As demonstrated by the overflowing audiences at this last Spring VoiceCon, SIP Trunking continues to gain attention and interest by enterprise buyers. I'm seeing an ever-growing cross section of SME and Enterprise buyers listening and learning about SIP Trunking with the cost savings and flexibility piquing their interest.
However, many of the security, interoperability and survivability issues of SIP I have pointed out in previous posts have to-date stymied some of the growth and adoption of SIP Trunking.
As a result of these issues and the need to integrate SIP-based communications systems with a wide range of SIP Trunking service providers, a whole new category of customer premise equipment has recently evolved--the Enterprise Session Border Controller (E-SBC). The E-SBC is designed to be located on the customer premise and sit between the Local Area Network and the external Wide Area Network. Unlike the larger and more complex carrier-oriented Session Border Controller (SBC), the E-SBC is "right-sized" for a range of medium and large enterprises.
Unique functions of an E-SBC include:
Security: Often the first attribute to get mentioned about any SBC. Unlike a firewall, both carrier-class and enterprise-SBCs operate at OSI layers 3 and 4, interpreting the SIP messages and using the information gleaned from the session negotiation, to make intelligent decisions about which request is valid and which message is part of an attack. E-SBCs offer a "front guard" that protects the business network from possible attacks that originate from outside the business (the Internet), elsewhere on the WAN (the carrier) or within the business (an inside job). Stateful packet inspection, Access Control Lists, Topology hiding and Application Layer Firewall functions help keep the bad guys out and let the trusted parties in. Other facets of security include encryption--allowing the SIP sessions outside the business to be fully encrypted without the cost of having encryption on every device or system within the network.
Interoperability: sometimes forgotten, but equally important is the ability to integrate different SIP-based systems from different vendors or vintages with a range of SIP Trunking carriers. As a result of the wide range of protocol options within the RFC-3261 SIP specification, two systems can be completely within specification, but unable to communicate. SIP mediation is often required to convert from one vendor’s version of SIP to another. This is especially important as larger enterprises integrate numerous different SIP systems together due to acquisitions, or that may have been bought at different times. An E-SBC eliminates this issue by implementing a back-to-back user agent, essentially terminating one SIP session (using one set of rules) and establishing another session (with a different set of rules), interconnecting previously incompatible systems. Having an interoperability solution is key in maintaining choice for the business and eliminating vendor "lock-in" commonly found with large "standard, but closed" communications systems.
Survivability: this is a new twist that some early market trials identified as an issue with decision makers. Basically, buyers need a "CYA" or back-up plan that will allow the business to continue to operate if there are issues with the SIP Trunks. This may be just during the cut-over period, or part of a longer-term disaster recovery plan. The most logical back-up to SIP Trunks are TDM trunks. Not necessarily a one-for-one backup, but a reduced number of TDM trunks that would be able to stand in and allow for emergency or limited service calling. Until recently, this required a separate media gateway that was installed next to the E-SBC and a SIP Proxy to make decisions about when and where to direct the traffic to the TDM trunks. Fortunately, appliances that combine the three capabilities (E-SBC, Gateway and Proxy) together in one device are now appearing on the market, eliminating the costs and shelf space needed for the three separate devices.
NAT Traversal: one of the big benefits of SIP based communications systems is the ability to put phones in employees’ home offices, hotel rooms, etc. for anywhere-anytime communications. To do this, the communications system must be able to traverse the Network Address Translation (NAT) function found at the far end--a built feature found in most home and small business routers. Enabling the remote phones and workstations requires logic to deal with the IP address changes and port number re-assignments that are the result of the far-end router NAT.
As the adoption of SIP-based IP-PBXs and Unified Communications systems grows along with SIP Trunking, an Enterprise Session Border Controller (E-SBC) will become a common tool that network designers use to protect and interconnect their communications.
