In-Stat
September 2004

Download the PDF

Currently, there are numerous multi-service devices on the market providing varied feature sets. Some are focused on data communication, while others are optimized for voice applications. Yet, nearly every small business has the need for both voice and data communications. With rapidly declining broadband access rates and the migration to packet voice, the integration of voice and data is rapidly dominating the small business market. Rather than deploying multiple devices, small businesses are seeking an "All-In-One" solution that offer a set of integrated voice, data, and security functionality within a single, easily managed device. It is this common feature set that defines the Business Gateway.

The Business Gateway feature set will include:

• IP Routing
• LAN Switch/Ports
• Analog/Packet Voice Telephony
• Firewall Security/VPN
• Robust System Management
• Multiple types of WAN Interfaces
• WLAN compatibility

Stand-alone, special purpose, appliances will continue to be deployed in large enterprises. In addition to offering large capacity, enterprise IT departments often prefer to manage their security, IP routing, switching, and voice communications separately.

Low-priced, fixed-configuration gateways will dominate the residential, and SOHO business markets. These desk top devices will also meet the needs of very small businesses, typically with 1-19 employees. The residential and SOHO gateways will continue to be optimized for specific applications such as security, data networking, or voice communications.

In contrast, the Business Gateway will be targeted at small business and mid-range enterprise customers with 20-999 employees. It will be most applicable to mid-market enterprises operating numerous branch offices, rather than large centralized sites. Rather than optimized for a specific function, the Business Gateway will be designed to serve data networking, security, and voice communications, simultaneously.

A standardized, modular, hardware architecture will permit customization, as well as accommodation for growth. Modular system costs are declining, providing the necessary balance between product flexibility and price for the small enterprises and the higher-end of the small business market. While overall system price is important to small businesses, high availability, scalability, and performance are also required.

Cisco's newly announced 3800 series integrated services routers are products that closely match the definition of a Business Gateway. In fact, the Business Gateway, as envisioned by In-Stat/MDR, may be viewed as the industry's response to Cisco's progressive architecture. The Business Gateway offers a means for companies to develop competitive products, using standardize form factors and "best in class" technology from specialized strategic partners.

Cisco's integrated services routers are flexible devices that can be easily optimized for special functions such as security or data communications. However, form factor limitations may restrict businesses seeking a truly "office-in a-box" gateway device. Business Gateway models would be designed and configured to support voice, data, and security solutions at varying capacity levels.

NetDevices (NetD), is a start-up company developing next-generation, multi-service devices for enterprise applications. Like the Business Gateway, NetD's products will be designed and optimized for multi-service, high availability operation.

Product Requirements

System Architecture

The Business Gateway system architecture will be based on standardized CompactPCI, AdvancedTCA, or a future CompactTCA hybrid specification. Each of these hardware specifications allows for varying form factors including both traditional 12U and 9U height systems with vertical card slots, and 5U horizontal configurations. Smaller models may support a wall-mount option. Some manufacturers may opt to use a proprietary hardware architecture. Cost will be an overriding factor in determining the overall hardware design.

The selected hardware architecture must be scalable to support varying capacities and configurations. The system should offer high availability with redundant common control, and hot-swappable cards. Ideally, both -48VDC and AC redundant power options will be available (though not necessarily on all models). The system will be designed with front panel connectors, and may accommodate rear transition modules. Figures 3 and 4 provide examples of alternative system designs.

Onboard TDM interfaces and DSPs will allow use of a standards-based dual-Ethernet backplane. The operating system will be either Linux or VxWorks.

WAN I/O Module

The Business Gateway will support:

• 4 WAN ports per card
• 1 or 2 WAN cards per system depending on chassis type
• Channelized T1/E1, xDSL, ISDN PRI, FR, ATM, or Ethernet interfaces

Networking I/O Module

Networking features will include:

• Integrated Layer 2 routing, supporting dynamic RIP1, RIP2, and static routing.
• 10/100 BaseT, Gigabit Ethernet ports
• NAT translation, DHCP, DNS
• Integrated Layer 3 Ethernet LAN switch
• V.35 data port
• VLAN tagging
• Integrated CSU/DSU

Security Modules

Most firewall appliances offer multiple security functions operating in independent silos. The Business Gateway will have advanced security functions operating as an integrated system. This will improve performance, simplify network management, and help reduce the security risk of software design gaps.

The system will have a core set of firewall features residing on system boards. Advanced intrusion detection and protection, as well as application proxy filters may reside on a separate module board for customized configurations.

VPNs will be supported in incremental numbers. Ideally, both IPSec and SSL VPNs will be accommodated. A separate VPN module with embedded hardware accelerator will provide configuration flexibility.

Security features will include:

• Stateful inspection firewall
• Web/Spam content filter
• Anti-Virus filter
• Application proxy filter
• Intrusion Detection and Protection
• Firewall throughput: 500 Mbps or greater

Voice Gateway I/O Modules

The Business Gateway will perform the packet-to-TDM inter-working function. The gateway will support all standard protocols including SS7, Q.931, TCP/IP, UDP, H.323, MGCP, and SIP. TDM and packet voice interfaces may be supported on separate modules.

Equipment suppliers may choose to integrate IP call manager software to optimize the Business Gateway for single location SMB voice applications. Other developers may choose to have external call managers for enterprises requiring centralized call management. A voice messaging service module may be offered in conjunction with IP call manager software.

Voice communications features will include:

• FXS, FXO, DSX, ISDN BRI voice interface module
• G.729, G.729A, or G.723.1 voice compression
• Echo cancellation
• Fax Relay for VoIP networks

Wireless I/O Module

Wireless LANs may be used for both data and voice communications. WLAN access point (AP) connections will be employed both as an alternative to wired connections, and for LAN access by visiting personnel.

The WLAN module (in conjunction with a voice gateway module) will support Voice over WLAN, where small businesses are operating an IP PBX, converged PBX with IP line cards, or subscribing to a VoIP hosted service such as IP Centrex.

Compatibility with the converged WLAN/WAN environment will be required. In this application, dual-network handsets will be used to access either cellular, or WLAN-based corporate networks. When in the office, the handset will recognize the presence of the WLAN and permit VoIP calling via the corporate LAN. Outside the office, the handset will operate as a standard cellular network device. There are many open issues regarding dual-network handsets including standards, service provider adoption, and end-customer value proposition. For this reason, support of dual-network handsets will be a future requirement.

The WLAN features will include:

• WLAN 802.11g/b/i standards
• WLAN security
  • Temporal Key Integrity Protocol (TKIP) or other authentication security.
• VoWLAN handset standards (when completed)

Traffic Management

Business Gateway traffic management will apply intelligent traffic policies to specific applications. Application-layer inspection data will be used to classify traffic and apply pre-defined traffic management rules.

Traffic management features will include:

• Load balancing
• Traffic shaping
• Low-latency queuing (VoIP)
• IP multi-casting

System Management

System management will permit access to both system-level and module-level data. System-level management will provide an overall view of the system configuration, hardware inventory details, alarm status, and performance monitors. Individual modules may be accessed individually to manage specific functions such as security policy rules, or VPN set-up. Industry-standard, north bound NMS interfaces will be employed.

System management features will include:

• Web-based GUI, with system and module-level views
• Fault Management
  • Event logs
  • Alarm Notification
  • Status Indication
• Configuration Management
  • Graphical display of system/module configuration
  • System set-up wizards
  • VPN set-up wizard
  • Remote software/firmware upgrades
• Performance Management x
  • Performance parameters
  • Standard and custom reports
• Network Management System Interfaces
  • SNMP
  • Telnet, CLI, SSH or SSL
  • TL1 (to be evaluated)

Target Price and Buying Criteria

The Business Gateway will be offered in varying models, capacities, and configurations. Base systems of varying capacities will consist of a system chassis, dual controllers, dual power, WAN interface, IP router, and/or Ethernet switch, firewall security, and system management. The target manufacturer suggested retail price (MSRP) for base systems will range from $5,000 to $15,000. Low-end models will have average selling prices (ASPs) in the $7,500 range, while fully configured high-end models may be priced over $20,000.

The end customer purchasing decision will be driven by technology, services and price. Most mid-range enterprises and small businesses already own the data networking equipment needed for their specific applications. While growth and obsolescence will generate replacement purchases, customers will be most attracted to the Business Gateway when seeking to combine data networking with security and packet voice solutions.

Most small businesses do not currently have robust firewall security. As virtual private networking, extranet and ecommerce applications move down-market, small businesses will require a higher level of security than they possess today.

Integrated voice and data services will also drive Business Gateway sales. The migration to packet voice will open up many new options for small businesses ranging from VoWLAN to IP Centrex and IP PBX solutions. While the market timing of consumer VoIP services is uncertain, the migration to packet voice in business markets is happening today.

Potential Business Gateway Suppliers

In-Stat/MDR envisions several groups of equipment suppliers having interest in the Business Gateway. One group is the large data communications equipment vendors such as IBM, HP, Dell, Sun, Cisco, and possibly Juniper Networks. These companies have well-established brands, with strong distribution channels. Except for Cisco, these companies would probably license technology from leading companies in the security, networking, and voice industries. Most likely, this group will private label all third party technology to promote their own brand identity.

Another group of potential Business Gateway suppliers is the global telecom equipment suppliers such as Lucent, Nortel, Siemens, Fujitsu, NEC, and possibly Adtran, or Tellabs. Over the years, many of these companies have evolved from proprietary manufacturers to providers of multi-vendor turn key solutions. They have well-established corporate brands, and third-party partnership programs. This group will also need to acquire technology from leading companies. Unlike the data group, they may use their partner's brand for marketing purposes, similar to what Nortel does today with marketing Check Point as its security technology partner. This group will be strongest in its global Network Service Provider (NSP) distribution channels, as well as in some foreign data communications markets.

Network service providers may prove to be an important distribution channel for the Business Gateway. In addition to selling integrated voice and data services, NSPs will look to the small business markets for new revenue streams such as network-based managed security services and IP Centrex. Carriers will be able to offer small businesses varying bundles of packet voice and data communications services, dedicated Internet access, and managed network security via the Business Gateway.

The Business Gateway may also be very attractive to global managed-services carriers such as Equant and Infonet. These carriers currently provide managed data communication to enterprises worldwide, and are increasingly adding packet voice to their service offerings. In addition, these carriers are looking to expand into smaller regional enterprises, and even to SMB markets.

A third group of potential Business Gateway suppliers are small business equipment vendors such as NetGear, D-Link, and other OEMs. These companies sell primarily on price. Focusing on the low-end of the Business Gateway market, these vendors will combine commercially available software with standardized hardware designs to develop their "all-in-one" devices. A small, modular Business Gateway would complement their fixed-configuration product lines. This group will capitalize on their established retail and on-line distribution channels.

Impact to Specialized Equipment Vendors

If the Business Gateway product segment develops as In-Stat/MDR theorizes, it will have a significant impact on many equipment suppliers. Corporate strategies may need to be revamped; product and marketing plans revised. Here are some of the options equipment vendors will have:

Firewall/VPN appliance suppliers - The high-end enterprise market will continue to be open to stand-alone security appliances. However, mainstream data networking companies such as Cisco and Juniper are increasingly dominating this sector. Branch office enterprise and SMB markets will migrate to secure multi-service products such as the Business Gateway. To address the Business Gateway market, pure-play security appliance vendors will need to partner with one or more gateway vendors, supplying either software or complete security service module designs.

Networking equipment suppliers - The Ethernet switching and access router markets will increasingly migrate to secure networking devices. Equipment suppliers, at minimum, will need to integrate firewall security into their product lines. The enterprise market for secure networking devices will continue to grow, while the Business Gateway will reduce the available market for specialized data networking devices in the SMB and branch office sectors. Secure networking devices represent a good foundation for developing a Business Gateway product line. Networking companies will need to combine indigenous and external technology to offer the full breadth of Business Gateway functions. Wireless LAN technology will be increasingly important to all networking market segments.

IAD equipment suppliers - Modular, packet IADs will be cannibalized by the Business Gateway. Low-end, fixed-configuration IADs will grow in popularity, as CLECs continue to target 6-15-line small business customers. Most IAD equipment vendors will be relegated to this low-end market. Cisco, Adtran, and possibly Siemens will participate in both the low-end IAD and Business Gateway markets.

VoIP Gateway suppliers - The consumer and SOHO markets will continue to be the primary market for VoIP gateways. They will be fixed-configuration, multi-service devices, optimized for packet voice applications. The market for high-end voice gateways will grow as IP PBX solutions gain popularity. The "office-in-a-box" Business Gateway will be preferred in small office applications, whereas specialized media gateway products will be used in large office solutions.

Factors Impacting Market Development

As previously stated, migration to the next-generation Business Gateway will be driven by the need for small businesses and branch offices to implement firewall security and packet voice communications. Since firewall security can be added through use of secure routers and switches, it is the migration to integrated packet voice and data that will be the predominant market driver. Listed below are factors that In-Stat/MDR believes will be key to the development of the Business Gateway market.

• Cisco currently controls 90% of the branch office router market. This may prove to be a significant barrier to entry for Business Gateway suppliers targeting the enterprise branch office market. If enterprises prefer to serve branch office voice communication using centralized, corporate IP PBX systems, there will be less need to accommodate local voice systems.
• Does the cost of an "office-in-a-box" solution match SMB and branch office market price points? Potential Business Gateway suppliers will need to investigate this issue very carefully. SMB markets are more price sensitive than branch office enterprise markets. Industry standard software and hardware designs, along with volume production will lower unit costs.
• To what extent will packet voice communications be regulated? The migration to packet voice will be deeply affected by upcoming regulatory decisions. If packet voice is lightly regulated, the RBOCs will aggressively deploy VoIP services as a means to avoiding existing PSTN regulations and offering competitive market prices. Integrated packet voice and data, targeted at SMB and enterprises with branch offices will be their initial thrust. This will bode well for the Business Gateway market. Heavy packet voice regulation will delay VoIP implementation and significantly reduce the Business Gateway market opportunity.
• Does the "office-in-a-box" concept resonate in the SMB and branch office markets? Market research will identify if the Business Gateway architecture is favored over separate voice and data systems. Research may also be useful in identifying vertical industry applications and system bundles with pre-configured functionality that can help lower costs.

NetDevices is a privately-held start-up company based in Sunnyvale, CA. The company is developing a line of next-generation, multi-service edge networking products for enterprises and network service providers.