In their UC deployments, organizations are moving towards a centralized call processing model that leverages the converged IP network to reduce costs. However, careful planning and the right tools will be needed to consolidate infrastructure at the headquarters and extend those capabilities to branch offices and remote sites.

Any downtime in voice services, either at the headquarters or the branch offices, will be unacceptable and will lead to reduced productivity, profitability, and competitiveness. In order to provide branch office employees the same voice experience as in the headquarters, organizations need to consider solutions that provide voice service continuity through resilient enterprise grade telephony architecture. Or else - an architecture that makes the IP network a single point of failure may leave remote offices completely unreachable if the network goes down. Nobody wants that to happen.

Any organization with branch offices may be a candidate for centralized call processing, but they will need a solution that:

• Minimizes or eliminates the impact of service disruption

• Provides secure voice connectivity

• Protects their networks and servers against denial of service attacks

• Provides highly scalable architecture, and

• Consolidates infrastructure to reduce cost

Resilient, high availability gateways are essential for any Microsoft OCS deployment that looks to provide access to traditional telephone services. VoIP security threats are real and successful attacks can cripple the organization’s ability to conduct business. Like traditional PBXs, IP telephony systems must offer high reliability and resiliency. The VoIP architecture should include features to ensure high availability and load balancing, with encryption and firewalls to protect networks and servers from denial of service (DoS) attacks. The type of transport protocol supported by the network will also have an impact on the resiliency of the voice services.

Here are some things companies should consider when implementing IP networks:

• Security: Securing the network and servers against sabotage, denial of service attacks, and malicious use is essential for the successful VoIP implementation. When connecting to the public Internet and other external networks, security is always an important issue to consider.
• Toll Fraud: Another aspect of security in VoIP networks is toll fraud, where unauthorized users make calls using an enterprise VoIP network. Under some conditions, gateways may provide users with a secondary dial tone, which would allow an attacker to make calls by dialing external access code, typically a ‘9’. Voice gateways should never provide a secondary dial tone.
• Authentication/Encryption: To provide a high level of security, both signaling and media traffic should be encrypted. Gateways should use encryption techniques like Transport Layer Security (TLS) to secure signaling information and Secure Real time Transport Protocol (SRTP) to encrypt the media packets. To protect traffic on the network, the gateways should support best-in-breed 128-bit Advanced Encryption Standard (AES) for media encryption. X.509 digital certificates, provided either by the gateway or by a third-party certificate authority, should be used provide authentication, and a secure key exchange should be used to enable mutual authentication.
• ·Denial of service attacks: Malicious users may attempt to launch denial of service (DoS) attacks targeted at specific end points or in a strategy to flood the entire network by sending a large volume of traffic onto network. The VoIP gateway should be able to mitigate those types of attacks.
• Reliable transport using TCP Protocol: User Datagram Protocol (UDP) is a widely used best effort protocol used for streaming audio and video services, and early RFCs specified it exclusively for transporting SIP signaling messages. RFC 3261 now requires SIP transport using both UDP and Transport Control Protocol (TCP). TCP is a connection-based protocol that guarantees reliable message delivery. Intelligent voice gateways should have the ability to support both UDP and TCP transport protocols allowing the use the option of a reliable SIP transport mechanism.
• High availability & load balancing: The data network may not always be available due to a scheduled downtime or events like link or power failures. The gateway solution should ensure that the voice services are always available and that users can make and receive calls even at peak calling periods or during network disruptions.
• Recovering from major disruptions: Failures happen, and a resilient architecture can provide protection for voice services during those events. Gateways should be configurable to reroute incoming calls to a PSTN or mobile number in event of failure on the IP network.

A centralized call processing model can reduce cost, lessen complexity, and increase management flexibility. However, unless we use the appropriate tools and design techniques, the consequence of that centralized architecture may be reduced reliability. When voice traffic is carried over the data network, branch offices can be isolated if the data network goes down. An enterprise grade gateway solution can ensure business continuity by maintaining voice services at the branch office when such a network failure occurs.

As telephony networks are consolidated, organizations need a mature solution that provides a high degree of resiliency for their unified communications deployments. To reap the full impact of a Microsoft OCS deployment, intelligent voice gateways will be needed to provide that secure, high-availability solution, and ensures business continuity both at the headquarters and at the branch offices.