EMEA Techshare 2009 The Future Begins Session Border Controllers Connecting the IP World Acme Packet and Avaya Lead The Way April 9, 2009 Neil Segall, Business Development Margie Frasier, Channel Development

EMEA Techshare 2009 The Future Begins Agenda Why should I care about SBCs? What is an SBC? Product Overview Working together

EMEA Techshare 2009 The Future Begins We are not Bugs Bunny!! Beep Argh!~

EMEA Techshare 2009 The Future Begins Why should I care about SBCs? Reduce cost Deliver business agility Secure loyal customers

EMEA Techshare 2009 The Future Begins Market Trends Service providers – Making SIP value available to enterprises – Relying on SBCs for peering and secure access – Reselling or recommending CPE SBCs for security and interworking Enterprises and contact centres – Embracing converged voice/data for UC, CC, & CEBP – Migrating increasingly to SIP – Moving to SIP trunking for lower costs & power consumption – Recognizing identity, trust and security as critical to UC success – Dealing with interworking and regulatory concerns

EMEA Techshare 2009 The Future Begins Future of interactive communications? The Internet I I F F The Federnet F F F F F F F F

EMEA Techshare 2009 The Future Begins Federnet: The eight driving factors 1. In IP, we trust no one 2. Addresses will forever be a collection of heterogeneous schemes 3. SIP is not the only signaling protocol 4. Codecs will never converge to a couple - audio & video 5. Unlimited bandwidth, QoS and signaling resources will forever be a myth 6. Some sessions are more valuable than others 7. IP IC regulation will increase 8. Business models will never be homogenous

EMEA Techshare 2009 The Future Begins MX Application Platform Next Generation Communications App 3 rd Party endpoints Avaya CM Branch / Stand alone o o o Remote workers Over Internet o o o Application Platform G860 3 rd Party PBXs App Avaya one-X ® endpoints PSTN Providers Outsourcers Federated System Manager App MM VP CM SM Communication Manager Core SIP Trunks Media Servers TDM Trunks Access Connection Application Internet Acme Packet SBC

EMEA Techshare 2009 The Future Begins Joint Value Proposition Acme Packet SBCs augment Avaya solutions for UC and CC – Defend SIP signaling elements against security threats, overloads – Eliminate border signaling and many other interoperability issues – Preserve session quality under load and adverse conditions – Extend Avaya application reach across IP network borders – Support regulatory compliance Key Benefits – Faster Avaya solutions deployment at lower risk and cost – Safe use of cost-effective SIP trunks – High-quality session delivery to workers across the enterprise – Improves customers options for customizing their networks

EMEA Techshare 2009 The Future Begins What is an SBC?

EMEA Techshare 2009 The Future Begins Session – real-time, interactive communications – voice, video & multimedia - using SIP, H.323, MGCP/NCS, H.248 Border – IP-IP network borders – Interconnect/peering: between service providers – Subscriber access: enterprise, residential or mobile services – Data center: retail or wholesale services – Enterprise: intra- & extra-enterprise Control – Security – Service reach maximization – SLA assurance – Revenue & cost optimization – Regulatory compliance What is a Session Border Controller? Large enterprise Mobile services PSTN PSTN origination & termination Directory services IP transit PSTN termination IP contact center Residential & business services

EMEA Techshare 2009 The Future Begins Why SBCs Instead of Firewalls? Because traditional firewalls cannot: – Prevent SIP-specific overload conditions and malicious attacks – Open / close RTP media ports in sync with SIP signaling – Track session state and provide uninterrupted service – Perform interworking or security on encrypted sessions – Scale to handle many 1000s of real-time sessions – Provide carrier class availability InfoSec deploy defence-in-depth model with application-level security proxies for and web applications – Same model applies for IP telephony, UC and IP contact center applications

EMEA Techshare 2009 The Future Begins Completes Avayas cost effective end-to-end SIP architecture – SIP trunking and border interworking – Remote site & worker connectivity – Reduced maintenance costs Provides best-in-class VoIP & UC security – Integrated with Avaya Session Manager, Communication Manager and Voice Portal Assures quality and high availability – Disaster recovery and survivability Helps achieve regulatory compliance – Emergency calls, privacy, recording Acme Packet SBC secures & assures Avaya unified communications Redundant data centers Contact center, audio/video conferencing, IP Centrex, etc. To PSTN SIP Tele- worker Nomadic/ mobile user SIP Remote site 1. SIP trunking border2. Hosted services border 3. Internet border HQ/ campus Remote site CC UC H.323 Regional site Federated partners Internet Private network ASM APKT

EMEA Techshare 2009 The Future Begins Product Overview

EMEA Techshare 2009 The Future Begins Acme Packet Products 4,000-72,000 1,000-16, , # sessions 5,000-80,000 Data Center LargeMediumSize 1,250-40,000 Data Center 750-2,500 Data Center / branch office 20, ,000 # lines # agents Data Center (w/transcoding) Net-Net 4250 Net-Net 4500 Net-Net 9200 Net-Net , ,000 2,000-36,000 UC CC

EMEA Techshare 2009 The Future Begins Net-SAFE Security Framework SBC DoS/DDoS protection – Protect against SBC DoS/DDoS attacks & overloads Access control & VPN separation – Dynamic, session-aware access control for signaling & media – Support for L2 and L3 VPN services & traffic separation Topology hiding & privacy – Complete service infrastructure hiding & user privacy support Viruses, malware & SPIT mitigation – Deep packet inspection enables protection against malicious or annoying traffic Encryption and Authentication – TLS, IPSEC, SRTP Monitoring and reporting – Record attacks & attackers – Provide audit trails SBC DoS protection Fraud prevention Access control Topology hiding & privacy Service infrastructure DoS prevention Viruses malware & SPIT mitigation

EMEA Techshare 2009 The Future Begins Dynamic ACLs and Hardware Based Security All Unauthorized traffic rejected by Hardware Authentication NN-SD X Http Request Dropped at Wire Speed!! Unuauthorized Protocol or Destination port Authorized Traffic Flows are based on: Source IP address/range Source IP Port Protocol Destination IP address Destination IP port VLAN + Physical Port X HARDWARE BASED AUTH: Other Authorizations at Wire Speed: DoS Blacklisted Users Rejected (matched on above Flow Definitions) SIP Invite Blacklisted User X Software Based SBCs cannot provide this!

EMEA Techshare 2009 The Future Begins Signaling Based Security Stateful awareness of SIP sessions allows for fine-tuned security measures a FW cannot provide: Next Hop Device (i.e. Avaya SM) constraints exceeded SIP Invite Reject with 4xx Unauthorized X NN-SD Bandwidth Exceeds Allowed LImit SIP Invite Reject with 503 Unavailable (configurable response) X SOFTWARE/SIGNALING BASED AUTHORIZATION : Authorized Traffic Flows can be based on: User Registration Status SIP packet format (Legal?) Traffic Filters based on SIP header content Source or Destination URI format Codec type Bandwidth or Session Admission Control Overload constraints (CPU and Next hop) Signaling Rate Limit Unregistered Users (Rejected at SIP level) SIP Invite Reject with 4xx Unauthorized X

EMEA Techshare 2009 The Future Begins Handling of Ports for Media VoIP often requires a different media port per source for RTP flows Net-Net SD Dynamically Opens ports for RTP/RTCP (Media streams) – Secure Latching : INVITE SDP C= (Source): , port 1046 Open media port from Pool Y. Remember mapping from (Pool Y) to :1046; Open a media port from pool X. Remember mapping from (Pool X) to :4300 Net-Net UDP Ports: (Pool X) UDP Ports: (Pool Y) OK SDP C= (Source): , port 4300 INVITE SDP C= (Source): , port OK SDP C= (Source): , port BYE 200 OK X Close Media Ports and Removed from SBC cache FW Must Keep ports open at all Times

EMEA Techshare 2009 The Future Begins Its not just about security Legacy data infrastructure is not enough – Signalling protocol interworking – Service reach maximization – QoS / Accounting – Session replication – High availability

EMEA Techshare 2009 The Future Begins Header Manipulation Rules Benefit – allows SBC to perform SIP header/parameter manipulation based on regular expressions Problem overcome – interoperability issues, unique routing needs, protocol normalization and fix-up Details – Regular expression search and store capability – Ability to do repetitive search and replace – Boolean logic support – Supports operations on MIME body, e.g. SDP – Allows codec re-ordering & stripping – Ability to insert information into Call Detail Record VSAs – HMR for ISUP (conversion between any variation of SIP, SIP-I, SIP-T)

EMEA Techshare 2009 The Future Begins Hosted NAT traversal (HNT) Problem: remote-user NAT traversal – Inbound VoIP/UC cant get through DSL/cable modem firewall / NAT – Home worker cant reconfigure FW/NAT – NAT-T techniques (STUN / TURN / ICE) are limited and vary widely by device: an IT support headache Solution: host NAT traversal in SBC – Standardizes NAT methodology – Proven solution: globally deployed – Scalable with very low latency Benefit: lower cost, complexity of deployment, support – No end-user action required – One centralized box to manage – One methodology for NAT traversal Remote User IPTUCCC Internet CPE NAT/FW messes up secure VoIP Enterprise Data Centre

EMEA Techshare 2009 The Future Begins QoS measurement & reporting Benefits – Enables real-time evaluation of network & route performance – Enables Enterprises to validate SLAs from their service providers – QoS based call admission control Capabilities – Per-flow statistics including jitter, latency, packet loss, byte and packet counters – Hardware based RTP/RTCP header inspection – no performance impact – Reported through call accounting interface (Radius) or via FTP Segment A Segment B

EMEA Techshare 2009 The Future Begins IP Session Replication Benefit – reduces costs and decreases complexity Problem overcome – reduces the number of devices/interfaces involved in call capture and replication; SBC scales better than alternative methods Call recording servers (CRS) are provisioned per ingress realm – SBC replicates and forwards signaling and media – SBC load balances session across recording servers PBX Avaya ACM/ASM Avaya ACM/ASM

EMEA Techshare 2009 The Future Begins High Availability No loss of active sessions (media and signaling) Supports new calls 1:1 Active Standby architecture Failover for – Node failure, network failure, poor health, manual intervention – 40 ms failover time Checkpointing of configuration, media & signaling state Preserves CDRs on failover Shared virtual IP/MAC addresses Find SD through DNS round-robin or configured proxy sd0.co.jp sd0.fc.co.jp ActiveStandby X All sessions stay up. Process new sessions immediately Active New call

EMEA Techshare 2009 The Future Begins Working together

EMEA Techshare 2009 The Future Begins PBX Avaya CM HQ/Regional Data Center UC Reference Architecture 27 Branch Office PBX Router SIP Trunking Service PBX ACM / DO PBX Avaya SM Analog, Digital SIP Customer choice of complete local call processing intelligence in branch or if desired, no survivability Avaya Session Manager implements session routing for inter-branch and branch to HQ; manages centralized dial plan Mini Border Element provides secure access to distributed SIP trunking services for branch/remote locations SBC provides secure access to centralized SIP trunking services for HQ/regional centers SIP Internet RTP Remote clients SIP Trunking Services

EMEA Techshare 2009 The Future Begins Avaya / Acme Packet Interop Acme Packet part of Avaya Development and SV models – Acme Packet equipment in Avaya R&D & Services labs – Avaya equipment in Acme Packet labs Formal Interop Testing and Documentation – DevConnect - Acme Packet is a Platinum partner Peering and Access – ACM: NN4250 & NN4500 complete, NN3800 in progress – ASM: NN4250, NN4500 and NN3800 in progress – AVP/ICR: NN4250, NN4500 and NN3800 in progress Online Application Notes and configuration guides – SITL will certify SIP trunks Testing ongoing in NA, CALA, EMEA, and APAC

EMEA Techshare 2009 The Future Begins 29 Acme Packet - company overview – Q Revenue ($M) Acme Packet at a glance Session Border Control (SBC) category creator & leader with 50-60% market share, founded August 2000 Top tier customers worldwide – 600+ customers in 92 countries – 29 of top 30, 89 of the top 100 service providers Market focus: enterprise, contact centre, and service provider 400+ employees in 25 countries, Burlington, MA headquarters Public company (NASDAQ: APKT) w/ strong revenue growth, profits & balance sheet Healthy, Profitable, Leading, Growing

EMEA Techshare 2009 The Future Begins Competition Primary competitive threat: customer inertia – Ignorance of need for SBCs – IT security staffs must be educated Next-best threat: Cisco Unified Border Element (CUBE) – All software: small scale, low performance – Lacks DoS protection, advanced routing, high availability – Years behind on features and protocol support – Very limited non-Cisco product interoperability

EMEA Techshare 2009 The Future Begins Go-to-market strategy Channel focus in EMEA - over 60 people – Business and channel development provide commercial and technical support – Direct touch Sales and Engineering team directly supports opportunities – EMEA HQ in Madrid has training and lab facilities – Field systems engineering supports evaluations & trials, informal training Technical support - 24x7x365 from Burlington, MA, USA headquarters – Protocol and platform focus areas – Telephone hotline for critical problems – Web portal Training – Configuration and troubleshooting courses – Boston, Madrid, Moscow, or at customer site English, Spanish, Italian, French, German, Russian, Dutch, Portuguese

EMEA Techshare 2009 The Future Begins Acme Packet helps close more Avaya business faster Minimize risk for migration to Avaya – Interworking and compliance / security / service quality Reduce cost and increases value of Avaya solution – Enables secure use of cost-effective SIP trunks – Supports Flatten Consolidate & Extend (FCE) model Provide a competitive advantage over Cisco – Superior SBC solution – Strong relationships with service providers – Prevent Cisco from getting more foothold

EMEA Techshare 2009 The Future Begins 33 Acme Packet confidential The Managed Services Opportunity Managed CPE SBCs enable multiple services to be safely delivered through SIP Trunks – IP Contact Centres – Unified Communications Services – IP PBX connectivity Business partner managed SBCs mean: – Annuity revenue – Account Control and opportunity to sell multiple services – Services Revenue Opportunity

EMEA Techshare 2009 The Future Begins Value proposition The:Acme Packet SBC solutions is for:Mid- to large-size enterprises and contact centres across all vertical markets and geographies who need to:Connect to public/private SIP Trunk Services, and support Remote / Mobile Workers in order to:Reduce cost Deliver business agility Secure loyal customers Meet regulatory compliance mandates

EMEA Techshare 2009 The Future Begins Acme Packet Contacts - EMEA Andreas Waechter, Sales Director, Enterprise, Margie Frasier, Channel Development Manager, Geraint Evans, Technical Director, HEADQUARTERS Relationship Manager: Neil Segall Technical Director: Ray DeQuiroz, Chief Engineer: Mike Aglietti, Channel Development: Laurie Coppola