When we started this investigation into VoIP network management principles and vendor solutions, we began by summarizing the management framework developed by the International Organization for Standardization (ISO), to accompany the Open Systems Interconnection (OSI) Reference Model. Known as the Management Framework, and specified in ISO document 7498-4, it describes five Specific Management Functional Areas that should be addressed as part of any network management architecture: fault, accounting, configuration, performance, and security management.
Most of the system solutions that we have looked at in the intervening months are designed to focus on the first four of these areas. And with the constant flurry of network churn, plus the desire to provide toll-quality service to the end users, the security discipline may be overlooked. But all it takes is a one security breach to bring this issue to everyone’s attention—and wonder “why didn’t we anticipate that a security problem might occur in the first place?”
Extreme Networks, headquartered in Santa Clara, Calif., has developed products that address the security concerns of converged networks. Founded in 1996, this publicly traded company was among the first to offer patented network-level resiliency protocols for IP/Ethernet networks, and deliver a unified solution that allows wired and wireless devices, applications, and equipment to share the same infrastructure and management tools.
Extreme addresses a wide range of customers including corporate enterprises such as manufacturers, retailers, financial institutions, utilities, and healthcare organizations, plus large universities and national and local governments worldwide. Throughout its history, the company has delivered more than 15 million Ethernet ports and has established a presence in more than 50 countries.
Extreme Networks’ product development for converged networks addresses four areas: voice class availability, including robust performance in both normal and hostile operating situation; integrated management, with intuitive applications for cost-contained scalability; comprehensive security with network-wide coverage for risk reduction; and high quality voice connections, providing excellent voice clarity across proven contact center and enterprise architectures.
In the integrated management area, Extreme Networks and Avaya have undertaken a joint development to coordinate the Avaya Integrated Management (AIM) and Extreme’s EPICenter management tools to discover and manage Avaya and Extreme Networks devices from either platform.
EPICenter is a network management platform capable of tracking and managing assets in networks that are undergoing rapid change due to convergence. EPICenter runs under Windows, Solaris or Red Hat Linux, and provides an open architecture to accommodate a multi-vendor, service rich network environment.
The system includes a number of key features and applications, including a topology view that provides connectivity information for all Layer 2 and Layer 3 connected devices; firmware management to determine firmware version and availability information, including the capability to provide multi-step upgrades; real time statistics that provides a graphical representation of utilization and error statistics, and comprehensive security, including a VLAN manager, plus a policy manager with access-based security policies to enforce user-based security.
EPICenter integration with Avaya Integrated Management allows users to launch the AIM console and Avaya Device Manager from within EPICenter. This integration also helps to discover devices managed by AIM from within EPICenter.
A second solution from Extreme is called the Sentriant family of Security Appliances, which are designed to verify that devices connecting to the network are in compliance with established security policies, and to quickly mitigate propagating security threats.
Two products have been developed: the Sentriant NG300, which deals with threats from inside the network, integrating with the Extreme switches for network-wide coverage, and the Sentriant AG200, for endpoint testing and network access control.
The Sentriant security appliances include behavior-based rules to protect IP telephony and VoIP traffic, and mitigate the threat of malicious users and hackers actively trying to exploit vulnerabilities and breach the IP communications network.
Graphical displays detail the traffic sources (see Figure 1) and level of threats (see Figure 2) on the network. The set of rules help simplify management tasks and better protect VoIP gateways, SIP servers, and VoIP phones. The solution also provides protection mechanisms that automatically trigger if a significant amount of traffic anomalies are seen.
Further details on the Extreme Networks architecture and products can be found at http://extremenetworks.com/. Our next tutorial will continue our examination of vendors’ network management architectures.
Copyright Acknowledgement: © 2008 DigiNet Corporation®, All Rights Reserved
Mark A. Miller, P.E. is President of DigiNet Corporation®, a Denver-based consulting engineering firm. He is the author of many books on networking technologies, including Voice over IP Technologies, and Internet Technologies Handbook, both published by John Wiley & Sons.