Home Linux IP Appliance Platform Linux IP Appliance Platform VoIP Security Linux IP Appliance Platform Contact Linux Appliance Platform


Linux IP Appliance

Best of Show Security and Encryption
Arlinx IP Platform wins top honor at the 2007 Internet Telephony Conference and Expo
Editor' Choice Best of Show Award.
(Best of the Best of Show)



SIPhonix®
Secure IP Telephony Platform

With Strong Authentication and Accelerated Encryption
And Voice Optimized Turbo Media Processor

Uses 98% Less Electricity (6 Watts vs. 300 Watts)
RoHS Compliant, No Battery, Long Life Cycle, Recyclable, Environmentally Benign Manufacturing,
Best Performance per Watt in the Industry


Platform Reliability
Commercial Grade PC vs. Carrier Grade IP Platform
Astricon 2007
Astricon 2007 relibility presentation
-click logo-

SIPhonix gives Telephony integrators, resellers, and developers an energy efficient, ultra secure, voice optimized platform to deploy IP-PBX and Telephony software with ultimate security, certified authentication, accelerated encryption, 20 year reliability, great price performance ratio, and amazing performance per watt. Executes over 1.3 Billion Instructions per Second at 6 Watts.

An IP-PBX must run reliably 24 hours a day and have 2 - 5 hours of quality battery backup capacity. Battery backup can easily double the cost of a 300 Watt IP-PBX.

Some of these unique features include:

  • Ultra-Secure with Certified Authentication
  • Hardware Encryption Accelerator (IPsec, SSL, TLS, SRTP, etc.)
  • Security Hardened Linux Kernel
  • Voice Optimized Turbo Media Processor
  • IP Optimized System on a Chip with IBM's Power Architecture
  • Dual Flash Drives for reliability and error free remote upgrades
  • Amazing Performance to Watts Ratio
  • Dual GigE Ports with both fiber optic and copper connectors
  • Standard Dual Power Supplies
  • Mini-ITX form factor in 1U chassis
  • Two Full Length PCI slots

Technical Documentation

SIP, Session Initiation Protocol, Technical Documents
TLS Protocol ITEF RFC2246
RTP Protocol ITEF RFC3550
SRTP Protocol ITEF RFC3711
SIPconnect Interoperability Technical Recommendation

Product Description

Arlinx specializes in open and energy efficient (6 Watt) application specific Linux platforms as an alternative to a 500 Watt x86 machine. By providing an application specific platform we can provide integrators with a very efficient VoIP Platform. We use IBM's IP optimized Power Architecture System on a Chip (SoC) that has an on chip IPSec/SSL hardware accelerator and we have an on board crypto security storage module and micro-controller certified by MC/Visa, EuroPay, and HBCI. SafeNet, Inc. claims the integrated crypto accelerator can sustain 600 Mbs Encryption/Decryption throughput with their IPSec/SSL stack.

Encryption and decryption is much more secure than adding crypto storage to an x86 machine. All communications between the module and the processor are encrypted. Encryption/Decryption is done within the 16KB SRAM within the SoC processor. The encryption process is never exposed to the outside world. With an x86 solution an In-Circuit-Emulator or Logic Analyzer can be connected to the circuitry to monitor and reverse engineer the encryption process.

The crypto storage is used to store subscriber ID, authentication certificates, encryption keys, and OEM authorization codes. Max crypto storage today is 1GB and is expected to reach 4 GB this year with internal EEPROM, NOR Flash, or NAND Flash.

Our platform motherboard is a mini-ITX form factor (6.7"x6.7") and is powered by a single 5VDC source requiring only 6 Watts of power. Our 1U chassis has dual 5VDC power supplies and will accommodate 2 full length PCI cards. The on board DC-DC converters operate with an efficiency of 90-95%. The energy efficiency produces little heat increasing system reliability and greatly increasing product life cycle with a MTBF exceeding 20 years. No fans or moving parts for silent and maintenance free operation.

Our Remote Management features the ability to reliably upgrade the Operating System without error even in the event of power or communications failures. The platform contains no proprietary hardware or software with open source and open hardware APIs and SDKs. This open environment allows seamless integration with maintenance procedures and policies of other network devices and IP servers and systems.

The Power Architecture SoC has 2 integrated GigE controllers, integrated 64 bit DDR2 controller with ECC supporting 1GB on board low voltage DDR2 RAM at a data rate of 333 Mhz, integrated NOR flash controller supporting up to 512MB on board NOR Flash, and on board controller for CompactFlash in place of a hard drive greatly reducing access time and increasing throughput while increasing reliability and energy efficiency. An excellent alternate storage option is Network Attached Storage. With two GigE ports and the Ethernet controllers being integrated into the IP Optimized SoC, data transfer can rates exceed any Hard Drive option.

The board will boot from the NOR flash requiring less than 8MB for U-Boot and Kbuntu embedded Linux, leaving plenty of storage for web server, application software, and data in addition to the CompactFlash.

Our platform supports the 2 GigE ports with 2 fiber-optic and 2 copper connectors, the customer chooses which 2 of the 4 connectors to use. For expansion there is a PCI expansion connector, (5) 4 High Speed (480 Mbs) USB 2.0 ports, a local bus expansion connector for customized applications.

More government agencies and enterprises are implementing formal green technology policies that require energy efficient computing devices and make energy efficiency a major criteria in the procurement process. These green policies will favor products built on the Arlinx platform helping integrators and resellers win more bids without reducing profit margins. With longer product life cycle, reduced maintenance cost, high reliability that reduces the need for redundancy and over provisioning, and with a 90-95% reduction in energy costs the Arlinx platform can demonstrate an incredible ROI. Our platform can save over $12,000 over 5 years just in savings from electricity, air conditioning, and battery backup. Further cost savings and be realized from not having to use expensive cooled server cabinets.

Voice Optimized

The Arlinx SIPhonixTM PBX Platform is a voice optimized version of the technologically advanced Arlinx IP Elite Platform. SIPhonix has all the sophisticated features of the IP Elite Platform. For more on the IP Elite Platform click "Products" button above.

Unsurpassed Security Features

SIPhonix has security features not found in alternate VoIP appliances. A secure VoIP system requires encryption and secure storage of cryptographic keys and authentication certificates.

Cryptographic Storage

SIPhonix has a secure cryptographic module for certified secure storage of encryption keys, authentication certificates, and OEM license codes. This cryptographic storage module is certified and meets the guidelines for secure VoIP system deployment as recommended by U.S. National Security Agency (NSA), U.S. Dept. of Commerce National Institute of Standards and Technology (NIST), and other VoIP security experts.

Encryption Accelerator

The SIPhonix hardware encryption accelerator reduces the Linux CPU load for encryption and decryption of the voice packets, the call signalling, and network access. Because VoIP phone calls are carried over accessible data networks they are subjected to security risks that include eavesdropping, espionage, unauthorized use, 900 number pay calls, spoofing, hi-jacking, malicious attacks (flooding, call killers, fuzzing), redirection, number harvesting, call pattern tracking, voice phishing, identity theft, and voicemail spam. The NSA and NIST guidelines both recommend encryption of both the voice packets and call signalling for even a minimal level of security.

Strong Authentication

Strong authentication and authorization is recommended for IP phones, the IP-PBX server, proxy servers, gateways, network access, network switches, management consoles, database access, inter-office VPN's, and your Internet Telephony Service Provider. All which communicate with the IP-PBX. Every system component that may require software updates, the update code should be authenticated. Authentication requires the use of encryption and cryptographic storage of the authentication certificate and encryption keys. The SIPhonix Platform excels in authentication, encryption, and cryptographic storage. These are security features not found on the other PBX appliance alternatives.

Voice Optimized Turbo Media Processor

SIPhonix performance is propelled by the voice optimized IP Elite Turbo Media Processor. The SIPhonix version of the media processor is optimized for processing of audio and voice. The Voice Turbo Media Processor is ideal for computationally intensive tasks such as low bit rate codecs, wideband codecs, voice prompts, compressed voice recording, DTMF detection, and Voice Detection. These tasks are run on the Turbo Media Processor there is zero impact on the SoC CPU performance.

Secure VoIP Deployment Reference Materials

Refer to the VoIP Security page for VoIP security vulnerabilities, deployment guidelines, reference books, and links for detailed information on Authorization, Authentication, Encryption, and secure VoIP deployment.

VoIP Open Source

  • vpbx, a Virtual PBX system integrating Asterisk & ASTARA API with Erlang Softswitch & a Voice Call Continuance server for secure scalable VPBX services for UMA,GSM & SS7 on Linux 2.6.18+.
  • Asterisk, a VoIP PBX
  • SIPx, a VoIP PBX
  • OpenPBX a VoIP PBX
  • FreeSWITCH a VoIP PBX
  • AstLinux, a Linux distribution centered around Asterisk
  • Trixbox a Linux distribution centered around Asterisk
  • AsteriskNOW, a Linux distribution centered around Asterisk
  • OpenH323, tools for developing H.323 servers and endpoints, gateway server, conference bridge server, softphone
  • Bayonne a telephony application server, IVR, PBX
  • YATE a telephony engine, VoIP server, VoIP client, VoIP to PSTN gateway, H.323 gatekeeper, H.323 multiple endpoint server, H.323<->SIP Proxy, SIP session border controller, SIP router, SIP registration server, IAX server and/or client, IP Telephony server and/or client, IVR engine, Prepaid and/or postpaid cards system
  • SIP Express Router (SER), SIP registrar, proxy or redirect server
  • OpenSER a SIP proxy server, SIP registrar server, SIP location server, SIP application server, SIP dispatcher server
  • OpenSBC Session Border Controller, SIP Proxy server, SIP Registrar server
  • OpenSIPStack Library, a fully compliant interface to the SIP protocol with scalability
  • Mobicents, SLEE SIP Application Server, NGIN convergence of voice, video and data
  • Siproxd, a proxy/masquerading daemon for SIP
  • Scalable SIP server, VoIP SIP registrar/proxy/router/application server, TLS secure communication, AAA, ENUM, LCR, load balancing, NAT traversal, OSP, CPL, SNMP, IM&Presence, DNS failover
  • AstShape, Routing, filtering and traffic shaping, for monitoring and maintaining QoS
  • myshaper, predecessor to AstShape
  • Wonder Shaper, predecessor to myshaper
  • AMP a web-based administrative interface to Asterisk
  • 1VideoConverence, a audio-video conference call software for Asterisk with support for Web, phone, MSN, Skype, Yahoo, and Jabber clients.
  • SoX, a command line utility that can convert various formats of audio files in to other formats. Can be used to create voicemail prompts and record VoIP calls.
  • Festival, speech synthesis, make an IP-PBX talk.
  • SpanDSP, media processing library for DTMF detection, transmit and receive faxes.
  • SIP Proxy VoIP Security Test Tool, eavesdrop and manipulate SIP traffic, predefined security test cases can be executed to find weak spots in VoIP devices. Security analysts can add and execute custom test cases
  • SIPp, a test tool and traffic generator for SIP
  • sipsak, command line tool used for some simple tests on SIP applications and devices
  • PROTOS Test-Suite: c07-sip, a SIP test-suite
  • PJSIP, a SIP stack
  • Open SIP Stack, a SIP stack
  • oSIP, a SIP stack