UCStrategies Experts Discuss SBCs
By Russell Bennett
12 Oct 2011
0

In this Industry Buzz podcast, the UCStrategies Experts discuss session border controllers (SBCs).

The discussion is moderated by Russell Bennett, and includes Marty Parker, Jon Arnold, Steve Leaden, Samantha Kane, Dave Michels, and Art Rosenberg.

Russell Bennett: Hi, everyone, this is Russell Bennett from UCStrategies. Today I'm hosting a podcast on the session border control market, which is under fairly significant transformation. This is a very large and complex topic and we can probably talk for hours on this, each of us. However, the piece of news that's brought this to the forefront this week is the announcement that Avaya is acquiring Sipera, which is a security and SBC company. So what this actually means is that now all the leaders of the Gartner Magic Quadrant for UC have their own SBC technology: Microsoft, Cisco, Siemens, Avaya and Alcatel-Lucent. And some of the kind of secondary and tertiary players also have a security element.

So clearly, this is an admission that session border control or network edge security is critical for UC, and this raises just a host of points that we're going to try and cover today. I'd like to call first on Marty Parker.

Marty Parker: Thanks, Russell. I first want to express that it's just disappointing that we need session border controllers at all. The internet really is a disappointingly wild place from the view of security and behavior, so having said that bit of indignation, I'll just go on to say therefore they are necessary. Session border controllers are certainly necessary for the interface of any session, and usually that applies to a SIP-type session, to the internet. Now in our telephony world, not so much in the UC world, Unified Communication, but over in the telephony world they're primarily applied as the interface for session initiation protocol trunks, or SIP trunks. And again, it's a puzzle that the carriers, who have been trusted to provide secure T1 / B1 transmission for so many years really are no longer trusted by most enterprises to provide the sole interface to the network for SIP trunking. So most enterprises are finding, and recommendations from their IP telephony providers, that they should install a session border controller. It's seen really as part of the network infrastructure. The application, the IP PBX is delivering voice and media and signaling into the network, in through switches, in through routers, and then if it wants to go out through the edge it will use a session border controller for that interface - products like the Cisco Unified Border Element, the Cube and products like that are well known. As Russell said, everybody in the Gartner Magic Quadrant for UC has them. Also, the leaders in the corporate telephony magic quadrant all have it.

Since we have them, the big question is how is that market going to evolve? And clearly what's happening is that SBC functionality, the denial of service protections, the man-in-the-middle protections, the hidden protocol protections, all of those sorts of things are being done by very fast software. And they will over time be built into other products, whether it's routers or it's PBX gateway products, we're going to see those built in. And then over time we'll see another shift because in the end a SIP session or a connection to the internet should be part of, and most enterprises want it to be part of their integrated threat management. Because every enterprise of any size has some version of a threat management program for everything I've said about real time communications as well as all the non-real time communications. It's likely that those providers, Radware would be an example, who has already added SBC functionality into their threat management portfolio, will suggest to the IT infrastructure manager that there's no need for a separate product, "You can use our integrated threat management solution to manage this."

It's going to be a very rapidly developing world, I think, because software has that tendency. Certainly product releases will be the gating pace, but you can see the end from the beginning, that over time we will see SBC functionality built into integrated threat management tools and built into network infrastructure; not seen as a separate functionality of IP telephony. So I'll pass it back to you, Russell, thanks.

Russell Bennett: Thanks, Marty. Jon Arnold has a lot of experience in UC and network edge security. Jon, do you have any comment?

Jon Arnold: Thanks, Russell. That's a good entry, because there are a lot of questions to ask. I'm not a hard-core IT guy, but I've been following this SBC market from the very beginning and am very familiar with the kind of trajectory of the vendors that have come and gone. And of all the network elements in the IP space, SBCs are probably the least well understood. They're only just starting to get on the radar of enterprises now. Carriers have been following this path for a much longer period of time. But the reality is, as UC is coming along, as IP PBX is coming along, inevitably the need for SBC starts to become apparent for enterprises, because it's a necessary element to protect the network. That's really why it's there. Data-based routers, for example, don't handle voice very well. And that's really the problem - that the original sets of these protection pieces don't do the job where we're concerned, as far as voice, and UC, and real time communications goes. So that's given rise to this new category of SBC vendors.

All of this attention, especially as you said, was triggered by Avaya's move of buying Sipera last week. It really signals a shift in the marketplace that other vendors are following as well. And that is a bit of a pushback against Acme Packet, who has really come to dominate and own the SBC market. They've really emerged from kind of the swamp of all of the remaining vendors and are truly dominant in this space in ways that I can't think of any other vendor in any other market space. (The reason) why they're going down this route is because Acme can be expensive for a lot of companies. Enterprise isn't their core market, but they're going there in a big way, and there are just aggregated architectures out there that are suitable for all types of enterprises that want to separate the signaling in the media. So there are more solutions out there today. The big vendors want to have - they want to own this piece of the business, because their enterprise customers are starting to demand it now. And with fewer alternatives out there to Acme as a pure play, the big vendors are trying to add this to their portfolio. That's why Avaya had to do this to catch up with the other vendors.

Where that's interesting is, this is coming up against that best-of-breed argument. Initially, the telecom vendors, going back to Nortel, etc., were never able to develop SBC expertise, and they kind of lost that business to Acme and everybody else who was in the space at the time. But now it's pretty much Acme and everybody else. So they see this business as a growth opportunity, and they want to keep it, as much as they can, so they can retain ownership of the customer. So there's been a lot of incentive for the Avayas of the world to get this piece in-house, because it's too late now to develop that expertise internally.

Other vendors are doing interesting things as well. But let me hand this off to others, because I think there are a lot of people who want to get in on this conversation, and there are a lot of angles still to explore. But I'm really glad to hear that we're talking about it, because I think the Avaya news is really bringing it to the attention of people who follow what we're doing here at UCStrategies.

Russell Bennett: I agree. We're only able to scratch the surface in one 30-minute call. Let me hand over to Steve Leaden, who has a perspective on SBCs and the enterprise.

Steve Leaden: Thanks, Russell. A couple of quick talking points here, and I think it was really a Gartner report that I had read earlier in the year that really lead me to the conclusion that we really need some level of session border controllers at the enterprise level. There was some thought amongst the industry late fourth quarter last year, or third quarter last year in 2010, that were session border controllers really even needed at the enterprise level, knowing that most of the providers who are providing some level of SIP trunking, providing that session border controller in the cloud back to the enterprise? And then the analysis quickly turned around and said, can you really trust the provider, can you really trust the internet at all? So the market has really shifted to, at least when we work for the enterprise customer, and most of them being in the mid to larger space...we require it now amongst our bid process and our specifications as we go out to the vendor community to look. Again, it ensures that there is some level of security at the enterprise, interoperability, and service quality. Those are really the three themes that go into the SBCs.

So then when you quickly go forward and look at your financial analysis, and look at the inclusion of SBCs and SIP trunking compared with the legacy PRI and the traditional 800 and long distance costs, we've witnessed SIP trunking to drop a client's overall public network cost by as much as 40%, and on the average, at least 25%. So there are definitely some significant savings to be had here.

So to Jon and Marty's earlier points here and yours, Russell, what we have been seeing, though, and I think what is the big driver here is that Acme Packet, who has been definitely the pure dominant player here, and some of the others that are in the more traditional kind of hardware/firmware space, the cost per port can be pretty dramatic. So we have a client, as an example, that required 320 collective SIP trunking ports across two sites. When we looked at the traditional, more traditional legacy kind of established firmware/hardware vendor, that cost for the SBCs was $128,000, or $400 per port. When we started looking at soft kinds of driven SBCs, i.e. the Siemens of this world, the Ciscos of this world, if you will, we saw dramatic differences in the cost of SBCs. In one of their cases being 90% less, at only $13,000. So when you add up the total cost of the SBC plus the replacement telephony, and full UC platform across the enterprise, the SBC obviously can be a big weight factor in terms of who wins on cost point.

Obviously, cost is not the only consideration, but again there's a lot of play in the market. It's very interesting to even see that some of the VARs out there who are selling SBCs actually really don't know the SBC product. So again it's still in that early stage, but I think it will mature quite quickly, as well as again become embedded in the product as we go forward. Back to you, Russell.

Marty Parker: If I could add to what Steve said. I think Steve did a great summary right there of the acquisition process and his emphasis on cost is really important. Because even though the customers do in fact get those savings in transmission costs, it's not necessarily a savings in capital cost. And it's been our experience with enterprise clients that the cost of the hardware-based SBCs have driven the cost of per-trunk connections on SIP trunks up to be parallel with T1. So the capital is justified only if there is a significant toll savings justification. And I think the lower that the IP telephony providers can get that SBC overhead, the more quickly people will be adopting IP telephony, which is far from a complete journey.

Russell Bennett: I completely agree. My personal observation on this is that the third-party SBC vendors are trying to tackle the entire market and that's why they're quite expensive. They're managing the flow of HTTP requests, all kinds of media, including streaming video. They are vendor agnostic so they would handle Cisco and Avaya and Microsoft, etc., etc., etc., UC media and signaling, so they've basically got to be a Swiss Army knife and try and do everything.

The leading UC vendors are taking a very specific approach to this. They're saying, "It's only our signaling and our authentication and our media that we have to manage and therefore, we can do it very cheaply and very securely." So I see the market bifurcating between the bundled SBCs from the UC vendors versus the third party Swiss Army knife SBCs from the specialists. Does anybody else have anything to say?

Samantha Kane: I just wanted to comment about contact centers and SBCs and how that market has really grown, if I may. SBCs offer a number of key features that support the contact center deployment, including best practice routing and priority routing for E911 cases and more. But of particular interest in the contact centers is the need for transfers from one center to another, which is generally an expensive proposition. The SBC dynamically distinguishes the internal transfer and using a feature called "take back and transfer," keeps the call on the private network and can save the contact center significant dollars. So as Marty had pointed out, it's not just all about costs, and Steven as well.

Another cost savings that we have found is the capability of the SBC and its ability to save on network bandwidth using what they call "codec renegotiation." If we use an example of a customer who has IVR that fronts the contact center that requires G.711 for speech recognition, once the IVR processes the incoming call, the SBC renegotiates the bandwidth of the call to G.729, saving the network bandwidth costs. And finally, the SBC can handle very complex call flows that are traditional in the contact centers between the telecom platforms, as you've said earlier on, many platforms, and some of the third parties being agnostic, and therefore, resolving the interoperability challenges for both the IT folks and the endpoint users.

Also in the contact centers, most record some or all of their calls for regulatory quality management and/or training purposes. The IP trunking border provides an optimal point at which to replicate real time communication sessions for the delivery of the call recording system. So traditional IP call recording topologies perform session replication with port marrying in the layer 2 switch, but this approach does not offer the optimum reliability and consumes an additional ACD port for every session. And that can become extremely expensive, as most of us know. So performing session replication for call recording, which the SBC offers, has two distinct advantages. One is it offers more reliable transport of replicated sessions to the call recording system than a layer 2-based solution. Two, the moving session replication to the trunk side of the ACD eliminates consumption of that extra ACD port that we talked about earlier for every recorded session. So these costly ACD ports can thus obviously be recovered by use as agent seats. So I just wanted to point out those extra important pieces for a call center.

Russell Bennett: Great observations, and it speaks to one of my points earlier about the Swiss Army knife and also the breadth and complexity of this topic. Dave Michels?

Dave Michels: The whole category of SBCs...is an accident. It's a frustrating accident. I don't mean to belittle the category, they serve a very importance purpose, but it was not supposed to happen this way. SIP started getting traction and becoming very popular, and it didn't work well with NAT and firewalls, and so we poked holes in our firewalls to let the SIP traffic go through, and bad people on the internet figured out how to exploit that. So we've been working to patch these holes. I think these holes are generally going to go away as the technology evolves, but right now the way we solve them is with the standalone SBC. The problem really is, is that the standalone SBC is kind of expensive, and the functionality that it provides is being addressed by four other sectors as they are maturing.

You've got the basic firewall that is maturing and becoming SIP-aware, and a lot of firewalls are either becoming known as SBC capable, or becoming SIP-aware, etc. You've got the call managers themselves that are receiving these SIP trunks, and the call managers are maturing with stronger encryption capabilities and intrusion detection capabilities, etc. You've got the gateway market - a number of the providers are proving gateways as their interface between the SIP network and the internet network and the call manager. These gateways are getting fairly robust; they're offering things like least-cost routing now, and presence-based routing and even call recording. You've also got IPV4/IPV6 capabilities in the gateways now, so they're really raising the bar.

And then the carriers, which seemed to be largely still on the bench, have a lot of opportunity to improve the security of the services they deliver, and I suspect we'll see that happening. I know for example, Integra Telecom has now started offering a hosted firewall in their cloud, and I imagine we'll see things like that -either the firewall will mature, or we'll see hosted SBCs, or we'll see carriers that say they'll block SIP traffic from other carriers, if that will work for the customer.

So I think the category itself will go away, but it hasn't gone away yet, and Acme Packet has done a fantastic job of both defining the category, and maturing it and developing it. Companies like Siemens Enterprise Communications came up with their own SBC but they continue to offer the Acme Packet solution because some of their customers have higher-end requirements that their basic SBC can't do. As long as Acme Packet keeps on innovating like that, we'll see the category survive longer, but I think more and more of the call managers, and the gateways, and firewalls, will be addressing this core functionality in their base offerings as well.

Russell Bennett: I agree totally, Dave. The technology business is always dynamic and exciting and no more so than in the SBC market. Art Rosenberg, do you have anything to add?

Art Rosenberg: Well, I just wanted to second the motion that Dave made. First of all, everything is moving from hardware to software, and once you say that, you know the software can be anywhere. The question is, is it trusted, because who trusts software? There is always bugs in them... But basically, it's having the functionality that we're talking about. Not on a separate box, but somewhere in the cloud in a trusted way, and it's just becoming this convergence in terms of who's going to be protected? Is it going to be just the people inside an organization? Or, are you going to protect the people outside the organization? And AT&T's latest announcement about their toggle app shows that they're going to bring both the business and personal stuff together in a single device. So it makes no difference where anybody is or the device they use, the question is, what they want to do, and whatever it is, if it needs protection, it should be protected in various ways, and that's where the software's going to come in. So I think it's all going to evolve that way and away from these separate boxes that people have invested in, unfortunately, and are very expensive. And we need to get all that stuff together as trusted software from some service provider, whether it's on-premise or whether it's hosted and in the cloud.

Samantha Kane: You know, Art and Dave, I don't disagree with you very often, but I will say to you that the reality check here is that the carriers don't get it, and certainly when it comes to client side session border controllers and security. Clients have to take their own precautions. Most clients are not bleeding edge. It's great if you have a bleeding edge client, but when you don't, they need to understand that the ROI formulas have to change. Specific to a contact center, there are many things: there are remote agents and all of the contact center pool over the public internet, demanding scalability and manageability. And the NAT transversal solution, that does not require remote users to reconfig their internet access. So I think that it might be a vertical or maybe a horizontal decision, but I think that certain areas have a great ROI if the right pieces of information are put into the formula.

Art Rosenberg: I don't disagree with your comment about the carriers, because I too don't trust them. They've been getting in the way and trying to get a piece of the action rather than doing anything constructive, and they've got a long ways to go. So that part, definitely I agree with.

Jon Arnold: I'd like to just add to that, to Samantha's point, SBCs are of interest to carriers only for carrier-to-carrier traffic. They're not particularly interested in enterprise traffic, that's a whole different market...

Art Rosenberg: Yet...

Jon Arnold: Right now, it's the enterprises, it's in their - the SBC is for the protection of their own networks. And as Samantha was talking about earlier, there are very complex call flows that SBCs, especially standalones, are very well-engineered to handle. They play a role and that becomes more valuable as enterprises start doing more IP-to-IP traffic handoff. Because when they get into these protocol conversions and like-to-like, like SIP-to-SIP isn't always so seamless. That's where the SBCs kind of earn their money. The enterprises need to be able to keep their call flows going smoothly. Not just for voice, but coming up to video as we all know, but also, I think you hinted earlier, Art, about mobility, which is a whole other growth opportunity. We haven't even talked about the mobile carriers yet, where they're going with this. Because when you talk about the demand for mobile broadband and mobile video, it's just off the charts. And if you think that voice is a potential threat to their networks, video is much more complicated to handle. So I think there is still very much a role here, that the carriers, they focus on carrier-to-carrier, that's really their interest. The enterprises have to look after themselves and that's why the Avayas of the world are jumping into this, to kind to claim that business as best they can and keep from losing it to the Acmes of the world.

Marty Parker: Just to respond, let me say that I think the first point I was making, on pretty solid ground, no matter which part of the argument you're on, which is the prices will come down. So unless demand goes up faster than the prices come down, it will be a shrinking market, and that won't attract new entrants, it'll start to stagnate. But certainly new threats will always appear, and that sort of problem will still occur. But I think it's a question of now that it's been shown it's possible to do in software, as people have suggested, it will move down in price, and soon may just become part of the price of buying an IP PBX or IP call center, etc.

The second thing I'll say, just from the view of the carrier perspective, is that, and I hinted at this earlier, but the solutions that we're beginning to see in unified communications, not in IP telephony or call center, but in UC, are solutions that are end-to-end encrypted. Because they can have a smart endpoint client on a smartphone, on a PC, on a tablet, and those two points, the server and the endpoint, establish the channel through which the communication flows. In that case, I believe arguments can be made, and I believe most enterprises will accept those arguments, that an intermediary SBC that has a certificate authority in order to unpack and repack the secure packets and inspect each one may not be needed; it may add overhead and risk that aren't necessary. So we'll see. No one's disagreeing here, that I heard...no one's disagreeing that this is a market in flux. I certainly would like to emphasize that point. I think the flux may be bigger, and you think it may be less. But I think it will be in flux no less.

Samantha Kane: I just wanted to comment that two years ago the UCStrategies folks at their prominent UC Summit in California brought Acme Packet, as the leader at that time of session border controllers, to the Summit to introduce the power of session border controllers. Not as much from the carrier side but from the enterprise side as well, and for the benefit and security of all our partners and customers. And so I think it's important for us to remind folks out there that UCStrategies typically brings this kind of forward thinking and thought leadership to the marketplace.

Russell Bennett: Obviously this is a very complex topic. It spans a breadth of different dimensions in the whole UC arena. One thing is for sure, anybody who's spent time speaking to customers about security realize that it is a very emotive topic. There are no fence sitters. Everybody's got an opinion, either on the left or the right side of the fence and it's very hard to move them. It's a really interesting area. Maybe we'll come back to this in a couple of weeks. Thanks everybody.

Tags

unified communications
UCStrategies
IP
VoIP
business process
business processes
Russell Bennett
SBC
session border controller

Comments

There are currently no comments on this article.

You must be a registered user to make comments

Latest Articles

Latest Resources

This Space Podcast: Takeaways From the Future of Work Expo, and Where's the Fit for AI, Apple and the Metaverse?

Future of Work Expo, Artificial Intelligence (AI)

This Space Podcast: What Constitutes Work in a Digital World, and Future of Work Expo Preview

Future of Work Expo

This Space Podcast: 2024 Outlook - How IT Leaders Need to Think About Deploying AI - an Analog Perspective

This Space Podcast: Musings on Big Tech, Looming AI Backlash, and Takeaways From Verint’s Analyst Event

Verint, Artificial Intelligence (AI)

This Space Podcast: State of Play with Hybrid Work, and Jon’s World Tour Revue - London, Peru, Dubai and the U.S.

Watch This Space podcasts, UC Expo, NICE, Avaya, Cisco WebexOne, SCTC

Related Vendors

Featured White Paper

Featured White Paper

Farewell, Traditional Workplace - Hello, Integrated Experiences

By
Blair Pleasant
-
06/29/2020 - 16:02

How a integrated tech stack solves collaboration and communication problems in our new reality

The age of silos is over. A preintegrated, cloud-based VoIP, UC, collaboration,...

Tags
All Tags:
Video Collaboration, Team Collaboration, Contact Center, Business Phone Systems, Unified Communication