Preparing your Network for SIP over TCP and Secure Voice. Technical Whitepaper for IT Administrators

Similar documents
Encryption setup for gateways and trunks

Configuring Encryption for Gateways and Trunks

April AT&T Collaborate SM. Customer Configuration Guide

Avaya 132-S Avaya IP Telephony Design Elective.

Dolby Conference Phone 3.1 configuration guide for West

If your router or firewall is SIP-aware or SIP ALG-enabled, you must turn it off (so the device doesn t interfere with any signalling).

If your router or firewall is SIP-aware or SIP ALG-enabled, you must turn it off (so the device doesn t interfere with any signalling).

If your router or firewall is SIP-aware or SIP ALG-enabled, you must turn it off (so the device doesn t interfere with any signalling).

Polycom RealPresence Access Director System

Application Notes for Configuring Tidal Communications tnet Business VoIP with Avaya IP Office using SIP Registration - Issue 1.0

Ref LAN & Firewall Guidelines All Rights Reserved 2010 Claranet. Claranet Hosted Voice. LAN and Firewall Guidelines for Internet- Only Customers

Virtual Communications Express. Customer Firewall Requirements

APP NOTES TeamLink and Firewall Detect

Configure Voice and Video Communication

Dolby Conference Phone. Configuration Guide for Unify OpenScape Enterprise Express 8.0.x

Configure Mobile and Remote Access

Overview of the Session Initiation Protocol

Dolby Conference Phone. Configuration guide for Unify OpenScape Enterprise Express 8.0.x

Network Configuration Guide

VoIP. ALLPPT.com _ Free PowerPoint Templates, Diagrams and Charts

APP NOTES Onsight Connect Network Requirements

TLS Setup. TLS Overview. TLS Prerequisites

Dolby Conference Phone. Configuration guide for Cisco Unified Communications Manager

Voysis Cloud Implementation

Yealink VCS Network Deployment Solution

Multimedia! 23/03/18. Part 3: Lecture 3! Content and multimedia! Internet traffic!

Part 3: Lecture 3! Content and multimedia!

Frequently Asked Questions (Dialogic BorderNet 500 Gateways)

Requirements. System Requirements

Virtual Office Technical Requirements

Firewalls for Secure Unified Communications

Setup for Cisco Unified Communications Manager

Application Notes for Configuring Windstream SIP Trunking with Avaya IP Office - Issue 1.0

4. The transport layer

Secure Telephony Enabled Middle-box (STEM)

TPG BizPhone FAQs. Select one of the links below to jump to the query.

Ingate Firewall & SIParator Product Training. SIP Trunking Focused

Cisco ATA 191 Analog Telephone Adapter Overview

Cisco IP Phone Configuration Guide

Recommended QoS Configuration Settings for. Dell SonicWALL SOHO Router

Application Notes for Configuring Cablevision Optimum Voice SIP Trunking with Avaya IP Office - Issue 1.1

Application Notes for Configuring 2N Telekomunikace Helios IP to interoperate with Avaya IP Office Issue 1.0

Abstract. Avaya Solution & Interoperability Test Lab

Dolby Conference Phone. Configuration guide for Avaya Aura Platform 6.x

The OSI Model. Open Systems Interconnection (OSI). Developed by the International Organization for Standardization (ISO).

Chapter 11: Understanding the H.323 Standard

Dolby Conference Phone. Configuration guide for Avaya Aura Platform 6.x

5 What two Cisco tools can be used to analyze network application traffic? (Choose two.) NBAR NetFlow AutoQoS Wireshark Custom Queuing

Dolby Conference Phone. Configuration Guide for Microsoft Skype for Business

Application Notes for Phonect SIP Trunk Service and Avaya IP Office 7.0 Issue 1.0

This course prepares candidates for the CompTIA Network+ examination (2018 Objectives) N

while the LAN interface is in the DMZ. You can control access to the WAN port using either ACLs on the upstream router, or the built-in netfilter

CHAPTER. Introduction. Last revised on: February 13, 2008

Cisco IP Communicator Deployment Preparation

Customer Guide to Cisco JTAPI- BiB Integrations. March

Network+ Guide to Networks, Seventh Edition Chapter 1, Solutions

Preparing to Deploy Cisco IP Communicator

Internet Protocol Version 6 (IPv6)

Horizon Network Configuration Guidelines

Cisco Desktop Collaboration Experience DX650 Security Overview

Hosted VoIP, Firewall, Security and Network Considerations Administrator Guide. Revision 5.0

Application Notes for Configuring Avaya IP Office Server Edition 10.1 to interoperate with Zenitel Turbine - Issue 1.0

Internet Protocol Version 6 (IPv6)

Security Guide Zoom Video Communications Inc.

A common issue that affects the QoS of packetized audio is jitter. Voice data requires a constant packet interarrival rate at receivers to convert

Requirements. System Requirements. System Requirements, page 1 Port Requirements, page 4 Supported Codecs, page 6

Mohammad Hossein Manshaei 1393

Troubleshooting Voice Over IP with WireShark

CCNA 1 Chapter 7 v5.0 Exam Answers 2013

Commander Phone & Key Phone Site Readiness Companion Guide

Setting Up a Mitel SX-2000 Digital PIMG Integration with Cisco Unity Connection

CS 3516: Advanced Computer Networks

Cisco Webex Cloud Connected Audio

Cisco IP Phone Security

Patton Electronics Co Rickenbacker Drive, Gaithersburg, MD 20879, USA tel: fax:

Video Surveillance. Best practices: Management of video surveillance streaming. Abstract. Introduction

Setting Up an Alcatel 4400 Digital PIMG Integration with Cisco Unity Connection

TSIN02 - Internetworking

W H I T E P A P E R : O P E N. V P N C L O U D. Implementing A Secure OpenVPN Cloud

Introduction to Networking

Kinnex Media Gateway. Technical Description. Starxoft Date of publication: January 10,

SIP as an Enabling Technology

Application Notes for Configuring SIP Trunking between Global Crossing SIP Trunking Service and an Avaya IP Office Telephony Solution Issue 1.

Paperspace. Security Primer & Architecture Overview. Business Whitepaper. 20 Jay St. Suite 312 Brooklyn, NY 11201

Multimedia Communications


4 rd class Department of Network College of IT- University of Babylon

This is a sample chapter of WebRTC: APIs and RTCWEB Protocols of the HTML5 Real-Time Web by Alan B. Johnston and Daniel C. Burnett.

UC Office for Smart Phone - iphone Edition

Virtual Office. Technical Requirements. Version 4.0. Revision 1.0

Yealink VCS Network Deployment Solution

ETSF10 Internet Protocols Transport Layer Protocols

Internet Security. - IPSec, SSL/TLS, SRTP - 29th. Oct Lee, Choongho

Troubleshooting One Way Voice Issues

Dolby Conference Phone 3.0 configuration guide for Unify OpenScape Enterprise Express 8.0.x

Technical Configuration Notes

Abstract. Avaya Solution & Interoperability Test Lab

see the Cisco SPA100 Series Administration Guide for details. The configuration profile is uploaded to the Cisco SPA122 at the time of provisioning.

Multimedia Applications. Classification of Applications. Transport and Network Layer

Cisco Analog Telephone Adaptor Overview

Transcription:

Preparing your Network for SIP over TCP and Secure Voice Technical Whitepaper for IT Administrators February 7 th, 2015

Overview RingCentral Office@Hand from AT&T has recently implemented a number of server side upgrades to improve the service for our small business and enterprise customers. Some of these changes affect how endpoints (e.g. desktop IP phones, conferencing phones, Analog Terminal Adapters (ATAs), soft phones, and mobile applications) will communicate with the Office@Hand cloud servers as we roll out these capabilities to our customers. These upgrades were necessary to provide a number of immediate and future benefits including improved signaling reliability, more robust network security, and improved efficiencies in how endpoint devices register and communicate with the Intended Audience This whitepaper and the information it contains is intended for the primary IT administrator responsible for configuration and management of the Office@Hand service. Additionally, this information is intended for IT personnel responsible for managing the Local Area Network (LAN) firewalls and routers that connect each office location to the Internet. Office@Hand is an Over- The- Top (OTT) Voice over IP (VoIP) service and requires an Internet connection at each supported office location to make and receive calls. The changes suggested within this whitepaper will allow your account to take advantage of the numerous upgrades becoming available and will serve to maintain compliance with Office@Hand security and protocol architectures and policies. What Upgrades have Been Made to the Office@Hand Service? Two important changes have been applied to the Office@Hand cloud servers to improve the service. SIP over TCP The first change is that we have upgraded our servers to support Session Initiation Protocol (SIP) signaling over the Transmission Control Protocol (TCP). Previously, the Office@Hand service utilized SIP over the User Datagram Protocol (UDP). The TCP protocol provides reliable, ordered, and error- checked delivery of packet streams between supported endpoints and the This upgrade to SIP over TCP will improve the call signaling function of the Office@Hand service including fewer call drops, reduced one- way audio issues, improved firewall compatibility, improved call handling capabilities over wireless, and will generally be able to better withstand packet loss in high traffic office environments or while using mobile devices on bandwidth limited wireless networks. Secure Voice The second change is that we have upgraded our cloud servers to support a new Secure Voice feature for Office@Hand customers. Secure Voice is a new feature that adds robust security protocols to both signaling and media for supported endpoints. Secure Voice uses two enterprise- grade security protocols to provide additional security for phone calls.

Transport Layer Security (TLS) is a cryptographic protocol that provides encryption on the SIP signaling data in the application layer. This protocol secures the SIP signaling communication between supported endpoint devices and the Secure Real- time Transport Protocol (srtp) is a profile of the Real- time Transport Protocol (RTP) that provides encryption, message authentication and integrity, as well as replay protection to the RTP packet stream that is transported between supported endpoint devices and the What Endpoints are Affected by This Change? Office@Hand endpoint devices including desktop IP phones, conferencing phones, Analog Terminal Adapters (ATAs), soft phones (Office@Hand for Desktop), and mobile applications (Office@Hand for Mobile) will use the upgraded protocols to communicate with the At the time of your account migration, your endpoint devices will receive an update command from the Office@Hand cloud servers and initiate a reboot procedure to enable the new endpoint device settings. The reboot procedure will take up to a minute to perform the operation and at the conclusion of the reboot, will re- register automatically with the Office@Hand cloud server. No action is necessary by the IT administrator to perform this reboot. Currently, all Office@Hand endpoints support Secure Voice except for the following: Office@Hand softphone (legacy softphone), Office@Hand Desktop App (enhanced softphone), Yealink W52P, and the Cisco SPA- 122 ATA. Devices that do not support Secure Voice will continue to be able to make and receive calls in a non- Secure Voice mode. When Will My Account Be Migrated? The IT administrator for your Office@Hand account will receive a series emails with details about the upgrade migration for your account. Within the email, your account migration date and upgrade window will be included within the message. The account migrations will occur during periods of low account activity with time windows approximately between the hours of 11:00pm and 3:00am Pacific Time. If you have a concern with your assigned account migration day and time, please contact Office@Hand Customer Care to discuss further options. What Must I Do to Prepare My Firewall and Network For These Changes? As an IT administrator, if you actively manage your Internet access firewall ports and restrict certain protocols or ports, you may need to adjust your firewall settings to accommodate for these upgrades.

You will need administrator rights to your firewall to make changes to your firewall s protocol and port settings. Please refer to your user manual for details on how to access your firewall and the procedures to make the protocol and port setting changes. If you do not actively manage your firewall settings and do not restrict or block certain protocol or port settings, changes to your firewall may not be necessary although we would encourage you to review the information below to ensure that your firewall will not block connectivity and will allow your service to continue uninterrupted. Below is the list of firewall protocol and port settings for Office@Hand services. Both customer side (source port) and Office@Hand side (destination port) references are included. Device Type Protocols (Source Port) Customer Side (Destination Port) Office@Hand Side Desk phone signaling SIP/UDP 5060 to 5090 5090 Desk phone signaling SIP/TCP 5060 5090 Desk phone media RTP/UDP 16384 to 16482 20000 to 39999 Desk phones signaling Secure Voice SIP/TLS/TCP 5060 5096 Desk phones media Secure Voice SRTP/UDP 16384 to 16482 40000 to 49999 Desk phone provisioning HTTPS/TCP/IP 80, 443 80, 443 Desk phone clock sync NTP/UDP 123 123 Desk phone BLA/Presence SIP/UDP 5060 5099 Desk phone BLA/Presence SIP/TCP 5060 5090 Mobile App signaling SIP/UDP 5060 5090 to 5091 Mobile App signaling SIP/TCP N/A 5090 to 5091 Mobile App media RTP/UDP 4000 to 5000 50000 to 59999 Mobile App signaling Secure Voice SIP/TLS/SRTP N/A 5097 Mobile App media Secure Voice SRTP/UDP 4000 to 5000 60000 to 64999 Mobile App BLA/Presence SIP/TCP N/A 5091 Mobile App BLA/Presence SIP/UDP N/A 5099 Mobile App data sync with RC backend HTTPS 443 443 Softphone signaling SIP/UDP 5060 to 5090 5091 Softphone signaling SIP/TCP N/A 5091 Softphone media RTP/UDP 8000 to 8200 50000 to 59999 Softphone signaling Secure Voice SIP/TLS/SRTP N/A 5097 Softphone media Secure Voice SRTP/UDP 4000 to 5000 60000 to 64999 Softphone BLA/Presence SIP/TCP N/A 5091 Softphone BLA/Presence SIP/UDP N/A 5099 Softphone data sync with RC backend HTTPS 443 443 Office@Hand Meetings signaling SIP/TCP N/A 8801, 8802 Office@Hand Meetings signaling Secure SIP/TLS/TCP N/A 443 Office@Hand Meetings media RTP/UDP N/A 8801 Office@Hand Meetings media Secure TLS/TCP N/A 443

What Happens After I Make These Changes? Once you have made the changes to your firewall protocol and port settings, your network will be ready to use the upgraded signaling protocols and new security features once your account has been migrated. No further setting changes are necessary. Once your account has been upgraded during your assigned migration window, the endpoint reset procedure will be triggered by the Office@Hand cloud servers automatically. The reboot procedure will reset all of your endpoint devices to enable the new settings. This reboot procedure will take up to one minute per device. Once your endpoints have been reset successfully, your endpoints will automatically negotiate SIP over TCP signaling and enable Secure Voice. Who Can I Contact for Further Explanation or Assistance? If you have questions about this whitepaper, the service notice, or need support assistance to make these network changes, we offer a number of options to assist you. Online Resources Office@Hand Support Center http://support- officeathand.att.com Contact Support Contact Support Center http://support- officeathand.att.com/attcontactsupport? Office@Hand Service Implementation Desk 888-389- 1758

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback