1 Large enterprises have been expanding their deployments of IP telephony (IPT) for several years now. Planning has already begun to extend the benefits of interactive communications over IP beyond voice services to include real-time presence-based voice, videoconferencing, chat/instant messaging, multimedia collaboration, telepresence, and more. With encouragement from major IT vendors, some enterprises will achieve this objective by deploying suites of integrated real-time applications over IP— often referred to as Unified Communications (UC)—as well as core business applications enhanced with interactive communications capabilities, e.g., CRM enabled with click-to-call and call recording features. Delivering these real-time, interactive communications services and applications over IP will be critical to fostering business agility, boosting employee accessibility and efficiency, improving customer service, and reducing IT capital and operating costs. But significant challenges in security, interoperability, service assurance and regulatory compliance emerge once enterprises begin migrating voice and video away from service provider TDM services and converging them on IP networks.
Session border controllers (SBCs), product solutions extensively used by service providers to address these shortcomings, are now being deployed by enterprises to enable the delivery of secure, high-quality, real-time interactive communications, including IPT and UC. Similarly, service providers are using SBCs in new outsourced interactive communications offerings for enterprises such as hosted contact centers and hosted Voice over IP (VoIP) services.
Business challenges
The business world is now global, 24/7/365, mobile, and real-time. The emergence of new economic powerhouses like India and China has intensified the competition for customer loyalty and money. The advent of a more globalized economy has meant both improved availability of lower-cost labor and the entry of agile new competitors unburdened by legacy IT infrastructure. Meanwhile, customer expectations of the level of service their vendors provide are rising. Any enterprise that hopes to survive in this
environment must optimize the efficiency of its internal and customer-facing business processes by reducing “human latency”; the time it takes to identify, access and connect the best-available employees to make decisions, address customer needs and solve problems quickly.
In this newly competitive environment, enterprises face a broad spectrum of challenges, including how to: • Equip employees with better real-time communications tools to improve the speed and efficiency
with which they interact with each other and with customers; this includes adding real-time communications features to core business and productivity applications
• Build customer loyalty by optimizing business processes such as order entry and inquiry/problem resolution, enabling customers to quickly reach the right employees via the best available
communications channels
2 • Respond to economic and competitive pressures by reducing infrastructure costs, notably by
using IT selectively to simplify, optimize and drive cost out of overhead business processes (e.g., travel, communications)
• Identify processes and skills that are core to the business, and selectively outsource the rest • Minimize the enterprise’s exposure to risk with appropriate investments in security and business
continuity while achieving compliance with all relevant government and commercial regulatory requirements
Acme Packet enterprise session border control solutions
Acme Packet® SBCs enable enterprises to control four critical IP network borders to their data centers that host IPT/UC infrastructure, as shown in Figure 1:
• IP trunking border—connections to service provider IP networks linking the enterprise to the outside world of PSTN and IP endpoints
• Private network border—connections to internal employees located on the
enterprise campus LAN and in remote offices connected via private WAN services such as MPLS VPNs
• Internet border—connections to small offices, users working from home and mobile employees over the public Internet • Hosted services interconnect border—
private connections to service providers or Application Service Providers (ASP) that offer hosted IP-based audio and
videoconferencing services, IP contact center services, IP Centrex to augment premise-based systems for certain sites, business groups or divisions and VoIP-enabled business applications such as salesforce.com.
3
Overview
Voice over IP (VoIP) and unified communications (UC) are increasingly prevalent as standards-based alternatives to closed proprietary communications systems. The expandability, flexibility and cost
advantages offered by IP networks provide a highly effective means for enterprises and contact centers to communicate both internally and externally in today’s dynamic business and economic climates.
Because an organization’s communications network is a business-critical resource, IP-based enterprise and contact center communications networks, services and application must be secured. But other requirements, such as maximizing communication service and application interoperability, assuring service availability and quality levels, complying with government regulations and controlling costs must also be met for successful VoIP/UC delivery.
How it works – firewalls with SIP ALG vs. session border controllers
Enterprise firewalls—ubiquitous in today’s IP networks—protect IP data networks, servers and
applications against a variety of threats through stateful inspection and filtering at layers 3 and 4 of the OSI model. To enable basic VoIP connectivity through the firewall, some firewalls add SIP application layer gateways (SIP ALGs) that translate embedded SIP addresses, in effect allowing the firewall to maintain a single end-to-end SIP session between endpoints residing on either side of the firewall.
By comparison, session border controllers (SBCs) implement a SIP back-to-back user agent (B2BUA) as defined in IETF RFC 3261. A B2BUA divides each SIP session into two distinct segments as shown in the diagram below. In doing so, the SBC is able to completely and effectively control SIP sessions, as well as the associated media flows, in ways that SIP ALGs cannot. This unique capability gives SBCs a clear edge in their ability to securely deliver reliable, high-quality IP-based interactive communications.
• Maintains single SIP session through FW • Fully state-aware at layer 3 & 4
• Only inspects/modifies SIP, SDP addresses • Unable to terminate, initiate, re-initiate or
respond to SIP signaling messages
•
Only supports static ACLs & policies• Implements SIP B2BUA for complete control
• Fully state-aware at layers 2-7 • Inspects/modifies all SIP, SDP
header info
• Can terminate, initiate, re-initiate and respond
to SIP signaling messages
• Supports static and dynamic ACLs & policies
4
Use cases – SBCs vs. firewalls with SIP ALG
The best way to illustrate the differences between SBCs and FW w/ SIP ALG is within the context of common enterprise and contact center VoIP/UC use cases. Each of the ten scenarios shown below is accompanied by an associated business challenge as well as the technical requirements that would have to be met by the network element in order to address that challenge. Each scenario demonstrates conclusively that only session border controllers are capable of meeting all requirements for the success-ful delivery of enterprise and contact center VoIP/UC services and applications.
Net-Net
• Session border controllers – uniquely provide all controls required for delivering trusted, reliable, high-quality IP interactive communications
o Security – IP PBX & UC server —DoS/DDoS attack protection, SBC self-protection o Communications reach —maximization – IP PBX & UC protocol interworking, remote
NAT traversal
o SLA assurance – IP PBX & UC—server session admission & overload control, data center disaster recovery, remote site survivability, QoE-based routing, SBC high-availability operation
o Regulatory compliance – session replication for recording
5
Benefits
Enterprises, including contact centers, universities and government organizations, have a growing interest in using SIP and H.323 trunks for interconnecting IP PBX islands and enabling native IP communications for voice, conferencing, messaging and collaboration applications. Moreover, as
enterprises migrate to an all IP communications environment, they are looking to service providers to take VoIP traffic from their sites and provide IP-to-PSTN gateway services for inbound and outbound traffic. Enterprises can realize capital and operating expense savings by leveraging more efficient and
economical IP connections. Direct VoIP peering between enterprise sites also simplifies the introduction of enhanced communications applications such as unified communications.
Several benefits can be realized by leveraging IP trunks for connectivity to the PSTN and other enterprise IP networks and endpoints:
• Reduce costs, both capital and operating, by eliminating media gateways and TDM voice trunks, while collapsing applications on existing data network
• Simplify operations by transferring media gateway and PSTN interconnection management to a service provider
• Accelerate provisioning and deployment as IP interconnects can be provisioned in days as opposed to months
• Enhance operations with flexible routing policies that provide cost effective call termination, disaster recovery and business continuity
• Improve quality by eliminating unnecessary IP-to-TDM-to-IP conversions and exploiting high fidelity codecs
• Enable new services and applications that require end-to-end IP connectivity such as interactive video, presence, instant messaging, multimedia collaboration and unified communication
Acme Packet’s Net-Net® SBCs are designed to satisfy the critical security, application reach
maximization, SLA assurance, cost optimization and regulatory compliance requirements to enable IP trunking for enterprises.
6
Applications
Enterprises are connecting their VoIP networks to service providers and other organizations using IP as opposed to costly TDM hand-offs for a variety of cost-saving applications, including:
• PSTN termination or origination • Enterprise VoIP peering
• Hosted services – call recording, conferencing, contact center • Regulatory services –emergency services, lawful intercept
Challenges
Connecting IP PBXs to service providers’ networks using IP trunks introduces challenges and unique requirements for building a trusted border between the enterprise and service provider. Some of the critical capabilities required at this border include:
• Security – hiding and protecting network resources and user information from attack and misuse • Application reach – exchanging traffic across heterogeneous networks with differing or
conflicting network characteristics such as IP addresses, signaling and transport protocols, codecs, encryption, etc.
• SLA assurance – handling latency sensitive traffic with high priority and maintaining network availability and high service quality during abnormal busy periods
• Cost optimization – routing calls in cost effective manner and capturing session data for accounting and traffic management and planning
• Regulatory compliance – enabling emergency service routing and call recording in order to comply with government regulations for VoIP
To overcome these challenges enterprises and services providers are deploying SBCs at both ends of the IP trunk. The SBC enables seamless communications across network borders between the enterprise sites and the service provider network. The SBC is used to mediate the differences in the various
7 Acme Packet’s Net-Net family of session border controllers, multiservice security gateways and session routing proxies enable the delivery of trusted, first-class interactive communications—voice, video and multimedia sessions—and data services across IP network borders. The brand name "Net-Net" reflects the role of these products in interconnecting IP networks to deliver these services and applications. Our Net-Net family supports multiple applications in service provider, enterprise, government and contact center networks—from VoIP trunking to hosted enterprise and residential services to fixed-mobile convergence. They satisfy critical security, service assurance and regulatory requirements in wireline, cable and wireless networks; and support multiple protocols—SIP, H.323, MGCP/NCS, H.248 and RTSP—and multiple border points—service provider access and interconnect, and enterprise access and trunking.
For enterprises and contact centers, our Net-Net product family enables the secure delivery of a broad range of interactive communications services and applications ranging from basic VoIP to Service Oriented Architecture (SOA)-enabled unified communications. It secures the borders to the service provider IP network, the private VPN connecting major enterprise or contact center sites and the Internet for connecting remote offices, teleworkers and callers to the contact center. It ensures interoperability of both legacy IP-PBX equipment and next-generation unified communications platforms such as Microsoft OCS and manages their traffic load and resource availability.
Products
All of our products—session border controllers (SBC), multiservice security gateways (MSG) and session routing proxies (SRP)—operate Acme Packet Net-Net OS. Net-Net OS offers extremely rich functionality in terms of architectural flexibility, signaling protocol breadth, control function and feature depth, carrier-class availability and manageability. It supports all five required border control functions – security, service/application reach maximization, SLA assurance, revenue and cost management and regulatory compliance. Net-Net OS operates on all of our hardware platforms - the Net-Net 2600, 3800, 4000 and 9200 series systems and Net-Net 4500 ATCA blade. Our software-only platform, Net-Net OS-E, is also supported on certified third party hardware platforms to satisfy the low-end performance, capacity and price requirements of enterprises and contact centers. Our products, which also include our Net-Net EMS and SAS management tools, help service providers, enterprises, governments and contact centers throughout the world to successfully deliver trusted, first-class IP communications.
Acme Packet products by platform
Acme Packet Net-Net product family
delivers trusted, first-class
8
Net-Net OS-E
Net-Net OS-E is a software-only, integrated session border controller (SBC) platform for Acme Packet-certified third-party servers. The server options available provide enterprises, contact centers and Acme Packet partners with the flexibility to choose a system that best matches the performance, capacity and price requirements of the service or application. Net-Net OS-E is also supported in Virtual Machine (VMware or Xen) operating environments.
Net-Net 2600
Our Net-Net 2600 platform delivers an integrated SBC configuration optimized for enterprise and contact center applications. The 1U Net-Net 2610 and 2U Net-Net 2620 are Acme Packet-supported Intel quad-core servers operating Net-Net OS-E. They provide all of the critical controls for delivering trusted, first class interactive communications—voice, video and multimedia sessions—across IP network borders.
Net-Net 3800
The Net-Net 3800 platform is our integrated SBC solution for smaller service providers, government defense and security–focused agencies, small enterprises and smaller sites within larger organizations. The Net-Net 3800 and all higher capacity platforms feature Acme Packet’s custom hardware design tightly integrated with Net-Net OS to satisfy the most critical infrastructure security requirements. Net-Net 4000
This carrier-class platform is the industry’s most widely deployed session border controller, delivering unmatched capabilities in a 1U form factor. Comprised of two distinct models, the Net 4250 and Net-Net 4500, the Net-Net-Net-Net 4000 series offers extremely rich functionality, architectural flexibility and signaling protocol breadth, and satisfies all of the performance, capacity, availability and manageability
requirements of service providers, enterprises, government organizations and contact centers. Net-Net 9200
Our next-generation platform offers our highest levels of performance, availability and capacity to service provider and large enterprise VoIP/UC deployments in a single 7 RU hardware chassis-based system. The multiprocessor Net-Net 9200 platform, in SBC configurations, also supports transcoding and transrating for a wide selection of wireline and wireless codecs.
Net-Net 4500 ATCA blade
9
Mission
Acme Packet enables the delivery of trusted, first-class interactive communications—voice, video and multimedia sessions—and data services across IP network borders. Our Net-Net family of session border controllers, multiservice security gateways and session routing proxies supports multiple applications in service provider, enterprise and contact center networks—from VoIP trunking to hosted enterprise and residential services to fixed-mobile convergence. They satisfy critical security, service assurance and regulatory requirements in wireline, cable and wireless networks; and support multiple protocols—SIP, H.323, MGCP/NCS, H.248 and RTSP—and multiple border points—service provider access and interconnect, and enterprise access and trunking.
Markets
Our Net-Net family supports multiple applications in service provider, enterprise and contact center networks—from VoIP trunking to hosted enterprise and residential services to fixed-mobile convergence. For enterprises and contact centers, our Net-Net product family enables the secure delivery of a broad range of interactive communications services and applications ranging from basic VoIP to Service Oriented Architecture (SOA)-enabled unified communications. It secures the borders to the service provider IP network, the private VPN connecting major enterprise or contact center sites, and the Internet for connecting remote offices, teleworkers and callers to the contact center. It ensures interoperability of both legacy IP-PBX equipment and next-generation unified communications platforms such as Microsoft OCS and manages their traffic load and resource availability.
Financial highlights
Total revenue (US$ in millions)
