The ranks of network infrastructure devices that call themselves enterprise session border controllers (E-SBCs) are swelling daily.
It was only about 60 days ago that Santa Clara, Calif.-based Edgewater Networks announced the EdgeMarc, a new kind of E-SBC for enterprise customers. (See our coverage here.)
Today, the company announced the EdgeProtect series for distributed enterprises, a device that is designed to sit in the corporate headquarters network and work in tandem with EdgeMarcs located in branch offices.
These two devices, working together, pretty much eliminate three key challenges in the deployment of IP-based UC applications.
The first of these is the difficulty encountered in securely navigating SIP voice or video traffic through a NAT (network address translation) firewall.
“Most enterprises have a firewall policy on their corporate headquarters that’s very large and very complex, that’s been carefully handcrafted over a period of years of trial and error,” pointed out Edgewater vice president of marketing, Dave Martin in a pre-announcement briefing.
“Rolling out a new application and trying to get it through the firewall, it can be very time-consuming because that policy needs to be modified to support the new protocols, and it needs to be exhaustively tested,” he said.
The EdgeProtect/EdgeMarc duo gets around this problem by using TLS (transport layer security) to simplify connectivity and provide confidentiality, authentication and encryption for all IP-based voice, video and data connections.
In effect, they create a secure, encrypted tunnel through the corporate firewall to connect the two devices.
In a typical deployment, the EdgeProtect sits in the DMZ of the corporate network, the EdgeMarc behind the firewall in the branch network. If the company in question has multiple branch offices, an EdgeMarc is deployed in each location, and tunnels are created back from each to the EdgeProtect in the headquarters network.
Edgewater has even come up with a deployment mode where there are zero firewall policy modifications required. This requires two EdgeProtect devices, one sitting inside the corporate firewall, and another outside the firewall. “This is huge for an enterprise that has anywhere from several hundred to several thousand policy statements in their firewall,” Martin said.
In addition to connecting and securing IP voice and video traffic, the EdgeProtect provides a number of features that optimize this traffic. Voice and video are prioritized—sent through the secure tunnels before data traffic. And “real-time” UDP transport is used to minimize the negative effect of packet loss. Moreover, both EdgeProtect and EdgeMarc support authentication via public key infrastructure (PKI).
The third challenge: “A lack of troubleshooting tools,” Martin said. “Once you have the UC system installed and your users connected, if they have a bad quality session, there’s no way to isolate that problem.”
The solution is a set of diagnostic tools built into the platform to help isolate the impairments that cause low call or video quality. The system performs passive monitoring on all calls to provide IT network operators and issues an MOS (mean opinion score) evaluation for each.
The monitoring feature works in conjunction with the Edgewarer EdgeView VoIP support tool—a comprehensive troubleshooting and reporting tool that produces a comprehensive call metrics report for each call. Where anomalies are encountered, the interface links to a knowledge base entry that explains the variable and offers troubleshooting tips.
All of this allows network admins to quickly determine if impairments originate within the LAN or out on the WAN, and otherwise aids in mitigating problems as quickly as possible.
It’s also worth mentioning that the EdgeProtect platform is interoperable with virtually any IP PBX or IP-based UC system, “such as those from Cisco, Avaya, Microsoft, Interactive Intelligence, ShoreTel, and Mitel,” Martin said.
There are three models of EdgeProtect, ranging in price from $2,495 to $19,995, depending on configuration.
The medium/large enterprise unit, the EdgeProtect 5300LF2, supports a maximum of 300 simultaneous calls (or TLS sessions) and a maximum of 25 Mbps of video traffic.
For the small/medium customer, the EdgeProtect 4550 supports up to 10 concurrent calls or TLS sessions and a maximum of 1 Mbps of video.
There’s also a special version of the 4550—the 4552—that incorporates a T1/E1 interface and a firewall, so it can provide WAN termination as well as VPN “concentration.”Otherwise, the specs are the same as for the 4550.
Aside from the scalability distinction, the software features for all models are the same: TLS encryption, support for PKI, UDP based transport, passive call quality monitoring, QoS support for traffic prioritization, and packet inspection and filtering for tunnel based traffic.
