Presentation is loading. Please wait.

Presentation is loading. Please wait.

Enabling SIP to the Enterprise

Published byBartholomew Woods Modified over 6 years ago

Similar presentations

Presentation on theme: "Enabling SIP to the Enterprise"— Presentation transcript:

1 Enabling SIP to the Enterprise
Ingate Systems is the leading provider of Enterprise Session Border Controllers enabling SIP and SIP Trunking with over 5000 customers worldwide. Ingate’s products are the first SIP security devices to be certified by the ICSA and Ingate maintains interoperability with the Avaya Communications Manager and the Aura Session Manager. Ingate is a Swedish company established in 2001 with headquarters in Stockholm, Sweden. It’s US presence is Ingate Systems Inc. which is located in Hollis, NH. Ingate’s Director of Product Support is located in Ottawa, Canada and the company maintains a Help Desk in Greenville, South Carolina. This presentation is designed to help you better understand the reasons for installing an Enterprise Session Border Controller under various SIP Trunking scenarios. Steven Johnson, Ingate Systems

2 Steps to SIP Trunking Basic Requirements: Beyond SIP Trunking:
NAT/Firewall traversal Interoperability between IP-PBX and Service Provider Quality of Service (QoS) Security Beyond SIP Trunking: Connecting remote users to the PBX Secure interoffice connection WiFi mobile phone communication Multimedia communication In order to bring SIP to an enterprise, certain key considerations need to be addressed. The first among these is getting through a firewall and into the NATted space. This issue alone will frustrate the introduction of SIP and result in one way communications. The second item that needs to be considered is the interoperability between the IP-PBX and the service provider network. While SIP is a standard, it offers various methods to accomplish the same task. And vendors and service providers have not yet agreed on a common way to do things. You also need to be sure that voice receives priority over other data to ensure quality. And, you need to be confident that the security and control you enforced on your network before SIP was introduced, remains after SIP Trunking is installed. Once these issues are resolved, then the uses of SIP can expand well beyond SIP Trunking to include what many today call Unified Communications. This means not only the use of new communication tools and techniques, but also using different types of devices to communicate, including PCs and mobile devices. In this presentation we will explore how these considerations can be resolved.

3 Benefits of SIP Communications
Monthly cost savings Single network for all communications Lower cost of Moves, Adds and Changes Disaster Recovery / Business Continuity User provisioning First step in achieving Unified Communications Voice, Video, IM, Presence, etc. Remote workers WiFi mobile phone communication Why go to all of this trouble to replace traditional telephony that has, after all, served us well for 100 years? Several reasons, but at the top of the list is lower cost; and in today’s environment this one is certainly interesting. Lower cost is achieved by several means, but a couple of the most important ones are buying capacity only for your needs, and being able to adjust the capacity to seasonal factors with a single phone cal, and the ability to place all data and voice communications on one network, A third cost savings comes by consolidating all phone infrastructure in one location from which all branches can be served. There are many other benefits of SIP Trunking of course including lower cost and trouble of moving phones or adding new lines. SIP Trunking also aids in disaster recovery plans because since it is a “virtual” service, if a building is destroyed the SIP trunks can be rerouted to a new location in a matter of minutes, without truck rolls. And finally, adopting SIP Trunking today sets you up with the infrastructure you need to move to Unified Communications and all that may entail in the future.

4 Two Ways to Connect to a SIP Trunk
Over a Managed Line Over the Public Internet PSTN Public Internet SIP Trunking Provider Network GW SIP System Data & VoIP LAN IP- PBX SIP Trunk over Internet Firewall PSTN SIP Trunking Provider Network GW Public Internet SIP System Managed SIP Trunk Firewall There are two ways to connect to a service provider, both of which are reliable and safe. Many service providers, especially larger ones, offer connections over “managed lines”. The benefit of course is that the service provider can control the Quality of Service delivered over that connection and will offer Service Level Agreements (SLAs) to their customers. The downside of this approach is that it is more expensive and may not allow the end user the freedom to converge all networks into one. This solution may also leave the end customer vulnerable to security risks. The second method is receiving the SIP Trunks over the Public Internet.This is usually a less expensive option and usually results in a truly converged internal network where all of the voice and data services reside on the same LAN. Of course, with this model the customer has to solve the NAT traversal issue to get through the firewall and all of the security risks that are of concern for any connection to the Internet are equally if not more important to a VoIP installation, because the IP-PBX could be exposed to attack. Since communications is highly important, perhaps critical for most businesses, there should be no tolerance for exposing the IP-PBX to the Internet without protecting it with an Enterprise Session Border Controller. IP- PBX Data & VoIP LAN

5 SIP Trunking Provider Network
Managed SIP Trunk Connected to Separate Enterprise VoIP LAN in Operator’s Space SIP Trunking Provider Network Public Internet GW PSTN SIP System No Remote Users! Operator: Security Warning! Managed SIP Trunk Firewall Enterprise: Security Warning! IP-PBX Let’s explore some of the typical scenarios and the reasons for installing an Enterprise Session Border Controller, like the Ingate SIParator. This first diagram is typical of many service providers who create a separate connection to the enterprise. These connections bypass the firewall and go straight into the Voice LAN or possible connect directly to the IP-PBX. This scenario should raise red flags for the customer who is now exposing the IP-PBX to the carrier network, with whatever consequent security risks that may entail. Note too that the carrier is actually exposed to any malice that may be perpetrated by one of their customers since they don’t have any protection at their end either. This implementation prevents the type of Converged communications that we hear so much about because the PCs, wireless phones and other devices do not exist on the same LAN and cannot access the voice services even though they are capable of that. Finally, if the company has remote or mobile workers, in this scenario there is no mechanism which will allow those people to have access to the IP-PBX and the services it offers, including SIP Trunking. Data LAN VoIP LAN ?? No Soft or Multimedia Clients!

6 SIP Trunking Provider Network
Managed SIP Trunking with SBC Adapting SIP to NAT:ed Space of the Enterprise LAN SIP Trunking Provider Network Public Internet GW PSTN SIP System No Remote Users! Enterprise: Can we trust having our LAN pulled to the operator? Other customers Managed SIP Trunk Firewall IP-PBX This next scenario is similar to the last, but with one significant change: the service provider has now installed a Session Border Controller at his edge which has security functionality built in. But, the service provider is now providing a Private IP Address from its network to the customer. This means that the customer must “trust” the service provider and any of its customers who have access to his network, to make sure there are no ways for anyone to launch a malicious attack on the IP-PBX of one of its customers. In this case the service provider is pulling the whole enterprise LAN into it’s own NATted space, allowing for a converged voice and data LAN, but assuming control from the owner of the network – the enterprise. VoIP& Data LAN

7 SIP Trunking Provider Network
Ingate Firewall® Creating a Common Data and VoIP LAN for Managed SIP Trunking Service SIP Trunking Provider Network Public Internet GW PSTN SIP System Remote Users Managed SIP Trunk Ingate Firewall® IP-PBX Demarcation point and SIP communication via both WAN pipes. By placing an Ingate Firewall at the edge of the customer network, these issues are resolved in a clean and robust manner. Security is improved as the customer regains control; the two LANs can be converged allowing all clients to access the IP-PBX and the SIP Trunks and finally any remote workers can enjoy the same services as those who are resident at the main site. The Ingate Firewall serves as both the data firewall as well as being the Enterprise Session Border Controller. This permits the firm to have a single device to manage for all services and provides the ultimate protection for everything that arrives at the customer site. Having an Enterprise Session Border Controller at he edge of the customer network is also useful for diagnostics, allowing the customer or the service provider to capture call quality statistics, perform traces and take logs to help isolate any problems that might occur. Therefore the benefit goes to both the carrier and the end user who may each have access to this infomration. Data & VoIP LAN Soft Clients and Multimedia Terminals

8 SIP Trunking Provider Network
Ingate SIParator® Used with Existing Firewall for Managed SIP Trunking Service SIP Trunking Provider Network Public Internet GW PSTN SIP System Remote Users Managed SIP Trunk Ingate SIParator® IP-PBX Firewall Demarcation point and SIP communication via both WAN pipes. Although the Ingate Firewall is an ICSA certified device and is highly regarded by those who choose it as their only firewall defense, many companies have a firewall installed and are not willing to replace it. For those situations Ingate created the SIParator. The SIParator is a true Enterprise Session Border Controller whose function is to resolve NAT Traversal issues, normalize SIP traffic, inspect SIP signaling, route the signaling and media and support other SIP services and features. Like the Ingate Firewall scenario, with the Ingate SIParator in place, it takes over control of the SIP traffic to ensure that the networks are converged, multimedia clients can access the SIP IP-PBX and the remote workers are supported. We show the SIParator being connected to the DMZ of the existing firewall in this diagram. In fact the SIParator can be installed in other ways also, making it a very flexible tool for enabling SIP into the enterprise. Data & VoIP LAN Soft Clients and Multimedia Terminals

9 Ingate Firewall® Creating a Common Data and VoIP LAN for SIP-Trunking over the Internet
SIP Trunking Provider Public Internet PSTN GW SIP System Remote Users Data & VoIP LAN with QoS SIP Trunk over Internet Ingate Firewall® Firewall Demarcation point and bringing SIP communication to the LAN Many service providers or ITSPs offer SIP Trunking over the Public Internet. Since no company would put its critical business process servers on a public IP address, so too the IP-PBX needs to be protected from the open Internet and the possibility of either theft of service or malicious damage to this mission critical system. The Ingate Firewall is one way to accomplish all of this. As in the prior example, the Ingate Firewall becomes the all-in-one device to protect the data and voice network. As a single device it optimizes the management of the edge devices and provides a most efficient integration of SIP into the LAN. With the Ingate Firewall, the SIP signaling is deeply inspected and the media ports remain closed until a valid SIP INVITE is received and Acknowledged. So the company maintains control of their network while permitting the introduction of SIP. IP PBX Data LAN Soft Clients and Multimedia Terminals

10 Ingate SIParator® Used with Existing Firewall for SIP Trunking Service over Internet
SIP Trunking Provider Public Internet PSTN GW SIP System Remote Users Data & VoIP LAN SIP Trunk over Internet Ingate SIParator® Firewall Demarcation point and bringing SIP communication to the LAN But, most companies have a firewall installed that is working just fine and in which they have invested significant time and money. So they are unwilling to replace it with an Ingate SIP aware Firewall. For that set of companies we have the Ingate SIParator. Again, the SIParator is an Enterprise Session Border Controller that works with the existing firewall to enable SIP by resolving NAT traversal issues, normalizing the SIP traffic, establishing rules around SIP access and offering enhanced services for security, routing and control. With the Ingate SIParator in place, enterprises of all sizes can feel confident that their network will remain secure but that SIP, SIP Trunking and all of the benefits of that protocol and service can be enjoyed by all of its employees. IP PBX Data LAN Soft Clients and Multimedia Terminals

11 The Ingate Family 2000 Calls* 650 Calls* 300 Calls* 150 Calls*
Firewall® 2950 & SIParator® 95 Possible to SW upgrade 650 Calls* 385 Mbit/s Packets/s Firewall® 1650 & SIParator® 65 2000 Calls* 4 500 Mbit/s Packets/s Firewall® 1550 & SIParator®55 Firewall® 1500 & SIParator®50 300 Calls* 380 Mbit/s 75000 Packets/s Firewall® 1190 & SIParator® 19 The Ingate Firewall and Ingate SIParator are available on 5 hardware platforms, each with a different supported maximum number of simultaneous calls. Despite the differences in hardware, each device is running the same firmware application which is accessed using the same Graphical User Interface (GUI). Pricing is based on the hardware type as well as the functional and capacity licenses that are applied. The next page shows the per session price of the products at various price points. 150 Calls* 330 Mbit/s 28500 Packets/s 50 Calls* 50 Mbit/s 4500 Packets/s *) Calls = Concurrent RTP Sessions = SIP Trunks

12 Indicative List Prices for Fully Configured Products
The price per session of the Ingate devices when fully configured for SIP Trunking falls quickly below $100 per session, at List Price, once a 100 call threshold is achieved. However, no other vendor offers the breadth of features on an SBC as small as is available from Ingate. This makes our SIParator 19, for example, an ideal ESBC for a small business or for a larger organization which is putting up a small pilot project.

13 Confirmed Interoperability
IP-PBXs 3Com Aastra Digium / Asterisk Avaya Cisco Call Manager Ericsson MX-One Fonality Innovaphone Interactive Intelligence Iwatsu Microsoft Mitel NEC / Sphere Nortel Objectworld SER Shoretel Siemens SIP-Gear Swyx More in pipeline.... 360 Networks Airespring AT&T BandTel Bandwidth.com Broadvox Cablevision Cbeyond Cellip Cordia Corporation Deltacom Excel Switching Gamma Global Crossing IP-Only Nectar Level 3 Netlogic NetSolutions Nexvortex Nuvox O1 One Communications Paetec Primus RNK Telecom Skype TDC Tele2 Toplink VoEX VoIP Unlimited Voxbone More in pipeline..... Service providers Ingate SIParator® -or- Ingate Firewall SIP Trunk Compliant with Ingate has done an extensive amount of Interoperability testing with both IP-PBXs and service providers so that our customers can be assured of a fast and easy installation and cut-over to SIP Trunking. Carrier Equipment Acme Packet Broadsoft NexPoint Sonus Sylantro

14 Ingate Startup Tool Network Topology
Select the deployment according to the picture Assign IP Addresses, the tool will config the Ingate. The following two pages show the configuration of the Ingate while installing a SIP trunk. The Ingate Startup Tool with preconfigurations is being used. Status Information, helpful for troubleshooting 14

15 Ingate Startup Tool IP-PBX Selection
Select IP-PBX Vendor and Model Assign the IP-PBX IP Address For every IP-PBX vendor on the List Ingate has captured the programming requirements to ensure quick and easy config Assign the IP-PBX Domain (if required) The following two pages show the configuration of the Ingate while installing a SIP trunk. The Ingate Startup Tool with preconfigurations is being used. Status Information, helpful for troubleshooting 15

16 Ingate Startup Tool ITSP Selection
Select ITSP Vendor For every ITSP vendor on the List Ingate has captured the programming requirements to ensure quick and easy config User Account Information, DID Assignment and Registration Authentication Assign the ITSP IP Address The following two pages show the configuration of the Ingate while installing a SIP trunk. The Ingate Startup Tool with preconfigurations is being used. Status Information, helpful for troubleshooting 16

17 Benefits of Ingate for SIP Trunking
Support for all SIP PBX’s in the market Expansion of Service Provider market of opportunity Resolution of NAT traversal issues Security and Control Demarcation point at the customer premise Easy expansion to support Unified Communications In summary, Ingate offers a full data and SIP firewall as well as the SIParator Enterprise Session Border Controller. With these devices you can achieve the goal of enabling your network for SIP and SIP Trunking. These products allow you to converge your voice and data LANs together so that the clients on our PCs and other devices can be used effectively with the carrier network. In all cases the Ingate product you choose will resolve NAT issues around SIP and at the same time leave you in control of your network and who is permitted to use your SIP services. All of this is possible with an easy to configure, fully tested and highly reliable product from a company that has been focusing on SIP for 10 years and has delivered product around the world since 2001. We have seen the future of communications and we enable you to take full advantage of the promises offered by SIP and SIP Trunking.

18 Please contact me at any time:
Thank you for your attention and interest in Ingate. If you have any questions or which to purchase an Ingate product, please contact me at or by at Please contact me at any time: Steve Johnson President Mail & SIP: Direct:

Download ppt "Enabling SIP to the Enterprise"

Similar presentations

S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.

S U C C E S S F U L L Y D E P L O Y I N G E N T E R P R I S E S I P T R U N K I N G Ingate SBC/E-SBC with Microsoft Lync Makes SIP Trunking Simple.
SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer 651.796.7043

SIP Trunking A VASP Perspective Thomas Roel Convergence Sales Engineer
SIP Trunk-UC Workshop IT Expo 2011.

SIP Trunk-UC Workshop IT Expo 2011.
1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,

1 What’s Next For SIP Trunking? Carriers Enabling and Bringing WebRTC Features With Their Trunks © 2015 Ingate Systems AB Prepared for:Ingate SIP Trunking,
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation.

1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation.
Sonus SBC1000, SBC 2000 Competitive Positioning

Sonus SBC1000, SBC 2000 Competitive Positioning
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.

Steven J. Johnson President Ingate Systems Inc. Enabling SIP to the Enterprise.
Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.

Solutions for SIP The SIP enabler We enable SIP communication for business What the E-SBC can do for you.
Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.

Enabling SIP to the Enterprise Steve Johnson, Ingate Systems Security: How SIP Improves Telephony.
1 Installing Ingate Solutions in the Enterprise © 2014 Ingate Systems AB Prepared for:Ingate’s SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014.

1 Installing Ingate Solutions in the Enterprise © 2014 Ingate Systems AB Prepared for:Ingate’s SIP Trunking, UC and WebRTC Seminars ITEXPO January 2014.
1 Lindsay Kintner VP Product Management Tadiran Telecom SIP Trunking Case Study.

1 Lindsay Kintner VP Product Management Tadiran Telecom SIP Trunking Case Study.
Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.

Lesson 11-Virtual Private Networks. Overview Define Virtual Private Networks (VPNs). Deploy User VPNs. Deploy Site VPNs. Understand standard VPN techniques.
1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®

1 The Need for Enterprise Session Border Controller The E-SBC allows the enterprise to control its SIP implementation The Ingate SIParator ®
Steven J. Johnson President, Ingate Systems Inc. Enabling Trusted Unified Communications.

Steven J. Johnson President, Ingate Systems Inc. Enabling Trusted Unified Communications.
Enterprise Infrastructure Solutions for SIP Trunking

Enterprise Infrastructure Solutions for SIP Trunking
CHAPTER 15 & 16 Service Provider VoIP Applications and Services Advanced Enterprise Applications.

CHAPTER 15 & 16 Service Provider VoIP Applications and Services Advanced Enterprise Applications.
© 2012 Intertex Data AB 1 What is SIP Trunking? Moving to Global UC – Internet+ © 2012 Intertex Data AB Prepared for:INGATE’S SIP TRUNK – UC SEMINARS:

© 2012 Intertex Data AB 1 What is SIP Trunking? Moving to Global UC – Internet+ © 2012 Intertex Data AB Prepared for:INGATE’S SIP TRUNK – UC SEMINARS:
Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.

Data Centers and IP PBXs LAN Structures Private Clouds IP PBX Architecture IP PBX Hosting.
Enabling SIP to the Enterprise Steven Johnson, Ingate Systems.

Enabling SIP to the Enterprise Steven Johnson, Ingate Systems.

Similar presentations

Ads by Google