Presentation is loading. Please wait.

Presentation is loading. Please wait.

Www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 VIRTUAL CONTACT CENTER in the Cloud Vocalcom High Availability Voice Mediant 4000 SBC Configuration.

Published byJade Fleming Modified over 9 years ago

Similar presentations

Presentation on theme: "Www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 VIRTUAL CONTACT CENTER in the Cloud Vocalcom High Availability Voice Mediant 4000 SBC Configuration."— Presentation transcript:

1 www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 VIRTUAL CONTACT CENTER in the Cloud Vocalcom High Availability Voice Mediant 4000 SBC Configuration

2 www.vocalcom.com Audiocodes HA Mechanisms Audiocodes SBC High Availability provide :  A 1+1 redundancy scheme  A keep-alive mechanism to automatically switchover SBC in case of failure  A call context synchronization in order to preserve active calls during a switchover  A method to upgrade SBC firmware without disturbing current calls (Hitless Software Upgrade)  A single configuration and auxiliary files repository for the M4K cluster

3 www.vocalcom.com Vocalcom Deployment

4 www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 CONTACT CENTER in the Salesforce CloudVIRTUAL CONTACT CENTER Mediant 4000 HA

5 www.vocalcom.com Mediant 4000 HA – Mode 1 – Local Deployment

6 www.vocalcom.com Mediant 4000 HA – Mode 2 – Geographical Redundancy

7 www.vocalcom.com Mediant 4000 HA – Firewalls Config  The following table provide rules to setup SBC firewall in case of security activation or, in case of geographical HA, for filtering nodes on the SBC’s MAINTENANCE vlan Source Host Dest Host Dest PortProtocolComment M4K-1M4K-2669UDPKeep-Alive packets M4K-2M4K-1669UDPKeep-Alive packets M4K-1M4K-22442TCPHA Control and Data packets M4K-2M4K-12442TCPHA Control and Data packets M4K-1M4K-280TCPFile Transfert M4K-2M4K-180TCPFile Transfert

8 www.vocalcom.com Mediant 4000 HA: Pre Requisites  High Availability Feature key (licensing)  Two Mediant 4000 SBC  Two Gigabit Ethernet ports per switch  Power Consumption M4K HA : –2.5A @ 230VAC, 75W

9 www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 CONTACT CENTER in the Salesforce CloudVIRTUAL CONTACT CENTER SBC Security

10 www.vocalcom.com SecurityConnectivityQoE AudioCodes Session Border Controller AudioCodes Session Border Controller Main Tasks

11 www.vocalcom.com Perimeter Defense Firewall and Access Control Encryption Topology Hiding Denial of Service protection Call Theft and Fraud protection Interoperability SIP Normalization DTMF Conversion Fax Conversion Protocol/Coder Policing Voice Transcoding NAT Traversal SLA and QoS Assurance Call Admission Control QoS Monitoring and Troubleshooting Voice Service Assurance Survivability AudioCodes Session Border Controller (SBC) - Key Roles

12 www.vocalcom.com Accept messages based on SIP header properties. For exp, request URI etc SIP Digest Authentication SIP Access List & Classification Brute force DoS Protocol Vulnerabilities SIP dialog Attacks UnClassified SIP Traffic TCP attacks, Identity Spoofing Context Identification SIP Message Policy TCP/TLS Integrity and Authentication Layer 3-4 Firewall and Rate Limiting Legitimate Traffic Filter oversized SIP messages, unwanted SIP bodies, SIP syntax policing Filter out SIP messages which do not belong to an open dialog Call Admission Control Overcome TCP vulnerabilities, perform TLS authentication Look at the IP addresses and ports to filter unwanted packets and throttles the incoming packet rate Unauthorized Access Calls over Limit How Does AudioCodes SBC Secure SIP Traffic 12

13 www.vocalcom.com Security : Topology Hiding  Topology hiding is important for hiding network internals and for privacy  Achieved through use of SIP B2BUA: –VIA stripping – each B2BUA leg will have its own VIA rules independent of the other leg –Independent Route/Record Route in each leg –Host name modification (e.g. To/From) –Inserting the SBC Contact in each leg –Different Call ID for each leg –NAT/Layer 3 Topology Hiding – modification of Src. IP address in IP Header –Restrict caller ID for un trusted legs AudioCodes Proprietary and Confidential Information

14 www.vocalcom.com Security : DoS/DDoS  Protection against DOS/SIP attacks –Access list within layer 3 and layer 5 –Layer 3 Rate limiting according to local and remote IP port and transport type –SIP Dialog rate and concurrent calls limiting –Rich message filtering rules: message size, number of headers, message body types, request type and more  Protection against SIP vulnerabilities  OS/IP stack vulnerabilities handling  Passed DoD tests and got FIPS140 certificate

15 www.vocalcom.com Security : Call Admission Control  Limit number of concurrent calls per Subnet/SIP trunk  Limit number of registered users per subnet  Limit call setup rate per Subnet/SIP trunk/user (average and burst)  VoIP codec policing and prioritizing  Self overload protection  Registration flood protection and throttling  Protocol Validation

16 www.vocalcom.com Security : Encryption  TLS –SSL 2.0, SSL 3.0, TLS 1.0 –Re handshake –Mutual authentication –Certificate Revocation Checking –Verify Subject Alt Name against the provisioned proxy name  SRTP-RFC 4568 sdes (voice, video) –SRTP enforcement –Best effort SRTP using two media lines  IPSEC – Control & management only  VPN (MSBG)

17 www.vocalcom.com Mediant 4000 SBC Highlights  Med to high-density SBC platform –250 to 4000 SBC sessions and more…  Based on field proven AudioCodes SBC family  High availability with 2-box redundancy  State-of-the art AMC (MicroTCA) based platform  Cost effective compact footprint (1U)

18 www.vocalcom.com Mediant 4000 SBC Highlights  Strong DOS/DDOS and VoIP firewall protection  Easy SBC session capacity upgrades via software key  SIP TLS security and Media Encryption  Media handling including transcoding capabilities –Wide range of vocoders including Low Bit Rate (LBR), wireline, cellular and wideband vocoders –Decoupling of DSPs (Transcoding) from CPU (SBC sessions)

19 www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 CONTACT CENTER in the Salesforce CloudVIRTUAL CONTACT CENTER TeleHouse 2 Deployment of first SBC in production

20 www.vocalcom.com TeleHouse 2 Deployment : Rack Utilization & Power Consumption 6U used in cabinet Total power consumption : 8 power connectors are needed to plug each power supply HardwareUsed Power QtyTotal Mediant 400075 W6450 W Total450 W

21 www.vocalcom.com TeleHouse 2 Deployment : Network Connections  Mediant 4000’s Red Ethernet connection carries SIP signaling and media using a single IP address Orange Ethernet connection is used for OAMP purpose (remote access, supervision…) 2 ports per switch and per Mediant 4000 are needed

Download ppt "Www.vocalcom.com Version 1.0 by Simon HarrisonJune 14th 2013 VIRTUAL CONTACT CENTER in the Cloud Vocalcom High Availability Voice Mediant 4000 SBC Configuration."

Similar presentations

The leader in session border control for trusted, first class interactive communications.

The leader in session border control for trusted, first class interactive communications.
Addressing Security Issues IT Expo East 2011. Addressing Security Issues Unified Communications SIP Communications in a UC Environment.

Addressing Security Issues IT Expo East Addressing Security Issues Unified Communications SIP Communications in a UC Environment.
Network Security Essentials Chapter 11

Network Security Essentials Chapter 11
Firewalls By Tahaei Fall 2012. What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.

Firewalls By Tahaei Fall What is a firewall? a choke point of control and monitoring interconnects networks with differing trust imposes restrictions.
Voice over IP Fundamentals

Voice over IP Fundamentals
Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.

Security in VoIP Networks Juan C Pelaez Florida Atlantic University Security in VoIP Networks Juan C Pelaez Florida Atlantic University.
Firewalls 2014.04.07 Uyanga Tserengombo

Firewalls Uyanga Tserengombo
IUT– Network Security Course 1 Network Security Firewalls.

IUT– Network Security Course 1 Network Security Firewalls.
BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.

BASIC CRYPTOGRAPHY CONCEPT. Secure Socket Layer (SSL)  SSL was first used by Netscape.  To ensure security of data sent through HTTP, LDAP or POP3.
SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.

SIP and IMS Enabled Residential Gateway Sergio Romero Telefónica I+D Jan Önnegren Ericsson AB Alex De Smedt Thomson Telecom.
FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.

FIREWALLS. What is a Firewall? A firewall is hardware or software (or a combination of hardware and software) that monitors the transmission of packets.
FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.

FIREWALLS The function of a strong position is to make the forces holding it practically unassailable —On War, Carl Von Clausewitz On the day that you.
Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)

Voice over IP and IP telephony Network convergence – Telephone and IT – PoE (Power over Ethernet) Mobility and Roaming Telco – Switched -> Packet (IP)
IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.

IP Security. Overview In 1994, Internet Architecture Board (IAB) issued a report titled “Security in the Internet Architecture”. This report identified.
CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – www.counterpath.com www.counterpath.com –

CounterPath Corporation William Khris Kendrick: – Director of Business Development and Channel Marketing – –
Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.

Securing Unified Communications Mor Hezi VP Unified Communications AudioCodes.
IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.

IPsec: Internet Protocol Security Chong, Luon, Prins, Trotter.
Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.

Network Security Topologies Chapter 11. Learning Objectives Explain network perimeter’s importance to an organization’s security policies Identify place.
September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.

September 19, 2006speermint interim1 VoIP Threats and Attacks Alan Johnston.
January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

January 23-26, 2007 Ft. Lauderdale, Florida IP Communications, Secure – By Design Roger W. Farnsworth.

Similar presentations

Ads by Google