Enabling Next-Generation Secured Contact Centers

By Aviv Marom

IP (Internet Protocol) contact center opportunities are multiplying as customers are beginning to understand the underlying benefits of using IP-based contact center solutions. With this growing trend, companies are able to enhance their competitive advantage and increase their workforce productivity by distributing their contact center agents and connecting them from home – or any other remote place in the world – using SIP (session initiation protocol)-enabled VoIP (Voice over Internet Protocol) architectures (i.e., SIP trunking). However, while many are highlighting the advantage of using IP/SIP based environments, they tend to omit several critical factors from the equation, including VoIP security threats and VoIP inter-op incompatibilities.

The Need for Session Border Control in Contact Center Deployments: While transitioning from traditional PSTN (public switched telephone network) to SIP trunking, a large number of potential threats may be introduced. These threats include eavesdropping, signaling and media manipulation, service theft/fraud, denial of service (DoS) and distributed DoS, and SPIT (spam over IP telephony). While typically characterized as a stand-alone device, session border controllers (SBC) can be integrated with other existing network elements, like data routers or media gateways.

When the contact center solution connects to an Internet Service Provider (ISP) network, the ISP will route all calls through its own carrier-based SBC system on its way back to the enterprise. The ISP core SBC protects the ISP network from malicious and unauthorized inbound traffic, leaving the enterprise completely exposed.

SBC functionality has become an essential element in the network of any enterprise utilizing the cost and functionality advantages that VoIP provides. In addition, integrated session border controller devices offer a number of benefits that can enhance the productivity of contact center solutions, as described below.

VoIP Security: So what are the main security functions that SBC elements need to have? Call Admission Control (CAC) allows for specifying which calls are permitted and which are not, and protects against DoS attacks. Topology hiding ensures that the enterprise’s contact center solution is not exposed outside the LAN, reducing internal server attacks. Authentication provides assurance that traffic sources are actually who they purport to be and not a malicious agent “spoofing” a legitimate source. Encryption can keep both signaling and media content secure – not only across public Internet segments, but also within the LAN network.

Interoperability: SIP includes a large number of options. It is quite common for a contact center solution provider and a SIP trunking service provider to implement a different set of options and then fail to communicate with each other. With SIP mediation at the customer network edge, contact center solutions can interface with any SIP trunking service provider, eliminating the need to achieve direct interoperability with every ISP and therefore start enjoying the benefits of SIP trunking connectivity. The enterprise SBC translates between the different SIP variants implemented in the contact center side and the service provider network, allowing for a smooth and successful SIP trunk rollout with minimal effort.

Media Gateway with Integrated SBC Functionality in Contact Center Solutions: Integrated SBC devices offer a number of key features that can enhance the productivity of contact center solutions, including remote agent connectivity, PSTN fallback, accurate outbound dialing with enhanced call progress analysis, transcoding, least-cost-routing, and voice quality assurance.

Handling Remote Agent Integration: Call center agents can be located across the country or internationally. However, this flexibility presents some challenges for VoIP systems, caused by the Network Address Translation (NAT) function. To protect the private network, NAT will allow traffic from a particular IP source only if a session to that address has first been established from within the LAN, creating what is called a “pinhole” through the firewall’s protection. To keep this pinhole open, it must be “refreshed” on a periodic basis. The enterprise SBC, through which all registrations pass, can assume this role for the PBX. The SBC needs to know about these registered users to be able to associate them to user groups and routing decisions.

PSTN Connectivity and Fallback: While the focus is on IP-enabled contact centers that are migrating from PSTN to SIP trunking connectivity, one cannot forget the legacy contact centers that are migrating to SIP trunking. In this case, a media gateway is still needed to perform the TDM (time division multiplex) to IP translation, but the security and interoperability requirements for its operation are similar to those discussed in IP-enabled contact centers.

A media gateway with integrated SBC functionality is an ideal product in making the TDM to IP upgrade transition as smooth as possible, allowing for a mix of TDM equipment and SIP devices to interoperate. As the conversion continues, the integrated SBC element can be repurposed from a SIP-to-TDM gateway to the role of SIP-to-SIP mediation, routing, and security resource. In addition, WAN outage can cause a devastating effect on the ongoing contact center service that loses all its voice services due to the connectivity loss with the ISP. This, however, can be overcome by using advanced PSTN breakout based on TDM interfaces (FXO, BRI, or PRI) that are implemented in the media gateway with integrated SBC functionality.

Outbound Dialing: Outbound dialing enables contact centers to proactively reach out to customers, improving communications and customer care. However, the process of calling customers’ telephones is dependent on accurate detection of exactly what’s on the other end of the connection – whether it’s a busy signal or other network tone, an answering machine, or the customer. Accurately detecting whether a call has been answered by a live person is a key facet of keeping contact center agents productive and maintaining customer satisfaction.

Media gateways with integrated SBC elements can initiate outbound calls and perform call progress analysis (CPA), and they can accurately detect answering machines, call progress tones, and live terminations. This capability improves the contact center’s productivity and customer care, without the expense of additional servers, software, or specialized PCI boards which suffer from lack of flexibility and scalability due to use of dedicated hardware and proprietary APIs.

Transcoding: In addition to translating between different variants of SIP, the contact center and SIP trunking provider needs to coordinate between VoIP coders in order to allow successful VoIP calls over a SIP Trunk. An end-to-end VoIP call must share a coder for communications to occur. In most VoIP networks, the method used to coordinate between coders is coder negotiation. This process involves negotiating and agreeing on the best common coder between two ends. Since most VoIP systems share many of the coders supported by end devices, this process is acceptable. In other cases, coder negotiation is not a possibility. This is especially true in the emerging high-definition VoIP world. Therefore, a transcoding function may also be required to support the demarcation point between the contact center system and the service provider.

Least Cost Routing (LCR): Connecting to a SIP trunking service provider using a native IP connection immediately opens the door to more SIP trunking connections and choosing efficient LCR options from a number of service providers. This option can also mix SIP trunking providers with traditional PSTN providers. Thus, the support for a call detail record export becomes a very important tool, enabling the monitoring of enterprise telephony costs and optional departmental billing. Therefore, the use of multiple SIP trunks and PSTN service providers in the same box allows for efficient LCR and reduced costs.

QoS (Quality of Service) Control and Policy Enforcement: VoIP is subject to a host of impairments that the PSTN never faced. Packet networks introduce jitter, delay, and packet loss, especially in converged networks with data traffic coexisting with voice. To deal with this, impairment mitigation strategies need to be employed and quality measurements must be taken to ensure that expected quality is being achieved. Metrics such as packet loss, jitter, and mean opinion score (MOS) measured per call and aggregated by route and time-of-day allow quick identification of any issues that do occur. Finally, if the issues are to be resolved quickly, tools are needed to discover the cause of any quality deviations.

All of the elements described above illustrate the need for SBCs and the value that such devices can offer contact centers. Not only do they enhance productivity, but they ensure high-quality service and help to prevent security breaches across multiple business-critical systems.

Aviv Marom joined the AudioCodes Marketing team in 2008 and is responsible for marketing activities and business partnerships within the corporate and channel marketing group. He has eleven years of experience in the VoIP application and infrastructure space.

[From Connection Magazine November 2010]

Leave a Reply