|
The Secure Home Office enables enterprises to allow workers with home offices, and workers to plan work from home, secure, safe, and affordable access to the corporate IT infrastructure. A Secure Home Office manages all devices in the home office network including voice (VoIP) devices. All traffic to/from the outside world (Internet) passes through the managed gateway device. Traffic to/from the corporate network is forced into a Virtual Private Network (VPN) that provides secure encryption over the entire path from the home office to the corporate location.
In a Secure Home Network the corporate IT department controls the managed gateway devices, a well defined, clearly structured and efficient task. The previous approach of trying to secure each computer, contending with multiple operating systems, different patch levels, application conflicts is a problem that can be forgotten.
Gateway devices are remotely controlled and always available - no more scheduling problems. Most changes have immediate effect with no impact on the end user. Changes that impact the end user (such as updates to remote gateway software) are usually scheduled for automatic action in a quiet time (middle of the night). Virtually all aspects of the Home Network behavior can be controlled remotely, who is allowed access; hours of access for each user; firewall setting; defining appropriate Internet use.
Deploying a network of Secure Home Offices involves four elements:
Access to Corporate Data Network
Home Networks access the corporate data network through a VPN router. Routers of this type are readily available from the major vendors of networking equipment. Most corporate networks are currintly using this type of device.
Data Service to Home Locations
Data service to the home location can be any provided by any of the broadband technologies, DSL, cable, metro wireless, satellite. The gateway device used in the Secure Home Office incorporates a DSL modem but also supports an external modem for non-DSL services.
Gateway Devices
- Usually installed by the end-user.
- Size, approx. 8"w x 6"d x 1.5"h.
- Internal ADSL modem.
- Ethernet port on WAN side for non-DSL deployments.
- Four (4) LAN side Ethernet ports (3 for non-DSL deployments).
- IEEE 802.11b/g wireless LAN with WEP encryption enforced.
Secure Home Office gateways are manged through an e-Services Management System. Such a system may be purchased and operated by the enterprise or gateways may be managed through a secure shared system service operated by gatespace.
Most VoIP services operate use the Session Initiation Protocol (SIP) and most VoIP phones operate with the same protocol. Unlike most Internet protocols, SIP relies on addresses contained in lower level protocols (TCP/IP). Consequently SIP traffic cannot traverse routers that perform Network Address Translation (NAT) without special treatment within the router. Most routers do not provide special treatment for SIP traffic, consequently most SIP devices are directly connected to the broadband service. From the corporate administrators perspective, this situation makes SIP devices unmanageable.
The Secure Home Office gateway provides special treatment for SIP traffic, allowing SIP devices to be configured within the home network and managed in the context of the network. Three types of SIP device are supported, stand alone SIP telephone, SIP Asynchronous Telephone Adapter(ATA), and SIP soft-phone. SIP devices are detected by the gateway and the firewalls are automatically configured.
|
