Growing Pains: VoIP in the Enterprise
VoIP services are rapidly becoming the bread and butter of enterprise voice networks, as roughly 72% of all enterprise voice lines shipped by vendors in 2007 were IP-capable. Now that companies are definitively moving away from the traditional Time-Division Multiplexing (TDM) voice networks and into Session Initiation Protocol-based (SIP) VoIP networks, we examine the VoIP industry's most pressing issues, including SIP interoperability, TDM-to-SIP transition services and VoIP security issues.
Is SIP interoperability still a major concern?
As Nemertes Research analyst Irwin Lazar puts it, "it's more a hindrance than major flaw at this point. Three years ago, a team of iLab engineers found that while different VoIP vendors could ensure basic connectivity between their SIP-based phones and devices, there were also "significant failure rates" for enterprise VoIP features and standard security parameters. Lazar says that today key basic VoIP features such as caller ID, message waiting lights, hold and three-way calling are "pretty well standardized," but that more advanced features such as multiple line appearances, call bridging and intercom still face significant SIP interoperability issues between vendors.
Jeff Brandt, the general manager of IT infrastructure design and engineering for business processing firm Sutherland Global Services, expresses a similar viewpoint and says that he has concerns about a lack of SIP interoperability for advanced carrier-level features for his company's call centers, noting in particular that there are limits to advanced enterprise options that have strong SIP interoperability. Brandt says that his main concerns are features such as interfacing with percent allocation capabilities, as well as general bandwidth capacity concerns for SIP-based systems.
"In a contact-center space, it's difficult to predict spikes in the network that are unforeseen," he says. "After AT&T launches the 3G iPhone, for instance, who knows what that will bring to our call centers? The SIP world has not fully matured yet to handle that kind of flux in traffic."
Brandt also says that some companies might experience SIP interoperability problems simply because SIP is a relatively new technology for a lot of enterprises and that IT departments don't yet have the same familiarity with SIP-based systems as with TDM systems.
"Everyone understands how TDM works, but in the SIP environment there has to be some more effort to get people to understand how it operates," he says.
But Marc Tolbert, the volunteer IT coordinator for Bullitt County Adult & Community Education in Shepherdsville, Ky., says that the big SIP interoperability problems are largely experienced by large enterprises, and that small and midsize businesses with more basic VoIP needs will have very trouble-free experiences with their SIP systems.
"Previously, a lot of people would experience problems because of a lack of standards, but that was a few years back," he says. "When it comes down to it, unless you're doing something really bizarre and funky with your implementation, you won't have many problems."
Are service providers offering smooth transition services to move from TDM to VoIP services?
The answer seems to be "yes," as long as your service provider offers SIP trunking services. With the SIP Forum's ratification of Version 1.0 of the SIPconnect standard earlier this year, the SIP industry for the first time has an industrywide standard to define interoperability between IP telephony systems and service-provider VoIP systems. This is important because SIP trunks provide a relatively simple way for locations with IP telephony to communicate with locations that are still using legacy public switched telephone networks (PSTN).
"Without SIP trunking, if you want to make a call, you've got to buy a separate gateway for each location, as well as dedicated circuits," says Lazar. "With SIP trunking, you can carry calls over an MPLS connection and any conversion has to go on within a service provider's network."
However, Lazar says that SIP trunking services are not universally available and reports that he has heard some complaints from enterprise users about legacy providers that don't offer much in the way of SIP trunking.
Randy Young, the vice president of network engineering for managed facility-based VoIP provider Cypress Communications, says that switching to a VoIP network from a TDM network often results in problems such as echo and latency unless the VoIP vendor takes certain steps to ensure that they will have high service quality.
"When you route calls to a SIP provider, you want to peer directly with their network rather than go directly across the Internet and hop across two or three different networks," he says. "Personally speaking, we prefer peering to going through an open Internet."
Looking forward, says Brandt, service providers have strong incentives to provide strong TDM-to-VoIP transition services because they want to develop enough trust with businesses so that businesses will eventually let them manage enterprise voice platforms. And while there may be bumps such as latency and echo along the way, Brandt says service providers will only be successful if they can prove trustworthy to enterprise users.
"The smooth transition to VoIP is going to be slow, but they're starting to gain some ground," he says. "At the beginning stages of VoIP, it was kind of an unknown quantity. But now that greater understanding of VoIP is out there, some enterprises are releasing control of their platforms again to the carriers."
Besides providing a smooth transition from TDM- to SIP-based VoIP, what other advantages does SIP trunking have?
The biggest one is simply cost savings. As Lazar puts it, "If you've got a small office and you're paying $800 a month for a dedicated T-1 line and a gateway, you can use SIP trunking to move that into the cloud for less money."
But it isn't just about the money -- SIP trunking can greatly simplify your network architecture as well. As Network World blogger ddonahue outlined last year, SIP trunks provide the same links for both intra-office calls sent over the WAN and outside office calls sent over the PSTN or even the Internet.
"The main advantage of SIP trunking is that you don't have to run additional lines into your main site," says Tolbert. "By allowing you to trunk into whoever you want to use who has capacity at the other end, it gives you a kind of Vonage-type connection for a business-class customer."
Brandt expresses a similar view, and notes that SIP trunking shrinks the footprint of technologies that enterprises need to use to the point where IT departments need only a single or dual Ethernet connection instead of the multiple cables and pieces of hardware they'd need for a traditional TDM system. And in addition to being good for users, Brandt says that it's a boon for carriers as well.
"Just like with enterprises, SIP trunking lets carriers decrease the overall number of hardware components in their data centers," says Brandt, whose company relies on Avaya media gateways to support SIP trunking capabilities.
On top of all this, Lazar notes that SIP trunking gives companies strong call-routing capabilities to send incoming calls to outsourced call centers. Thus, he says, a retail chain can automatically send calls from one of its stores into a call center, and thus cut down on the amount of labor it uses to answer phones within the store. If the call center doesn't have the answer to customers' question, they can be easily transferred back to the store for an on-site employee to answer. Tolbert also says that SIP trunks provide a simple and quick way to handle calls coming in through PSTN and through SIP systems.
"When I converted my VoIP system from my traditional system, it took me about 15 minutes," says Tolbert, who uses VoIP vendor Syspine's small-business phone system with Microsoft's Response Point System installed. "And support-wise, I don't have to do squat with it. I helped train one of the secretaries to manage the entire system, which is something I couldn't have done with a traditional TDM phone system."
What, Me Worry?
What should be your biggest VoIP security concerns?
One of the most common threats to VoIP, some vendors and users say, is a denial of service (DoS) attack that takes out a network's servers. DoS attacks aren't directed at the VoIP services themselves, of course, but VoIP services will get shut down if a DoS attack successfully overloads company servers with requests.
"In the VoIP arena, you're taking voice traffic that used to be separate and is now integrated into IP," says Brandt. "So you have to have certain things in place to protect yourself from those risks, but you want to be careful to not degrade your quality of service."
The most basic element for guarding against DoS attacks, says Siemens global marketing director Graham Howard, is installing a SIP-enabled firewall during your network setup to act as the first layer of defense. Lazar says session border controls, which are firewalls designed specifically for VoIP systems, can control what packets go over an entire SIP trunk, thus giving businesses a strong tool for blocking packets sent as part of a DoS attack. Indeed, for small businesses, a good firewall can be entirely sufficient for VoIP security needs. Tolbert says that he sends all his intra-office voice traffic over a fiber backbone strung over six different sites, and that he only relies on firewall protection to keep his VoIP service up and running.
"If I was having my SIP traffic go through the Internet, I'd be a lot more concerned about it," he says. "But since my SIP traffic doesn't go outside my own little world, that doesn't worry me too much."
For companies that are sending their traffic over the Web, however, Howard recommends investing in a VoIP encryption service that will thwart hackers attempting to tap into your company's communications. Siemens, for instance, offers a solution that lets users set encryption options on a call-by-call basis, and that gives them a notice on their desktop telling them that the encryption service is up and running.
How far should you go with your VoIP service? Should you get full-on premises control, or should you run your own PBX and let a vendor handle wire-to-the-building?
The answer really is, "It depends on your business needs." Brandt says that for his business, which runs contact centers for large companies, voice is an absolutely critical application that needs to be up and running with no latency at all times. Thus, it makes more sense for his IT department to have full-on premises control of the entire voice platform to ensure rapid problem-solving and to ensure that the network is tailored specifically to the company's needs. For companies where voice services are less critical -- that is, companies where employees rely more heavily on tools such as cell phones, e-mail and instantly messaging -- Brandt says it makes much more sense to outsource managing your voice platform to a vendor or carrier.
"A lot of larger organizations prefer on-premises solutions, because you can't get hosted services for as large a scale as they need," says Lazar. "Where we see a lot more hosted services is in small businesses that have less than a thousand seats and that aren't geographically dispersed."
Howard shares Lazar's assessment that large businesses mostly want to run their own voice platforms themselves, although he thinks a lot of it has to do with the level of expertise the business has in its IT department. For instance, Howard says a credit card validation company recently contacted Siemens about VoIP solutions and wanted an outside company to manage all of its communications because the company simply did not want to deal with any of it internally.
As for smaller businesses, Tolbert says that they generally need the help of a hosted service provider, since most small businesses "don't want to be wasting their time tweaking and babying" their VoIP system constantly. However, he also notes that for small businesses that require 50 handsets or less, it's relatively simple to manage your own services by training one or two employees to do all the routing, phone-answering and the adding of new users.
"Since we have a fairly small organization and I'm a volunteer IT coordinator, I want the technology to be as idiot-proof as possible and to make people self-sufficient in running the system," he says. "If you're an organization with 75 phones or less and you have to constantly call tech support, then you have the wrong telephone system and you're wasting money."