How the main worry for firms adopting VoIP is the
quality of service, and knowing how to assess that service once it
is set up
The adoption of internet protocol based telephony by
organisations is a growing trend, thanks to the promise of free
phone calls through the convergence of voice and data networking
technology.
Voice over IP (VoIP) technology "is about to hit critical mass",
said David Endler, director of security at networking supplier
3Com's TippingPoint division handling intrusion detection systems
(IDS).
Analyst Frost & Sullivan predicted it will make up 75% of
all voice traffic by this year. Market research firm InStat has
also forecast the number of IP phones sold will increase nearly
five-fold from 9.9 million in 2006 to 45.8 million by 2010.
Yet, with organisations seemingly embracing the potential
savings and flexibility of VoIP, it appears as though they are not
always prepared for the challenges involved in deploying and
managing the technology.
Recent research by Vanson Bourne on behalf of software and
services company, Compuware has found 73% of European IT executives
are still worried about the quality and reliability of the
technology.
The research findings show the main worries over adopting VoIP
technology involve quality of service (QoS) and security, where
over a third (39%) of companies do not profile the performance of
telephony applications over existing IP networks prior to
implementation, so cannot anticipate the effect that its adoption
will have.
Compuware's global director of performance solutions Michael
Allen said too many companies take the technology for granted,
while at the same time underestimating its strategic
importance.
"VoIP is a well proven technology now," he said, "and most of
the IT directors we surveyed have plans to move over to it, if they
have not done so already - if only because it's all the networking
vendors sell nowadays.
"If moving to a new office, for example, it's more than likely
the organisation will want a modern telephony infrastructure. But
it can be easily forgotten just how much we take telephone
communication for granted having had traditional telephone systems
for so long. But voice is a high-profile application and users just
won't tolerate degradation and jitter on a call."
Allen said the survey revealed a major reason call quality
suffers is that the vast majority of IT departments (72%) are only
looking at overall network usage rather than examining the
individual behaviour and usage of each application, including
voice.
This could lead to poor call QoS, even if the organisation is
using Class of Service management tools on a multi-protocol label
switching (MPLS) network, because IT departments will not have the
necessary insight into application performance.
For example, Allen said, if there is a large amount of lag on a
VoIP call, which may be due to a problem at one of the network
nodes, this may go unnoticed because VoIP does not necessarily
generate a large volume of traffic, even though call quality is
suffering. This approach is also reflected in IT managers'
reactions to problems - 46% of respondents admitted to simply
throwing more bandwidth at network utilisation problems rather than
probing into any further detail to get to the heart of the
problem.
Alliance & Leicester, the UK's seventh biggest bank, handed
its voice and data communications to BT Global Services in December
2006 in a deal designed to transform and converge company's
networking infrastructure.
The infrastructure refresh will begin a phased implementation
lasting three years, and affecting its contact centre, branch, ATM
and corporate network with the aim of driving savings and
efficiencies through the deployment of VoIP in future.
Chief technology officer Darren McKenzie said networking
technology was now mature enough for a large enterprise like
Alliance & Leicester to look at taking it on. "We've been
tracking this technology for some time, and when we were sure it
was advanced enough for our needs through the immense amount of due
diligence testing in labs that we did, we made absolutely sure it
would lower costs and add simplicity to our network needs.
"We have had to get guarantees to prioritise voice in our plans.
But we are not buying technology, we are fundamentally buying a
service," he said. He added that using the latest packet switching
technology over a MPLS VPN network gave him the assurance he needed
that the network linking Alliance & Leicester's 1,800 staff and
250 branches would transmit both quality data and voice traffic
more reliably than the number of legacy large and wide area network
(Lan and Wan) technologies from a number of different, existing
suppliers.
Gavin Megnauth, Shaw Trust IT director is just over a year into
a four-year contract with provider Affiniti for a virtual private
network (VPN) covering its entire 1,300-strong user group and
enabling free VoIP calls, new rich-media services, and more
effective network management tools. The charity, which represents
people who are disadvantaged in the labour market due to
disability, ill health or other social circumstances, is hoping the
VPN will deliver up to 30% in cost savings with increased
bandwidth, performance, and reliability.
Megnauth said QoS issues were a key consideration for the
charity. "We were quite lucky in that our existing networks had
sufficient bandwidth to accommodate the extra needed for VoIP," he
said. But he said they did encounter some instances where devices,
like Skype phones installed independently by remote users, had
eaten up bandwidth and affected call quality for other users and
applications."
Megnauth said, "If the call quality is poor it's really
disappointing from the user perspective, given they have to go
through training on a new phone system. And although we remedied
any such problem quickly, it has left a slightly bitter taste in
the mouth and cost more in start-up costs." Although he did observe
the savings on call charges between the organisation's 65 offices
sites would see a return in the long term.
"There are ready-reckoner tools available now that are better
than they were a few years ago that help you plug in how many calls
are made and how much bandwidth you would use to discern cost more
clearly," said Megnauth.
"But because of the potential security issues around
unauthorised devices and applications like Skype competing for
bandwidth, we decided to get a consultant in to do full penetration
testing." But being a charity, he also said security was not as
great an issue as it might be for a bank, for example.
Gartner research director, Lawrence Orans said that whether you
decided to use the expertise of a managed service provider in the
case of the Shaw Trust and Alliance & Leicester to migrate
voice onto your data networks or not, most data infrastructures are
perfectly capable of prioritising voice over the network.
The problems arose in the overlapping areas of security and
traffic monitoring and detection, he said. "The voice team has
typically not had to worry about security and security teams have
not historically had to worry about voice," he said.
"IP-PBXs [private branch networks] are usually not subject to
denial of service (DoS) attacks because they are behind the
firewall, but when you send voice outside of those boundaries
issues can arise."
Orans said security would be higher on the VoIP agenda in 2007
because companies will begin to open up session initiation protocol
(SIP) gateways for application-layer control of voice traffic and
make them accessible on the internet.
He said that while this will contribute to the lower costs
associated with VoIP it will also expose organisations to a wide
variety of threats they are not necessarily aware of because many
still do not see VoIP handsets as computing devices in their own
right.
UK-based web security firm ScanSage has recently warned, "The
result is that both VoIP devices and servers will be subject to the
same type of vulnerabilities as any other computer including denial
of service attacks, theft of service, fraud and phishing
attacks."
Symantec researcher Zulfikar Ramzan said phishers have developed
more sophisticated attacks beyond just the traditional e-mails
directing you to a website to enter personal details and into the
VoIP arena. "For example, we've seen phishing attacks that use
e-mail to get you to call a specific phone number or some even use
the phone to contact you in the first place.
These so-called voice phishing or 'vishing' attacks exploit
VoIP. As a result, such attacks can be conducted cheaply enough for
phishers to see a sufficient return on their investment," he said.
At the same time, Ramzan added that there have not been many
reported cases of such attacks, so it is not clear if they will
become more prevalent moving forward.
IP service optimisation solutions supplier, Allot Communications
advocates the use of deep packet inspection (DPI) technology to add
to the QoS and security arsenal of an organisation deploying
VoIP.
Allot said throwing more bandwidth at VoIP services is often not
solving the true problem, which can only be uncovered by actually
knowing what packets are travelling across your network. Measures
to safeguard against any kind of attack using VoIP services should
already lie within an existing data network's firewall, IDT,
antivirus and authentication infrastructure.
But the DPI tools available from Allot or Compuware (which is
also a component of BT's Assured Application Infrastructure
service) for example, can help identify an attack and help
configure access protocols to protect the network, as well as make
sure critical voice traffic is given the priority required.
"DPI doesn't take care of the security threats out there, but it
can work with other third-party management tools to be a critical
element in better managing traffic across your network that
includes voice," said Allott.
VoIP case studies
www.computerweekly.com/221496
www.3com.co.uk
www.frost.com
www.computerweekly.com/VoIPtoolbox
VoIP special report: Making a case for VoIP
VoIP special report: Taking VoIP to the next level
Comment on this article:
computer.weekly@rbi.co.uk