White PaperCloud Contact CenterSoftwareDepend on theFive9 CloudMoving on premises solutions to the cloud is compelling for a numberof reasons but there are still some areas of potential risk aroundpicking the right vendor. This white paper is designed to help youassess and evaluate the Five9 cloud solutions as viable replacementsfor on premises contact center infrastructure. It was written toprovide an understanding of how Five9 software development andcompany processes meet the reliability, scalability, security, and qualityrequirements of your contact center.
Table of ContentsReliability, Availability and Uptime. 2Architecture. 2Network Redundancy. 2Carrier Redundancy. 2Voice Redundancy and Quality Control. 3Fault-tolerant Hardware Architecture. 3Geographic Redundancy. 3Network Operations – Dedicated to Uptime. 4Scalability and Service Availability. 4Modern Infrastructure. 4Microservices Approach. 4Security. 5Holistic Approach. 5Administrative, Physical, and Technical Safeguards. 5Defense-in-Depth Approach. 5Defense-in-Depth Architecture:. 5Five9 Staff. 5Continuous Improvement. 6What has Five9 Enhanced in its 2017 Summer Release?. 6Environmental Changes. 6Enhanced Testing Process TAG (Test Automation Group). 7Enhanced and Hardened Soft Switch. 7Global Voice. 7Five9 Voice PoPs. 8Five9 Depend on the Five9 Cloud1
Reliability, Availability and UptimeIn October of 2015 Five9 launched the Five9 trust site which publishes the last 12 months of reliability for theFive9 service. This transparency of availability is a proof point for customers and prospects that the availabilityof our service is a top priority for Five9.The Five9 Trust Site provides customers and prospective customers with the ability to see our average monthlysystem availability. Also available within the trust site are sections that cover Five9 security & privacy informationas well as voice and data network details.Additionally, customers who have Five9 login credentials can access the System Status page, which shows anyactive incidents currently affecting the platform. Five9 also provides self service capabilities, including the abilityfor customers to submit a trouble ticket online and receive updates electronically.ArchitectureNetwork RedundancyThe Five9 IP Network Infrastructure is built to support the most stringent requirements in terms of robustnessand security. Many of our customers must comply with data protection laws, regulations, and industry standardsin various jurisdictions throughout the world. As such, the Five9 platform offers world-class security featuresand resiliency.The Five9 IP topology consists of redundant Layer 3 switches, routers, and firewalls, as well as intrusion detectionand protection systems used by many of the top security experts worldwide. All hardware is redundant with loadsharing front-end and back-end switches, routers, and firewalls.Carrier RedundancyFive9 offers a robust voice services offering that includes redundancy with 3 carriers for 1-800 service, 4 for DID,18 carriers for domestic long distance, and 10 carriers for international, including inbound and outbound. Five9 is aToll Free RespOrg and offers 1-8XX, international Toll Free and Domestic and International DID services.Long distance partners include AT&T, Verizon, Level 3, BT, Telefonica, Windstream, Peerless, Intelepeer, Novatel, Iristel,Voxbone, Colt, XO, Orbitel, Apeiron, and Impact Telecom. Five9 uses primarily VoIP using SIP protocol but also offersTDM to meet certain requirements as needed.Most customers choose to have Five9 handle all telecom services, domestically and internationally, but weaccommodate requests from customers to utilize their own telephony services. This is done via SIP trunks eitherto the customer PBX or to the customer’s chosen telecom carrier.This environment of carriers allows for distribution of calls to carriers such that if one or many carriers are havingnetwork impairments, calls are routed to other, non-impacted providers offering the best quality calling platformin the industry.Neustar LNPDatabaseElementMangerBusiness CustomerRulesInfoRoutingPolicy MCRRateSheetsQualityMonitoringSBCAgentSBCFive9 VCCB-SideA-SideCarriersFive9 Depend on the Five9 CloudPSTN2
Voice Redundancy and Quality ControlThe Five9 telephony layer utilizes a best-of-breed telephony switching, routing, and security platform known as aSession Border Controller (SBC) for voice over IP calling traffic, as well as a multiple interexchange carrier routingprotocol that utilizes over a dozen Tier 1 domestic and global telephony providers to route telephone calls todestinations all over the world.Five9 deploys Sonus SBCs with a global routing database in all US locations and European data centers. SBCsare capable of handling all SIP and RTP sessions and perform not only a security purpose but also transcodingand other media handling functions.The feature set provides a high level of fault tolerance for outbound and inbound call traffic, allowing Five9 customersa dynamic layer of protection from any single carrier failure. Five9 utilizes performance metrics like Post Dial Delay,Answer Seizure Ratio, Jitter, Packet Loss, Latency Mean Opinion Score and R-Factor to rank the quality of each carrier.All media is anchored in the Five9 platform where audio can be mixed and calls enhanced.Fault-tolerant Hardware ArchitectureThe Five9 architecture is designed with fault tolerant principles in the early stages of the Five9 developmentlife cycle, through deployment, and into maintenance phases. Five9 deploys and operates technology in paireddatacenters without reliance on any one location. The network and telecommunications capabilities are consistentacross locations with the ability to move traffic between the paired sites seamlessly. Five9 implements fault toleranttelecom edge with many carriers for route redundancy, as well as multiple network providers with diverse paths ineach location.The switching and routing platform is a high-availability topology which has full redundancy capabilities within thesame geographic location, as well as automatic failover to devices in other Five9 data centers in other geographiclocations, making the platform highly available and geographically diverse.Geographic RedundancyThe Five9 US datacenters are located within the CoreSite facility in Santa Clara, California, within the QTS facilityin Atlanta, Georgia and in Terremark / NAP of the Americas in Miami, Florida (voice POP only, serving LATAM).The European datacenters are located within Equinix facilities in Slough, United Kingdom, and Amsterdam,Netherlands. In addition to being fault tolerant within each datacenter, datacenters are designed to be able topick up the traffic of their pair in the event of a massive outage. Customers can run primary in either of the paireddatacenters and utilize the other paired site as a failover location. The same infrastructure exists in each of thepaired sites with two way replication for seamless failover capability.Five9 provides capabilities that help our customers ensure continuity during natural disasters or other unforeseenevents that can potentially disrupt operations of an entire region. Customers can opt for Geographic Redundancy,ensuring that their operations transition between our geographically-distributed data center within minutes aftera catastrophic event. Five9 also backs up customer data to another facility to ensure against data loss in the eventof a natural disaster at a primary data center.North American and Europeangeography redundancy.Five9 Depend on the Five9 Cloud3
Network Operations – Dedicated to UptimeThe telephony platform is monitored at all times by the always-on Five9 Network Operations Center (NOC),which has locations in the US and Eurasia and is staffed by dedicated, Five9 employees.Scalability and Service AvailabilityFive9 sizes all aspects of its infrastructure to including hardware and bandwidth to allow a 20% increase in traffic.As that 20% buffer is used, we add capacity which means we are always adding capacity to the system. At nopoint do we allow the capacity to get over 50% of either the primary or secondary data center in either theNorth American theater or in EMEA. These two buffers in addition to ensuring fail over readiness in the eventof a disaster means that we have available capacity for our customer base should some or many companiesneed to add agent capacity quickly.Modern InfrastructureMicroservices ApproachThe use of microservices doesn’t automatically make for better software. Aside from the business capabilities of theapplication, it’s possible to use a microservice based architecture and still have an unstable architecture that isn’tresilient, doesn’t scale and can’t easily be updated. Having said that however there are some features of microservicesthat if taken advantage of, can lead to a solution that is more scalable, resilient, elastic, and more easily maintained.In 2015 with the Five9 Freedom release, Five9 started the migration of its architecture to microservices. At that timewe created microservices for the customer service media channels including Chat, Email, Voice and Social. We movedlanguages and Integration elements into their own microservices in addition to other components. Amongst otherbenefits this enabled us to launch the updated web based agent desktop.It also set the ground work for additional microservices work. In the 2017 summer release we created a new setof microservices to enable the Global Voice and Class 5 soft switch of that release. Both the converted code and thenet new code take advantage of microservices architecture to enable more scalable, resilient, and elastic service.Voice capabilities for example can scale both vertically and horizontally as needed based on customer use. As useof voice scales for example, new processes can be spun up. If use decreases unused processes are closed. This makesthe service more efficient because it doesn’t lockup processing or memory if its not needed.In addition, the benefits above, the modular nature of microservices, and specifically the well-defined REST APIsmeans that components are now easier to update and add. This is good for Five9 and our customers because itmakes us nimbler for technology advancements such as the Internet of Things, Artificial Intelligence, and other asyet unadopted innovations.Microservices ArchitectureMicroservices architecture helps the Five9service scale more efficiently and be moreresilient. The module structure makes addingfuture functionality easier, providing youwith new capabilities sooner as they becomeprevalent with your customers.Load BalancerScalableResilientUI & IntegrationApp ServicesStream astructureFive9 Depend on the Five9 CloudDatastoreDistributed CacheMessage BusNAS4
SecurityThe security and technology risk management experts at Five9 continuously assess the threat levels of theFive9 infrastructure to maximize the level of security integrity offered to our customers, providing them withthe level of service they expect and deserve.Holistic ApproachFive9’s holistic approach to security ensures multiple layers of security are present to detect and mitigate realor potential threats throughout the communication system: Web application and next-generation firewalls Intrusion prevention and detection systems Periodic internal and external vulnerability scanningRoutine firmware updates and testing to mitigate vulnerabilities. Updates to underlying software componentsas needed for identified security risks.Defense-in-Depth Architecture: Palo Alto Networks nextgeneration and Cisco statefulinspection firewalls and Sonussession border controllersAdministrative, Physical, and Technical SafeguardsFive9 has designed and implemented administrative, physical, and technical safeguards in accordance witha number of data protection laws, regulations, and standards including, but not limited to, the Health InsurancePortability and Accountability Act (HIPAA), Payment Card Industry Data Security Standard (PCI DSS),General Data Protection Regulation. Hewlett-Packard intrusionprevention/detection and FireEyeadvanced threat awareness andprotection systems Our administrative safeguards include an information security management process aligned withISO 27001/27002; full-time security personnel; and processes for information access management,workforce training and awareness, and ongoing evaluation of the control environment Internal and externalvulnerability scanning Our physical safeguards include facility access controls and workstation/device security measures Symantec anti-virus/anti-malware Gemalto (Safenet) two-factorauthentication and virtualprivate networking Customer data is encryptedin transit Call recordings can beencrypted at rest usingAES 256-bit encryptionFive9 has implemented Our technical safeguards include controls for role-based access, audit logs, data integrity, anddata transmission securityDefense-in-Depth ApproachThis defense-in-depth strategy provides layers of security from the edge of the Five9 network to the core tomitigate the risk of unauthorized access or use of systems that contain confidential customer or corporate data.Five9 has also implemented “least privilege, minimum-necessary” role-based access controls to restrict accessprivileges to systems containing confidential customer or corporate data only to those employees whose rolesrequire it.Five9 StaffFive9 Information Security is accountable for: Stateful inspection firewalls, Monitoring intrusion prevention and detection systems De-militarized zones (DMZs), Regularly performing information security assessments and vulnerability scans Intrusion prevention Taking appropriate actions to patch system vulnerabilities Detection systems (IPS/IDS), Promptly investigating and reporting security alerts and assessment findings to executive management Vulnerability scanning Escalating product enhancements and improvements to engineering based on discovered vulnerabilities Annual penetration testingThe work that this team performs is essential for continuous improvement of the Five9 environment and ensuresFive9 has timely visibility into security and privacy risks, issues, and incidents. File integrity monitoring (FIM) Anti-virus/anti-malware protection Two-factor authentication Virtual private networking (VPN)to defend against cyber exposuresFive9 Depend on the Five9 CloudFive9 also provides ongoing information security and privacy training to all workforce members to ensurea common understanding of applicable data protection laws and regulations, as well as how to watch forand report security risks and issues to executive management. This effort is designed to promote a cultureof compliance and reinforces the concepts of “Know it. Own it. Control it.” with respect to data protectionaccountability at all levels of the company.5
PHYSIC ALContinuous ImprovementFive9 annually engages an independent auditor to performa SOC 2 Type 2 attestation covering the Trust ServicesSecurity, Availability and Confidentiality Principles.Compliance Customer Proprietary Network Information (CPNI)NE T WORKPRE VENTGUARDPROTEC TMITIGATEDATA Health Insurance Portability and Accountability Act (HIPAA) Gramm-Leach-Bliley Act (GLBA) General Data Protection Regulation (GDPR)This spring and summerof 2017 Five9 released morethan 29 enhancements to closedown possible security issuesidentified through its securitysoftware, intrusion detectioncapabilities, third party securityauthorities and other sources.What Has Five9 Enhancedin its 2017 Summer Release?With every release of Five9 software we make improvements to the underlying platform that is used to providethe highly available Five9 solutions. In the 2017 summer release however we had a number of improvementscome together to form a substantial set of improvements that will benefit our existing and future customers.These platform enhancements fall into a number of areas. Availability and Reliability Scalability Security Openness and integrationEnvironmental ChangesIt may not surprise you to learn that Five9 service relies on other technology to function. From operating systemsto java environments, we use technology as foundation to build our service. When choosing technology we are carefulto balance new features against security and stability concerns. To that end, within our summer release we againupdated a number of aspects of the underlying technology infrastructure to take advantages of bug fixes, securityenhancements, and reliability improvements. We make incremental updates all the time with the service so thatwe can maintain a pliable platform for feature enhancements as new technology breakthroughs change consumerbuying and communication habits. Some of the areas we focus on for Security, flexibility for enhancement, andstability include: Operating Systems Java containers (Centos, JBoss, etc.) Browsers Java Versions Third party infrastructure products Shared Cache Databases Best of Breed Five9 contact center service elements Answering Machine Detection Text To Speech and Speech Recognition Speech Recognition Work Force OptimizationFor most third-party software elements, we evaluate release changes annually. In some cases based on specificrelease cycles or identified threats discovered we will update on an ad hoc basis.Because of the dependence between the Five9 service and browsers we have close relationships