Sales Tool - Primer

Avaya Session Border Controller Advanced for

Enterprise with Remote Worker
Introduction
Many enterprise networks today support remote Session Initiation Protocol (SIP) users with a Virtual Private
Network (VPN) host arrangement. This approach can be costly and does not truly secure applications.
Because the VPN tunnel creates an environment in which the remote client becomes an extension of the private
enterprise network, malware, viruses, etc. that exist on the remote client may be allowed into the corporate
network right along with valid application traffic.
As one of its key features Avaya Session Border Controller Advanced for Enterprise provides superior security
across untrusted networks by using encryption and by applying granular security polices to all traffic to and from
the remote registered users.
While many enterprises have not deployed SIP in their networks due to cost, resource constraints and other
factors, most still have growing requirements for remote worker applications. The Virtual Private Network-less
remote worker can still help by providing cost-effective and highly secure remote worker environments.
Avaya Session Border Controller Advanced for Enterprise allows you to implement measures to help ensure
remote users communicate securely and safely without losing the unified communications benefits of an office
based employee. Our Session Border Controller Advanced for Enterprise can help you:

Define and implement strong unified communications policies.

It can help you define these policies as well as enforce them based on network, user, device, and time-of-day.

Session Border Controller Advanced for Enterprise can also:

Integrate with existing infrastructure for strong access control - by authenticating Remote Users and devices against
existing authentication, authorization, and accounting servers.
Maintain signaling and media privacy - traffic that passes over an untrusted network is susceptible to reconnaissance
activities such as sniffing and eavesdropping attacks. Encryption, using Transport Layer Security for signaling traffic and
Secure Real-time Transport Protocol for media traffic, must provide privacy without compromising performance.
With the Avaya Session Border Controller Advanced for Enterprise appliances, your internal phones, media gateways,
conference bridges, and call servers do not require upgrades to support encryption as encrypted traffic is terminated from
the Internet and unencrypted data is streamed to the private enterprise intranet.
Provide and monitor voice and video quality - real-time Avaya Session Border Controller Advanced for Enterprise
appliances offer deterministic performance with delays for media packets measured in hundreds of microseconds (even
when encryption is involved and call volume grows) while reporting VPN quality metrics such as latency and jitter.
Simplify firewall/Network Address Translation traversal - employee home routers and Wi-Fi hotspots, generally not
under the control of enterprises, must have a security appliance in place in their enterprise demilitarized zones to solve
far-end firewall/ Network Address Translation traversal issues. Our solution simplifies near-end Network Address
Translation traversal using static rules that do not require updates when changes occur in the enterprise VPN.
Mitigate threats can detect thousands of attacks and security threats based on the most advanced library of
vulnerabilities.

Avaya Inc. Proprietary and Confidential.

Use pursuant to the terms of your signed agreement or Avaya policy.

Sales Tool - Primer

Solution Overview
The diagrams below show the overall network architecture for this featuring several remote working scenarios.
The endpoints and Internet Protocol Private Branch Exchange (IP-PBX) remain generic so that they can be deployed
with a variety of appliances (see the Endpoint IOT List in Appendix A and the PBX IOT list in Appendix B).
Key differentiators include:

Encryption

Policy Enforcement

Signature-based Intrusion Detection System/ Intrusion Prevention System

User friendly graphical user interface and install wizards

Encryption:
The encryption of signaling with Transport Layer Security and media with Secure Real-time Transport Protocol is essential
to provide a more secure remote worker. The endpoints must support Transport Layer Security and Secure Real-time
Transport Protocol for this to work. Proper encryption certificate validation methods are supported for multiple end points.
Trust certifications that provide validation of the certificate by the endpoint is currently supported in the Avaya one-X 96xx
desk phones. This capability will be added to the Avaya one-X mobile communicator and The Avaya Flare Experience SIP
clients in the future.
Policy Enforcement:
Robust and granular policy control is an important capability of the Avaya Session Border Controller Advanced for
Enterprise. It is what allows the enterprise to control things such as international calling rules, codec enforcement, media
streams rules, call volume and time-of-day restrictions.
The diagram below shows the basic remote worker architecture with the Avaya Session Border Controller Advanced for
Enterprise in the demilitarized zone between the internal and external data firewalls. On the left side of the diagram the
private enterprise network consists of the endpoints and the IP-PBX call server. On the right side of the diagram the remote
worker endpoints are coming into the demilitarized zone from the internet (an untrusted network).

Remote Worker Architecture Avaya Session Border Controller Advanced for Enterprise

Avaya Inc. Proprietary and Confidential.

Use pursuant to the terms of your signed agreement or Avaya policy.

Sales Tool - Primer

These remote endpoints register to the Avaya Session Border Controller Advanced for Enterprise securely (with Transport
Layer Security / Secure Real-time Transport Protocol if they support it) and the Avaya Session Border Controller Advanced
for Enterprise proxies them to the call server which is sitting behind the demilitarized zone in the enterprise core (a trusted
network). This provides a highly secure approach extends the unified communications environment to enterprises for SIP
clients on mobile devices, smartphones, tablatures, laptops and desktops as well as teleworker hard phones.

Remote Worker With SIP Trunks

The diagram above shows the remote worker solution in an enterprise that has converted to SIP trunks for their voice
communications with the outside. The remote worker endpoints are registering over the internet to the Avaya Session Border
Controller Advanced for Enterprise in the demilitarized zone. While at the same time the Avaya Session Border Controller
Advanced for Enterprise (or a separate Session Border Controller) is providing Session Border Controller SIP trunk
functionality. Note that the cloud shown to depict the SIP trunk service provider could either be an internet connection or it
could be private IP (Multiprotocol Label Switching).
Avaya remote worker can often be deployed, even if the client has not yet deployed SIP trunks. In the diagram at the top
of page 4, the IP-PBX communicates with a router/gateway that is equipped with Time-division multiplexing (TDM)
interfaces to connect to the carrier for voice trunking. The endpoints in the enterprise core (on the left side) may or may
not be SIP endpoints.

Avaya Inc. Proprietary and Confidential.

Use pursuant to the terms of your signed agreement or Avaya policy.

Sales Tool - Primer

Remote Worker With Time-division multiplexing Trunks

The diagram below shows a very common scenario. Even when SIP trunks are deployed, many enterprises will keep a few
TDM lines in the form of a primary rate interface or several telephone service lines to facilitate the fax, alarm and elevator
lines and for emergency backup Switched Telephone Network connectivity. In this diagram, SIP trunks are supported (along
with the remote workers) by the Avaya Session Border Controller Advanced for Enterprise in the demilitarized zone while at
the same time the IP-PBX can route calls to the router for TDM access.

Remote Worker with both SIP and TDM Trunks

Remote Worker Avaya Session Border Controller Advanced for Enterprise Pricing Example
Please visit the Quoting and Ordering guide for various pricing examples and ordering assistance.
Posted here http://portal.avaya.com/ptlWeb/products/P0997/OrderingInformation

Avaya Inc. Proprietary and Confidential.

Use pursuant to the terms of your signed agreement or Avaya policy.