Symmetry CloudPBX is a cloud-based, hosted infrastructure solution providing a fully managed, end-to-end service that enables customers to take advantage of a Hosted telephony solution with a full suite of Unified Communications features and capabilities.
Symmetry CloudPBX is supported by equipment deployed in geographically redundant configurations across two physical Datacentre. The design of the network ensures that if there is a loss of connectivity to one Datacentre location, the other location will automatically handle the traffic generated by the subscriber base. The Datacentres are fully redundant with regard to infrastructure and network connectivity.
Symmetry CloudPBX supports a variety of data interconnection methods for access to customer premise equipment (Network Access). The methodologies supported include Internet-based connectivity, connectivity via Managed Internet, or connectivity via Cellular 3G/4G Networks.
The Symmetry CloudPBX platform is at the centre of the network and provides the sophisticated hosted telephony and Unified Communications services.
Session Border Controllers (SBC’s) are deployed in each data centre in high availability mode, meaning there is full redundancy built into each deployed SBC cluster. On the Access side of the network, SBC’s are used to provide security for the Symmetry CloudPBX platform and SIP connectivity to IP endpoints including NAT traversal and VPN connectivity. SBC’s are also used on the Network side for interconnection to partner carrier networks via SIP trunks.
The routing and switching infrastructure consists of IP routers and switches manufactured by Juniper Networks and IBM. There are multiple connections within each data switch to servers, SBCs, and other networking equipment to ensure that no single physical port failure will result in complete loss of connectivity to the network.
The supported IP endpoints rely on the resolution of DNS SRV records to signal to the SBCs. The DNS SRV records control the preferred order and signalling ports for the IP to signal towards. If connectivity to the primary SBC fails, the phones are configured to failover to the secondary address.
Symmetry CloudPBX utilizes world-class Datacentre vendors to provide the space and power required for the network and services to function. All vendors are Tier 3 compliant with the Datacentre SLA providing greater than 99.999% uptime and 24 hour Datacentre monitoring.
Symmetry CloudPBX is dedicated to investigating and correcting security vulnerabilities and preventing fraud relating to the Symmetry CloudPBX services. There are multiple levels of security built into Symmetry CloudPBX. These can be broken down into the following areas:
A number of security strategies are employed (see following sections) that work in tandem to minimize opportunities to intercept, spoof, or hijack VoIP services.
The following Network Security measures are used to prevent unauthorized access to user media and control traffic as well as the use of intrusion detection and prevention mechanisms.
Intrusion detection mechanisms include inline prevention technologies that take preventive action on a broad range of threats including Denial of Service (DoS), without dropping legitimate traffic.
Network protection from policy violations, vulnerability exploitations, and anomalous activity is achieved through detailed inspection of traffic in ISO Layers 2 through 7
Call processing measures restrict communications to only authorized end users, and help prevent spoofing. SymmetryCloud provides the following measures;
SymmetryCloud Account and Access Privileges are based off a hierarchical system with Permissions granularity ranging from Site Administrators through End-Users.
Configuration and administration portals are restricted based on specific business functions and permissions assigned to each user, for example, end users can only access their own information.
Administrators are also limited to managing information for specific sites and data types for which they have been authorized.
Each account has distinct credentials, authentication vectors, and permission sets. Business directory information is made available to users that have been properly authenticated to a management or client portal.
Symmetry partners with Tier 3 Datacentre operators with years of experience in design, implementation, and operation of large-scale, secure datacentres. These facilities provide physical, environmental and access security, protecting Symmetry Networks’s physical and virtual application environments.
SymmetryCloud solution specific fraud prevention and detection mechanisms include: