1 / 59

OmniPCX Enterprise r6.2 Product presentation

OmniPCX Enterprise r6.2 Product presentation. 8AL020033311DRASA ed 9. Notice on this presentation. This document is the OmniPCX Enterprise r6.2 product presentation Now feel free to use this document for both internal and external presentation!!!!. Total Market evolution. (‘000 lines).

kiele
Télécharger la présentation

OmniPCX Enterprise r6.2 Product presentation

An Image/Link below is provided (as is) to download presentation Download Policy: Content on the Website is provided to you AS IS for your information and personal use and may not be sold / licensed / shared on other websites without getting consent from its author. Content is provided to you AS IS for your information and personal use only. Download presentation by click this link. While downloading, if for some reason you are not able to download a presentation, the publisher may have deleted the file from their server. During download, if you can't get a presentation, the file might be deleted by the publisher.

E N D

Presentation Transcript

  1. OmniPCX Enterprise r6.2Product presentation 8AL020033311DRASA ed 9

  2. Notice on this presentation • This document is the OmniPCX Enterprise r6.2 product presentation • Now feel free to use this document for both internal and external presentation!!!!

  3. Total Market evolution (‘000 lines) (‘000 lines) Western Europe Shipments US Shipments (Excl. KTS) 6% 32% 15% 45% Source : Alcatel internal

  4. 2005 User Centricity • Complete (finish) introduction of new IP Touch range • Introduce a minimum of “reliable” SIP end-point solutions • PDA smart-phone (Actimage + HP partnership) • Wifi market contingency plan (+ step 1 improvements) • Re-dial / call-log / UDA packs • My Team-work promotion…(e-Dial) • Video & presence solutions (first wave end ‘05) What’s in it for me ?

  5. 2005 IP Foundations • Security enhancements, mainly encryption (first step) • A (small) number of highest availability enhancements • Serviceability evolutions (mid market) • Build fast-track solutions IP Foundations

  6. OmniPCX Enteprise r6.2 What’s inside?

  7. What’s in? • Security and system availability • IPTouch Security Solution • System security enhancement • IPTouch survivability • End user centric • IPTouch finalization • Free seating • Attendant sofphone • Other goodies • ACT in 19” shelves

  8. Security and availability IPTouch Security Solution System Security improvment

  9. Communication Application Security Management & Project Security Alcatel IP Communication security, a process not a product Security Communication Server Security Network Security

  10. Powered by Authentication: different levels User authentication (set lock, virtual office)At the application level Open Communication Suite CS Enterprise Communications Server User Device authentication: At the communication level IP Servers IP Phone IPAppliance Server Device authentication:At the network level Terminals Network Infrastructure 802.1X Network Access Control

  11. Com Applis Sec. Eavesdropping Spoofing Man-in-the Middle Communication security Scope of Alcatel-Thales partnership Security • Confidentiality • Wire-speed Encryption of Voice and Call control signaling • Authentication • Ensure that OmniPCX network elements are who they say they are (Server, media gateways, IP Phones) • Integrity • Call control signaling • Signed IP Touch, MG.. Binaries • New Protection against gratuitous ARP on IP Touch

  12. Architecture and components description • Com Servers and IP Media gateways flows are protected by security modules • ServerSecurity Module protects Com serversflows • Media Security Module protects IP Media gatewaysflows • IP Touch phone security is done through embedded firmware • No specific commercial reference for IPTouch running encryption • SSMs and MSMs are separating the « unsecured » LAN from the IP voice components Clear port Encrypted port

  13. Campus network with stand-alone server Security module inserted between CS and LAN switch Ethernet crossed cable IP corporate network Authentication authority Encrypted call control signalling (IP touch & IPMGs) Encrypted voice

  14. Voice over IP encryption through the WAN; Centralized call control, remote branch Campus Branch Office (remote) LAN WAN WAN Branch Office (remote) Encrypted call control signalling (IP touch & IPMGs) Encrypted voice Branch Office (remote)

  15. IP Touch Security scope Server Security Module • Authentication • Com. Server, IP Touch and IP Media Gateways • Calculated PSK/IKE • Confidentiality • Encryption of media • SRTP/AES • Call control signaling • IPSec/AES • Integrity • Call control signaling • HMAC/SHA1 • Signed IP Touch, MG.. binaries Hardware encryption Media Security Module IP (“unsecured”) corporate network Media Security Module Firmware encryption

  16. Device Authentication • Authentication is the first step to secure IP communications • Server Security Module authenticates IP endpoints allowed to access Com Server • PSK « construction » & protection against compromising • PSKg for IP phones PSK Authentication Authority IP corporate network PSK AuthenticationCS with IP phones and MGs PSK PSK Calculated PSK/IKE PSK

  17. Call Control Signaling Encryption • Based on a Symetrical key Ks • Ks is negociated between IP endpoint and Server Security Module: • IKE (Internet Key Exchange) • All traffic is encrypted between SSM and IP endpoint Ks3 IP corporate network Integrity Of call control signalling Ks2 Ks1 Confidentiality Encryption of call control signalling HMAC/SHA1 IPSec/AES

  18. Media encryption • Based on a Symetrical key Kv • Kv is is generated by CS and sent to IP endpoints through encrypted signaling IP corporate network Kv1 Kv1 Integrity RTCP Confidentiality Encryption of media HMAC/SHA1 SRTP/AES

  19. TFTP Secure IP Communication initialisation • A file stored on tftp server (OXE or external) indicates to IP endpoints that there are on a secured system • This file is signed to avoid tftp server spoofing LANPBX file indicates securely to endpoints that the system is secured IP corporate network

  20. TFTP Protection against encryption deactivation • Global security deactivation may be normally required for disaster recovery only (Server Crypto Module is out of service) • Recommandation is to duplicate SSM Removing a module also requires reconfiguration of security on CS Requires to load a signed LanPBX file telling the system is not secured Security can not be deactivated from here IP corporate network Removing a module also requires loading new LANPbx file on tftp server Reseting IP phone to non secure mode requires to know an admin password By default IP Touch phone is automatically secured on secured system

  21. Serviceability • Management integrated at OmniPCX Enterprise system level • Management through OmniVista 4760 • No element management at the encryption Module level • Neither for encryption, nor authentication, automatic negotiation between modules • Encryption modules have automatic firmware updates • Configuration file is sent by CS to SSM. SSM relays configuration file to MSMs • No impact on move adds and changes in a secured system • But security must be deactivated when transferred on a non secure system • Lightweight security management at the Com. Server level • Define the MGs that are encrypted or not: Security topology. This topology is translated in a config file for encryption Modules • This is to take also into account • IPMGs without MSM • Other Call Servers without SSM

  22. IP corporate Network IPTouch Security Solution: licensing model Encryption MediaGateway Licence Secured IPTouch Always required on Crystal hw Call Server MSM Main SSM N> 32 physical users MSM Encryption Server License Encryption MediaGateway Licence SSM Std by MSM No license when N<=32 physical users

  23. IPTouch Security Solution key selling point: • Hardware based solution • Hardware based solution are known to be more resilient than software based solution. • No impact on call server performances • See competition announcement… • Up to 30% performance decrease on competitor solution when security is configured! • Standard based solution • Easy evolution • Transparently secured (IPSec, SRTP…) • High voice quality thanks to “wire speed” implementation • See BCR/ Miercom test (Nov 04) • Co-development with Thales • European company acting in Security and Defense market

  24. Performances • Key figures • Nb of Secured IP Touch: 3000 per node: • To be confirmed on Technical Release (according stressed test result ongoing) • Nb of Secured Media gateways per node: 90 • Max number of encrypted communication per MG: 120

  25. Security and availability continuous improvment • Security continuous improvement • Enhancement of “Security by default” • Syslog message to an external server • Complete command history • Community name for SNMP • User account menu enhancement • Alarm on logging failure

  26. User Centric evolution IPTouch (quite) full feature Free Seating Attendant softphone

  27. Agenda • IP Touch now in Hotel !! • Presentation Server Direct Link • Free Desktop Environment • Entry level Attendant Softphone

  28. IP Touch finalization (2) • Hotel service on IP Touch line • Address the hotel and Resort high end market segment • Porting of Hotel feature on IPTouch • IPTouch set part of Suite • Support of Room service Soon available!!!!

  29. OmniPCX OmniPCX IP Touch Finalization (3) DHCP Server fail-over Fail-on-WAN or BO router failure BO MG failure • IP Touch survivability • With dynamic IP address allocation,IP Touch are able to store the IP addresses and the VLAN ID WAN HQ DHCP Server BO IP Mirroring PSTN

  30. IP Evolution • 1000 IP domain • Management Call Admission Control for very large branch office configuration • SIP endpoint evolution follow up • Support of Thomson SIPTouch 2020 through Alcatel Application Partner Program • Low cost solution but minimum basic level of service!!! • 1000 SIP phone per node • For more details, refer • Solution Paper: “SIP Phone evaluation criteria paper” For SIP implementation on OmniPCX Enteprise See also Thomson telecom web site: http://www.speedtouchpartner.com/enu2/products/viewabusinesssolution.php?id=83

  31. User centric: Free Desktop Environment • Virtual set for consulting enterprise or meeting room • Users can logon to their voice account (DDI directory number) from any telephone set of the company • Users keep their telephone facilities & profile • Logon can be performed via : • IP Touch keyboard and screen • Web application • Set keyboard and Voice guidance • Other / Customized solutions (Java Card, Genesys RSI script, ….) • When the extension is logged off (by himself, other user or third party control), his directory number can be de-allocated and immediately forwarded to • Voice Mail,external number, …

  32. 2/ John moves User centric: Free Desktop Environment(2) • Activation by IP Touch (8 series) Mobility (ACAPI) & Presentation Server Communication Server Eg. Meeting room 1/ John’s phone set 3/ John logons on free (or not) set * using the IP Touch’s keyboard 4/ His set is affected with a default profile * A set can be protected against free seating if it is locked

  33. Web based interface: 2/ Affectation to a free set via his PC or thanks to a welcome assistant User Centric: Free Desktop Environment (3) • Web application 1/ Jack, consultant is inside the company for a day. He needs to be affected in a virtual desktop Mobility (ACAPI) & Web Server Communication Server

  34. IP Softphone Attendant Low-end solution based on IP-Softphone UA emulation New IP softphone license Same features as 4035 IP Attendant USB headset: ringing is done via PC loudspeakers and voice is handled by the USB headset

  35. Serviceability IRAD CH: up to 384 kbit to manage your system Other goodies

  36. Serviceability –IRAD-CH board (1) • Remote Service Center Step 2 • IRAD- CH is a common hardware based board providing remote access to OmniPCX Enterprise node for management purpose • Support of IRAD-CH available from OmniVista 4760 R3.2 • OXE software download from remote location, using PC installer tool • Immediate/ System by system • OXE Configuration • On line configuration (no call back with IRAD board) • Off line configuration through Grid Edit : Immediate and scheduled import/export • Save/restore of OXE Data Base • Immediate and scheduled save • Immediate restore • Available in OmniPCX Enterprise from 5.1.2 (1) • Common Hardware only • Access is done through ISDN connection • Aggregation of N x 64 kbit up to 320kbit/s (5 x B Channel aggregation) (1) Subject to PCS (Premium Customer Support), not available for the US/Canadian market

  37. ISDN Serviceability IRAD-CH (2) IRAD remote service typical configuration OmniPCX Enterprise node OmniPCX Enterprise node eRMA/RMA for the alarms OR Win2003 T0/T2 T0/T2 E1 board T2 OR IRAD CH OR 4760 Server T0/T2 IP router Ethernet cable to Lanx 4 on CPU IRAD-CH 4760 Client + PC Installer Remote Service Center

  38. Serviceability: IRAD –CH Features • Routing • 320 Kbits/s MLPPP traffic to OXE • Security • Control on calling number • User password • Trusted IP address mechanism • Hide local IP addresses via NAT • IRAD configuration • For Password, RSC address , IP addresses,.. • Via a web browser • Implementation: • The board can be plugged in a free T2 position • E1 board needed on OmniVista 4760 server side • Alarms are handled as today: OXE sets up modem calls to the remote service center via eRMA or RMA . Analog ports needed on OmniVista 4760 E1 board

  39. Serviceability (4) Improvement of field installation processes and tools • Enhancement of eReflexe to IPTouch migration tool • SLI coupler dynamic initialization

  40. OmniPCX Enterprise r6.2 other goodies

  41. Hardware infrastructure • Hardware Infrastructure • ACT 14 & ACT 28 chassis integration in 19” Cabinet • Cabinet must be closed • for temperature contingency at system level • Cabinet must have airfan equipment • Open rack not allowed Sample representation Not contractual

  42. Hardware Infrastructure • ACT 14 & ACT 28 chassis integration in 19” cabinet: impact on catalogue and configuration process: • New basic package are defined for Crystal based configuration • This basic package doesn’t include M2 or M3 cabinet any more • Benefit: catalogue simplification • ACTIS will ask for type of housing”, M2 or M3 or “to be mounted in 19” cabinet” • User choice • BP using direct keying must be aware of this • Alcatel will not have 19” cabinet on his catalogue • Such device must be ordered “locally” OR

  43. Market re insurance • Chinese support on IP Touch line step 0 • System string display (within a set of 500 characters) • Russian and associated: • Transit R1.5 signaling • Analogue CLIP • CLIP APA DTMF mode for India and Taiwan

  44. Interoperability with former release

  45. R6.0 R6.0 • Active commercial delivery • Active commercial delivery • Pre phase out • Pre phase out • Phase out • Phase out • Delivered release • Delivered release Network interoperability 2003 2003 2003 2003 2004 2004 2004 2004 2005 2005 2005 2005 2006 2006 2006 2006 2007 2007 2007 2007 2003 2003 2003 2003 2004 2004 2004 2004 2005 2005 2005 2005 2006 2006 2006 2006 2007 2007 2007 2007 r5.0ux r5.0ux r5.0ux r5.0ux r5.0ux r5.0ux r5.0ux r5.0ux r5.0Lx r5.0Lx r5.0Lx r5.0Lx r5.0Lx r5.0Lx r5.0Lx r5.0Lx r5.1.x r5.1.x r5.1.x r5.1.x r5.1.x r5.1.x r5.1.x r5.1.x r5.1 r5.1 r5.1 r5.1 r5.1 r5.1 r5.1 r5.1 r5.1.1 r5.1.1 r5.1.1 r5.1.1 r5.1.1 r5.1.1 r5.1.1 r5.1.1 r5.1.2 r5.1.2 r5.1.2 r5.1.2 r5.1.2 r5.1.2 r5.1.2 r5.1.2 R6.0.x R6.0.x R6.0.x R6.0.x R6.0.x R6.0.x R6.0.x R6.0.x R6.0 R6.0 R6.0 R6.0 R6.0 R6.0 R6.0 R6.0 • • • • Active commercial Active commercial Active commercial Active commercial delivery delivery delivery delivery • • • • Active commercial Active commercial Active commercial Active commercial delivery delivery delivery delivery R6.0.1 R6.0.1 R6.0.1 R6.0.1 R6.0.1 R6.0.1 R6.0.1 R6.0.1 • • • • Pre Pre Pre Pre phase out phase out phase out phase out • • • • Pre Pre Pre Pre phase out phase out phase out phase out • • • • Phase out Phase out Phase out Phase out R6.1 R6.1 R6.1 R6.1 • • • • Phase out Phase out Phase out Phase out R6.1 R6.1 R6.1 R6.1 • • • • Delivered Delivered Delivered Delivered release release release release • • • • Delivered Delivered Delivered Delivered release release release release R7.0 R7.0 R6.2 R6.2 R7.0 R7.0 R7.0 R7.0

  46. OmniPCX Enterprise Mid market packaging Configuration rationalization Price repositioning

  47. Mid market Available since r6.1 • “Executive user” and “Executive IP software” license • Bundle of “Phonebook right to use” with “Reflexe user” license and “IP user license” • Executive user are now included in Common Hardware basic packages • Mid market positioning • UDA Call log on IPTouch • Mid Market packaging for advanced service on IPTouch • OmniPCX Enterprise 24A/D/M package • Introduction of Mix 4/4/8 board replacing 0/4/8 • Same price as former packages

  48. Configuration rationalization • Virtual users issue now solved!!! • Virtual user are no more taking in account for Engine calculation (including Proxy!!) • Price decrease on configuration requiring this technical feature • Hotel, hospitality market price repositioning • Notice that configuration still required in ACTIS (memory issue) and for 4760 • Configuration optimization on Common Hardware • Slot 7 becomes available for SLI 8/SLI 16 board • Increase of amount of IBS on a single rack • Depending the power consumption survivability

  49. Price repositioning • Software licence price repositioning • H323 license ->>>>> 100€ WPL • License also required for public H323 trunking (New Generation Network architectures) • SNMP trap ->>>>> for free • OmniTouch Unified Communication price repositioning

  50. Global offer Medium and Large Enterprise

More Related