Thanks to visit codestin.com
Credit goes to www.scribd.com

Scribd
Upload
28 views44 pages

Mod01 GL Overview

The document provides an overview of the OpenScape Session Border Controller (SBC), detailing its types, deployment scenarios, features, and licensing. It aims to help users understand various deployment scenarios, including remote users and endpoints. The content is structured to facilitate a comprehensive understanding of SBC management and implementation, requiring approximately 2.5 hours of study time.

Uploaded by

pschl1971
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
28 views44 pages

Mod01 GL Overview

The document provides an overview of the OpenScape Session Border Controller (SBC), detailing its types, deployment scenarios, features, and licensing. It aims to help users understand various deployment scenarios, including remote users and endpoints. The content is structured to facilitate a comprehensive understanding of SBC management and implementation, requiring approximately 2.5 hours of study time.

Uploaded by

pschl1971
Copyright
© © All Rights Reserved
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 44

Overview

20
7-
-0
20
o_
ol
ic
en
Content
_G
do

Preface . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 3
an
rn

1 Introduction . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 5
Fe

1.1 SBC Types - high level overview: . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 6


._
_L
EN

2 Deployment scenarios . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 7
00

2.1 SIP trunking to a SIP Service Provider . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8


EN

2.2 Remote user (e.g. home worker) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8


40

2.3 Remote OpenScape Branch (Proxy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 8


88
EN

2.4 Remote OpenScape Branch (SBC Proxy) . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9


2.5 Remote OpenScape Branch (Branch SBC) . . . . . . . . . . . . . . . . . . . . . . . . . . . . 9
2.6 Remote Gateways (not behind OpenScape Branch) . . . . . . . . . . . . . . . . . . . . 9
2.7 MGCP signaling support for remote media servers . . . . . . . . . . . . . . . . . . . . 10
2.8 Remote Gateway behind OpenScape Branch . . . . . . . . . . . . . . . . . . . . . . . . . 10
3 Implementation . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.1 In general . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 11
3.2 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.3 SIP & media support . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.4 Management . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 12
3.5 Logging / Tracing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.6 Networking . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.7 QoS . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13
3.8 Security . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 13

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 1
FN9850FN10FN_TBAZZZAIMHY
4 Technical data . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
4.1 Capacity and performance . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 15
5 Feature Implementation - Details . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 19
5.1 SBC Version V9R1+ Deployment Scenarios and Features . . . . . . . . . . . . . . . 19
6 Redundancy . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.1 Redundant OpenScape SBC . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 21
6.2 Redundancy of SIP-Server Connection . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 22
6.2.1 Simplex SIP Server Connection Mode . . . . . . . . . . . . . . . . . . . . . . . . 22
6.2.2 Co-Located SIP Server Connection Mode. . . . . . . . . . . . . . . . . . . . . . 24
6.2.3 Duplex geo-separated SIP Server Connection Mode . . . . . . . . . . . . . 26
6.2.4 Clustered SIP Server Connection Mode . . . . . . . . . . . . . . . . . . . . . . . 27

20
6.2.5 SBC SIP Server Clustered Check . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 31

7-
-0
7 Licensing . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 33

20
o_
7.1 Licensing Files. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37

ol
7.1.1 Regular License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 37
ic
en
7.1.2 Software Subscription License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 38
_G

7.1.3 Evaluation License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40


do

7.1.4 Demo License . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 40


an

7.2 OpenScape Session Border Controller (SBC) Base License . . . . . . . . . . . . . . 41


rn
Fe

7.3 OpenScape SBC Session License. . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 41


._
_L

7.4 Managing Licenses . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42


EN

7.4.1 License Management Concept . . . . . . . . . . . . . . . . . . . . . . . . . . . . . . 42


00
EN
40
88
EN

2 Overview
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
01.2018
FN9850FN10FN_TBAZZZAIMHY
Preface

Preface

Content of Module • Following sections describe the SBC Types, deployment scenarios, fea-
tures and license usage.
Theory accompanied with first impression of the SBC Management Portal

Objectives • Understand deployment scenarios for


1: Remote user - e.g. home worker

20
2: Remote Endpoints

7-
-0
Prerequisites • Knowledge of OpenScape Solutions.

20
o_
Time • appr. 2,5 hours

ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 3
FN9850FN10FN_TBAZZZAIMHY
Preface

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

4 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Introduction

1 Introduction
OpenScape Session Border Controller (SBC) was developed as a solution component of the
award-winning OpenScape solution portfolio to enable VoIP networks to extend SIP-based
communication and applications beyond the enterprise network boundaries.
OpenScape SBC provides four key functions:
• secure termination of SIP-based trunking from a service provider
• secure voice and video communications for remote workers
• connection to remote branch offices as part of a distributed Open-
Scape Voice deployment

20
7-
• secure WebRTC trunk to Circuit

-0
20
Unlike traditional data firewall solutions, OpenScape SBC is specifically designed to provide

o_
VoIP traffic security. It terminates a SIP session on the WAN side of the SBC outside of the en-
ol
ic
terprise voice network, ensures the traffic is originating from an authorized source, inspects
en
the SIP and media packets for protocol violations or irregularities.
_G
do

Only when the traffic is deemed valid, it is passed on to the enterprise voice LAN on the core-
an

side of the SBC. OpenScape SBC dynamically opens and closes firewall "pin holes" for RTP and
rn

SRTP media connections.


Fe
._

OpenScape SBC performs the necessary interoperability, security, management, and control
_L
EN

capabilities to support SIP trunking applications. It also supports the SIP endpoint registra-
00

tion services that are necessary to support remote user and remote branch office applications.
EN

It performs SIP deep-packet inspection specifically tailored for the OpenScape Voice environ-
40

ment that is necessary to provide proper mediation between IP networks, such as the map-
88

ping of IP addresses within SIP signaling and RTP/SRTP media packets that allows for Network
EN

Address Translation (NAT) traversal. Media anchoring can be configured to the extent re-
quired by media control policies (for example, for NAT traversal), or set to allow direct media
connections between clients that are on the same subnet.
OpenScape SBC enhances customer-network security by providing SIPaware security func-
tionality including dynamic RTP/SRTP pin-holing through its internal firewall, stateful SIP
protocol validation, DoS/DDoS mitigation, and network topology hiding. It also supports TLS
encryption on core- and access-side SIP signaling interfaces as well as SRTP media encryption
on a termination/mediation or pass-through basis.
OpenScape SBC facilitates SIP trunk interfaces to SIP Service Providers (SSPs) for OpenScape
Voice and OpenScape 4000 systems, connection to remote user SIP phones and mobile clients
for OpenScape Voice systems, for example, for home workers accessing an OpenScape Voice
system over an Internet connection, and for connection of OpenScape Branch systems oper-
ating in Proxy, SBC-Proxy, and Branch-SBC mode serving remote branch locations to an
OpenScape Voice system.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 5
FN9850FN10FN_TBAZZZAIMHY
SBC Types - high level overview:

OpenScape SBC is fully manageable via the same Common Management Platform (CMP) that
is used to manage other network elements in the OpenScape Enterprise solution. When used
with OpenScape 4000, OpenScape SBC is managed via its local management interface.

1.1 SBC Types - high level overview:


The OpenScape SBC software package is available via the SWS
• Product OpenScape SBC:
Centralized SBC
• maintains Core / Access side via different (physical and logical)
interfaces

20
• supports Remote Subscribers / Endpoints

7-
-0
SBC functionality is avalibale with the OpenScape Branch software package also:

20
o_
• Product OpenScape Branch

ol
Branch SBC
ic
en
• maintains LAN / WAN side via different interfaces
_G

• communication to OSV can be established via WAN (VPN or in-


do

ternet)
an
rn

• Sip Service Provider SSP can be established via WAN (typically,


Fe

VPN (via MPLS) or internet


._
_L

• SBC Proxy
EN

• maintains LAN / WAN side via different interfaces


00
EN

These SBC types will be covered during the lab exercises.


40
88
EN

6 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Deployment scenarios

2 Deployment scenarios

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 7
FN9850FN10FN_TBAZZZAIMHY
SIP trunking to a SIP Service Provider

2.1 SIP trunking to a SIP Service Provider


• Provides secure connection of OpenScape Voice and OpenScape
4000 IP telephony solution to carrier-based SIP trunking services
that provide access to the Public Switched Telephone Network
(PSTN)
• OpenScape SBC also provides for compatibility with the SIP signal-
ing variations support by different SSPs.
• Used also for private SIP trunking connections between enterprise
VoIP networks.

2.2 Remote user (e.g. home worker)

20
7-
-0
20
• Provides secure remote user access to the IP telephony infrastruc-

o_
ture of an OpenScape Voice system for SIP phones regardless of lo-

ol
cation. ic
en
• Supports the necessary near-end and far-end Network Address
_G

Translation (NAT) traversal functions for connection using public


do

IP addresses via the Internet. OpenScape SBC can perform the


an

near-end NAT function internally, or it can be installed behind an


rn
Fe

external near-end NAT/firewall, for example, inside the customer's


._

DMZ. The SBC can support a remote user that is installed behind a
_L

far-end NAT/firewall.
EN
00

• Symmetric Response Routing (RFC3581) is used by OpenScape SBC


EN

to dynamically detect the SIP signaling IP address/port of a remote


40

user behind a far-end NAT which is used to send SIP responses.


88

Symmetric RTP is used similarly for the media payload.


EN

• All OpenScape Voice SIP subscriber features are supported by


OpenScape SBC for a remote user.

2.3 Remote OpenScape Branch (Proxy)


• Facilitates the connection of remote branch offices that use Open-
Scape Branch operating in proxy mode connected with the head-
quarters via the private enterprise network, and is therefore using
the same IP address space.
• OpenScape SBC is optional in this configuration since there is no
NATing to be performed; however, the SBC may be desired for ser-
viceability and/or security reasons.

8 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Remote OpenScape Branch (SBC Proxy)

2.4 Remote OpenScape Branch (SBC Proxy)


• Facilitates the connection of remote branch offices that use Open-
Scape Branch operating in proxy mode connected to the central
headquarters via the enterprise network, and is therefore using
the same IP address space.
• OpenScape SBC is optional in this configuration since there is no
NATing to be performed; however, the SBC may be desired for ser-
viceability and/or security reasons.
• The Remote OpenScape Branch provides secure SBC connection to
carrier-based SIP trunking services that provide access to the Pub-
lic Switched Telephone Network (PSTN).

20
• The Remote OpenScape Branch also provides SBC functionality for

7-
compatiblity with the SIP signaling variations support by various

-0
20
SSPs.

o_
ol
ic
en
2.5 Remote OpenScape Branch (Branch SBC)
_G
do

• Facilitates the connection of remote branch offices that use Open-


an

Scape Branch operating in SBC mode connected to the central


rn
Fe

headquarters via a WAN, such as an untrusted or public network.


._
_L

• The OpenScape SBC is required for NATing and security at the data
EN

center, as is the integrated SBC in the OpenScape Branch required


00

for NATing and security at the remote branch office. The NAT de-
EN

vice serving a branch location may be configured with either a stat-


40

ic or dynamic IP address.
88
EN

2.6 Remote Gateways (not behind OpenScape Branch)


• Facilitates the connection of compatible versions of remote SIP-Q
gateways, such as OpenScape Business/HiPath 3000, OpenScape
4000, or RG gateways, which are connected to the central head-
quarters via a WAN, such as an untrusted or public network.
• The OpenScape SBC is required for NATing and security at the data
center.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 9
FN9850FN10FN_TBAZZZAIMHY
MGCP signaling support for remote media servers

2.7 MGCP signaling support for remote media servers


• Facilitates the connection of a remote branch office that requires
services from an external OpenScape Media Server connected to
the central headquarters via the enterprise network or WAN. In
this case, the OpenScape SBC supports the MGCP signaling con-
nection between the OpenScape Media Server located at the
branch office and the OpenScape Voice system located at the cen-
tral headquarters.
• The OpenScape SBC is optional when the connection is via a trust-
ed enterprise network and there is no NATing to be performed;
however, the SBC may still be desired for serviceability and/or se-
curity reasons.

20
7-
-0
20
2.8 Remote Gateway behind OpenScape Branch

o_
ol
ic
en
• Facilitates a gateway behind an OpenScape Branch. Example for is
_G

an virtualized OSB in proxy mode and Mediatrix (e.g. 4102) as gate-


do

way behind the proxy.


an

• From the point of view of the gateway, the „Outbound Proxy“ - in


rn
Fe

particular the virtualized OSB - can be used or a direct connection


._

to the CSBC.
_L
EN
00
EN
40
88
EN

10 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Implementation

3 Implementation
The following section provides an overview of general capabilities and features of the CSBC.

3.1 In general
• Can be installed as a virtual machine in a customer’s VMware en-
vironment or on a physical Unify certified platform
• Can be deployed as a component of OpenScape Virtual Appliance

20
based on the following OpenScape SBC (OSS) templates (ova):

7-
• OSS 250

-0
20
• OSS 6000

o_
• OSS 20000 - as of V9 up to 32000 signalling sessions supported
ol
ic
en
• Software Subscription Licensing (SSL) support
_G

• Supports all voice and video SIP endpoints and OpenScape Branch
do

systems supported by OpenScape Voice


an

• SIP header manipulations are performed, based on configured


rn
Fe

OpenScape deployment scenario and the connected SIP endpoints


._
_L

• SIP trunking to SIP Service Providers is supported with configu-


EN

rable SIP profile parameters


00

• SIP session-aware NAT/PAT is supported for SIP signaling and


EN

RTP/SRTP media connections


40

• Configurable source- and destination-based routing (static)


88
EN

• Multiple WAN interfaces and networks support


• Separate IP addresses for Signaling and Media
• Single-armed WAN/LAN interface within DMZ
• Location and Media realms for complex networks
• Media anchoring

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 11
FN9850FN10FN_TBAZZZAIMHY
Redundancy

3.2 Redundancy
• Ethernet bonding on LAN and WAN interfaces to provide network
interface redundancy
• Optional SBC server redundancy on the same subnet (VRRP-like
Layer 2 redundant server protocol)
• Supports redundant OpenScape Voice clusters that have either
Layer 2 co-located nodes or Layer 3 geographically separated
nodes

3.3 SIP & media support

20
7-
• OpenScape SBC is designed for use in the SIP environment of the

-0
20
OpenScape Voice solution.

o_
• RFC 3261 compliant
ol
• SIP Connect 1.1 compliant ic
en
_G

• SIP Registrar
do

• Media transcoding
an

• Dual-video content sharing


rn
Fe

• RTP/SRTP termination and mediation


._
_L

• TLS/TCP transport
EN

• Near-end and far-end NAT support


00
EN

• Static or dynamic NAT device support at remote branches


40

• VLAN support for connection to remote branch locations


88
EN

3.4 Management
• Full management integration using OpenScape Voice Assistant
• OpenScape SBC Management GUI (local administration)
• High serviceability for installation, upgrade and configuration
• Software download via SFTP
• Software installation for full image as well as for upgrades and up-
dates
• Backup/Restore of configuration database
• Alarming/SNMP support
• Differentiated ‚Admin‘ interface can be configured (for administra-
tion)

12 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Logging / Tracing

3.5 Logging / Tracing


• QoS monitoring and reporting
• Log data collection for all services
• RapidStat collection of data logged by OpenScape SBC
• Network Tracing

3.6 Networking
• DNS Support (Client and Server)
• NTP Support (Local Server and sync with remote Server)

20
7-
-0
20
3.7 QoS

o_
ol
• DSCP support for signaling, media and management traffic ic
en
_G

• Traffic Shaping
do
an
rn

3.8 Security
Fe
._
_L
EN

Industry certification
00

• OpenScape SBC is rated Certified Secure by Miercom Independent


EN

Testing Labs.
40
88
EN

Management interface security


• Administration access on SBC coreside (trusted LAN) and optional
on Access side
• Separate Ethernet interface for Administration

Management and Administration


• Configurable SuSE firewall rules
• Protocols:
• SSH2 (for CLI)
• HTTPS (for web-based admin)
• SFTP (for file transfers)
VPN Tunnel
• based on OpenVPN implementation
• Authentication possible with PSK or x509 certificates per tunnel

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 13
FN9850FN10FN_TBAZZZAIMHY
Security

Radius support for:


• Authentication
• Accounting

VoIP interface security


• Stateful firewall inspection
• Topology hiding
• Protection against registration floods
• Dynamic firewall pin-holing for media connections
• DoS/DDoS mitigation
• SNORT for traffic overload control and blocking of traffic from un-

20
authorized source (white/black lists)

7-
-0
• Intrusion detection

20
o_
• Malformed packet protection

ol
• Protocol anomaly protection ic
en
• Strict TCP validation to ensure TCP session state enforcement, val-
_G

idation of sequence and acknowledgement numbers, rejection of


do
an

bad TCP flag combinations


rn

• TCP reassembly for fragmented packet protection


Fe
._

• TLS encryption for SIP with separate TLS certificates for SIP Service
_L

Providers
EN

• Digest Authentication pass-through for authentication by Open-


00
EN

Scape Voice system


40

• SRTP pass-through for encrypted media packets (media security is


88

negotiated end-to-end between connected media endpoints)


EN

• SRTP termination for encrypted media packets to mediate be-


tween SRTP and RTP or MIKEY 0 and SDES
• MIKEY 0 and SDES support
• Secure remote Media Server communication
• Secure calls to/from Microsoft Lync

14 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Technical data

4 Technical data
Actually, performance can drastically vary, based on feature usage and implementation.
The following examples provide an implementation overview.
Please note: Following section is tied to a V8 implementation. Please consult latest Installa-
tion and Configuration guide.

4.1 Capacity and performance

20
Dependent upon the OpenScape SBC server there is a maximum number of sessions, regis-

7-
tered lines, trunks and traffic that can be supported.

-0
20
o_
Capacities and Performance

ol
ic
The capacity and performance of OpenScape SBC is dependent on the hardware server plat-
en
form that is used. Capacity and performance values may vary based on several factors includ-
_G

ing the customer’s IP network configuration, SIP registration and keep-alive intervals, SIP ses-
do
an

sion timer values, SIP signaling transport method, Digest Authentication usage, and SIP
rn

feature usage, particularly the usage of keyset operation and multiple contacts.
Fe
._

The values in the following table are provided based on the following configuration and op-
_L

erating characteristics, unless otherwise stated:


EN

• SIP transport protocol (either of the following configurations):


00
EN

• TLS for all connections; TLS keep-alive every 40 seconds and Di-
40

gest Authentication disabled in the OpenScape Voice server


88

• or ...
EN

• TCP for all connections and Digest Authentication enabled in


the OpenScape Voice server
• SIP Session Timers enabled in OpenScape Voice server with the
session expiration time set to 30 minutes.
• Default level logging enabled
• Average Call duration of 108 seconds
• Registration expiration time of 1 hour (on both sides of the SBC)
• No Keysets or Multiple Contacts

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 15
FN9850FN10FN_TBAZZZAIMHY
FN9850FN10FN_TBAZZZAIMHY

16 Overview

IBM x3250 M3 IBM x3250 M5 IBM x3550 M3/M4


or
FSC RX200 S6/S7 1

Max. registered hosted remote OpenScape Branch 6,000 3 6,000 3 50,000 3


users 2 (without Digest Authentication; Throttling
does not apply)

EN
Max. registered SIP remote users 2 , e. g. home workers 6,000 3 6,000 3 32,000 3

88
(without Digest Authentication and without Throt-

40
tling)

EN
Max. simultaneous SIP signaling calls/SBC sessions 4 1,600 2,700 8,000

00
EN
Max. simultaneous RTP media streams anchored 1,600 2,700 8,000
through OpenScape SBC (without Media Transcod-

_L
ing) 5

._
Fe
Max. simultaneous SRTP secure media streams (either 1,280 2,160 6,400

rn
MIKEY 0 or SDES) terminated/mediated by SBC (with-

an
out Media Transcoding)

do
_G
Max. number of media/location realm groups 1,024 1,024 1,024

en
Max. number of unique Remote User profiles (i. e. 255 255 255

ic
emergency calling location info, media anchoring and

ol
o_
security, etc.)

20
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved

Number of simultaneous SIP Service Providers (SSP) 10 6 10 6 10 6

-0
7-
Busy Hour Call Attempts ("full calls" 7 ) 27,000 27,200 79,200

20
Max. peak "half calls" 7 per second (without Digest Au- 158 158 448

Capacity and performance


thentication and without Throttling or TLS)

Registration refresh requests per second (randomized 5 5 26


registration steady state condition)

Steady state call completion rate 99.99% 99.99% 99.99%

Time to recover to steady-state operation (99.99% call <15 min. <15 min. <15 min.
completion) following simultaneous restart of all end-
point devices 8
01.2018
Capacity and performance

Please note: 1The capacity and performance of a physical OpenScape SBC is dependent on
the hardware server platform that is used. Capacity and performance values
may vary based on several factors including the customer's IP network configu-
ration, SIP registration and keep-alive intervals, SIP session timer values, SIP sig-
naling transport method, Digest Authentication usage, Media Transcoding us-
age, the rate of call attempts and SIP feature usage, particularly the usage of
keyset operation and multiple contacts. Network interface switch speed of hard-
ware platforms is set to 1 Gigabit Ethernet.
2For keysets, each keyset line appearance is counted as one regis-
tered user.
3Subscriber registration interval 3,600 seconds. Add the following

20
penalty (or penalties*) to determine the actual OpenScape SBC

7-
maximum registered users capacity limit when the following

-0
functions are enabled:

20
o_
a. Digest Authentication penalty: 25%

ol
b. Throttling penalty** (600 seconds throttling interval from
ic
en
SBC): 60%
_G

c. TLS penalty** (600 seconds keep alive interval; no throttling):


do

50%
an

*: To determine cumulative penalties, apply penalty 1 and on the


rn

new number, apply penalty 2.


Fe
._

**: Throttling and TLS penalties are not applicable to hosted re-
_L

mote Branch users.


EN

4An SBC session is defined as a SIP signaling call with an access-


00

side signaling leg and a core-side signaling leg. A typical voice


EN

call between a local OpenScape Voice user and a remote user


40
88

registered via the SBC, or to a SIP trunk connected via the SBC
EN

requires one SBC session. A typical video call requires two SBC
sessions; one for the video connection and another for the audio
connection. An additional 20% penalty on OpenScape SBC ca-
pacity should be added for a video connection versus an audio
connection due to the extra SIP INFO messages that are ex-
changed during a video call.
5
These are media streams routed through the SBC when a direct
media connection between endpoints is not possible, for exam-
ple, when the SBC needs to NAT the media packets because they
reside in different subnets. Each "half call" has two media
streams traveling in the opposite direction. For example, two
"half calls" are used when a remote user registered via the SBC is
connected to another remote user registered via the SBC, or to a
SIP trunk connected via the SBC. A single "half call" is used when
a local subscriber registered directly with the OpenScape Voice
server is connected to a remote user registered via the SBC, or to
a SIP trunk connected via the SBC.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 17
FN9850FN10FN_TBAZZZAIMHY
Capacity and performance

6Up to 10 SSP connections are supported. These connections can


come from the same or different SSPs assuming the IP addresses
on the SSP side are different. The SSP connection can point to
the same or different IP addresses on the OpenScape SBC.
7A "half call" is a call from either access-side (WAN) to core-side
(LAN) or from core-side (LAN) to access-side (WAN). A "full call"
consists of two "half call" legs, i. e. a call being initiated by the ac-
cess-side (WAN) going to core-side (LAN) and then coming back
to the access-side (WAN).
8When restarting, SIP endpoint devices are required to comply
with procedures specified in RFC 3261 and OSCAR Chapter 11:
Best Practices. With a simultaneous restart of all endpoint de-
vices when a user becomes successfully registered, that user

20
7-
shall immediately be able to originate and receive calls with a

-0
call completion rate of at least 99.99%.

20
Apply the following penalty (or penalties*) to determine the ac-

o_
ol
tual OpenScape SBC maximum calls per second limit when the
following functions are enabled: ic
en
_G

• Digest Authentication penalty: 30%


do

• Throttling penalty** (600 seconds throttling interval): 40%


an
rn

• TLS penalty** (600 seconds keep alive interval; no throttling):


Fe

50%
._
_L

*: To determine cumulative penalties, apply penalty 1 and on the


EN

new number, apply penalty 2.


00

**: Throttling and TLS penalties are not applicable to hosted re-
EN

mote Branch users.


40
88
EN

18 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Feature Implementation - Details

5 Feature Implementation -
Details
The OpenScape Session Border Controller (OSS) supports an abundance of features.
Please note: A detailed feature list and technical implementation is available in the Open-
Scape Installation Guide - section ‚Features‘.

5.1 SBC Version V9R1+ Deployment Scenarios and

20
Features

7-
-0
20
o_
Remote Users scenarios behind a NAT device at the remote location; Optipoint, OpenStage or

ol
SoftClient (see the models)
ic
en
• Remote Users at the same network where WAN is; no NAT device
_G

• Remote Branches as Proxy, BranchSBC and SBCProxy; OSB50, OSB50i,


do

OSB250,OSB2000, and OSB6000 with the following gateways


an
rn

• SIP : RG8700, Mediatrix or SSP-SIP Trunk


Fe

• SIPQ: RG8700, HG3500, HG1500


._
_L

• Integrated gateway of OpenScape Branch 50i


EN

• Gateways directly behind OpenScape SBC


00
EN

• SIP : RG8700 and Mediatrix or SIP trunk from the supported SSPs
40

• SIPQ : RG8700, HG3500 ¡V HG1500


88
EN

• Local Media Server in the Branch where the branch is also behind OS-SBC
• For the branches with the SSPs provide a dynamic NAT router, only
BranchSBC mode is supported. If the branch is in Proxy or SBCProxy mode,
this is not supported.
• Allow single SSP with different home DN prefix based hand
Multiple SSP profile usage towards the same SSP based on different Home DN
by setting Spare Flag 8 in each SSP Profile. Once set, all the Remote Endpoints
pointing to the same SSP must have flag 8 set in their SSP profiles. Incoming
calls from the SSP would then use the appropriate Remote Endpoints settings
based on the Home DN prefixed in the R-URI. Please note if this flag is set,
then all the Remote Endpoints pointing to the same SSP must be configured
with the same media settings. Spare Flag 3 in SSP Profiles is introduced with

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 19
FN9850FN10FN_TBAZZZAIMHY
SBC Version V9R1+ Deployment Scenarios and Features

SBC Version 11.01 to configure the OS-SBC to send configured HomeDn from
the SSP Profile in the Contact Header towards the SSP for all incoming and
outgoing SSP calls with Spare Flag 8 set.
• If it is necessary to reduce the number of re-INVITEs to an SSP or an SSP does
not support re-INVITEs, new flags (Spare Flag 9 or Spare Flag 10) in the SSP
profile are available and may be enabled, provided that the SBC Core Media
Protocol in use is RTP only.
Spare Flag 9 „Do not send Re-Invite when no media type change“ will not send
a re-INVITE to the SSP if there is no change in the media type characteristics
towards SSP for example audio to audio re-INVITE. In the case where session
refresh timer re-INVITEs are enabled to the SSP, the re-INVITE will be sent to
the SSP.
Spare Flag 10 „Do not send Re-INVITE“ will not send any re-INVITEs at all to

20
the SSP, including session refresh timer re-INVITEs.

7-
-0
• Support Interworking of Invite without SDP

20
OS SBC now supports a new configuration item per SIP Service Provider pro-

o_
ol
file which allows setting an indication whether the SSP supports receiving IN-
ic
VITE without SDP or not. The flag in the SSP Profile, has the same name as the
en
_G

endpoint attribute used in OSV: Do not send INVITE without SDP.


do

Whenever OS SBC receives an initial INVITE without SDP targeted for a re-
an

mote endpoint for which the new Do not send INVITE without SDP flag is set,
rn

the SBC will select a free RTP port on the Access side of the SBC to be included
Fe

in the SDP offer.


._
_L

The codecs in the SDP offer to the SSP are configurable by enabling Codec sup-
EN

port for transcoding under the Features Page from LOCAL GUI and selecting
00

which codecs to allow. A media profile can then be created from VOIP Media
EN

page and the codecs can be chosen and assigned a priority in the generated
40

SDP offer.
88

For incoming calls from the SSP, the SSP must offer at a minimum an unse-
EN

cure audio stream.


An Initial INVITE with secure media only in the SDP received on the access
side from the SSP shall be rejected by the OS SBC with a 488 Not Acceptable
Here SIP response, if the SSP sending the INVITE with SDP has the “Do not
send INVITE without SDP” flag set.
“Do not send INVITE without SDP” flag requires Media Protocol to be RTP for
the Remote Endpoint representing the SSP
• If the SBC firewall is configured with a Blacklist with IP of 0.0.0.0 (i.e. block ev-
erything), then the accompanying Whitelist must be configured with the al-
lowed IP addresses and subnets. These allowed addresses/subnets should in-
clude those possibly used for Signaling and/or for Media. Certain SSPs may
use a different subnet for the Media than what is used for Signaling and so
therefore that Media subnet must be configured in the Whitelist.
• Update for the Shell Shock vulnerability is included in this Release.

20 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy

6 Redundancy
There are various options for deploying redundancy based on the customers network, loca-
tion of data centers and number of data centers.
The basic configurations for SIP-Server redundancy are (based on SBC Version 9):
• Simplex
this is for a single SIP Server
• Co-located
this means a load balancing configuration. Traffic coming in on Ac-
cess IP 1 goes to Comm System node 1 and traffic on Access IP 2

20
goes to Comm System node 2.

7-
-0
• Active-Standby for an redundant SIP Server

20
o_
• Clustered

ol
Load Balancing based on Groups an Rules, useful with multiple
ic
en
HG3500 gateways.
_G
do
an

4 Modes are supported


rn
Fe
._
_L
EN
00
EN
40
88
EN

Depending on the type of redundancy a different number of IP addresses are necessary.


Please consult the official installation guide to find more details.

Please note: Redundancy across geographically-


 separated OpenScape SBC nodes is supported in
OpenScape SBC.

6.1 Redundant OpenScape SBC


Redundant OpenScape SBC configurations provide VIP address failover for both LAN net-
work and WAN addresses.
Periodic heartbeats are sent by the Standby OpenScape SBC node to detect failover condi-
tions. Either OpenScape SBC node may assume active or standby mode at any time, however
only one node shall be in an active operation mode.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 21
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

When the redundant OpenScape SBC nodes share the same sub-net for the inside network
additional data is synchronized in near real-time between the OpenScape SBC nodes to allow
continued operation when the standby OpenScape SBC node must assume an active Open-
Scape SBC node status.
The synchronization data includes for example:
• Configuration changes
• SIP dialog context information to allow existing SIP dialogs (cre-
ation, establishment and termination) continue after an SBC
failover
• Media port mappings for sessions traversing the SBC.
• IP addresses and ports used for established TCP connections

20
• TLS session handles using TCP connections

7-
• Updates to any current SIP registration bindings

-0
20
o_
6.2 Redundancy of SIP-Server Connection ol
ic
en
_G
do

6.2.1 Simplex SIP Server Connection Mode


an
rn
Fe

The OpenScape SBC does not require any special functionality to interface with a simplex
._

OpenScape Voice (OSV). All SIP requests and responses are received at a single outside/ WAN
_L

interface of the OpenScape SBC and are relayed to a single OSV IP address. The OpenScape
EN

SBC is configured with Comm. System Type = Simplex.


00
EN

An optional second OpenScape SBC can be used to provide a redundant SBC cluster if neces-
40

sary although as OSV itself has no redundancy in this configuration.


88
EN

Active-standby mode
When OSV is operating only in active-standby mode all devices register to the same OSV node
as their primary SIP Server/Registrar. Failure of a single OpenScape SBC node or OSV node is
handled by the remaining node taking over the VIP address and is transparent to the Open-
Scape SBC. The external behavior towards the devices is the same as the simplex OSV scenar-
io. The OpenScape SBC maintains only a single active binding to the Virtual IP (VIP) of the OSV
cluster. In the Active-Standby scenario the SBC is configured with Comm. System Type = Sim-
plex.

22 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

OpenScape OpenScape
Voice Voice

20
LAN
LAN LAN

7-
-0
20
o_
ol
ic Virtual IP (VIP)
en
_G

sync
do
an

OpenScape SBC SBC


rn
Fe

SBC Active Backup (Standby)


._

Node 1 Node 2
_L
EN
00
EN

Virtual IP (VIP)
40
88
EN

WAN

WAN WAN

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 23
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

6.2.2 Co-Located SIP Server Connection Mode


OpenScape SBC supports co-located OSV duplex configurations in active-active mode.

Active-Active

OSV OSV
Active Active
Node 1 Node 2

20
7-
VIP VIP

-0
Node 1 Node 2

20
o_
LAN
ol
ic
en
_G
do

Virtual IP (VIP)
an
rn

sync
Fe
._
_L

SBC SBC
EN

Active Backup (Standby)


00

Node 1 Node 2
EN
40
88
EN

VIP 1 VIP 2

WAN

• Active-active mode
When OSV is operating in an active-active mode some devices need to regis-
ter with OSV node 1 and other devices need to register with OSV node 2.
Therefore the OpenScape SBC cluster must provide two external VIP address-
es (VIP 1 and VIP 2), one associated with OSV node 1 and the other associated
with OSV node 2. Endpoint devices including SIP user phones or gateways,
SIP Service Providers and OpenScape Branches must be configured with one
of the external VIP address as their SIP Server and SIP Registrar.
The OpenScape SBC maintains two active bindings, one for each OSV node,

24 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

and forwards requests to the appropriate OSV node based on the OSV identity
as reflected in the Request URI of the received request.
If the active OpenScape SBC fails the standby OpenScape SBC takes over the
external VIP address as well as the internal VIP address binding with Open-
Scape Voice so the failure is transparent to OpenScape Voice.
OpenScape Voice failures are transparent to OpenScape SBC. If an active
OpenScape Voice node fails, the partner OSV takes over the internal VIP ad-
dress of the failed OSV node assuming both inside network VIP addresses.
In the Active-active scenario the OpenScape SBC is configured with Comm.
System Type = Collocated.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 25
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

6.2.3 Duplex geo-separated SIP Server Connection Mode


In addition to the OpenScape SBC redundancy on the same subnet for support of co-located
OpenScape redundant nodes, this feature provides support for OpenScape Voice redundancy
of geographically separated nodes that are on separate subnets. A Layer 3 (L3) connection is
used to exchange call state information between the geographically separated OpenScape
SBCs.

Geo-Separated

OSV OSV
Active Active

20
Node 1 Node 2

7-
-0
Node 1 IP Node 2 IP

20
o_
ol
ic
en

LAN LAN
_G
do
an
rn

SIP Server Mode: SIP Server Mode:


Fe

Active-Active Active-Active
._
_L
EN

SBC SBC
00
EN

Active Active
40
88

Backup (Standby) Backup (Standby)


EN

External Network

WAN WAN

At least two OpenScape SBC servers (one at each data center) are required to support Open-
Scape Voice geographically separated redundancy. Four OpenScape SBC servers are required
(two at each data center) in case server redundancy at each data center is also required.
Unlike OpenScape SBC redundancy on the same subnet where a common set of SBC Session
Licenses can be shared between the Active and Standby servers, OpenScape SBCs that are L3
geographically separated are counted as separate systems for purposes of SBC Session Licens-
es. In other words, a separate set of SBC Session Licenses need to be used for the OpenScape
SBC system that are geographically separated.

26 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

6.2.4 Clustered SIP Server Connection Mode


The connection mode 'Clustered' allows the SBC to connect to multiple SIP servers (useful in
the case of supporting multiple HG3500 gateways / OS4ks via SIP) at the core side and logically
group the SIP server nodes into clusters. The concept of groups will been shown in the dia-
gram below.
Incoming Requests Routing
When an incoming request arrives at the access side of the SBC it checks the interface on
which the request was received. Based on the access realm configuration, the SBC routes an
incoming request received on external interface w1 to group 1, a request received on interface
w2 to group etc. as shown in the following diagram:

20
7-
-0
20
o_
Group 1 Group 2 Group 3

ol
ic
en
_G
do

Node 1-1 Node 1-2 Node 1-3 Node 2-1 Node 2-2 Node 2-3 Node 3-1 Node 3-2 Node 3-3
an
rn
Fe
._
_L
EN
00

Example Setting
EN

WAN
40
88

Group1 Group2 Group3


CORE
EN

OS SBC
ACCESS
w1 w2 w3
Routing based on:

Realm <-> Group

WAN

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 27
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

If no group has been assigned to a particular access realm (option 'Any'), the SBC routes the
incoming request based on the best match of the request URI user part and prefix codes which
is configurable per group.
The routing of incoming requests on the access side applies only to the initial request for a call
(INVITE). Subsequent in-dialog requests by default follows the same route as the initial re-
quest.
Load Balancing
The SBC is also able of performing load balancing between the nodes that belong to the same
group. Incoming requests to the nodes belonging to a group are distributed on a round-robin
fashion.
Node Failure Detection

20
7-
The SBC monitors the availability of each of the nodes by sending a SIP OPTIONS periodically

-0
to each of the nodes. The Kamailio Dispatcher module is used for this purpose. Based on a

20
configurable timer, if the node does not respond to the SIP OPTIONS before the timer expires,

o_
ol
the SBC marks this node as not available (e.g. add it to a penalty box) and send the request to
the next node. ic
en
_G

Remote Subscribers
do
an

The following configuration guidelines are given:


rn

• Case 1: If the subscriber DB is shared across the SIP servers (as is


Fe
._

the case for OSV collocated and geo-separated) then it no special


_L

configuration is needed, the SBC routes an incoming request from


EN

any remote subscriber to any SIP server


00

• Case 2: If the subscriber DB is NOT shared across the SIP servers (as
EN

is the case for 4K) then the admin must configure a separate access
40
88

realm per node and each remote subscriber belonging to a partic-


EN

ular SIP server should register via the corresponding access realm.

28 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

Any
CORE
URI based OS SBC
routing
ACCESS
Realm1 Realm2 Realm3

Group1 Group2 Group3


CORE

20
Realm to Group
OS SBC

7-
Routing

-0
20
ACCESS

o_
Realm1 Realm2 Realm3
ol
ic
en
_G
do

SIP1 SIP2 SIP3


Round Robin
an

Distribution
rn

Group1
Fe

Group2 Group3
._

CORE
_L
EN

OS SBC
00
EN

ACCESS
Realm1 Realm2 Realm3
40
88
EN

Operational Aspects
The admin GUI is enhanced to allow the configuration of group (cluster) nodes when the 'com-
munication mode' is set to 'clustered'. In order to maintain backwards compatibility the exist-
ing GUIs for modes 'simplex', 'Active-Active', 'Active-Standby' remains as is.
Only when the mode 'clustered' is selected a new GUI is available where the admin configures
the groups of SIP servers.
The following data is configurable for each group:
• Group Name
• Associated prefix codes as a comma delimited list (e.g. 55%,123%
etc)

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 29
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

For a specific group, the admin is able to configure one or more nodes belonging to that group.
The following data is configurable for each node within a group:
• Node name
• IP or FQDN
• Port
• Transport protocol
• Priority (optional)

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L

In the access realm configuration, when the connection mode is set to 'clustered', the 'SIP serv-
EN

er' drop-down list contains the configured groups along with the option 'Any' (as shown in the
00

figure below). If the 'Any' option is selected then the routing is prefix-based instead of inter-
EN

face-based.
40
88
EN

SBC Navigation:

Network-> Settings ->


Access and Admin realm con-
figuration

If no group has been assigned to a particular access realm use Any. The SBC routes the in-
coming request based on the best match of the request URI user part and prefix codes
which is configurable per group.

30 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

6.2.5 SBC SIP Server Clustered Check


If the SIP Server is set to Clustered then the DASHBOARD GUI changes.

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

The screenshot above shows four Groups (with only one SIP-Server per group) where only
one Server is connected.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 31
FN9850FN10FN_TBAZZZAIMHY
Redundancy of SIP-Server Connection

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

32 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Licensing

7 Licensing
For OpenScape Session Border Controller and associated applications different license types
are available. The license „Package“ will be installed on the Common Management Portal
(CMP) and can be assigned from there to the different devices. Each SBC needs a least a „Base
License“ plus one „Sessions License“ for each call later. The SBC will run without a valid license
up to 30 days. If a license will not be installed within the this grace period, the SBC stops pro-
ceeding requests after 30 days.
License Types:
• Base

20
• Circuit SBC Sessions

7-
-0
• SBC Sessions

20
o_
• SBC BCF (Border Control Function)

ol
ic
en
SBC Base License
_G

Each installed device needs a SBC Base License. This license is used to track the number of
do

SBC‘s installed in the field.


an
rn
Fe

SBC Session License


._
_L

An OpenScape SBC Session License is consumed for each active SIP call connection that is be-
EN

ing managed and processed by OpenScape SBC. Each SIP all connection may consist of the SIP
00

signaling packets only (when media packets are being routed between the endpoints), or
EN

when both SIP signaling and media packets are being managed and processed by OpenScape
40

SBC. In other words, if a SIP signaling connection traverses OpenScape SBC (that is, a SIP con-
88
EN

nection between the SBC core-side and the SBC access-side), with or without the correspond-
ing media packets for that call, an SBC session is consumed.
The following four cases will illustrate the SBC session usage:

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 33
FN9850FN10FN_TBAZZZAIMHY
Licensing

One Session License is required for:


• Case #1: SIP Trunk call consuming one SBC session or
• Case #2: Call between Remote User and Local user consuming one
SBC session

Case 1
(Subscriber à SIP Trunk)
PSTN

Session License

20
7-
-0
Case 2 Signaling

20
(Subscriber à Subscriber) Payload

o_
ol
ic
en
_G
do

Two Session Licenses are required for:


an
rn

• Case #3: Call between two Remote Users with media routed direct-
Fe

ly between phones consuming two SBC sessions


._
_L
EN
00
EN

Session License #1
40
88
EN

Signaling
Payload

Session License #2

34 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Licensing

• Case #4: Call between two Remote Users with media routed
through SBC consuming two SBC sessions

Session License #1

Signaling
Payload

20
7-
-0
20
o_
Session License #2
ol
ic
en
_G

Circuit Session License


do

Circuit Session Licenses are required for the Circuit Telephony Connector feature. Each Cir-
an
rn

cuit user who wants to connect to a SIP-Server through the SBC will be calculated as one Cir-
Fe

cuit License.
._
_L
EN
00
EN
40
88
EN

Border Control Function License


The Border Control Function (BCF) comprises of several distinct elements pertaining to net-
work edge control and SIP message handling.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 35
FN9850FN10FN_TBAZZZAIMHY
Licensing

The Border Control Function is enabled by using the Enable BCF support checkbox (disabled
by default). Additional configuration is performed via the associated Configure button.

Please note: This flag can only be checked if a

20
valid OpenScape SBC BCF License is applied. If

7-
 such a licence doesn't exist or is invalid, both the

-0
20
flag and the configuration button is grayed out

o_
and a remark OpenScape SBC BCF License is re-

ol
quired is shown. ic
en
_G
do

For OS-4K deployments, Border Control Function (BCF) is disabled


an
rn

INFO: The BCF functionality will be configurable for either North-American defined by NENA
Fe

(National Emergency Number Association a.k.a. the 9-1-1 Association) or European market
._
_L

defined by EENA (European Emergency Number Association).


EN
00
EN
40
88
EN

36 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Licensing Files

7.1 Licensing Files


The following types of license files are supported:
• Regular License Files (RLF) contain licenses purchased by the cus-
tomer.
Regular Licenses have no expiration date.
• Centralized SBC Base Licenses (maximum allowed 100)
• OpenScape SBC Session Licenses (Maximum allowed 160K for
Branches and 40K for OpenScape SBC)
• Software Subscription License file is a Regular License file that ex-
pires on Jan 31st and will contain the maximum values possible for
each OpenScape SBC license type.

20
7-
• 100 Centralized SBC Base Licenses

-0
• 200,000 OpenScape SBC Session Licenses (160K for Branches

20
o_
and 40K for OpenScape SBC)

ol
• Evaluation License file is a Regular License File with an expiration ic
en
time of 180 days. The Evaluation License File shall contain the fol-
_G

lowing licenses:
do

• 1 OpenScape SBC Evaluaton License (if evaluating SBC)


an
rn

• 100 OpenScape SBC Session Licenses (if evaluating OSB or SBC)


Fe
._

• Demo License file is a Regular License File with no expiration.


_L

These licenses are for Unify internal use only.


EN

• 1 OpenScape SBC Base license (for SBC demo)


00
EN

• 100 OpenScape SBC Session Licenses (for demo of either OSB or


40

SBC)
88
EN

Redundancy
For redundant OpenScape systems the active node populates its’ licensing to the backup
node. No additional licenses are required.

7.1.1 Regular License


OpenScape Branch Assistant supports Regular License files. The Regular license is a customer
purchased license that does not expire.

License Functionality
The Regular license provides the capability to for a customer to use OpenScape SBC function-
ality, SBC base functions and SBC sessions without expiration.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 37
FN9850FN10FN_TBAZZZAIMHY
Licensing Files

License Monitoring
• OpenScape Branch Assistant is informed by the License Manage-
ment service that a new RLF license file has been applied including
the total number of OpenScape Branch licenses for each license
type and the expiration date of the license file. OpenScape Branch
Assistant will then check to ensure the number of licenses in the
RLF is enough to accommodate the number of configured licenses
for all devices. If not, OpenScape Branch Assistant provides a pop-
up to inform the craft the RLF license file does not have enough li-
censes. In this situation OpenScape Branch Assistant will also re-
turn license values of zero to all devices requesting a license
update until a license file with enough licenses is applied to the
system.

20
7-
• If the RLF license file has enough licenses to accommodate all the

-0
20
devices, OpenScape Branch Assistant will check-out the licenses

o_
for each device.

ol
ic
• The OpenScape Branch will display a popup at least once a day
en
whenever any license file is within 60 days of expiration and when-
_G

ever configuration is not possible due to the inability to check-out


do

a license. The popup will be shown when navigating to the Open-


an

Scape Branch Assistant tab.


rn
Fe

• If OpenScape Branch Assistant is informed by the License Manage-


._
_L

ment service that an RLF license file has expired, the OpenScape
EN

Branch Assistant will return values of zero for all licenses whenev-
00

er a device request a license update. This will occur until a new li-
EN

cense is applied.
40
88

7.1.2 Software Subscription License


EN

OpenScape Branch Assistant supports Software Subscription License (SSL) files. Software
Subscription Licensing consists of two parts – the Product Instance and the Subscription Li-
cense.

Licensing Structure
• Product Instance: The Product Instance is purchased once for each
product and consists of all of the licenses necessary to equip a
product for its maximum capacity, including all major features.
The Product Instance is time limited each year until January 31st so
the customer must renew their Product Instance annually be-
tween the first of December and the end of January. This does not
require any additional ordering – just an update of the product li-
cense keys.

38 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Licensing Files

• Subscription License: The Subscription License is the monthly


charge for a single user to use a single product. If a single user has
voice, voice mail and Unified Communications (UC), then they
would pay for 3 Subscription Licenses – one for OpenScape Voice,
one for Xpressions and one for OpenScape UC. The Subscription
Licenses are based upon the product usage that is reported month-
ly and the cost is calculated postmortem based on actual service
consumption.

SSL License Customers


There are two SSL License Customer types; Service Providers and Enterprise customers. Ser-
vice Providers resell OpenScape product, while Enterprise customers are end users. The fol-
lowing SSL licensing is provided based on the Licensing Structure and type of Customer:

20
7-
• Product Instance - The following licenses are provided via SSL Li-

-0
20
censing:

o_
• OpenScape Session Border Controller V2 Product Instance for
ol
Service Provider Licensing ic
en
• OpenScape Session Border Controller V2 Product Instance for
_G

Enterprise Licensing
do
an

• Subscription License - The following licenses are provided via SSL


rn

Licensing:
Fe
._

• Monthly Subscription License Service Provider OpenScape Ses-


_L

sion Border Controller Session License (per session)


EN

• Monthly Subscription License Enterprise Provider OpenScape


00
EN

Session Border Controller Session License (per session)


40
88

License Functionality
EN

The Software Subscription licenses provides the capability to for a customer to use Open-
Scape SBC functionality, SBC base features and SBC sessions for the length of the software
subscription.

License Monitoring
• The OpenScape Branch Assistant displays a popup at least once a
day whenever any license file is within 60 days of expiration and
whenever configuration is not possible due to the inability to
check-out a license. The popup is displayed when navigating to the
OpenScape Branch Assistant.
• If OpenScape Branch Assistant is informed by the License Manage-
ment service that a Regular License File (RLF) license file has ex-
pired, the OpenScape Branch Assistant will return values of zero
for all licenses whenever a device request a license update. This
will occur until a new license is applied.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 39
FN9850FN10FN_TBAZZZAIMHY
Licensing Files

License Billing
• OpenScape Branch Assistant provides high water mark counters
for the last 12 months and supports the retrieval of the current val-
ues of the high watermarks by the Common Management Portal
(CMP) for each new license type.
• The billing period ID as well as the values of all high watermarks
are included in the results.
• A high watermark of the values of the OpenScape Branch License
usage counters are calculated on every counter change and written
to OpenScape Branch Assistant database and the disk along with
the billing period ID.
• On a monthly basis, the high watermarks are reset to the instant

20
value of used Dynamic Licenses.

7-
-0
• The Software Subscription licensing related parameters/counters

20
are displayed in the OpenScape Branch Assistant.

o_
ol
ic
en
7.1.3 Evaluation License
_G
do

OpenScape Branch Assistant supports Evaluation License files. The Evaluation license file is a
an

Regular License file (RLF) that expires after 180 (calendar) days.
rn
Fe
._

License Functionality
_L
EN

The Evaluation license provides the capability to for a customer to evaluate OpenScape SBC
00

functionality, SBC base functions and SBC sessions for up to 180 days.
EN
40

License Monitoring
88
EN

• The OpenScape Branch Assistant displays a popup at least once a


day whenever any license file is within 60 days of expiration and
whenever configuration is not possible due to the inability to
check-out a license. The popup is displayed when navigating to the
OpenScape Branch Assistant.
• If OpenScape Branch Assistant is informed by the License Manage-
ment service that an Evaluation license file has expired, the Open-
Scape Branch Assistant will return values of zero for all licenses
whenever a device request a license update. This will occur until a
new license is applied.

7.1.4 Demo License


OpenScape Branch Assistant supports Demo License files. The Demo license is a Regular Li-
cense file (RLF) that has no expiration. This type of license is for Unify internal use only.

40 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
OpenScape Session Border Controller (SBC) Base License

License Functionality
The Demo license provides the capability for a Unify employee to demonstrate OpenScape
SBC functionality to a prospective customer.

7.2 OpenScape Session Border Controller (SBC) Base


License
The OpenScape Session Border Controller (SBC) Base license provides full usage of the basic
SBC software for a given version e.g. OpenScape SBC V2 base software.
The OpenScape SBC Base license is not tied to a software release or hardware type. OpenScape

20
SBC Base licenses are used to track the number of OpenScape Branch(s) in the field.

7-
-0
OpenScape SBC Base licenses are configured via the OpenScape Branch Assistant. The Open-

20
Scape Branch will then request the license from the Existing License Management Service. If

o_
the OpenScape SBC Base licenses are not available, the OpenScape Branch Assistant will not
ol
ic
allow the configuration of the Base License. The OpenScape Branch Assistant keeps track of
en
the usage counters and displays the OpenScape SBC Base licenses assigned to OpenScape SBC
_G

devices.
do
an

The maximum number of OpenScape SBC base licenses is 100.


rn
Fe
._
_L

7.3 OpenScape SBC Session License


EN
00

OpenScape SBC Session licenses are shared between OpenScape Branch and OpenScape SBC,
EN

and control the maximum number of connections to OpenScape SBC and OpenScape Branch-
40

es.
88
EN

OpenScape SBC Session licenses are configured via the OpenScape Branch Assistant. The
OpenScape Branch will then request the license from the Existing License Management Ser-
vice. If the OpenScape SBC Session licenses are not available, the OpenScape Branch Assistant
will not allow the configuration of the Session License. The OpenScape Branch Assistant keeps
track of the usage counters and displays the OpenScape SBC Session licenses assigned to
OpenScape Branch and OpenScape SBC devices.
An OpenScape SBC Session License is required for the following:
• OpenScape SBC - Internet connections
• OpenScape SBC - SIP Trunking and Remote Subscribers
• OpenScape Branch - SBC Proxy - SIP Trunking
• OpenScape Branch - SBC - SIP Trunking
The maximum number of OpenScape SBC Session licences is 200,000 (160K for OpenScape
Branches and 40K for OpenScape SBCs).

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 41
FN9850FN10FN_TBAZZZAIMHY
Managing Licenses

7.4 Managing Licenses

7.4.1 License Management Concept


The legal use of the OpenScape system features requires the corresponding product licenses.
You can use the license management to activate these licenses and to view license informa-
tion. The license management works domainspanning.
Central License Server (CLS) The Central License Server (CLS) generates and manages the li-
cense files. A license file is generated when the License Authorization Code is sent to the CLS
by Common Management Portal. The transfer of the license file to Common Management
Portal occurs automatically via the internet.

20
7-
-0
Important: When you connect the Common

20
Management Portal computer system to the

o_
7
ol
internet, make sure that the computer system can
ic
only connect to the CLS and other selected, secure
en
_G

target systems.
do
an
rn
Fe
._
_L

Please note: In certain circumstances the Common


EN

Management Portal may not be able or desired to


00

access the internet. In this case it is possible to


EN

 manually generate the license file at the CLS and to


40

download it. The associated licenses can then be


88

activated in the Common Management Portal with


EN

the license file alone and without internet connec-


tion.

Every customer or sales partner has a separate license account on the CLS. The accounts can
be maintained at the CLS via a separate web-based user interface. All available and already
purchased licenses can be displayed.

Licensing via Common Management Portal


The licenses are activated with Common Management Portal. The Common Management
Portal transfers the License Authorization Code (LAC) to the CLS and receives the associated
license file.
The licenses and their related information are displayed in Common Management Portal. You
can see the total number of licenses. You can see which licenses are assigned to which appli-
cations or features, and when these licenses expire. In addition, you can see how many licens-
es are still free.

42 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY
Managing Licenses

OpenScape Branch Assistant stores licensing information encrypted on the disk.

Licensing in Stand Alone Mode


Stand alone Mode is defined as when an OpenScape Branch or OpenScape SBC is deployed at
a customer who does not have a Common Management Portal (CMP) with OpenScape Branch
Assistant. These customers use the OpenScape SBC local GUI to manage the OpenScape SBC.

Grace Period
After purchasing or installing the product/feature, the license for it must be activated within
a specified time period - called the grace period. Depending on the product involved, this pe-
riod may be e. g. 30 days.

20
During this grace period, the product may be restricted or fully functional. If you do not install

7-
a license after the grace period, the product becomes severely restricted or stops working en-

-0
tirely.

20
o_
ol
MAC address (Locking-ID)
ic
en
During production, hardware is assigned a board-specific number called a MAC address
_G

which is unique world-wide. To guarantee unique licensing, the license file is linked to the
do

hardware's MAC address (for example, network card of the system server). Every project / fea-
an
rn

ture license is therefore linked to this locking ID.


Fe
._

Process Flow for Online License Activation


_L
EN

1: The order is placed by the customer and entered in the SAP system,
00

for example.
EN

2: The license-relevant order details are stored in the database of the


40
88

CLS.
EN

3: The CLS automatically generates the license authorization code


(LAC) from the data. This LAC is forwarded to the customer (for ex-
ample, via e-mail) together with the CLS access data.
4: The delivery of the product / feature is initiated.
5: The customer installs the product / feature. The grace period be-
gins during which the product/feature must be licensed.
6: The customer transfers the License Authorization Code to the CLS
via the internet by using the Common Management Portal. Some
customer-specific hardware data (such as the MAC address of the
system server, which is also called the Locking ID) is sent to the CLS
along with the LAC.
7: The CLS uses the License Authorization Code and the customer-
specific hardware data to generate a license file and then sends this
back to the Common Management Portal. The license file contains
all the licenses associated with the product/feature.

01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
Overview 43
FN9850FN10FN_TBAZZZAIMHY
Managing Licenses

20
7-
-0
20
o_
ol
ic
en
_G
do
an
rn
Fe
._
_L
EN
00
EN
40
88
EN

44 Overview 01.2018
© Unify Software and Solutions GmbH & Co. KG 2018 All rights reserved
FN9850FN10FN_TBAZZZAIMHY

You might also like