Three ways to connect. You pick the one your security posture requires.

SIP signaling over TLS, media over SRTP. Your SBC or softswitch authenticates with a certificate, and every packet between you and us is encrypted. No tunnel, no dedicated circuit — it works from any location with decent internet. This is the right default for most customers who want encryption without re-architecting their network. Provisioning is same-day: you generate a CSR, we sign it (or you bring a public CA cert), and we whitelist your source IPs.

A site-to-site tunnel from your edge device to our SBC cluster. Everything inside — SIP signaling, RTP media, registration traffic — travels inside the encrypted tunnel, so your internal systems don't need TLS or SRTP support. Useful when you want full-tunnel privacy but don't want to manage certificates at the SIP layer, or when your PBX has patchy TLS/SRTP support. Works well for organizations that already run IPsec site-to-site for other services and want SIP to sit inside the same encrypted fabric.

A dedicated layer-2 or layer-3 interconnect — no public internet in the path at all. Common for banks, government contractors, and large enterprises with compliance requirements that rule out internet-based connections entirely. We peer with you at a carrier-neutral facility or over a private circuit you bring to us. Higher commercial minimum applies. Lead time is longer than the other methods because cross-connect provisioning depends on the facility.