Enterprise Session Border Controller (E-SBC) used by Enterprise have special needs
The Enterprise SBC or E-SBC you choose is critical to real-time video and voice services. These services are mission-critical for business and service assurance. Voice must meet the 99.999% availability threshold. Dropping any call is unacceptable and the audio listening experience must be impeccable or you can loss valuable information that will reduce selling opportunities and/or cause support frustration. While increasingly video is becoming critical to daily needs in customer support, sales and operations.
Teraquant understands that Enterprise networks exist to serve evolving and unique business needs. This is why our approach to solution starts by removing vendor dependencies from your network. This frees you to use best in class components and to make incramental changes. With this in mind we work with you to simplify the network to optimize performance while we better align it with your evolving business needs. We focus on reducing risk while enabling proactive issue prevention and if you have a problem we ensure you have the industries best issue isolation and fastest resolution.
What’s New for Enterprise SBC (E-SBC)
Here are a few examples of the new ways we can help with E-SBC selection and deployment for your changing Unified Communication (voice, video and data) network needs. We can help address business driven real-time network needs regardless if the needs are: On premise, UCaaS, multi-cloud, hybrid UCaaS, or adding remote users.
Virtual SBCs using Session Border Controller Network Function Virtualization (VNF) is gaining momentum in traditional and cloud-based UC Networks. It enables them to rapidly introduce innovative services and also to more efficiently utilize cloud infrastructure resources.
- Network functions virtualization (NFV) is a network architecture concept that uses the technologies of IT virtualization to virtualize entire classes of network node functions into building blocks that may connect, or chain together, to create communication services.
- Oracle Communications Session Border Controller VNF deployments require configuration of the virtual machine environment and of the SBC itself. The user can consider SBC configuration as separate from VNF configuration.
- The Oracle Communications Session Border Controller VNF version is suited for deployment by a virtual machine manager. Oracle provides virtual machine templates specific to the hypervisor over which the product is deployed. Oracle hypervisors implement Non-Uniform Memory Access (NUMA) topology rules to automatically enforce such placements.
- Oracle VNF hardware platforms have built in optimizations related to VM placement. Users should ensure that VMs requiring high media throughput are optimally placed by the hypervisor, so that traversal of cross-domain bridges, such as QuickPath Interconnect (QPI), is avoided or minimized.
Click image to view Hypervisor CPU Pinning Diagram
Virtual SBC CPU Pinning
When using Zoom as your cloud connected UCaaS, a certified E-SBC is critical. Some important reasons to use an Acme Packet E-SEC include:
- Acme Packet E-SBCs have had extensive testing with Zoom
- Acme Packet is the number #1 Carrier recomended E-SBC
- Only Acme Packet offers net-safe architecure to hide netowrk topology from hackers and add advance algorithms to provide security against real-time Denial of Service (DoS) attacks.
- It has integrated SIP Probe for real-time monitoring to and from Zoom
- Is uniquely designed to securely add real-time remote site and virtual users
- Compatable with 128T Session Smart™ Router – replace MPLS with ISP
When using MS Teams as your cloud connected UCaaS, a certified SBC or E-SBC is critical. Some important reasons to use an Acme Packet E-SEC include:
- Acme Packet E-SBCs are Ceritified for MS Teams Direct Routing
- Acme Packet is the number #1 Carrier recomended E-SBC
- The only E-SBC offering net-safe architecure to hide netowrk topology from hackers and add advance algorithms to provide security against real-time Denial of Service (DoS) attacks and stop malformed IP or SIP packets
- Has integrated SIP Probe for real-time encrypted monitoring to and from MS Teams
- E-SBC is uniquely designed to securely add remote site and virtual real-time users
- Compatable with SD-WAN or Session Smart™ Router – replace MPLS with ISP
Acme Packet E-SBC gives you max flixibility for on premise IP-PBX with UC or clould based UCaaS or use media bypass for hybrid solutions to get the best of both options. Some other important reasons to use an Acme Packet E-SEC include:
- Acme Packet E-SBCs has proven interoperability with on premise and hosted VoIP
- Acme Packet is the number #1 Carrier recomended E-SBC
- Is the only E-SBC that provides security against real-time Denial of Service (DoS) attacks and stops malformed IP or SIP packets
- It has an integrated SIP Probe for real-time encrypted monitoring of any VoIP network.
- It is uniquely designed to securely add remote site and virtual users
- Compatable with 128T Session Smart™ Router – replace MPLS with ISP
Teraquant E-SBC Services
Teraquant helps you see the UC Network you are building End-2-End, decoupled from the vendor network elements. This allows us help you eliminate vendor dependencies. This frees you to use best-in-class network elements, achieve full interoperability and it improves your solutions’ capabilities and performance. No finger -pointing. We give you clear visibility to troubleshoot, optimize and assure your service. We proactively monitor to prevent or isolate the issue from the service and protocol/control layer. With Teraquant services, you always have informal access to the technical specialists and friendly hands-on support. We help you troubleshoot any problems in your environment, on your hardware, interworking with your other vendors devices. And when needed, our user training is always customized to your specific Learning needs.
- Traffic, KPI & Quality Reporting
- Audio Quality Monitoring
- Fraud Detection and Prevention
- Analysis of TLS & SRTP
- Stop Robo-Calling
- Predictive Failure Anticipation
- Regulatory Privacy Compliance
- Configure High-Availability SBC
- Optimize Network TNT
- Test Header Manipulation Rules
- Setup Signaling Encryption (TLS)
- Route Based on Policy, Time of Day
- Transcode for best Listening Quality v BW
- Ensure 911 Compliance
- Rationalize Dial Plan Digits in ECB
- Understand all SBC/ECB concepts
- SIP we expect to see ‘on the wire’
- Basic SBC & ECB Troubleshooting
- HMR Realms v Service Agents
- Advanced Routing
- Define TLS & SRTP ciphers to use
- Custom designed for your learning needs
- On-site or delivered remotely
- Direct Routing & Microsoft TEAMS
- Remote Staff into Corp. UC Services
- Integration of 3rd party solutions
- Media Bypass for Best UX with cloud UC
- Software upgrades to infrastructure
- Integrate your existing vendors
- Hybrid Cloud – best of both worlds
- Support Apps on your HW, in your network
- Troubleshooting to root cause
- Goes beyond that offered by vendor
- Friendly, proactive, explaining, approachable
- No Finger Pointing
- 24 x 7 days – rapid response
- On-site or delivered remotely
E-SBC Product Offerings
ACME Packet E-SBC from Oracle
ORACLE ACME Packet E-SBC Key Features
Only Oracle E-SBC offers net-safe architecure to hide netowrk topology from hackers and add advance algorithms to provide security against real-time Denial of Service (DoS) attackes.
Defense against Denial of Service (DoS) Attacks
Securely Connect Networks & Users of Varying Trust Levels
DoS protection is one of the unique features found in the Oracle Acme Packet SBC.
The Oracle Acme Packet SBC is the only SBC with sophisticated machine learning algorithms working at line rate to dynamically classify packets and block DoS – while it enables trusted communications to flow. The SBC will detect a suspect Telephony DOS attack in real-time and automatically throttle it down. The attacker’s thread is placed in a queue with the lowest priority for CPU utilization. CPU and other SBC resources are prioritized for trusted flows. If the profile of the attack increases the evidence that it is intended mischief, all packets from that source will be dropped.
During a Denial of Service (DoS) attack the Oracle SBC implements Deep Packet Inspection (DPI) to further assess the suspect nature of the traffic. Eventually, that traffic source will be placed in the Bit Bucket where the source of the SIP request gets no response of any kind. You can verify this by using traces too see that zero response is given back to the perpetrator.
Here the hacker tries to send malformed IP or SIP packets towards your network with the hope that your SIP protocol stack breaks down and goes into some race condition or overload condition unable to interpret the SIP packet sent to it. The Oracle SBC knows SIP rather well after 20 years in existence. Any legitimate SIP implementation not recognizable or not part of any interoperability test program or certification is recognized as a fuzzing attack. The Back-To-Back User Agent (B2BUA) nature of the Oracle SBC prevents fuzzing attacks penetrating into your network. Incorrect and recognized implementations are ignored, and only legitimate SIP transactions and dialogues are regenerated into your internal private network.
A Back-To-Back User Agent (B2BUA) also does topology hiding which prevents any details of your internal network being visible to the outside and therefore stops reconnaissance scans of your internal IP telephony assets.
The Oracle Acme Packet SBC enables secure reachability from users outside your network, on a public network such as remote workers. It:
- Monitors end-point behavior and dynamically assigns trust levels
- Applies access controls to all communications traversing network borders
- Prevents malicious reconnaissance
Protection of privacy has 2 parts:
Acme Packet E-SBC protects privacy with encryption. Encryption ensures communications flow cannot be intercepted. Strong encryption also prevents media injection and man in the middle interception. The Oracle Acme Packet E-SBC offers a wide range of cipher suites with varying levels of complexity versus resource overhead to provide you with the correct level of privacy for your communications. The SBC controls and polices your privacy policies for all traffic on your enterprise network. The government uses Oracle SBC for the most sensitive of applications. Accordingly, Oracle SBC’s are certified for US government FIPS and JITC compliant Tamper-proof administrative security.
Strong Authentication means the identity of the parties in the conversation have been identified by an independent authoritative third-party. This is not only assists protection against man in the middle attacks but also achieves non-repudiation.
Non-repudiation refers to a situation where a statement’s author cannot successfully dispute its authorship or the validity of an associated identity or contract.
Teraquant integrations can go beyond the E-SBC to add in Zero Trust Security to prevention theft of personal and confidential information including any Personally Identifiable Information (PII). Teraquant offers Secure Vector Routing (SVR) technology in our Session Smart™ Routers to add a much-needed layer of security. This security is separate from the security provided by services, applications, and server-farms within your enterprise.
IP Communications allows hackers to launch a vast array of Security Threats at an extremely high rate. Install an IP address on a public network interface and within minutes, bad actors will attempt to break in with SIP or fuzzing attacks. If the hacker detects any clue that a SIP entity/application sits behind that IP address he will persist with continuous attacks, draining your resources at the very least and often causing total Chaos.
Security vulnerabilities allow attackers to inflict 3 categories of damage on you and your clients:
- Denial of Service – clogging resources, preventing legitimate users from accessing them
- Privacy breach – theft of confidential information or interception and recording of private conversations
- Telephony VoIP Fraud – misuse of your telephony assets & infrastructure to divert income to the fraudster by incurring stolen costs on you, the enterprise
STIR (Secure Telephony Identity Revisited) and SHAKEN (Secure Handling of Asserted information using toKENs) are the frameworks that promise to prevent the completion of illegally spoofed calls.
Such attacks are pervasive, frequent, persistent and most often these days, go undetected if sophisticated countermeasures are not implemented to detect them. Such attacks often result in lost revenue and productivity to you and a poor experience for your customers. They also create compliance violations and damage to your brand image.
Teraquant offers advanced integrated solutions to SIP/VoIP Fraud Prevention and we can implement robocall prevention with STIR/SHAKEN that works with your SBC.
Getting 99.999% Reliability
Seamless protection against link or equipment failures
The Oracle Acme Packet SBC is the only SBC to provide total failsafe service protection delivering Carrier-class reliability.
What does failsafe service protection mean? It means protection in the event of failure of any device, link or network:
- Zero impact to user experience.
- No calls are ever dropped,
- No media flows are disrupted
- Media streams are never orphaned or abandoned after a call
- All call control features continue to work (Hold, Transfer, Conferencing, etc.)
- No loss of accounting charge-back data
- Optional TDM Back-up – Protection against SIP network failures
- Onboard Registrar – Registration off-load & Protection against WAN outage
Benefits of Session Border Controllers
- Upon the End-of-Life of ISDN PRI and BRI circuits, SBC’s allow you safe migration to lower costs and more flexible SIP trunking services.
- Freedom from any vendor dependence, allowing you to exploit best-value products and services.
- Ensure your enterprise and network is solidly protected from unauthorized free usage of your network assets, misappropriation of telecom resources and access to confidential conversations.
- Simplify Network Operations by integrating multi-vendor systems and achieving interoperability.
- Provide communications reliability, robustness and automated failover.
- Increase business agility by Improving employee collaboration and remote working.
- Accelerate real-time decision making.
- Controlling costs by using existing IP investments, enabling future IP communication needs, decreasing Capital and Operational Expenses and reducing deployment risks.
- Call Routing Interoperability Media Security
- Least Cost Routing Interoperability with SIP trunks Media Off-load/Release Header Manipulations Rules (HMR); eg: Topology hiding.
- Dial Plan Harmonization
- Protocol Conversion [SIP ⇔ H.323]
- Quality of Service [QoS] Access Control Lists [ACL]
- Automatic use of local call tariffs
- DTMF internetworking
- RFC 2833 ⇔ In-band G.711
- G.726; G.729A/B; G.722
- AMR, AMR-WB, G.723.1, iLBC & T.38.
- DDoS protection
- Registration Off-load IPv4 & IPv6 internetworking
- Fax internetworking
- T.30 (G.711 Fax internetworking in-band tones) to T.38
- SIP-TLS + SRTP MIKEY
- iPsec IKEv1
- IPsec IKEv2
- IPsec manual key
- Hosted NAT Traversal
- Safely allow inbound calls to DID
- IPv4 & IPv6 internetworking
- Bandwidth efficiency and optimization
- Comfort Noise generation
- Silence suppression
- SIPREC: Media Recording
- Wire- rate multitasking real-time performance.
Teraquant is proud to offer you two different vendors of Session Border Controllers to meet your specific needs.
For large-scale telcos/communication service providers and Enterprises, we supply the Oracle Communications (formerly Acme Packet) SBCs, which are the industry leader and most highly regarded devices for carrier-class communications.
For budget-sensitive applications, where a full set of features and carrier-class performance is required, the Frafos is unmatched. Frafos is produced by engineers that contributed to the very origins of VoIP/SIP. Headquartered in Berlin, Germany, Frafos is privately held by a founding team of young and seasoned entrepeneurs with Fraunhofer Institute pedigree.
The Fraunhofer Institute has researched and produced many leading communications technologies, for example including the MP3 codec.
Frafos innovates, virtualizes and secures telephone infrastructure with next-generation Session Border Controllers, WebRTC gateways and service assurance solutions, with a market focus on Tier 2 and 3 operators, Enterprises and the public sector.
First SBC deployment in 2012, and first WebRTC in 2013.
Choose the vendor that can grow beyond your needs. The Oracle SBC software is common across all hardware platforms. The high-end 6350 scales to 160,000 concurrent call sessions. These are Media sessions – one chassis and 16,000 sessions per VNF. The Oracle SBC is used in 90% of the largest 100 Telco’s. It meets scaling requirements for the largest voice networks in the worldwide.
IETF SIPREC protocol reduces cost and complexity
The Oracle SBC solution conforms with the RFC SIPREC specification which improves customer choice and flexibility by enabling interoperability across recording systems sourced from different vendors.
Oracles adherence to the IETF SIPREC implementation brings flexibility to support a range of network resiliency features. It can be deployed on a pair of SBCs in high availability configuration, leveraging Oracle’s unique active-active HA to ensure recordings are not affected by a fail-over condition. In addition, redundant SIPREC sessions can be established between a recording client and multiple recording servers to ensure recordings are not affected by a server failure. The protocol can also load balance sessions across multiple recording servers and the E-SBC and ISR can be configured to not accept an incoming call, if a recording resource isn’t available to record it.
- Efficiently copies communications sessions centrally
- Eliminates costly ACD licenses, mirrored ports and other infrastructure
- Copies any call segment and copies sessions to multiple servers
- Highly flexible, scalable and reliable
- Provides access to session at ingress
- recording can be enriched with metadata
- Enables monitoring of entire customer experience (IVR, etc.)
Teraquant Solution Services will address your needs but they won’t bust your budget
As an example we can connect your on premise PSTN into MS Teams and MS 365. We can also help define E-SBC solutions for hybrid cloud or on premise SIP only networks with or without SD-WAN.
Other examples of projects relating to Session Border Controllers SBC’s
- Migration to virtual SBC
- connecting SIP trunks and verifying interworking
- advising, building and testing Header Manipulation Rules (HMR’s)
- setting up High availability
- upgrading software and hardware
- managing migrating through end of support product
- SIP REGISTER off-load
- Configuring Telephony Denial of Service (TDOS) attacks prevention
- Advanced Routing table set-up e.g. Least cost Routing, Routing by Codec
- Fraud protection
- anti-Robo calling via STIR/SHAKEN
- Configuring for NG9-1-1 data center for example, ESQK (Emergency Services Query Key)
The most frequent Form of telephony fraud is International Revenue Share Fraud [IRSF]. This type of telephony fraud typically involves illegitimate automated generation of outbound calls from your infrastructure to expensive destinations. Such destinations include:
- International Premium Rate Numbers (IPRN)
- Premium rate numbers in the Caribbean
- Traffic pumping to domestic destinations offering for example, free conferencing services
All these fraud scenarios start with assessing vulnerability to gain access to your PBX infrastructure and generate outbound calls. If you have users located outside your enterprise telephony infrastructure, SIP registrations are permitted from these outside locations into your PBX based on user credentials or loopholes in your voicemail servers or via the management port of your PBX.
Your Oracle Acme Packet SBC can be used to block such outbound calls based on detection algorithms or black lists which block known fraudulent destinations. Teraquant offers integrated solutions to work with you SBC to enable the most sophisticated fraud prevention including a worldwide blacklist comprised of over 2 million IPRN numbers giving you immediate fraud prevention at your SBC. It also comes with ongoing updates to continuously update your fraud prevention. We also offer a STIR/SHAKEN or robo-call prevention add-on.Learn More
Streamline and enhance the Contact Center Experience
The SBC is the ideal location to perform centralized functions of the call center such as call recording and voice biometrics and DTMF transcoding and PCI compliance solutions. Music on Hold provided from the SBC gives an immediate and responsive customer experience. Centralized management of situations in a secure environment provide the lowest cost operations costs and optimized security.
Here are some of the recent enhancements to Oracle Acme Packet SBC which enhance the customer experience in your contact center
- REFER support reduces take-back-and-transfer fees
- Transcoding reduces bandwidth costs
- Encryption protects connections to home agents and BPO services
- SIPREC interface simplifies call copying infrastructure
Oracle SBC Delivers Highest Possible Call Quality
The Oracle E-SBC uniquely and continuously measures voice quality/MOS and Dynamically Routes Sessions based on the observation of QoS for each route. This smart detection approach enables it to optimize user experiences by selecting the highest performing network for each session.