As VoIP and unified communications take an increasingly central position in global telecommunications and the physical organization of businesses becomes increasingly decentralized, the session border controller, once the concern mainly of service providers, is becoming relevant to the an enterprise.
Last week, Siemens Enterprise Communications, long an important player in the VoIP and UC technologies market, announced the release of the OpenScape session border controller (SBC), designed expressly to work hand in hand with its OpenScape communications platform.
Siemens’ senior marketing manger for voice solutions, Michael Leo, explained the genesis of the OpenScape SBC to Enterprise VoIPplanet.
In part, according to Leo, the move to create the product was due to the conjunction of a set of trends—a growing adoption of IP and SIP-based communications coupled with the proliferation of remote and home-based workers and remote offices needing reliable, secure communications—and a set of business initiatives—cost savings from the consolidation and centralization of telephony and trunking, securely connecting remote workers and locations with headquarters, and the increasing deployment of cloud-based services delivered via SIP trunks.
But there was a more specific driver as well: the OpenScape customer base. “One of the reasons they pick OpenScape voice is the fact that it provides the highest level of redundancy in the industry,” Leo told VoIPplanet. No other vendor could provide SBC functionality that supported this redundancy capability at Layer 3, which would map to the architecture of the OpenScape voice offering.
“We had this capability already in our OpenScape Branch solution,” Leo reported. “We simply took it out and put it on its own independent server.”
In addition to being tailored to complement OpenScape voice, the SBC is architected in the same spirit:
“It is a Linux based open software application,” Leo explained, “designed to run on industry-standard servers. (Siemens has standardized on IBM xSeries and Fujitsu hardware.)
“It is highly scalable, supporting up to 4,000 sessions on a single server,” (which translates to something between 10 and 20 thousand users).
Moreover, it uses the same system administration tool used for OpenScape voice—the OpenScape Common Management Portal (CMP).
“Traditionally, many of these [SBC] products, aimed primarily at service providers, use a command-line interface, which service providers are used to,” Leo said. “Enteprises prefer an intuitive graphical user interface. If you’ve been trained on OpenScape voice system management, it’s very easy to do system management on the OpenScape SBC,” he said.
While session border controllers mediate between protocol implementations (primarily SIP) on either side of the network edge, their main job is providing secure communications connectivity.
“You could call it a VoIP firewall,” Leo told VoIPplanet. “But,” he hastily added, “it’s designed to complement, not replace the data firewall.” It can be run in parallel or in serial with the data firewall, whichever better fits with the overall architecture of the network.
Specifically, the SBC provides both encrypted signaling (known as Transport Layer Security or TLS) and encrypted media via the Secure Real-time Transport Protocol (SRTP).
In addition the OpenScape session border controller, like all SBCs, provides ‘topology hiding’ (keeping IP addresses invisible beyond the network edge) and intrusion detection.
Finally, it provides ‘NAT traversal.’ (SIP and RTP have a notoriously difficult time successfully crossing data firewalls that employ the Network Address Translation security technique.)
We mentioned server redundancy earlier, and Leo repeatedly stressed this aspect of the OpenScape platform. Redundant deployments can be either local (in one location) or in geographically separate locations.
“You can run it in active standby mode,: Leo said. “Should anything happen, the [standby server] automatically takes over, because it maintains exact copies of the database. “So, there’s the failover capability there.”
A handy feature of the OpenScape SBC—especially for large enterprises that use multiple service providers—is its ability to store service provider profiles. This makes it quick and easy to correctly provision SIP trunks from, say, Verizon and AT&T, with all the necessary configuration settings.
Another compelling reason to deploy an SBC is that it serves as a demarcation point for the network edge. While it’s perfectly possible to terminate a SIP trunk directly to an IP PBX, Leo pointed out, “If you have a problem where do you test to?”
“IT people want a clear demarcation point,” he said. “They want to be able to say ‘I can test it to here and I know it’s good—or that something’s wrong.’ ”
A final advantage of the OpenScape session border controller, according to Leo, is the company’s ‘linear’ pricing strategy. Unlike typical SBC ‘bundled’ pricing, which may start of with 100 licenses and scale up in increments of 25, Siemens licenses OpenScape in single seat increments.
“It’s a lower initial investment [thanks to the savings from using off-the-shelf hardware], and then a lower total cost of ownership, because you don’t have a lot of excess capacity that you’re not using,” Leo stated.
“It really becomes a logical part of the OpenScape voice ecosystem,” Leo summarized, “the call control, the unified communications element, and these new technologies like SIP trunking—now you can go to a single vendor and get everything you need.”