The implementation of IP telephony (IPT) and VoIP systems, whether in small, medium or large organisations, requires careful thought and planning. Manfred Arndt explains ways in which risks can be mitigated with the correct implementation and maintenance.
When implementing IP telephony (IPT), many businesses face the decision of either upgrading their existing circuit-based PBX or moving to a new IP-based PBX. What advice would you give a business that’s making such a choice?
A lot depends on the size of the organisation, number of sites involved and how important voice and related services are for the company. For medium to small companies, typically the biggest bang for the buck is to transition to an all IP-based voice infrastructures at one time. This provides all the productivity benefits of IP communications and eliminates the ongoing maintenance costs of managing two separate infrastructure, simplifies moves-adds-changes and toll bypass.
However, for larger organisations, rather than doing an expensive wholesale rip and replace approach, we recommend a more prudent phased approach. Not only does this provide a better return on investment by leveraging their existing TDM assets, it also helps mitigate the risk of large scale roll-outs.
A good approach is to upgrade the back-end voice infrastructure with unified messaging and an IP-enabled PBX first. That along with an upgrade of the network infrastructure to intelligent switches based on open standards, advanced security, highly reliable and convergence-ready to support a single network drop for the IP phone and daisy-chained PC.
Since phone handsets are often one of the biggest costs associated with a full-blown VoIP migration, many large customers have achieved substantial cost savings by leveraging existing digital phones while initially deploying IP phones in new installations and remote branch offices for toll bypass. Only then, after the organisation is comfortable with the new technology and has proven to be stable for some time, would it roll out IP handsets to spread out the substantial cost of thousands of phones. In any case, make sure to only purchase IP phones that can be upgraded to work with SIP, 802.1X and LLDP-MED, as these are all key requirements and keep in mind that, with SIP, your handsets will be around a lot longer than the new IP-based PBX.
The next evolutionary step after implementing an IP PBX for IPT for many businesses is videoconferencing over IP. But with video over IP comes a new set of concerns. How can a business best mitigate the impact on bandwidth, video quality and integrating legacy videoconferencing equipment?
The convergence of voice, video and data onto a multi-service network is driving evolution on many levels, but one of the biggest changes is the growing value business leaders have come to expect from their networks. The network must be adaptive and flexible to easily support new types of devices and services in an incremental fashion without requiring a fork-lift upgrade whenever a new type of application comes along.
As part of your current network refresh for supporting IP telephony, don’t be short sighted and ignore the additional needs for supporting video conferencing, visual collaboration tools, as well as IP video security, just to mention a few of the new bandwidth intensive applications. For instance, IP video security deployments can quickly overwhelm legacy networks, since it often uses multicast traffic from hundreds to thousands of cameras archiving data on a continuous basis.
The success of IP telephony has proven that QoS for voice can be readily achieved on modern IP networks. However, video applications substantially increase the bandwidth usage and therefore must be provisioned appropriately. For example, one interactive video conference consumes up to 20 times the bandwidth of a standard VoIP call and high-definition Telepresence applications, like Halo, increase that by another factor of ten. To support these types of demanding multi-media applications while still delivering responsive downloads of large files such as PowerPoint presentations, ProCurve has been the leader in delivering affordable Gigabit technology with advanced intelligence to the edge.
How does ProCurve achieve the leading price/performance ratio in the industry and such a low cost of ownership? We do this by designing highly-integrated and high-performance hardware chipsets, to support running all these demanding networking features concurrently, including QoS, multicasting and virus throttling at full line rate on all links. It’s this tight integration that allows ProCurve to deliver an extremely reliable product, with lifetime warranty, at a surprisingly low cost.
In a recent survey conducted by Sage, 10 per cent of businesses using VPN or VoIP services were doing so via a Managed IPT. What are the pros and cons of using an IPT service supplied and managed by a third party for a business, compared to installing its own dedicated IPT service?
Managed IPT services are ideal for organisations that want the benefits of IP telephony, but have limited technical staff or do not want to pay for the sizeable up- front capital investment. It can also be very attractive to geographically dispersed organisations, as it generally can reduce the IT cost associated with managing smaller sites and eliminate downtime due to lengthy travel to resolve problems.
The downside of managed services is that the customer is dependent on the service provider for any changes required, which are not always delivered in a timely manner. The customer has less control and fewer options regarding specific features or productivity enhancing applications available to them. For the most part, large business will have a lower total cost of ownership with a dedicated IPT deployment, due to economies of scale.
In that same survey, 33 per cent of the respondents indicated that they were considering adding the capability to support voice communications over their wireless LANs. What considerations must be taken into account when extending IP communications to a wireless network in this manner?
Most companies contemplating VoWLAN understand the compelling business benefits, but often don’t fully appreciate the additional challenges to deliver toll-quality voice in a reliable and secure fashion over a wireless LAN. This is due to a number of factors, including interference, shared over-the-air bandwidth, seamless roaming and battery life that don’t exist on a wired Ethernet network.
To insure successful wireless roll-outs, it is essential to deploy open-standards- based solutions from leading vendors with demonstrated interoperability for fast roaming, advanced security, wireless QoS including SpectraLink voice priority, 802.11e and WMM with power save.
Another key consideration is selecting a vendor with one single, comprehensive management system for its entire network – both wireless and wired – to reduce the time and operational cost to manage and provide consistent service to employees regardless of where they are in the network or how they are connected.
ProCurve Networking solutions, based on our Adaptive EDGE Architecture, are designed from the ground-up with these requirements in mind, to provide complete control at the network edge where users connect, with the flexibility to expand your network when and as you choose.
A separate report by Analysys suggests that mobile and VoIP will account for 60 per cent of all residential voice services in Western Europe. Do you have any figures regarding what percentage of business voice services will move to mobile and VoIP, and when the two technologies will converge?
ProCurve is not involved with any legacy voice services and as such is not able to provide these types of numbers accurately. But that being said, ProCurve is seeing strong adoption of both mobile and VoIP technologies across virtually all Enterprise organisations.
According to the most recent market research report by the Dell’Oro Group, ProCurve increased its PoE shipments by 82.5 per cent, for Q3 of 2006; and according to a recent Synergy Research Group report, ProCurve boosted its wireless sales by 47 per cent for 2006.
Unified messaging services that combine fax, telephone, voice mail, email and instant messaging have the potential to revolutionise communication within a business, but it sounds like a daunting task in bringing all these seemingly disparate threads together. How can a business tie them into a cohesive single service and what is needed to achieve it?
At the conceptual level, unified messaging is really about connecting various types of software applications via open APIs. Our recommendation is to work with IP telephony vendors that are committed to open standards and have demonstrated interoperability with leading business software applications.
What safeguards are in place if a business’s WAN suffers a failure, rendering its IPT and data networks inoperable? Are there solutions that can route a call via the public switched telephone network (PSTN) in the event of such a problem, for example?
Clearly, enterprise businesses expect highly reliable voice services. This can be achieved with appropriate planning. The key concepts are alternate network connectivity and no single point of failure, along with backup power sources.
While WAN is often a focal point for high availability solutions, it’s important to insure the same level of alternate connectivity within the Enterprise network. This is accomplished by deploying multiple connection points to all the critical resources; this includes IP PBXs, multi-homed key servers and cross connecting the core network and distribution switches to ensure system availability in case any connection along the path fails. To protect against WAN connectivity failures, consider using multiple service providers and multiple access technologies like Frame Relay, DSL, ISDN and PSTN.
To minimise manual intervention when a link failure occurs requires deploying resilient routing and switching protocols to insure automatic recovery and rerouting of traffic around the network failure point. Considerations include virtual router redundancy protocol, rapidly reconfiguring spanning tree, meshing and dynamic routine protocols.
In a similar manner to network resiliency, you need to ensure that no single failure of any device will render your communication solution useless. This requires multiple distributed IP PBXs, redundant servers, and backup power sources.
It’s worth noting that the distributed nature of IP based solution actually provides a major benefit which is costly and difficult to achieve with a legacy PBX. By distributing resiliency at different geographical locations, this dramatically reduces the risk for total system outages due to catastrophic events such as water, flood or fire damage.
Many businesses have a mobile workforce that works away from the office and its local network infrastructure. Can an IP communications network extend its reach to employees such as these and provide them with the same advantages as their office-bound colleagues?
Absolutely, that’s one of the key benefits of IP based communications networks. With virtual private networks and remote access solutions, users can now connect to their corporate office over the internet at anytime from virtually anywhere in the world and even over wireless networks.
Companies now have the flexibility to let employees work from home when needed, hire remote staff based on available talent pool and enable business travellers worldwide to cost effectively communicate with their colleagues.
Some of the modern teleworker solutions make this as easy as picking up a phone and just plugging it into any Ethernet port or launching a softphone application on your laptop. The best part is they get to use the same telephone number and dialing plan as if they were in the office.
The important part is to make sure that proper safeguards are in place, such as encrypted VPN connections and easy to deploy and manage security solutions to improve scalability and eliminate security holes that are frequently caused due to human error.
And how can a business investing in any mobility solution like the above have confidence that the availability and reliability will be satisfactory? The ‘five 9s’ of older PBX systems (99.999 per cent uptime) have created a high level of expectation in this respect and any service that doesn’t comply to this standard can’t expect to be adopted.
Each customer needs to analyse the risk and return of having a highly available system in place for their particular applications. Many installations’ requirements will be fully met by using standard networking products and using fully proven network redundancy schemes to achieve the desired level of system resiliency. Others will require the full ‘five 9s’ and will need to consider the entire signal and power distribution path to achieve a system level availability of 99.999 per cent. It is feasible to design a highly available VoIP system using existing network products. Nevertheless, the demand for cost effective, highly available edge switches will increase for these types of installations since the current solutions would require full in-box redundant core switches out to the edge of the network which increases the total infrastructure cost.
Many businesses have concerns over the security of an IP-based communications system and are hesitant to move to one as a result. The physical security of the wiring and equipment, segregation of voice traffic on purpose-built networks and, in extreme cases, the employment of encryption all kept PBX communications safe, but what tools and technologies are available for security over IP services?
The growing trend of using a single shared connection for the PC and IP phone has created new device configuration and security challenges that requires the distribution of the intelligence at the edge of the network where users and IP phones connect.
How do you deploy access control policies to securely connect multiple devices on the same network port, in a centralised way? How do you insure that the voice traffic is properly segregated onto a dedicated voice VLAN and that the phone is provisioned with the correct QoS?
The ProCurve ProActive Defense strategy is a comprehensive security strategy, based on distributed intelligence at the network edge and combines proactive security offence techniques with steadfast traditional defence security techniques to insure a secure reliable solution that is easy to deploy and use.
The first step for securing an IP-based communication solution is to defend the networks so that only authorised devices are allowed access in the first place.
ProCurve intelligent switches provide advanced network access control security using multi-user per port 802.1X authentication, along with multi-role authentication to support concurrent MAC authentication of legacy devices or Web authentication for guest users.
After authentication, you will want to use an automated mechanism to provision IP phones with the correct voice VLAN and QoS settings to simplify moves, adds and changes. LLDP-MED, a recent open-standard protocol supported by all ProCurve intelligent switches, has emerged as a key IP telephony capability to provide automated topology discovery and configuration of endpoints and is seeing widespread support by many leading IP telephony vendors.
Dynamic ARP inspection, along with dynamic IP lockdown, are additional security features that restrict traffic on a per-port basis to prevent unauthorised users from eavesdropping or accessing other users’ traffic via man-in-the-middle attacks.
The next step is to use ProCurve Network Immunity and virus throttling to protect the entire network, not just a few strategic points, from virus and worm attacks. It does this by monitoring the behavior of all ports and applying intelligence to automatically detect anomalies and dynamically respond to security threats to assure uninterrupted network service.
Then you want to monitor and understand the traffic (data and voice) on your network. You should be asking:
ProCurve intelligent switches also support sFlow, a leading standards based network sampling technology that provide high application visibility across the entire network, from Layer 2 through Layer 7 application traffic, with minimal overhead and high scalability. It enables the network administrator to take control of network usage and measure QoS to insure that bursty data traffic is not impacting voice quality. This holistic security approach improves network availability, resulting in enhanced productivity, improved regulatory compliance and reduced operational expenses.
- Who is using the network and what are they doing?
- How to detect network threats
- What impact will new high bandwidth applications like video have on VoIP?
- How to monitor thousands of ports with speeds up to 10Gbps