Simplification of VoIP deployment through effective software architecture

Today’s multimedia businesses

Businesses deal with a multitude of connectivity issues these days. On the networking side of things, high-speed connectivity with the Internet and associa-ted network access control is one large issue. The Virtual Private Network (VPN) and firewall technologies are needed to allow remote access to enterprise information while still providing security from outside threats. Bandwidth management is important to ensure the critical networking tasks of the company are performed within proper time constraints. Wireless access that enables visitors to be productive at the business site while preventing them from accessing secure areas is also an important dimension of business network requirements.

More companies are looking at VoIP services for cost-effective communication among employees and for conference calls.

Certainly every company must have a Web site that needs to be efficiently maintained and updated with the latest information available. Other business productivity requirements include groupware such as e-mail and task/meeting scheduling software. Configuration and management of these services within the company is necessary. Scheduled backup of critical information within the company is also vital.

This myriad of voice, data, and multimedia services has given rise to the proliferation of a large number of single-purpose devices. This makes for a large capital investment for businesses, with regard to the equipment itself and to the learning curve and manpower needed to configure and maintain the equipment.

Network services convergence

Another important issue with respect to network services convergence is how the deployment of these services affects other aspects of the management and security capabilities of the business. For example, if a business wants to use VoIP, the service will not work unless the firewall for the business allows the VoIP connections to happen. Specifically, the VoIP signaling, which is typically the Session Initiation Protocol (SIP), negotiates which port numbers the sender and receiver will communicate over. If the firewall disallows these ports to be passed into or out of the firewall, the voice call completes successfully, but the conversation will be blocked.

When the firewall and VoIP service equipment (sometimes called the IP-PBX) are separate devices, the administrator is forced to open an entire range of port numbers – the firewall has no idea which ports will be used for any conversation. If the firewall and VoIP services products are combined into one product, the SIP signaling could simply inform the firewall to open a single pair of ports when a phone call is established. This could occur dynamically and with far more security than with two separate products.

This example of how the VoIP call indirectly interacts with the firewall is an important example of how an integrated, multifunction product not only saves capital equipment expense, but also saves operational expense by reducing the amount of configuration the system administrator must do.

The services configuration and maintenance approach

I recently talked with Abdul Kasim, Vice President, Marketing/Business Development and Alex Sarin, Vice President, Product Management, at Critical Links about the company’s edgeBOX product line. The edgeBOX is a great example of how convergence of multiple services into one integrated product can result in multimedia business solutions that offer a robust set of services, yet minimize capital and operational expense.

Despite the name edgeBOX, Critical Links is a software company. It can provide an integrated solution in a software-only format, load the software solution on a customer’s COTS platform, or deliver a complete plug-and-play appliance.

Figure 1 shows the software functions available. These individual pieces are software from the open source community.

Figure 1

For example, the VoIP, IP-PBX component is from the Asterisk open source telephony platform. Key additional pieces making up the Critical Links integrated solution are:

  • The integration software that enables one component to dynamically configure another component
  • The unified management system

Demonstrating depth of integration, the edgeBOX software will take the ports provisioned to carry the voice traffic of a VoIP call and configure pin holes within the firewall component of the security software block. When the call ends, these pin holes are removed. Further, when the VoIP call has negotiated the parameters of the call, these parameters are used to configure the Quality of Service (QoS) component as well. The QoS handles inbound and outbound Service Level Agreements (SLAs) for VoIP calls and allows for custom QoS pipes that guarantee bandwidth in the event of congestion for communication or data transfer tasks that are critical for the company.

In addition to its IP-PBX, security, and QoS components, the edgeBOX solution has router software that transparently handles traffic between the WAN, wireless LAN, LAN, and DeMilitarized Zone (DMZ). The edgeBOX Wi-Fi support includes operation as an embedded access point or as an access point controller. When combined with the IP-PBX component, the edgeBOX allows for Wi-Fi VoIP phone access. Network Attached Storage (NAS) is also available with scalable storage capacity and Redundant Array of Independent Drives (RAID) capability. Collaboration services including e-mail and groupware (calendar and task lists) are also available.

All these distinct components are stitched together in such a way that a component performing a dynamic task can use that information to configure other components involved in the delivery or access of that information.

If you look at the configuration of each of the open source component products, you will notice that they tend to be configured in a technology-centric way. For example, config-uring the Asterisk IP-PBX service involves setting up user IDs, call IDs, call port number ranges, available codecs for encoding and decoding the audio passed in the call, and many other things. The unified management component exposes a higher level services-oriented view for the user. So the system administrator configures the edgeBOX system taking into account users of the system and their access and service capabilities. The edgeBOX software then takes this general services-oriented configuration, identifies the information pertinent to each component in the system, and does the nuts and bolts configuration of each of the components.

Some companies find it convenient to use the edgeBOX configuration and manage-ment interface. This capability allows for businesses with multiple sites to deploy multiple products and manage them from a single, unified point. For those companies that currently use other management interfaces such as HP OpenView, all the edgeBOX software can be configured with those management stations as well. Figure 2 is the integration communication and management UI.

Figure 2

Software architecture

Figure 3 shows the edgeBOX software ar- chitecture. Each of the open source com-ponents is housed in the edgePACKS block. The edgeBOX services block implements the glue code that passes the dynamic infor-mation of each of the individual components among each other as needed. This block also interfaces to the management block, which enables monitoring and reporting of system operation.

Figure 3

At the top of Figure 3, each of the interfaces and APIs comes up through the edgeBOX unified management interface and can also be accessed through other third-party management systems. The software architecture also takes Linux system health and debug facilities and exposes them as monitoring agents to third-party software or to the reporting software of the edgeBOX management user interface.

Dynamic updates of existing components and addition of new components are per-formed through the Linux RPM facility. Critical Links has architected the software so the integration code can understand which components are enabled in the system and provide the communication services between the existing components as needed. If a software component is not enabled in the system, the integration code simply does not call the service APIs of that component.

About Critical Links

Critical Links was spun out of Critical Software, a company based in Portugal that develops mission-critical applications for a variety of customers worldwide. While Critical Links received its first round of funding only last year, the 50-plus employee company is already involved in hundreds of deployments around the world.

Critical Links is also involved in the Intel Enabled Server Acceleration Alliance (, where the company focuses on fault tolerance and utilizing multicore technology with its converged services software platform. Critical Links recently announced support for an Intel multicore, multiservice business platform. The software does not currently provide anything special for multicore platforms other than utilizing the Symmetric Multiprocessor (SMP) capabilities of the Linux v2.6 operating system. But future versions may include dedicating specific services to specific cores.


Critical Links appears to be at the nexus of multiple forces pulling at today’s small- and medium-size business needs. This is largely due to a flexible software architecture that accommodates integration of multiple components to achieve a business services solution that is simple to configure and use. The open source community provides a solid foundation of technical capability for specific functional components, but at the cost of a very technology-centric user interface. Silos between these open source components make it too expensive and time consuming for businesses and their IT departments to use directly. The need for a more efficient, complete solution for effective capital equipment spending and lower operational expense is also important. Critical Links has recognized these trends and produced an integrated software solution with easy to use user interface hooks into some very technical software to make it a readily configurable solution for the enterprise.

For more information, contact Curt at [email protected].