBC solutions controls four IP network borders 1. SIP trunking border 4. Hosted services border VoIP & UC security IP Contact center, subscribers audio/video conferencing, PSTN IP Centrex, etc. SIP trunking SIP & H.323 interoperability Service providers Data center disaster recovery Data Remote site survivability centers IP PBX UC Contact center virtualization Remote site & worker connectivity via the Internet Private network Internet Regulatory compliance H.323 SIP SIP – recording & privacy Regional Remote HQ/ Nomadic/ Tele- Remote site site campus mobile user worker site 2. Private network border 3. Internet border Proprietary and Confidential 2
  3. 3. Acme Packet market-leading Net-Net product family Session border Multiservice Session routing controller security gateway proxy Security Revenue & cost optimization Net-Net OS SLA assurance Regulatory compliance Multi-protocol Service reach High availability maximization Net-Net 4250 & Net-Net 4500 & Net-Net 9200 Net-Net ATCA Net-Net Net-Net 2600 Net-Net 3800 OS-E (software-only) Net-Net EMS & SAS Proprietary and Confidential 3
  4. 4. Net-Net platform capacity comparison Net-Net 45001 & Net-Net 92001 ATCA blade1 Net-Net 26001 & Net-Net OS-E2 Net-Net 38001 Net-Net 42501 Licensed session NN2600: 150 – 4K 150 – 4K 250 – 32K 500 – 32K 4K – 128K capacity range NNOS-E: 25 - 500 System 5 Gbps or 5 Gbps 5 Gbps 5 Gbps 5 Gbps Throughput 10 Gbps Network interfaces (8) 1 Gbps or (6) 1 Gbps (4) 1 Gbps (2) 1 Gbps (4) 1 Gbps (# active) (2) 10 Gbps IPsec tunnel n/a 5K 120K 200K 400K capacity Transcoding session 400 Not available Not available Not available 0 – 16,000 capacity Local route table 1M 1M 1M 2M 1M or 2M capacity (# of routes) Note 1: Capacity can vary by signaling protocol, call flow, codec, configuration, feature usage and SPU and NPU options Note 2: Capacity of third-party platforms running Net-Net OS-E may vary depending on the server capabilities; standard NNOS-E licensing is limited to 500 sessions Proprietary and Confidential 4
  5. 5. Acme Packet Net-SAFE security framework SBC DoS/DDoS protection – Protect against SBC DoS/DDoS attacks & overloads Access control – Dynamic, session-aware access contro Topology hiding & privacy – Complete service infrastructure hiding user privacy support – Support for L2 and L3 VPN services, SBC DoS traffic separation and security protection Viruses, malware & SPIT mitigation – Deep packet inspection enables Fraud Access prevention control protection against malicious or annoying attachments / traffic Infrastructure DoS/DDoS prevention Service infrastructure Topology hiding – Prevent DoS/DDoS attack infiltration DoS to service infrastructure & subscribers prevention & privacy Fraud prevention Viruses malware – Prevent misuse & fraud & SPIT – Protect against service theft mitigation Monitoring and reporting – Record attacks & attackers – Provide audit trails Proprietary and Confidential 5
  6. 6. How an enterprise SBC helps with SIP trunk security Although many service provider SIP trunks are delivered over private IP networks instead of public IP WANs, security issues can still arise Most enterprise security officers will apply the “Defense in Depth” model to the SIP trunk IP flow – Just as they do for other IP flows like email and web applications The enterprise SBC acts as the Application Layer Gateway (ALG) for all SIP signaling and media traffic – similar to ALGs used for other enterprise IT applications today – Features include dynamic port control, full SIP firewall, and DDOS protection Service Providers use SBCs to protect their network – shouldn’t enterprises do the same ? Enterprise Infrastructure Web Traffic Security Proxy Service Provider SIP Trunking Infrastructure SIP Traffic Security MPLS VPN PSTN Proxy Email Traffic Security Proxy “Defense In Depth” Security Model Proprietary and Confidential 6
  7. 7. SBC DoS/DDoS protection Dynamic trust management – Success based trust model protects Hosted services/ resources Other IP IP contact center ASP subscribers – Adjust resources based on real-time PSTN events Service Proactive threat mitigation providers – Drop malformed sessions – Block known malicious traffic sources Headquarters – Identify automated calling and reject UC CC IPT based on defined policies MPLS VPN Internet H.323 SIP SIP Spammers RO BO Zombie PCs SOHO Mobile Nomadic user user Proprietary and Confidential 7
  8. 8. SBCs eliminate communications barriers Session control – Unify dial plans - DNS, ENUM, Hosted services/ LDAP, Local Route Tables (LRT) Other IP subscribers IP contact center ASP PSTN – Route sessions – policies based on ToD/DoW, cost, media, etc. Service providers NAT traversal (adaptive, STUN) – Cross NAT/FW borders – Define trusted users/devices Headquarters – Contain unidentified/untrusted UC CC IPT users/devices Protocol interworking/correction – Interwork signaling, transport & encryption protocols MPLS VPN Internet – Correct protocol variations – H.323 SIP SIP malformed/non-compliant RO headers BO – Transcode between codecs Regional Branch SOHO Mobile Nomadic office office user user – Adapt IMS for enterprise Proprietary and Confidential 8
  9. 9. How SBC helps with SIP trunking interoperability PBXs are not always able to connect directly to carrier SIP trunks due to differences in SIP implementations or when H.323 is the only available IP interface Acme Packet solves this problem by providing: – Complete SIP header manipulation rule (HMR) capabilities to interwork different SIP dialects between PBX and carrier SIP trunking elements – Full H.323 – SIP interworking – Media transcoding & DTMF format (INFO / 2833) interworking – Signaling transport (UDP / TCP / TLS) and media encryption (RTP/SRTP) interworking These capabilities enable virtually any SIP or H.323 capable PBX or UC platform to talk to any carrier SIP trunk service – Proven interoperability with all of the major PBX and UC vendors & SIP trunk carriers Enterprise Telephony Infrastructure Service Provider SIP Trunking Infrastructure SIP MPLS VPN PSTN or H.323 OCS 2007 Proprietary and Confidential 9
  10. 10. How an enterprise SBC helps with SIP trunk troubleshooting A challenge for many enterprise telephony managers is to how to apply traditional TDM troubleshooting methods to SIP trunks The enterprise SBC helps by providing an embedded probe that allows you to monitor all SIP & H.323 signaling and media traffic – Provides full signaling traces, ladder diagrams, and media statistics – Information is automatically collected and can be retrieved via EMS and can be sorted based on calling or called party number, SIP call ID, time-of-call, etc. – An embedded call recording utility is also provided – EMS allows partitioned access to control who can view what information Call Diagram = Ladder Diagram & Detailed Message Trace Statistics = Media Quality Stats with MOS, packet loss, etc. Play = Bi-directional Media Recording Capability (on-platform Session Replication for Recording (SRR)) Proprietary and Confidential 10