Showtime for VoIP, security

3Com and Cisco will marshal a parade of IP telephony vendors pitching new wares this week at NetWorld+Interop as the industry moves to make enterprise voice over IP more scalable and IP phones more mobile.

LAS VEGAS – 3Com and Cisco will marshal a parade of IP telephony vendors pitching new wares this week at NetWorld+Interop as the industry moves to make enterprise voice over IP more scalable and IP phones more mobile.

Daily breaking news and analysis from Network World reporters and editors at the show.

Security hardware makers also will be prominent as they debut gear upgraded for detecting and reacting to network intrusions, and roll out Secure Sockets Layer (SSL)-based products designed to ease deployment of VPNs.

With about 275 exhibitors scheduled, this week’s N+I – the only Interop in the U.S. this year – will be about half the size of last year’s Las Vegas show, which was half the size of the 2001 show. Nevertheless, interest in VoIP, Wi-Fi and VPN infrastructure products is expected to be strong.

Among the announcements:

• 3Com, with its Voice Core Exchange V7000, wants to enter the large-scale VoIP product market.

• Cisco and SpectraLink  will present Wi-Fi IP phones for bringing mobility to IP telephony.

• Fortinet  will debut Gigabit-speed intrusion-detection gear that promises new approaches to intrusion detection and prevention.

• SSL VPN hardware from Neoteris is aimed at securing remote-user applications, while making VPN management easier than IP Security -based equipment.

3Com is launching its VCX V7000 platform for supporting IP telephony in large organizations. The softswitch is a modified version of the carrier softswitch made by 3Com’s former CommWorks division, which 3Com sold to UTStarcom.

3Com says the VCX V7000 will let corporations bring carrier-class scale and reliability to IP telephony networks. It will compete with offerings from Avaya, Cisco and Nortel. The CommWorks softswitch already is deployed as part of a hosted VoIP service from MCI, formerly WorldCom, and at AT&T for offloading TDM backbone traffic to the carrier’s IP network.

A combination of 3Com NBX and CommWorks softswitch  gear is being rolled out at Prudential North West Properties, a real estate firm in Oregon and Washington.

“The [3Com softswitch] appealed to us because . . . it’s obvious that it can scale,” says Sean McRae, vice president and CIO at the real estate firm.

The softswitch will be used as a central call-control engine for 20 offices connected by a WAN. The branches will have a mix of NBXs and phones, and Session Initiation Protocol phones that the softswitch controls centrally.

3Com’s softswitch is a call-control and applications platform that runs on Sun’s SunFire Unix server platform. The software is based on SIP , a real-time communications control protocol that vendors such as Microsoft and Siemens are adopting. The softswitch can be used to provide calling features and unified messaging applications for tens of thousands of users – far beyond what its NBX IP PBX phone system can handle, the company says.

“We’re also very interested in SIP and the open architecture” of the softswitch, McRae says. “Down the road, SIP will allow us to integrate different kinds of phones and other devices from a number of vendors.”

3Com says it will work to integrate its NBX and VCX V7000 platforms as a single VoIP system over the next year.

Voice and wireless

N+I is ground zero for industry buzzwords, and two of the most popular – VoIP and Wi-Fi – will be brought together by SpectraLink and Cisco, which are separately announcing 802.11b -based IP telephones.

SpectraLink is adding the i640 and e340 to its lineup of Wi-Fi IP phones. The i640 includes a walkie-talkie feature based on IP multicast that will let users on the same 802.11b network talk by pushing a button on the handset. The e340 Wi-Fi IP phone is aimed at corporate users, and is a slimmer version of SpectraLink’s previous Wi-Fi phones (targeted at healthcare and manufacturing markets). Both work with IP PBXs from Avaya, Cisco and Nortel and all standards-based 802.11b endpoints. A SpectraLink gateway server also is needed to connect the phones to an IP PBX.

Revealed at Cisco’s Partner Summit earlier this month , the Cisco 7920 Wi-Fi IP phone lets companies deploy wireless phones throughout a Cisco-based VoIP and 802.11b infrastructure. The device will support all Cisco CallManager IP PBX features without additional equipment. The 7920 phone will include support for Cisco’s Lightweight Extensible Authentication Protocol for security, and quality-of-service support over Cisco wireless gear. The phone costs $595 and will ship in June.

Cisco also is announcing new low-cost wired IP phones, with its 7902G, and the 7912G, which are available for $130, and $165 respectively. The 7912G includes a two-port LAN switch for connecting a PC and phone to the LAN over one cable. The 7902G does not include a switch, or an LCD display. Additionally, Cisco will release Version 3.0 of its Survivable Remote Site Telephony for Cisco IOS, which provides call control and calling features to VoIP users at remote sites, in case the office is cut off from a CallManager at a central site. New features include conference call transferring, music-on-hold support for Cisco’s 7935 IP conferencing station.

Also in the wired world of VoIP, start-up Nuasis  is debuting with its NuContact Center, an IP-based automatic call distributor, which controls phone call routing in a call center. NuContact Center is a Linux-based Dell server, running a call-control and call-routing platform based on SIP, and proprietary routing software. The box can be deployed across multiple call centers and used to coordinate voice, e-mail and Web customer service technologies into one system.

A client “dashboard” application for Windows XP combines a SIP-based softphone with CRM interface tools, and Web/e-mail customer interface applications into a view for call center agents. A USB headset is used instead of a desktop IP phone.

Other IP voice and video news at the show is expected to include:

• Sonexis will announce ConferenceManager 3.0, an audio and Web conferencing server that features support for SIP-based VoIP clients, in addition to already supported H.323.

• Jasomi Networks will introduce the PeerPoint Video, for letting SIP-based video packets pass through firewalls.

• RADVision also is adding SIP and H.323 Version 4 to its viaIP multipoint control unit for connecting multiple video endpoints into a single call.

Security scene

As always, security will be a hot topic at this show, with several VPN and intrusion-detection vendors introducing wares.

Fortinet and Resilience are adding automated intrusion blocking to their security appliances.

Whereas Fortinet’s FortiGates previously have supported intrusion detection and alarming, they now can automatically block the common attacks that they detect. This feature is expected to ship with two new FortiGate hardware platforms that Fortinet is announcing. The company says the feature will be added later to the software of existing FortiGate products.

Fortinet will announce two new versions of its FortiGate security appliances, the FortiGate 60 and FortiGate 1000, which add intrusion-detection and intrusion-protection capabilities to the platform.

FortiGate 60 is designed for branch offices and home offices, and includes a four-port 10/100M bit/sec Ethernet switch and a 70M bit/sec firewall and VPN support with 20M bit/sec Data Encryption Standard encryption. The device has two WAN-facing Ethernet ports for connecting to separate Internet links to back up each other. It costs $1,000.

FortiGate 1000 is a gigabit firewall platform with an IP Security VPN speed of 250M bit/sec. It has four 10/100 ports that are configurable to connect to a LAN or to a secure network segment or WAN. It also has two copper Gigabit Ethernet ports. FortiGate 1000, which costs about $12,995, has a high-availability port that would let two of the devices be tied together as backup.

Resilience will announce that its Check Point-based firewall/VPN appliances also will support Secos intrusion detection. The two software platforms are integrated so that after detecting an intrusion, the Secos software can alter Check Point firewall settings to block it. The software also sends notification of the attack to an administrator for further inspection and logs the intrusion. The Resilience appliances start at about $20,000 and are expected to be available by midyear.

Also at the show, ICSA Labs will announce plans for an SSL certification program that will include evaluating SSL remote-access gear. ICSA has written a high-level outline of the core elements each product must meet and wants to gather input from SSL product developers about what criteria should be included.

The certification program will review products for technical performance and for ease of use, says Brian Monkman, SSL/transport layer security (TLS) technology program manager at ICSA Labs. “You can have all the best security in the world and if it’s not easy to use, you can still screw it up,” he says.

The new push by ICSA also will include certification for TLS, an IETF-endorsed encryption protocol for IP traffic incorporated in newer versions of Microsoft’s Internet Explorer and other products.

The program was suggested by Aventail and other ICSA customers that Monkman declined to name. He says the SSL certification will be ready in the third quarter and is intended to serve the same purpose as its program for firewalls.

Also at the show, Neoteris is announcing an upgrade to its Instant Virtual Extranet (IVE) software that supports all client-server applications over Internet SSL sessions. Remote computers log on to the IVE, and it acts as a go-between with application servers at a corporate site. Previously, IVE had Java-based support for applications, and this adds a Windows-based application proxy.

The upgrade also includes a closer integration with Siebel Systems and Oracle software. This lets employees with the Johnson County, Kansas, government reach Oracle ERP servers from remote locations, something they couldn’t do before, says Aaron Goff, security manager for the county IT services department. Before, the county used the IVE for access to file-sharing and Web-based applications for about 200 employees, he says. The Neoteris capability makes it unnecessary to buy the Oracle package that enables remote access.

For securing Web services traffic, Forum Systems will release its Forum Sentry 1500 Version 2.0 appliance. The company has added support for the Security Assertion Markup Language to its list of authorization services. The company also added support for WS-Security and WS-Routing, two emerging Web services protocols. Version 2.0 also features enhancements to the filtering engine and policy framework. Pricing starts at about $35,000.

Network World Multimedia Editor Jason Meserve and Senior Editor John Fontana contributed to this report.