[Type text]
Fact Sheet.
Cloud Computing for Universal Communications
Office Box and Microsoft Lync Server provides complete presence, instant messaging, conferencing and enterprise voice capabilities through a single, user-friendly interface. The provision of data center resiliency and survivable branch security (branch
flexibility) for high availability is possible. The consistent management infrastructure, new capabilities to increase availability and interoperability with existing systems work for administrators.
It must be easy and cost effective to inter-connect all Microsoft Lync environments, encrypt end to end clients that are non Microsoft and manage security with direct access to the Microsoft’s Lync architecture at the closest point to their core servers.
Microsoft's Lync is based on the Session Initiation Protocol (SIP) which is the preferred standard Universal Communications protocol adopted by most vendors, hosted
service providers and which is used to provide SIP trunk connections from Network Service Providers (NSP). SIP trunks are direct IP connections to IP-PBXs.
Security and interoperability between Lync and other SIP based products and services can be complex, unless run by Office Box, Lync is a complex product; a typical Lync installation spans multiple servers and is dependent on a number of additional services.
Security is a high priority for Office Box.
Investment in Universal Communications has been a major part of the IT budget in the last 5 years with many looking to use Voice over the Internet, Video and Instant
Messaging as productivity tools, which improves communication, saves significant costs to the business and is the future.
The introduction of Bring Your Own Devices (BYOD-Mobile) together with the adoption of Cloud computing, private or public and the variants of technologies that uses SIP, has created a natural void for security, and in this we see many gaps have occurred which add risk to the business and allows various criminal activities such as:-
Denial of Service Attacks Eavesdropping
Packet Spoofing Replay Attack Message Integrity Information Leakage
The need to secure and deliver a compliant cloud solution to all transactions in and out of the fastest growing Universal Communication applications (UC) and allow for complete inter-operability when connected to legacy Universal Communication platforms, such as IPPBX or
Office Box services in the Cloud for Universal Communications.
UM-Labs platform provides access and security via the Lync Edge server and Front End Server. These connection points enable full UC integration. UM Labs also offer
Mediation Server connections; these are used where a lower level of integration is needed, for example for SIP trunks connections.
SIP is delivered over IP networks. All data and applications on an IP network use a
transport protocol to deliver data from one end-point to another, for example from a
Lync Security Eco System in the Cloud
Explaining the Solution and the over lay for Universal Communications
(UC).
All transport protocols run over the Internet Protocol (IP). IP’s job is to deliver a series of packets. The transport protocol reassembles those packets and reconstructs the
application data stream. SIP offers a choice of three different transport protocols. These are:
o UDP, this is a light-weight connectionless protocol that does little more than extract data from IP packets then delivers it to an application. It is the responsibility of the receiving application to re-assemble the data stream. o TCP, this is a connection orientated protocol which delivers complete and
ordered data streams to the application. Compared to UDP, there is an additional overhead particularly on servers handling large numbers of connections.
The SIP standard allows all 3 transport protocols. Microsoft Lync supports only TCP and TLS and uses TLS for all connections between Lync clients and servers for
signalling. Lync uses a variant of TLS known as mTLS (mutual TLS). TLS connections are established using certificates.
Most enterprises will want the flexibility to be able to operate outside of these
constraints. The UM Labs Lync Connector establishes the same grade of connection
to a Lync server as a standard Microsoft Lync client. It can connect to either the Lync Front-end Server or Edge Server (depending on network topology).
The connection is fully encrypted and authenticated. The Lync Connector also establishes authenticated and encrypted connections to the standard SIP Hosted Service or Enterprise PBX. The Lync Connector then relays all calls, Instant Messaging and presence information between the Lync and standard SIP systems.
SIP Trunk Services
The majority of SIP trunk services provide only UDP for signalling connectivity; this makes it impossible to directly connect to a Lync server. A small number of trunk providers offer TCP connectivity. While this enables the trunk to connect to a Lync server, there is a loss of the security offered by TLS. An even smaller number of SIP trunk services offer TLS, but their connectivity requirements may be incompatible with Lync.
Allowing TCP connections from an external service to a Lync server sacrifices a layer of security.
Existing IP-PBX
Many organisations are deploying Lync to provide an internal IP-PBX service. The Lync system will need to connect to both hardware IP phones and softphones running on tablets or mobile devices. In most cases these deployments will coexist with an existing IP-PBX or need to interconnect with an IP PBX in another location. Lync’s connectivity requirements make this difficult.
Mobile VoIP Clients and BYOD
While most VoIP apps are able to offer a choice of SIP transports and therefore request a connection to a Lync server, there are a number of practical difficulties in connecting a non-Lync device to a Lync server.
Even if the device supports TLS it may not be possible or practical to meet Lync’s strict mTLS requirements.
Using TCP as a connection option means sacrificing a layer of security and will leave the Lync server open to a range of attacks, including a potentially expensive call fraud attack.
It may not be feasible or practical to use Active Directory to authenticate users running non Lync devices.
UM Labs Software Security Platform as a Service (SSPaaS) is responsible for handling security functions which include signalling and media encryption for the back-end systems. Calls made via the service are decrypted and forwarded to a UC acting as an IP-PBX. The IP-PBX is responsible for routing calls between handsets, for providing a voice mail service for handsets that are not currently reachable and for
implementing other functions including text messaging and conferencing with secure video if necessary. The UC processes clear-text audio/video streams, and so must be contained within secure perimeter with all connections to external services calls routed via the SPaaS.
The UM-Labs SPaaS can also support secure connections to desk phones and connections to external systems including the corporate internal phone system and SIP trunk services to provide PSTN access. Most external connections will be made in clear-text.
UM-Labs and Office Box are part of the ‘Innovation in Security Showcase’ which
Includes:
‘Innovation in Security’ showcase is the world’s first authentication and Encryption Security Platform as a Service (SPaaS) for UC, which brings together ‘Persona Management’ and ‘End to End encryption’ across an enterprise voice network,
allowing 21st century social business to be performed in safety, protected from
corruption or eavesdropping.
The aims are to deliver a breakthrough environment that decreases risk, reduces costs and improves communication across the business, gaining improved ROI from
About Office Box
The ENZCOM was founded in 1997 and specializes in the provision of IT
infrastructure services in the context of IT outsourcing projects and managed IT services. Since 2014, we are operating as GmbH and based in Buchholz, south of Hamburg. Under IT infrastructure management, we understand all the benefits that are associated with the design, implementation, monitoring and reliable operation of infrastructural IT systems. These offers ENZCOM services in the following areas: Monitoring Management
Server Management
Backup and Disaster Management Security Management
Client Management
Software Packaging and rollout Inventory Management
24 × 7 ServiceDesk LAN Management Solutions Consulting Data Center
Our system engineers are experienced in the design and implementation of complex CITRIX, Microsoft and security infrastructure systems.
The ENZCOM is both technically and organizationally well equipped for the provision of service desk support and remote services.
Guaranteed Telephone availability 24 × 7 Custom Incident assumption
Mapping and monitoring of customized SLAs through the use of professional, ITIL compliant service desk tools
Proprietary hardware and software for remote monitoring and remote access (RAP) Development and maintenance of customer-specific documentation databases and knowledge bases
Reliable and proven escalation structures and quality monitoring ITIL compliant processes
In order to meet the legitimate expectations of our customers, particularly in terms of accessibility, responsiveness, system availability, flexibility and quality full, sets the ENZCOM on a proven system:
Close cooperation with all major manufacturers such as CITRIX, DELL and Microsoft Continuous accessibility for customers (24 hours / 7 days)
Employees with specializations and authorizations in all relevant infrastructure and technical areas
Regular developments in the field of technology and customer orientation
