General information about Mitel Advanced Intelligent Network (AIN)

IP and SIP phones

Mitel SIP phones and IP system phones are fully integrated into AIN. They are controlled directly by the Master, independently of the location at which they are operated.

If a node is isolated from the Master by an interruption in the IP connection, it continues to operate in offline operating mode "Satellite in Offline Mode" with its own local configuration until contact with the Master is restored.

Resource-saving voice transmission

You can choose whether voice will be transmitted directly between two endpoints in the AIN (Direct switching) or via the Master (Indirect switching) (Setting ( Relay RTP data via communication server ). Direct switching (default setting) needs less resources, while indirect-switching is the potent method for systems with more demanding network configuration requirements. The signalling is always via the Master for both methods.

Bandwidth management

An ingenious bandwidth control prevents poor connection quality due to lack of bandwidth on the IP network.

Encrypting and deploying VPNs

Optional encryption of call and signalling data provides protection against any tapping and/or tampering of IP phone calls. The encryption methods used guarantee a high level of data protection, authenticity, integrity and protection against replay attacks throughout the network.

When you encrypt voice data in the AIN, it is encrypted within the LAN but not necessarily on WAN links. If a connection runs for example to a remote IP system phone via various internet providers, the voice data on the internet is not automatically encrypted. To encrypt the entire link you also need to set up a VPN (Virtual Private Network) for WAN links.

A VPN provides a secure passage through the internet from one point to the next (e.g. from the Master to the IP system phone or to the satellite) and is therefore particularly well suited for WAN links over the internet. The IP packets to be transmitted are encoded and re-packaged in IP packets (tunnelling). The most frequently used VPN protocols are IPsec and SSL.

A simple VPN links only two terminals or sites with each other. The internet provider's VPN services can be used to link several terminals or sites together via VPN. If using VPN in the AIN we recommend that whenever possible you work with a single internet provider who supports VPN routing and is able to cover all the locations. On the one hand this saves bandwidth resources and on the other it simplies the routing configuration.

TCP/IP Ports and Firewall

Firewalls used within the  AIN  must be configured for  AIN operation. This includes opening the relevant ports and the VPN configuration.

With VPN connections the following ports must be opened on a firewall:

• If a VPN connection terminates at the firewall itself, no port needs to be opened.

• If a VPN connection terminates behind the firewall, e.g. directly at the terminal, port 3389 needs to be opened at the firewall (VPN pass through).

• If a VPN connection terminates in front of the firewall, e.g. at a different firewall, the ports used by the AIN components need to be opened.

• If all the WAN links in the AIN are VPN connections throughout and if they do not terminate at the firewalls themselves, port3389 only needs to be opened in the firewalls of the WAN links.

• If the WAN links are only partly or not at all designed as VPN connections or if firewalls are also used within the LAN, the ports used by the AIN components must be opened. A list with the used ports is published by Support and continually updated. The list can be accessed on the internet under FAQ entry 1049 (registration required).

Restricted functions in the AIN

The AIN essentially provides the same features as a single system. Only a few functions are either not available or available only with restrictions: