VoIP challenges must be addressed

Firms are proving eager for the telephony savings voice over internet protocol can bring, but many are paying too little attention to potential quality of service issues

The adoption of internet protocol (IP) based telephony by organisations is a growing trend, thanks to the promise of free phone calls through the convergence of voice and data networking technology.

Indeed, according to David Endler, director of security research at networking supplier 3Com's TippingPoint division, voice over IP (VoIP) technology "is about to hit critical mass". Analyst firm Frost & Sullivan predicted VoIP would make up 75% of all voice traffic by this year, and market research firm InStat has forecast that the number of IP phones sold will increase nearly five-fold, from 9.9 million in 2006 to 45.8 million by 2010.

Although organisations seem to be embracing the potential savings and flexibility of VoIP, it appears they are not always prepared for the challenges involved in deploying and managing the technology. Research by Vanson Bourne on behalf of software and services company Compuware, has found that 73% of European IT executives are still worried about the quality and reliability of the technology.

The research findings show the main worries about adopting VoIP technology involve quality of service (QoS) and security 39% of companies fail to profile the performance of telephony applications over existing IP networks prior to implementation, and so are unable to anticipate the effect its adoption will have.

Compuware's global director of performance solutions, Michael Allen, says too many companies take the technology for granted, and at the same time underestimating its strategic importance.

"VoIP is a well proven technology now. Most of the IT directors we surveyed have plans to move over to it, if they have not done so already - if only because it is all the networking suppliers sell nowadays," he says.

"When moving to a new office, for example, it is more than likely the organisation will want a modern telephony infrastructure. But it can be easily forgotten just how much we take telephone communication for granted having had traditional telephone systems for so long. Voice is a high-profile application and users just will not tolerate degradation and jitter on a call."

Allen says the survey revealed that a major reason call quality suffers is that 72% of IT departments only look at overall network usage, rather than examining the individual behaviour and usage of each application, including voice.

This could lead to poor call QoS, even if the organisation is using class of service management tools on a multi-protocol label switching (MPLS) network, because IT departments will not have the necessary insight into application performance.

For example, if there is a large lag on a VoIP call due to a problem at one of the network nodes, it may go unnoticed even though call quality is suffering because VoIP does not necessarily generate a large volume of traffic.

This approach is also reflected in IT managers' reactions to problems - 46% admitted to simply throwing more bandwidth at network utilisation problems rather than probing to get to the heart of the problem.

Alliance & Leicester, the UK's seventh biggest bank, handed its voice and data communications to BT Global Services in December 2006, in a deal designed to transform and converge the company's networking infrastructure.

The infrastructure refresh will begin a phased implementation lasting three years and affecting its contact centre, branch, ATM and corporate network, with the aim of driving savings and efficiencies through the deployment of VoIP in future.

Chief technology officer at Alliance and Leicester, Darren McKenzie, says networking technology is now mature enough for a large enterprise like Alliance & Leicester to look at taking it on. "We have been tracking it for some time, and when we were sure it was advanced enough for our needs through the immense amount of due diligence testing that we did in labs, we made absolutely sure it would lower costs and add simplicity to our network needs," he says.

"We have had to get guarantees to prioritise voice in our plans. But we are not buying technology, we are fundamentally buying a service."

Using the latest packet switching technology over an MPLS virtual private network (VPN) has given McKenzie the assurance he needs that the network linking Alliance & Leceister's 1,800 staff and 250 branches will transmit both quality data and voice traffic more reliably than the legacy local and wide area networks.

Gavin Megnauth, IT director at Shaw Trust, is just over a year into a four-year contract with supplier Affiniti for a VPN covering Shaw Trust's entire 1,300-strong user group and enabling free VoIP calls, new rich-media services and more effective network management tools. The charity, which represents people who are disadvantaged in the labour market owing to disability, ill health or other social circumstances, is hoping the VPN will deliver up to 30% cost savings by increasing bandwidth, performance and reliability.

Megnauth says QoS issues are a key consideration for the charity. "We were quite lucky in that our existing networks had sufficient bandwidth to accommodate the extra needed for VoIP," he says. But the charity did encounter some instances where devices, like Skype phones installed independently by remote users, had eaten up bandwidth and affected call quality for other users and applications.

"If the call quality is poor it is really disappointing from a user perspective, given they have to go through training on a new phone system. And although we remedied any such problem quickly, it has left a slightly bitter taste in the mouth and cost more in start-up costs," Megnauth says.

But he acknowledges that the savings on call charges between the organisation's 65 offices sites will see a return in the long term.

"There are ready-reckoner tools available now that are better than they were a few years ago that help you plug in how many calls are made and how much bandwidth you would use to discern cost more clearly," says Megnauth.

"But because of the potential security issues with unauthorised devices and applications like Skype competing for bandwidth, we decided to get a consultant in to do full penetration testing." But for a charity, he says, security is not as great an issue as it might be for a bank, for example.

According to Lawrence Orans, research director at analyst firm Gartner, whether you decide to use the expertise of a managed service provider to migrate voice onto your data networks or not, most data infrastructures are perfectly capable of prioritising voice over the network. The problems arise in the overlapping areas of security and traffic monitoring and detection, he says.

"The voice team has typically not had to worry about security, and security teams have not historically had to worry about voice," he says. "IP-PBXs (private branch networks) are usually not subject to denial of service attacks because they are behind the firewall, but when you send voice outside of those boundaries problems can arise."

Orans says security will be higher on the VoIP agenda in 2007 because companies will begin to open up session initiation protocol (Sip) gateways for application-layer control of voice traffic and make them accessible on the internet.

This will contribute to the lower costs associated with VoIP, but it will also expose organisations to a wide variety of threats they are not necessarily aware of because many still do not see VoIP handsets as computing devices in their own right.

And according to web security firm ScanSafe, "The result is that both VoIP devices and servers will be subject to the same vulnerabilities as any other computer, including denial of service attacks, theft of service, fraud and phishing attacks."

Zulfikar Ramzan, senior principal researcher in the advanced threat research group at Symantec, says phishers have now developed more sophisticated attacks than the traditional e-mails directing you to a website to enter personal details.

"For example, we have seen phishing attacks that use e-mail to get you to call a specific phone number or even use the phone to contact you in the first place," he says.

These so-called voice phishing or "vishing" attacks exploit VoIP and so can be conducted cheaply enough for phishers to see a sufficient return on their investment, says Ramzan. At the same time, there have not been many reported cases of such attacks, so it is not clear whether they will escalate.

IP service optimisation system supplier Allot Communications advocates the use of deep packet inspection technology to add to the QoS and security arsenal of an organisation deploying VoIP.

David Schwartzman, director for cellular solutions at Allot, says throwing more bandwidth at VoIP services is often not solving the true problem, which can only be uncovered by knowing what packets are travelling across your network. "Just looking at port numbers is no good. Deep packet inspection is the prerequisite of any action taken on the network," he says.

Measures to safeguard against any kind of attack using VoIP services should already lie within an existing data network's firewall, intrusion detection system, anti-virus and authentication infrastructure. But deep packet inspection tools can help identify an attack and configure access protocols to protect the network, as well as make sure critical voice traffic is given the priority required.

"Deep packet inspection does not take care of the security threats out there, but it can work with other third-party management tools to be a critical element in better managing traffic across your network that includes voice," says Schwartzman.

VoIP case studies

www.voip.org.uk

Comment on this article: [email protected]




Read more on Voice networking and VoIP

SearchCIO
SearchSecurity
SearchNetworking
SearchDataCenter
SearchDataManagement
Close