Whaleback Tightens Voice Security, Boosts Voice Quality

Latest software iteration features on-premise voice firewall, tracking instrumentation to bar threats, ensure clear conversations.

By Ted Stevenson | Posted Apr 7, 2008
Page of   |  Back to Page 1
Print ArticleEmail Article
  • Share on Facebook
  • Share on Twitter
  • Share on LinkedIn

If you ask folks at Whaleback Systems which is better, hosted VoIP service or owning your own IP PBX, they'll tell you "Neither."

"We think both of those approaches are flawed," Whaleback director of marketing, Dave Zwicker told Enterprise VoIPplanet.com in a recent meeting. "That's our philosophy."

Instead, Whaleback has created a turnkey service model that combines on-premise equipment with central management and a controlled network environment. "We combined the good attributes—turnkey deployment and the economies of hosted VoIP—and took away what we see as the bad attributes—the cost and complexity, the uneven call quality, and the one-size-fits-all feature set."

Today, the Portsmouth, NH-based VoIP service provider is announcing major improvements in its offering, enhancements that simply wouldn't be possible with either of the traditional models (hosted service or PBX ownership); a security firewall, and automated voice quality management.

"Key to this is putting a system on customer premise," Zwicker reiterated. The system, a standard Intel computer "functions as a black box," he went on. "The customer doesn't interact with it. Whaleback uploads updates to it, backs up configurations nightly, and monitors call quality through it."

One of the elements that will be present on that system, going forward, is the new OrcaSentry voice firewall software, which eliminates the numerous threats to which IP communications are otherwise vulnerable: spam, denial of service attacks, eavesdropping, call interception, and the like.

To understand how this work, you need to know a bit more about how Whaleback Crystal Blue Voice service is put together. First of all, Whaleback provisions dedicated voice links for its customers. There is no mixing of voice and data traffic, as is typical in most converged networks. Second, all IP voice traffic originating from within the customer's organization is routed directly from the on-premise server to a secure PSTN gateway at one of Whaleback's collocation facilities, and thence to the PSTN switch; it never touches the public IP network.

OrcaSentry functions as a SIP proxy. Calls originating within the customer network are SIP sessions that terminate on the on-premise server. "That server, as a proxy—or 'back-to-back user agent'—then regenerates that call [bearing another IP address], not to another SIP location that you don't know about, but only to a voice gateway that drops you into a TDM voice circuit," Zwicker explained.

"There's no opportunity along the way for something evil to happen, like those addresses being compromised, sessions being hijacked, calls being intercepted," Zwicker said. "Because it's all very tightly controlled, and private addresses stay private. We've basically eliminated the possibility that your network could be compromised based on your voice traffic going over the public Internet."

A second element that's been incorporated in the on-premise PBX is a management probe, instrumentation that 'takes the pulse' of call traffic at its point of origin, and communicates with Whaleback's centralized Voice Quality Management system, OrcaVision. "That enables us to do a whole lot of amazing voice quality management tasks on behalf of the customer." Zwicker told VoIPplanet.com.

Despite the tight route controls that Whaleback maintains on voice traffic, network congestion points or 'hot spots' are an inescapable fact of life. "We're monitoring that call path end to end," Zwicker said. "Our management actually traces every call path for every call made," and when hot spots crop up, "we detect that automatically, and we route the traffic around that hot spot," he said.

We can't change routing tables inside other people's networks, but because we control the two endpoints, we can say, let's take all those calls and send them to a different collocation facility that will completely change the path to get to that location. We don't send any traffic over that hot spot while we're working the problem. When the problem is resolved, we open it back up again," Zwicker asserted.

What triggers call re-routing is violation of what Zwicker called 'marginal call quality metrics'—say, if packet loss exceeds 1 percent. "By setting those thresholds at marginal levels, we can tell an event is about to happen—and about to impact call quality, " he said—"not waiting to the point where it sounds like garbled voices." In other words the server-based instrumentation is key resource in the OrcaVision system that lets Whaleback engineers address problems before customers are aware that a problem exists.

Also announced today is a series of enhancements to the service's business continuity features. A high-availability version of the PBX appliance, sporting redundant RAID storage and redundant power supply, is now available as an extra-cost option. The company will even maintain a list of secondary DIDs for customers, at their request, so in case of a total outage, Whaleback will re-route a customer's calls to these alternative destinations.

Existing Whaleback customers will receive the software upgrades by automatic download. The OrcaServer H-A (high-availability) appliance may be added for a one-time fee of $4,995.

Comment and Contribute
(Maximum characters: 1200). You have
characters left.
Get the Latest Scoop with Enterprise Networking Planet Newsletter