A large mobile provider needed to extend its service portfolio beyond VoIP to include IM, presence and conferencing to both mobile and fixed-line users. Some of the services, like enterprise access to hosted LCS, require encrypted connections. Others travel in the clear. Moreover, while fixed-line access depends on a trusted partner network, mobile access uses the untrusted public Internet.

This company evaluated peering session border controllers and the Covergence Session Manger (CSM) because of its unique ability to

• Scale total endpoints, concurrent calls, registrations/sec., call set-up/sec., etc
• Encrypt signaling (TLS) and media (SRTP) to ensure confidentiality and integrity
• Protect the service from attacks (DDOS and registration floods)
• Provide uniform policy enforcement across IM, presence, audio, video, and other services
• Control the types of messages and devices on the network
• Provide tools for debugging, capacity planning and forensic analysis
• Monitor and track the actual quality of service experienced by users

Today this service provider is using CSM to deploy VoIP, IM, presence, conferencing with the same – or better – performance, quality, reliability and security as any other IP application.

Deployed at the edge of the service provider’s infrastructure, Covergence creates a single point of security and control for all classes of SIP-signaled traffic (Figure below):

• Signaling and media traffic from enterprise SIP phones travels over a trusted partner network in the clear, i.e. unencrypted. The Covergence Session Manager (CSM) cross-validates both traffic streams to prevent toll fraud. It also generates the call records, event logs and other information needed to ensure efficient operation, regulatory compliance and revenue recognition.
• Client software on enterprise desktops exchanges TLS-encrypted SIP messages with hosted LCS services. CSM not only authenticates the connections and validates all messages, but also translates between different SIP dialects if required.
• Mobile handset users connect to the service provider’s point of presence (PoP) over the Internet. Since the connections are unencrypted, they expose the service provider to a number of potential attacks. By routing these sessions through attacks are stopped at the subscriber edge before they can do any damage.
• Nomadic users also connect over the Internet, but client software on their laptop computers encrypts SIP messages before sending them. At the service provider PoP, CSM decrypts and validates the messages and forwards them, either re-encrypted or in the clear to the appropriate destinations.