Security and planning document for VoIP

NIST (National Institute of Standards and Technology) has a special publication, 800-58, released January 2005, entitled Security Considerations for Voice Over IP Systems. Go to the NIST publications page and search for 800-58. (Or go directly to the PDF.) The 93-page publication is a great resource for planning a new VoIP installation or reviewing security measures on an existing system. In addition to security recommendations, it has good technical overviews of major VoIP protocols (H.323, SIP, MGCP) and network design considerations.

What happened last week?

I picked a good week to go on vacation.

VoIP users–specifically, Unity voicemail subscribers–at Penn State received e-mail notices from Saturday the 18th through Tuesday the 21st that voicemail services were unavailable. Here’s some more technical information as to what happened.

Unity uses Microsoft Exchange as its back-end message store. PSU’s configuration of Unity is voice-mail-only (VMO), meaning that the Exchange part of the system is completely hidden from and inaccessible to the user. (A more popular configuration of Cisco Unity is unified messaging (UM), where Unity is integrated with a company’s Exchange mail system; users see both e-mail and voicemail (as attached sound files) in their Outlook inbox, and can also manipulate both voicemail and e-mail through the telephone interface.) When the Exchange message store goes offline, callers can still leave voicemail, but it doesn’t get delivered to a subscriber’s voicemail box until Exchange is up and running again. Last weekend, one of the two Exchange servers that serve Unity experienced a full mailstore disk, leading to some corruption of the Exchange database which, I’m told, took a while to repair. Subscribers whose boxes were on that particular server wouldn’t have had access to them during the repair time. But one of the great features of Unity is that it stored those new incoming messages until that Exchange server was back up, at which time all the new messages were delivered. No messages were lost.

Mobile Communicator presentation

I attended an online seminar today on Cisco’s Unified Mobile Communicator, Cisco’s plan to put the “unified” communications environment (corporate directory, phone, voicemail, presence, conferencing, and e-mail) all on your data/application-enabled cell phone.

You can view the product information for Unified Mobile Communicator here.

Two things make this solution unattractive.

One, it’s tightly-coupled and Cisco-proprietary. It’s locked in with Cisco’s products–Unity unified messaging, Meeting Place, and of course Call Manager. What if I want to connect to another voicemail or e-mail server? And from what I can tell from the presentation, it’s not using standard protocols such as SIP or IMAP to communicate with home base.

Two, it requires a big pile of new hardware in the datacenter to make it work. This needs to be integrated into the individual component servers (Unified Communications Manager/CallManager, Unity, MeetingPlace).

The first thing will keep Penn State away from this mobile communications solution. Penn State does not use unified messaging (our Unity setup is voicemail-only) which removes both the VM and e-mail functionality. We don’t use Meeting Place. What’s left then besides having voice capabilities? Yes, your cell phone already does that. Forward your VoIP phone to your cell and be mobile.

Mobile users at PSU can put together a suite of tools for their data-enabled cell devices to send and receive e-mail (POP/IMAP), instant-message (various protocols), and search the corporate directory (LDAP) but are for now without a way to tightly integrate with the campus PBX or voicemail.

Voice-over-IP at Penn State: Foreword

At the next Bloggers Anonymous meeting: My name is Bill and I started a technology blog. (Everyone nods and says “mmm” to indicate understanding.)

Working in operations, Telecommunications and Networking Services, I spend much of my day in the nuts and bolts of our VoIP phone system. I would be called a “data guy” rather than a “voice guy” as my role and prior experience are in computer systems administration — Windows, Unix and unix-like operating systems, and networking. Of course, the line drawn between voice and data is now almost non-existent. Voice-over-IP, over a decade old but ever-evolving, is still a hot technology, and Penn State is really at the front of the pack as an educational institution with such a large-scale (about 11,000 VoIP telephones at this time) deployment.

I’ll be writing in this blog about the technology involved in PSU’s VoIP telephone system (primarily Cisco), stuff I’ve written to enhance the user experience, tools I’ve found useful, my home VoIP setup (Asterisk), and other related topics.