Category: Business Voip

Hosted PBX? CISCO Voice in a Router? (BE6K-S)

Posted on by DrVoIP

The economics of a “hosted” or “cloud” based data and voice service is generally based on moving costs between the hosted provider and your office. The most dramatic example is the cost of the Internet connection. There is an inverse relationship between bandwidth and the equipment location. The more voice and data services that are hosted or cloud based, the more bandwidth you will need to interconnect them to your office. Regardless of which model you go with, however, there are requirements for your “must have” premise equipment that will not change. For example, if your VoIP system is “hosted” in the “cloud”, or if it is located at your office premise, you will still need the very same list of computer network equipment. The equipment requirements for a Firewall, Router, Network Access and Control System, Power over Ethernet switches and phones will exist regardless of where the applications are hosted.

CISCO seems to continually push the marginal cost of adding phone service to that equipment list lower and lower each year. The CISCO Unified Communications Manager, including a fully featured Unity Connection voice messaging and VoIP Paging system with Jabber and presence can now be installed within your network router! If you have an office with less than 150 users and 300 devices, the marginal cost of adding CISCO Unified Collaboration features is basically the software license for the ISR-2900 series router that you will need to purchase anyway! Remember, with the hosted solution you still need to purchase phones and PoE switches to power those phones! Your local area network requires a router to interconnect it with the Internet to reach your service provider. Why not get a router that can act as your firewall, offer advanced intrusion detection and threat protection, and also provide a full range of Unified Communications features?

BE6K-S

The BE6K is essentially the same Unified Communications Management and Collaboration solution that is provided in a family of CISCO Collaboration solutions built around the CUCM that ranges upwards of 30K end points! It provides advance phone system features, voice mail, and includes the Prime Collaboration Deployment tool to enable ongoing adds, moves and changes after your system is installed. Jabber enables you to stretch your office extension to anywhere you can carry your smartphone or Ipad! Optionally features include Teleconferencing and Unified Contact Center Express functionality. So what is there to think about?

For the technically oriented business manager, the Unified Communications functionality is running on a VMware ESXi engine installed inside the CISCO router. The normal CISCO router functions are augmented with a single slot blade server, the CISCO UCS E160D, 6 core, 2Ghz 16 GIG Ram processor that supports ESXi. Take a look at this screen shot!

VMWareCISCO

Think of the possibilities! Only a true geek could get this excited but really, VMware running inside a router!

The sad sound of a silent voice

Posted on by DrVoIP

Since late 1998, I have had the pleasure of working with the wonderful folks at OnHoldAdvertising!  The husband and wife team of Brent Brace and Karen Kelly have produced literally millions of voice prompts for thousands of systems throughout the American Business Communications landscape.  Karen can be heard on more automated attendants and voice mail systems in this country than we have touch tone keys to push!  Behind the scenes, unless you required a superior male voice artist, was Brent working away tirelessly as the editor and producer.  They brought “a human voice to a technical wilderness” and great joy to those they worked with.

brent

Brent had been fighting one of those long term muscular and neurological diseases for years, but not once did you ever hear him complain about it.   A Vietnam Veteran,  Brent soldiered on, and built an outstanding business, and a greatly admired professional reputation.  Most recently in the Denver area where he and Karen had relocated from Southern California, he had been teaching voice artistry workshops.  Brent entered Hospice at home a few weeks back, yet he was still directing our voice production!   Unfortunately, Brent passed away in the early morning of this Memorial day weekend. We will miss his voice forever!  Our heart is heavy and we are again reminded that “business” is conducted by “people”.

Karen will continue the wonderful work of On Hold Advertising but will need some time to process all that has happened this year.  If the voice these folks have produced has touched your life, please send Karen a note of care and consolation.

“Soft and safe to thy my brother, be thy resting place.”

 

Network Security begins with an “Acceptable Use” Policy!

Posted on by DrVoIP

Most folks seem to understand what a firewall is and why it is so very important. They intuitively understand they need something between the “trusted” internal computer network, and the wild west we call the Internet! The installation of a firewall is generally something all business do, from the wireless network at the local coffee shop, to the medium size law firm and the giant multinational distributed enterprise. The barbarians are at the door, but with a firewall we all feel protected! The largest percentage of cyber security risks, however, do not come through the front door and your firewall will never see them enter. The largest risk to the security of your network comes from the employees and guests allowed, either connected by wire or wireless, to attach to your corporate network.

As a CISCO Certified Security Professional, DrVoIP does a great deal of work in the area of computer network security. When called on to do a “Security audit”, “voice readiness” or “network assessment”, the first question we ask executive management is where is your AUP? After all, we can tell you what protocols are running around on your network, and even which user is consuming the most bandwidth. We cannot, however, tell you if they are allowed to use that bandwidth! The creation of an “acceptable use” policy (i.e., AUP) is an essential first step in network security. The AUP communicates to all network users what is supported and what applications are allowed on the network. It describes what is acceptable regarding personal email, blogging, file sharing, web hosting, instant messaging, music and video streaming. It defines what activity is strictly prohibited on the network and clearly outlines what constitutes “excessive use”. The computer network is a valuable corporate asset and as such, it needs to be valued, protected, and secured.

Does your company have a network access and authentication policy? What is the “password” policy? Do you even 0need a password to use the company network? Can anyone just come in and plug whatever phone, pad or computer device they happen to have into the company network? What is the data storage and retention policy? Do you allow VPN tunnels that extend your company network to a home office or coffee shop? Do you allow your users to connect third party provided equipment to your network? Is it acceptable that Bob just added a hub to his office network connection so he can plug in his own printer? How do we feel if Bob plugs in his own wireless access point? Do we have a “guest” network and do we let those folks know what is acceptable on your network?

What are the legal ramifications and liabilities you are exposed to if you are providing a computer network as part of a lease agreement? Are you liable for damages if your computer network is unavailable or “down for any reason? If Home Land Security shows up because your company’s public IP address was traced as originating a terrorist treat, do you have the user agreements in place to mitigate the costs you are about to incur defending your good name and reputation?

Computer network security is more than a firewall. A computer with an Ebola virus, Adware or nefarious RAT (remote access terminal) will infect all computers on your network, threaten your corporate data and render your firewall as useless as a screen door on a submarine. If your company has taken the prudent step of providing a Human Resource or employee manual that spells out the company’s position on work force violence, sexual harassment, vacation day accrual and drugs in the workplace, why don’t you have a manual that defines the acceptable use of your most vital corporate assess, the computer network?

Contact DrVoIP@DrVoIP.com and ask us to send you a sample AUP!   We can assist with the creation of an acceptable use policy that makes sense for your company and your employees while protecting your valuable communication and collaboration asset, the company Intranet!  Then and only then can we do an effective “network assessment”. – DrVoIP

V14 Trouble Shooting ShoreTel SIP

Posted on by DrVoIP

ShoreTel SIP is just not that hard to configure! When things go right, and it all works, it is relatively painless and very easy.   When things don’t work however, you will need to sort out the problem and figure out how to make it work.   The good news is that SIP is a clear text, english like “requests” and “response” message exchange that, once understood can be relatively easy to work with.   Using packet capture tools like Wireshark can be a real assist.   ShoreTel has built “remote packet capture”  into the V14 diagnostic portal and makes debugging sip issues even more easy to digest.

The message exchange for SIP “extensions” is not much different than that for SIP “trunks”.   So to learn SIP why not study a successful SIP connection first, before diving into a debug session.  What we have tried to do in this tech tip, is to illustrate the process of a SIP extension registering with a ShoreTel proxy server.   We picked a configuration that is comparatively complex, but not unlike one that you might find in the real world.  SIP extensions can unit remote office workers into a seamless call handling workgroup.  As such your remote worker will traverse a couple of firewalls and routers on its way to the SIP proxy.

In this configuration we register a SIP soft phone, remotely from the ShoreTel HQ site, over a site to site VPN tunnel.    The VPN tunnel is between a CISCO ASA and a SonicWall TZ250.  We note that 90% of the SIP issues we see having nothing to do with the configuration of the ShoreTel equipment and everything to do with the network devices, routers, switches and firewalls that are part of the SIP solution.  Small business solutions, for example,  tend to bring the SIP trunks into the phone system over the same connection they bring in their internet connection.  This means the SIP trunk is passing through the firewall, another most likely candidate for inducing a SIP failure.

This tech tip walks you through a successful SIP registration of a remote soft phone.  In our next tech tip, we will walk you through configuring a SIP trunk through a SonicWall and then look at fixing some broken SIP connections!

A ShoreTel Workgroup is a Contact Center for the rest of us!

Posted on by DrVoIP

We have been working around the call center space for a long time.  Actually, it is our first love! Does everyone need a full blown Contact Center?   If you have a real boiler room operation, with shifts of agents that are heavily manged, counted, recorded, measured complete with staff forecasting and multiple channels of client communication, yes you need an Enterprise Contact Center.   As Arlo Guthrie might say “what about the rest of us”?   The small to medium size business that is really not cracking the whip on customer service agents, but making efficient use of “knowledge workers” who often participate within a group setting.  How do we organize customer calls to this group?

A techncial support group or an order entry group might be a good example.   By grouping these folks into a “workgroup” we can funnel calls to them in a call center like fashion without the call center overhead of application servers and third party middle ware.   ShoreTel has an embedded call center like feature aptly named “WorkGroups” that is an ideal solution for this environment.   You can organize a group, route calls to group members and even queue the call until a group member becomes available.   While callers are in queue, you can organize the messages they hear, the time they wait between care messages and you can also provide “bail out” options at each step of the way.

The workgroup can be reached as a menu selection off of an automated attendant or have a phone number assigned that enables outsiders to call directly to the workgroup!   The workgroup can have an operating schedule applied that routes callers to alternative answer points if the group should be reached after hours.  Group members can Log in and Log out of the workgroup using their ShoreTel Communicator and still maintain their personal extension number and mailbox.  While logged into the workgroup, they can share the group voice mail box and see callers waiting in queue!  Supervisors can monitor the callers in queue and manipulate resources to meet call demand.   Reporting statistics on the group are maintained and easily obtained by the workgroup supervisor or administrator with reporting permissions.

We are now even making it possible for Callers to TEXT into your workgroup!  Group members can even email back a TEXT message!

The ShoreTel Workgroup strategy is a powerful call center like functionality and very cost effective.    The marginal cost of adding agent and supervisors license when you plan to implement a ShoreTel iPBX when compared to adding a complete Enterprise Contact Center is amazingly low!   We would be happy to explain the difference between a Workgroup and the ECC, so just contact us for details!

TEXT the keyword “workgroup” along with your name or email to 702-956-8700 and we will respond immediately!

 

 

VPN’s and VoIP – Getting economical “full mesh” Connectivity without MPLS!

Posted on by DrVoIP

We see a lot of VoIP deployments that come to us for trouble shooting.  A common problem statement is that our HQ site can call both Chicago and Dallas, but Dallas and Chicago can’t call each other.  Savvy network administrator will have figured out that there is a routing issue, but how so?  Clearly HQ knows how to reach each remote site and the remote sites know how to reach HQ, so where is the break down!   At about this time, we learn they have VPN’s that provide tunnel connections to each location and we go clear!

The standard “tunnel” solutions include IP Security (IPSec), GRE, Easy VPN and the new “tunneless” Group Encrypted Transport VPN or  GET-VPN. Most folks make the mistake of picking IPSec for connectivity and being an inherently point-to-point technology, they end up with the problem statement summarized above.   Even a “hub and spoke” solution is not ideal unless we make it possible for “spoke to spoke” connectivity.   Ideally, we need to configure our VPN so Dallas can communicate with Chicago, without passing through HQ!

IPsec is really an encryption and authentication technology that enable secure communications through a public internet.  It is generally used in a multiple vendor deployments.   IPsec does not support any protocol other than IP,  so it can not be used with the routing protocols that might otherwise be used to solve our issue.   For this reason, many deployments will use GRE over IPsec.   GRE to address the routing protocol issues and the  IPsec to provide the security of authentication and encryption.  We are still however, in a point to point mode, or in heavy manual administration mode to configure a simple mesh!

The smart money is on “next hop resolution protocol or NHRP” used in strategies like FlexVPN, GETVPN or DMVPN.  These solutions provide a full mesh option while providing for encryption and data integrity.   In the problem statement above, had we installed FlexVPN, the Chicago and Dallas sites could communicate directly without having to route through HQ or hub.   We would have “spoke to spoke”  to communications!  As broadband becomes more widely accepted and bandwidth becomes less of an issue, we should see more VPN technology deployed in place or in concert with private network technologies like MPLS (GetVPN over MPLS is really kool).

Give us a call and we can noodle out what “full mesh” technology makes the most sense for your organization, both technically and economically!  We are here to help make the network!

 

A ShoreTel Communicator for the Mac?

Posted on by DrVoIP

We recently had an opportunity to work with a ShoreTel client that was exclusively using Apple Mac’s throughout their enterprise.   We asked how they made that decision given the clear cost advantage WinTel PC hardware had over your basic Macbook.   The answer was simple and clearly economic.   They had used Windows in the past, but found that they had to many problems with virus, email, drivers and the annual cost of license renewals! Yes the Mac’s cost more but they just seem to work and they don’t have to worry license issues.    Interesting.

This was a ShoreTel deployment so that made for some interesting trade offs when it got down to the desktop software.   The ShoreTel Communicator is optimized for the Windows based machines.    There are several license types for Personal, Professional, Workgroup Agent, Workgroup Supervisor and Operator Communicators.   With the Mac, there is only one Communicator and it has the functionality of the ShoreTel Web Communicator which is basically a Personal Communicator.

It does however get the job done as far as call handling modes, inbound primary phone options, multiple call management and visual voice mail.  You can setup your call handling modes including your personal operator and find me functions for each mode.  You can configure and select 5 alternative phones and setup your incoming call routing to include simultaneous ringing of other phones.   The visual voice mail tab works just like you would expect and you can also select a history and call details tab.

The noticeable difference is the absence of IM options.  ShoreTel had been suggesting the use of iChat for that function as that client was supported on the ShoreTel SA-100/400 conference servers.   In the Communicator there is always more than one way to do something: point and click, right click, use some chord sequence on the keyboard that includes the control key.   Right clicking on a Mac Communicator however is not going to work!  There is however, drop down menu options that appear as required to assist your call management.   All in all, the Mac client is an excellent solution if you have a Mac and a ShoreTel.  You can download the MAC dmg installation file from the ShoreTel HQ server and you are good to go!

ShoreTel iPBX phone system Training!

Posted on by DrVoIP

Phone Training is a double edged sword.   Everyone wants it  but nobody really wants to make the time commitment required to get comfortable with the new phone features that a system like ShoreTel brings to your  business.   Most folks figure it is a phone, how complex can it be?   That is true, ShoreTel phone are easy to manipulate and most features are intuitive.   There are however, a range of features that improve customer care, increase availability and enable you to achieve priority call management that are new concepts in business communications.   These features deserve some attention and the hour or so invested in learning about call handling modes, primary phones, simultaneous ring, follow me and custom call routing enjoy more than favorable return on time invested.

In addition to basic user training (we have to find another word to replace user, sounds like drug addict) ShoreTel has applications that also require training.  For example if you have an Enterprise Contact Center or a Work group environment, you will need to provide instruction for your Agents and Supervisors.    Are you using CRM connectors like Salesforce and Microsoft?  Do you have a custom application integrated with your ShoreTel?  Maybe the Recording or 911 application?   How about the Mobility server?   Are you using the iPhone and android aps?  Finally, all of these system need an educated System Administrator to handle adds moves and changes, who is going to provide that training?

When it comes to the basic ShoreTel phone system,  typically we break user training into basic phone handling and save the Communicator as a separate session.   Not everyone needs to learn Communicator, but everyone in the enterprise needs to know the basics phone function if they are going to be effective come “go live”.   How to setup your voice mail, assign your extension, manage multiple calls, transfer, conference and park are essential tricks that all employes should learn.   Generally, this is a 30-45 minute session and groups of 10 people around five handsets with an instructor using a projector for the call manager is a minimum training environment.  Like wise, to get through the Communicator, it will take another 45 minutes.   If you have to train several hundred people, over multiple sites, training is going to be a significant time investment and several days of Per Diem for an instructor on site!

We have found that web based training can be very effective for all of the various types of users that need to better understand these systems.    You can do large groups and a much lower cost without sacrificing the informational content.  Though we find mufti-media self paced training resources to be a very valuable as refrenece material or to help future new team members get up to speed, it is generally agreed that having an insturctor led webinar is a better solution.   The instructor can be aware of the specific configurations that uniquely define every deployment and can answer questions, propose feature solutions and generally help folks better understand the rich library of features they are about to make use of.  System Administration is without question easily done by web, as you are just going to log into a Shareware Director portal anyway!   No need for everyone to hurdle in the server room!

We can help you with distance learning solutions (or come on site) custom tailored to you deployment.  We can cover the full range of ShoreTel products and generally enjoy helping folks!   Give us call or  Text “ShowMe” to 15165197813 and we will setup a meet!

 

 

 

 

 

 

ShoreTel VPN or MPLS? What works and saves money?

Posted on by DrVoIP

An IPsec Virtual Private Network or VPN, is sometimes used as a backup route for a Wide Area Network failure.  VPN’s are typically deployed as a “tunnel” through the Internet and as such are “point to point” solutions by definition.  Unfortunately that will not get the job done for a VoIP deployment!  If you have ever deployed ShoreTel over a VPN in a multi site network that has more than two sites,  you will note that it has problems.  The first problem you will note  is that the Switch Connectivity display within the ShoreTel ShorewareDirector management portal looks like a Christmas tree.  Normally in a finally tuned network you should see all green in the connectivity display.  In an IPsec VPN network, using a “hub and spoke” implementation or “point to point” links you will see lots of Red and Yellow boxes and switch connectivity will be inconclusive at best.

Next, you will undoubtedly experience instances of “one way audio”. Again, this is because an IPsec VPN is a “point to point” solution, when you really require a fully messed solution that can handle more than unicast packet transfers. Additionally, as IPsec applies encryption based on a “shared key” so the two end points must possess the key! IPsec does not support Multicast or Broadcast and this make it less then desirable for a VoIP deployment. Unicast is when you address the source and destination IP address to a specific target device.  Broadcast is used when you must sent to all network devices because you do not know the destination address. Multicast is used when you send to a group of devices that monitor a target IP address for network management and service subscriptions. Using an IPsec point to point VPN might get your phones to register and enable you to make phone calls, but you will be plagued by network connectivity issues that will make your VoIP deployment problematic. Your technical support center or help desk phones will be constantly ringing with unhappy users and incomplete phone calls.

You don’t have to be a Network guru to understand a “hub and spoke” topology. All communications between devices at different sites (i.e. spoke end points) must traverse the hub site if they are to communicate between each other. This might work for unicast communication, but it is inefficient and invites disaster. For two sites (i.e. spokes) to communicate the have to go through the hub, unpacking and repacking, encrypting and decrypting, sharing keys before resending packets to the ultimate destination. Assuming you are using this configuration only as a backup during a real WAN disaster, this might be acceptable temporarily. Using IPsec VPN “hub and spoke” topology in a ShoreTel VoIP deployment, it is not very useful. We have two issues: first, IPsec does not support anything other than Unicast communication; and secondly “hub and spoke” is unworkable because “spoke to spoke” communication is required.

How do we solve this? Fortunately there are two strategies that fit the bill perfectly. First, GRE or ‘generic routing encapsulation’ should be used to support broadcast and multicast communications, a core component of any network deployment, especially those of a VoIP variety. Secondly, DMVPN or “dynamic multipoint virtual private network’ technology should be implemented to assure “spoke to spoke” communications. DMVPN, which employs mGRE (muti-point GRE) and Dynamic Next Hop Router Resolution protocol (DNHRP) technologies make it possible to deploy a ShoreTel VoIP solution over the public internet and achieve MPLS like connectivity at a fraction of the cost.  Given sufficient bandwidth, this should be more than adequate.

What about encryption you might ask?   ShoreTel, CISCO and most VoIP solutions provide encryption at the network and transport level anyway, so this component may not be needed.  If you are also moving data over this mesh, then you can use DMVPN in conjunction with IPsec to assure confidentiality, integrity and authentication (i.e. CIA).  The issue is that a fully meshed communications network is absolutely obtainable with VPN technology, but you have to implement the correct protocol to achieve the desired results!

WAN configuration is an exact science as is ShoreTel and CISCO VoIP technology. If you are fortunate to have that level of expertise in one individual or one vendor, then you are moving in the right direction with your VoIP deployment. If you need help in the WAN aspect of VoIP, then you need to call on DrVoIP. We can make the network.

Is there a RAT Virus in your phone system?

Posted on by DrVoIP

If you have a device on your network that you do not have root privileges for, then your entire enterprise is at risk for a Cybercrime! Do you want to know what a Trojan horse might look like? It might very well look like a Linux appliance provided by an outside manufacturer, delivered and installed on your network. This might be a network camera, firewall, phone system or monitoring device. As network security professionals we would never allow any device to be connected to our network, in which we did not have root administrative authority. IT Directors who budget for network security, intrusion prevention and detection and apply best practice to the care and feeding of their enterprise networks seem to overlook this very large potential security vulnerability. Every day, new networking equipment, appliances and hosts are connected to your network and nobody every questions the fact that you do not have root authority?

Most of the younger folks carrying an Android device have “rooted” their phone, why? Yet you will allow your company to install equipment for which you do not have root authority? Makes no sense to us? The fact is that most modern VoIP phone systems like those from ShoreTel and CISCO are delivered with key components built on Linux like platforms. These devices are placed on the network inside the firewall and perimeter security devices yet the root privilege is not available to the system owner. A very curious practice, would you not agree? Even if you have no clue about network security and hacking, would you allow someone to come into your place of business and install a “box” for which you have not access rights?

Anyone with root access could easily put programs on that appliance that could act unnoticed by network security devices. No virus protection would take note and the device would have complete access to the entire network. A common and popular hack is the RAT, a Trojan horse that can easily be placed on an unsuspecting users phone, computer, or other network device. These RAT’s or “remote access terminals” can be remotely controlled to turn on you microphone, camera and would have full access to all files and network resources. They become remotely controlled “bots” or computer zombies. The good news is that most modern virus protection will find these RAT’s if they are installed on a host computer. What about that appliance you just added to your network, the one you do not have root access privileges? You would never even know that RAT was there and you do not even have access permission to check!

Business owners, regardless of their personal level of technical savvy, need to question every device installed on their enterprise network. Who owns the box and who administers the box? Do you have root administrative authority on every device in your network? If not, why not?