Understanding Cisco IPC Express Deployment Models

This section explores Cisco IPC Express network deployments in greater detail. This assumes that one of the Cisco IPC Express models described in the preceding sectiona pure Cisco IPC Express network with one or more interconnected sites, or a hybrid Cisco CallManager and Cisco IPC Express networkis a good fit for your organization.

Three general deployment models are discussed here:

• Standalone office A single-site business with typically fewer than 100 employees .

• Multisite business A branch or remote office interconnected to other sites in the same network.

• Service provider (SP) managed services Can be either of the previous two categories. Instead of the company buying and managing the equipment for its own services, it pays a recurring charge to a local SP. This SP owns the equipment and hosts the services, typically both voice and data services.

Standalone Office

The standalone office model fits the vast number of small, single-site companies throughout the world that have fewer than 100 employees. Here are some examples:

• A dentist's office

• A small health clinic

• A professional services office for architects , lawyers , or interior decorators

• A small charity

• A florist shop with three locations in the neighborhood

These types of businesses have no IT organization, and their handful of employees are focused on conducting the company's core business. They are dentists, dental assistants, plumbers, lawyers, florists, or car mechanics, not IT professionals. Data and voice services supporting these types of businesses are either hosted by a local SP or installed and maintained on the premises by a local value-added reseller (VAR) or systems integrator (SI).

IP telephony can be as advantageous to this type of small business as it can to a large enterprise with considerable IT expertise. Voice services to small companies such as these traditionally have been provided either by centrex services or by a key system installed by a VAR or SI. Data service was provided by the local Internet service provider (ISP), which placed some type of CPE onsite and managed it from a central point.

For any site except the very smallest of perhaps only one or two employees, the CPE equipment would include a router and basic security services, such as a firewall.

The next several sections explore different aspects of the standalone office network, including the network architecture, applications, management, and security services deployed.

Network Architecture

Cisco IPC Express is an excellent choice for a single-site, standalone office. In a world before IP telephony, such an office would have had an onsite router for data services and a separate key system or centrex for voice services. Now the router can be extended to provide converged data and voice services to the office. It also can be managed in the same way as before (either by an ISP or by a VAR or SI). Furthermore, both the business and the SP can realize cost, space, and management savings.

Savings just in wiring of a new office could be enough to make Cisco IPC Express cost-effective . Because the phones and computer equipment are all Ethernet-based, only Ethernet wiring is required in the office. Furthermore, only a single Ethernet wire or jack is required to each employee location or desktop. Computer equipment can be plugged into the back of the phone, and virtual LAN (VLAN) technology can be used to provide virtual separation (and therefore security) of voice from data traffic.

Leading-edge productivity features and improved customer service IP-based applications, such as XML services, can also be deployed easily over this converged infrastructure.

Figure 2-4 shows what such a single-site office's network might look like.

The network in Figure 2-4 has the following components :

• Employee desktop Cisco 7960 IP Phones are provided for employees who work at a desk with a computer. The PC is connected via the phone's Ethernet switch. It also is connected via a single Ethernet cable to a LAN switch that provides inline power to the phones. In Figure 2-4, the LAN switch is a separate component, but it too can be integrated into the router chassis for offices requiring 50 or fewer LAN connections. The ability to connect computer equipment via the phone substantially reduces the overall number of switch ports required in the office. However, this might require that an existing LAN switch be upgraded to provide inline power for the IP phones.

• Internet connectivity This is provided via a DSL or a similar type of uplink to the local ISP, which also might host the company's e-mail services. For larger offices, DSL may not have sufficient bandwidth. Internet connectivity may then be deployed via fractional T1/E1 leased-line services, or even a grouping of multiple DSL or Basic Rate Interface (BRI) lines.

• PSTN trunks Small businesses often prefer familiar key system operation. In this system, individual PSTN lines are mapped to buttons on the phones labeled as Line1, Line2, Line3, and so on up to the number of lines coming in from the PSTN central office. (This arrangement is called shared-line appearances .) These PSTN lines are analog Foreign Exchange Office (FXO) connections to the central office (CO). Each line carries a single incoming or outgoing phone call. Caller ID is typically delivered on such connections, but direct inward dial (DID) operation is not. A variation of this offering from the PSTN offers DID operation; this is technically known as analog DID service . It may have a different cost than the plain FXO service. You'll read more about this in Chapter 6.

• Attendant console Many small businesses with more than a handful of employees or considerable front-office customer interaction (such as a doctor's office) prefer that an attendant or receptionist answer incoming calls. Although these businesses might use an automated attendant (AA) for after-hours coverage, the typical preferred customer interaction during normal business hours is person-to-person .

• Management station This is a web-based GUI management application for daily moves, adds, and changes to the system configuration.

• Other voice services One or more fax machines are used by almost every type of business. A small number of analog phones may also be used around the office, such as for emergency backup PSTN connectivity if power to the building fails.

  Low-end IP phones, such as the Cisco 7902 or 7905 phones, are scattered throughout the office in break rooms, health clinic exam rooms, lobbies , and perhaps conference rooms. These are often single-line phones that typically are not used to receive calls from the PSTN (they also do not have PC Ethernet ports). Instead, they are used for calls internal to the office or outgoing calls. Being IP phones, though, they participate in the intercom, paging, and display-based features often useful in a small office environment.

  The Cisco 7920 wireless phone can also be a great productivity enhancer for employees whose responsibilities demand both reachability and mobility, such as a retail floor supervisor, a warehouse supervisor, a bank branch manager, or a restaurant shift manager.

Applications

For certain types of small businesses, voice mail is essential. For these businesses, such as architectural and law firms, personal contact with the customer or client is imperative to conduct business. For other types of businesses, such as restaurants or small retail outlets, an application such as voice mail may not be desired.

A small company might not use an AA application during business hours, preferring instead the personal customer interaction of a receptionist. Yet AA remains an essential application after hours to provide information such as business hours, directions to the office, and perhaps an emergency announcement informing clients that the office is closed unexpectedly because of illness or inclement weather.

Industry segment-specific XML-based applications can be tailored to each business to provide specific productivity or customer service-enhancing applications. For example, a stockbrokerage might have a stock ticker running on the phone display. A hotel might have a room status application in which the maid can update the room status from the phone in the room she just cleaned.

Management

Figure 2-4 shows a GUI management computer in the office. With the latest web-based GUI technology, a nontechnical person can make incremental modifications to the system without scheduling an appointment with the VAR or SI that installed the system. Examples of these types of changes include the following:

• Adding voice mailboxes

• Changing the spelling of employee names

• Adding or changing an extension within the office

• Adding an extension and voice mailbox for a new employee

However, system installation, initial setup and configuration, software upgrades, and turning on new services are most likely done by the SP or the SI or VAR from whom the system was purchased or leased. If any trouble is experienced , these organizations are responsible for isolating the problem and working with the system's vendor to correct system operation.

Security

Any network, especially a system connected to the Internet, requires security measures to protect the system, the applications, and the network itself from unauthorized access. At the very least, a firewall must be deployed. You probably also need a number of access control lists (ACLs) to limit access to the IP addresses and ports on the equipment connected to the Internet (router) and the systems (IP phones, application servers, or PCs) behind it. Virus protection, intrusion detection, and client network access control (NAC) are usually also necessary.

It is unlikely that the employees of the small business are directly involved in defining or setting up security measures for the office. Typically, the SP or VAR/SI that provided the system also deploys the required security filtering mechanisms during the system's initial configuration and setup.

Multisite Business or Enterprise

The multisite business or enterprise model could be a good choice for any size enterprise network. In general, Cisco IPC Express is a better fit at the low enda network with a small number of sites and fewer than 200 employees per site. The larger the network (that is, the more sites and employees there are), the more likely it is that a centralized Cisco CallManager is the more appropriate solution.

As discussed in the earlier section "Cisco IPC Express Networks," many of these multisite networks find a centralized Cisco CallManager (for call processing) and Cisco Unity (for server-based unified messaging) the best solution for their needs. But Cisco IPC Express may still be a good choice for sites of a smaller enterprise, or certain (or all) sites of a larger enterprise, for the reason enumerated earlier.

This section considers two types of networks in the multisite enterprise model:

• Small enterprise Typically a smaller number of sites (for example, fewer than ten) in the enterprise, all using interconnected Cisco IPC Express systems.

• Hybrid enterprise Typically a larger number of sites overall, with only a small number of these using Cisco IPC Express. The other sites either are still using the key systems or private branch exchanges (PBXs) they have long used or are using a centralized Cisco CallManager solution.

The larger the enterprise, the more IT structure and organization it is likely to have. Therefore, these businesses tend to own their systems and equipment. They also either manage their own networks or outsource them to SPs that specialize in services for large enterprises .

IP telephony for enterprises with a large number of sites may be valuable for many reasons. These include the wiring savings outlined earlier for the standalone office, saving international calling charges, productivity-enhancing applications, and converging the network infrastructure, resulting in less equipment to manage. Another opportunity for savings is to provide a repeatable template of network equipment and topology for a large number of remote locations, all with an identical configuration. (An example is the stores of a large retailer where the bakery is always extension 5000 and the pharmacy is always 4000.)

The average branch office location for an enterprise network already has a well-used router on the premises. Adding Cisco IPC Express requires only an upgrade in software (and memory), perhaps the addition of hardware components, such as voice interface cards for the PSTN trunks, and the deployment of IP phones.

There is always an exception to every generalization, and this is also true with network deployment models. Although larger enterprise networks generally tend toward the hybrid model or the pure centralized Cisco CallManager model, several very large enterprise networks with thousands of locations deploy Cisco IPC Express at every site and interconnect the sites across their networks. This is often found in the retail industry, because this model fits its general business model.

The Small Enterprise

Typical business types that fall into the small enterprise category include

• A local credit union or small bank with a few branches in a bounded geographic area

• A local retail store with a small number of locations in a city or state

• A chain of a few health clinics belonging to a local hospital or health maintenance organization (HMO)

The next several sections look more closely at the different aspects of the small enterprise network, including the network architecture, applications, management, and security services deployed.

Network Architecture

Cisco IPC Express is an excellent choice for a small business with a limited number of sites, perhaps ten or fewer, or even up to 30 or so. The exact point where a centralized Cisco CallManager starts to make more sense depends on

• The individual business

• Its management style

• The QoS readiness of the network between the sites

• The cost basis of the intersite connectivity

• How loosely or tightly coupled the sites are to one another in the normal course of a day's business

For a business with a loosely coupled business model, individual Cisco IPC Express sites interconnected with only a minimal data network (bandwidth of less than 64 kbps and no QoS deployment) and the PSTN for voice access would suffice. An example of such a business could be a restaurant chain. This kind of network looks essentially the same as the standalone model explored in the preceding section. Because the sites have only PSTN calling between them, no VoIP binds the sites together, and the network topology of each location would look like a standalone entity (from a voice traffic perspective).

The more interesting case to consider as the multisite enterprise is when the business model dictates that VoIP connectivity between the sites for toll savings or other management reasons is advantageous.

Figure 2-5 shows a sample network topology of what such an enterprise's branch office network might look like. This representation takes a general view of the branch office.

There is significant similarity between the detailed layout of the small enterprise branch office and that of the standalone single-site office discussed earlier. The new or additional considerations are as follows :

• Employee desktop Depending on the business the company conducts, the percentage of employee desktops varies. A retail organization has comparatively few desk-bound employees, whereas a bank or insurance company has a higher percentage. In each case, though, there is an employee who works on the floor or at a teller location, and these stations are often not equipped with individual phones or computers. Instead, shared resources are deployed for use by these employees. Personal calls are likely made from a public payphone in the break room or from a small number of phones set aside in a shared employee space that employees can access during their breaks.

  Desk-bound employees tend to have voice mail, whereas the employees on the retail floor are much less likely to find voice mail productive for their work environment and responsibilities. Sometimes voice mail is still deployed for these employees (again, accessed from a common phone or break room) for human resources or training purposes.

• WAN connectivity The network between the sites is likely to be a private WAN of some type. It could also be a virtual private network (VPN) using the public Internet as the transport, but as such it is not QoS-enabled and, therefore, is not a good fit for deploying VoIP traffic.

  A VoIP-capable WAN is most likely either privately owned or provided as a single service to all the sites of the enterprise by a SP. A VPN may still be used on top of the basic network service. Each site's connectivity depends on the site's geographic location and its bandwidth needs. It could be DSL, BRI, fractional T1/E1 access, or even metro-Ethernet. Larger offices may require a full T1/E1 or may bind together multiple DSL or BRI physical access lines to provide larger bandwidth.

  The U.S. offering of integrated access, encompassing both voice and data channels sharing the same physical T1, is a very attractive offering for this type of office. The voice (PSTN) connection could be either T1 in- band signaling (T1 Channel Associated Signaling [T1 CAS]) or fractional PRI. The data connection is most likely Frame Relay.

• PSTN connectivity PSTN connectivity also depends on the office's size and location. It could be low-density analog (FXO or analog DID) or BRI connections or higher-density fractional T1/E1, perhaps with (fractional) Primary Rate Interface (PRI) service.

  The business model and size of the office dictate whether the office might prefer key system operation (Line1, Line2, and so on appear on the buttons of each phone) or PBX-like operation with typically a single extension per phone and DID service from the CO. Smaller offices more often tend to use key system (shared-line) operation, because that is the traditional voice system they were likely to have had installed before migrating to IP telephony. In larger offices, it becomes impractical to have a button appearance for each incoming CO trunk. These sites tend to be better candidates for DID service. A human or AA provides receptionist services for general incoming business calls and directs clients to the correct department or employee extension.

• Other voice services When a small number of sites (such as five or fewer) are interconnected, the on-net dial plan is often simple enough to be implemented directly at each site. However, this meshing of sites becomes increasingly complex to manage as the number of sites increases . For this purpose, a gatekeeper (GK) is shown at the main site in Figure 2-5. For enterprises of approximately ten or more locations, centralizing the dial plan management is well worth considering. An H.323 GK is the way to accomplish this when multiple Cisco IPC Express sites are interconnected. This way, the dial plan is administered in a single location and is not duplicated at each site, making changes to the dial plan easy to accomplish.

Applications

Voice mail and AA applications were great productivity boosters when they were introduced a decade or two ago. By now they are pervasive and essential services to most enterprises. Although a receptionist may still provide close customer interaction for general business calls and walk-in clients in the lobby, a supplementing AA or interactive voice response (IVR) system becomes increasingly indispensable as the business grows. The AA fields recurring customer queries for information such as account balances , driving directions, office hours, ordering of forms, health exam results, and other services.

Industry segment-specific XML-based applications can be tailored to each business to provide very specific productivity or customer service-enhancing applications.

Management

Figure 2-5 does not specify the equipment used to manage the network. Most likely, as with the GK shown at the main location, one site is larger or more central to the operation of the enterprise than others. All the sites are managed from this location. This may be as simple as having a single server from where the GUI of the Cisco IPC Express systems at the other individual sites is accessed, to having more sophisticated network monitoring and management tools.

Security

Security considerations for any enterprise network are imperative. Because the individual sites are most likely not directly connected to the Internet, but instead are connected to some SP offering or VPN for the enterprise, a certain amount of security is gained from the SP's equipment, firewalls, and intrusion detection systems. However, the enterprise should still employ its own mechanisms, especially if any of the sites is directly connected to the Internet or has Internet access in addition to the private WAN connection between the sites.

Figure 2-5 shows only the main location with Internet access, providing this public network entry point to all users from sites in the enterprise. This Internet connection should be fully protected by the appropriate security measures.

The Hybrid Enterprise

Hybrid enterprises include larger national and multinational banks, insurance companies, financial brokerages, and retail chains with considerable geographic coverage. Distributed call processing in a segment of the network makes sense for these enterprises primarily because of WAN connectivity attributes, franchising of stores or locations, or multiyear IP telephony roll-out schedules. These can be dauntingly large and complex in networks with up to several thousand sites or, occasionally, tens of thousands of remote sites.

In the hybrid enterprise, some of the sites, usually a smaller number, are a good fit for Cisco IPC Express for the reasons enumerated earlier. The rest of the enterprise (usually the larger number of sites) still uses either traditional time-division multiplexing (TDM) voice equipment or higher-end IP telephony solutions, such as Cisco CallManager and Cisco Unity.

The next several sections look more closely at the different aspects of the small enterprise network, including the network architecture, applications, management, and security services deployed.

Network Architecture

As shown in Figure 2-6, large enterprises have many WAN backbones designed to aggregate the traffic from an extensive number of remote sites and to provide interconnectivity between all the sites. Directly meshing a large number of sites is impractical. These networks invariably have a hierarchical, layered design. Remote sites may be connected via a plethora of different technologies, including DSL, BRI, and serial access. The aggregation network also often contains a number of technologies, such as Frame Relay, asynchronous transfer mode (ATM), and/or multiprotocol label switching (MPLS). The core network consists of high-bandwidth connections and LAN or ATM switches. A third set of technologies (such as Gigabit Ethernet, fiber transmission, and optical rings) is not directly relevant to the discussion of Cisco IPC Express.

The following are three situations in which Cisco IPC Express is a good solution for a subset of the sites of a medium or large hybrid enterprise:

• The enterprise has a QoS-enabled WAN that can carry VoIP traffic, but it is not ready to deploy IP telephony everywhere. Therefore, it is starting with a pilot at a small number of sites. This is the model further discussed later in this section and shown in Figure 2-6.

• The enterprise has a QoS-enabled WAN but with sufficient bandwidth for only a small amount of VoIP traffic. The company's business model may be such that most employees speak to customers and vendors in the PSTN, and the branch manager is the only person with a frequent need to call headquarters (using intersite VoIP). This network follows the same structure as that shown in Figure 2-6, but it is likely somewhat simpler, and the branch WAN access speeds tend to be lower.

• The enterprise does not have a QoS-enabled WAN and does not want to invest in enabling it at the current time. However, it does want to start migrating toward IP telephony. In this situation, voice traffic between the sites continues to use the PSTN. The network architecture of these sites is very similar to that discussed in the "Standalone Office" section and shown earlier in Figure 2-4.

The following types of enterprises tend to find a hybrid model attractive:

• Larger banks and financial service institutions

• Large insurance companies

• National or multinational operations with a large number of individual locations and a strong central presence in one of their locations

Figure 2-7 shows what such an enterprise's branch office network might look like.

There is significant similarity between the detailed layout of this branch office and that of the smaller multisite enterprise with Cisco IPC Express at all locations. The new or additional considerations are as follows:

• WAN connectivity A muscular WAN backbone exists because of the interconnection of a large number of sites. The complexity of the large WAN likely makes it cost-effective to be managed by a SP or outsourced to a management company that makes this its core business. If the business owns and manages its own WAN network (and gets only transport services from a SP), a sophisticated and dedicated IT organization resides within the enterprise. However, as with the earlier models in this discussion, IT expertise is only nominally present or completely absent in the branch office.

• PSTN connectivity Only the very smallest sites in this network may prefer key system (shared-line) operation. Employees of a large enterprise are much more likely to be accustomed to PBX-like operations and to have DID services from the CO. With a VoIP-enabled WAN backbone, it is also likely that long-distance calling is consolidated into large-scale PSTN voice gateways at the central locations where the volume of traffic can provide cost-effective traffic hands-off contracts with the long-distance carrier service provider. Local PSTN calling still uses the Cisco IPC Express trunks at each local site.

Applications

Voice mail is likely a necessity for the majority of the employees in a large enterprise. The decision to centralize or distribute voice mail services is very similar to the decision governing the provision of call processing services, but with additional considerations and caveats for specific products and feature requirements. For the hybrid enterprise, providing call processing and voice mail services under the same model often makes sense. In other words, Cisco IPC Express sites use local (distributed) voice mail, and the larger locations with central call processing also provide centralized voice mail services. However, the following converse deployment models are also valid:

• Centralized call control (Cisco CallManager) with distributed voice mail (Cisco Unity Express)

• Distributed call control (Cisco CallManager Express) with centralized voice mail (Cisco Unity)

With the larger-scale enterprise, customer contact also often takes on a more centralized character than the individual receptionist in each remote office. Customer service is likely to be provided with centralized AA and IVR systems co-located with the enterprise's data center(s) where the database information retrieved by the IVR system resides. Customers of the enterprise have toll-free access numbers to all customer service inquiries. The local branch office is relatively seldom contacted directly for routine customer service needs.

Management

As mentioned, the large enterprise has a sophisticated IT organization that manages the equipment and applications in the workplace. This is supplemented to varying degrees by outsourcing or a SP that provides additional management of aspects of the network's infrastructure and transport.

Security

Security measures are likely to be managed along with general network issues. Branch offices do not have local Internet connectivity. Sophisticated VPN servers in the central locations provide enterprise VPN connectivity to locations on the Internet, such as from employees' homes .

This type of large enterprise also has one or more data centers where the information and servers essential to the company's business are maintained and protected with sophisticated security services. Dedicated appliances such as firewalls, intrusion detection, virus detection, and client NAC services are most likely centralized services. E-mail, web servers, order entry applications, and other application servers reside in the data centers.

Service Provider Managed Multisite Network

The preceding sections made numerous references to aspects of standalone businesses or enterprise networks that are outsourced or provided by SPs. These SPs come in a wide variety of flavors. They may offer basic Internet access, web hosting, e-mail, telephony, long-distance voice services, or centrex for local services, or any combinations of these.

This section considers the SP's network used to offer these types of services. The major advantage that the SP brings to the small business is its robust network infrastructure and IT expertise. The small standalone business does not have the resources or the desire to manage the increasingly sophisticated technology necessary to operate in a competitive manner. The following two SP models alluded to throughout this chapter work for these companies:

• Value-Added Reseller (VAR) or Systems Integrator (SI) The reseller provides equipment and system recommendations as well as technical expertise. The end customer buys and owns the equipment (that is, a capital expenditure model for the end- user business), and the VAR/SI installs and maintains the system. The end customer can make small changes in operation or configuration using the web-based GUI interfaces accessible to the nontechnical user, but the VAR/SI handles any major changes or upgrades.

• Managed services In this model, the SP owns and manages the equipment (even if some of it is physically present at the customer premises). It also offers voice and data hosted services to the customer for a recurring monthly or annual contract charge (that is, an operational expense model for the end-user business). The SP may offer only on-net traffic services between sites belonging to the same customer. It may also offer long-distance VoIP minutes for IP-based PSTN calling between this customer and other customers or PSTN locations.

The VAR/SI model of service provision results in a network topology that is exactly the same as the standalone business and enterprise network models discussed earlier. The only difference is in who makes changes to the equipment's configuration.

The managed services model, on the other hand, results in a slightly different network architecture. The SP owns and manages a network of sites that share the same infrastructure but have to be separated into different customers' networks with appropriate security measures between them. Figure 2-8 shows the high-level architecture of this kind of network.

The detailed network layout within the individual branches or sites is the same as the other models discussed earlier. Differences with a managed services network lie in the following areas:

• Management of the customer's equipment Although CPE equipment is present at the customer site, everything is managed centrally . The end-user business usually has no access to any management interface of the equipment.

• Network management The SP has a sophisticated network operations center (NOC) where the backbone network is continuously monitored and adjusted if problems occur. Service-level agreements (SLAs), which are contractual agreements about traffic and service, are also monitored and measured on an ongoing basis.

• Hosted services The SP may provide integrated applications services, such as e-mail or web services, to the end-user business. It may also provide voice services such as calling between sites and off-net PSTN hop-off (or points of presence [POPs]) services at the PSTN location nearest to the call's destination.

Cisco IPC Express is a good model for SP-managed services, because it provides an individual call processing component for each site or small business (part of the CPE). Therefore, it automatically provides separation between different customers or tenants on the network. Cisco CallManager and Cisco Unity, being centralized architectures primarily designed for a large number of users belonging to the same enterprise, may not offer the multitenant features required by many SPs to provide the demarcation between customers and provide dial plan and security barriers between one customer's traffic and the next.