Microsoft Finds ICE Is Nice for VoIP
Looking to find a way to let peer-to-peer communications traverse NATs and firewalls in a single bound, Microsoft and Cisco Systems today announced that they are jointly endorsing the Interactive Connectivity Establishment (ICE) methodology.
ICE, which is not yet ratified but currently under consideration by the Internet Engineering Task Force (IETF), is designed to allow people to communicate across NATs and firewall, which can be a barrier to VoIP and other types of rich media communications, according to Russell Bennett, program manager for Microsoft's Real Time Collaboration Group.
"NATs and firewall are prevalent on enterprise networks, at service providers and on home networks," Bennett said, "They are there for very good reason, but there are side effects."
Those side effects include either misdirecting or blocking SIP-based VoIP interoperability. "It's a problem for everyone. There are various classes of NATs and firewalls, but we need to get by them all."
Bennett noted that proprietary technologies such as Skype get around the problem by disguising VoIP packets are http packets. That approach is "insecure and works only on a small scale," he said.
ICE is designed to use the STUN (Simple Traversal of UDP through NATs) and TURN (Traversal Using Relay NAT) protocols to allow servers (either at the server provider or on an enterprise network) to work cooperatively to discover, create and verify connectivity. The STUN/TURN servers basically enables a device to ask the servers, "what IP address do you see me as?", Bennett said.
Why support a methodology that has yet to be ratified by the organization that drafted it? "We don't know when it will be ratified, but we intend to deploy it anyway. No one has come up with anything and said 'let's all get behind this'," Bennett said. "We are committed to finding ways to allow people to communicate across firewalls. We do intend to ship ICE products. It's cheap and easy to do. It doesn't require anyone to buy anything."
Last week, Microsoft purchased media-streams.com to add VoIP capabilities to its applications and servers. The acquisition fits in with Microsoft's plan to integrate e-mail, IM, SMS, voice and conferencing services. In August, Microsoft bought Teleo, a developer of VoIP, PSTN termination and click-to-call technology, which can be used to bring VoIP to the IM space.
In an announcement that reinforces Microsoft's assertions regarding Skype, Info-Tech Research Group said it is recommending that enterprises ban Skype.
"Approximately 17 million registered Skype users are using the service for business purposes," said Info-Tech analyst Ross Armstrong. "Unless an organization specifies instances where Skype use is acceptable, and outlines rules for client-side Skype settings, that's 17 million opportunities for a hacker to invade a corporate network."
In a research note Info-Tech Research Group offered these reasons to ban Skype in corporate environments:
- It's not standards-compliant, allowing it and any vulnerability to pass through corporate firewalls
- Its encryption is closed source and prone to man-in-the-middle attacks
- Companies that use Skype risk a communication barrier with organizations that have already banned it
- It is undetectable, untraceable and unauditable, putting organizations that are subject to compliance laws at risk.