1. Virtually at home: High-performanceaccess to personal mediaAndreas Fasbender, Martin Gerdes, Johan Hjelm, Bo Kvarnstrm, Justus Petersson, Robert SkogYour media everywhere, anytime. This summarizes end-user expectationsan option for operators; the only workable when ever-wider broadband and ever-lower flat-rate tariffs combine withsolution is to manage the quality of service users thirst for digital content. (QoS) in the wide-area access and core net- The authors describe Ericssons end-to-end solution for remote accessworks, and all the way into the home net-work and end devices. services, which builds on the IMS and UPnP families of standards, along Most users are unwilling to buy a separate with the Home IMS Gateway (HIGA), which serves as an intermediary gate-box just to enable remote access. By the same way for connecting the device-centric consumer electronics space withtoken, separate boxes represent a significant the user-centric telecommunications world. The gateway approach leaves outlay to operators who would carry the bulk the consumer electronics and telecommunications business models unaf-of the costs and would need to further sub- fected, while at the same time creating synergies between the two. sidize users for making good use of invest-ments in broadband infrastructure. Consumer electronics companies prefer asolution that extends the DLNA standard Connecting users to theiralso want to access their content from remote outside the home via UPnP Remote Access.locations. A mobile phone with WiFi con-Notwithstanding, this approach falls short home networksnectivity can easily serve as a peer in a homein terms of usability and quality of service. TV sets, set-top boxes, game consoles, ste-network, but connecting to this network What is more, it does not permit users to ac- reos, cameras and other entertainment ap-remotely is an entirely different matter. Atcess their home services from an unknown pliances now routinely come with built-inpresent, to access the home island from out-peer to the home network, such as a friends communications capabilities that enableside, users must either choose a proprietary, PC or via a hotel TV (Box A). them to upload, download, and display data service-specific system or lower their securityEricssons target architecture for remote from other devices in the home. The Digi-and run the risk of making their home net-access combines the strengths of tal Living Network Alliance (DLNA), forworks vulnerable to external attacks. IMS (IP Multimedia Subsystem); and example, develops device interworking pro-In our example scenarios (Box A) Mr. and UPnP and DLNA. files for home-based media-sharing services.1Mrs. Martin will expect specific features ofIt takes the best of both worlds and molds DLNA is based on the Universal Plug andthe remote access service. Opening a connec-them into one coherent solution. This solu- Play (UPnP) family of standards.2 UPnP tion into the home means opening a back tion, which does not require additional boxes also standardizes other services, such as thedoor into a network that is otherwise se-in users homes, reuses existing operator IMS control of home appliances. Now widely ac- cure by obscurity. And without end-to-endinfrastructure to authenticate users, to set up cepted in the industry, with more than 100 bandwidth and delay guarantees, the usersecure media sessions, to perform routing, devices being certified each month, DLNA experience suffers from contention in bothand (optional) to ensure the establishment of will soon enable interworking for all sorts of the home (LAN) and wide-area (WAN) net- end-to-end QoS. devices across home networks.works. This can translate into poor soundThe core element in this architecture is theOnce users have their media devices con-quality and pixellated artifacts in video sig-Home IMS Gateway (HIGA, Box B), a func- nected and running at home, they will soon nals. Over-provisioning the network is nottional block in the residential gateway thathas been under development at Ericsson since2005. HIGA is currently being standardizedin HGI, ETSI TISPAN and the Open IPTVForum.3-5 TERMS AND ABBREVIATIONS As an interworking function that residesin users homes, HIGA serves both as a ter- CEConsumer equipment PCEF Policy control and enforcement mination point for IMS signaling from the CPE Customer premises equipment function DLNADigital Living Network AllianceP-CSCF Proxy call session control functionoperator backend and as a UPnP peer to- DMC Digital media controller RAARemote access applicationwards the home network (Figure 1). HIGA DMR DLNA media rendererRACRemote access client provides control over the home network con- DMS DLNA media serverRADA Remote access discovery agentnection and enables devices residing inside DVR Digital video recorder RASRemote access server ETSIEuropean TelecommunicationsRATA Remote access transport agentthe home to connect to peers and services in Standards InstituteRCEF Resource control and enforcement the WAN using the IMS security and QoS. HGI Home Gateway Initiative function By using HIGA for remote access, operators HIGAHome IMS gateway RGWResidential gatewaycan deliver trusted connections with main- IGD Internet gateway deviceRTPReal-time transport protocol tained control over the managed network. IMPUIMS public user identity SDPSession description protocol IMS IP Multimedia SubsystemSIPSession initiation protocol ISIM LAN IMS subscriber identity module Local area networkUEUPnP User equipment Universal plug-and-playUPnP Remote Access NAS Network-attached storage VoIP Voice over IPThe UPnP Forum is in the process of stan- NAT Network address translationVPNVirtual private network OIF Open IPTV ForumWANWide area networkdardizing the UPnP Remote Access architec- QoS Quality of service WiFi Wireless LAN ture. The specification is close to approval,58 Ericsson Review No. 2, 2008

2. but not presently included in the DLNA in- teroperability guidelines.UPnP Remote Access specifies mecha- nisms that make it possible to extend the home network so that it logically includes remote devices outside the home LAN. De- vices may thus communicate among them- selves using UPnP procedures (specified, for example, in the UPnP Device Architecture).The main functional components of the UPnP Remote Access architecture are the Remote Access Transport Agent (RATA);and Remote Access Discovery Agent (RADA). These two components are applied in both the Remote Access Server (RAS) and Re- mote Access Client (RAC). The correspond- ing RATAs establish secure communication channels between remote devices and the home network, while the RADAs synchro- nize UPnP device information and content exchanges between RACs and the home net- work.At present, UPnP Remote Access cannot support QoS management over the wide-area link. It can only support best-effort delivery of media. Also, to exchange credentials dur- ing the initial pairing process, the remote ac- cess server and client must be attached to the same LAN. This effectively prohibits remote Figure 1 access devices in particular non-portable High-level Remote Access architecture. ones from establishing a remote access ses- sion with an arbitrary remote server.Ericssons goal has been to enhance stan- dard UPnP Remote Access functionality with support for setting up an IMS-basedfunctions as both the IMS User Agent and remote access tunnel. Non-IMS-enhancedtermination point of the virtual private net- RASs and RACs may still use the tunnelwork (VPN) tunnel in the home (Figure 2). establishment as described in the UPnP ar- For the flow shown in Figure 3, the mo- chitecture. The proposed IMS enhancements bile device and HIGA must already have provide particular benefits in managed net- connected to and registered with the IMSFigure 2 work environments. Ericsson is also studyingnetwork. HIGA can therefore be reachedFunctional architecture. additional extensions that use IMS provi- through its default IMPU (for instance, sioning mechanisms to enable a remote pair- sip:martin-family@operator.com). Further- ing process between client and server.more, it is assumed that HIGA has, via UPnP ceremonies in the RADA listener, col- lected information about and built up a de- IMS-assisted remote vice database for DLNA-compatible devices in the residential network. In our example accessflow below, this database holds an entry for The main flow for establishing a remote-the NAS, which is assumed to support a access session is based on IMS and supports DLNA DMS profile. the UPnP/DLNA 2-box model. The remote access service is invoked between a Digital Phase 1: Connection request Media Renderer (DMR implemented in ourUsing his mobile phone, Mr. Martin wants scenario on a mobile device such as a mobileto access a video clip located on the NAS in phone or laptop) and a Digital Media Serv-his home network. The remote-access ap- er (DMS) in the home network. The HIGAplication on his mobile device sends an IMSEricsson Review No. 2, 200859 3. BOX A, USE CASES 3-box streaming: 2-box download: Ordinarily, Mr. Martins commute to work takes about 30 minutes, but Mrs. Martin unexpectedly runs into an old friend while shopping in today the roads are packed. He pulls out his phone and logs on to town. As the two begin talking about their summer vacations, Mrs. his media portal. He then selects his home server as source and the Martin pulls up some images from her home media server and dis- car stereo for output. Music from his favorite playlists is immediately plays them on her phone. streamed to his car speakers. 2-box upload: 2-box remote control: Having no recent photos of her friend, Mrs. Martin uses her phone toMr. Martin, realizing that hes going to miss the Champions League take a snapshot of the two of them together. She then uploads the final due to a late customer meeting, logs on to his home server from image to a digital photo frame at home, annotating it with a messagehis laptop. With a few simple clicks, he programs his digital video to her husband: Ill be out a little longer than expected!recorder (DVR) to record the match. 2-box remote control: 3-box streaming: A few minutes later, Mr. Martin receives a message on his phone Finishing work rather late, Mr. Martin and some colleagues decide indicating that somebody has rung the doorbell at home. Mr. Martinto watch the Champions League final at a friends place. Using his connects to the door system to find that the visitor is his son, whomobile phone, Mr. Martin connects to his home server and directs the forgot his keys. Mr. Martin approves entry and the door opens.recorded game to be played via his friends big-screen TV. 60 Ericsson Review No. 2, 2008 4. INVITE message to HIGA, which au- thenticates the request by comparing the P-Asserted-ID (inserted by the home opera- tor in the INVITE message) with the values of allowed user identities. In short, home ac- cess control is delegated to established IMS mechanisms, whereas the user (Mr. Martin) maintains control of the access control list. Optionally, the operator backend can man- age access control and operation.The session description protocol (SDP) in- cluded in the IMS signaling, is used to in- form the RAS and RAC of the IP addresses and ports for the remote access tunnel. It is also used to negotiate VPN profiles and the key management protocols used to establish the tunnel. This negotiation ensures agree- ment on a common secure mechanism sup- ported by both HiGA and the remote client. It also allows for continuous updates as new security schemas emerge.Phase 2: Peer-to-peer VPN setup over Figure 3 the IMS media planeMain flow for session set-up between remote device, HIGA and home NAS. Once Mr. Martin is successfully authenticat- ed and authorized, the remote client sets up a secure media control session between itself and HIGA.For tunnel setup, UPnP Remote Ac- cess specifies an out-of-band connection- establishment procedure. Ericssons solu- tion employs a corresponding connection- establishment profile based on operator- managed IMS network procedures, with HIGA functioning as the VPN server. After tunnel setup, the connection between Mr. Martins remote device and the NAS in the home network appears as a local UPnP con- nection.Phase 3 UPnP discovery Because UPnP was originally designed for BOX B, HOME IMS GATEWAY use in local area networks, there are some challenges associated with extending it forThe Home IMS Gateway (HIGA) is a logical function that collects information about users, de- use in wide area networks. For example,vices and services in the home, and manages IMS sessions on behalf of non-IMS-capable home the UPnP device-discovery mechanisms are devices.HIGA is registered to the IMS core based on secure authentication, for example, using a soft based on the exchange of multicast mes-or hard ISIM with a family identity. Through a back-to-back user agent (B2BUA) and a SIP user sages that internet routers typically discard. agent (SIP UA), home devices can interact and interwork with the IMS core. SIP devices that con- UPnP Remote Access solves this by filteringtain a SIP UA, such as a VoIP phone, can directly register with HIGA. The B2BUA then translates relevant messages in the remote access serverSIP control signaling into IMS-specific messages that it relays to the IMS core.For IP devices, such as DLNA-compatible media servers and renderers, a SIP UA inside HIGA and by forwarding them to remote peers via acts as a proxy. To support remote access, HIGA deploys a Remote Access Server (RAS) and unicast. (optionally) a UPnP control point for QoS policy control in the home network.By applying the standard UPnP RADAHIGA functionality can be deployed anywhere in a users home network. From a practical per- mechanism for synchronizing Mr. Martins spective, it is easiest to co-locate it with the users residential gateway (RGW) that is, with the remote mobile client with the remote ac- router in the home. While it is possible to manage network address translation (NAT) and firewallcontrol through the use of the UPnP internet gateway device (IGD) profile even when HIGA and cess server (co-located with HIGA in Figurethe gateway are not co-deployed, co-deployment avoids relying on this interface, which is con- 2), the mobile device can retrieve a list of sidered insecure in IGD v1.0. It also makes provisioning and firewall management more natural, home media servers and their UPnP servicesince the HIGA-gateway combination serves both as operator termination and entry point.Ericsson Review No. 2, 200861 5. Figure 4 End-to-end QoS control for IMS-assisted remote access. descriptions. RADA is also used to dynami-In the example flow, Mr. Martins remote-with managed QoS. Assisted by IMS, HIGA cally inform remote clients about device up-access application sees the need for a QoS can prevent unauthorized file sharing and dates, for example, when a media server isupgrade from the existing best-effort con- unlawful access to content, since content re- switched on. Given the IMS identity of thenection and issues an IMS re-INVITE or a questors and providers can be identified in a remote user, HIGA can be configured tosession UPDATE to the IMS network andtrusted manner. perform additional filtering of UPnP devicesMr. Martins HIGA. Based on the session In a 3-box remote access or placeshift made available to the remote client.description protocol (SDP) in this SIP mes-scenario, remote DLNA media renderers sage and the confirmation from HIGA, the (DMR) are used as the endpoints of remote Phase 4 Content selection IMS Core provides the policy and resourceaccess sessions for instance, when Mr. Mar- Mr. Martin selects his home NAS as contentcontrol and enforcement functions (PCEF/ tin accesses content from his friends TV (Box source, browses through the list of available RCEF). Optionally, to ensure full end-to-end A). While the secure control channel is es- media items (based on the UPnP Contentquality of service, UPnP QoS managementtablished just like in the 2-box case between Directory Service profile), and selects a video may be applied in the residential network, the mobile client (now functioning as a digi- clip either for download or streaming. Thethereby bridging the QoS management pro- tal media controller, DMC) and HIGA, the UPnP/DLNA control points manage all me- cedures on the WAN and LAN sides through media session must now be set up between dia access and trickplay functions. HTTPHIGA.the DMR in the TV and the home network. (the default transport protocol in DLNA) asIn this case, the remote access client is only well as RTP (optional in DLNA) can be usedPhase 6 Content playoutused to authenticate and authorize the DMR, to transport media through the VPN con- The video clip is played on Mr. Martins mo- and instructs HIGA to set up a VPN tunnel nection over the IMS media plane. bile device. that it can use to deliver the media.Phase 5 IMS media plane QoSStandardization upgrade Placeshift 3-box remote UPnP does not support QoS management The UPnP Forum and DLNA have made beyond the home LAN. However, one can access good progress in delivering standards for support the requirements that real-time-Apart from setting up an authenticated, au-interoperable consumer equipment. So far, critical media services put on delay and band-thorized and secure tunnel with a mobile however, support is limited to services in width by applying standard IMS procedures,remote device, HIGA can, in the same way,the home network. A standardized solution which facilitate QoS control between the re-facilitate connections between two homes,that enables DLNA devices to access wide- mote client and HIGA (Figure 4).effectively creating a peer-to-peer networkarea services without the need for specialized62Ericsson Review No. 2, 2008 6. telecommunications software offers a signifi-be fully compliant with UPnP RA and cant value-add to the consumer equipment to ensure broad acceptance for IMS-based industry and paves the way for economy oftunnel establishment in the CE industry, scale and market uptake. Ericsson is actively participating in UPnPIn Ericssons approach, the Home IMSForum and DLNA standardization. Gateway (HIGA) provides a generic mecha- nism for connecting consumer equipment to IMS-based operator infrastructure, andConclusion via a virtual private network (VPN) to re- In an all-connected world, remote access is mote user equipment. Although any type ofa key scenario. The simple user proposition service can generally be supported through is that user-created and commercial content such a tunnel, we outline how one can real-will be available anywhere, anytime and on ize UPnP Remote Access with the help ofany device. Remote access also applies to oth- IMS. er application areas, such as home monitor-HIGA is currently being standardizeding & control and sensor networking. in the Home Gateway Initiative (HGI) andEricssons solution consists of an architec- ETSI TISPAN.3-4 In TISPAN, Ericsson is ac- ture that enables secure remote access with tively engaged in the standardization of cus-telecom-grade performance. The solution tomer premises network equipment thatbuilds on the IMS standard for user authenti- supports, for example, IMS Multimediacation and authorization, for routing remoteTelephony and IMS-based IPTV; and access control messages, and for negotiating defines requirements and the architectureend-to-end QoS. What is more, the architec-for next-generation customer networkture is fully compliant with the consumergateways and services, including remote equipment industrys standards for media-access. sharing services. HGI is defining requirements for coming Ericsson has, together with Sony and Sony generations of residential gateways that willEricsson, demonstrated the described target serve as a hub between a home network andsolution at leading industry events such as a remote environment. Ericsson has a driving GlobalComm 2006, IBC 2006, Broadband role in HGI. World Forum 2007 and Mobile World Con-The UPnP Remote Access standard sup-gress 2008. The solution is now being pre- ports the coexistence of various tunnel-setuppared for consumer trials with key operators mechanisms in the remote access server and and leading consumer electronics and gate- client. Ericsson is defining profiles suitable way partners. The architecture is also being for IMS-based tunnel setup, allowing the brought forward in standardization, in par- client and the server to negotiate securityticular within ETSI TISPAN and the Home schemas for the tunnel. For the solution toGateway Initiative.REFERENCES 1. DLNA: http://www.dlna.org/en/industry/home2. UPnP Forum: http://www.upnp.org3. Home Gateway Initiative: http://www.homegatewayinitiative.org4. ETSI TISPAN: http://www.etsi.org/tispan5. Open IPTV Forum: http://www.openiptvforum.orgEricsson Review No. 2, 2008 63