TMCnet
ITEXPO begins in:   New Coverage :  Asterisk  |  Fax Software  |  SIP Phones  |  Small Cells
 

Feature Article
April 2004


Migrating to SIP: Five Myths

BY OLLE WESTERBERG

The promise of IP-based real-time communications services is now being made possible by SIP (Session Initiation Protocol), the new standard for Internet telephony, instant messaging and a host of applications that can save any business time and money. But what�s the cost of bringing SIP to the enterprise? What should the IT purchaser look for when making the investment in SIP services? Is it really necessary to replace the entire network just to accept SIP? And what about security?



You may have realized, it�s time to migrate your network to SIP. Some of the industry�s most influential giants are developing products and applications that rely exclusively on SIP. For instance, Microsoft has chosen SIP for its real-time communications strategy and has deployed it in its Office Live Communications Server as well as other platforms.

Following are the top five myths in migrating your network to SIP:

Myth #1: I have to replace the entire network.

It is not necessary to replace your entire network to accept SIP. The critical stopgap for adopting SIP-based communications is the enterprise firewall. Frequently, swapping your current firewall for one that is SIP-enabled is all that�s necessary. The investment in a new firewall is far less expensive than upgrading the equipment it likely took years to aggregate.

Myth #2: I can SIP-enable my current enterprise firewall, can�t I?

It is impossible to SIP-enable any enterprise firewall that�s not already engineered to accept the protocol. Even high-end firewalls, from the biggest brand name companies, cannot be retrofitted to accept SIP. Remember, not all enterprise firewalls are the same. There are only a few firewalls on the market that are SIP-enabled. Be sure that the firewall you purchase is SIP-ready at the outset.

Myth #3: Traversing the firewall is impossible for SIP-based communications.

Not true. Firewalls make the LAN private and not a part of the public Internet. They block unwanted access and generally prohibit inbound traffic. The shortage of IP addresses has also led to the need for NATs (Network Address Translators) that allow the use of many private IP addresses behind a single public IP address. NATs and firewalls (often combined into a single product) both create problems for the SIP protocol. There are two types of problems:

� Normal firewalls will not let SIP-based traffic through, since they do not know which ports to open for the media. For security reasons a large range of ports cannot be left open at all times.

� The private IP address of the recipient SIP end-point device is unknown.

It is critical that your SIP-capable firewall incorporate a SIP ALG, a SIP Proxy, and a SIP registrar. With these functions, the firewall understands the SIP signaling, directs the signal to the proper private IP address, controls the firewall and opens the media ports only when they are needed and closes them as soon as the session is finished. This means that the SIP traffic is let through, while the unwanted traffic is still stopped by the firewall. With a proxy, SIP signaling can even be encrypted using TLS (Transport Layer Security) to hide the signaling and the content of instant messages, a concern for many IT security managers.

Myth #4: My network will never be secure if I use SIP.

Using a firewall to bring SIP to your enterprise will be the single most important step you take in ensuring the security of your network with VoIP and other SIP-based applications. Firewalls are designed to protect your enterprise; if you purchase a firewall specifically designed to do just that � protect the network � that�s also geared to enabling SIP, you can be confident in your purchase. A SIP registrar is also a must-have if your firewall is going to keep your network secure while allowing the use of SIP applications. A SIP registrar records the location of every SIP device on the private network. This allows the SIP registrar to direct incoming and outgoing traffic to the correct device, while still hiding the private IP address from the outside.

Myth #5: Configuring a SIP-capable firewall will be next to impossible.

Some SIP-capable firewalls boast a Graphical User Interface (GUI) that makes set-up, and day-to-day use, easy. The GUI can also be a tremendous benefit with regard to troubleshooting. Several companies also have help-desk support. It�s critical to choose a firewall with free help support � preferably available online as well as by phone � for issues that need immediate resolution.

In short, SIP-enabling an enterprise network can be limited to installing a SIP-capable firewall or adding a SIP proxy to your existing network. Rather than being a costly and difficult task, the upgrade can be accomplished simply and easily, with minimal cost, and the benefits in productivity far outweigh those costs. With applications on the market today, and perhaps already installed on your desktop, a SIP-enabled network will allow your firm to enjoy the benefits of the next evolution of the Internet. c

Olle Westerberg is CEO of Ingate Systems a leader in next generation firewall technology. For more information, visit www.ingate.com.

If you are interested in purchasing reprints of this article (in either print or HTML format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at reprints@tmcnet.com or by phone at 800-290-5460.

[ Return To The April 2004 Table Of Contents ]

 


Today @ TMC
Upcoming Events
ITEXPO West 2012
October 2- 5, 2012
The Austin Convention Center
Austin, Texas
MSPWorld
The World's Premier Managed Services and Cloud Computing Event
Click for Dates and Locations
Mobility Tech Conference & Expo
October 3- 5, 2012
The Austin Convention Center
Austin, Texas
Cloud Communications Summit
October 3- 5, 2012
The Austin Convention Center
Austin, Texas