All rights reserved © 2005, Alcatel IP Solutions to move beyond Craig Taylor & Philippe Chadoin

All rights reserved © 2005, Alcatel

IP Solutions to move beyond Craig Taylor & Philippe Chadoin

All rights reserved © 2005, AlcatelIP communication solutions / October 5&6, 05

Enterprise IP communications Challenges and solutionsChallenges and solutions

IT Team and user needs Always on IP infrastructure Service accessibility any time, anywhere Secured IP communication for all traffics Comprehensive management and easier

access to Applications and collaboration Reduced CAPEX and OPEX

Solutions Robust end to end scalable IP

infrastructure Advanced mobility support Enhanced multi-layer security Simplified management and broad set

of collaborative applications


Switches & Routers for workgroups & core network

Alcatel SolutionsConvergence ready IP LAN/MAN/WAN Convergence ready IP LAN/MAN/WAN InfrastructureInfrastructure

OmniSwitch6600

Edge/Aggregation

OmniSwitch 8800

OmniSwitch 7800

OmniSwitch 7700

Core network

OmniSwitch6800

Alcatel Operating System

Chassis, Stackable, Virtual Chassis10/100/1000 wirespeedFiber, PoE, Gig uplinks

64-512 Gbps switching30-240 Mpps10Gig Et., Giga Et., PoE

Key Points

Complete set of solutions from L2+ up to L3 and MPLS

Built in redundancy both at device and network level Designed for triple play networks (QoS, POE, MPLS) Best price vs feature ratio

OmniStackLS 6200

Alcatel7x50

WAN

OmniAccess600

1->16 WAN ISDN BRI


WLAN Switches and APs

Alcatel SolutionsIP WLAN InfrastructureIP WLAN Infrastructure

Key Points Light Access Point for higher performance (roaming, mgt…)

and easier deployment Centralized architecture Compatible with future evolutions & standards (802.11e)

Number of AP

PerformanceOAW-4304

OAW-4308

OAW-6000-128

OAW-4324

OAW-6000-256(Supervisor II)

OAW-6000-512(Dual

Supervisor II)

4

16

1 Gbps / 200 Mbps

48

128

256

512

2 Gbps / 400 Mbps 4 Gbps /1 Gbps 4 Gbps / 3.6 Gbps 8 Gbps / 7.2 Gbps

OAW-6000-48(Supervisor I)

OmniAccess 60/61/70


IP Communication Server

Alcatel SolutionsIP TelephonyIP Telephony

Key Points Best ROI, risk free evolution to IP Virtual Enterprise: lower communication costs Best Voice quality & Performances (Miercom 2005)

HQ with OmniPCX Enterprise

& Mgt server

Main site with OmniPCX Enterprise

Small Siteswith IP phones

Medium siteswith media gateway

PSTN

WAN/IPVPN

•Flexible solution•IP or TDM when IP not optimal•CPE, Hosted, Centralized, Distributed

•Scalable•Enterprise-class telephony•Centralized voicemail & management•High-availability, Survivability & Security•Spatial redundancy

OmniPCX EnterpriseOmniPCX Enterprise


IP, TDM phones & XML Application phones

Alcatel SolutionsIP TelephonyIP Telephony

Key Points Wide range answering to all needs Easy to use with alphanumeric keyboard, color display,

accessories Faster access to applications (XML)

•Full range of IP & TDM phones•500+ features•XML openness•Alphanumeric keyboard•Bluetooth•Phone based Console•Multimedia Attendant Console•IP Attendant Softphone•Full range of Accessories


Converged Communicationincludes MobilityMobility

WorkgroupSwtich

Network Switch

Application Server

Resources

WLAN

LAN Converged

OAW-43xx

OAW-AP

OAW-6000

OmniPCXEnterprise

The rapid adoption of VoIPdemonstrated inter-workingof traditional voice & IP Telephony. Today IP Communication Solution run over high performancecost-effective networks

WLANs emerged as atechnology for wirelessdata transfer, and theyare becoming ubiquitousthemselves. WLANs enable mobility in the enterprise.

IP Telephony is now added to WLANs, offering mobility to the converged enterprise voice and data network

MIPT 300/600

VoIP + WLAN = VoWLAN


Alcatel SolutionsMobility SolutionsMobility Solutions

Key Points

Wide range answering to all mobility needs One number solution Corporate telephony services on mobile phones Mobility ecosystem

++

On-site and Off-site mobility solutionsFree SeatingFree SeatingDECT

VoWLANDECT

VoWLAN

• Twin set support• Any mobile phone• Any Win Pocket smartphone

Cellular ExtensionCellular Extension

PDA SoftphonePDA Softphone

Localization

on WiFi network

Localization

on WiFi network


Alcatel IP Mobility solutionsKey differentiatorsKey differentiators

Broad range of voice mobility options Complete range of mobile IP phones

802.11b, H323 Push to talk, Vibrator TFTP client, DHCP, WPA, WEP Real time messaging

Alcatel Telephony client for open platform terminals: PDAs Innovative solution for Voice over IP and data experience Feature-Rich

– Incoming/outgoing calls– Call transfer – Call by name via virtual keyboard– Voice mail– Twin set option

Unified Communication suite access One device: WiFi / GSM PDA

– Option Cellular Client for off-site use


Alcatel Infra. and IP communication SolutionsSummarySummary

Complete, flexible and scalable solutions QOS and POE available from small stacks up to large chassis Per port POE setting to enable fine tuning Same services from hybrid IP/TDM to full IP

Built in redundancy for all components From stack to chassis with limited price premium Survivability and spatial redundancy for IP com. server

Ease of deployment Same operating system for switches Alcatel Automatic VLAN Assignment (AVA) enabling fast and easy

deployment of IP Phones Enabling port sharing between PCs and IP phones when using AVA and

Mobile Tag VoIP smooth migration thanks to hybrid capabilities


IP securityChallenges and Alcatel approachChallenges and Alcatel approach

Challenges: new security concerns arise as voice communication systems are incorporated in IP networks How do I secure the voice system as any other server on the LAN How do I ensure the IP Communication system availability How do I balance security measures & management complexity

Alcatel approach “Security is a process, not a product”: Bruce Schneier

Alcatel “thinks security” at all stages of the product life from product design to solution deployment.

IP Telephony systems can be made as secure as traditional systems and are ready for deployment”: Burton Group Alcatel system design gives a superior protection to the security attacks & provides

more predictability “We need to weigh the costs versus the benefits of measures

taken to ensure security”: Bruce Schneier Alcatel voice solutions fit with corporate security framework


Security Solutions Alcatel’s Network Based SecurityAlcatel’s Network Based Security

Network Enabled Security • Attack prevention with Host integrity checking• Attack detection & containment

Managed Network Security• Users / switch ports profile management• Policy based management to scale & support secure mobility

Network Embedded Security• Hardened network infrastructure• Access control by the network


Alcatel SolutionsIP Infrastructure securityIP Infrastructure security

Security

Key Points

VPNFWIDS/IDPAntivirusWeb Filtering

FortigateFortigate

• Host Integrity checking•User authentication

Built in security across the entire solution set High performance Consistent approach

OmniAccessOmniAccess

OmniAccess WLAN

OmniAccess WLAN

OmniSwitchOmniSwitch

Embedded VPNEmbedded FW

Embedded VPNEmbedded FWRogue detection and containmentUser profilingEncryption

DOS protectionACLUser authenticationEncrypted ManagementBinding VLANs Alcatel Quarantine Manager


WorkgroupSwitches

Data CenterSwitch Critical

ResourcesEnd stations

Quarantine Manager

1

2

3

Quarantine Quarantine ManagerManager

!!! Attack detected !!!, you can:

• Shut down faulty user

port• Create an ACL• Move faulty MAC to

quarantine VLAN

5

4

Security Solution– Attack ContainmentAlcatel Quarantine ManagerQuarantine Manager

X


WorkgroupSwitches

Data CenterSwitch

CriticalResources

End stations

RadiusServer

Client IntegrityServer

Client IntegrityAgent

1User Authenticates using 802.1x (Authenticator is workgroup switch)• Authentication message includes user name and password• Authentication message includes host integrity status (OK or not OK)

802.1x

2Authentication request reaches the proxy authentication server• Checks integrity status (check is OK)• Forwards authentication information to RADIUS

3RADIUS Authenticates and sends VLAN information

4 Authorization is sent to switch• User is placed in VLAN

If Host Integrity is not OK, user is placed in quarantine VLAN / Remediation VLAN

Security Solution – Attack preventionHost integrity checkingHost integrity checking

ManagementServer

Patch Updated

S.P. Updated

Personal FirewallOn

Anti-Virus Updated

Anti-Virus On

Status

Host Integrity Rule


Security Solution – Wireline-Wireless IntegrationUser security profilesUser security profiles

Stateful FW rulesACLsBW contractsVLAN Membership

ACLsBW contractsVLAN Membership

VLAN MembershipContent

Inspection Stateful FW rulesACLsBW contractsVLAN Membership

Role #1

Role #2

Role #n

Role #n+1

Role #1

Role #n+1

Role #2Role #n

Radius serverUser authentication

Role #1

Authentication response:

Device Integrity State

User / device role assigned

User / device role unchanged

User roles are defined at the WLAN switch level

RADIUS Database populated with user’s or user groups’ role extensions

WLAN switch

User connected in the office

Key benefits:• Unmatched security with L7 filtering / inspection• Secure mobility whatever the media

• Policy-based management – no switch by switch FW rules or ACL configurations

LAN Switch


Proactive security OS hardening

Robust operating system: Linux

Unnecessary open source applications removed

Tested against denial of service attacks

Media gateways No intrusion possible to the network

Secure development process, ships from the factory in secure mode

Reactive: manage security alerts Escalation processes with Alcatel security

expertise

Leading computer emergency team

Alcatel SolutionsSecure IP Communication ServerSecure IP Communication Server

LAN Propagation

OmniPCXEnterprise

Virus

Internet

CD

Email Server


Authentication No default password for OmniPCX Enterprise

system accounts access

Management logging and authentication

Configuration events log

Log of rejected attempts

Use of secure protocols SSH, SFTP, SCP

between com. servers

between com. servers and management platform

IPSec for exchanges between the OmniVista 4760 server and client

Role based management Management access based on application and

user rights

Alcatel SolutionsSecure IP Communication ServerSecure IP Communication Server

Attacker

No defaultaging PWDs

role based

SSHClient

Management platform


Alcatel/Thales « VoIP encryption » solution protects:

Alcatel components of the IP telephony solution against IP Spoofing or Man in the Middle attacks

voice communications against eavesdropping

Alcatel/Thales « VoIP encryption » solution allows

HW encryption for real time traffic

Mutual Authentication of VoIP elements

IPT Signaling and VoIP encryption

Easy to install : automatic negotiation between components (Communication Server, central and local Encryption modules).

Alcatel SolutionsSecure VoIP CommunicationsSecure VoIP Communications

Call quality ratings

0

1

2

3

4

5

6

IP p

hon

e

G711

,

LA

N

WLA

N

wa

rehou

se

Re

mote

off

ice

encry

ption

So

ftp

ho

ne

road

wa

rrio

r

IP p

hon

es

tele

work

er

Test scenarios

Vo

ice q

uali

ty

Alcatel

Avaya

Cisco

Siemens


Alcatel IP Security solutionsKey differentiatorsKey differentiators

Comprehensive security approachVoice and DataWired and Wireless

Easy security policies enforcementCentralized ManagementAlcatel quarantine Manager


Alcatel SolutionsManagement PlatformManagement Platform

Key Points All applications running on a single server Simplified implementation of IP security policies (Voice & data) Integration with existing environment (SNMP, LDAP, DHCP…)

One Management Platform: OmniVista•OV 2730

PolicyViewOne

Touch

•OV 2730PolicyView

OneTouch

•OV 2752SecureView

SecureAccess

•OV 2752SecureView

SecureAccess

•OV 2770QuarantineManager

•OV 2770QuarantineManager

•OV 27xxSecureView

SecureACL

•OV 27xxSecureView

SecureACL

OmniVista 2500 Basic•Alarms, Statistics

•Topology, Discovery, Locator•Bulk Operations

•Third-party devices (discovery)

OmniVista 2500 Basic•Alarms, Statistics

•Topology, Discovery, Locator•Bulk Operations

•Third-party devices (discovery)

•OmniVista4760

Fault/Alarms•Configuration

•Accounting•Performance

•OmniVista4760

Fault/Alarms•Configuration

•Accounting•Performance

IP Network IP Telephony


Alcatel SolutionsAlcatel SolutionsCollaborative communication ApplicationsCollaborative communication Applications

Key PointsKey Points

Pure IP and pure software solutionsPure IP and pure software solutions UC implements Internet standards (VxML, SIP, XML, J2EE)UC implements Internet standards (VxML, SIP, XML, J2EE) Full range of evolutionary Contact Center solutionsFull range of evolutionary Contact Center solutions Web Services: to minimize CTI integration costsWeb Services: to minimize CTI integration costs

IP Communication & Interaction ApplicationsIP Communication & Interaction Applications

My My AssistantAssistant

My My AssistantAssistant

My My TeamworkTeamwork

My My TeamworkTeamwork

My My MessagingMessaging

My My MessagingMessaging

My My PhonePhoneMy My

PhonePhone

Unified Unified CommunicationCommunication

Unified Unified CommunicationCommunication

•Unified MessagingUnified Messaging•PC telephonyPC telephony•Call routingCall routing•Audio, Web & Video Audio, Web & Video confconf

““Greeting” Greeting” CenterCenter

““Greeting” Greeting” CenterCenter

•Informal Contact CenterInformal Contact Center•Ready-to-Use with wizardsReady-to-Use with wizards•Multi-Extension for business Multi-Extension for business callscalls

Multimedia Multimedia Contact CenterContact Center

Multimedia Multimedia Contact CenterContact Center•Fast answersFast answers•1st call resolution1st call resolution•Agent efficiencyAgent efficiency•Personalized servicesPersonalized services

Communication Communication Web ServicesWeb Services

Communication Communication Web ServicesWeb Services

•Integration into Business Integration into Business appsapps


Alcatel Application SolutionsAlcatel Application Solutions Unified CommunicationUnified Communication

Alcatel Web DashboardAlcatel Web Dashboard

“To check your voice mail: press 1”“To check your Fax: press 2”“To check your e-mails: press 3”

VxMLVxMLVxMLVxML

Service delivery, wherever you are …..


Better interactions. Better services. Better relations .

Better interactions. Better services. Better relations .

Dial ONEONE telephone number

to access a wide range of services previously delivered

through separate department

faster problem resolution, easier access to knowledgeable help, better self-service options

and more personalized service

Enhance Enhance services to services to customerscustomers

Alcatel Application SolutionsAlcatel Application Solutions Contact CenterContact Center

Making customer’s life easier…


Alcatel Application solutionsKey differentiatorsKey differentiators

Common Management approach for both voice and data

Modular platform Pay as you need

Easy to use and to configure solution One touch approach Bulk operations

Complete set of communication applications Terminal independent Ease collaboration Improving overall efficiency


Alcatel/Aruba

Alcatel IP SolutionsConclusionConclusion

Complete IP communication solution family Voice and data Wired and wireless Including security approach Broad set of user centric added value

applications

Specific benefits to end user Easier VoIP deployment

AVA and group mobility Superior VoWLAN support

Quality of Service and fast roaming Reduced IP solution CAPEX and OPEX

Low price point and easy management Flexible and scalable solutions Ready for on demand deployment scenario

Documents

All rights reserved © 2005, Alcatel IP Solutions to move beyond Craig Taylor & Philippe Chadoin