Alcatel-Lucent Opentouch Business Edition

otbe_rel_photo

The Alcatel-Lucent OpenTouch™ Business Edition, Release 2.0, delivers a range of communication services on a single platform, from world-class business telephony to the most advanced multimedia collaboration and mobility services.

In a competitive marketplace, enterprises need their IT tools to have the same advanced functionality, reliability and sophistication as that of their larger competitors. At the same time, they need to optimize their costs and simplify implementation and maintenance.

OpenTouch Business Edition addresses the communication requirements of enter- prises of up to 1500 employees and 3000 devices by providing advanced business communications, multimedia collaboration at the of ce and on the go, contact center functionality and management services. OpenTouch Business Edition delivers all these services on a single platform to improve the total cost of ownership (TCO).

Employees who primarily work on company premises and make extensive use voice communications bene t from OpenTouch Connection, the advanced business communications experience available on reliable desk phones, sturdy DECT or WLAN mobile handsets, and on software clients for PCs, tablets or smartphones.

Users can pick the telephony features that suit their of ce work style from the comprehensive list of telephony features offered by the embedded Alcatel-Lucent OmniPCXTM Enterprise Communication Server.

Of ce workers enjoy high-quality, wideband voice communications with easy audio and visual guidance, and ultra-fast directory look-up from the phone keyboard.

Employees who need powerful interactive visual communication will bene t from OpenTouch Conversation, the multi-device, multiparty, multimedia experience for easy collaboration at the of ce and on the go.

OpenTouch Conversation sessions feature voice, video, instant messaging (IM), pre- sentation sharing and natural conferencing capabilities to help users better engage with customers, partners and colleagues.

Users can shift their sessions between devices when they move to another location. They can also turn a two person session into a multiparty and multimedia conference in a few clicks.

The platform also offers a scalable and reliable contact center application. This application ef ciently supports the organization’s interaction with current and potential customers.

OpenTouch Business Edition can be provided as pre-installed appliances or
as a software-only version running on VMware®. Its single-server design is ideal for enterprises that want to reduce the cost and effort of provisioning, testing and managing new servers and don’t want to install additional software with every new communication application deployment.

ORGANIZATIONAL NEED

OPENTOUCH BUSINESS EDITION APPROACH

BENEFITS

OpenTouch Connection experience

Enterprise-grade communication services, including state-of-the-art telephony and a wide range of professional terminals

Comprehensive advanced business telephony services, including exible auto-attendant, screening, group, routing and messaging services

Instant business response: all important calls are identi ed and answered.

Rapid directory lookup and speed-dial

Save time when dialing contacts

Multi-platform support: desk phones, mobile handsets, and PC, tablet and smartphone software clients

Flexible options: business continuity with always-on desk phones and with robust handsets for roaming employees, supports BYOD policies with software clients

OpenTouch Conversation experience

Innovative multimedia collaboration solutions that boost productivity, facilitate mobility and decrease travel costs

Single business identity with multi-device routing pro les and rapid session shift between desk phones, smartphones, tablets and PCs

Employees are reachable anywhere and on the device best suited for their location

Easy access to multiparty conferences with audio, video, IM and content sharing

Ef cient interactions between geographically-dispersed teams and reduced travel expenses

Easy addition of multimedia, including IM, voice, video and content sharing

Instant business response with multitasking between IM and voice sessions. Better engagement with contextual video and content sharing interactions

Web conferencing with customers, partners and colleagues

New ways to communicate with customers, partners and colleagues

Integrated conferencing capabilities easily accessible from any phone or browser. Shared documents stay within the enterprise premises

Customers, partners and colleagues can easily and securely join OpenTouch voice and content-sharing sessions from outside the enterprise rewall

Integrated customer service applications

Best-of-breed customer interaction services to increase sales and customer loyalty

Professional welcome services, from greeting and group calls, to centralized attendant applications

Increased customer satisfaction by answering all calls – centrally or in branch of ces

Contact center services, including a patented visual distribution matrix

Accelerate rst call resolution with a call distribution logic that can be adapted within days to evolving needs

Uni ed platform and operations

Decrease TCO while maximizing service continuity

Ready-to-use, pre-installed applications

Improved installation time when deploying the server or mobility and collaboration applications

Uni ed user management

Improved daily move, add, change and delete operations

Advanced, real-time thresholds and alerts

Instant noti cation of changes to communications quality, service availability and service-level-agreements

High-availability options

Improved business continuity for communication services during network outages or server failures

Proven multi-site support with bandwidth control

Improved voice-over IP quality in multi-site organizations, with centralized communications to improve operational expenditure

7 Key Factors to Consider for Failover

Key Factors of Failover

Business Continuity Solutions for Variety of Mission-Critical Needs

By David Rush and Landon Reese

Regardless of industry or location, every business needs to strategically and proactively plan for network failover. When connectivity goes down, Point-of-Sale (POS) services, business operations, profits, and even customer satisfaction suffer.

In the interest of business continuity for your network, here are seven key factors to consider regarding failover:

1. Overlay Failover

Organizations that may not have the resources to overhaul their new network architecture can instead implement overlay failover with their existing infrastructure as a simple, cost-effective solution. Cradlepoint’s ARC CBA850 bridge converts LTE broadband to Ethernet by providing the existing wire-line router with a second “wired” WAN connection.

Overlay failover increases reliability without relying on last-mile connectivity via the same trench. It’s easy to set up as well; IT staff can simply plug in the router and configure remotely with Enterprise Cloud Manager (ECM), the network management service within Cradlepoint NetCloud.

2. Redundancy

Multiple parts of a network can fail, so it’s important to deploy different types of redundancy. If your wired WAN connection goes down, you can failover to LTE. In the event that your router goes offline, you can take advantage of a second, parallel router using Virtual Router Redundancy Protocol (VRRP).

VRRP, a layer 3 protocol, empowers businesses to take failover to a higher level by allowing Internet failover and router failover simultaneously. If the primary router fails, a backup hardware solution — many organizations use the Cradlepoint AER1600 Series — can take over as the primary router. The entire network automatically fails over to the Cradlepoint router — with the LAN and WAN uninterrupted.

3. Out-of-Band Management (OOBM)

OOBM is another important element of network failover. Traditionally, a truck roll — requiring expensive equipment and labor — is needed if something goes wrong with a primary router’s configuration. Through OOBM with ECM, IT staff can use LTE connectivity to remotely access the router and all LAN-connected devices sitting behind Cradlepoint’s ARC CBA850. It’s like having an engineer sitting at a laptop plugged into the console port of the primary router,  from anywhere in the world..

These robust OOBM services are available through ECM without the primary Internet connection, inbound SSH, or a static IP address.

4. Bandwidth

Many businesses are simultaneously exchanging multiple types of data, such as sales information, voice and video data, and inventory, often at peak times. LTE failover is ideal in the event that your primary WAN connection goes down, but why not utilize the extra bandwidth all the time?

LTE is incredibly powerful because it supports high bandwidth, which your business can benefit from by utilizing LTE failover for load balancing. Critical traffic can be sent across LTE while public traffic can be routed through a land-based connection. In the case of an outage, public WiFi can simply be shut off to preserve critical services, thereby ensuring failover when you need it while expanding bandwidth when you don’t.

5. Multi-WAN Management

At first glance, 99.5% uptime sounds impressive — until you realize that the missing 0.5% equates to four hours of downtime each month. If your business has multiple locations, that downtime can become very expensive very quickly.

A multi-WAN solution can boost that uptime to “four-nines” uptime, or 99.99% solution. With multi-WAN failover and several failure detection and decision agorithms, Cradlepoint provides flexible and robust failover and failback. Cradlepoint offers best-in-class mechanisms that allow you to pick which WAN source to use and can handle advanced multi-WAN management.

6. Wireless-to-Wireless Failover

In vehicles, where wired lines aren’t an option, LTE is the primary connection, but that doesn’t mean failover isn’t available. The Cradlepoint COR IBR900 and COR IBR1100 both support multiple LTE connections as well as WiFi as WAN. WiFi offloading of video DVRs via station WiFi for busses or police is common so as not use the LTE connection while in the field. IT managers can select WiFi to automatically attach and trigger video offloadingwhenever available and LTE to activate while on the road.

IT teams that deploy the COR IBR1100 together with the Dual-Modem Dock can achieve true wireless-to-wireless failover, going back and forth as needed between two LTE connections and WiFi.

7. Future-Proofing

Future-proofing your network is a smart investment now and later. Ensuring that what you buy today is adaptable to what is released tomorrow can be an extremely important — and financially responsible — element of your network failover solution.

Cradlepoint’s, for example, connects into the CBA850 and other Cradlepoint routers, which offers a turnkey networking solution for best-in-class 3G/4G/LTE. When the next generation of LTE modems is released, businesses can take advantage by only upgrading the MC400 modem portion of the product instead of the entire router.

SDN and SD-WAN Solution Examples for M2M-IoT Applications

How and Why Enterprises Should Use SDN & SD-WAN to Connect the Growing Internet of Things

With the seemingly never-ending influx of M2M and Internet of Things devices in the network environment, determining how to best connect and secure those “things” as they rapidly scale up is one of the most pressing challenges for any network admin. Businesses and organizations across the globe need to collect information as varied as daily sales numbers, customer analytics, water levels, temperatures, vehicle locations, security video and audio feeds, power and fuel consumption, voltages, air quality, and more.

Connecting these kinds of devices with traditional IPSec VPNs — dependent on hardware and complex, laborious configurations — is insufficient for an enterprise’s agility and deployment requirements. Moreover, VPN protocols used over IPSec/IKEv2 are not entirely consistent when handling connection failures, roaming, or reconnect. Devices used in mobile environments where connections can be interrupted suffer because of having to re-establish the tunnel.

By enabling a software-defined overlay network, all of these issues are resolved — the connection is persistent and failures are reconnected by the cloud automatically, no advanced configuration is necessary, and encryption and PKI are deployed as a service.  Let’s take a closer look at one solution: secure, global M2M-IoT connectivity through software-defined Virtual Cloud Networks.

Traditional M2M-IoT Network Architecture

To fully understand the benefits of virtual cloud networks, we need to discuss what legacy architecture often looks like. Consider a typical M2M-IoT network: A company with thousands of distributed kiosks, IP cameras, and Point-of-Sale (POS) stations uses a cloud datacenter to process the big data generated by all of these devices. At the same time, these IoT devices use and send information to applications (such as a management and configuration applications) stored at an in-house data center.

The network may utilize multiple WAN interfaces — perhaps the enterprise headquarters is on an MPLS network, while the IoT devices utilize a combination of LTE connectivity and third-party networks. The company’s IT team largely works from headquarters. The enterprise’s M2M/IoT — or “things” — network likely is managed separately from everything else, with the IoT devices residing behind APN gateways.

This type of legacy architecture presents several challenges, including:

Cumbersome APN Management

APNs are expensive and difficult to manage in multi-carrier environments. As an enterprise network continues to expand, so does this management challenge.

Security Concerns on Third-Party Networks

Each IoT device is a potential network on-ramp for hackers. Security policies must be carefully and meticulously applied via expensive APN gateways at the Network’s Edge. Traffic headed to the cloud datacenter must first be backhauled to headquarters over the VPN for security and management.

In-Band Management

In-band management for remote network monitoring and maintenance is complex and laborious. It’s especially challenging with IoT devices, which usually are limited in their memory, OS, and processor. Alternatively, remote devices may have a very slow in-band link because they’re so remote.

Solution: Virtual Cloud Networks for Software-Defined M2M-IoT Architecture

Software-defined networking can simplify your M2M-IoT network infrastructure, allowing a more efficient traffic flow between the IoT devices, in-house data center, and cloud data center, while still maintaining security. In this use case, the enterprise could easily set up a cloud-based IoT network with Cradlepoint routers and NetCloud Engine, Cradlepoint’s cloud-based Network-as-a-Service that provides a private virtual overlay fabric across the public Internet.

In the diagram above, an enterprise is utilizing the Cradlepoint NetCloud platform in a number of ways. First, a virtual cloud network (VCN) replaces a traditional VPN. The VCN functions over the public Internet but operates in a private address space that can be fully integrated with your existing DNS infrastructure. This setup, combined with end-to-end AES 256-bit encryption and full PKI, makes the VCN extremely secure; essentially, hackers can’t hack what they can’t see.

NetCloud Engine securely connects, monitors, and manages devices deployed anywhere in the world. You can create a virtual overlay network to connect devices using any form of public or private Internet access and segment them by customer, site, or function.

NetCloud Engine is designed to support the unique security requirements of M2M and connected device applications, including:

  • Strong end-to-end encryption
  • Auto-PKI and machine authentication
  • Fully cloaked private address space
  • Outbound-only connections
  • Virtual network isolation and micro-segmentation

Benefits of Virtual Cloud Networks for M2M-IoT

This software-defined IoT network architecture addresses an enterprise’s pain points by providing:

  • The security benefits of APNs without the cost and complexity
  • Reduced need for network hardware
  • A routable network that enables in-band management and reduced truck rolls, due to the separation between the control plane and data plane
  • Support for real-time applications such as remote monitoring, analysis, and CEP
  • Simplification of third-party deployments, because of the ability to produce an overlay network across several WAN sources in agnostic fashion
  • Self-healing cloud service ensures maximum uptime
  • Private IP address space and outbound connections, eliminating the need for expensive public IP addresses and on-premises firewall changes

SDN lets enterprises simplify the work of connecting thousands of “things” in dozens or even hundreds of different places. LTE provides the fast provisioning of connectivity, flexibility, and mobility needed for M2M-IoT applications. SDN pairs with LTE to bring the same benefits to the network infrastructure, by allowing companies to use the cloud to offload and automate the processes of building, securing, and deploying networks.

Essentially, the WAN can been abstracted into the cloud to function as a LAN — greatly reducing an enterprise’s network hardware, expenses, complexity, and man-hours.

The Benefits of SD-WAN for Remote Access and Workforce Mobility

How a Virtual Cloud Network Can Reduce Costs and Complexities for IT Departments

Workforce mobility provides some of the biggest opportunities and challenges for enterprise networks. The bottom-line benefits of employees being able to work anywhere are clear: greater productivity during business travel, more consistent communication, workday flexibility, reduced infrastructure costs, and much more.

However, the challenges are just as clear. Employees need access to a variety of applications and documents that live either in the cloud or at the corporate data center. Meanwhile, the IT department often must use inflexible legacy architecture and hardware to provide network and application access that is highly secure no matter where employees are working from or which devices they are using.

Finding a flexible alternative to traditional VPNs is important for IT departments as workforce mobility becomes more and more prevalent.

Challenges of Remote Access and Workforce Mobility

Many companies enable remote access and workforce mobility via a head-end box at the corporate data center. This supports security compliance for employees’ devices that may or may not be owned by the organization. However, this design is often inflexible when changes need to be made. Moreover, Bring-Your-Own-Device (BYOD) arrangements can present significant concerns with security and the backhauling of casual Internet traffic.

Giving employees remote access to legacy applications that live in the data center presents an array of challenges. For instance, remote users who are off-domain for long periods of time can present compliance issues once they reconnect. Also, traditionally there are high costs associated with supporting mobile and home workers. Their technological needs vary based on location, device, and WAN source — all of which may be resolved one week, only to change when they shift locations the following week.

IT departments often are left scrambling to ensure that these employees are reliably and securely able to connect to the resources they need while keeping expenses, such as IT man-hours and network hardware, to a minimum.

Virtual Cloud Network Solutions for Mobile and Workforce Mobility Challenges

Just as remote access and workforce mobility present unique challenges, they require unique solutions. By setting up a Virtual Cloud Network through Cradlepoint’s NetCloud Engine, any IT professional can ensure users have access to important applications that live in the data center and/or cloud via one tightly controlled network.

NetCloud Engine extends SD-WAN functionality to an organization’s mobile workforce, giving employees a secure, LAN-like connection to private and public cloud apps and files from anywhere and any device. As shown in the diagram above, with NetCloud Engine running on a router at the data center and on each employee device, there is a persistent encrypted connection to a VCN overlay set up specifically for mobile access. It also seamlessly integrates with Active Directory, requiring no changes to existing infrastructure; each remote member remains “on domain” no matter its location.

NCE moves to the cloud the key functionalities that reside in traditional network architecture — such as policy control, app filtering, and NAC — without sacrificing security compliance and without needing a head-end device. Any traffic destined for any application will still flow into the data center using the NetCloud Engine client, and anything coming from the client that goes to the Internet will go directly to the Internet.

A remote worker on the road may stop in a coffee shop and browse his email on his mobile phone while waiting for the train; once he’s on the train, he may connect and work from his laptop. With NetCloud Client loaded on his mobile phone and laptop, and with access to the Active Directory server back at the data center, the Internet essentially becomes his private network. At the same time, IT administrators have policy control for micro-segmentation so they can make sure the remote employee only has access to the applications and data he needs.

Benefits of Virtual Cloud Networks

With VCNs through NetCloud Engine, enterprises can solve the pain points typically associated with legacy VPNs. Benefits of SD-WAN for remote access and mobile workforce mobility include:

  • Less hardware required
  • Overlay fabric provides seamless integration with legacy architecture
  • More flexibility and scalability as an organization expands
  • Secure atmosphere for BYOD
  • Faster configurations and deployments
  • Fewer IT man-hours devoted to deployments and network management
  • Reduced bandwidth needs

Knock, Knock, Who’s there? A DDoS attack! Did your network switch notify you?

If you’re in IT, or you need to be concerned about protecting your company’s ability to do business 24/7, you have got to pay attention to what happened on October 21 when a distributed denial of service (DDoS) attack came knocking on Dyn’s door (a domain name service provider).

You need to be vigilant and that is done by using the tools available in your network. You need to understand what happened last month and then put together a plan and course of action so that you don’t fall victim to a future attack that may have an even bigger impact on you and your business. Now is the time to make sure your networks and devices are safe from these types of attacks.

What is a DDoS?

A distributed denial of service attack can happen in several different ways. In this case, there was a deluge of web traffic that overwhelmed servers such that network service was denied to legitimate network users.

According to Dyn, the domain name service provider hit with the massive DDoS attack that day, there was a botnet – which is a computer network created by malware and controlled remotely without the knowledge of the users of those computers. This botnet consisted of an estimated 100k internet-connected devices, instead of the original estimates that there were tens of millions of IP addresses, that were responsible for the huge attack on critical systems.

For comparison, Gartner estimates there are currently 6.4 billion IoT devices, so relatively speaking, there was a very tiny number of devices involved – this time. These 100k devices were hijacked to flood Dyns’ systems with unwanted requests, shutting down the internet for millions.

What virus was involved in the attack?

The compromised devices were infected with the Mirai malware, an infamous virus that has the ability to take over cameras, DVRs, and routers. Mirai malware searches for IoT devices that are using their factory set passwords then uses them as part of a botnet to launch DDoS attacks.

Are there other viruses that could cause a DDoS?

Absolutely!

Although there are some attacks that take advantage of system bugs or vulnerability (such as teardrop attacks), most of these other types of attacks involve generating large volumes of traffic so that network service is denied to legitimate network users, such as this attack. These types of attacks include:

  • ARP Flood Attack— Floods a network switch with a large number of ARP requests, resulting in the switch using a large amount of the CPU time to respond to these requests. If the number of ARP requests exceeds the preset value of 500 per second, an attack is detected.
  • Land attack – Spoofed packets are sent with the SYN flag set to a host on any open port that is listening. The machine can crash or reboot in an attempt to respond
  • ICMP Ping of Death – This is where ping packets that exceed the largest IP datagram size (65535 bytes) are sent to a host and crash the system
  • SYN attack – This attack floods the system with series of TCP SYN packets, resulting in the host issuing SYNACK responses. The half open TCP Connections can exhaust TCIP resources, such that no other TCP connections are accepted.
  • Pepsi Attack— The most common form of UDP flooding directed at harming networks. A pepsi attack is an attack consisting of a large number of spoofed UDP packets aimed at diagnostic ports on network devices. A pepsi attack can cause network devices to use up a large amount of CPU time responding to these packets.

There are more showing up every day including Invalid IP attack and Multicast IP and MAC address mismatch.

What can you do to protect your network?

Your network switches and IoT devices can be protected against DDoS by filtering. Your network switches can be set to detect various types of port scans by monitoring for TCP or UDP packets sent to open or closed ports.

  • Packet penalty values set. TCP and UDP packets destined for open or closed ports are assigned a penalty value. Each time a packet of this type is received, its assigned penalty value is added to a running total. This total is cumulative and includes all TCP and UDP packets destined for open or closed ports.
  • Port scan penalty value threshold. The switch is given a port scan penalty value threshold. This number is the maximum value the running penalty total can achieve before triggering an SNMP trap.
  • Decay value. A decay value is set. The running penalty total is divided by the decay value every minute.
  • Trap generation. If the total penalty value exceeds the set port scan penalty value threshold, a trap is generated to alert the administrator that a port scan can be in progress.

For example, imagine that a switch is set so that TCP and UDP packets destined for closed ports are given a penalty of 10, TCP packets destined for open ports are given a penalty of 5, and UDP packets destined for open ports are given a penalty of 20.

Of course, the smartest switches in the world won’t help you if you don’t monitor the notifications triggered by these events. That’s where a good network management system is crucial. A good resource is your local ALE representative.

What about your smart “things”?

Besides taking care of the network, things that you can do to protect your smart devices, at work and at home are:

  1. Password – This is the easiest one to fix and most overlooked – change the factory default passwords that come with your device. In this DDoS case, the virus searched for default settings.
  2. Update your software – As annoying as those reminders are to update your software, they often contain critical security updates. Take the time and update!
  3. Prevent remote management – Disable the remote management protocol, such as, telnet or http that provides control from another location. The recommended remote management secure protocols are via SSH or https.

The next time DDoS comes knocking at your door, be sure your network is set up to notify you of these activities and know how to manage them. In a perfect world, your switch/router networking devices would have their filtering capabilities enabled by factory default. If you have further questions on how to make your network more secure using Alcatel-Lucent Enterprise solutions, or are interested in a deeper dive into the technology, please contact your nearest ALE representative.