This is a question which we ask ourselves regularly. Where I’m working at a Systems Integrator I come around a lot of customers and Lync design sessions.
At an era where we have more and more choices of “Direct SIP Trunks” to Lync from ITSP’s (Internet Telephony Service Providers, “PSTN” providers), some may prefer a direct SIP trunk over the “extra component” – an SBC. Others may just prefer an SBC for its enhanced features and security. What I’m trying to demystify with this blog post is the overall question – Why would I want to use an SBC or Media Gateway, when I’m also able to connect a SIP Trunk directly to Lync and avoid an extra component to manage?
First of all, let’s clarify the terms used here.
SIP Trunk – A predefined connection between two points for communications. A SIP Trunk, in this context, is a PSTN Voice connection between PSTN provider and the customer’s network.
Direct SIP Trunk – A SIP Trunk between Lync and the ITSP (PSTN provider), which is certified (by Microsoft) for this type of SIP. This would then connect the Lync server(s) directly to the ITSP, without any customer managed equipment involved.
ITSP – Internet Telephony Service Provider – a PSTN provider which happens to deliver SIP trunks
PSTN – Public Switched Telephony Network – make or receive calls, using phone numbers and analog or digital phone equipment. The phones at home, fax, mobile phones, etc.
Now, let’s get some more info on what an SBC actually is. It is most often confused with a Media Gateway. Those are two terms, often used for the same device which could combine both, but could also operate complete separate from each other. Let me explain.
In this explanation, I might use information sourced from Sonus. Sonus offers SBC’s/media gateways. It has merged a company previously known as N.E.T., known from its Lync-certified “enhanced Media Gateways and SBC’s”. Sonus is expanding the portfolio N.E.T. already offered. In my experience with different gateways and SBC’s, Sonus not only offers the most intuitive interface and configuration, but also delivers the best hardware, integration options and richest set of features. All this could be subjective, but in my opinion, those could be valid reasons to prefer Sonus over others.
A Media Gateway is as it sounds – a gateway between media. So if you want to connect Lync to a PSTN and you do have only ISDN connections, you would need to use a Media Gateway. Which then converts audio between/over ISDN and SIP. But “SBC” would be the term to use when the same functionality is used between SIP Trunks – for example, one SIP trunk between SBC and Lync, and another between the SBC and the Service Provider.
As read above, one of the advantages of an SBC is therefore that you could connect uncertified (by Microsoft) SIP Trunks to Lync, not just only the certified ones. Also, with the Media Gateway functionality, you could also connect and switch/route between Analog, ISDN and SIP connections. Not only does this allow to connect those already-available ISDN-30 E1 or T1 trunks, you could also connect the traditional PBX. And this could add a lot of flexibility to your telephony set up. It could, for instance, allow a number-by-number, or user-by-user, migration from traditional PBX to Lync. Or allow “forked calls”, meaning a call could both end up to an employee on the traditional phone, but also on Lync allowing the user to decide where to take the call. And those are just a few or many possibilities you could achieve with this!
Also some of those device(s) – like the Sonus SBC’s – are able to act as SIP-registrar for SIP Devices (including some other brand’s standard SIP phones), or connect analog phones like intercom’s and fax devices. Also integration with Active Directory or other systems are possible. Imagine combining those connectivities – f.i. a seamless cut-over from legacy PBX to Lync could be achieved by combining ISDN, SIP and AD, where the device “reads” from ad whether to route an incoming call to the legacy PBX, or when Lync-Voice enabled, to Lync!
So now we’ve covered connectivity and the flexibility this might bring. This alone could be a winner for a Media gateway / SBC, just for the migration purpose or ability to connect other (legacy) devices to Lync.
Now let’s focus on the “SBC” part, or range of products. Strictly taken, those thus cover SIP-SIP communications, and act as a “Voice Firewall”. With 4 fields of functionality:
Let’s discuss those 4 each apart, to get an overall idea of why we would want such SBC.
Where a Direct SIP trunk might be “easier” to implement, it also brings risks to your environment. Basically you’re connecting your network to the provider’s network. This could be considered as a risk, but at middle- or smaller customers, I find that this topic is mostly considered non-important. But where you’re directly connected to your provider’s network, you also don’t have any influence on what’s happening there. Hackers could get access to your environment when the provider doesn’t provide enough security or separate her customers. Security is therefore considered the primary goal of an SBC: to protect your environment and provide sufficient security. It could do so by inspection of the traffic/packets, but also as termination point with use of security measures as certificates, etc.
Telephony services are usually important to companies. Therefore, Business Continuity is also a hot topic when discussing your new telephony solution. An SBC doesn’t have to be the single point of failure, as it is sometimes referred to. The SBC itself could be set up redundant – multiple SBC’s, either as failover or to balance the load of calls. In addition, SBC’s could connect multiple SIP Trunks from both provider-side and Lync-side to offer true high availability. Last but not least, the combination of those two could offer a true availability to those who need an absolute high uptime guarantee.
Where we already discussed this field of functionality, an SBC provides Interoperability by the ability to interconnect multiple SIP trunks. Where Lync has a specific set of requirements, the SBC’s usually have a much wider range of options. It supports multiple codecs and the transcoding in between, different authentication types, etc. – all you would need to connect any different SIP trunk to Lync. Of course, you could also connect a Lync Certified SIP trunk to the SBC, and on the other side connect Lync. Just to provide the other functionalities.
Last but not least, this could also be considered a “security” feature, but an SBC could provide Demarcation. The SIP language provides a rich set of information. It tracks the complete route, including different connection options and therefore expose your internal and external IP addresses and open ports. This will provide all hops in the route with some sensitive data and this exposure could lead to hacking or phone call tapping.
Those are the basics of the Media Gateways and SBC’s. Each brand and model have different features and options, both hardware and software based. There is a lot to choose from. When considering such device for your environment, it might be a wise idea to consult a specialist or architect to design the correct infrastructure, or at least summarize your requirements and find the appropriate make and model to fulfill those needs!