Apart from the basic NAT (Network Address Translation), ALG (Application Level Gateway and Media Relay functions, SBCs (Session Border Controllers) provide many other features and capabilities that Lotus Sametime Unified Telephony customers may wish to use.
In the following overview, the capabilities of the Acme SBC are listed as an example.
Signaling and media encryption
Stateful signaling and media validation
Denial of service attack mitigation
Least cost routing
CAC (Call Admission Control)
Business rule determination
Session detail recording
QoS (Quality of Service) detail recording
Instant message recording
Voice and video recording
File transfer recording
System and admin event logging
Signaling and media control
Identity-based access control
File transfer control
Instant message content control
URL access control
Multi-vendor protocol normalization
SIP-aware NAT traversal
Application-aware session routing
H.323 interworking with SIP
IPv4 / IPv6 interworking
Corporate directory integration
SBC (Session Border Controller) Functionality - Dynamic Port Mapping
The Dynamic Port Mapping allows the usage of a single IP address, where the different users are separated via unique ports.
SBC (Session Border Controller) Functionality - Support for Branch Survivability
In order to allow fast detection of connectivity loss, particularly in low traffic periods, the SBC (Session Border Controller) must support receiving and sending SIP OPTIONS requests between survivable branch proxies and the Telephony Control Server. This allows the branch to switch to survivable mode and the Lotus Sametime Unified Telephony server to invoke automatic rerouting to the branch via the PSTN (Public Switched Telephone Network).
SBC (Session Border Controller) Functionality - Registration Caching and Unregistering
SBC (Session Border Controller) Functionality - Media Stream Handling
The SBC (Session Border Controller) must provide configuration options to allow the system administrator to specify when local media connections are allowed and when the media must be routed via the SBC. The SBC decides which media path is appropriate based on the configured options and the subnets of the calling and called users.
SBC (Session Border Controller) Functionality - SBCs and Data Firewalls
SBCs (Session Border Controller) and data firewalls are complementary. The SBC has integrated firewall capabilities on both access and core side and therefore exists in its own DMZ (Demilitarized Zone) for SIP signaling and RTP (Real-time Transport Protocol)/SRTP (Secure Real-time Transport Protocol) media, while the data firewall handles data protocols.
SBC (Session Border Controller) Functionality - Geographic Node Separation
When Lotus Sametime Unified Telephony nodes are geographically separated between two data centers for redundancy purposes then an SBC (Session Border Controller) is required at both data centers.
Signaling and Media Security
For secure communications, it is recommended that both the signaling connection and media session be secured for end-to-end communications. The Acme Packet, OpenBranch and Comdasys SBCs (Session Border Controllers) support SIP signaling security via TLS (on both the access and core sides of the SBC) and support media security via transparent pass-thru of SRTP (Secure Real-time Transport Protocol) packets as well as mediation with RTP.