If you're like me, you're likely reading this on a mobile device -- which is quite appropriate, since it was written moving at 500 mph on a cross-country flight. Mobile devices have changed almost everything we do, and users are depending on their enterprise IT teams to enable their mobility and communications needs.
IT departments everywhere are being pressured to open voice over IP networks to mobile and teleworking clients, including softphones, employee-owned smartphones, and an increasing number of video-capable devices. Sales of laptop computers are declining as increasingly powerful mobile and tablet devices gain market share.
Providing users of mobile devices with rich unified communications (UC) functionality, enterprise-class security, and protected user privacy is no small task. The tools must be simple to use and easy to connect from any network. Until now, virtual private network (VPN) connectivity has been the most popular solution. But VPNs fall short in a couple of ways:
- They provide broad, relatively uncontrolled access to a wide range of corporate network resources, placing those resources at risk.
- For mobile users, manually configuring VPN connections is a hassle.
For example, enabling a mobile user with a UC platform like Avaya Flare for iPad requires the user to download Flare as well as a VPN client, such as Juniper's Junos Pulse. To use Flare, the user first launches Junos and connects to the VPN gateway with their corporate credentials. Their iPad gains full access to the entire corporate network. Then the user is able to launch Flare and use the Flare Experience for mobility and video -- if they can remember what they wanted to talk about.
If the iPad powers off or the VPN connection times out (as often happens), the user must log in to the VPN again before using Flare. This kind of experience can lead to two very unwelcome results. One, the user begins yelling at someone in the IT department, creating helpdesk tickets and driving up operational costs. Two, the user abandons the solution completely, turning the UC investment into a failure.
Using a session border controller (SBC) enables us to achieve several things that a VPN cannot, by implementing Session Initiation Protocol (SIP). We often deploy the Avaya Session Border Controller for Enterprise R6.2 to connect SIP-based UC clients without a VPN, while exposing only the resources needed for UC. The SBC also continues to inspect sessions and data for unexpected SIP request behavior, like abnormal phone call requests.
Why use an SBC? There are three main advantages:
Security: The SBC sets up a "mail slot" that securely connects UC devices only to your session manager and communication manager, rather than throwing open the front door and allowing mobile devices to connect to anything on your corporate network. This allows you to enable robust UC capabilities while preventing unauthorized access to enterprise databases and file systems.
Economy: Devices like the Avaya SBC provide sophisticated, application-layer security -- including a SIP firewall, intrusion detection and prevention system, access controller authentication, and UC proxy and policy enforcement functionality -- all in one box, on top of the basic SIP trunk-handling functionality. Fewer devices reduces administration and makes edge connectivity cheaper and easier on your IT staff.
Usability: Relieving users of the song and dance required to make VPN connections makes mobile enablement realistic for everyday, routine usage. Once the preconfigured SBC client resides on the mobile device, it can automatically find and connect to the enterprise network whenever it is available. Connections can be "always on" and secure.