Transcript Diapositive 1

IP Solutions to move beyond
Craig Taylor & Philippe Chadoin
All rights reserved © 2005, Alcatel
Enterprise IP
communications Challenges
and solutions
IT Team and user needs
 Always on IP infrastructure
 Service accessibility any time, anywhere
 Secured IP communication for all traffics
 Comprehensive management and easier
access to Applications and collaboration
 Reduced CAPEX and OPEX
Solutions
 Robust end to end scalable IP infrastructure
 Advanced mobility support
 Enhanced multi-layer security
 Simplified management and broad set of
collaborative applications
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
Convergence ready IP LAN/MAN/WAN Infrastructure
Switches & Routers for workgroups & core network
WAN
OmniAccess OmniStack
600
LS 6200
 1->16 WAN
 ISDN BRI
Core network
Edge/Aggregation
OmniSwitch
6600
OmniSwitch
6800
 Chassis, Stackable, Virtual Chassis
10/100/1000 wirespeed
Fiber, PoE, Gig uplinks
OmniSwitch
7700
OmniSwitch
7800
OmniSwitch
8800
Alcatel
7x50
64-512 Gbps switching
30-240 Mpps
10Gig Et., Giga Et., PoE
Alcatel Operating System
Key Points




IP communication solutions / October 5&6, 05
Complete set of solutions from L2+ up to L3 and MPLS
Built in redundancy both at device and network level
Designed for triple play networks (QoS, POE, MPLS)
Best price vs feature ratio
All rights reserved © 2005, Alcatel
Alcatel Solutions
IP WLAN Infrastructure
WLAN Switches and APs
512
Number of AP
OAW-6000-128
256
128
48
16
OAW4308
OAW-6000-256
(Supervisor II)
OAW4324
OAW-6000-48
(Supervisor I)
OAW-4304
2 Gbps / 400 Mbps
Key Points
4 Gbps /1 Gbps
OmniAccess 60/61/70
Performance
4
1 Gbps / 200 Mbps
OAW-6000-512
(Dual
Supervisor II)
4 Gbps / 3.6 Gbps
8 Gbps / 7.2 Gbps
 Light Access Point for higher performance (roaming, mgt…) and
easier deployment
 Centralized architecture
 Compatible with future evolutions & standards (802.11e)
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
IP Telephony
IP Communication Server
OmniPCX Enterprise
PSTN
•Flexible solution
•IP or TDM when IP not optimal
•CPE, Hosted, Centralized, Distributed
WAN/
IPVPN
HQ with
•Scalable
OmniPCX Enterprise &
Mgt server
•Enterprise-class telephony
•Centralized voicemail & management
•High-availability, Survivability & Security
Medium sites
with media gateway
•Spatial redundancy
Key Points
Main site with
OmniPCX Enterprise
Small Sites
with IP phones
 Best ROI, risk free evolution to IP
 Virtual Enterprise: lower communication costs
 Best Voice quality & Performances (Miercom 2005)
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
IP Telephony
IP, TDM phones & XML Application phones
•Full range of IP & TDM phones
•500+ features
•XML openness
•Alphanumeric keyboard
•Bluetooth
•Phone based Console
•Multimedia Attendant Console
•IP Attendant Softphone
•Full range of Accessories
Key Points
 Wide range answering to all needs
 Easy to use with alphanumeric keyboard, color display, accessories
 Faster access to applications (XML)
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Converged Communication
includes Mobility
 VoIP + WLAN = VoWLAN
WLANs emerged as a
technology for wireless
data transfer, and they
are becoming ubiquitous
themselves. WLANs enable
mobility in the enterprise.
The rapid adoption of VoIP
demonstrated inter-working
of traditional voice & IP
Telephony. Today IP
Communication
Solution run over high
performance
cost-effective networks
IP communication solutions / October 5&6, 05
WLAN
IP Telephony is now added to
WLANs, offering mobility to the
converged enterprise voice
and data network
OAW-AP
MIPT
300/600
LAN Converged
OAW-6000
OmniPCX
Enterprise
Network Switch
OAW-43xx
Workgroup
Swtich
Application
Server
Resources
All rights reserved © 2005, Alcatel
Alcatel Solutions
Mobility Solutions
On-site and Off-site mobility solutions
DECT
VoWLAN
Free Seating
+
Cellular Extension
Localization
on WiFi
network
Key Points




• Twin set support
• Any mobile phone
• Any Win Pocket smartphone
PDA Softphone
Wide range answering to all mobility needs
One number solution
Corporate telephony services on mobile phones
Mobility ecosystem
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel IP Mobility solutions
Key differentiators
Broad range of voice mobility options
 Complete range of mobile IP phones




802.11b, H323
Push to talk, Vibrator
TFTP client, DHCP, WPA, WEP
Real time messaging
 Alcatel Telephony client for open platform terminals: PDAs
 Innovative solution for Voice over IP and data experience
 Feature-Rich
–
–
–
–
–
Incoming/outgoing calls
Call transfer
Call by name via virtual keyboard
Voice mail
Twin set option
 Unified Communication suite access
 One device: WiFi / GSM PDA
– Option Cellular Client for off-site use
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Infra. and IP communication Solutions
Summary
 Complete, flexible and scalable solutions
 QOS and POE available from small stacks up to large chassis
 Per port POE setting to enable fine tuning
 Same services from hybrid IP/TDM to full IP
 Built in redundancy for all components
 From stack to chassis with limited price premium
 Survivability and spatial redundancy for IP com. server
 Ease of deployment
 Same operating system for switches
 Alcatel Automatic VLAN Assignment (AVA) enabling fast and easy deployment of IP
Phones
 Enabling port sharing between PCs and IP phones when using AVA and Mobile Tag
 VoIP smooth migration thanks to hybrid capabilities
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
IP security
Challenges and Alcatel approach
Challenges: new security concerns arise as voice communication
systems are incorporated in IP networks
 How do I secure the voice system as any other server on the LAN
 How do I ensure the IP Communication system availability
 How do I balance security measures & management complexity
Alcatel approach
 “Security is a process, not a product”: Bruce Schneier
 Alcatel “thinks security” at all stages of the product life from
product design to solution deployment.
 IP Telephony systems can be made as secure as traditional systems and are
ready for deployment”: Burton Group
 Alcatel system design gives a superior protection to the security attacks & provides
more predictability
 “We need to weigh the costs versus the benefits of measures
taken to ensure security”: Bruce Schneier
 Alcatel voice solutions fit with corporate security framework
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Security Solutions
Alcatel’s Network Based Security
Managed Network Security
• Users / switch ports profile management
• Policy based management to scale & support secure mobility
Network Enabled Security
• Attack prevention with Host integrity checking
• Attack detection & containment
Network Embedded Security
• Hardened network infrastructure
• Access control by the network
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
IP Infrastructure security
Security
OmniSwitch
DOS protection
ACL
User authentication
Encrypted
Management
Binding VLANs
OmniAcces
s WLAN
Embedded VPN
Embedded FW
Rogue detection
and containment
User profiling
Encryption
OmniAcces
s
 Embedded VPN
Embedded FW
Fortigate
VPN
• Host Integrity checking
FW
•User authentication
IDS/IDP
Antivirus
Web Filtering
Alcatel Quarantine Manager
Key Points
IP communication solutions / October 5&6, 05
 Built in security across the entire solution set
 High performance
 Consistent approach
All rights reserved © 2005, Alcatel
Security Solution– Attack Containment
Alcatel Quarantine Manager
Quarantine Manager
Quarantine Manager
!!! Attack detected !!!, you can:
• Shut down faulty user port
• Create an ACL
• Move faulty MAC to quarantine
VLAN
4
1
3
X
5
End stations
Workgroup
Switches
IP communication solutions / October 5&6, 05
Data Center
Switch
2
Critical
Resources
All rights reserved © 2005, Alcatel
Security Solution – Attack prevention
Host integrity checking
1
2
User Authenticates using 802.1x (Authenticator is workgroup switch)
• Authentication message includes user name and password
• Authentication message includes host integrity status (OK or not OK)
Authentication request reaches the proxy authentication server
• Checks integrity status (check is OK)
• Forwards authentication information to RADIUS
3
RADIUS Authenticates and sends VLAN information
4
Authorization is sent to switch
• User is placed in VLAN
Management
Server
Radius
Server
Client Integrity
Server
802.1x
Host Integrity Rule
Anti-Virus On
Anti-Virus Updated
Statu
s
Client Integrity
Agent
Critical
Resources
Personal FirewallOn
S.P. Updated
Patch Updated
If Host Integrity is not OK, user is placed in
quarantine VLAN / Remediation VLAN
End stations
IP communication solutions / October 5&6, 05
Workgroup
Switches
Data Center
Switch
All rights reserved © 2005, Alcatel
Security Solution – Wireline-Wireless Integration
User security profiles
User roles are defined at the WLAN switch level
Role #n+1 Stateful FW rules
Role #n ACLs
ACLs
BW
contracts
BWMembership
contracts
Role #2 VLAN
VLAN
Membership
VLAN
Membership
Role #1 Content Inspection
Stateful FW rules
ACLs
BW contracts
User connected in the office
VLAN Membership
Role #n+1
Role #1
Role #2
Role #n
Authentication response:
Device Integrity State
LAN Switch
Role #1
User authentication
Radius server
WLAN switch
User / device role
assigned
User / device role unchanged
IP communication solutions / October 5&6, 05
Key benefits:
RADIUS Database populated with user’s or user
• Unmatched security with L7 filtering / inspection
groups’ role extensions
• Secure mobility whatever the media
• Policy-based management – no switch by switch
FW rules or ACL configurations
All rights reserved © 2005, Alcatel
Alcatel Solutions
Secure IP Communication Server
Proactive security
 OS hardening
 Robust operating system: Linux
Virus
Email
Server
 Unnecessary open source applications removed
 Tested against denial of service attacks
 Media gateways
 No intrusion possible to the network
CD
Internet
LAN
Propagation
 Secure development process, ships from the factory in
secure mode
Reactive: manage security alerts
 Escalation processes with Alcatel security expertise
 Leading computer emergency team
IP communication solutions / October 5&6, 05
OmniPCX
Enterprise
All rights reserved © 2005, Alcatel
Alcatel Solutions
Secure IP Communication Server
Authentication
 No default password for OmniPCX Enterprise system
accounts access
 Management logging and authentication
 Configuration events log
Attacker
No default
aging PWDs
role based
 Log of rejected attempts
Use of secure protocols
 SSH, SFTP, SCP

between com. servers

between com. servers and management platform
 IPSec for exchanges between the OmniVista 4760
server and client
Role based management
 Management access based on application and user
rights
IP communication solutions / October 5&6, 05
SSH
Client
Management platform
All rights reserved © 2005, Alcatel
Alcatel Solutions
Secure VoIP Communications
Alcatel/Thales « VoIP encryption » solution
protects:
 Alcatel components of the IP telephony solution
against
IP Spoofing or Man in the Middle attacks
 voice communications against eavesdropping
IP communication solutions / October 5&6, 05
Cisco
IP phones
teleworker
Siemens
Softphone
road
warrior
Easy to install : automatic negotiation between
components (Communication Server, central and
local Encryption modules).
Avaya
Remote
office
encryption
 IPT Signaling and VoIP encryption
Alcatel
WLAN
warehouse
 Mutual Authentication of VoIP elements
6
5
4
3
2
1
0
IP phone
G711,
LAN
 HW encryption for real time traffic
Call quality ratings
Voice quality
Alcatel/Thales « VoIP encryption » solution
allows
Test scenarios
All rights reserved © 2005, Alcatel
Alcatel IP Security solutions
Key differentiators
Comprehensive security
approach
Voice and Data
Wired and Wireless
Easy security policies
enforcement
Centralized Management
Alcatel quarantine Manager
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
Management Platform
One Management Platform: OmniVista
•OV 2730
PolicyView
One
Touch
•OV 2752
SecureView
Secure
Access
•OV 2770
Quarantine
Manager
OmniVista 2500 Basic
•OV 27xx
SecureView
Secure
ACL
•OmniVista
4760
Fault/Alarms
•Configuration
•Accounting
•Performance
•Alarms, Statistics
•Topology, Discovery, Locator
•Bulk Operations
•Third-party devices (discovery)
IP Network
Key Points
IP Telephony
 All applications running on a single server
 Simplified implementation of IP security policies (Voice & data)
 Integration with existing environment (SNMP, LDAP, DHCP…)
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Solutions
Collaborative communication Applications
IP Communication & Interaction Applications
Unified
Communication
Multimedia
Contact Center
My
My
Messaging Phone
My
My
Assistant Teamwork
•Unified Messaging
•PC telephony
•Call routing
•Audio, Web & Video conf
•Informal Contact Center
•Ready-to-Use with wizards
•Multi-Extension for business calls
“Greeting” Center
•Fast answers
•1st call resolution
•Agent efficiency
•Personalized services
Communication
Web Services
•Integration into Business apps
Key Points




Pure IP and pure software solutions
UC implements Internet standards (VxML, SIP, XML, J2EE)
Full range of evolutionary Contact Center solutions
Web Services: to minimize CTI integration costs
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel Application Solutions
Unified Communication
Service delivery, wherever you are …..
VxML
Alcatel Web Dashboard
IP communication solutions / October 5&6, 05
“To check your voice mail: press 1”
“To check your Fax: press 2”
“To check your e-mails: press 3”
All rights reserved © 2005, Alcatel
Alcatel Application Solutions
Contact Center
Making customer’s life easier…
Dial ONE telephone number
to access a wide range of services
previously delivered through separate
department
faster problem resolution, easier
access to knowledgeable help,
better self-service options and more
personalized service
Enhance
services to
customers
IP communication solutions / October 5&6, 05
Better interactions.
Better services.
Better relations .
All rights reserved © 2005, Alcatel
Alcatel Application solutions
Key differentiators
Common Management approach
for both voice and data
Modular platform
 Pay as you need
 Easy to use and to configure solution
 One touch approach
 Bulk operations
Complete set of communication
applications
 Terminal independent
 Ease collaboration
 Improving overall efficiency
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel
Alcatel IP Solutions
Conclusion
Complete IP communication
solution family
 Voice and data
 Wired and wireless
 Including security approach
 Broad set of user centric added value
applications
Alcatel/Aruba
Specific benefits to end user
 Easier VoIP deployment
 AVA and group mobility
 Superior VoWLAN support
 Quality of Service and fast roaming
 Reduced IP solution CAPEX and OPEX
 Low price point and easy management
 Flexible and scalable solutions
 Ready for on demand deployment scenario
IP communication solutions / October 5&6, 05
All rights reserved © 2005, Alcatel