service level agreements for voip and security

Service Level Arrangements for VOIP & Security

Dr. Adrian McCullaghSpecial Counsel

Phillips FoxAdjunct Professor Telecommunications and Secure

Business [email protected]

[email protected] P.F.: 07 3246 4052Tel Uni: 073864 9555

10 March 2005 Phillips Fox Lawyers 2

Agenda

• VOIP• Deployment Issues• Vulnerabilities• Strategies for success• Metrics for user satisfaction• Service Level Arrangements• Conclusion


VOIP• The conversion of analogue signals

into digital signals and then transferred through packet switching technology to an IP address.

• On receipt at the destination IP address the packets are reconstituted into analogue messages that are discernable by the receiver.


VOIP• Potential for Reduced Costs, expanded

product sets, possible integration with other technologies

• Currently voice over IP but the real game is video/voice over IP.

• Compression technologies are being developed combined with increased speed of hardware and sophisticated software application will provide next generation communications.


Integrated Deployment• VOIP is simply another application that can

integrated with other software applications.• Real time availability but remember Quality of

Service requirements.• Everet Roger’s diffusion of innovation states that

there are 5 categories of adoption of innovation:Innovators; early adopters; early majority. late majority, and laggards.

• Rogers has also shown that laggards rarely catch-up to the early majority. Early majority benefit most from new innovation.

• Early adopters do not always benefit as they can pick “dogs” from time to time.


Deployment Issues

• Historically PSTN operates on circuit switching technology but VOIP operates under packet switching technology.

• Current PSTN operates at the 5 (9)s; That is a PSTN system operates at 99.999% uptime.

• This results in approximately 5.256 minutes downtime per year.

• VOIP has to match this reliability. This is the current task for purveyors of VOIP systems.


Deployments issues• Stress test your current system. • Stress test must cover current capacity

and traffic mix, application flows and priority settings. Some traffic has priority over other traffic.

• Timing can be an issue. Identify if there are cyclic issues for traffic flow for the system.

• Reliability is not only uptime there are also issues of quality of reception.


Deployment issues

• Hardware reliability: get a fault tolerant server. Check load balancing capability of the hardware.

• Software reliability and modularisation features. Software switches understand their operations. Best to have a dedicated system for VOIP application but if this is not possible minimise other applications on VOIP server’

• Network link and carrier reliability


Deployment Issues• Environment and electrical power.

Remember that VOIP is dependent upon electricity as it is just another software application operating on a server. Make sure you have electrical backup. This is very important for Work Place Health and Safety reasons.

• Telephone are an essential service for emergency operations.


Deployment Issues• Network Configuration is important.

Security is important. Encryption modules are important. Now the keys for encryption need to be kept safe. H232 protocol for security. Law enforcement agencies may want to tap under a court order. Wiretapping is a real concern for policy issues.

• Errors and remediation methodologies.


Vulnerabilities• VOIP is an application that will

transmit packets of information via an IP network.

• Having an IP address means that it is susceptible like other IP networks:• SPAM• Denial of Service Attacks• Viruses, worms and other nasties


Strategies for Success• SLAs will comprise Internal SLAs and

External SLAs.• Internal SLAs: the service level users of

the system expects from the IT department that will have responsibility of providing the service.

• External SLAs: the service level external providers are required to meet in providing their service such as ISP connectivity, response time for maintenance.


Strategies for Success• Develop appropriate metrics for your

needs.• Understand Availability requirements. • What does availability mean:

• Dial tone• Ringing tone• Busy tone• Connectivity capacity• Clarity of connectivity• Abnormal termination.


Strategies for Success• Availablity

• Remediation time must be a minimum. That is time from when VOIP server not responding to time when VOIP call can be made.

• IP PBX availability: is it functioning correctly.

• Network Availability: is network connectivity available


Strategies for Success

• Network Service availability: a lot of VOIP technologies are dependent upon other critical technologies like the domain name system (DNS) and dynamic host configuration protocol (DHCP) servers. These need to be checked.

• Call completion percentage: sometime known as answer seizure rate. It represents % of attempted call that are a success.


Strategies for Success

• Abnormal disconnections: this concerns the termination other than voluntarily by one of the users

• Line Busy: this concerns busy responses received by the initiator of the call.

• Do your preparation work.• Understand the metrics that you want out of

the system.• Document these in the SLA and make sure

there are available actions if they are not met by service providers.


Risk Management• Risk the probability that an adverse event will

occur.• Risk there is one 2 things you can do with risk:

• Accept it• Treat it so as to minimise the risk.

• Risk can not be transferred all that can be transferred is the liability if the risk event occurs.• Insurance or outsourcing arrangements

• For VOIP treating the risk involves proper preparation and clear contracts and monitoring arrangements.


Metrics for User Satisfaction

User Satisfaction MetricMOS

Very satisfied

Satisfied

Some users dissatisfied

Most users dissatisfied

Nearly all users are dissatisfied

Not recommended

1

2.6

3.1

4.0

4.34.4

Ultra satisfied5

3.8

MOS : Mean opinion score/ mean operator satisfation scale


Metrics for User satisfaction• The following must be kept to a

minimum:• VOIP is intolerant to excessive Delay: 150

ms is currently accepted delay. If greater than 150ms the MOS will decline

• VOIP uses UDP instead of TCP which means that lost packets are not resent. This can cause clipped syllables.

• Jitter can be caused by discarding packets where there is a large discrepancy in arrival times.


Metric for user Satisfaction

• Spend some money on incident tracking software. Get the supplier to pre-agree on the software. This issue should be noted in the SLA

• Apply pre-set damages to this setting.• Do not make them so harsh that the supplier is

better off not complying with the contract.• Need win/win situation.• Apply bonuses for excellent performance.


Metric for User satisfaction

• Do not ignore other applications if the VOIP server is not a dedicated server. Check other application performance to see if they have declined.


The SLA check-list

• Define responsibilities.• Do not fall between 2 stools; have a

central/single point of responsibility.• Structure bonuses for excellent

performance• Do not attempt to penalise for bad

performance instead use banking clauses for interest rate performance.


The SLA check-list• Define the metrics method• Define compliance limits• Define how metrics are to be measured

and by whom• Appoint an owner for the SLA• Determine escalation procedure• Determination termination mechanism –

may need rollover mechanism• Determine reports, what they should

contain, how often required


Conclusion• VOIP is currently immature• Security is still an issue• Prepare thoroughly• Monitor consistently• Make sure the SLA meets your needs and not

the needs of the vendor.• Get expert assistance• Do not accept vendors standard contract –

they can be negotiated depending on the size of the transaction.

service level agreements for voip and security

Documents

voip application

voip security

vulnerabilities voip

voip potential

integrated deployment

voip server network

network availability

success slas