Perhaps your business has made the decision to upgrade to a premises-based IP telephony system. The question is: which route is best, proprietary or open source? Does your business choose a well-established supplier of proprietary IP PBXs or is it attracted to the often cheaper and more reactive route of an open source IP PBX? How important is the underlying hardware and software upon which your telephone calls will be made and received?

First we need to consider what is meant by ’open source’ in the context of IP PBX systems, so let us take an example: word processing applications, such Windows Word or Mac Pages, are proprietary applications as are nearly all the applications that a business will use on a day to day basis. That is, the behind-the-scenes source code cannot be amended in order to allow the implementation of any new features that may be required. This is an advantage is many ways as it is not often wise to allow anyone to amend software in this way – and therefore subsequently be responsible for retesting and supporting the amended version – as could be done if these applications were ’open source’. In other ways it may be a disadvantage, for example if a business really must amend the way an application works in order to suit special needs, this is not always possible when the software application is proprietary. In addition, as the development of open source systems is undertaken by a wide variety of people with a range of skill levels, and as open source software can run on relatively inexpensive off-the-shelf hardware, open source systems can be cheap. It’s a similar story for telephone systems: the operating system that controls an IP PBX’s may be amended, tweaked or re-written by anyone who chooses to do so – ‘open source’ – or alternatively, by design, it may not be modified – ‘proprietary’.

Open source IP PBX systems such as those based upon Asterisk, of which Digium-based systems have the lion share, have made some headway into the IP PBX arena. Although reputable proprietary systems often have a surfeit of functionality required by most businesses – such as click-to-dial, sophisticated in-bound call routing, automatic pop-up of CRM client details and the ability to make calls simultaneously via a number of interfaces – there is sometimes a need for businesses to tailor their telephone system in business-specific, non-standard ways. Or perhaps a business is forced to make cost the primary factor. So there can be a real and valid reasons to consider open source systems.

However, few open source systems are adequately able to support small to medium-sized businesses - certainly those who deem telephony as ‘mission-critical’ - as few systems can be scaled to cater for larger enterprises. Perhaps most important of all, fewer still can stand up to being rigorously tested and it’s often a challenge to obtain meaningful information on testing regimes and mean time between failure rates. In common with other open source applications, Asterisk-based systems are developed by a number of varying companies: there may be some advantages to this approach but these must be contrasted by the fact that no one system has significant enough market exposure to a large customer base over a protracted period of time. This can result in coding errors and security vulnerabilities remaining undiscovered and users finding themselves beta testers for what they may have been lead to believe were tested and released implementations.

For those businesses who feel they really must consider a highly-bespoke and non-standard telephony implementation it should be borne in mind that building and programming an Asterisk IP PBX is not for the faint-hearted; few businesses have the expertise to build a system in-house and so opt to purchase from Asterisk suppliers. In turn a robust support contract is needed which means making sure that the supplier that provides the Asterisk system is ’solid’ and will be around for the duration in order to provide any support you may require. Owing to the nature of open source systems there is rarely the option to rely on the back-up of a distributor or manufacturer. In addition, there are platform issues to consider: not every business runs Windows or uses PC’s.

Our best of breed premises-based IP PBX system from Zultys, however, provides client software that can run on a PC, a Mac OS X and Linux environment. This - coupled with the functionality, robustness and scalability that Zultys provide and their longevity and their many years of experience in IP telephony - makes Zultys our premises-based IP PBX system of choice. Long established since 2002 and developed in America’s Silicon Valley, Zultys are the best kept telephony secret in Europe!

Ask yourself this: would you be happy knowing that the software of the plane you’re flying on has potentially been amended by anyone when your life, and the life of everyone on the plane, depends upon its correct functioning? Or would you prefer for it to have been designed and tested by the manufacturer who built the plane? It is an extreme example perhaps but a parallel can be drawn here: telephone calls are often life-blood of a business.

Inexorably then, there seems to be a logical draw back to proprietary IP PBX systems, placing the open source systems to one side. Here at 500 we have considered open-source PBX systems - and we’ll continue to monitor the progress of Asterisk-based PBX systems and other emerging open-source IP PBX solutions - but of the three we have reviewed, all were ultimately found wanting. So, we must state that we believe that current open-source offerings do not truly provide mission critical business-grade telephony.

To find out further information on why or to talk to us on any other matter, please don’t hesitate to call us on 0845 0000 500.

Submit to:

As a mission critical service, 500 advocates that any IP telephony solution should be secure. As the take up and roll out of IP telephony increases in businesses, the issues of IP security will become increasingly important.

A recent article published in www.voipplanet.com, discussed the versatility and vulnerability of SIP technologies.

Although there are inherent vulnerabilities with standard PSTN and IP networks in general, this article concentrated on the inherent vulnerabilities of SIP technologies. These were:

• Network-borne attacks
• New SIP products code attacks
• Secure network & system configuration

Below are pertinent extracts. Regarding, network-borne attacks:

“existing network security measures can be used to help mitigate them. For example, firewalls can protect SIP servers and applications from Denial of Service floods, while LAN authentication methods like 802.1X can deter impersonation. Extensions are often necessary to satisfy VoIP-specific demands—for example, firewalls must process RTP without undue latency or jitter, while intrusion prevention systems need SIP attack signatures.”

Regarding, new SIP products code attacks (i.e.: attacks can be introduced during product development):

“…when the Oulu University Secure Programming Group (OUSPG) tested INVITE message processing by SIP agents and proxies, just one of nine implementations survived this relatively basic exercise.”

“Although the affected implementations have since been patched, this test demonstrates the likelihood of code flaws in newly released VoIP products and the importance of applying available patches.”

“SIP registrar/proxy servers are not the only devices that should be tested for security bugs. Applications and handsets/phones also deserve plenty of scrutiny.”

Regarding, secure network & system configuration:

“…security advisories recommend the use of ingress, egress, and broadcast traffic filters to block SIP messages sent to/from systems that should not do so. In networks that use VLANs to compartmentalize VoIP traffic, switches and access points should be configured to avoid VoIP hopping. The premise here is simple: the fewer systems that are exposed to SIP, the lower the risk of falling victim to SIP-based attacks.”

“Many VoIP servers and user agents are easily compromised as the result of basic configuration mistakes like failure to disable risky services or change default passwords. VoIP phones tend to be particularly vulnerable to mis-configuration because (a) they aren’t managed like ordinary desktop computers and (b) their debug and admin interfaces are frequently hidden or not well advertised to end users.”

In conclusion,

“The trick is to proactively identify and eliminate security holes before hackers get a chance to exploit them. Start your vulnerability assessment with conventional network security tools like port scanners and application banner grabs. But don’t stop there—pursue SIP-specific tests that can uncover the vulnerabilities described here and many others.”

It can be a challenge to find an IP telephony service provider that adequately considers security within their provisioning. However, here at 500 we take security seriously. Businesses can be rest assured that when assessing network capabilities and recommending an IP telephony solution, the issues raised in this article have been considered and addressed: from SIP endpoint encryption to ISP provisioning for voice-only calls that do not ‘touch’ the public internet.

Article courtesy of www.voipplanet.com, 15/05/08.

Submit to:

The migration to IP telephony continues. Synergy Research Group has reported, for Q1 2008, that traditional PBX sales are decreasing as IP telephony becomes more attractive to the SMB market.

The worldwide enterprise telephony market is growing 4.0% year-on-year, with the fast growing segments being IP phones (14.8%) and enterprise IP telephony (11.7%).

Many small and medium businesses are realising the benefit of migrating to an IP telephony solution: they are able to consolidate their voice and data networks, consolidate their personnel across many sites and gain a greater competitive presence through the feature-rich functions available through IP telephony.

If you are thinking about migrating your business telephony then please refer to our products and services sections or simply call us on 0845 0000 800.

Submit to:

Smartest IP Phone System Graduates with 4.0

Graduation time is a major milestone in the life of a student, and Zultys Technologies, the premier developer and manufacturer of pure SIP communication solutions, is very pleased today to announce that it has reached a significant milestone of its own.

Zultys, the company that brought the first pure-SIP, standalone communications solution to the marketplace back in 2002, now marks the commencement of a new era of interoperability and productivity with the arrival of MX Software Version 4.0. As the powerful backbone of the award-winning flagship line of Media eXchange (MX) servers - the MX250 and MX30 - this new build offers a feature-rich class of integrated services and opens the door of the Zultys platform to world-class manufacturers such as Polycom and Aastra Telecom.

“We believe this release speaks volumes about the power of the MX systems. It clearly defines our corporate strategy to implement technical developments and innovative engineering to gain mindshare in the SMB space,” said Vladimir Movshovich, VP of Technology, Zultys Technologies.

ZIP 5xi Integration

The pinnacle of v4.0’s improvements is full integration and support of Zultys’ new ZIP 5xi line of advanced SIP-based IP phones and expansion modules. Designed and engineered by Aastra Telecom, the new ZIP 5xi line is the perfect complement to the MX30 and MX250 systems:

• ZIP 51i - 3 Line x 16 Character display, 1 call appearance with transfer capability
• ZIP 53i - 3 Line x 16 Character display, 6 programmable keys, 9 call appearances
• ZIP 55i - 144 x 75 pixel backlit LCD, 6 soft keys & 6 programmable keys, 9 call appearances
• ZIP 57i - 144 x 128 pixel backlit LCD, 30 programmable keys, 12 soft keys, 9 call appearances
• ZIP 57i CT - As per ZIP 57i plus integrated W-DECT cordless handset
• ZIP 536M - Expansion module with 36 programmable keys, LED status indication
• ZIP 560M - Expansion module with 60 programmable keys, LCD based labels, LED status indication

Integrated features include:

• Multiple line/call appearance keys with in-use LED indications
• Comprehensive Busy Lamp Field (BLF) support
• Programmable function keys
• Intuitive, user-centric screen menus
• Full duplex conference quality hands-free operation
• Built-in headset jack
• Multi-key expansion modules available
• Embedded XML browser
• Full GUI-based configuration via MX Administrator
• Supports 802.3af Power over Ethernet (PoE) and AC wall adapter
• Provisioning, Park, Pickup, Page and Busy Lamp Field (BLF) operation

Additional Features and Enhancements

Version 4.0 also offers increased functionality for the remote user. For example, administrators and supervisors now have the ability to assign users from the most remote MX systems to any local group, enabling inbound call centers or operators to offload peak calling volumes or extend work hours across multiple time zones.

Version 4.0 also enhances the integration between its MXIE UI and Microsoft Outlook, enabling increased unified communications based on with this widely used email client. System control can now be shared between the MXIE interface and the phone itself through enhanced DTMF operations. Mac support is expanded to improve interoperability with new Intel-powered Mac clients.

Press release by Zultys, 14/05/08.
Back to top ^

Submit to:

Session border controller manufacturer Newport Networks today reveals that managing quality of service is seen as the biggest obstacle to IP-based voice calls (VoIP) ahead of security and billing concerns, according to a recent poll of telecoms industry delegates at networking software event, SofNet. The results indicate that VoIP adoption rates are expected to slow if operators and service providers do not take steps to ensure quality as well as address security concerns for VoIP services.

A surprising 60 percent of delegates believed that VoIP is ‘reasonably secure’ with 1 in 10 considering it to be secure with just 30 percent believing it to be insecure. These figures are interesting considering that the majority of SIP based VoIP services do not use encryption. A significant majority (60 per cent) of delegates surveyed believe that service providers should be responsible for security, followed by 35 per cent feeling that both the service provider and subscriber should be responsible, and 5 per cent believing that it should be the sole responsibility of the subscriber.

When asked what they thought was the biggest threat to continued adoption of VoIP, nearly half of experts surveyed (43 per cent) named quality of service, followed by identity theft (28 per cent), lack of interconnect between services (20 per cent), and denial of service attacks (9 per cent). The majority (65 percent) of delegates predict that a two-tier VoIP billing model will emerge with service differentiation based on quality and price. Another 35 per cent of delegates think that more end-users will be willing to pay more for VoIP security as awareness of potential risks increases.

Dave Gladwin, VP of Product Marketing at Newport Networks comments, “It is clear that operators and service providers need to take action now to address fundamental issues such as quality of service and security to ensure they continue to retain or increase their market share. It is interesting to see that delegates placed a higher value on quality of service over security and billing concerns, pointing towards a need for better managed, robust IP networks to meet demand.”

Article courtesy of Comms Business News, 16/05/08.

Submit to:

Keep your business advantage by staying up to date with the most important issues regarding IP telephony by subscribing to our free RSS news feed. We only post important and relevant information - authored in-house and sourced from reputable trade journals. Subscribe now.

Submit to:

The first phase of our website was released in April as scheduled. Many thanks to Matt and his team at Attitude Design for all of their dedication and hard work.

During the next few months we’ll expand the text of the website: it’s currently summarised in some areas (e.g.: Products). We plan to add add more animations and information about what we do and how we can help your business.

Perhaps you have a view on our website? Does the site give you an idea of what we do? Does it convey how we are different from other providers? Do you think it educates you on the basics of IP Telephony? What do you think is the message given by the animation on the home page and what does it say about what we do? What do you think about the animation in general? Visitors to our website are more likely to be male than female and will be a mix of those who are technically minded and those who are key decision makers - do you think the website is appropriately focused on our target?

We value your comments so please do leave a reply. Thank you!

Submit to: