May 2004

Grappling With Management Of IP Telephony

BY CRAIG FARRELL

The move to IP telephony promises big cost-savings for large enterprises, but some organizations are shying away from large-scale deployments, fearing that VoIP reliability and security issues may pose problems to business operations. In theory, a converged voice and data environment should be ultimately simpler and easier to manage, however the promise of reduced hardware and operations costs coupled with lower phone bills has not been entirely sufficient to lure companies into extensive VoIP conversions. Instead many companies are taking a slow, yet steady, phased approach to voice over IP, taking migrations a bit more cautiously by implementing on either a department-by-department or a small trial basis.

While a phased approach helps corporate enterprises reduce risk and ensure a smoother conversion, many enterprises have still been caught off guard by the cost and complexity of their migration efforts. The phased approach introduces more heterogeneity into the network � a combination of legacy PBXs, new IP telephony hardware, and VoIP applications on top of existing data applications. A converged environment, coupled with the maintenance of traditional PBX-based services, introduces more complexity in terms of service assurance and network monitoring, as the network must now support a new type of network traffic. However, network availability and service quality are not the only issues that make the migration to IP telephony a challenge. Operations personnel must also now grapple with measuring additional quality of service (QoS) metrics and service level agreements for VoIP. And as IT organizations move to converged environments, the network will become truly mission-critical � the lifeblood of the business, putting additional pressure on IT and network personnel.

�The conversion to voice over IP presents interesting challenges for both network and service management. In a traditional business environment there are two separate networked infrastructures for voice and data communications that can be relied upon to conduct business,� commented George Hamilton from the Yankee Group. �If the network goes down and e-mail is disabled, employees can simply pick up the phone. In a converged environment, this all changes � the network will be the single link tying the business together.�

EMERGING SECURITY VULNERABILITIES
This growing dependency on the network as the single vehicle to conduct business, coupled with high user expectations, will put even more pressure on already hard-pressed operations personnel � making real-time network monitoring and service assurance more critical than ever.

In addition, IP telephony potentially provides applications with a new avenue for accessing the data network and therefore introduces new security vulnerabilities. Like data applications running on an IP network, voice services are also vulnerable to attacks. A recent advisory from the National Security Infrastructure Coordination Center revealed new security vulnerabilities for IP telephony equipment that utilize the ITU H.323 standard, which can result in a range of problems such as viruses, denial-of-service attacks, and other security-related problems that can impact network routing equipment, security systems and devices.

Even though many equipment vendors have provided information on how to address and correct these problems, organizations will still need to consider how threats, network faults, and system and application events can be centrally managed so that IT staff can better understand the relationships between security vulnerabilities and service availability and quality. To effectively address the IT operational challenges that IP telephony introduces to the network, organizations will need a common method by which to monitor network, system, and security data and establish a means of correlating security breaches to network faults and assess their aggregate impact on application and service problems.

MANAGING BANDWIDTH PRIORITIZATION
Data and voice traffic are extremely volatile, spanning a wide range of peaks and valleys throughout the day, which makes it difficult to meet QoS requirements for both types of traffic. Many enterprises may be soon faced with a question: �Which takes a higher priority, voice or data?� The answer is �it depends.� As companies migrate to IP telephony, they may not only be faced with new network management challenges but may also need to make choices in terms of bandwidth allocation. And because concerns about reliability and availability continue to plague voice over IP, it is likely that companies may reserve bandwidth for voice traffic to help compensate for potential service problems � which could mean delays for data applications. In the new world of converged voice and data networks, some companies may find themselves tolerating higher data latency in order to ensure an acceptable level of VoIP service reliability.

THE ROLE OF MANAGEMENT TOOLS
As companies move to converged networks, operations personnel will ultimately require management solutions that can offer an end-to-end view of existing PBX networks, voice services, and data services, as well as the underlying system, network and security-based resources that support them. The additional security issues that IP telephony introduces could also mean that both voice services and data applications could be affected by an attack or network problem � making real-time service monitoring more critical than ever. In the world of convergence, the impact of �cyber war� and security vulnerabilities take on a whole new meaning, as the network truly does become the lifeblood of the business. IP telephony will more than likely motivate many organizations to raise the bar on securing their networks.

�As the momentum for IP telephony gains steam, corporations will need to evaluate their IP telephony management strategy to ensure their monitoring tools are capable of addressing the evolving requirements surrounding the monitoring of both network health and quality metrics as well as security related events and potential vulnerabilities,� commented Hamilton. �Management solutions � (need to be) � well-equipped to address these requirements through the monitoring of network, voice application, and security events that can be centrally managed by operations teams from a single point.�

As a result, silo-based IT management tools that only provide isolated snapshots of individual events or problems will fall short in terms of their ability provide the required visibility of service quality and network health and security that many organizations will require. In order to fully realize return-on-investment from VoIP deployments, IT organizations should evaluate whether their network management solution offers a means of centralizing voice and data faults and reassess their staff�s effectiveness in troubleshooting and resolving problems. With operations centers already flooded with events, a focus on service management and fault isolation will be increasingly critical in terms of maintaining operational efficiency and return-on-investment from IP telephony deployments.

Organizations deploying IP telephony not only need to monitor service quality, jitter, latency, and other metrics, they also need to couple this with end-to-end network monitoring as well as security event management and real-time vulnerability assessments. Management tools that provide the flexibility to manage voice and data networks together or separately along with the critical security information will prove most effective in terms of providing the visibility that operations staff will require to deliver on the reliability and quality of services that businesses will require.

Craig Farrell is Chief Technology Officer at Micromuse, Inc., a global software company that delivers industry-leading business and service assurance solutions to organizations worldwide. For more information, please visit the company�s Web site at www.micromuse.com.

If you are interested in purchasing reprints of this article (in either print or HTML format), please visit Reprint Management Services online at www.reprintbuyer.com or contact a representative via e-mail at [email protected] or by phone at 800-290-5460.

[ Return To The May 2004 Table Of Contents ]