All Methodologies



AIS Managed VoIP Requirements
    AIS Managed VoIP Network Requirements and Recommendations

    This section provides AIS Managed VoIP customers with network requirements and recommendations to ensure that cloud-based unified communication services operate properly. For successful implementation, the network requirements must be followed without reservations, while recommendations are advised to be followed.

    If your network is managed by AIS, your VoIP Project Manager will ensure that all requirements are met.

    End-to-End Quality of Service Network Requirements

    The requirements stated in Table 2 need to be satisfied for VoIP media traffic to get optimal call quality between extensions.

    Network PropertyRequirementBandwidth | Each network connection in the end-to-end path must have a capacity in each direction that is larger than the maximum number of simultaneous calls plus capacity added for other types of non-real-time traffic and growth
    Delay | lt 150 ms
    Jitter | lt 30 ms
    Packet Loss | lt 1
    Network Readiness Assessment

    The end-to-end quality of service requirements stated above can be validated by performing a network readiness assessment, which determines the quality of the local network and the Internet Service Provider network. Two types as network readiness assessments can be performed to assess the ability of the network to support AIS Managed VoIP communication services:

    • Brief Network Assessment - This assessment leverages basic Capacity Test and VoIP Quality Test tools to test your Internet Connection for AIS Managed VoIP. These tools provide an impression of network capacity and quality in the outbound direction of an enterprise site to the AIS Managed VoIP AWS Region over a time interval of a few minutes.

    • Comprehensive Network Assessment - In this case, a probe is installed at the enterprise site. By running this probe over a longer time interval (e.g. a full business week), a much better impression is obtained of the end-to-end quality and intermediate network hop quality in both directions of the call. Targeted network improvement recommendations can be provided based on this type of assessment.

    The first type of assessment can be performed through self-service but provides minimal insights into the end-to-end QoS over time. The second type of network assessment, which is recommended to minimize the likelihood of user-perceived QoS issues, requires the involvement of AIS Engineers.

    The requirements stated in the next sections must be implemented before a network assessment is performed so that any major network issues are already addressed.

    Enterprise Networks

    Virtual LANs (VLANs) can be used as follows with AIS Managed VoIP

    • Desk Phones and IP Speaker Phones - If VLANs are supported by network switches, then it is recommended to define a VLAN specifically for desk phones and IP speakerphones. This will keep VoIP traffic of these types of endpoints logically separate from data traffic and reduces broadcast domains. It also simplifies the management of these endpoints because their IP addresses are VLAN specific.
    SMB Networks

    Small/Medium Businesses networks are mostly connected to cable provider or DSL ISP networks. These local networks may have lower quality equipment (such as all-in-one modems) than enterprise networks. Frequently, the users on such networks also use WiFi. The combination of these factors makes it more difficult to manage the end-to-end QoS for cloud communications services.

    Wide-Area Networks

    Many technologies exist to implement WANs, including internet, Ethernet Virtual Private Line, MPLS, and SD-WAN. Each type of network technology has its own way of supporting QoS. To ensure that the end-to-end QoS requirements and recommendations are met, it is required that every traversed WAN network segment must have sufficient quality.

    Unsupported Configurations

    Some network configurations are not supported/recommended for AIS Managed VoIP as they are known to cause continuous or intermittent voice quality issues (contributing to high latency, packet loss, or jitter).

    The settings listed below may need to be adjusted on IP devices (Layer 3 Switches, Routers, Firewalls), and Ethernet switches, or be avoided.

    Disabling functionality for the IP and higher layers can be limited to the Static IP Range of your AIS Managed VoIP instance by applying policy-based control.

    OSI LayerSettingApplication | Session Initiation Protocol Application Layer Gateway (SIP ALG), Deep Packet Inspection (DPI), Application Layer Access Control, Stateful Packet Inspection (SPI), also called Dynamic Packet Filtering, Intrusion Detection/Intrusion Prevention System (IDS/IPS), WAN Acceleration
    Transport | Port filtering
    IP | Packet-by-packet load balancing across multiple Internet Service Providers links
    Data Link | Auto-QoS, when used in combination with Polycom phones, Dynamic ARP Inspection
    Physical | Energy Efficient Ethernet, Satellite network connections
    Enabling these functions may result in intermittent call connectivity issues or excessive voice quality impairments (increased latency and jitter), specifically:

    • For some of the functionality mentioned under Application Layer Functions, packet content may traverse a separate processing engine, which may result in the mentioned impairments. The impact may be minimal when using advanced networking devices but could be substantial for SMB devices.
    • Enabling SIP ALG may cause signaling issues when desk phones and VoIP mobile apps are used simultaneously.
    • IDS/IPS functions may limit packet streams to a certain bandwidth causing intermittent audio issues across multiple calls when the number of calls exceeds a certain volume. To reduce bandwidth, WAN accelerators use header compression to reduce traffic. For VoIP traffic, this can result in increased jitter.
    • Port filtering, such as UDP flood protection, may limit bandwidth thereby causing intermittent voice quality issues when many simultaneous calls occur.
    • Packet-by-packet load balancing may cause increased jitter and out-of-order packet arrival at the receiving media processor in the AIS Managed VoIP cloud instance. This may result in packet loss and intermittent or continuous voice quality issues, such as interruption of audio and SIP messaging in Session Border Controllers (SBC).
    • Use of Auto-QoS may cause voice quality issues (such as distortions or incorrect volume levels) with older Polycom speakerphones and older versions of desk phones.
    • Green Ethernet is used on switch ports to save energy by automatically turning them into low power mode after they have not passed traffic for some time. This may also cause intermittent signaling and media traffic issues.
    • Satellite connections introduce delays much exceeding 150 ms in each direction and, depending on the quality of the satellite connection, may also cause excessive jitter and packet loss. It depends on end-user expectations whether this is acceptable.
    DNS

    AIS Managed VoIP uses Amazon Route 53 DNS Services for the following:

    • Provisioning and firmware update services for desk and conference phones.
    • Call servers.
    • Presence status.
    Endpoints access these services via DNS lookup to resolve a domain name into an IP address.

    VoIP endpoints rely on a DNS service to resolve the call server domain name (e.g., voip.aislabs.com) obtained from the provisioning service to its corresponding call server address.

    It is important that the domain name of the call server gets resolved to an IP address that is geographically close to the physical location of endpoints. Use of a single corporate DNS (e.g., country-wide or even a single global DNS) instead of a distributed DNS to resolve domain names to local IP addresses may result in longer paths to media servers, which adversely affects voice quality.

    NAT

    Network Address Translation/Port Address Translation functionality (generically referred to as NAT) is applied at the border between two networks to translate between address spaces or to prevent collision of IP address spaces. More specifically, a NAT function translates a source (IP address, port number) pair of outbound packets into a public source (IP address, port number) pair and maintains table entries corresponding to this translation to allow inbound response traffic to return to the proper host in the private network.

    NAT is frequently implemented as part of a firewall functionality, but can also be implemented stand-alone.

    For proper operation of the AIS Managed VoIP extensions, a minimum Network Address Translation time out needs to be configured. Cisco phones send a follow-up REGISTER refresh message every 4 minutes, Polycom phones every 5 minutes. As a consequence:

    • NAT entry expiration timeout must be set to greater than 5 minutes to cover all extensions.
    QoS Classification and Traffic Treatment Policies

    AIS Managed VoIP traffic needs to be classified and treated properly in enterprise and service provider networks to ensure that end-to-end QoS requirements are met. In terms of QoS, VoIP and video impose the most severe constraints on the network because delay, packet loss, and jitter QoS requirements requirement need to be met. Signaling traffic has lower QoS requirements since real-time requirements do not apply and packets can be retransmitted when lost. Other types of service traffic, such as messaging and directory services, can be treated more like data traffic.

    Common Constraints

    Ideally, COS tagging and DSCP marking values are used across the entire network between VoIP extensions and cloud-based AIS servers, and traffic is treated according to this classification, which is referred to as honoring the marking. However, in practice this is often not entirely possible because:

    • Some network devices do not support sufficient QoS capabilities. Examples are low-end routers.
    • COS values are often not managed in small networks.
    • ISPs may change DSCP markings along the internet path, e.g. from DSCP 46 to 0.
    • In large corporate enterprise networks, with sites connected to an MPLS or Metro-Ethernet network, a DSCP to COS mapping must be performed by the WAN network border devices.
    • Some endpoint types do not mark COS/DCSP value yet
AIS VoIP Billing Portal
    The AIS Client Portal allows Administrators to view and manage payment and services tied to their AIS Managed VoIP and other AIS Services. This section covers the overview of your AIS VoIP Services.

    The AIS VoIP tab lets you access and configure your services, how to change it, how much it costs, your Billing Cycle and your Next Billing Date.

    Billing - Service Plan

    • Log In to your AIS Account. You need to have an Admin / Billing admin account to access the Billing tab.
    • On the Admin portal, click the Billing tab. Service Plan section is displayed by default.
    • On the Service Plan page you will have access to these information:
    Service Plan

    Shows the plan your account is subscribed to. Click Change button to open a window with a link to the Plans and Pricing page. To proceed with changing your plan, Contact AIS Support:

    Billing Plan

    Shows your account’s monthly Subscription fee.

    The Billing Plan does not include the additional services such as additional numbers and lines. To learn how to view your Monthly Billing Statement, go to View Billing History.

    Billing Cycle

    Shows the interval of time during which bills are prepared for the services consumed on your account.

    The Change Billing Cycle button is visible if your account is currently set-up on a monthly billing cycle. If you want to switch from Annual Subscription to Monthly Subscription, Contact AIS Support

    Billing History

    Click View button to view the list of your Billing Transactions and Billing Statements. For more information, go to View Billing History.

    Account Credit

    If you downgrade your account at the middle of your Billing Cycle, the remaining funds will be added to your Account Credits, instead of a refund.

    Next Billing Date

    Shows the date when AIS receives the payment from your account.

    Additional Services

    Lists the services not included in your base plan that you have added to your AIS Account. For more information, go to Billing - View add-on services to your Service Plan.

    Cancel Service Plan

    Provides you the contact information to proceed with cancelling your Service Plan and what to expect after your account is cancelled.

AIS VoIP Phone Compatibility
    Most SIP-compatible phones may be used with AIS Managed VoIP

    The following phone brands and models have been specifically validated to function properly with AIS Managed VoIP

    • GXP1xxx
    • GXP21xx
    • GXV3xxx
    • GRP26xx
    • GAC2500
    • WP820
    • IP Phone 88xx
    • IP Phone 78xx
    • IP Phone 794x
    • IP Phone 796x
    • Poly Trio 8300
    • Poly Trio 8500
    • Poly Trio 8800
    • SoundStation IP 5000
    • SoundStation IP 6000
    • SoundStation Duo
    • SoundStation 2
    • VoiceStation 300
AIS SIEM Alerting
    Visualize the data to identify what conditions are meaningful and relevant to create alerts

    • Configure granular security permissions specifically for your company
    • Alert via: text, email or slack
    • Be aware of what is going on so you can proactively make decisions
    When there are alerts, dashboards save time in follow up and route cause analysis based on those alerts

    • Does action need to be taken or not
    • Example: Employee deletes 100 folders do they need to be restored or are they junk?
    Identify blind spots in your network a Penetration Test can’t catch

    Identify patterns in security log data from different systems now in one place
AIS SIEM Challenges Addressed
    Security logs for different systems are all in different locations

    • To address security concerns you have to take the time to look in different places, if you’re trying to identify pattern of behavior have to do it manually
    Ability to Detect Security Concerns that are not detected by a penetration test/Security threats are rapidly evolving

    • This can find things a penetration test can’t
    • Penetration test created before the cloud exists, there are new threats because of the cloud that a penetration test wasn’t designed for
    • Hackers are finding new ways of getting past
    • Dark underside of the cloud- “As companies rely more upon different SaaS platforms instead of traditional servers in their business, it’s harder to keep track of security when your data is spread out all over the cloud. A managed SIEM enables you to securely keep track of all the pieces.
    • Employees with anonymous links on Microsoft OneDrive that were being accessed by Russia
    • Hacker made anonymous links to files on hard drive through email
    • If someone gets into your O365, they can hide links in your one drive, even if you clean up your O365 they can still get into those links and then back out into new O365 files
    • More potential for backdoors that previously didn’t exist because of cloud for hackers to access data through:
    • O365
    • Google G-suite
    • 3rd party applications
    • Sales/Marketing Startup Software (Airtable)
    • If you use your O365 or Google G-Suite account to log into a 3rd party app you grant access to data, if that company is hacked it’s a back door into data
    • Ability to detect unintentional data access by authorized 3rd party apps
    • Ex: log into a 3rd party SaaS through O365 you give access to your data
    Accommodate data from different vendors, on premise and different types of clouds

    • On prem, cloud (AWS, Azure, etc.) and different manufacturers
    • Differentiator against SW and AV: being able to deliver it as a turnkey managed service at an affordable cost
    • How to compare and contrast between an older SIEM and our SIEM
AIS SIEM Overview
    • Single portal for centralized security and event log collection, monitoring, analysis, and alerting
    • Device brand-agnostic, and infrastructure architecture-agnostic - aggregates, on-premise, cloud, third-party SaaS, and hybrid infrastructure architectures
AIS Managed Firewall Features And Benefits
    • Overall
      • Standard configuration is two physical devices configured for high-availability and fail-over to protect against hardware or internet connection failure scenarios
      • SD-WAN solution
      • Remotely monitored with configuration backup
      • Web and Internet Content Filtering​
      • No pre-set software feature limits, maximum capacity limited only by hardware capability
      • Captive Portal to force authentication, or redirection to a click through page for network access
      • ​​Traffic Monitoring and Application Filtering
      • PPOE Server
      • Multiple DHCP Interfaces
    • Firewall
      • Bandwidth Prioritization
      • Robust NAT, DHCP, DNS, capabilities, monitoring and reporting
      • Connection state synchronization for near-seamless internet failover
    • VPN
      • Dynamic DNS and SSL VPN Support
        • No Pre-set limit for End-User VPN connections
      • Layer 2 bridging capability
      • End-User VPN Access
        • ​Active Directory and RADIUS Authentication
      • Site-to-Site VPN Tunnels
        • ​​​​Redundant/Mesh VPN Tunnels with OSPF routing
        • Legacy IPSec Tunnel support
      • Site-to-Cloud VPN Tunnels
        • Microsoft Azure, Amazon AWS, Private Data Center support
    • Routing
      • Multi-VLAN
      • Multi-WAN Internet Connection Support
        • Active/Active or Active/Standby
      • Robust Software-Defined WAN Topology Support
        • Hub-and-spoke, Partial-Mesh, and Full-Mesh
        • LAN and WAN CARP Capability – Two devices can share a single External IP Addresses
    • IDS/IPS and Web Filter
      • Google Safe Browsing support
        • Hourly updates from the Google Safe Browsing database which includes information about websites that may be phishing sites or possible sources of malware.​
      • ClamAV Anti-Virus with Hourly ClamAV Database Update​


AIS Managed Firewall Specifications
    Baseline specifications (Per Device):

    • CPU: Intel Quad-Core 2GHz 64-bit Processor
    • RAM: 4GB
    • Storage: 64GB SSD
    • Ethernet: Quad 1Gb Ethernet Ports

    *Upgraded hardware specifications available depending on use-case performance needs
Citrix Implementation Delivery Controllers
    The Controller manages the state of the desktops, starting and stopping them based on demand and administrative configuration. In some editions, the Controller allows you to install Profile management to manage user personalization settings in virtualized or physical Windows environments.
Citrix Implementation XenApp-and-XenDesktop Parallel Migration
    During a parallel migration a new infrastructure based on the new software version is build in parallel to the existing environment.
Competitive Comparison
Detailed Feature List
    | Feature | Description | Included By Default? (Y/N)
    | Alternate Numbers w/ Distinctive Ring | Distinctive rings to quickly ID the source of the call. | Yes.
    | Analog Hotline | Requires Analog Terminal Adapter. | No, available if needed.
    | Anonymous Call Rejection | Pushes anonymous calls out or reroutes them. | No.
    | Business Continuity (CFNR) | Routing unreachable calls to a predetermined phone number. | Yes.
    | Busy Lamp Monitoring | Quickly determine someone’s availability. | Yes.
    | Call Forwarding Always | Setting to forward all calls to a different number. | No. (User defined pref.)
    | Call Forwarding Busy | Pushing calls to a different number if the line called is busy. | Yes. (Based on call group and user pref)
    | Call Forwarding No Answer | If the number called doesn’t answer, the call is forwarded. | Yes. (Based on call group and user pref)
    | Call Forwarding Selective | Forward calls from a list of phone numbers to a predetermined number. | Yes.
    | Call History | Built in feature. | Yes.
    | Call Hold Resume | Built in feature. | Yes.
    | Call Logs w/ Click to Dial | Built in feature. | Yes.
    | Call Notify | Feature could be custom applied by AIS but is also dependent on your database/records. | No. (could be added if needed)
    | Call Queue Agent | Set-up as requested. | Yes.
    | Call Redial | Built in feature/hard button. | Yes.
    | Call Return | Built in feature to call last number that called you. | Yes.
    | Call Transfer (Attended Blind) | Transfer call while remaining on the line, or transfer call without remaining on the line. Built in feature. | Yes.
    | Call Waiting | Built in feature. | Yes.
    | Call Waiting ID | Built in feature. | Yes.
    | Connected Line ID Restriction (COLR) | Block your number ID from the person calling in. | No. (could be added if needed)
    | Connected Line Appearance Restriction | Allows certain phone numbers through to a pre-designated line when on the approved list. | No. (could be added if needed)
    | Directed Call Pickup | Picking up a call outside of your ring group or ext. | Yes.
    | Directed Call Pickup with Barge In | See above but with a code for barge-in. | No. (Can be added)
    | Do Not Disturb | Built in feature. | Yes.
    | Enterprise Phone Directory | Directory built for a robust company structured that is easy to navigate. | Yes.
    | Executive / Executive Assistant | N/A | N/A
    | Extension Dialing, Variable Length | Allows extensions of variable lengths to be used. | Yes.
    | Feature Access Codes | ‘*’ followed by a number to utilize a feature. Ex- *67 | Yes.
    | Hoteling (Host) | Temporary utilizing non-standard office space. | No.
    | Hoteling (Guest) | Guest temporarily using space. | No.
    | Inbound Caller ID (Name) | Standard feature. | Yes.
    | Inbound Caller ID (Name Number) | Standard feature. | Yes.
    | Inbound Fax to email | Redirect an incoming fax to a designated email address. | Yes.
    | Mobility | Phones can be set up anywhere there is the required connection. The App is also an option. | Yes.
    | Multiple Line Appearance | Multiple lines assigned to a single extension. | Yes.
    | N-Way Calling (6)1 | Grandstream allows 3-way conf calls standard. | Yes, but not 6 to 1.
    | Office Anywhere | Multiple ways of accomplishing this. | Yes.
    | Outbound Caller ID Blocking | This is a feature access code. | Yes.
    | Personal Phone Directory | Standard feature. | Yes.
    | Priority Alert | Supported feature for custom ringtones. | No. (But can be added by user or AIS)
    | Privacy | Similar to DND | Yes.
    | Push-to-talk | Not an option on this phone. | No.
    | Remote Office | Similar features to Mobility. | Yes.
    | Selective Call Acceptance | Blocks all calls but certain numbers. | No. (could be added if needed)
    | Selective Call Rejection | Allows all calls but certain numbers. | No. (User pref to be set up as needed)
    | Sequential Ring | Ring to next designated number if no one answers. | Yes.
    | Shared Call Appearance | Allows multiple platforms to show the same number. | Yes.
    | Simultaneous Ring | Ringing to multiple devices while receiving a call. | Yes.
    | Speed Dial 100 | Supports up to 100 speed dials. | No. (User defined as needed)P{
    | Fax Support | Not a phone feature, but a network feature. | Yes.
    | Three-Way Calling | Standard. | Yes.
    | Unified Messaging | Not a feature of this phone/system. | No.
    | User Web Portal | Access to features and settings. | Yes.
    | Video (Point to Point) | Not an option on this phone. | No.
    | Visual Voicemail | Voicemail audio transcribed automatically to text. | Yes.
    | Voice Mail | Built in feature. | Yes.
Ease Of Scalability
    Scaling AIS VoIP usage is very straight forward and incurs no penalty. Adding a line is as simple as requesting to purchase the hardware (if needed) and the monthly bill being increased by an all-inclusive rate. Scaling down is also at a linear rate per line.
Flexible Calling Capabilities
    • Unlimited phone calls within the US
    • Available International Calling
    • Call management and phone system administration
    • Mobile apps for Android™ and iOS®
    • Multi-level auto attendant
    • Voicemail-to-email with Speech-to-text provided by IBM Watson®
    • Conference call bridge
    • Call recording
    • Professional Implementation
    • Call log reports
    • Fax-to-email
    • Custom app integrations available

Industry Leading Open Source Software
    In designing a robust, reliable, VoIP platform, AIS selected the Asterisk VoIP server software, which is perhaps the most mature and widely deployed VoIP server.
Simplified Billing
    AIS Managed VoIP monthly billing is inclusive of all taxes.
Last modified April 16, 2021