Secure by design encompasses a secure deployment strategy that separates Unified Communications (UC) applications and servers from the enterprise production network. Since all SIP sessions flow through Session Manager, being the SIP routing element, it is able to protect the UC applications and servers from network, transport, and SIP Denial of Service (DoS) attacks, as well as protect against other malicious network attacks. For customers that deploy SIP trunks to SIP service providers, use Avaya Aura® Session Border Controller to provide an additional layer of security between the SIP service provider and Session Manager.

For Communication Manager, Avaya isolates assets such that each of the secure zones is not accessible from the enterprise or branch office zones. The zones are like dedicated networks for particular functions or services. They do not need to have access from or to any other zones because they only accommodate the data they are built for. This provides protection against attacks from within the enterprise and branch office zone.

Gateways with dedicated gatekeeper front-end interfaces (procr) inspect the traffic and protect the server zone from flooding attacks, malformed IP packets, and attempts to gain unauthorized administrative access of the server through the branch gateways. This architecture and framework can also flexibly enhance the virtual enterprise and integrate branch offices into the main corporate network. The security zone from the branch office can terminate at the central branch gateway interfaces, again protecting the heart of Communication Manager.