We've suggested before that session border controllers (SBC) are necessary within an enterprise network to ensure QoS and security for VoIP and unified communications, and Acme Packet has suggested in a recently published white paper that the need for SBCs is especially acute for Microsoft Office Communications Server (OCS) users. Acme Packet also contends that SBCs are complementary to OCS deployments, and they can improve scalability and reduce total cost of ownership.

As one of the leading SBC providers, Acme Packet has a multi-year history in hundreds of service provider VoIP deployments. Based on the company’s experience, enterprise firewalls are unable to protect the Microsoft OCS edge or core servers. According to Acme Packet “VoIP testing tools operating on any ordinary PC have proven that they can completely disable any popular SIP-enabled firewall (as well as any SIP proxy or PBX) by sending a flood of legitimate or illegitimate SIP messages. These firewalls with SIP Application Layer Gateways (ALG) also have poor topology hiding capabilities. They have been known to expose internal addresses of core SIP servers that are included in SIP message headers.”

Addressing a second issue, Acme Packet points out OCS uses SIP with TLS encryption over TCP and encrypted SRTP for the media. However, SIP PBX vendors have choices in SIP transport protocols (including UDP, TCP, SCTP) choices in signaling and media encryption protocols (including none, TLS, MTLS, IPSec) and choices in DTMF transport (either media or signaling-based). In addition, many installed IP-PBXs still rely on H.323 protocol while others use MGCP or SCCP based endpoints. Therefore, controlling the interoperability of these multiple protocols variations to maximize security and performance between OCS-based SIP protocols, the protocols used by the installed IP-PBX.

Interoperability management between OCS and the IP-PBX should consider:

* Unified dialing plans across multiple, separate IP PBX and OCS deployments.
* Comprehensive security and overload protection for IP PBXs connected to SIP, H.323, MGCP or SCCP-based endpoints.
* The ability to securely bridge heterogeneous IP address spaces.
* Manipulation of telephone numbers, URIs and response codes.
* Transcoding and transrating for a broad range of wireline and wireless codecs.
* Session routing metrics supported for LCR, ENUM, QoS and ASR to minimize costs and maximize session quality.

Steve Taylor is president of Distributed Networking Associates and publisher/editor-in-chief of Webtorials. Larry Hettick is a principal analyst at Current Analysis.