service level agreements for voip and security
TRANSCRIPT
Service Level Arrangements for VOIP & Security
Dr. Adrian McCullaghSpecial Counsel
Phillips FoxAdjunct Professor Telecommunications and Secure
Business [email protected]
[email protected] P.F.: 07 3246 4052Tel Uni: 073864 9555
10 March 2005 Phillips Fox Lawyers 2
Agenda
• VOIP• Deployment Issues• Vulnerabilities• Strategies for success• Metrics for user satisfaction• Service Level Arrangements• Conclusion
10 March 2005 Phillips Fox Lawyers 3
VOIP• The conversion of analogue signals
into digital signals and then transferred through packet switching technology to an IP address.
• On receipt at the destination IP address the packets are reconstituted into analogue messages that are discernable by the receiver.
10 March 2005 Phillips Fox Lawyers 4
VOIP• Potential for Reduced Costs, expanded
product sets, possible integration with other technologies
• Currently voice over IP but the real game is video/voice over IP.
• Compression technologies are being developed combined with increased speed of hardware and sophisticated software application will provide next generation communications.
10 March 2005 Phillips Fox Lawyers 5
Integrated Deployment• VOIP is simply another application that can
integrated with other software applications.• Real time availability but remember Quality of
Service requirements.• Everet Roger’s diffusion of innovation states that
there are 5 categories of adoption of innovation:Innovators; early adopters; early majority. late majority, and laggards.
• Rogers has also shown that laggards rarely catch-up to the early majority. Early majority benefit most from new innovation.
• Early adopters do not always benefit as they can pick “dogs” from time to time.
10 March 2005 Phillips Fox Lawyers 6
Deployment Issues
• Historically PSTN operates on circuit switching technology but VOIP operates under packet switching technology.
• Current PSTN operates at the 5 (9)s; That is a PSTN system operates at 99.999% uptime.
• This results in approximately 5.256 minutes downtime per year.
• VOIP has to match this reliability. This is the current task for purveyors of VOIP systems.
10 March 2005 Phillips Fox Lawyers 7
Deployments issues• Stress test your current system. • Stress test must cover current capacity
and traffic mix, application flows and priority settings. Some traffic has priority over other traffic.
• Timing can be an issue. Identify if there are cyclic issues for traffic flow for the system.
• Reliability is not only uptime there are also issues of quality of reception.
10 March 2005 Phillips Fox Lawyers 8
Deployment issues
• Hardware reliability: get a fault tolerant server. Check load balancing capability of the hardware.
• Software reliability and modularisation features. Software switches understand their operations. Best to have a dedicated system for VOIP application but if this is not possible minimise other applications on VOIP server’
• Network link and carrier reliability
10 March 2005 Phillips Fox Lawyers 9
Deployment Issues• Environment and electrical power.
Remember that VOIP is dependent upon electricity as it is just another software application operating on a server. Make sure you have electrical backup. This is very important for Work Place Health and Safety reasons.
• Telephone are an essential service for emergency operations.
10 March 2005 Phillips Fox Lawyers 10
Deployment Issues• Network Configuration is important.
Security is important. Encryption modules are important. Now the keys for encryption need to be kept safe. H232 protocol for security. Law enforcement agencies may want to tap under a court order. Wiretapping is a real concern for policy issues.
• Errors and remediation methodologies.
10 March 2005 Phillips Fox Lawyers 11
Vulnerabilities• VOIP is an application that will
transmit packets of information via an IP network.
• Having an IP address means that it is susceptible like other IP networks:• SPAM• Denial of Service Attacks• Viruses, worms and other nasties
10 March 2005 Phillips Fox Lawyers 12
Strategies for Success• SLAs will comprise Internal SLAs and
External SLAs.• Internal SLAs: the service level users of
the system expects from the IT department that will have responsibility of providing the service.
• External SLAs: the service level external providers are required to meet in providing their service such as ISP connectivity, response time for maintenance.
10 March 2005 Phillips Fox Lawyers 13
Strategies for Success• Develop appropriate metrics for your
needs.• Understand Availability requirements. • What does availability mean:
• Dial tone• Ringing tone• Busy tone• Connectivity capacity• Clarity of connectivity• Abnormal termination.
10 March 2005 Phillips Fox Lawyers 14
Strategies for Success• Availablity
• Remediation time must be a minimum. That is time from when VOIP server not responding to time when VOIP call can be made.
• IP PBX availability: is it functioning correctly.
• Network Availability: is network connectivity available
10 March 2005 Phillips Fox Lawyers 15
Strategies for Success
• Network Service availability: a lot of VOIP technologies are dependent upon other critical technologies like the domain name system (DNS) and dynamic host configuration protocol (DHCP) servers. These need to be checked.
• Call completion percentage: sometime known as answer seizure rate. It represents % of attempted call that are a success.
10 March 2005 Phillips Fox Lawyers 16
Strategies for Success
• Abnormal disconnections: this concerns the termination other than voluntarily by one of the users
• Line Busy: this concerns busy responses received by the initiator of the call.
• Do your preparation work.• Understand the metrics that you want out of
the system.• Document these in the SLA and make sure
there are available actions if they are not met by service providers.
10 March 2005 Phillips Fox Lawyers 17
Risk Management• Risk the probability that an adverse event will
occur.• Risk there is one 2 things you can do with risk:
• Accept it• Treat it so as to minimise the risk.
• Risk can not be transferred all that can be transferred is the liability if the risk event occurs.• Insurance or outsourcing arrangements
• For VOIP treating the risk involves proper preparation and clear contracts and monitoring arrangements.
10 March 2005 Phillips Fox Lawyers 18
Metrics for User Satisfaction
User Satisfaction MetricMOS
Very satisfied
Satisfied
Some users dissatisfied
Most users dissatisfied
Nearly all users are dissatisfied
Not recommended
1
2.6
3.1
4.0
4.34.4
Ultra satisfied5
3.8
MOS : Mean opinion score/ mean operator satisfation scale
10 March 2005 Phillips Fox Lawyers 19
Metrics for User satisfaction• The following must be kept to a
minimum:• VOIP is intolerant to excessive Delay: 150
ms is currently accepted delay. If greater than 150ms the MOS will decline
• VOIP uses UDP instead of TCP which means that lost packets are not resent. This can cause clipped syllables.
• Jitter can be caused by discarding packets where there is a large discrepancy in arrival times.
10 March 2005 Phillips Fox Lawyers 20
Metric for user Satisfaction
• Spend some money on incident tracking software. Get the supplier to pre-agree on the software. This issue should be noted in the SLA
• Apply pre-set damages to this setting.• Do not make them so harsh that the supplier is
better off not complying with the contract.• Need win/win situation.• Apply bonuses for excellent performance.
10 March 2005 Phillips Fox Lawyers 21
Metric for User satisfaction
• Do not ignore other applications if the VOIP server is not a dedicated server. Check other application performance to see if they have declined.
10 March 2005 Phillips Fox Lawyers 22
The SLA check-list
• Define responsibilities.• Do not fall between 2 stools; have a
central/single point of responsibility.• Structure bonuses for excellent
performance• Do not attempt to penalise for bad
performance instead use banking clauses for interest rate performance.
10 March 2005 Phillips Fox Lawyers 23
The SLA check-list• Define the metrics method• Define compliance limits• Define how metrics are to be measured
and by whom• Appoint an owner for the SLA• Determine escalation procedure• Determination termination mechanism –
may need rollover mechanism• Determine reports, what they should
contain, how often required
10 March 2005 Phillips Fox Lawyers 24
Conclusion• VOIP is currently immature• Security is still an issue• Prepare thoroughly• Monitor consistently• Make sure the SLA meets your needs and not
the needs of the vendor.• Get expert assistance• Do not accept vendors standard contract –
they can be negotiated depending on the size of the transaction.