Voice Over IP and Unified Messaging

The BlueCat Advantage Voice over IP (VoIP) and Unified Communications depend on secure, scalable DNS and DHCP service. Without a highly available IP infrastructure, all data services including IP telephony, will fail. BlueCat Networks’ industry-leading VoIP infrastructure provides: Dial-Tone reliability for critical DNS and DHCP services Advanced end-user authentication with LDAP/RADIUS/Active/Directory/Kerberos Advanced ENUM and NAPTR management and support Firmware distribution and management using built-in TFTP server Improved quality of service (QoS) beyond the switch and router

VoIP and Unified Messaging Challenges

Enterprises are moving towards Voice over Internet Protocol (VoIP) and Unified Communications (UC) in corporate networks because of its many benefits, including a) substantial cost savings by using the internet to bypass long distance tolls, b) implementing advanced applications such as unified messaging and presence, and c) improving employee collaboration and productivity. VoIP and Unified Communications Applications are poised to become the dominant form of communications within enterprises, replacing traditional circuit switched telephony technology. Enterprises must ensure there networks are secure, scalable and reliable; dial tone reliability is paramount.

VoIP and Unified Communications applications provide numerous challenges for enterprise networks. All VoIP handsets require IP addresses to send and receive data over the network; in most cases, deploying VoIP will double IP allocation requirements overnight. Traditional DHCP services offered on a switch or router do not address the issues of failover, centralized management, firmware management or management of custom vendor options. Furthermore, services offered on call managers and media servers are rudimentary at best, lacking adequate service level guarantees.

Adoption of VoIP brings with it numerous potential risks that must be addressed to maximize benefit and minimize risk exposure. Today, compromising your legacy phone system means someone has to physically cut the line to your PBX or gain access to the physical phone network. This is no longer the case with VoIP. Modern messaging protocols such as SIP remove call functions from the circuit switch (PBX) and place call management (setup, teardown) at the VoIP endpoint; greatly increasing an organization’s exposure to risk. Like your data network, your phone system is now vulnerable to Viruses, Trojans, Hijacking, Spoofing, and Denial of Service Attacks. A defense-in-depth strategy is required, yet this strategy can not come at the cost of serviceability and QoS. Legacy solutions are not a survivable solution.

How Are Solutions Delivered Today?

As organizations build out their VoIP and Unified Communications capabilities there are a number of options. Many enterprises choose to purchase standard server hardware and then install either Linux or Windows with DHCP, DNS and TFTP Services. Other methods might include deploying DHCP on switches and routers, then deploying separate TFTP services. These solutions have several problems:

Platform Management

Organizations must spend time and money to build, manage, update and service heterogeneous platforms that are often susceptible to OS level vulnerabilities, Denial of Service Attacks, RootKit attacks, Virus’s and Trojans which can lead to service outages. Managing and protecting these distributed servers is time consuming, costly and complex.

Difficult to Provision Distributed Services (WAN-based)

When provisioning VoIP services, many separate servers must be used to provide DHCP, TFTP, DNS, in addition to the IP-PBX (call manager). Each server must be separately managed and configured.

Protection Against Network Level Threats

When providing VoIP and unified communications, authentication is an important step in maintaining a defense in depth strategy. Users need the ability to authenticate with RADIUS/LDAP/AD/Kerberos prior to gaining an IP lease from DHCP. This necessitates an additional server that must be managed. Additional security is required to protect call managers, media servers and proxies against viruses and other threats that can shut down your telecommunications.

Device Management and Firmware Upgrades

Establishing secure and reliable TFTP services is important yet typically overlooked. When a device logs into the network it must be able to download its configuration from a TFTP server. If a device is unable to obtain these files, it can not contact the call manager (IP-PBX). Furthermore, when new phone software is available, organizations need a way to centrally manage the dissemination of these updates using TFTP.

Maintaining Dial Tone Reliability

Organizations deploying VoIP and unified communications are reliant on their DHCP, DNS and TFTP to provide 5’9s of availability. Configuring highly available DHCP, TFTP and DNS on Windows, Linux or switches is problematic and in some cases not possible. In the event of a DHCP or DNS failure, users must have uninterrupted service. Organizations must take steps to guarantee dial-tone reliability.

Audit and Control

As organizations look to comply with external regulations governing corporate communications, it becomes increasingly important to track network access by providing adequate logging and audit controls. Existing legacy solutions do not provide adequate control to drive compliance.

The BlueCat Approach

BlueCat Networks provides an integrated approach to VoIP. Using Adonis DNS/DHCP appliances, organizations can rapidly improve network scalability, reliability and ease of use without compromise to security or high availability. Delivered as a purpose-built appliance, Adonis fits easily into existing corporate networks and provides the following benefits:

Purpose-Built Secure Appliance Architecture

All Adonis appliances are purpose-built to specifically provide secure and reliable DNS, DHCP and TFTP services for enterprise environments. With a hardened operating system and built-in firewall, organizations can provide secure and reliable service using a defense in depth strategy.

Centralized Management

Regardless of the size of the VoIP network, Adonis simplifies the management of VoIP and Unified Communications. Experienced and novice administrators will benefit from BlueCat’s wizard-driven setup and deployment with built in error checking. No matter how many servers are deployed, DNS, DHCP and TFTP services can be remotely managed, saving organizations significant time and money. Adonis appliances also provide advanced support for ENUM.

Firmware Management

Adonis provides built-in TFTP services to enable organizations to manage boot software on VoIP handsets. This service can also be used to rapidly deploy software upgrades across enterprise VoIP deployments. Adonis makes this easy with centralized management and deployment for all updates.

TCO and ROI

Adonis enables organizations to focus on driving business rather than provisioning infrastructure. With BlueCat, organizations can simplify the management of your VoIP environment while lowering TCO and improving network reliability and usability.

End-Point Authentication

Adonis provides support for a variety of authentication schemes including RADIUS/LDAP/AD/Kerberos.This enables organizations to rapidly implement management authentication which helps prevent a variety of VoIP specific threats.

Disaster Recovery and Local Survivability

Even if an organizations WAN becomes inoperable, Adonis’ built-in High Availability and automated failover guarantee uninterrupted service. This is pivotal to keep remote office and call center services running.

How Does Adonis Work in a VoIP Enabled Network?

Network Running DHCP and DNS

VoIP Sample Topography

Even if the WAN becomes inoperable, Adonis’ built-in High Availability and automated failover means uninterrupted service.

Return to top