Introduction

ITIL (Information Technology Infrastructure Library) is a set of practices for IT Service Management that focuses on aligning IT services with the needs of business. The ITIL processes all interwork, providing IT management with an end-to-end view of the technology and services being provided, maximizing uptime and providing a high quality experience for end-users.
VSM is based on delivering seven of the ITIL disciplines:

  • Configuration Management
  • Capacity Management
  • Availability Management
  • Change Management
  • Release Management
  • Continuity Management
  • Security Management

Avaya Session Border Controller (ASBC)

SBC is a special-purpose device that protects and regulates IP communications flows.  As the name implies, session border controllers are deployed at network borders to control IP communications sessions.  Originally conceived to protect and control VoIP networks, SBCs are now used to regulate all forms of real-time communications including VoIP, IP video, text chat and collaboration sessions.
SBCs manipulate IP communications signalling and media streams, providing a variety of functions including:

    • Security - SBCs protect against Denial of Service (DoS) and Distributed DoS (DDoS) attacks, safeguard against toll fraud and service theft, and provide media and signalling encryption to ensure confidentiality and protect against impersonation/masquerade
    • Multivendor interoperability - SBCs normalize SIP (Session Initiation Protocol) signalling stream headers and messages to mitigate multivendor incompatibilities
    • Protocol interworking - SBCs enable interworking between diverse protocols (i.e. SIP-to-H.323) or diverse codecs (i.e. g.711 to g.729 transcoding)
    • Quality of Service (QoS) - SBCs enforce call admission control (CAC) policies, type of service (ToS) marking, or rate limiting for service quality assurance
    • Session routing - SBCs route sessions across network interfaces to ensure high availability or enable least cost routing (LCR)


 

Managing SBC in real-world environments

VSM's Security Manager is essential in protecting organizations from cyber attack.
SIP based communication needs counter-measures to prevent hacker intrusion, bandwidth abuse, toll fraud, service hijacking and denial of service attacks.
These threats cannot be mitigated by the session border controller (SBC) alone. Relying solely on the SBC is like having good locks and catches on your doors and windows at home, but having no security system to alert you if these are being tested, or worse still, breached.

  • Real time threat awareness
  • Act quickly to prevent intrusion
  • Flag suspicious behavior
  • Look externally and internally


The ASBC Dashlet depicts threats in real time and can be found in VSM's Service Desk > Dashboard > System Health > Avaya Session Border Controller (ASBC).

It gives you a picture of threats in real time. Ensure your platform continues to separate trusted from untrusted networks. If your SBC rules are being tested, be informed and take mitigating actions BEFORE a breach occurs. 
Security Reports are available in VSM's Security Manager under Security Manager > Reports.

VSM and ASBC System Health

VSM collects and stores configuration, capacity and availability information relating to the consumption of all essential SBC resources. This data is mined at all levels, from infrastructure through to the SBC application layers. It stores this information for reporting, trending and analytical purposes. VSM specifically targets critical areas in SBC that indicate business-impacting issues.

  1. If any changes are made to the architecture, the dashboard will automatically reconfigure itself to measure and display critical capacity data based on the current configuration.

Items monitored include not only server processor, but also essential aspects of the configuration which have their own specific requirements and capacity limitations. This information is presented by way of several different dashboards within Service Desk.
The purpose of the dashboards is three-fold:

  • To enable IT teams to proactively identify potential issues and prevent outages.
  • To provide a real time view of overall SM health at a glance without having to rely on end-users reporting problems.
  • In the event of a service-impacting incident to significantly reduce Mean Time to Repair (MTTR) and therefore to reduce the impact on business operations by quickly identifying the root cause.

Network Interface

Best practice "secure by design" strategy separates management, trusted and untrusted networks

Services

View the status of the individual application services on the SBC.

Application Status

Shows the application name, if it is running and how long that application has been running for.

  • SS
  • sems


SIP Protocol

See current volumes for:

  • Invites
  • 1xx Response
  • 2xx Response
  • 4/6xx Response – totals here indicate a problem

SIP Calls

View Total Calls broken down by Active Calls, Active SRTP Calls, TCP Registrations, LCP Registrations, TLS Registrations, Call Received and Call Allowed.

Security Violations

VSM tracks the number of SIP Calls that are Blocked, Failed or Denied for a multitude of typical problems:

  • Calls Blocked
    • SIP parse errors
    • Failed Authentication
    • Accounting challenges
    • Security features such as TDoS and DoS
    • Exceeding Invite rate thresholds
  • Calls Failed
    • Failed SIP calls with 4xx, 5xx and 6xx class SIP failure responses
    • Calls from Blacklisted sources
  • Calls Denied due to missing policy


SIP Drops are also tracked for Registrations dropped, Invites dropped and Sessions
dropped. Typical problems include:

  • Registrations dropped due to missing policy
  • SIP Invites dropped due to missing policy
  • SIP Sessions dropped due to maximum concurrent sessions thresholds breach


In typical deployments a certain "normal" level can be expected. 

Security Violation panel with Alerts and drill down page

Avaya SBC dashlet
This dashlet gives you a picture of threats in real time. Ensure your platform continues to separate trusted from untrusted networks. If your SBC rules are being tested, be informed and take mitigating actions BEFORE a breach occurs. 

Network Interface drill down page