Kevin Riley: If I had to boil it down, I see three key trends happening today. The first is the move from fixed, purpose-built hardware to a cloud-based, software-defined infrastructure. The second – increased opening of new service models. And finally, the third would have to be the growing importance of security.
Today we can virtualize the entire technology stack from compute to network and storage to security. Beyond cost savings and improved productivity, the shift to “software-defined everything” creates a foundation where IT can build agility into the way they deliver services. While organizations, verticals and regions differ in pace of their transition to the cloud, it’s a pervasive movement and something that will affect everyone in time.
As we turn to new service models, such as unified communications-as-a-service (UCaaS), we see an explosive growth in cloud-based offerings for SIP trunking, UC, contact centers and conferencing. With the advances in bandwidth and reliability of the IP network today, an enterprise’s decision to move their real-time communications to SIP and leverage a cloud service provider has become easier and more cost effective than ever before.
To provide enterprises with cloud-based IP communications services, service providers will leverage network functions virtualization (NFV) architectures and orchestration tools to instantiate network services, such as a run-time ready session border controller (SBC) for secure, robust, SIP-based services in just minutes. With a virtual, cloud-optimized SBC like our SBC SWe solution, service providers can deliver the security, scalability, interworking and high-availability that enterprise customers have come to expect from hardware-only solutions.
And finally, what seems to be on everyone’s mind, is the growing importance of security. While security breaches attributable to SIP have not yet been as widely publicized as other breaches, this is likely to change. As SIP adoption grows, hackers are preying on vulnerabilities created by a lack of understanding of the risks, and subsequent lack of best practices needed to address the threats and protect the IP network. Some attackers will target SIP specifically for toll fraud, but more likely this will be their point of entry for other forms of malicious activity such as disrupting operations, identity theft, financial theft, corporate espionage or supporting political agendas. This makes SIP more of a means to an end, and companies must adopt a zero-trust model when defining their security strategy. Any unprotected layer, such as a UC application, must be addressed because the move to cloud-based services has greatly increased the surface area of attack. Products such as Sonus SBCs act as the firewall for real-time communications services and are a critical element in any organization’s security strategy.
What do you believe are the key tenets to this new cloud-based communications?
When it comes to cloud communications, service providers need to continue to deliver a carrier-grade solution in order to be successful. Quality is a major concern as mission critical communications move off-premises, so ensuring carrier-grade quality and reliability is key. Service providers have to continue to meet expectations for high availability and resiliency, while delivering new capabilities such as elasticity with on-demand scaling, optimized operational efficiency with auto configuration, and network resource optimization with dynamic load balancing.
Adoption of a microservices architecture will become increasingly important as well. Service providers should be able to monetize their cloud investment by rapidly creating and seamlessly scaling out new services. Microservices serve as the mechanism to get more granular in this scalability by separating network services into functional components. For our SBC SWe, this means signaling, media processing and transcoding can be scaled independently. It also means that technology decisions can be made independently. For example, introducing the use of graphics processing units (GPUs) for media transcoding instead of using CPUs which are not optimized for compute-intensive processing.
And finally, partnerships will be critical for cloud-based communications. It’s unlikely that any single vendor will have one solution for all network services. The focus needs to be on tight integration with third-party solutions, particularly in regard to service orchestration, and open APIs to take advantage of analytics and other third-party tools. It’s important for us, as vendors, to test solutions together to create best-of-breed networks that will interoperate.
With regard to cloud-based communications, what elements do you think have the most traction?
In terms of Sonus’ experience, we are focused on virtual SBCs in three deployment models: virtualized access SBCs, virtualized interconnect SBCs and virtual customer premise equipment (vCPE).
Access service providers of cloud-based UC, conferencing and contact center services can virtualize their SBCs in the cloud and provide value-added services around them such as encryption and interworking without sacrificing performance, quality or resiliency. Sonus’ cloud-optimized SBCs deliver key feature functionality designed to ease a service provider’s migration of real-time communications to the cloud. With these SBCs, service providers can dramatically increase their customer responsiveness by being able to bring up run-time ready SBCs for secure, robust, SIP service in just minutes.
Looking to interconnection peering points, it’s easy to see these are dynamic in nature because each service provider is trying to optimize the cost of their interconnection points, often making routing changes “on the fly” based on least cost routing decisions, changes in quality of service conditions or access traffic growth/shrinkage in geographic regions. With a fixed hardware-based solution this typically leads to overprovisioning of capacity increasing both capital expense and operational expense. However, it is possible to overcome this limitation using a virtualized interconnect SBC.
A virtual, cloud-optimized SBC provides elasticity, which is the ability to have on-demand instantiation to match dynamic traffic demands. With the Sonus SBC SWe, service providers can scale a single instance, or multiple instances, independently from very low to very high session counts. With Sonus’ NFV orchestration partners, this on-demand scaling will be automated and touchless. In addition to elasticity, load balancing, high availability and network-wide licensing are also going to be keys to successfully address dynamic traffic demands of virtual interconnect SBCs.
On the enterprise side, by leveraging NFV and the cloud, service providers can provide SBC functions as vCPE solutions. These reduce the number and cost of physical SBC hardware appliances required at the customer premises for SIP trunking and other real-time communication services. By deploying a smaller number of generic commercial off-the-shelf (COTS) computing hardware platforms, either locally at the customer’s premises or in a centralized data center, service providers can remotely instantiate, configure and manage SBC features that were once deployed on dedicated hardware platforms.
What is reality today in cloud-based communications? What is still in R&D?
Well, if we look at the topics we’ve already covered, the ability to deliver carrier-grade communications services in the cloud is already a reality. That includes dynamic load balancing, on-demand scaling and network resource optimization. The ability to create microservices in the cloud using existing network capabilities is also already here. CPU-based media transcoding is one example of that, although as transcoding volumes grow, this approach has its limitations. And of course vCPE is also a reality today.
Conversely, GPU-based media transcoding is still in the development phase. In the parallel computing domain, GPUs have become the de facto choice to solve large compute-intensive tasks such as image processing and machine learning. For example, GPUs are already available for high-performance computing applications from Cloud providers like Amazon.
When we look at an SBC, an enabler of cloud communications, one of the most compute-intensive operations is media transcoding. When there are a very large number of media sessions that need to be transcoded simultaneously the challenge becomes similar to that of a high-performance computing cluster. For an SBC, performing media transcoding with GPUs can achieve speed increases of orders of magnitude, versus optimized CPU implementations where the computation can be parallelized. As service providers and large enterprises plan the migration of their SBCs to a virtual cloud environment, they need to investigate these two software-only options and determine which will allow them to deliver the most cost effective, yet highly scalable, media transcoding.
There seems to be a general trend in migrating from proprietary hardware to software. Why do you think this is occurring?
Riley: It comes down to flexibility, new service creation and cost. NFV and service migration to the cloud are the most disruptive changes in telecommunications since the transition to all-IP networks. NFV enables new methods for deployment and delivery of real-time communication services using a software-based network infrastructure, so applications that were previously coupled to proprietary hardware can now be instantiated on generic COTS computing hardware in cloud environments. Sonus has optimized its SBC SWe for cloud deployments, allowing service providers and enterprises to truly break free from proprietary hardware and unleash the power of real-time communications in the cloud. Given our heritage of enabling the network transition from TDM to IP, providing a clear migration path to private and public clouds is simply another, albeit important, phase in the ongoing network transformation.
Does this migration expose other issues in the infrastructure? Does the attack surface increase from a security standpoint?
Riley: The move from a hardware-based system to a software-based system doesn’t eliminate security issues. Fortunately, the role of the SBC in the network, whether a physical or virtual SBC, is to ensure secure communications and protect the network. The greater security risk occurs not in the migration from on-premises to cloud, but from TDM to SIP, which is a requirement for next-gen technologies such as cloud, NFV and UC. SIP is easier to spoof than TDM, cheaper to use for denial-of-service attacks and requires special encryption for use in untrusted networks. For those reasons, SIP is an attractive entry point for hackers when left unattended.
Please share your thoughts about edge vs. core architecture. How are different use cases impacted by edge vs. core?
Riley: In an edge-based approach, it’s important to think small. We recommend a “lightweight” approach that allows you to quickly deploy many similar SBC instances. In the core, it’s more about scaling capacity than quantity. For example, you might want to scale a single SBC functions across multiple VMs with a high degree of orchestration that is optimized to handle a microservices architecture.
Are your customers deploying this new architecture? If so, can you share any best practices?
Riley: Yes, NFV is central to many of our customers’ current and future deployment plans across both private and public cloud environments. But it’s not enough to simply move applications from hardware to software. Service orchestration and service automation needs to be a part of that migration or the investment won’t be justified at production network service levels. Equally important is that service providers need to be able to monitor virtualized services and provide service assurance to their customers, which requires an associated investment in a much broader toolset in terms of analytics and network intelligence.
What role does Sonus play in this new ecosystem?
Riley: Sonus is uniquely positioned to be a leading provider of intelligent solutions that secure and assure real-time service delivery in the new cloud architecture. You could say that network transformation is in our DNA. With our SBC SWe solution, we’ve wrapped strong security, easy interoperability and assured reliability into a single, virtual platform. It comes down to delivering the same reliable, real-time communication services regardless of the underlying technology.
How important are partnerships to this new ecosystem? And what types of partnerships have you forged?
Riley: As I noted earlier, it’s unrealistic that one vendor can provide everything that an organization needs. So it comes down to integration, validation, orchestration—and that, of course, means supporting a multi-vendor ecosystem. As organizations go from single-instance virtualization to a full cloud implementation, the ability to work within many ecosystems is incredibly important. Sonus has proven its cloud capabilities for its cloud-optimized SBC through collaboration testing with orchestration vendors such as Juniper, Dorado, Hewlett Packard Enterprise and Overture and will continue testing with its entire product portfolio. We believe these verifications and validations will help support the best-of-breed network model in the new cloud architecture.
What recommendations do you have for a company that wants to get started down this new cloud-based communications path?
Riley: Do your research. Don’t underestimate the cloud. As with VoIP before it, cloud service providers need to be committed to meeting or exceeding what has been done on hardware with what can be delivered in the cloud. Also, don’t rush into the cloud. Recognize that the transition from hardware to software doesn’t have to happen in a single step. For certain applications and deployment scenarios, hybrid strategies represent a lower barrier to entry. Move at your own pace, but also recognize that today’s technology is mature enough to start the journey now.