IP-Centrex Reference Case

Global Communications Management (GCM) is a Swedish Service Provider offering hosted VoIP solutions for businesses. GCM initially used an IP-PBX from Avaya and a failover pair of SIParator® 60, with protection offered by a SonicWALL. This setup is now in the process of being replaced by a platform consisting of three Avaya CMs and a failover pair of Ingate Firewall® 2950s, also providing full protection of the network.
A fiber connection is employed for the subsequent routing of the calls to the carrier Phonera to further reach the PSTN network.

Customers range from 3 to 100 extensions each, with an average of around 10 extensions.
As the Avaya IP-PBX systems use the standard Internet protocol SIP (Session Initiation Protocol), GCM could use cost-effective general Internet to convey its service to the customers and moreover let them choose between a wide variety of different phones. Presently terminals of three different kinds are mainly being used:
• SIP telephones from Avaya
• Portable dect-phones from Kirk and Polycom
• Mobile extensions (supplied by Tele2)

But how was this stage of mature functionality reached?

The Challenge:
The obstacle when deploying this solution was a technical issue - the firewalls. GCM and its customers were using traditional firewalls or simple NAT-routers that do not support IP-based telephony. Problems like one-way media and poor quality inevitably occur.

This is a common problem. Traditional firewalls see SIP traffic as “unknown” and, in an effort to protect the network, block IP telephony calls. In addition, NAT devices create private IP addresses, hidden from the outside, which makes it hard to reach the intended caller who has a private IP address.

To circumvent this obstacle GCM initially leased private lines or set up VPN tunnels to its customers.
“It was an expensive solution, but the only way we could solve it” says Niklas Berg, Technical Director at GCM, and continues: “almost every installation became very time consuming and setting up VPN or leased lines is not our core business.”

The Solution:
The Ingate SIP proxy technology, present in the Ingate Firewall and SIParator, makes it possible to traverse NATs and firewalls in full security.
“We had heard about the SIParator from Ingate and when we contacted Ingate they let us try one, installed with the SonicWALL. It immediately solved all the firewall issues and everything worked just as we wanted it to do”, said Niklas.

Moreover a similar issue at the NAT routers of the customers also appeared. The integrated Remote SIP Connectivity function of the Ingate provides Far-End NAT Traversal, FENT, actively enabling SIP traversal of these obstacles as soon as a SIP client has registered on the inside.

This usually works well, but today GCM has standardised its procedures and provides all new customers with IX78 firewalls, also equipped with the Ingate SIP proxy technology. These performing systems, besides offering security and SIP traversal, assure a good voice quality by using QoS to prioritise VoIP. The IX78s can all be managed remotely and have enabled GCM to widen its product offering to include IP security.

A few customers insisted upon maintaining their existing firewalls, and of course they could do so – after having installed an Ingate SIParator as well!

“It was a great relief to know that we had actually solved the biggest hurdle and we had alternatives to choose between”, said Niklas Berg. To make it possible for the customers to successfully use the GCM service on his regular Internet access also rendered VoIP product particularly cost-efficient and attractive.

Reduce costs for GCM
When having the SIParator in place, a natural step for GCM was to connect its IP-PBX over the Internet to a SIP trunking service provider and let him handle the connection to the PSTN. Instead of paying for a number of PRIs, each with high fixed cost, GCM now only needs one SIP trunk connection. The number of channels can be varied quickly and easily – another way to reduce costs. In a traditional PRI solution, a capacity of 30 (or in some cases 15) channels had to be acquired at a time.

Redundancy and stability
GCM has chosen a failover solution with two Ingates installed together. If one suffers a failure, the other one automatically takes over the operation, thus providing stability and redundancy.
.
“We don’t have to spend time creating pinholes in the customers’ firewalls or set up VPN tunnels. Now we have an environment that allows us to focus on our core business – to sell telephony services” concludes Niklas Berg.